Search in sources :

Example 66 with Security

use of org.apache.ofbiz.security.Security in project ofbiz-framework by apache.

the class LoginServices method createUserLogin.

/**
 * Creates a UserLogin
 *@param ctx The DispatchContext that this service is operating in
 *@param context Map containing the input parameters
 *@return Map with the result of the service, the output parameters
 */
public static Map<String, Object> createUserLogin(DispatchContext ctx, Map<String, ?> context) {
    Map<String, Object> result = new LinkedHashMap<>();
    Delegator delegator = ctx.getDelegator();
    LocalDispatcher dispatcher = ctx.getDispatcher();
    Security security = ctx.getSecurity();
    GenericValue loggedInUserLogin = (GenericValue) context.get("userLogin");
    List<String> errorMessageList = new LinkedList<>();
    Locale locale = (Locale) context.get("locale");
    boolean useEncryption = "true".equals(EntityUtilProperties.getPropertyValue("security", "password.encrypt", delegator));
    String userLoginId = (String) context.get("userLoginId");
    String partyId = (String) context.get("partyId");
    String currentPassword = (String) context.get("currentPassword");
    String currentPasswordVerify = (String) context.get("currentPasswordVerify");
    String enabled = (String) context.get("enabled");
    String passwordHint = (String) context.get("passwordHint");
    String requirePasswordChange = (String) context.get("requirePasswordChange");
    String externalAuthId = (String) context.get("externalAuthId");
    String errMsg = null;
    String questionEnumId = (String) context.get("securityQuestion");
    String securityAnswer = (String) context.get("securityAnswer");
    // unless the logged in user has permission to do so (same partyId or PARTYMGR_CREATE)
    if (UtilValidate.isNotEmpty(partyId)) {
        GenericValue party = null;
        try {
            party = EntityQuery.use(delegator).from("Party").where("partyId", partyId).queryOne();
        } catch (GenericEntityException e) {
            Debug.logWarning(e, "", module);
        }
        if (party != null) {
            if (loggedInUserLogin != null) {
                // <b>security check</b>: userLogin partyId must equal partyId, or must have PARTYMGR_CREATE permission
                if (!partyId.equals(loggedInUserLogin.getString("partyId"))) {
                    if (!security.hasEntityPermission("PARTYMGR", "_CREATE", loggedInUserLogin)) {
                        errMsg = UtilProperties.getMessage(resource, "loginservices.party_with_specified_party_ID_exists_not_have_permission", locale);
                        errorMessageList.add(errMsg);
                    }
                }
            } else {
                errMsg = UtilProperties.getMessage(resource, "loginservices.must_be_logged_in_and_permission_create_login_party_ID_exists", locale);
                errorMessageList.add(errMsg);
            }
        }
    }
    GenericValue userLoginToCreate = delegator.makeValue("UserLogin", UtilMisc.toMap("userLoginId", userLoginId));
    checkNewPassword(userLoginToCreate, null, currentPassword, currentPasswordVerify, passwordHint, errorMessageList, true, locale);
    userLoginToCreate.set("externalAuthId", externalAuthId);
    userLoginToCreate.set("passwordHint", passwordHint);
    userLoginToCreate.set("enabled", enabled);
    userLoginToCreate.set("requirePasswordChange", requirePasswordChange);
    userLoginToCreate.set("currentPassword", useEncryption ? HashCrypt.cryptUTF8(getHashType(), null, currentPassword) : currentPassword);
