Search in sources :

Example 46 with SiteFeed

use of org.craftercms.studio.api.v1.dal.SiteFeed in project studio by craftercms.

the class AuthenticationChainImpl method doAuthenticate.

@Override
public boolean doAuthenticate(HttpServletRequest request, HttpServletResponse response, String username, String password) throws Exception {
    boolean authenticated = false;
    Iterator<AuthenticationProvider> iterator = authenticationChain.iterator();
    Exception lastError = null;
    while (iterator.hasNext()) {
        AuthenticationProvider authProvider = iterator.next();
        if (authProvider.isEnabled()) {
            try {
                authenticated = authProvider.doAuthenticate(request, response, this, username, password);
            } catch (Exception e) {
                lastError = e;
            }
            if (authenticated)
                break;
        }
    }
    String ipAddress = request.getRemoteAddr();
    SiteFeed siteFeed = siteService.getSite(studioConfiguration.getProperty(CONFIGURATION_GLOBAL_SYSTEM_SITE));
    if (authenticated) {
        AuditLog auditLog = auditServiceInternal.createAuditLogEntry();
        auditLog.setOperation(OPERATION_LOGIN);
        auditLog.setActorId(username);
        auditLog.setSiteId(siteFeed.getId());
        auditLog.setPrimaryTargetId(username);
        auditLog.setPrimaryTargetType(TARGET_TYPE_USER);
        auditLog.setPrimaryTargetValue(username);
        auditServiceInternal.insertAuditLog(auditLog);
        logger.info("User " + username + " logged in from IP: " + ipAddress);
    } else {
        AuditLog auditLog = auditServiceInternal.createAuditLogEntry();
        auditLog.setOperation(OPERATION_LOGIN_FAILED);
        auditLog.setActorId(username);
        auditLog.setSiteId(siteFeed.getId());
        auditLog.setPrimaryTargetId(StringUtils.isEmpty(username) ? StringUtils.EMPTY : username);
        auditLog.setPrimaryTargetType(TARGET_TYPE_USER);
        auditLog.setPrimaryTargetValue(username);
        auditServiceInternal.insertAuditLog(auditLog);
        logger.info("Failed to authenticate user " + username + " logging in from IP: " + ipAddress);
        if (lastError == null) {
            lastError = new AuthenticationSystemException("Unknown service error");
        }
        throw lastError;
    }
    return authenticated;
}
Also used : SiteFeed(org.craftercms.studio.api.v1.dal.SiteFeed) AuthenticationSystemException(org.craftercms.studio.api.v1.exception.security.AuthenticationSystemException) AuthenticationProvider(org.craftercms.studio.api.v2.service.security.AuthenticationProvider) AuthenticationSystemException(org.craftercms.studio.api.v1.exception.security.AuthenticationSystemException) AuditLog(org.craftercms.studio.api.v2.dal.AuditLog)

Example 47 with SiteFeed

use of org.craftercms.studio.api.v1.dal.SiteFeed in project studio by craftercms.

the class GroupServiceImpl method addGroupMembers.

@Override
@HasPermission(type = DefaultPermission.class, action = "update_groups")
public List<User> addGroupMembers(long groupId, List<Long> userIds, List<String> usernames) throws ServiceLayerException, UserNotFoundException, GroupNotFoundException, AuthenticationException {
    List<User> users = groupServiceInternal.addGroupMembers(groupId, userIds, usernames);
    Group group = groupServiceInternal.getGroup(groupId);
    SiteFeed siteFeed = siteService.getSite(studioConfiguration.getProperty(CONFIGURATION_GLOBAL_SYSTEM_SITE));
    AuditLog auditLog = auditServiceInternal.createAuditLogEntry();
    List<AuditLogParameter> parameters = new ArrayList<AuditLogParameter>();
    for (User user : users) {
        AuditLogParameter parameter = new AuditLogParameter();
        parameter.setTargetId(Long.toString(user.getId()));
        parameter.setTargetType(TARGET_TYPE_USER);
        parameter.setTargetValue(user.getUsername());
        parameters.add(parameter);
    }
    auditLog.setParameters(parameters);
    auditLog.setOperation(OPERATION_ADD_MEMBERS);
    auditLog.setSiteId(siteFeed.getId());
    auditLog.setActorId(userService.getCurrentUser().getUsername());
    auditLog.setPrimaryTargetId(Long.toString(groupId));
    auditLog.setPrimaryTargetType(TARGET_TYPE_GROUP);
    auditLog.setPrimaryTargetValue(group.getGroupName());
    auditServiceInternal.insertAuditLog(auditLog);
    return users;
}
Also used : Group(org.craftercms.studio.api.v2.dal.Group) User(org.craftercms.studio.api.v2.dal.User) SiteFeed(org.craftercms.studio.api.v1.dal.SiteFeed) ArrayList(java.util.ArrayList) AuditLogParameter(org.craftercms.studio.api.v2.dal.AuditLogParameter) AuditLog(org.craftercms.studio.api.v2.dal.AuditLog) HasPermission(org.craftercms.commons.security.permissions.annotations.HasPermission)

Example 48 with SiteFeed

use of org.craftercms.studio.api.v1.dal.SiteFeed in project studio by craftercms.

the class GroupServiceImpl method deleteGroup.

