Search in sources :

Example 1 with TARGET_TYPE_USER

use of org.craftercms.studio.api.v2.dal.AuditLogConstants.TARGET_TYPE_USER in project studio by craftercms.

the class UserServiceImpl method deleteUsers.

@Override
@HasPermission(type = DefaultPermission.class, action = "delete_users")
public void deleteUsers(List<Long> userIds, List<String> usernames) throws ServiceLayerException, AuthenticationException, UserNotFoundException {
    User currentUser = getCurrentUser();
    if (CollectionUtils.containsAny(userIds, Arrays.asList(currentUser.getId())) || CollectionUtils.containsAny(usernames, Arrays.asList(currentUser.getUsername()))) {
        throw new ServiceLayerException("Cannot delete self.");
    }
    generalLockService.lock(REMOVE_SYSTEM_ADMIN_MEMBER_LOCK);
    try {
        try {
            Group g = groupServiceInternal.getGroupByName(SYSTEM_ADMIN_GROUP);
            List<User> members = groupServiceInternal.getGroupMembers(g.getId(), 0, Integer.MAX_VALUE, StringUtils.EMPTY);
            if (CollectionUtils.isNotEmpty(members)) {
                List<User> membersAfterRemove = new ArrayList<User>();
                membersAfterRemove.addAll(members);
                members.forEach(m -> {
                    if (CollectionUtils.isNotEmpty(userIds)) {
                        if (userIds.contains(m.getId())) {
                            membersAfterRemove.remove(m);
                        }
                    }
                    if (CollectionUtils.isNotEmpty(usernames)) {
                        if (usernames.contains(m.getUsername())) {
                            membersAfterRemove.remove(m);
                        }
                    }
                });
                if (CollectionUtils.isEmpty(membersAfterRemove)) {
                    throw new ServiceLayerException("Removing all members of the System Admin group is not allowed." + " We must have at least one system administrator.");
                }
            }
        } catch (GroupNotFoundException e) {
            throw new ServiceLayerException("The System Admin group is not found.", e);
        }
        List<User> toDelete = userServiceInternal.getUsersByIdOrUsername(userIds, usernames);
        userServiceInternal.deleteUsers(userIds, usernames);
        SiteFeed siteFeed = siteService.getSite(studioConfiguration.getProperty(CONFIGURATION_GLOBAL_SYSTEM_SITE));
        AuditLog auditLog = auditServiceInternal.createAuditLogEntry();
        auditLog.setOperation(OPERATION_DELETE);
        auditLog.setActorId(getCurrentUser().getUsername());
        auditLog.setPrimaryTargetId(siteFeed.getSiteId());
        auditLog.setPrimaryTargetType(TARGET_TYPE_USER);
        auditLog.setPrimaryTargetValue(siteFeed.getName());
        List<AuditLogParameter> paramters = new ArrayList<AuditLogParameter>();
        for (User deletedUser : toDelete) {
            AuditLogParameter paramter = new AuditLogParameter();
            paramter.setTargetId(Long.toString(deletedUser.getId()));
            paramter.setTargetType(TARGET_TYPE_USER);
            paramter.setTargetValue(deletedUser.getUsername());
            paramters.add(paramter);
        }
        auditLog.setParameters(paramters);
        auditServiceInternal.insertAuditLog(auditLog);
    } finally {
        generalLockService.unlock(REMOVE_SYSTEM_ADMIN_MEMBER_LOCK);
    }
}
Also used : Group(org.craftercms.studio.api.v2.dal.Group) User(org.craftercms.studio.api.v2.dal.User) AuthenticatedUser(org.craftercms.studio.model.AuthenticatedUser) SiteFeed(org.craftercms.studio.api.v1.dal.SiteFeed) ArrayList(java.util.ArrayList) ServiceLayerException(org.craftercms.studio.api.v1.exception.ServiceLayerException) GroupNotFoundException(org.craftercms.studio.api.v1.exception.security.GroupNotFoundException) AuditLogParameter(org.craftercms.studio.api.v2.dal.AuditLogParameter) AuditLog(org.craftercms.studio.api.v2.dal.AuditLog) HasPermission(org.craftercms.commons.security.permissions.annotations.HasPermission)

Example 2 with TARGET_TYPE_USER

use of org.craftercms.studio.api.v2.dal.AuditLogConstants.TARGET_TYPE_USER in project studio by craftercms.

the class UserServiceImpl method createUser.