    try {
        userLoginToCreate.set("partyId", partyId);
    } catch (Exception e) {
        // Will get thrown in framework-only installation
        Debug.logInfo(e, "Exception thrown while setting UserLogin partyId field: ", module);
    }
    try {
        EntityCondition condition = EntityCondition.makeCondition(EntityFunction.UPPER_FIELD("userLoginId"), EntityOperator.EQUALS, EntityFunction.UPPER(userLoginId));
        if (UtilValidate.isNotEmpty(EntityQuery.use(delegator).from("UserLogin").where(condition).queryList())) {
            Map<String, String> messageMap = UtilMisc.toMap("userLoginId", userLoginId);
            errMsg = UtilProperties.getMessage(resource, "loginservices.could_not_create_login_user_with_ID_exists", messageMap, locale);
            errorMessageList.add(errMsg);
        }
    } catch (GenericEntityException e) {
        Debug.logWarning(e, "", module);
        Map<String, String> messageMap = UtilMisc.toMap("errorMessage", e.getMessage());
        errMsg = UtilProperties.getMessage(resource, "loginservices.could_not_create_login_user_read_failure", messageMap, locale);
        errorMessageList.add(errMsg);
    }
    if (errorMessageList.size() > 0) {
        return ServiceUtil.returnError(errorMessageList);
    }
    try {
        userLoginToCreate.create();
        createUserLoginPasswordHistory(delegator, userLoginId, currentPassword);
    } catch (GenericEntityException e) {
        Debug.logWarning(e, "", module);
        Map<String, String> messageMap = UtilMisc.toMap("errorMessage", e.getMessage());
        errMsg = UtilProperties.getMessage(resource, "loginservices.could_not_create_login_user_write_failure", messageMap, locale);
        return ServiceUtil.returnError(errMsg);
    }
    try {
        if (UtilValidate.isNotEmpty(securityAnswer)) {
            Map<String, Object> resultMap = dispatcher.runSync("createUserLoginSecurityQuestion", UtilMisc.toMap("userLogin", loggedInUserLogin, "userLoginId", userLoginId, "questionEnumId", questionEnumId, "securityAnswer", securityAnswer));
            if (ServiceUtil.isError(resultMap)) {
                errMsg = ServiceUtil.getErrorMessage(resultMap);
                errorMessageList.add(errMsg);
                Debug.logError(errMsg, module);
            }
        }
    } catch (GenericServiceException e1) {
        errMsg = UtilProperties.getMessage(resource, "loginservices.error_setting_security_question", locale);
        Debug.logError(e1, errMsg, module);
    }
    result.put(ModelService.RESPONSE_MESSAGE, ModelService.RESPOND_SUCCESS);
    return result;
}
Also used : Locale(java.util.Locale) GenericValue(org.apache.ofbiz.entity.GenericValue) LocalDispatcher(org.apache.ofbiz.service.LocalDispatcher) EntityCondition(org.apache.ofbiz.entity.condition.EntityCondition) Security(org.apache.ofbiz.security.Security) LinkedList(java.util.LinkedList) ServletException(javax.servlet.ServletException) GenericServiceException(org.apache.ofbiz.service.GenericServiceException) AuthenticatorException(org.apache.ofbiz.common.authentication.api.AuthenticatorException) GenericTransactionException(org.apache.ofbiz.entity.transaction.GenericTransactionException) GenericEntityException(org.apache.ofbiz.entity.GenericEntityException) LinkedHashMap(java.util.LinkedHashMap) Delegator(org.apache.ofbiz.entity.Delegator) GenericEntityException(org.apache.ofbiz.entity.GenericEntityException) GenericServiceException(org.apache.ofbiz.service.GenericServiceException) LinkedHashMap(java.util.LinkedHashMap) Map(java.util.Map)

