Example 1 with ILocalAccountPerson
use of org.apereo.portal.persondir.ILocalAccountPerson in project uPortal by Jasig.
the class UserAccountHelper method createPassword.
/**
* Similar to updateAccount, but narrowed to the password and re-tooled to work as the guest
* user (which is what you are, when you have a valid security token).
*/
public void createPassword(PersonForm form, String token) {
final String username = form.getUsername();
// Re-validate the token to prevent URL hacking
if (!validateLoginToken(username, token)) {
throw new RuntimeException("Attempt to set a password for user '" + username + "' without a valid security token");
}
final String password = form.getPassword();
if (StringUtils.isNotBlank(password)) {
if (!password.equals(form.getConfirmPassword())) {
throw new RuntimeException("Passwords don't match");
}
ILocalAccountPerson account = accountDao.getPerson(username);
account.setPassword(passwordService.encryptPassword(password));
account.setLastPasswordChange(new Date());
account.removeAttribute("loginToken");
accountDao.updateAccount(account);
if (log.isInfoEnabled()) {
log.info("Password created for account: " + account);
}
} else {
throw new RuntimeException("Attempt to set a password for user '" + form.getUsername() + "' but the password was blank");
}
}
Also used :
ILocalAccountPerson(org.apereo.portal.persondir.ILocalAccountPerson)
Date(java.util.Date)
Example 2 with ILocalAccountPerson
use of org.apereo.portal.persondir.ILocalAccountPerson in project uPortal by Jasig.
the class UserAccountHelper method updateAccount.
public void updateAccount(IPerson currentUser, PersonForm form) {
ILocalAccountPerson account;
// username
if (form.getId() < 0) {
account = accountDao.getPerson(form.getUsername());
if (account == null) {
/*
* Should there be a permissions check to verify
* the user is allowed to create new users?
*/
account = accountDao.createPerson(form.getUsername());
}
} else // otherwise, get the existing account from the database
{
account = accountDao.getPerson(form.getId());
}
/*
* SANITY CHECK #1: Is the user permitted to modify this account?
* (Presumably this check was already made when the page was rendered,
* but re-checking alleviates danger from cleverly-crafted HTTP
* requests.)
*/
if (!canEditUser(currentUser, account.getName())) {
throw new RuntimeException("Current user " + currentUser.getName() + " does not have permissions to update person " + account.getName());
}
// Used w/ check #2
EntityIdentifier ei = currentUser.getEntityIdentifier();
IAuthorizationPrincipal ap = AuthorizationServiceFacade.instance().newPrincipal(ei.getKey(), ei.getType());
// update the account attributes to match those specified in the form
List<Preference> editableAttributes = getEditableUserAttributes(currentUser);
for (Preference editableAttribute : editableAttributes) {
String attributeName = editableAttribute.getName();
/*
* SANITY CHECK #2: Should never fail since getEditableUserAttributes should return only
* editable attribute names, but do this anyway just in case.
*/
if (!ap.hasPermission("UP_USERS", "EDIT_USER_ATTRIBUTE", attributeName)) {
throw new RuntimeException("Current user " + currentUser.getName() + " does not have permissions to edit attribute " + attributeName);
}
if (form.getAttributes().get(attributeName) == null || form.getAttributes().get(attributeName).isBlank()) {
account.removeAttribute(attributeName);
} else {
account.setAttribute(attributeName, form.getAttributes().get(attributeName).getValue());
}
}
// if a new password has been specified, update the account password
if (StringUtils.isNotBlank(form.getPassword())) {
account.setPassword(passwordService.encryptPassword(form.getPassword()));
account.setLastPasswordChange(new Date());
account.removeAttribute("loginToken");
}
accountDao.updateAccount(account);
log.info("Account " + account.getName() + " successfully updated");
}
Also used :
Preference(org.apereo.portal.portletpublishing.xml.Preference)
IAuthorizationPrincipal(org.apereo.portal.security.IAuthorizationPrincipal)
EntityIdentifier(org.apereo.portal.EntityIdentifier)
ILocalAccountPerson(org.apereo.portal.persondir.ILocalAccountPerson)
Date(java.util.Date)
Example 3 with ILocalAccountPerson
use of org.apereo.portal.persondir.ILocalAccountPerson in project uPortal by Jasig.
the class UserImporterExporter method importData.
