use of org.apache.ofbiz.security.Security in project ofbiz-framework by apache.
the class LoginServices method createUserLogin.
/**
* Creates a UserLogin
*@param ctx The DispatchContext that this service is operating in
*@param context Map containing the input parameters
*@return Map with the result of the service, the output parameters
*/
public static Map<String, Object> createUserLogin(DispatchContext ctx, Map<String, ?> context) {
Map<String, Object> result = new LinkedHashMap<>();
Delegator delegator = ctx.getDelegator();
LocalDispatcher dispatcher = ctx.getDispatcher();
Security security = ctx.getSecurity();
GenericValue loggedInUserLogin = (GenericValue) context.get("userLogin");
List<String> errorMessageList = new LinkedList<>();
Locale locale = (Locale) context.get("locale");
boolean useEncryption = "true".equals(EntityUtilProperties.getPropertyValue("security", "password.encrypt", delegator));
String userLoginId = (String) context.get("userLoginId");
String partyId = (String) context.get("partyId");
String currentPassword = (String) context.get("currentPassword");
String currentPasswordVerify = (String) context.get("currentPasswordVerify");
String enabled = (String) context.get("enabled");
String passwordHint = (String) context.get("passwordHint");
String requirePasswordChange = (String) context.get("requirePasswordChange");
String externalAuthId = (String) context.get("externalAuthId");
String errMsg = null;
String questionEnumId = (String) context.get("securityQuestion");
String securityAnswer = (String) context.get("securityAnswer");
// unless the logged in user has permission to do so (same partyId or PARTYMGR_CREATE)
if (UtilValidate.isNotEmpty(partyId)) {
GenericValue party = null;
try {
party = EntityQuery.use(delegator).from("Party").where("partyId", partyId).queryOne();
} catch (GenericEntityException e) {
Debug.logWarning(e, "", module);
}
if (party != null) {
if (loggedInUserLogin != null) {
// <b>security check</b>: userLogin partyId must equal partyId, or must have PARTYMGR_CREATE permission
if (!partyId.equals(loggedInUserLogin.getString("partyId"))) {
if (!security.hasEntityPermission("PARTYMGR", "_CREATE", loggedInUserLogin)) {
errMsg = UtilProperties.getMessage(resource, "loginservices.party_with_specified_party_ID_exists_not_have_permission", locale);
errorMessageList.add(errMsg);
}
}
} else {
errMsg = UtilProperties.getMessage(resource, "loginservices.must_be_logged_in_and_permission_create_login_party_ID_exists", locale);
errorMessageList.add(errMsg);
}
}
}
GenericValue userLoginToCreate = delegator.makeValue("UserLogin", UtilMisc.toMap("userLoginId", userLoginId));
checkNewPassword(userLoginToCreate, null, currentPassword, currentPasswordVerify, passwordHint, errorMessageList, true, locale);
userLoginToCreate.set("externalAuthId", externalAuthId);
userLoginToCreate.set("passwordHint", passwordHint);
userLoginToCreate.set("enabled", enabled);
userLoginToCreate.set("requirePasswordChange", requirePasswordChange);
userLoginToCreate.set("currentPassword", useEncryption ? HashCrypt.cryptUTF8(getHashType(), null, currentPassword) : currentPassword);
try {
userLoginToCreate.set("partyId", partyId);
} catch (Exception e) {
// Will get thrown in framework-only installation
Debug.logInfo(e, "Exception thrown while setting UserLogin partyId field: ", module);
}
try {
EntityCondition condition = EntityCondition.makeCondition(EntityFunction.UPPER_FIELD("userLoginId"), EntityOperator.EQUALS, EntityFunction.UPPER(userLoginId));
if (UtilValidate.isNotEmpty(EntityQuery.use(delegator).from("UserLogin").where(condition).queryList())) {
Map<String, String> messageMap = UtilMisc.toMap("userLoginId", userLoginId);
errMsg = UtilProperties.getMessage(resource, "loginservices.could_not_create_login_user_with_ID_exists", messageMap, locale);
errorMessageList.add(errMsg);
}
} catch (GenericEntityException e) {
Debug.logWarning(e, "", module);
Map<String, String> messageMap = UtilMisc.toMap("errorMessage", e.getMessage());
errMsg = UtilProperties.getMessage(resource, "loginservices.could_not_create_login_user_read_failure", messageMap, locale);
errorMessageList.add(errMsg);
}
if (errorMessageList.size() > 0) {
return ServiceUtil.returnError(errorMessageList);
}
try {
userLoginToCreate.create();
createUserLoginPasswordHistory(delegator, userLoginId, currentPassword);
} catch (GenericEntityException e) {
Debug.logWarning(e, "", module);
Map<String, String> messageMap = UtilMisc.toMap("errorMessage", e.getMessage());
errMsg = UtilProperties.getMessage(resource, "loginservices.could_not_create_login_user_write_failure", messageMap, locale);
return ServiceUtil.returnError(errMsg);
}
try {
if (UtilValidate.isNotEmpty(securityAnswer)) {
Map<String, Object> resultMap = dispatcher.runSync("createUserLoginSecurityQuestion", UtilMisc.toMap("userLogin", loggedInUserLogin, "userLoginId", userLoginId, "questionEnumId", questionEnumId, "securityAnswer", securityAnswer));
if (ServiceUtil.isError(resultMap)) {
errMsg = ServiceUtil.getErrorMessage(resultMap);
errorMessageList.add(errMsg);
Debug.logError(errMsg, module);
}
}
} catch (GenericServiceException e1) {
errMsg = UtilProperties.getMessage(resource, "loginservices.error_setting_security_question", locale);
Debug.logError(e1, errMsg, module);
}
result.put(ModelService.RESPONSE_MESSAGE, ModelService.RESPOND_SUCCESS);
return result;
}
use of org.apache.ofbiz.security.Security in project ofbiz-framework by apache.