Example 67 with Security

use of org.apache.ofbiz.security.Security in project ofbiz-framework by apache.

the class LoginServices method updatePassword.

/**
 * Updates UserLogin Password info
 *@param ctx The DispatchContext that this service is operating in
 *@param context Map containing the input parameters
 *@return Map with the result of the service, the output parameters
 */
public static Map<String, Object> updatePassword(DispatchContext ctx, Map<String, ?> context) {
    Delegator delegator = ctx.getDelegator();
    Security security = ctx.getSecurity();
    GenericValue loggedInUserLogin = (GenericValue) context.get("userLogin");
    Locale locale = (Locale) context.get("locale");
    Map<String, Object> result = ServiceUtil.returnSuccess(UtilProperties.getMessage(resource, "loginevents.password_was_changed_with_success", locale));
    // load the external auth modules -- note: this will only run once and cache the objects
    if (!AuthHelper.authenticatorsLoaded()) {
        AuthHelper.loadAuthenticators(ctx.getDispatcher());
    }
    boolean useEncryption = "true".equals(EntityUtilProperties.getPropertyValue("security", "password.encrypt", delegator));
    boolean adminUser = false;
    String userLoginId = (String) context.get("userLoginId");
    String errMsg = null;
    if (UtilValidate.isEmpty(userLoginId)) {
        userLoginId = loggedInUserLogin.getString("userLoginId");
    }
    // TODO: change this security group because we can't use permission groups defined in the applications from the framework.
    if (!security.hasEntityPermission("PARTYMGR", "_UPDATE", loggedInUserLogin)) {
        if (!userLoginId.equals(loggedInUserLogin.getString("userLoginId"))) {
            errMsg = UtilProperties.getMessage(resource, "loginservices.not_have_permission_update_password_for_user_login", locale);
            return ServiceUtil.returnError(errMsg);
        }
    } else {
        adminUser = true;
    }
    String currentPassword = (String) context.get("currentPassword");
    String newPassword = (String) context.get("newPassword");
    String newPasswordVerify = (String) context.get("newPasswordVerify");
    String passwordHint = (String) context.get("passwordHint");
    GenericValue userLoginToUpdate = null;
    try {
        userLoginToUpdate = EntityQuery.use(delegator).from("UserLogin").where("userLoginId", userLoginId).queryOne();
    } catch (GenericEntityException e) {
        Map<String, String> messageMap = UtilMisc.toMap("errorMessage", e.getMessage());
        errMsg = UtilProperties.getMessage(resource, "loginservices.could_not_change_password_read_failure", messageMap, locale);
        return ServiceUtil.returnError(errMsg);
    }
    if (userLoginToUpdate == null) {
        // this may be a full external authenticator; first try authenticating
        boolean authenticated = false;
        try {
            authenticated = AuthHelper.authenticate(userLoginId, currentPassword, true);
        } catch (AuthenticatorException e) {
            // safe to ignore this; but we'll log it just in case
            Debug.logWarning(e, e.getMessage(), module);
        }
        // call update password if auth passed
        if (authenticated) {
            try {
                AuthHelper.updatePassword(userLoginId, currentPassword, newPassword);
            } catch (AuthenticatorException e) {
                Debug.logError(e, e.getMessage(), module);
                Map<String, String> messageMap = UtilMisc.toMap("userLoginId", userLoginId);