@Override
@HasPermission(type = DefaultPermission.class, action = "create_users")
public User createUser(User user) throws UserAlreadyExistsException, ServiceLayerException, AuthenticationException {
    try {
        entitlementValidator.validateEntitlement(EntitlementType.USER, 1);
    } catch (EntitlementException e) {
        throw new ServiceLayerException("Unable to complete request due to entitlement limits. Please contact " + "your system administrator.", e);
    }
    User toRet = userServiceInternal.createUser(user);
    SiteFeed siteFeed = siteService.getSite(studioConfiguration.getProperty(CONFIGURATION_GLOBAL_SYSTEM_SITE));
    AuditLog auditLog = auditServiceInternal.createAuditLogEntry();
    auditLog.setOperation(OPERATION_CREATE);
    auditLog.setSiteId(siteFeed.getId());
    auditLog.setActorId(getCurrentUser().getUsername());
    auditLog.setPrimaryTargetId(user.getUsername());
    auditLog.setPrimaryTargetType(TARGET_TYPE_USER);
    auditLog.setPrimaryTargetValue(user.getUsername());
    auditServiceInternal.insertAuditLog(auditLog);
    return toRet;
}
Also used : EntitlementException(org.craftercms.commons.entitlements.exception.EntitlementException) User(org.craftercms.studio.api.v2.dal.User) AuthenticatedUser(org.craftercms.studio.model.AuthenticatedUser) SiteFeed(org.craftercms.studio.api.v1.dal.SiteFeed) ServiceLayerException(org.craftercms.studio.api.v1.exception.ServiceLayerException) AuditLog(org.craftercms.studio.api.v2.dal.AuditLog) HasPermission(org.craftercms.commons.security.permissions.annotations.HasPermission)

Example 3 with TARGET_TYPE_USER

use of org.craftercms.studio.api.v2.dal.AuditLogConstants.TARGET_TYPE_USER in project studio by craftercms.

the class GroupServiceImpl method removeGroupMembers.

