Search in sources :

Example 1 with UserAuthorization

use of org.bimserver.webservices.authorization.UserAuthorization in project BIMserver by opensourceBIM.

the class NewRevisionNotification method sendEmail.

private void sendEmail(DatabaseSession session, Project project, Revision revision) throws UserException {
    Set<User> users = getUsers(session, project);
    for (User user : users) {
        String body = null;
        try {
            if (MailSystem.isValidEmailAddress(user.getUsername())) {
                EmailMessage message = getBimServer().getMailSystem().createMessage();
                ServerSettings serverSettings = getBimServer().getServerSettingsCache().getServerSettings();
                String emailSenderAddress = serverSettings.getEmailSenderAddress();
                InternetAddress addressFrom = new InternetAddress(emailSenderAddress);
                message.setFrom(addressFrom);
                InternetAddress[] addressTo = new InternetAddress[1];
                addressTo[0] = new InternetAddress(user.getUsername());
                message.setRecipients(Message.RecipientType.TO, addressTo);
                Map<String, Object> context = new HashMap<String, Object>();
                context.put("name", user.getName());
                context.put("username", user.getUsername());
                context.put("siteaddress", serverSettings.getSiteAddress());
                context.put("revisionId", revision.getId());
                Authorization authorization = null;
                if (user.getUserType() == UserType.ADMIN) {
                    authorization = new AdminAuthorization(getBimServer().getServerSettingsCache().getServerSettings().getSessionTimeOutSeconds(), TimeUnit.SECONDS);
                } else {
                    authorization = new UserAuthorization(getBimServer().getServerSettingsCache().getServerSettings().getSessionTimeOutSeconds(), TimeUnit.SECONDS);
                }
                authorization.setUoid(user.getOid());
                String asHexToken = authorization.asHexToken(getBimServer().getEncryptionKey());
                context.put("token", asHexToken);
                context.put("roid", revision.getOid());
                context.put("comment", revision.getComment());
                context.put("projectName", project.getName());
                String subject = null;
                body = getBimServer().getTemplateEngine().process(context, TemplateIdentifier.NEW_REVISION_EMAIL_BODY);
                subject = getBimServer().getTemplateEngine().process(context, TemplateIdentifier.NEW_REVISION_EMAIL_SUBJECT);
                message.setContent(body, "text/html");
                message.setSubject(subject.trim());
                LOGGER.info("Sending new revision e-mail to " + user.getUsername());
                message.send();
            }
        } catch (Exception e) {
            LOGGER.error(body);
            LOGGER.error("", e);
            throw new UserException(e);
        }
    }
}
Also used : EmailMessage(org.bimserver.mail.EmailMessage) InternetAddress(javax.mail.internet.InternetAddress) User(org.bimserver.models.store.User) HashMap(java.util.HashMap) UserAuthorization(org.bimserver.webservices.authorization.UserAuthorization) ModelCheckException(org.bimserver.plugins.modelchecker.ModelCheckException) UserException(org.bimserver.shared.exceptions.UserException) ChannelConnectionException(org.bimserver.shared.ChannelConnectionException) PublicInterfaceNotFoundException(org.bimserver.shared.exceptions.PublicInterfaceNotFoundException) ServerException(org.bimserver.shared.exceptions.ServerException) BimserverDatabaseException(org.bimserver.BimserverDatabaseException) ExplicitRightsAuthorization(org.bimserver.webservices.authorization.ExplicitRightsAuthorization) AdminAuthorization(org.bimserver.webservices.authorization.AdminAuthorization) UserAuthorization(org.bimserver.webservices.authorization.UserAuthorization) Authorization(org.bimserver.webservices.authorization.Authorization) ServerSettings(org.bimserver.models.store.ServerSettings) UserException(org.bimserver.shared.exceptions.UserException) AdminAuthorization(org.bimserver.webservices.authorization.AdminAuthorization)

Example 2 with UserAuthorization

use of org.bimserver.webservices.authorization.UserAuthorization in project BIMserver by opensourceBIM.

the class LoginUserTokenDatabaseAction method execute.