                errMsg = UtilProperties.getMessage(resource, "loginservices.could_not_change_password_userlogin_with_id_not_exist", messageMap, locale);
                return ServiceUtil.returnError(errMsg);
            }
            // result.put(ModelService.RESPONSE_MESSAGE, ModelService.RESPOND_SUCCESS);
            result.put("updatedUserLogin", null);
            return result;
        }
        Map<String, String> messageMap = UtilMisc.toMap("userLoginId", userLoginId);
        errMsg = UtilProperties.getMessage(resource, "loginservices.could_not_change_password_userlogin_with_id_not_exist", messageMap, locale);
        return ServiceUtil.returnError(errMsg);
    }
    if ("true".equals(EntityUtilProperties.getPropertyValue("security", "password.lowercase", delegator))) {
        currentPassword = currentPassword.toLowerCase(Locale.getDefault());
        newPassword = newPassword.toLowerCase(Locale.getDefault());
        newPasswordVerify = newPasswordVerify.toLowerCase(Locale.getDefault());
    }
    List<String> errorMessageList = new LinkedList<>();
    if (newPassword != null) {
        checkNewPassword(userLoginToUpdate, currentPassword, newPassword, newPasswordVerify, passwordHint, errorMessageList, adminUser, locale);
    }
    if (errorMessageList.size() > 0) {
        return ServiceUtil.returnError(errorMessageList);
    }
    String externalAuthId = userLoginToUpdate.getString("externalAuthId");
    if (UtilValidate.isNotEmpty(externalAuthId)) {
        // external auth is set; don't update the database record
        try {
            AuthHelper.updatePassword(externalAuthId, currentPassword, newPassword);
        } catch (AuthenticatorException e) {
            Debug.logError(e, e.getMessage(), module);
            Map<String, String> messageMap = UtilMisc.toMap("errorMessage", e.getMessage());
            errMsg = UtilProperties.getMessage(resource, "loginservices.could_not_change_password_write_failure", messageMap, locale);
            return ServiceUtil.returnError(errMsg);
        }
    } else {
        userLoginToUpdate.set("currentPassword", useEncryption ? HashCrypt.cryptUTF8(getHashType(), null, newPassword) : newPassword, false);
        userLoginToUpdate.set("passwordHint", passwordHint, false);
        // optional parameter in service definition "requirePasswordChange" to update a password to a new generated value that has to be changed by the user
        userLoginToUpdate.set("requirePasswordChange", ("Y".equals(context.get("requirePasswordChange")) ? "Y" : "N"));
        try {
            userLoginToUpdate.store();
            createUserLoginPasswordHistory(delegator, userLoginId, newPassword);
        } catch (GenericEntityException e) {
            Map<String, String> messageMap = UtilMisc.toMap("errorMessage", e.getMessage());
            errMsg = UtilProperties.getMessage(resource, "loginservices.could_not_change_password_write_failure", messageMap, locale);
            return ServiceUtil.returnError(errMsg);
        }
    }
    result.put("updatedUserLogin", userLoginToUpdate);
    return result;
}
Also used : Locale(java.util.Locale) GenericValue(org.apache.ofbiz.entity.GenericValue) AuthenticatorException(org.apache.ofbiz.common.authentication.api.AuthenticatorException) Security(org.apache.ofbiz.security.Security) LinkedList(java.util.LinkedList) Delegator(org.apache.ofbiz.entity.Delegator) GenericEntityException(org.apache.ofbiz.entity.GenericEntityException) LinkedHashMap(java.util.LinkedHashMap) Map(java.util.Map)