@Override
@HasPermission(type = DefaultPermission.class, action = "update_groups")
public void removeGroupMembers(long groupId, List<Long> userIds, List<String> usernames) throws ServiceLayerException, UserNotFoundException, GroupNotFoundException, AuthenticationException {
    Group group = getGroup(groupId);
    generalLockService.lock(REMOVE_SYSTEM_ADMIN_MEMBER_LOCK);
    try {
        if (group.getGroupName().equals(SYSTEM_ADMIN_GROUP)) {
            List<User> members = getGroupMembers(groupId, 0, Integer.MAX_VALUE, StringUtils.EMPTY);
            if (CollectionUtils.isNotEmpty(members)) {
                List<User> membersAfterRemove = new ArrayList<User>();
                membersAfterRemove.addAll(members);
                members.forEach(m -> {
                    if (CollectionUtils.isNotEmpty(userIds)) {
                        if (userIds.contains(m.getId())) {
                            membersAfterRemove.remove(m);
                        }
                    }
                    if (CollectionUtils.isNotEmpty(usernames)) {
                        if (usernames.contains(m.getUsername())) {
                            membersAfterRemove.remove(m);
                        }
                    }
                });
                if (CollectionUtils.isEmpty(membersAfterRemove)) {
                    throw new ServiceLayerException("Removing all members of the System Admin group is not allowed." + " We must have at least one system administrator.");
                }
            }
        }
        List<User> users = userServiceInternal.getUsersByIdOrUsername(userIds, usernames);
        groupServiceInternal.removeGroupMembers(groupId, userIds, usernames);
        SiteFeed siteFeed = siteService.getSite(studioConfiguration.getProperty(CONFIGURATION_GLOBAL_SYSTEM_SITE));
        AuditLog auditLog = auditServiceInternal.createAuditLogEntry();
        auditLog.setOperation(OPERATION_REMOVE_MEMBERS);
        auditLog.setActorId(userService.getCurrentUser().getUsername());
        auditLog.setSiteId(siteFeed.getId());
        auditLog.setPrimaryTargetId(Long.toString(group.getId()));
        auditLog.setPrimaryTargetType(TARGET_TYPE_USER);
        auditLog.setPrimaryTargetValue(group.getGroupName());
        List<AuditLogParameter> paramters = new ArrayList<AuditLogParameter>();
        for (User user : users) {
            AuditLogParameter paramter = new AuditLogParameter();
            paramter.setTargetId(Long.toString(user.getId()));
            paramter.setTargetType(TARGET_TYPE_USER);
            paramter.setTargetValue(user.getUsername());
            paramters.add(paramter);
        }
        auditLog.setParameters(paramters);
        auditServiceInternal.insertAuditLog(auditLog);
    } finally {
        generalLockService.unlock(REMOVE_SYSTEM_ADMIN_MEMBER_LOCK);
    }
}
Also used : Group(org.craftercms.studio.api.v2.dal.Group) User(org.craftercms.studio.api.v2.dal.User) SiteFeed(org.craftercms.studio.api.v1.dal.SiteFeed) ArrayList(java.util.ArrayList) ServiceLayerException(org.craftercms.studio.api.v1.exception.ServiceLayerException) AuditLogParameter(org.craftercms.studio.api.v2.dal.AuditLogParameter) AuditLog(org.craftercms.studio.api.v2.dal.AuditLog) HasPermission(org.craftercms.commons.security.permissions.annotations.HasPermission)

Example 4 with TARGET_TYPE_USER

use of org.craftercms.studio.api.v2.dal.AuditLogConstants.TARGET_TYPE_USER in project studio by craftercms.

the class SecurityServiceImpl method logout.

@Override
public boolean logout() throws SiteNotFoundException {
    String username = getCurrentUser();
    RequestContext context = RequestContext.getCurrent();
    if (username != null && context != null) {
        HttpServletRequest httpServletRequest = context.getRequest();
        String ipAddress = httpServletRequest.getRemoteAddr();
        SiteFeed siteFeed = siteService.getSite(studioConfiguration.getProperty(CONFIGURATION_GLOBAL_SYSTEM_SITE));
        AuditLog auditLog = auditServiceInternal.createAuditLogEntry();
        auditLog.setOperation(OPERATION_LOGOUT);
        auditLog.setActorId(username);
        auditLog.setSiteId(siteFeed.getId());
        auditLog.setPrimaryTargetId(username);
        auditLog.setPrimaryTargetType(TARGET_TYPE_USER);
        auditLog.setPrimaryTargetValue(username);
        auditServiceInternal.insertAuditLog(auditLog);
        logger.info("User " + username + " logged out from IP: " + ipAddress);
    }
    return true;
}
Also used : HttpServletRequest(javax.servlet.http.HttpServletRequest) SiteFeed(org.craftercms.studio.api.v1.dal.SiteFeed) RequestContext(org.craftercms.commons.http.RequestContext) AuditLog(org.craftercms.studio.api.v2.dal.AuditLog)

Example 5 with TARGET_TYPE_USER

use of org.craftercms.studio.api.v2.dal.AuditLogConstants.TARGET_TYPE_USER in project studio by craftercms.

the class AuthenticationChainImpl method doAuthenticate.

