Example 1 with Authorization
use of org.bimserver.webservices.authorization.Authorization in project BIMserver by opensourceBIM.
the class PublicInterfaceFactory method get.
public synchronized ServiceMap get(String token, AccessMethod accessMethod) throws UserException {
try {
Authorization authorization = Authorization.fromToken(bimServer.getEncryptionKey(), token);
DatabaseSession session = bimServer.getDatabase().createSession();
try {
User user = session.get(authorization.getUoid(), OldQuery.getDefault());
if (user == null) {
throw new UserException("No user found with uoid " + authorization.getUoid());
}
if (user.getState() == ObjectState.DELETED) {
throw new UserException("User has been deleted");
}
} finally {
session.close();
}
return get(authorization, accessMethod);
} catch (Exception e) {
if (e instanceof UserException) {
throw (UserException) e;
} else {
throw new UserException(e);
}
}
}
Also used :
Authorization(org.bimserver.webservices.authorization.Authorization)
AnonymousAuthorization(org.bimserver.webservices.authorization.AnonymousAuthorization)
User(org.bimserver.models.store.User)
DatabaseSession(org.bimserver.database.DatabaseSession)
UserException(org.bimserver.shared.exceptions.UserException)
UserException(org.bimserver.shared.exceptions.UserException)
Example 2 with Authorization
use of org.bimserver.webservices.authorization.Authorization in project BIMserver by opensourceBIM.
the class AutologinDatabaseAction method execute.
@Override
public String execute() throws UserException, BimserverLockConflictException, BimserverDatabaseException {
try {
Authorization authorization = Authorization.fromToken(bimServer.getEncryptionKey(), token);
User user = getDatabaseSession().get(authorization.getUoid(), OldQuery.getDefault());
if (user.getState() == ObjectState.DELETED) {
throw new UserException("User account has been deleted");
} else if (user.getUserType() == UserType.SYSTEM) {
throw new UserException("System user cannot login");
}
if (bimServer.getServerSettingsCache().getServerSettings().isStoreLastLogin()) {
user.setLastSeen(new Date());
getDatabaseSession().store(user);
}
authorization.setUoid(user.getOid());
String asHexToken = authorization.asHexToken(bimServer.getEncryptionKey());
serviceMap.setAuthorization(authorization);
return asHexToken;
} catch (AuthenticationException e) {
LOGGER.error("", e);
}
try {
// Adding a random sleep to prevent timing attacks
Thread.sleep(LoginDatabaseAction.DEFAULT_LOGIN_ERROR_TIMEOUT + new java.security.SecureRandom().nextInt(1000));
} catch (InterruptedException e) {
LOGGER.error("", e);
}
throw new UserException("User not found or inccorrect autologin token");
}
Also used :
Authorization(org.bimserver.webservices.authorization.Authorization)
User(org.bimserver.models.store.User)
AuthenticationException(org.bimserver.webservices.authorization.AuthenticationException)
UserException(org.bimserver.shared.exceptions.UserException)
Date(java.util.Date)
Example 3 with Authorization
use of org.bimserver.webservices.authorization.Authorization in project BIMserver by opensourceBIM.
the class NewRevisionNotification method sendEmail.