@Override
@HasPermission(type = DefaultPermission.class, action = "delete_groups")
public void deleteGroup(List<Long> groupIds) throws ServiceLayerException, GroupNotFoundException, AuthenticationException {
    Group sysAdminGroup;
    try {
        sysAdminGroup = groupServiceInternal.getGroupByName(SYSTEM_ADMIN_GROUP);
    } catch (GroupNotFoundException e) {
        throw new ServiceLayerException("The System Admin group is not found", e);
    }
    if (CollectionUtils.isNotEmpty(groupIds)) {
        if (groupIds.contains(sysAdminGroup.getId())) {
            throw new ServiceLayerException("Deleting the System Admin group is not allowed.");
        }
    }
    List<Group> groups = groupServiceInternal.getGroups(groupIds);
    groupServiceInternal.deleteGroup(groupIds);
    SiteFeed siteFeed = siteService.getSite(studioConfiguration.getProperty(CONFIGURATION_GLOBAL_SYSTEM_SITE));
    AuditLog auditLog = auditServiceInternal.createAuditLogEntry();
    auditLog.setOperation(OPERATION_DELETE);
    auditLog.setActorId(userService.getCurrentUser().getUsername());
    auditLog.setSiteId(siteFeed.getId());
    auditLog.setPrimaryTargetId(studioConfiguration.getProperty(CONFIGURATION_GLOBAL_SYSTEM_SITE));
    auditLog.setPrimaryTargetType(TARGET_TYPE_GROUP);
    auditLog.setPrimaryTargetValue(studioConfiguration.getProperty(CONFIGURATION_GLOBAL_SYSTEM_SITE));
    List<AuditLogParameter> paramters = new ArrayList<AuditLogParameter>();
    for (Group g : groups) {
        AuditLogParameter paramter = new AuditLogParameter();
        paramter.setTargetId(Long.toString(g.getId()));
        paramter.setTargetType(TARGET_TYPE_GROUP);
        paramter.setTargetValue(g.getGroupName());
        paramters.add(paramter);
    }
    auditLog.setParameters(paramters);
    auditServiceInternal.insertAuditLog(auditLog);
}
Also used : Group(org.craftercms.studio.api.v2.dal.Group) SiteFeed(org.craftercms.studio.api.v1.dal.SiteFeed) ArrayList(java.util.ArrayList) ServiceLayerException(org.craftercms.studio.api.v1.exception.ServiceLayerException) GroupNotFoundException(org.craftercms.studio.api.v1.exception.security.GroupNotFoundException) AuditLogParameter(org.craftercms.studio.api.v2.dal.AuditLogParameter) AuditLog(org.craftercms.studio.api.v2.dal.AuditLog) HasPermission(org.craftercms.commons.security.permissions.annotations.HasPermission)

Example 49 with SiteFeed

use of org.craftercms.studio.api.v1.dal.SiteFeed in project studio by craftercms.

the class GroupServiceImpl method createGroup.

@Override
@HasPermission(type = DefaultPermission.class, action = "create_groups")
public Group createGroup(long orgId, String groupName, String groupDescription) throws GroupAlreadyExistsException, ServiceLayerException, AuthenticationException {
    Group toRet = groupServiceInternal.createGroup(orgId, groupName, groupDescription);
    SiteFeed siteFeed = siteService.getSite(studioConfiguration.getProperty(CONFIGURATION_GLOBAL_SYSTEM_SITE));
    AuditLog auditLog = auditServiceInternal.createAuditLogEntry();
    auditLog.setOperation(OPERATION_CREATE);
    auditLog.setSiteId(siteFeed.getId());
    auditLog.setActorId(userService.getCurrentUser().getUsername());
    auditLog.setPrimaryTargetId(groupName);
    auditLog.setPrimaryTargetType(TARGET_TYPE_GROUP);
    auditLog.setPrimaryTargetValue(groupName);
    auditServiceInternal.insertAuditLog(auditLog);
    return toRet;
}
Also used : Group(org.craftercms.studio.api.v2.dal.Group) SiteFeed(org.craftercms.studio.api.v1.dal.SiteFeed) AuditLog(org.craftercms.studio.api.v2.dal.AuditLog) HasPermission(org.craftercms.commons.security.permissions.annotations.HasPermission)

Example 50 with SiteFeed

use of org.craftercms.studio.api.v1.dal.SiteFeed in project studio by craftercms.

the class HeadersAuthenticationProvider method doAuthenticate.