the class LoginServices method updatePassword.
/**
* Updates UserLogin Password info
*@param ctx The DispatchContext that this service is operating in
*@param context Map containing the input parameters
*@return Map with the result of the service, the output parameters
*/
public static Map<String, Object> updatePassword(DispatchContext ctx, Map<String, ?> context) {
Delegator delegator = ctx.getDelegator();
Security security = ctx.getSecurity();
GenericValue loggedInUserLogin = (GenericValue) context.get("userLogin");
Locale locale = (Locale) context.get("locale");
Map<String, Object> result = ServiceUtil.returnSuccess(UtilProperties.getMessage(resource, "loginevents.password_was_changed_with_success", locale));
// load the external auth modules -- note: this will only run once and cache the objects
if (!AuthHelper.authenticatorsLoaded()) {
AuthHelper.loadAuthenticators(ctx.getDispatcher());
}
boolean useEncryption = "true".equals(EntityUtilProperties.getPropertyValue("security", "password.encrypt", delegator));
boolean adminUser = false;
String userLoginId = (String) context.get("userLoginId");
String errMsg = null;
if (UtilValidate.isEmpty(userLoginId)) {
userLoginId = loggedInUserLogin.getString("userLoginId");
}
// TODO: change this security group because we can't use permission groups defined in the applications from the framework.
if (!security.hasEntityPermission("PARTYMGR", "_UPDATE", loggedInUserLogin)) {
if (!userLoginId.equals(loggedInUserLogin.getString("userLoginId"))) {
errMsg = UtilProperties.getMessage(resource, "loginservices.not_have_permission_update_password_for_user_login", locale);
return ServiceUtil.returnError(errMsg);
}
} else {
adminUser = true;
}
String currentPassword = (String) context.get("currentPassword");
String newPassword = (String) context.get("newPassword");
String newPasswordVerify = (String) context.get("newPasswordVerify");
String passwordHint = (String) context.get("passwordHint");
GenericValue userLoginToUpdate = null;
try {
userLoginToUpdate = EntityQuery.use(delegator).from("UserLogin").where("userLoginId", userLoginId).queryOne();
} catch (GenericEntityException e) {
Map<String, String> messageMap = UtilMisc.toMap("errorMessage", e.getMessage());
errMsg = UtilProperties.getMessage(resource, "loginservices.could_not_change_password_read_failure", messageMap, locale);
return ServiceUtil.returnError(errMsg);
}
if (userLoginToUpdate == null) {
// this may be a full external authenticator; first try authenticating
boolean authenticated = false;
try {
authenticated = AuthHelper.authenticate(userLoginId, currentPassword, true);
} catch (AuthenticatorException e) {
// safe to ignore this; but we'll log it just in case
Debug.logWarning(e, e.getMessage(), module);
}
// call update password if auth passed
if (authenticated) {
try {
AuthHelper.updatePassword(userLoginId, currentPassword, newPassword);
} catch (AuthenticatorException e) {
Debug.logError(e, e.getMessage(), module);
Map<String, String> messageMap = UtilMisc.toMap("userLoginId", userLoginId);
errMsg = UtilProperties.getMessage(resource, "loginservices.could_not_change_password_userlogin_with_id_not_exist", messageMap, locale);
return ServiceUtil.returnError(errMsg);
}
// result.put(ModelService.RESPONSE_MESSAGE, ModelService.RESPOND_SUCCESS);
result.put("updatedUserLogin", null);
return result;
}
Map<String, String> messageMap = UtilMisc.toMap("userLoginId", userLoginId);
errMsg = UtilProperties.getMessage(resource, "loginservices.could_not_change_password_userlogin_with_id_not_exist", messageMap, locale);
return ServiceUtil.returnError(errMsg);
}
if ("true".equals(EntityUtilProperties.getPropertyValue("security", "password.lowercase", delegator))) {
currentPassword = currentPassword.toLowerCase(Locale.getDefault());
newPassword = newPassword.toLowerCase(Locale.getDefault());
newPasswordVerify = newPasswordVerify.toLowerCase(Locale.getDefault());
}
List<String> errorMessageList = new LinkedList<>();
if (newPassword != null) {
checkNewPassword(userLoginToUpdate, currentPassword, newPassword, newPasswordVerify, passwordHint, errorMessageList, adminUser, locale);
}
if (errorMessageList.size() > 0) {