private void sendEmail(DatabaseSession session, Project project, Revision revision) throws UserException {
Set<User> users = getUsers(session, project);
for (User user : users) {
String body = null;
try {
if (MailSystem.isValidEmailAddress(user.getUsername())) {
EmailMessage message = getBimServer().getMailSystem().createMessage();
ServerSettings serverSettings = getBimServer().getServerSettingsCache().getServerSettings();
String emailSenderAddress = serverSettings.getEmailSenderAddress();
InternetAddress addressFrom = new InternetAddress(emailSenderAddress);
message.setFrom(addressFrom);
InternetAddress[] addressTo = new InternetAddress[1];
addressTo[0] = new InternetAddress(user.getUsername());
message.setRecipients(Message.RecipientType.TO, addressTo);
Map<String, Object> context = new HashMap<String, Object>();
context.put("name", user.getName());
context.put("username", user.getUsername());
context.put("siteaddress", serverSettings.getSiteAddress());
context.put("revisionId", revision.getId());
Authorization authorization = null;
if (user.getUserType() == UserType.ADMIN) {
authorization = new AdminAuthorization(getBimServer().getServerSettingsCache().getServerSettings().getSessionTimeOutSeconds(), TimeUnit.SECONDS);
} else {
authorization = new UserAuthorization(getBimServer().getServerSettingsCache().getServerSettings().getSessionTimeOutSeconds(), TimeUnit.SECONDS);
}
authorization.setUoid(user.getOid());
String asHexToken = authorization.asHexToken(getBimServer().getEncryptionKey());
context.put("token", asHexToken);
context.put("roid", revision.getOid());
context.put("comment", revision.getComment());
context.put("projectName", project.getName());
String subject = null;
body = getBimServer().getTemplateEngine().process(context, TemplateIdentifier.NEW_REVISION_EMAIL_BODY);
subject = getBimServer().getTemplateEngine().process(context, TemplateIdentifier.NEW_REVISION_EMAIL_SUBJECT);
message.setContent(body, "text/html");
message.setSubject(subject.trim());
LOGGER.info("Sending new revision e-mail to " + user.getUsername());
message.send();
}
} catch (Exception e) {
LOGGER.error(body);
LOGGER.error("", e);
throw new UserException(e);
}
}
}
Also used :
EmailMessage(org.bimserver.mail.EmailMessage)
InternetAddress(javax.mail.internet.InternetAddress)
User(org.bimserver.models.store.User)
HashMap(java.util.HashMap)
UserAuthorization(org.bimserver.webservices.authorization.UserAuthorization)
ModelCheckException(org.bimserver.plugins.modelchecker.ModelCheckException)
UserException(org.bimserver.shared.exceptions.UserException)
ChannelConnectionException(org.bimserver.shared.ChannelConnectionException)
PublicInterfaceNotFoundException(org.bimserver.shared.exceptions.PublicInterfaceNotFoundException)
ServerException(org.bimserver.shared.exceptions.ServerException)
BimserverDatabaseException(org.bimserver.BimserverDatabaseException)
ExplicitRightsAuthorization(org.bimserver.webservices.authorization.ExplicitRightsAuthorization)
AdminAuthorization(org.bimserver.webservices.authorization.AdminAuthorization)
UserAuthorization(org.bimserver.webservices.authorization.UserAuthorization)
Authorization(org.bimserver.webservices.authorization.Authorization)
ServerSettings(org.bimserver.models.store.ServerSettings)
UserException(org.bimserver.shared.exceptions.UserException)
AdminAuthorization(org.bimserver.webservices.authorization.AdminAuthorization)
Example 4 with Authorization
use of org.bimserver.webservices.authorization.Authorization in project BIMserver by opensourceBIM.
the class LoginUserTokenDatabaseAction method execute.
@Override
public String execute() throws UserException, BimserverLockConflictException, BimserverDatabaseException, ServerException {
BimDatabaseAction<User> action = new GetUserByUserTokenDatabaseAction(getDatabaseSession(), getAccessMethod(), userToken);
User user = action.execute();
if (user != null) {
if (user.getState() == ObjectState.DELETED) {
throw new UserException("User account has been deleted");
} else if (user.getUserType() == UserType.SYSTEM) {
throw new UserException("System user cannot login");
}
Authorization authorization = null;
if (user.getUserType() == UserType.ADMIN) {
authorization = new AdminAuthorization(bimServer.getServerSettingsCache().getServerSettings().getSessionTimeOutSeconds(), TimeUnit.SECONDS);
} else {
authorization = new UserAuthorization(bimServer.getServerSettingsCache().getServerSettings().getSessionTimeOutSeconds(), TimeUnit.SECONDS);
}
authorization.setUoid(user.getOid());
String asHexToken = authorization.asHexToken(bimServer.getEncryptionKey());
serviceMap.setAuthorization(authorization);
if (bimServer.getServerSettingsCache().getServerSettings().isStoreLastLogin()) {
user.setLastSeen(new Date());
getDatabaseSession().store(user);
}
return asHexToken;
}
try {
// Adding a random sleep to prevent timing attacks
Thread.sleep(DEFAULT_LOGIN_ERROR_TIMEOUT + new java.security.SecureRandom().nextInt(1000));
} catch (InterruptedException e) {
LOGGER.error("", e);
}
throw new UserException("Invalid token");
}
Also used :
UserAuthorization(org.bimserver.webservices.authorization.UserAuthorization)
AdminAuthorization(org.bimserver.webservices.authorization.AdminAuthorization)
Authorization(org.bimserver.webservices.authorization.Authorization)
User(org.bimserver.models.store.User)
UserAuthorization(org.bimserver.webservices.authorization.UserAuthorization)
UserException(org.bimserver.shared.exceptions.UserException)
AdminAuthorization(org.bimserver.webservices.authorization.AdminAuthorization)
Date(java.util.Date)
Example 5 with Authorization
use of org.bimserver.webservices.authorization.Authorization in project BIMserver by opensourceBIM.
the class LoginDatabaseAction method execute.