@Override
public String execute() throws UserException, BimserverLockConflictException, BimserverDatabaseException, ServerException {
    BimDatabaseAction<User> action = new GetUserByUserTokenDatabaseAction(getDatabaseSession(), getAccessMethod(), userToken);
    User user = action.execute();
    if (user != null) {
        if (user.getState() == ObjectState.DELETED) {
            throw new UserException("User account has been deleted");
        } else if (user.getUserType() == UserType.SYSTEM) {
            throw new UserException("System user cannot login");
        }
        Authorization authorization = null;
        if (user.getUserType() == UserType.ADMIN) {
            authorization = new AdminAuthorization(bimServer.getServerSettingsCache().getServerSettings().getSessionTimeOutSeconds(), TimeUnit.SECONDS);
        } else {
            authorization = new UserAuthorization(bimServer.getServerSettingsCache().getServerSettings().getSessionTimeOutSeconds(), TimeUnit.SECONDS);
        }
        authorization.setUoid(user.getOid());
        String asHexToken = authorization.asHexToken(bimServer.getEncryptionKey());
        serviceMap.setAuthorization(authorization);
        if (bimServer.getServerSettingsCache().getServerSettings().isStoreLastLogin()) {
            user.setLastSeen(new Date());
            getDatabaseSession().store(user);
        }
        return asHexToken;
    }
    try {
        // Adding a random sleep to prevent timing attacks
        Thread.sleep(DEFAULT_LOGIN_ERROR_TIMEOUT + new java.security.SecureRandom().nextInt(1000));
    } catch (InterruptedException e) {
        LOGGER.error("", e);
    }
    throw new UserException("Invalid token");
}
Also used : UserAuthorization(org.bimserver.webservices.authorization.UserAuthorization) AdminAuthorization(org.bimserver.webservices.authorization.AdminAuthorization) Authorization(org.bimserver.webservices.authorization.Authorization) User(org.bimserver.models.store.User) UserAuthorization(org.bimserver.webservices.authorization.UserAuthorization) UserException(org.bimserver.shared.exceptions.UserException) AdminAuthorization(org.bimserver.webservices.authorization.AdminAuthorization) Date(java.util.Date)

Example 3 with UserAuthorization

use of org.bimserver.webservices.authorization.UserAuthorization in project BIMserver by opensourceBIM.

the class LoginDatabaseAction method execute.

@Override
public String execute() throws UserException, BimserverLockConflictException, BimserverDatabaseException, ServerException {
    BimDatabaseAction<User> action = new GetUserByUserNameDatabaseAction(getDatabaseSession(), getAccessMethod(), username);
    User user = action.execute();
    if (user != null) {
        if (user.getPasswordHash() == null || user.getPasswordHash().length == 0) {
            throw new UserException("Your email address has not been validated yet");
        }
        if (new Authenticator().validate(password, user.getPasswordHash(), user.getPasswordSalt())) {
            if (user.getState() == ObjectState.DELETED) {
                throw new UserException("User account has been deleted");
            } else if (user.getUserType() == UserType.SYSTEM) {
                throw new UserException("System user cannot login");
            }
            Authorization authorization = null;
            if (user.getUserType() == UserType.ADMIN) {
                authorization = new AdminAuthorization(bimServer.getServerSettingsCache().getServerSettings().getSessionTimeOutSeconds(), TimeUnit.SECONDS);
            } else {
                authorization = new UserAuthorization(bimServer.getServerSettingsCache().getServerSettings().getSessionTimeOutSeconds(), TimeUnit.SECONDS);
            }
            authorization.setUoid(user.getOid());
            String asHexToken = authorization.asHexToken(bimServer.getEncryptionKey());
            serviceMap.setAuthorization(authorization);
            if (bimServer.getServerSettingsCache().getServerSettings().isStoreLastLogin()) {
                user.setLastSeen(new Date());
                getDatabaseSession().store(user);
            }
            return asHexToken;
        }
    }
    try {
        // Adding a random sleep to prevent timing attacks
        Thread.sleep(DEFAULT_LOGIN_ERROR_TIMEOUT + new java.security.SecureRandom().nextInt(1000));
    } catch (InterruptedException e) {
        LOGGER.error("", e);
    }
    throw new UserException("Invalid username/password combination");
}
Also used : User(org.bimserver.models.store.User) UserAuthorization(org.bimserver.webservices.authorization.UserAuthorization) Date(java.util.Date) UserAuthorization(org.bimserver.webservices.authorization.UserAuthorization) AdminAuthorization(org.bimserver.webservices.authorization.AdminAuthorization) Authorization(org.bimserver.webservices.authorization.Authorization) UserException(org.bimserver.shared.exceptions.UserException) Authenticator(org.bimserver.Authenticator) AdminAuthorization(org.bimserver.webservices.authorization.AdminAuthorization)

Aggregations

User (org.bimserver.models.store.User)3 UserException (org.bimserver.shared.exceptions.UserException)3 AdminAuthorization (org.bimserver.webservices.authorization.AdminAuthorization)3 Authorization (org.bimserver.webservices.authorization.Authorization)3 UserAuthorization (org.bimserver.webservices.authorization.UserAuthorization)3 Date (java.util.Date)2 HashMap (java.util.HashMap)1 InternetAddress (javax.mail.internet.InternetAddress)1 Authenticator (org.bimserver.Authenticator)1 BimserverDatabaseException (org.bimserver.BimserverDatabaseException)1 EmailMessage (org.bimserver.mail.EmailMessage)1 ServerSettings (org.bimserver.models.store.ServerSettings)1 ModelCheckException (org.bimserver.plugins.modelchecker.ModelCheckException)1 ChannelConnectionException (org.bimserver.shared.ChannelConnectionException)1 PublicInterfaceNotFoundException (org.bimserver.shared.exceptions.PublicInterfaceNotFoundException)1 ServerException (org.bimserver.shared.exceptions.ServerException)1 ExplicitRightsAuthorization (org.bimserver.webservices.authorization.ExplicitRightsAuthorization)1