@Transactional
@Override
public void importData(UserType userType) {
final String username = userType.getUsername();
final Long nextStructId = getNextStructId(username);
// Update or Insert
final int rowsUpdated = this.jdbcOperations.update("UPDATE UP_USER \n" + "SET USER_DFLT_LAY_ID=1, NEXT_STRUCT_ID=? \n" + "WHERE USER_NAME = ?", nextStructId, username);
if (rowsUpdated != 1) {
final int userId = this.counterStore.getNextId("UP_USER");
this.jdbcOperations.update("INSERT INTO UP_USER(USER_ID, USER_DFLT_LAY_ID, NEXT_STRUCT_ID, USER_NAME) \n" + "VALUES(?, 1, ?, ?)", userId, nextStructId, username);
}
ILocalAccountPerson account = this.localAccountDao.getPerson(username);
final String password = userType.getPassword();
final List<Attribute> attributes = userType.getAttributes();
if (password == null && attributes.isEmpty()) {
// No local account data, clean up the DB
if (account != null) {
this.localAccountDao.deleteAccount(account);
}
} else {
// Create or Update local account info
if (account == null) {
account = this.localAccountDao.createPerson(username);
}
account.setPassword(password);
final Calendar lastPasswordChange = userType.getLastPasswordChange();
if (lastPasswordChange != null) {
account.setLastPasswordChange(lastPasswordChange.getTime());
}
account.removeAttribute(username);
for (final Attribute attribute : attributes) {
account.setAttribute(attribute.getName(), attribute.getValues());
}
this.localAccountDao.updateAccount(account);
}
}
Also used :
Calendar(java.util.Calendar)
ILocalAccountPerson(org.apereo.portal.persondir.ILocalAccountPerson)
Transactional(org.springframework.transaction.annotation.Transactional)
Example 4 with ILocalAccountPerson
use of org.apereo.portal.persondir.ILocalAccountPerson in project uPortal by Jasig.
the class SimpleSecurityContext method authenticate.
/**
* Authenticate user.
*
* @exception PortalSecurityException
*/
@Override
public synchronized void authenticate() throws PortalSecurityException {
this.isauth = false;
if (this.myPrincipal.UID != null && this.myOpaqueCredentials.credentialstring != null) {
// Logs if an attempt is made to log into a local account
if (log.isWarnEnabled())
log.warn("An attempt to log into the local login has occurred. user=" + this.myPrincipal.UID);
try {
ILocalAccountDao accountStore = LocalAccountDaoLocator.getLocalAccountDao();
IPortalPasswordService passwordService = PortalPasswordServiceLocator.getPortalPasswordService();
// retrieve the account from the local user store
ILocalAccountPerson account = accountStore.getPerson(this.myPrincipal.UID);
if (account != null) {
// get the account password as an ASCII string
String loginPassword = new String(this.myOpaqueCredentials.credentialstring, UTF_8);
// account password, authenticate the user
if (passwordService.validatePassword(loginPassword, account.getPassword())) {
// set the full name for this user
String fullName = (String) account.getAttributeValue("displayName");
this.myPrincipal.FullName = fullName;
if (log.isInfoEnabled())
log.info("User " + this.myPrincipal.UID + " is authenticated");
this.isauth = true;
} else {
log.info("Password Invalid");
}
} else {
if (log.isInfoEnabled())
log.info("No such user: " + this.myPrincipal.UID);
}
} catch (Exception e) {
log.error("Error authenticating user", e);
throw new RuntimeException("Error authenticating user", e);
}
} else // If the principal and/or credential are missing, the context authentication
// simply fails. It should not be construed that this is an error. It happens for guest
// access.
{
log.info("Principal or OpaqueCredentials not initialized prior to authenticate");
}
// Ok...we are now ready to authenticate all of our subcontexts.
super.authenticate();
return;
}
Also used :
IPortalPasswordService(org.apereo.portal.security.IPortalPasswordService)
ILocalAccountDao(org.apereo.portal.persondir.ILocalAccountDao)
ILocalAccountPerson(org.apereo.portal.persondir.ILocalAccountPerson)
PortalSecurityException(org.apereo.portal.security.PortalSecurityException)
Example 5 with ILocalAccountPerson
use of org.apereo.portal.persondir.ILocalAccountPerson in project uPortal by Jasig.
the class JpaLocalAccountDaoImplTest method testAccountSearch.
