use of org.graylog2.plugin.database.ValidationException in project graylog2-server by Graylog2.
the class UsersResource method deletePermissions.
@DELETE
@Path("{username}/permissions")
@RequiresPermissions(RestPermissions.USERS_PERMISSIONSEDIT)
@ApiOperation("Revoke all permissions for a user without deleting the account.")
@ApiResponses({ @ApiResponse(code = 500, message = "When saving the user failed.") })
@AuditEvent(type = AuditEventTypes.USER_PERMISSIONS_DELETE)
public void deletePermissions(@ApiParam(name = "username", value = "The name of the user to modify.", required = true) @PathParam("username") String username) throws ValidationException {
final User user = userService.load(username);
if (user == null) {
throw new NotFoundException("Couldn't find user " + username);
}
user.setPermissions(Collections.emptyList());
userService.save(user);
}
use of org.graylog2.plugin.database.ValidationException in project graylog2-server by Graylog2.
the class UsersResource method changePassword.
@PUT
@Path("{username}/password")
@ApiOperation("Update the password for a user.")
@ApiResponses({ @ApiResponse(code = 204, message = "The password was successfully updated. Subsequent requests must be made with the new password."), @ApiResponse(code = 400, message = "The new password is missing, or the old password is missing or incorrect."), @ApiResponse(code = 403, message = "The requesting user has insufficient privileges to update the password for the given user."), @ApiResponse(code = 404, message = "User does not exist.") })
@AuditEvent(type = AuditEventTypes.USER_PASSWORD_UPDATE)
public void changePassword(@ApiParam(name = "username", value = "The name of the user whose password to change.", required = true) @PathParam("username") String username, @ApiParam(name = "JSON body", value = "The old and new passwords.", required = true) @Valid ChangePasswordRequest cr) throws ValidationException {
final User user = userService.load(username);
if (user == null) {
throw new NotFoundException("Couldn't find user " + username);
}
if (!getSubject().isPermitted(RestPermissions.USERS_PASSWORDCHANGE + ":" + user.getName())) {
throw new ForbiddenException("Not allowed to change password for user " + username);
}
if (user.isExternalUser()) {
final String msg = "Cannot change password for LDAP user.";
LOG.error(msg);
throw new ForbiddenException(msg);
}
boolean checkOldPassword = true;
// the rationale is to prevent accidental or malicious change of admin passwords (e.g. to prevent locking out legitimate admins)
if (getSubject().isPermitted(RestPermissions.USERS_PASSWORDCHANGE + ":*")) {
if (username.equals(getSubject().getPrincipal())) {
LOG.debug("User {} is allowed to change the password of any user, but attempts to change own password. Must supply the old password.", getSubject().getPrincipal());
checkOldPassword = true;
} else {
LOG.debug("User {} is allowed to change the password for any user, including {}, ignoring old password", getSubject().getPrincipal(), username);
checkOldPassword = false;
}
}
boolean changeAllowed = false;
if (checkOldPassword) {
if (user.isUserPassword(cr.oldPassword())) {
changeAllowed = true;
}
} else {
changeAllowed = true;
}
if (changeAllowed) {
user.setPassword(cr.password());
userService.save(user);
} else {
throw new BadRequestException("Old password is missing or incorrect.");
}
}
use of org.graylog2.plugin.database.ValidationException in project graylog2-server by Graylog2.
the class InputsResource method create.
@POST
@Timed
@ApiOperation(value = "Launch input on this node", response = InputCreated.class)
@ApiResponses(value = { @ApiResponse(code = 404, message = "No such input type registered"), @ApiResponse(code = 400, message = "Missing or invalid configuration"), @ApiResponse(code = 400, message = "Type is exclusive and already has input running") })
@RequiresPermissions(RestPermissions.INPUTS_CREATE)
@AuditEvent(type = AuditEventTypes.MESSAGE_INPUT_CREATE)
public Response create(@ApiParam(name = "JSON body", required = true) @Valid @NotNull InputCreateRequest lr) throws ValidationException {
try {
// TODO Configuration type values need to be checked. See ConfigurationMapConverter.convertValues()
final MessageInput messageInput = messageInputFactory.create(lr, getCurrentUser().getName(), lr.node());
messageInput.checkConfiguration();
final Input input = this.inputService.create(messageInput.asMap());
final String newId = inputService.save(input);
final URI inputUri = getUriBuilderToSelf().path(InputsResource.class).path("{inputId}").build(newId);
return Response.created(inputUri).entity(InputCreated.create(newId)).build();
} catch (NoSuchInputTypeException e) {
LOG.error("There is no such input type registered.", e);
throw new NotFoundException("There is no such input type registered.", e);
} catch (ConfigurationException e) {
LOG.error("Missing or invalid input configuration.", e);
throw new BadRequestException("Missing or invalid input configuration.", e);
}
}
use of org.graylog2.plugin.database.ValidationException in project graylog2-server by Graylog2.
the class StaticFieldsResource method create.