@Override
public String execute() throws UserException, BimserverLockConflictException, BimserverDatabaseException, ServerException {
BimDatabaseAction<User> action = new GetUserByUserNameDatabaseAction(getDatabaseSession(), getAccessMethod(), username);
User user = action.execute();
if (user != null) {
if (user.getPasswordHash() == null || user.getPasswordHash().length == 0) {
throw new UserException("Your email address has not been validated yet");
}
if (new Authenticator().validate(password, user.getPasswordHash(), user.getPasswordSalt())) {
if (user.getState() == ObjectState.DELETED) {
throw new UserException("User account has been deleted");
} else if (user.getUserType() == UserType.SYSTEM) {
throw new UserException("System user cannot login");
}
Authorization authorization = null;
if (user.getUserType() == UserType.ADMIN) {
authorization = new AdminAuthorization(bimServer.getServerSettingsCache().getServerSettings().getSessionTimeOutSeconds(), TimeUnit.SECONDS);
} else {
authorization = new UserAuthorization(bimServer.getServerSettingsCache().getServerSettings().getSessionTimeOutSeconds(), TimeUnit.SECONDS);
}
authorization.setUoid(user.getOid());
String asHexToken = authorization.asHexToken(bimServer.getEncryptionKey());
serviceMap.setAuthorization(authorization);
if (bimServer.getServerSettingsCache().getServerSettings().isStoreLastLogin()) {
user.setLastSeen(new Date());
getDatabaseSession().store(user);
}
return asHexToken;
}
}
try {
// Adding a random sleep to prevent timing attacks
Thread.sleep(DEFAULT_LOGIN_ERROR_TIMEOUT + new java.security.SecureRandom().nextInt(1000));
} catch (InterruptedException e) {
LOGGER.error("", e);
}
throw new UserException("Invalid username/password combination");
}
Also used :
User(org.bimserver.models.store.User)
UserAuthorization(org.bimserver.webservices.authorization.UserAuthorization)
Date(java.util.Date)
UserAuthorization(org.bimserver.webservices.authorization.UserAuthorization)
AdminAuthorization(org.bimserver.webservices.authorization.AdminAuthorization)
Authorization(org.bimserver.webservices.authorization.Authorization)
UserException(org.bimserver.shared.exceptions.UserException)
Authenticator(org.bimserver.Authenticator)
AdminAuthorization(org.bimserver.webservices.authorization.AdminAuthorization)
Aggregations
User (org.bimserver.models.store.User)6
UserException (org.bimserver.shared.exceptions.UserException)6
Authorization (org.bimserver.webservices.authorization.Authorization)6
Date (java.util.Date)3
AdminAuthorization (org.bimserver.webservices.authorization.AdminAuthorization)3
BimserverDatabaseException (org.bimserver.BimserverDatabaseException)2
DatabaseSession (org.bimserver.database.DatabaseSession)2
ServerException (org.bimserver.shared.exceptions.ServerException)2
AuthenticationException (org.bimserver.webservices.authorization.AuthenticationException)2
UserAuthorization (org.bimserver.webservices.authorization.UserAuthorization)2
ByteArrayInputStream (java.io.ByteArrayInputStream)1
HashMap (java.util.HashMap)1
Random (java.util.Random)1
DataHandler (javax.activation.DataHandler)1
InternetAddress (javax.mail.internet.InternetAddress)1
ServletException (javax.servlet.ServletException)1
Authenticator (org.bimserver.Authenticator)1
BimBotsException (org.bimserver.bimbots.BimBotsException)1
BimBotsOutput (org.bimserver.bimbots.BimBotsOutput)1
BimBotsServiceInterface (org.bimserver.bimbots.BimBotsServiceInterface)1
