Example 1 with RestoreOptions
use of org.hisp.dhis.security.RestoreOptions in project dhis2-core by dhis2.
the class IsInviteTokenValidAction method execute.
// -------------------------------------------------------------------------
// Action implementation
// -------------------------------------------------------------------------
@Override
public String execute() {
userCredentials = userService.getUserCredentialsByUsername(username);
if (userCredentials == null) {
return ERROR;
}
email = userCredentials.getUserInfo().getEmail();
RestoreOptions restoreOptions = securityService.getRestoreOptions(token);
if (restoreOptions != null) {
usernameChoice = Boolean.toString(restoreOptions.isUsernameChoice());
}
String errorMessage = securityService.verifyToken(userCredentials, token, RestoreType.INVITE);
return errorMessage == null ? SUCCESS : ERROR;
}
Also used :
RestoreOptions(org.hisp.dhis.security.RestoreOptions)
Example 2 with RestoreOptions
use of org.hisp.dhis.security.RestoreOptions in project dhis2-core by dhis2.
the class UserController method resendInvite.
@RequestMapping(value = "/{id}" + INVITE_PATH, method = RequestMethod.POST)
@ResponseStatus(HttpStatus.NO_CONTENT)
public void resendInvite(@PathVariable String id, HttpServletRequest request) throws Exception {
User user = userService.getUser(id);
if (user == null) {
throw new WebMessageException(WebMessageUtils.conflict("User not found: " + id));
}
if (user.getUserCredentials() == null || !user.getUserCredentials().isInvitation()) {
throw new WebMessageException(WebMessageUtils.conflict("User account is not an invitation: " + id));
}
String valid = securityService.validateRestore(user.getUserCredentials());
if (valid != null) {
throw new WebMessageException(WebMessageUtils.conflict(valid));
}
boolean isInviteUsername = securityService.isInviteUsername(user.getUsername());
RestoreOptions restoreOptions = isInviteUsername ? RestoreOptions.INVITE_WITH_USERNAME_CHOICE : RestoreOptions.INVITE_WITH_DEFINED_USERNAME;
securityService.sendRestoreMessage(user.getUserCredentials(), ContextUtils.getContextPath(request), restoreOptions);
}
Also used :
RestoreOptions(org.hisp.dhis.security.RestoreOptions)
User(org.hisp.dhis.user.User)
WebMessageException(org.hisp.dhis.dxf2.webmessage.WebMessageException)
ResponseStatus(org.springframework.web.bind.annotation.ResponseStatus)
RequestMapping(org.springframework.web.bind.annotation.RequestMapping)
Example 3 with RestoreOptions
use of org.hisp.dhis.security.RestoreOptions in project dhis2-core by dhis2.
the class AccountController method createAccount.
@RequestMapping(method = RequestMethod.POST)
public void createAccount(@RequestParam String username, @RequestParam String firstName, @RequestParam String surname, @RequestParam String password, @RequestParam String email, @RequestParam String phoneNumber, @RequestParam String employer, @RequestParam(required = false) String inviteUsername, @RequestParam(required = false) String inviteToken, @RequestParam(required = false) String inviteCode, @RequestParam(value = "recaptcha_challenge_field", required = false) String recapChallenge, @RequestParam(value = "recaptcha_response_field", required = false) String recapResponse, HttpServletRequest request, HttpServletResponse response) throws WebMessageException {
UserCredentials credentials = null;
boolean invitedByEmail = (inviteUsername != null && !inviteUsername.isEmpty());
boolean canChooseUsername = true;
if (invitedByEmail) {
credentials = userService.getUserCredentialsByUsername(inviteUsername);
if (credentials == null) {
throw new WebMessageException(WebMessageUtils.badRequest("Invitation link not valid"));
}
boolean canRestore = securityService.canRestore(credentials, inviteToken, inviteCode, RestoreType.INVITE);
if (!canRestore) {
throw new WebMessageException(WebMessageUtils.badRequest("Invitation code not valid"));