@Test
public void testAccountSearch() throws Exception {
// Create users
this.execute(new Callable<Object>() {
@Override
public Object call() throws Exception {
final ILocalAccountPerson user1 = localAccountDao.createPerson("user1");
user1.setAttribute("attr1", "value1", "ValUe2", "blue");
user1.setAttribute("attr2", "foobar");
localAccountDao.updateAccount(user1);
final ILocalAccountPerson user2 = localAccountDao.createPerson("user2");
user2.setAttribute("attr1", "blue");
user2.setAttribute("attr2", "barrun");
localAccountDao.updateAccount(user2);
return null;
}
});
// Direct Access
this.execute(new Callable<Object>() {
@Override
public Object call() throws Exception {
final ILocalAccountPerson user1 = localAccountDao.getPerson("user1");
assertNotNull(user1);
assertEquals("user1", user1.getName());
final Map<String, List<Object>> attributes = user1.getAttributes();
assertNotNull(attributes);
assertEquals(2, attributes.size());
return null;
}
});
// Query 0
this.execute(new Callable<Object>() {
@Override
public Object call() throws Exception {
final LocalAccountQuery query = new LocalAccountQuery();
query.setAttribute("attr1", Arrays.asList("black"));
final List<ILocalAccountPerson> people = localAccountDao.getPeople(query);
assertNotNull(people);
assertEquals(0, people.size());
return null;
}
});
// Query 1
this.execute(new Callable<Object>() {
@Override
public Object call() throws Exception {
final LocalAccountQuery query = new LocalAccountQuery();
query.setAttribute("attr1", Arrays.asList("value"));
query.setAttribute("attr2", Arrays.asList("bar"));
final List<ILocalAccountPerson> people = localAccountDao.getPeople(query);
assertNotNull(people);
assertEquals(2, people.size());
return null;
}
});
// Query 2
this.execute(new Callable<Object>() {
@Override
public Object call() throws Exception {
final LocalAccountQuery query = new LocalAccountQuery();
query.setAttribute("attr1", Arrays.asList("black"));
query.setAttribute("attr2", Arrays.asList("foo", "run"));
final List<ILocalAccountPerson> people = localAccountDao.getPeople(query);
assertNotNull(people);
assertEquals(2, people.size());
return null;
}
});
}
Also used :
List(java.util.List)
ILocalAccountPerson(org.apereo.portal.persondir.ILocalAccountPerson)
Map(java.util.Map)
LocalAccountQuery(org.apereo.portal.persondir.LocalAccountQuery)
Test(org.junit.Test)
BasePortalJpaDaoTest(org.apereo.portal.test.BasePortalJpaDaoTest)
Aggregations
ILocalAccountPerson (org.apereo.portal.persondir.ILocalAccountPerson)14
Date (java.util.Date)3
Calendar (java.util.Calendar)2
List (java.util.List)2
Map (java.util.Map)2
ILocalAccountDao (org.apereo.portal.persondir.ILocalAccountDao)2
PortalSecurityException (org.apereo.portal.security.PortalSecurityException)2
Test (org.junit.Test)2
Transactional (org.springframework.transaction.annotation.Transactional)2
URL (java.net.URL)1
ArrayList (java.util.ArrayList)1
Multipart (javax.mail.Multipart)1
InternetAddress (javax.mail.internet.InternetAddress)1
MimeMessage (javax.mail.internet.MimeMessage)1
EntityManager (javax.persistence.EntityManager)1
HttpServletRequest (javax.servlet.http.HttpServletRequest)1
EntityIdentifier (org.apereo.portal.EntityIdentifier)1
LocalAccountQuery (org.apereo.portal.persondir.LocalAccountQuery)1
Preference (org.apereo.portal.portletpublishing.xml.Preference)1
StringListAttribute (org.apereo.portal.portlets.StringListAttribute)1