@POST
@Timed
@Consumes(MediaType.APPLICATION_JSON)
@Produces(MediaType.APPLICATION_JSON)
@ApiOperation(value = "Add a static field to an input")
@ApiResponses(value = { @ApiResponse(code = 404, message = "No such input on this node."), @ApiResponse(code = 400, message = "Field/Key is reserved."), @ApiResponse(code = 400, message = "Missing or invalid configuration.") })
@AuditEvent(type = AuditEventTypes.STATIC_FIELD_CREATE)
public Response create(@ApiParam(name = "inputId", required = true) @PathParam("inputId") String inputId, @ApiParam(name = "JSON body", required = true) @Valid @NotNull CreateStaticFieldRequest csfr) throws NotFoundException, ValidationException {
checkPermission(RestPermissions.INPUTS_EDIT, inputId);
final MessageInput input = persistedInputs.get(inputId);
if (input == null) {
final String msg = "Input <" + inputId + "> not found.";
LOG.error(msg);
throw new javax.ws.rs.NotFoundException(msg);
}
// Check if key is a valid message key.
if (!Message.validKey(csfr.key())) {
final String msg = "Invalid key: [" + csfr.key() + "]";
LOG.error(msg);
throw new BadRequestException(msg);
}
if (Message.RESERVED_FIELDS.contains(csfr.key()) && !Message.RESERVED_SETTABLE_FIELDS.contains(csfr.key())) {
final String message = "Cannot add static field. Field [" + csfr.key() + "] is reserved.";
LOG.error(message);
throw new BadRequestException(message);
}
input.addStaticField(csfr.key(), csfr.value());
final Input mongoInput = inputService.find(input.getPersistId());
inputService.addStaticField(mongoInput, csfr.key(), csfr.value());
final String msg = "Added static field [" + csfr.key() + "] to input <" + inputId + ">.";
LOG.info(msg);
activityWriter.write(new Activity(msg, StaticFieldsResource.class));
final URI inputUri = getUriBuilderToSelf().path(InputsResource.class).path("{inputId}").build(mongoInput.getId());
return Response.created(inputUri).build();
}
use of org.graylog2.plugin.database.ValidationException in project graylog2-server by Graylog2.
the class LdapResource method updateLdapSettings.
@PUT
@Timed
@RequiresPermissions(RestPermissions.LDAP_EDIT)
@ApiOperation("Update the LDAP configuration")
@Path("/settings")
@Consumes(MediaType.APPLICATION_JSON)
@AuditEvent(type = AuditEventTypes.LDAP_CONFIGURATION_UPDATE)
public void updateLdapSettings(@ApiParam(name = "JSON body", required = true) @Valid @NotNull LdapSettingsRequest request) throws ValidationException {
// load the existing config, or create a new one. we only support having one, currently
final LdapSettings ldapSettings = firstNonNull(ldapSettingsService.load(), ldapSettingsFactory.createEmpty());
ldapSettings.setSystemUsername(request.systemUsername());
ldapSettings.setSystemPassword(request.systemPassword());
ldapSettings.setUri(request.ldapUri());
ldapSettings.setUseStartTls(request.useStartTls());
ldapSettings.setTrustAllCertificates(request.trustAllCertificates());
ldapSettings.setActiveDirectory(request.activeDirectory());
ldapSettings.setSearchPattern(request.searchPattern());
ldapSettings.setSearchBase(request.searchBase());
ldapSettings.setEnabled(request.enabled());
ldapSettings.setDisplayNameAttribute(request.displayNameAttribute());
ldapSettings.setDefaultGroup(request.defaultGroup());
ldapSettings.setGroupMapping(request.groupMapping());
ldapSettings.setGroupSearchBase(request.groupSearchBase());
ldapSettings.setGroupIdAttribute(request.groupIdAttribute());
ldapSettings.setGroupSearchPattern(request.groupSearchPattern());
ldapSettings.setAdditionalDefaultGroups(request.additionalDefaultGroups());
ldapSettingsService.save(ldapSettings);
}
Aggregations