Examples with User org.haiku.haikudepotserver.dataobjects.User used on opensource projects

Example 36 with User

use of org.haiku.haikudepotserver.dataobjects.User in project haikudepotserver by haiku.

the class UserApiImpl method authenticateUser.

// TODO; some sort of brute-force checking here; too many authentication requests in a short period; go into lock-down?
@Override
public AuthenticateUserResult authenticateUser(AuthenticateUserRequest authenticateUserRequest) {
    Preconditions.checkNotNull(authenticateUserRequest);
    AuthenticateUserResult authenticateUserResult = new AuthenticateUserResult();
    authenticateUserResult.token = null;
    if (null != authenticateUserRequest.nickname) {
        authenticateUserRequest.nickname = authenticateUserRequest.nickname.trim();
    }
    if (null != authenticateUserRequest.passwordClear) {
        authenticateUserRequest.passwordClear = authenticateUserRequest.passwordClear.trim();
    }
    Optional<ObjectId> userOidOptional = userAuthenticationService.authenticateByNicknameAndPassword(authenticateUserRequest.nickname, authenticateUserRequest.passwordClear);
    if (userOidOptional.isEmpty()) {
        // if the authentication has failed then best to sleep for a moment
        // to make brute forcing a bit more tricky.
        // TODO; this will eat threads; any other way to do it?
        Uninterruptibles.sleepUninterruptibly(5, TimeUnit.SECONDS);
    } else {
        ObjectContext context = serverRuntime.newContext();
        User user = User.getByObjectId(context, userOidOptional.get());
        authenticateUserResult.token = userAuthenticationService.generateToken(user);
    }
    return authenticateUserResult;
}

Example 37 with User

use of org.haiku.haikudepotserver.dataobjects.User in project haikudepotserver by haiku.

the class UserApiImpl method changePassword.

@Override
public ChangePasswordResult changePassword(ChangePasswordRequest changePasswordRequest) throws ValidationException {
    Preconditions.checkNotNull(changePasswordRequest);
    Preconditions.checkState(!Strings.isNullOrEmpty(changePasswordRequest.nickname));
    Preconditions.checkState(!Strings.isNullOrEmpty(changePasswordRequest.newPasswordClear));
    // get the logged in and target user.
    final ObjectContext context = serverRuntime.newContext();
    User authUser = obtainAuthenticatedUser(context);
    User targetUser = User.tryGetByNickname(context, changePasswordRequest.nickname).orElseThrow(() -> new ObjectNotFoundException(User.class.getSimpleName(), changePasswordRequest.nickname));
    if (!permissionEvaluator.hasPermission(SecurityContextHolder.getContext().getAuthentication(), targetUser, Permission.USER_CHANGEPASSWORD)) {
        throw new AccessDeniedException("the logged in user is not allowed to change the password of another user [" + changePasswordRequest.nickname + "]");
    }
    if (!userAuthenticationService.validatePassword(changePasswordRequest.newPasswordClear)) {
        throw new ValidationException(new ValidationFailure("passwordClear", "invalid"));
    }
    if (Strings.isNullOrEmpty(changePasswordRequest.captchaToken)) {
        throw new IllegalStateException("the captcha token must be supplied to change the password");
    }
    if (Strings.isNullOrEmpty(changePasswordRequest.captchaResponse)) {
        throw new IllegalStateException("the captcha response must be supplied to change the password");
    }
    if (!captchaService.verify(changePasswordRequest.captchaToken, changePasswordRequest.captchaResponse)) {
        throw new CaptchaBadResponseException();
    }
    if (targetUser.getNickname().equals(authUser.getNickname())) {
        if (Strings.isNullOrEmpty(changePasswordRequest.oldPasswordClear)) {
            throw new IllegalStateException("the old password clear is required to change the password of a user unless the logged in user is root.");
        }
        if (userAuthenticationService.authenticateByNicknameAndPassword(changePasswordRequest.nickname, changePasswordRequest.oldPasswordClear).isEmpty()) {
            // if the old password does not match to the user then we should present this
            // as a validation failure rather than an authorization failure.
            LOGGER.info("the supplied old password is invalid for the user {}", changePasswordRequest.nickname);
            throw new ValidationException(new ValidationFailure("oldPasswordClear", "mismatched"));
        }
    }
    userAuthenticationService.setPassword(targetUser, changePasswordRequest.newPasswordClear);
    context.commitChanges();
    LOGGER.info("did change password for user {}", changePasswordRequest.nickname);
    return new ChangePasswordResult();
}

Example 38 with User

use of org.haiku.haikudepotserver.dataobjects.User in project haikudepotserver by haiku.

the class UserApiImpl method agreeUserUsageConditions.