}
RestoreOptions restoreOptions = securityService.getRestoreOptions(inviteToken);
canChooseUsername = restoreOptions.isUsernameChoice();
} else {
boolean allowed = configurationService.getConfiguration().selfRegistrationAllowed();
if (!allowed) {
throw new WebMessageException(WebMessageUtils.badRequest("User self registration is not allowed"));
}
}
// ---------------------------------------------------------------------
// Trim input
// ---------------------------------------------------------------------
username = StringUtils.trimToNull(username);
firstName = StringUtils.trimToNull(firstName);
surname = StringUtils.trimToNull(surname);
password = StringUtils.trimToNull(password);
email = StringUtils.trimToNull(email);
phoneNumber = StringUtils.trimToNull(phoneNumber);
employer = StringUtils.trimToNull(employer);
recapChallenge = StringUtils.trimToNull(recapChallenge);
recapResponse = StringUtils.trimToNull(recapResponse);
CredentialsInfo credentialsInfo = new CredentialsInfo(username, password, email, true);
if (username == null || username.trim().length() > MAX_LENGTH) {
throw new WebMessageException(WebMessageUtils.badRequest("User name is not specified or invalid"));
}
UserCredentials usernameAlreadyTakenCredentials = userService.getUserCredentialsByUsername(username);
if (canChooseUsername && usernameAlreadyTakenCredentials != null) {
throw new WebMessageException(WebMessageUtils.badRequest("User name is already taken"));
}
if (firstName == null || firstName.trim().length() > MAX_LENGTH) {
throw new WebMessageException(WebMessageUtils.badRequest("First name is not specified or invalid"));
}
if (surname == null || surname.trim().length() > MAX_LENGTH) {
throw new WebMessageException(WebMessageUtils.badRequest("Last name is not specified or invalid"));
}
if (password == null) {
throw new WebMessageException(WebMessageUtils.badRequest("Password is not specified"));
}
PasswordValidationResult result = passwordValidationService.validate(credentialsInfo);
if (!result.isValid()) {
throw new WebMessageException(WebMessageUtils.badRequest(result.getErrorMessage()));
}
if (email == null || !ValidationUtils.emailIsValid(email)) {
throw new WebMessageException(WebMessageUtils.badRequest("Email is not specified or invalid"));
}
if (phoneNumber == null || phoneNumber.trim().length() > MAX_PHONE_NO_LENGTH) {
throw new WebMessageException(WebMessageUtils.badRequest("Phone number is not specified or invalid"));
}
if (employer == null || employer.trim().length() > MAX_LENGTH) {
throw new WebMessageException(WebMessageUtils.badRequest("Employer is not specified or invalid"));
}
if (!systemSettingManager.selfRegistrationNoRecaptcha()) {
if (recapChallenge == null) {
throw new WebMessageException(WebMessageUtils.badRequest("Recaptcha challenge must be specified"));
}
if (recapResponse == null) {
throw new WebMessageException(WebMessageUtils.badRequest("Recaptcha response must be specified"));
}
// ---------------------------------------------------------------------
// Check result from API, return 500 if not
// ---------------------------------------------------------------------
String[] results = checkRecaptcha(KEY, request.getRemoteAddr(), recapChallenge, recapResponse);
if (results == null || results.length == 0) {
throw new WebMessageException(WebMessageUtils.error("Captcha could not be verified due to a server error"));
}
if (!TRUE.equalsIgnoreCase(results[0])) {
log.info("Recaptcha failed with code: " + (results.length > 0 ? results[1] : ""));
throw new WebMessageException(WebMessageUtils.badRequest("The characters you entered did not match the word verification, try again"));
}
}
if (invitedByEmail) {
boolean restored = securityService.restore(credentials, inviteToken, inviteCode, password, RestoreType.INVITE);
if (!restored) {
log.info("Invite restore failed for: " + inviteUsername);