return ServiceUtil.returnError(errorMessageList);
}
String externalAuthId = userLoginToUpdate.getString("externalAuthId");
if (UtilValidate.isNotEmpty(externalAuthId)) {
// external auth is set; don't update the database record
try {
AuthHelper.updatePassword(externalAuthId, currentPassword, newPassword);
} catch (AuthenticatorException e) {
Debug.logError(e, e.getMessage(), module);
Map<String, String> messageMap = UtilMisc.toMap("errorMessage", e.getMessage());
errMsg = UtilProperties.getMessage(resource, "loginservices.could_not_change_password_write_failure", messageMap, locale);
return ServiceUtil.returnError(errMsg);
}
} else {
userLoginToUpdate.set("currentPassword", useEncryption ? HashCrypt.cryptUTF8(getHashType(), null, newPassword) : newPassword, false);
userLoginToUpdate.set("passwordHint", passwordHint, false);
// optional parameter in service definition "requirePasswordChange" to update a password to a new generated value that has to be changed by the user
userLoginToUpdate.set("requirePasswordChange", ("Y".equals(context.get("requirePasswordChange")) ? "Y" : "N"));
try {
userLoginToUpdate.store();
createUserLoginPasswordHistory(delegator, userLoginId, newPassword);
} catch (GenericEntityException e) {
Map<String, String> messageMap = UtilMisc.toMap("errorMessage", e.getMessage());
errMsg = UtilProperties.getMessage(resource, "loginservices.could_not_change_password_write_failure", messageMap, locale);
return ServiceUtil.returnError(errMsg);
}
}
result.put("updatedUserLogin", userLoginToUpdate);
return result;
}
use of org.apache.ofbiz.security.Security in project ofbiz-framework by apache.
the class LoginServices method updateUserLoginSecurity.
/**
* Updates UserLogin Security info
*@param ctx The DispatchContext that this service is operating in
*@param context Map containing the input parameters
*@return Map with the result of the service, the output parameters
*/
public static Map<String, Object> updateUserLoginSecurity(DispatchContext ctx, Map<String, ?> context) {
Map<String, Object> result = new LinkedHashMap<>();
Delegator delegator = ctx.getDelegator();
Security security = ctx.getSecurity();
GenericValue loggedInUserLogin = (GenericValue) context.get("userLogin");
Locale locale = (Locale) context.get("locale");
String userLoginId = (String) context.get("userLoginId");
String errMsg = null;
if (UtilValidate.isEmpty(userLoginId)) {
userLoginId = loggedInUserLogin.getString("userLoginId");
}
// <b>security check</b>: must have PARTYMGR_UPDATE permission
if (!security.hasEntityPermission("PARTYMGR", "_UPDATE", loggedInUserLogin) && !security.hasEntityPermission("SECURITY", "_UPDATE", loggedInUserLogin)) {
errMsg = UtilProperties.getMessage(resource, "loginservices.not_permission_update_security_info_for_user_login", locale);
return ServiceUtil.returnError(errMsg);
}
GenericValue userLoginToUpdate = null;
try {
userLoginToUpdate = EntityQuery.use(delegator).from("UserLogin").where("userLoginId", userLoginId).queryOne();
} catch (GenericEntityException e) {
Map<String, String> messageMap = UtilMisc.toMap("errorMessage", e.getMessage());
errMsg = UtilProperties.getMessage(resource, "loginservices.could_not_change_password_read_failure", messageMap, locale);
return ServiceUtil.returnError(errMsg);
}
if (userLoginToUpdate == null) {
Map<String, String> messageMap = UtilMisc.toMap("userLoginId", userLoginId);
errMsg = UtilProperties.getMessage(resource, "loginservices.could_not_change_password_userlogin_with_id_not_exist", messageMap, locale);
return ServiceUtil.returnError(errMsg);
}
boolean wasEnabled = !"N".equals(userLoginToUpdate.get("enabled"));
if (context.containsKey("enabled")) {
userLoginToUpdate.set("enabled", context.get("enabled"), true);
}
if (context.containsKey("disabledDateTime")) {
userLoginToUpdate.set("disabledDateTime", context.get("disabledDateTime"), true);
}
if (context.containsKey("successiveFailedLogins")) {
userLoginToUpdate.set("successiveFailedLogins", context.get("successiveFailedLogins"), true);
}
if (context.containsKey("externalAuthId")) {
userLoginToUpdate.set("externalAuthId", context.get("externalAuthId"), true);
}
if (context.containsKey("userLdapDn")) {