Example 68 with Security

use of org.apache.ofbiz.security.Security in project ofbiz-framework by apache.

the class LoginServices method updateUserLoginSecurity.

/**
 * Updates UserLogin Security info
 *@param ctx The DispatchContext that this service is operating in
 *@param context Map containing the input parameters
 *@return Map with the result of the service, the output parameters
 */
public static Map<String, Object> updateUserLoginSecurity(DispatchContext ctx, Map<String, ?> context) {
    Map<String, Object> result = new LinkedHashMap<>();
    Delegator delegator = ctx.getDelegator();
    Security security = ctx.getSecurity();
    GenericValue loggedInUserLogin = (GenericValue) context.get("userLogin");
    Locale locale = (Locale) context.get("locale");
    String userLoginId = (String) context.get("userLoginId");
    String errMsg = null;
    if (UtilValidate.isEmpty(userLoginId)) {
        userLoginId = loggedInUserLogin.getString("userLoginId");
    }
    // <b>security check</b>: must have PARTYMGR_UPDATE permission
    if (!security.hasEntityPermission("PARTYMGR", "_UPDATE", loggedInUserLogin) && !security.hasEntityPermission("SECURITY", "_UPDATE", loggedInUserLogin)) {
        errMsg = UtilProperties.getMessage(resource, "loginservices.not_permission_update_security_info_for_user_login", locale);
        return ServiceUtil.returnError(errMsg);
    }
    GenericValue userLoginToUpdate = null;
    try {
        userLoginToUpdate = EntityQuery.use(delegator).from("UserLogin").where("userLoginId", userLoginId).queryOne();
    } catch (GenericEntityException e) {
        Map<String, String> messageMap = UtilMisc.toMap("errorMessage", e.getMessage());
        errMsg = UtilProperties.getMessage(resource, "loginservices.could_not_change_password_read_failure", messageMap, locale);
        return ServiceUtil.returnError(errMsg);
    }
    if (userLoginToUpdate == null) {
        Map<String, String> messageMap = UtilMisc.toMap("userLoginId", userLoginId);
        errMsg = UtilProperties.getMessage(resource, "loginservices.could_not_change_password_userlogin_with_id_not_exist", messageMap, locale);
        return ServiceUtil.returnError(errMsg);
    }
    boolean wasEnabled = !"N".equals(userLoginToUpdate.get("enabled"));
    if (context.containsKey("enabled")) {
        userLoginToUpdate.set("enabled", context.get("enabled"), true);
    }
    if (context.containsKey("disabledDateTime")) {
        userLoginToUpdate.set("disabledDateTime", context.get("disabledDateTime"), true);
    }
    if (context.containsKey("successiveFailedLogins")) {
        userLoginToUpdate.set("successiveFailedLogins", context.get("successiveFailedLogins"), true);
    }
    if (context.containsKey("externalAuthId")) {
        userLoginToUpdate.set("externalAuthId", context.get("externalAuthId"), true);
    }
    if (context.containsKey("userLdapDn")) {
        userLoginToUpdate.set("userLdapDn", context.get("userLdapDn"), true);
    }
    if (context.containsKey("requirePasswordChange")) {
        userLoginToUpdate.set("requirePasswordChange", context.get("requirePasswordChange"), true);
    }
    // if was disabled and we are enabling it, clear disabledDateTime
    if (!wasEnabled && "Y".equals(context.get("enabled"))) {
        userLoginToUpdate.set("disabledDateTime", null);
        userLoginToUpdate.set("disabledBy", null);
    }
    if ("N".equals(context.get("enabled"))) {
        userLoginToUpdate.set("disabledBy", loggedInUserLogin.getString("userLoginId"));
    }
    try {
        userLoginToUpdate.store();
    } catch (GenericEntityException e) {
        Map<String, String> messageMap = UtilMisc.toMap("errorMessage", e.getMessage());
        errMsg = UtilProperties.getMessage(resource, "loginservices.could_not_change_password_write_failure", messageMap, locale);
        return ServiceUtil.returnError(errMsg);
    }
    result.put(ModelService.RESPONSE_MESSAGE, ModelService.RESPOND_SUCCESS);
    return result;
}
Also used : Locale(java.util.Locale) GenericValue(org.apache.ofbiz.entity.GenericValue) Delegator(org.apache.ofbiz.entity.Delegator) GenericEntityException(org.apache.ofbiz.entity.GenericEntityException) Security(org.apache.ofbiz.security.Security) LinkedHashMap(java.util.LinkedHashMap) Map(java.util.Map) LinkedHashMap(java.util.LinkedHashMap)

Example 69 with Security

use of org.apache.ofbiz.security.Security in project ofbiz-framework by apache.

the class PreferenceWorker method isValidSetId.