@Override
public boolean doAuthenticate(HttpServletRequest request, HttpServletResponse response, String username, String password) throws Exception {
    boolean authenticated = false;
    Iterator<AuthenticationProvider> iterator = authenticationChain.iterator();
    Exception lastError = null;
    while (iterator.hasNext()) {
        AuthenticationProvider authProvider = iterator.next();
        if (authProvider.isEnabled()) {
            try {
                authenticated = authProvider.doAuthenticate(request, response, this, username, password);
            } catch (Exception e) {
                lastError = e;
            }
            if (authenticated)
                break;
        }
    }
    String ipAddress = request.getRemoteAddr();
    SiteFeed siteFeed = siteService.getSite(studioConfiguration.getProperty(CONFIGURATION_GLOBAL_SYSTEM_SITE));
    if (authenticated) {
        AuditLog auditLog = auditServiceInternal.createAuditLogEntry();
        auditLog.setOperation(OPERATION_LOGIN);
        auditLog.setActorId(username);
        auditLog.setSiteId(siteFeed.getId());
        auditLog.setPrimaryTargetId(username);
        auditLog.setPrimaryTargetType(TARGET_TYPE_USER);
        auditLog.setPrimaryTargetValue(username);
        auditServiceInternal.insertAuditLog(auditLog);
        logger.info("User " + username + " logged in from IP: " + ipAddress);
    } else {
        AuditLog auditLog = auditServiceInternal.createAuditLogEntry();
        auditLog.setOperation(OPERATION_LOGIN_FAILED);
        auditLog.setActorId(username);
        auditLog.setSiteId(siteFeed.getId());
        auditLog.setPrimaryTargetId(StringUtils.isEmpty(username) ? StringUtils.EMPTY : username);
        auditLog.setPrimaryTargetType(TARGET_TYPE_USER);
        auditLog.setPrimaryTargetValue(username);
        auditServiceInternal.insertAuditLog(auditLog);
        logger.info("Failed to authenticate user " + username + " logging in from IP: " + ipAddress);
        if (lastError == null) {
            lastError = new AuthenticationSystemException("Unknown service error");
        }
        throw lastError;
    }
    return authenticated;
}
Also used : SiteFeed(org.craftercms.studio.api.v1.dal.SiteFeed) AuthenticationSystemException(org.craftercms.studio.api.v1.exception.security.AuthenticationSystemException) AuthenticationProvider(org.craftercms.studio.api.v2.service.security.AuthenticationProvider) AuthenticationSystemException(org.craftercms.studio.api.v1.exception.security.AuthenticationSystemException) AuditLog(org.craftercms.studio.api.v2.dal.AuditLog)

Aggregations

SiteFeed (org.craftercms.studio.api.v1.dal.SiteFeed)12 AuditLog (org.craftercms.studio.api.v2.dal.AuditLog)12 User (org.craftercms.studio.api.v2.dal.User)9 ArrayList (java.util.ArrayList)7 ServiceLayerException (org.craftercms.studio.api.v1.exception.ServiceLayerException)7 Group (org.craftercms.studio.api.v2.dal.Group)7 HasPermission (org.craftercms.commons.security.permissions.annotations.HasPermission)6 AuthenticationSystemException (org.craftercms.studio.api.v1.exception.security.AuthenticationSystemException)5 UserAlreadyExistsException (org.craftercms.studio.api.v1.exception.security.UserAlreadyExistsException)4 UserNotFoundException (org.craftercms.studio.api.v1.exception.security.UserNotFoundException)4 SiteService (org.craftercms.studio.api.v1.service.site.SiteService)4 AuditLogParameter (org.craftercms.studio.api.v2.dal.AuditLogParameter)4 UserGroup (org.craftercms.studio.api.v2.dal.UserGroup)4 AuditServiceInternal (org.craftercms.studio.api.v2.service.audit.internal.AuditServiceInternal)4 StudioConfiguration (org.craftercms.studio.api.v2.utils.StudioConfiguration)4 HashMap (java.util.HashMap)3 GroupDAO (org.craftercms.studio.api.v2.dal.GroupDAO)3 UserDAO (org.craftercms.studio.api.v2.dal.UserDAO)3 NamingException (javax.naming.NamingException)2 HttpServletRequest (javax.servlet.http.HttpServletRequest)2