userLoginToUpdate.set("userLdapDn", context.get("userLdapDn"), true);
}
if (context.containsKey("requirePasswordChange")) {
userLoginToUpdate.set("requirePasswordChange", context.get("requirePasswordChange"), true);
}
// if was disabled and we are enabling it, clear disabledDateTime
if (!wasEnabled && "Y".equals(context.get("enabled"))) {
userLoginToUpdate.set("disabledDateTime", null);
userLoginToUpdate.set("disabledBy", null);
}
if ("N".equals(context.get("enabled"))) {
userLoginToUpdate.set("disabledBy", loggedInUserLogin.getString("userLoginId"));
}
try {
userLoginToUpdate.store();
} catch (GenericEntityException e) {
Map<String, String> messageMap = UtilMisc.toMap("errorMessage", e.getMessage());
errMsg = UtilProperties.getMessage(resource, "loginservices.could_not_change_password_write_failure", messageMap, locale);
return ServiceUtil.returnError(errMsg);
}
result.put(ModelService.RESPONSE_MESSAGE, ModelService.RESPOND_SUCCESS);
return result;
}
use of org.apache.ofbiz.security.Security in project ofbiz-framework by apache.
the class PreferenceWorker method isValidSetId.
/**
* Checks for valid userLoginId to set preferences. Returns true if valid.
* <p>This method applies a small rule set to determine if user preferences
* can be set by the current user:</p>
* <ul>
* <li>If the user isn't logged in, then the method returns false</li>
* <li>If the user is logged in and the userPrefLoginId specified in the context Map
* matches the user's userLoginId, then the method returns true.</li>
* <li>If the user is logged in and the userPrefLoginId specified in the context Map
* is different than the user's userLoginId, then a security permission check is performed.
* If the user has the <a href="#ADMIN_PERMISSION">ADMIN_PERMISSION</a>
* permission then the method returns true.</li>
* </ul>
* @param ctx The DispatchContext that this service is operating in.
* @param context Map containing the input arguments.
* @return true if arguments are valid
*/
public static boolean isValidSetId(DispatchContext ctx, Map<String, ?> context) {
GenericValue userLogin = (GenericValue) context.get("userLogin");
if (userLogin == null) {
return false;
}
String currentUserLoginId = userLogin.getString("userLoginId");
String userLoginIdArg = (String) context.get(LOGINID_PARAMETER_NAME);
if (!currentUserLoginId.equals(userLoginIdArg) && userLoginIdArg != null) {
Security security = ctx.getSecurity();
return security.hasPermission(ADMIN_PERMISSION, userLogin);
}
return true;
}
use of org.apache.ofbiz.security.Security in project ofbiz-framework by apache.
the class PreferenceWorker method isValidGetId.
/**
* Checks for valid userLoginId to get preferences. Returns true if valid.
* <p>This method applies a small rule set to determine if user preferences
* can be retrieved by the current user:</p>
* <ul>
* <li>If the user isn't logged in, then the method returns true</li>
* <li>If the user is logged in and the userPrefLoginId specified in the context Map
* matches the user's userLoginId, then the method returns true.</li>
* <li>If the user is logged in and the userPrefLoginId specified in the context Map
* is different than the user's userLoginId, then a security permission check is performed.
* If the user has the <a href="#ADMIN_PERMISSION">ADMIN_PERMISSION</a> permission then the
* method returns true.</li>
* </ul>
*
* @param ctx The DispatchContext that this service is operating in.
* @param context Map containing the input arguments.
* @return true if the userLoginId arguments are valid
*/
public static boolean isValidGetId(DispatchContext ctx, Map<String, ?> context) {
String currentUserLoginId = null;
GenericValue userLogin = (GenericValue) context.get("userLogin");
if (userLogin == null) {
currentUserLoginId = DEFAULT_UID;
} else {
currentUserLoginId = userLogin.getString("userLoginId");
}
String userLoginIdArg = (String) context.get(LOGINID_PARAMETER_NAME);
if (!currentUserLoginId.equals(DEFAULT_UID) && !currentUserLoginId.equals(userLoginIdArg) && userLoginIdArg != null) {
Security security = ctx.getSecurity();
return security.hasPermission(ADMIN_PERMISSION, userLogin);
}
return true;
}
Aggregations