/**
 * Checks for valid userLoginId to set preferences. Returns true if valid.
 * <p>This method applies a small rule set to determine if user preferences
 * can be set by the current user:</p>
 * <ul>
 * <li>If the user isn't logged in, then the method returns false</li>
 * <li>If the user is logged in and the userPrefLoginId specified in the context Map
 * matches the user's userLoginId, then the method returns true.</li>
 * <li>If the user is logged in and the userPrefLoginId specified in the context Map
 * is different than the user's userLoginId, then a security permission check is performed.
 * If the user has the <a href="#ADMIN_PERMISSION">ADMIN_PERMISSION</a>
 * permission then the method returns true.</li>
 * </ul>
 * @param ctx The DispatchContext that this service is operating in.
 * @param context Map containing the input arguments.
 * @return true if arguments are valid
 */
public static boolean isValidSetId(DispatchContext ctx, Map<String, ?> context) {
    GenericValue userLogin = (GenericValue) context.get("userLogin");
    if (userLogin == null) {
        return false;
    }
    String currentUserLoginId = userLogin.getString("userLoginId");
    String userLoginIdArg = (String) context.get(LOGINID_PARAMETER_NAME);
    if (!currentUserLoginId.equals(userLoginIdArg) && userLoginIdArg != null) {
        Security security = ctx.getSecurity();
        return security.hasPermission(ADMIN_PERMISSION, userLogin);
    }
    return true;
}
Also used : GenericValue(org.apache.ofbiz.entity.GenericValue) Security(org.apache.ofbiz.security.Security)

Example 70 with Security

use of org.apache.ofbiz.security.Security in project ofbiz-framework by apache.

the class PreferenceWorker method isValidGetId.

/**
 * Checks for valid userLoginId to get preferences. Returns true if valid.
 * <p>This method applies a small rule set to determine if user preferences
 * can be retrieved by the current user:</p>
 * <ul>
 * <li>If the user isn't logged in, then the method returns true</li>
 * <li>If the user is logged in and the userPrefLoginId specified in the context Map
 * matches the user's userLoginId, then the method returns true.</li>
 * <li>If the user is logged in and the userPrefLoginId specified in the context Map
 * is different than the user's userLoginId, then a security permission check is performed.
 * If the user has the <a href="#ADMIN_PERMISSION">ADMIN_PERMISSION</a> permission then the
 *  method returns true.</li>
 * </ul>
 *
 * @param ctx The DispatchContext that this service is operating in.
 * @param context Map containing the input arguments.
 * @return true if the userLoginId arguments are valid
 */
public static boolean isValidGetId(DispatchContext ctx, Map<String, ?> context) {
    String currentUserLoginId = null;
    GenericValue userLogin = (GenericValue) context.get("userLogin");
    if (userLogin == null) {
        currentUserLoginId = DEFAULT_UID;
    } else {
        currentUserLoginId = userLogin.getString("userLoginId");
    }
    String userLoginIdArg = (String) context.get(LOGINID_PARAMETER_NAME);
    if (!currentUserLoginId.equals(DEFAULT_UID) && !currentUserLoginId.equals(userLoginIdArg) && userLoginIdArg != null) {
        Security security = ctx.getSecurity();
        return security.hasPermission(ADMIN_PERMISSION, userLogin);
    }
    return true;
}
Also used : GenericValue(org.apache.ofbiz.entity.GenericValue) Security(org.apache.ofbiz.security.Security)

Aggregations

Security (org.apache.ofbiz.security.Security)79 GenericValue (org.apache.ofbiz.entity.GenericValue)69 Delegator (org.apache.ofbiz.entity.Delegator)60 Locale (java.util.Locale)56 GenericEntityException (org.apache.ofbiz.entity.GenericEntityException)54 HashMap (java.util.HashMap)36 Timestamp (java.sql.Timestamp)27 LinkedList (java.util.LinkedList)27 LocalDispatcher (org.apache.ofbiz.service.LocalDispatcher)20 GenericServiceException (org.apache.ofbiz.service.GenericServiceException)18 Map (java.util.Map)12 HttpSession (javax.servlet.http.HttpSession)7 GeneralException (org.apache.ofbiz.base.util.GeneralException)7 BigDecimal (java.math.BigDecimal)6 List (java.util.List)5 IOException (java.io.IOException)4 ArrayList (java.util.ArrayList)4 Date (java.util.Date)4 GenericTransactionException (org.apache.ofbiz.entity.transaction.GenericTransactionException)4 File (java.io.File)3