Example 6 with AdminAuthorization
use of org.bimserver.webservices.authorization.AdminAuthorization in project BIMserver by opensourceBIM.
the class LoginDatabaseAction method execute.
@Override
public String execute() throws UserException, BimserverLockConflictException, BimserverDatabaseException, ServerException {
BimDatabaseAction<User> action = new GetUserByUserNameDatabaseAction(getDatabaseSession(), getAccessMethod(), username);
User user = action.execute();
if (user != null) {
if (user.getPasswordHash() == null || user.getPasswordHash().length == 0) {
throw new UserException("Your email address has not been validated yet");
}
if (new Authenticator().validate(password, user.getPasswordHash(), user.getPasswordSalt())) {
if (user.getState() == ObjectState.DELETED) {
throw new UserException("User account has been deleted");
} else if (user.getUserType() == UserType.SYSTEM) {
throw new UserException("System user cannot login");
}
Authorization authorization = null;
if (user.getUserType() == UserType.ADMIN) {
authorization = new AdminAuthorization(bimServer.getServerSettingsCache().getServerSettings().getSessionTimeOutSeconds(), TimeUnit.SECONDS);
} else {
authorization = new UserAuthorization(bimServer.getServerSettingsCache().getServerSettings().getSessionTimeOutSeconds(), TimeUnit.SECONDS);
}
authorization.setUoid(user.getOid());
String asHexToken = authorization.asHexToken(bimServer.getEncryptionKey());
serviceMap.setAuthorization(authorization);
if (bimServer.getServerSettingsCache().getServerSettings().isStoreLastLogin()) {
user.setLastSeen(new Date());
getDatabaseSession().store(user);
}
return asHexToken;
}
}
try {
// Adding a random sleep to prevent timing attacks
Thread.sleep(DEFAULT_LOGIN_ERROR_TIMEOUT + new java.security.SecureRandom().nextInt(1000));
} catch (InterruptedException e) {
LOGGER.error("", e);
}
throw new UserException("Invalid username/password combination");
}
Also used :
User(org.bimserver.models.store.User)
UserAuthorization(org.bimserver.webservices.authorization.UserAuthorization)
Date(java.util.Date)
UserAuthorization(org.bimserver.webservices.authorization.UserAuthorization)
AdminAuthorization(org.bimserver.webservices.authorization.AdminAuthorization)
Authorization(org.bimserver.webservices.authorization.Authorization)
UserException(org.bimserver.shared.exceptions.UserException)
Authenticator(org.bimserver.Authenticator)
AdminAuthorization(org.bimserver.webservices.authorization.AdminAuthorization)
Aggregations
AdminAuthorization (org.bimserver.webservices.authorization.AdminAuthorization)6
User (org.bimserver.models.store.User)4
UserException (org.bimserver.shared.exceptions.UserException)4
Project (org.bimserver.models.store.Project)3
Authorization (org.bimserver.webservices.authorization.Authorization)3
UserAuthorization (org.bimserver.webservices.authorization.UserAuthorization)3
ArrayList (java.util.ArrayList)2
Date (java.util.Date)2
HashMap (java.util.HashMap)1
HashSet (java.util.HashSet)1
InternetAddress (javax.mail.internet.InternetAddress)1
Authenticator (org.bimserver.Authenticator)1
BimserverDatabaseException (org.bimserver.BimserverDatabaseException)1
EmailMessage (org.bimserver.mail.EmailMessage)1
ServerSettings (org.bimserver.models.store.ServerSettings)1
ModelCheckException (org.bimserver.plugins.modelchecker.ModelCheckException)1
ChannelConnectionException (org.bimserver.shared.ChannelConnectionException)1
PublicInterfaceNotFoundException (org.bimserver.shared.exceptions.PublicInterfaceNotFoundException)1
ServerException (org.bimserver.shared.exceptions.ServerException)1
ExplicitRightsAuthorization (org.bimserver.webservices.authorization.ExplicitRightsAuthorization)1
