Examples with UserExternallyManagedException org.craftercms.studio.api.v1.exception.security.UserExternallyManagedException used on opensource projects

Example 1 with UserExternallyManagedException

use of org.craftercms.studio.api.v1.exception.security.UserExternallyManagedException in project studio by craftercms.

the class UserServiceImpl method validateToken.

@Override
public boolean validateToken(String token) throws UserNotFoundException, UserExternallyManagedException, ServiceLayerException {
    boolean toRet = false;
    String decryptedToken = decryptToken(token);
    if (StringUtils.isNotEmpty(decryptedToken)) {
        StringTokenizer tokenElements = new StringTokenizer(decryptedToken, "|");
        if (tokenElements.countTokens() == 3) {
            String username = tokenElements.nextToken();
            User userProfile = userServiceInternal.getUserByIdOrUsername(-1, username);
            if (userProfile == null) {
                logger.info("User profile not found for " + username);
                throw new UserNotFoundException();
            } else {
                if (userProfile.isExternallyManaged()) {
                    throw new UserExternallyManagedException();
                } else {
                    String studioId = tokenElements.nextToken();
                    if (StringUtils.equals(studioId, instanceService.getInstanceId())) {
                        long tokenTimestamp = Long.parseLong(tokenElements.nextToken());
                        ZonedDateTime now = ZonedDateTime.now();
                        toRet = tokenTimestamp >= now.toInstant().toEpochMilli();
                    }
                }
            }
        }
    }
    return toRet;
}

Example 2 with UserExternallyManagedException

use of org.craftercms.studio.api.v1.exception.security.UserExternallyManagedException in project studio by craftercms.

the class UserServiceImpl method forgotPassword.

@Override
public boolean forgotPassword(String username) throws ServiceLayerException, UserNotFoundException, UserExternallyManagedException {
    logger.debug("Getting user profile for " + username);
    User user = userServiceInternal.getUserByIdOrUsername(-1, username);
    boolean success = false;
    if (user == null) {
        logger.info("User profile not found for " + username);
        throw new UserNotFoundException();
    } else {
        if (user.isExternallyManaged()) {
            throw new UserExternallyManagedException();
        } else {
            if (user.getEmail() != null) {
                String email = user.getEmail();
                logger.debug("Creating security token for forgot password");
                ZonedDateTime now = ZonedDateTime.now();
                ZonedDateTime ttl = now.plusMinutes(Long.parseLong(studioConfiguration.getProperty(SECURITY_FORGOT_PASSWORD_TOKEN_TIMEOUT)));
                long timestamp = ttl.toInstant().toEpochMilli();
                String studioId = instanceService.getInstanceId();
                String token = username + "|" + studioId + "|" + timestamp;
                String hashedToken = encryptToken(token);
                logger.debug("Sending forgot password email to " + email);
                sendForgotPasswordEmail(email, hashedToken);
                success = true;
            } else {
                logger.info("User " + username + " does not have assigned email with account");
                throw new ServiceLayerException("User " + username + " does not have assigned email with account");
            }
        }
    }
    return success;
}

Example 3 with UserExternallyManagedException

use of org.craftercms.studio.api.v1.exception.security.UserExternallyManagedException in project studio by craftercms.

the class UserServiceInternalImpl method setUserPassword.

@RetryingOperation
@Override
public boolean setUserPassword(String username, String newPassword) throws UserNotFoundException, UserExternallyManagedException, ServiceLayerException {
    if (!userExists(-1, username)) {
        throw new UserNotFoundException();
    } else {
        if (verifyPasswordRequirements(newPassword)) {
            Map<String, Object> params = new HashMap<String, Object>();
            params.put(USER_ID, -1);
            params.put(USERNAME, username);
            try {
                User user = userDao.getUserByIdOrUsername(params);
                if (user.isExternallyManaged()) {
                    throw new UserExternallyManagedException();
                } else {
                    String hashedPassword = CryptoUtils.hashPassword(newPassword);
                    params = new HashMap<String, Object>();
                    params.put(USERNAME, username);
                    params.put(PASSWORD, hashedPassword);
                    userDao.setUserPassword(params);
                    return true;
                }
            } catch (Exception e) {
                throw new ServiceLayerException("Unknown database error", e);
            }
        } else {
            throw new PasswordRequirementsFailedException("User password does not fulfill requirements");
        }
    }
}

Example 4 with UserExternallyManagedException

use of org.craftercms.studio.api.v1.exception.security.UserExternallyManagedException in project studio by craftercms.

the class SecurityServiceImpl method validateToken.

@Override
@ValidateParams
public boolean validateToken(@ValidateStringParam(name = "token") String token) throws UserNotFoundException, UserExternallyManagedException, ServiceLayerException {
    boolean toRet = false;
    String decryptedToken = decryptToken(token);
    if (StringUtils.isNotEmpty(decryptedToken)) {
        StringTokenizer tokenElements = new StringTokenizer(decryptedToken, "|");
        if (tokenElements.countTokens() == 3) {
            String username = tokenElements.nextToken();
            User userProfile = userServiceInternal.getUserByIdOrUsername(-1, username);
            if (userProfile == null) {
                logger.info("User profile not found for " + username);
                throw new UserNotFoundException();
            } else {
                if (userProfile.isExternallyManaged()) {
                    throw new UserExternallyManagedException();
                } else {
                    long tokenTimestamp = Long.parseLong(tokenElements.nextToken());
                    if (tokenTimestamp < System.currentTimeMillis()) {
                        toRet = false;
                    } else {
                        toRet = true;
                    }
                }
            }
        }
    }
    return toRet;
}

Example 5 with UserExternallyManagedException

use of org.craftercms.studio.api.v1.exception.security.UserExternallyManagedException in project studio by craftercms.

the class UsersController method forgotPassword.

@GetMapping(FORGOT_PASSWORD)
public ResponseBody forgotPassword(@RequestParam(value = REQUEST_PARAM_USERNAME, required = true) String username) throws ServiceLayerException {
    try {
        userService.forgotPassword(username);
    } catch (UserExternallyManagedException | UserNotFoundException e) {
        logger.error("Error processing user's forgot password request", e);
    }
    ResponseBody responseBody = new ResponseBody();
    ResultOne<String> result = new ResultOne<String>();
    result.setEntity(RESULT_KEY_MESSAGE, "If the user exists, a password recovery email has been sent to them.");
    result.setResponse(OK);
    responseBody.setResult(result);
    return responseBody;
}