@Override
public boolean doAuthenticate(HttpServletRequest request, HttpServletResponse response, AuthenticationChain authenticationChain, String username, String password) throws AuthenticationSystemException, UserNotFoundException {
    if (isEnabled()) {
        logger.debug("Authenticating user using authentication headers.");
        RequestContext requestContext = RequestContext.getCurrent();
        if (requestContext != null) {
            String securekeyHeader = request.getHeader(secureKeyHeader);
            logger.debug("Verifying authentication header secure key.");
            if (StringUtils.equals(securekeyHeader, secureKeyHeaderValue)) {
                String usernameHeaderValue = request.getHeader(usernameHeader);
                String firstName = request.getHeader(firstNameHeader);
                String lastName = request.getHeader(lastNameHeader);
                String email = request.getHeader(emailHeader);
                String groups = request.getHeader(groupsHeader);
                try {
                    UserServiceInternal userServiceInternal = authenticationChain.getUserServiceInternal();
                    AuditServiceInternal auditServiceInternal = authenticationChain.getAuditServiceInternal();
                    StudioConfiguration studioConfiguration = authenticationChain.getStudioConfiguration();
                    SiteService siteService = authenticationChain.getSiteService();
                    SiteFeed siteFeed = siteService.getSite(studioConfiguration.getProperty(CONFIGURATION_GLOBAL_SYSTEM_SITE));
                    if (userServiceInternal.userExists(-1, usernameHeaderValue)) {
                        User user = userServiceInternal.getUserByIdOrUsername(-1, usernameHeaderValue);
                        user.setFirstName(firstName);
                        user.setLastName(lastName);
                        user.setEmail(email);
                        if (StringUtils.isNoneEmpty(firstName, lastName, email)) {
                            logger.debug("If user already exists in studio DB, update details.");
                            try {
                                userServiceInternal.updateUser(user);
                                AuditLog auditLog = auditServiceInternal.createAuditLogEntry();
                                auditLog.setOperation(OPERATION_UPDATE);
                                auditLog.setActorId(usernameHeaderValue);
                                auditLog.setSiteId(siteFeed.getId());
                                auditLog.setPrimaryTargetId(usernameHeaderValue);
                                auditLog.setPrimaryTargetType(TARGET_TYPE_USER);
                                auditLog.setPrimaryTargetValue(user.getUsername());
                                auditServiceInternal.insertAuditLog(auditLog);
                            } catch (Exception e) {
                                logger.debug("Error updating user " + usernameHeaderValue + " with data from authentication headers", e);
                                throw new AuthenticationSystemException("Error updating user " + usernameHeaderValue + " with data from " + "external authentication provider", e);
                            }
                        }
                    } else {
                        logger.debug("User does not exist in studio db. Adding user " + usernameHeader);
                        try {
                            User user = new User();
                            user.setUsername(usernameHeaderValue);
                            user.setPassword(UUID.randomUUID().toString());
                            user.setFirstName(firstName);
                            user.setLastName(lastName);
                            user.setEmail(email);
                            user.setExternallyManaged(true);
                            user.setEnabled(true);
                            userServiceInternal.createUser(user);
                            AuditLog auditLog = auditServiceInternal.createAuditLogEntry();
                            auditLog.setOperation(OPERATION_CREATE);
                            auditLog.setSiteId(siteFeed.getId());
                            auditLog.setActorId(usernameHeaderValue);
                            auditLog.setPrimaryTargetId(usernameHeaderValue);
                            auditLog.setPrimaryTargetType(TARGET_TYPE_USER);
                            auditLog.setPrimaryTargetValue(user.getUsername());
                            auditServiceInternal.insertAuditLog(auditLog);
                        } catch (UserAlreadyExistsException | ServiceLayerException e) {
                            logger.debug("Error adding user " + usernameHeaderValue + " from authentication " + "headers", e);
                            throw new AuthenticationSystemException("Error adding user " + usernameHeaderValue + " from external " + "authentication provider", e);
                        }
                    }
                } catch (ServiceLayerException e) {
                    logger.debug("Unknown service error", e);
                    throw new AuthenticationSystemException("Unknown service error", e);
                }
                User user = new User();
                user.setUsername(usernameHeaderValue);
                user.setFirstName(firstName);
                user.setLastName(lastName);
                user.setEmail(email);
                user.setGroups(new ArrayList<UserGroup>());
                logger.debug("Update user groups in database.");
                if (StringUtils.isNoneEmpty(groups)) {
                    String[] groupsArray = groups.split(",");
                    for (int i = 0; i < groupsArray.length; i++) {
                        Group g = new Group();
                        try {
                            g.setGroupName(StringUtils.trim(groupsArray[i]));
                            g.setGroupDescription("Externally managed group");
                            g.setOrganization(null);
                            UserGroup ug = new UserGroup();
                            ug.setGroup(g);
                            user.getGroups().add(ug);
                            upsertUserGroup(g.getGroupName(), usernameHeaderValue, authenticationChain);
                        } catch (Exception e) {
                            logger.debug("Error updating user group " + g.getGroupName() + " with data from authentication headers", e);
                        }
                    }
                }
                String token = createToken(user, authenticationChain);
                if (isLogoutEnabled()) {
                    storeAuthentication(new Authentication(usernameHeaderValue, token, AuthenticationType.AUTH_HEADERS, logoutUrl));
                } else {
                    storeAuthentication(new Authentication(usernameHeaderValue, token, AuthenticationType.AUTH_HEADERS));
                }
                return true;
            }
        }
        logger.debug("Unable to authenticate user using authentication headers");
        return false;
    } else {
        logger.debug("Authentication using headers disabled");
        return false;
    }
}
Also used : UserGroup(org.craftercms.studio.api.v2.dal.UserGroup) Group(org.craftercms.studio.api.v2.dal.Group) User(org.craftercms.studio.api.v2.dal.User) UserServiceInternal(org.craftercms.studio.api.v2.service.security.internal.UserServiceInternal) AuthenticationSystemException(org.craftercms.studio.api.v1.exception.security.AuthenticationSystemException) ServiceLayerException(org.craftercms.studio.api.v1.exception.ServiceLayerException) UserAlreadyExistsException(org.craftercms.studio.api.v1.exception.security.UserAlreadyExistsException) AuditLog(org.craftercms.studio.api.v2.dal.AuditLog) UserAlreadyExistsException(org.craftercms.studio.api.v1.exception.security.UserAlreadyExistsException) UserNotFoundException(org.craftercms.studio.api.v1.exception.security.UserNotFoundException) AuthenticationSystemException(org.craftercms.studio.api.v1.exception.security.AuthenticationSystemException) SiteNotFoundException(org.craftercms.studio.api.v1.exception.SiteNotFoundException) ServiceLayerException(org.craftercms.studio.api.v1.exception.ServiceLayerException) UserGroup(org.craftercms.studio.api.v2.dal.UserGroup) StudioConfiguration(org.craftercms.studio.api.v2.utils.StudioConfiguration) AuditServiceInternal(org.craftercms.studio.api.v2.service.audit.internal.AuditServiceInternal) SiteService(org.craftercms.studio.api.v1.service.site.SiteService) SiteFeed(org.craftercms.studio.api.v1.dal.SiteFeed) RequestContext(org.craftercms.commons.http.RequestContext)