@Override
public AgreeUserUsageConditionsResult agreeUserUsageConditions(AgreeUserUsageConditionsRequest request) {
    Preconditions.checkNotNull(request);
    Preconditions.checkArgument(StringUtils.isNotBlank(request.nickname));
    Preconditions.checkArgument(StringUtils.isNotBlank(request.userUsageConditionsCode));
    final ObjectContext context = serverRuntime.newContext();
    User user = User.getByNickname(context, request.nickname);
    if (!permissionEvaluator.hasPermission(SecurityContextHolder.getContext().getAuthentication(), user, Permission.USER_AGREE_USAGE_CONDITIONS)) {
        throw new AccessDeniedException("unable to agree user usage conditions for user [" + user + "]");
    }
    // remove any existing agreement
    user.getUserUsageConditionsAgreements().forEach(uuca -> uuca.setActive(false));
    UserUsageConditionsAgreement agreement = context.newObject(UserUsageConditionsAgreement.class);
    agreement.setUser(user);
    agreement.setTimestampAgreed();
    agreement.setUserUsageConditions(UserUsageConditions.getByCode(context, request.userUsageConditionsCode));
    context.commitChanges();
    LOGGER.info("did agree to user usage conditions [{}]", request.userUsageConditionsCode);
    return new AgreeUserUsageConditionsResult();
}

Example 39 with User

use of org.haiku.haikudepotserver.dataobjects.User in project haikudepotserver by haiku.

the class AuthorizationApiIT method checkAuthorizationRequest_asUserWithRule.

/**
 * <P>With a user-pkg rule in place we should see this authorization come through in a check
 * for that permission against the package being true.</P>
 */
@Test
public void checkAuthorizationRequest_asUserWithRule() {
    integrationTestSupportService.createStandardTestData();
    {
        ObjectContext context = serverRuntime.newContext();
        User user1 = integrationTestSupportService.createBasicUser(context, "testuser1", "fakepassword");
        integrationTestSupportService.agreeToUserUsageConditions(context, user1);
        Pkg pkg1 = Pkg.tryGetByName(context, "pkg1").get();
        org.haiku.haikudepotserver.dataobjects.Permission permission = org.haiku.haikudepotserver.dataobjects.Permission.getByCode(context, Permission.PKG_EDITICON.name().toLowerCase()).get();
        PermissionUserPkg pup_u1p1 = context.newObject(PermissionUserPkg.class);
        pup_u1p1.setPkg(pkg1);
        pup_u1p1.setUser(user1);
        pup_u1p1.setPermission(permission);
        context.commitChanges();
    }
    CheckAuthorizationRequest request = new CheckAuthorizationRequest();
    request.targetAndPermissions = new ArrayList<>();
    request.targetAndPermissions.add(new CheckAuthorizationRequest.AuthorizationTargetAndPermission(AuthorizationTargetType.PKG, "pkg1", Permission.PKG_EDITICON.name()));
    setAuthenticatedUser("testuser1");
    // ------------------------------------
    CheckAuthorizationResult result = authorizationApi.checkAuthorization(request);
    // ------------------------------------
    Assertions.assertThat(result.targetAndPermissions.size()).isEqualTo(1);
    Assertions.assertThat(result.targetAndPermissions.get(0).authorized).isTrue();
}

Example 40 with User

use of org.haiku.haikudepotserver.dataobjects.User in project haikudepotserver by haiku.

the class JobApiIT method testSearchJobs_userOnly.

@Test
public void testSearchJobs_userOnly() {
    {
        ObjectContext context = serverRuntime.newContext();
        // language is english
        User user = integrationTestSupportService.createBasicUser(context, "testuser", "yUe4o2Nwe009");
        integrationTestSupportService.agreeToUserUsageConditions(context, user);
        setAuthenticatedUser("testuser");
    }
    SearchJobsRequest request = new SearchJobsRequest();
    request.ownerUserNickname = "testuser";
    // ------------------------------------
    SearchJobsResult result = jobApi.searchJobs(request);
    // ------------------------------------
    Assertions.assertThat(result.items.size()).isEqualTo(1);
    SearchJobsResult.Job job = result.items.get(0);
    Assertions.assertThat(job.guid).isEqualTo("finished");
    Assertions.assertThat(job.queuedTimestamp.longValue()).isEqualTo(TestJobServiceImpl.DT_1976_APR.toEpochMilli());
    Assertions.assertThat(job.startTimestamp.longValue()).isEqualTo(TestJobServiceImpl.DT_1976_JUN.toEpochMilli());
    Assertions.assertThat(job.finishTimestamp.longValue()).isEqualTo(TestJobServiceImpl.DT_1976_JUL.toEpochMilli());
    Assertions.assertThat(job.ownerUserNickname).isEqualTo("testuser");
    Assertions.assertThat(job.jobStatus).isEqualTo(JobStatus.FINISHED);
}