Aggregations

SiteFeed (org.craftercms.studio.api.v1.dal.SiteFeed)58 AuditLog (org.craftercms.studio.api.v2.dal.AuditLog)39 ServiceLayerException (org.craftercms.studio.api.v1.exception.ServiceLayerException)21 SiteNotFoundException (org.craftercms.studio.api.v1.exception.SiteNotFoundException)18 ArrayList (java.util.ArrayList)16 HashMap (java.util.HashMap)15 AuditLogParameter (org.craftercms.studio.api.v2.dal.AuditLogParameter)12 Group (org.craftercms.studio.api.v2.dal.Group)12 HasPermission (org.craftercms.commons.security.permissions.annotations.HasPermission)11 UserNotFoundException (org.craftercms.studio.api.v1.exception.security.UserNotFoundException)11 User (org.craftercms.studio.api.v2.dal.User)10 IOException (java.io.IOException)9 ClusterMember (org.craftercms.studio.api.v2.dal.ClusterMember)9 CryptoException (org.craftercms.commons.crypto.CryptoException)8 ValidateParams (org.craftercms.commons.validation.annotations.param.ValidateParams)8 EntitlementException (org.craftercms.commons.entitlements.exception.EntitlementException)6 ZonedDateTime (java.time.ZonedDateTime)5 AuthenticationSystemException (org.craftercms.studio.api.v1.exception.security.AuthenticationSystemException)5 UserAlreadyExistsException (org.craftercms.studio.api.v1.exception.security.UserAlreadyExistsException)5 SiteService (org.craftercms.studio.api.v1.service.site.SiteService)5