throw new WebMessageException(WebMessageUtils.badRequest("Unable to create invited user account"));
}
User user = credentials.getUserInfo();
user.setFirstName(firstName);
user.setSurname(surname);
user.setEmail(email);
user.setPhoneNumber(phoneNumber);
user.setEmployer(employer);
if (canChooseUsername) {
credentials.setUsername(username);
} else {
username = credentials.getUsername();
}
userService.encodeAndSetPassword(credentials, password);
userService.updateUser(user);
userService.updateUserCredentials(credentials);
log.info("User " + username + " accepted invitation for " + inviteUsername);
} else {
UserAuthorityGroup userRole = configurationService.getConfiguration().getSelfRegistrationRole();
OrganisationUnit orgUnit = configurationService.getConfiguration().getSelfRegistrationOrgUnit();
User user = new User();
user.setFirstName(firstName);
user.setSurname(surname);
user.setEmail(email);
user.setPhoneNumber(phoneNumber);
user.setEmployer(employer);
user.getOrganisationUnits().add(orgUnit);
user.getDataViewOrganisationUnits().add(orgUnit);
credentials = new UserCredentials();
credentials.setUsername(username);
userService.encodeAndSetPassword(credentials, password);
credentials.setSelfRegistered(true);
credentials.setUserInfo(user);
credentials.getUserAuthorityGroups().add(userRole);
user.setUserCredentials(credentials);
userService.addUser(user);
userService.addUserCredentials(credentials);
log.info("Created user with username: " + username);
}
Set<GrantedAuthority> authorities = getAuthorities(credentials.getUserAuthorityGroups());
authenticate(username, password, authorities, request);
webMessageService.send(WebMessageUtils.ok("Account created"), response, request);
}
Also used :
RestoreOptions(org.hisp.dhis.security.RestoreOptions)
OrganisationUnit(org.hisp.dhis.organisationunit.OrganisationUnit)
WebMessageException(org.hisp.dhis.dxf2.webmessage.WebMessageException)
SimpleGrantedAuthority(org.springframework.security.core.authority.SimpleGrantedAuthority)
GrantedAuthority(org.springframework.security.core.GrantedAuthority)
RequestMapping(org.springframework.web.bind.annotation.RequestMapping)
Example 4 with RestoreOptions
use of org.hisp.dhis.security.RestoreOptions in project dhis2-core by dhis2.
the class AddUserAction method execute.
// -------------------------------------------------------------------------
// Action implementation
// -------------------------------------------------------------------------
@Override
public String execute() throws Exception {
if (!userService.canAddOrUpdateUser(ugSelected)) {
throw new AccessDeniedException("You cannot add this user");
}
User currentUser = currentUserService.getCurrentUser();
// ---------------------------------------------------------------------
// User credentials and user
// ---------------------------------------------------------------------
UserCredentials userCredentials = new UserCredentials();
User user = new User();
userCredentials.setUserInfo(user);
user.setUserCredentials(userCredentials);
userCredentials.setUsername(StringUtils.trimToNull(username));
userCredentials.setExternalAuth(externalAuth);
userCredentials.setOpenId(StringUtils.trimToNull(openId));
userCredentials.setLdapId(StringUtils.trimToNull(ldapId));
if (ACCOUNT_ACTION_INVITE.equals(accountAction)) {
userCredentials.setUsername(StringUtils.trimToNull(inviteUsername));
userCredentials.setInvitation(true);
user.setEmail(StringUtils.trimToNull(inviteEmail));
securityService.prepareUserForInvite(user);
} else {
user.setSurname(StringUtils.trimToNull(surname));
user.setFirstName(StringUtils.trimToNull(firstName));
user.setEmail(StringUtils.trimToNull(email));
user.setPhoneNumber(StringUtils.trimToNull(phoneNumber));
userService.encodeAndSetPassword(userCredentials, StringUtils.trimToNull(rawPassword));
}
if (jsonAttributeValues != null) {
attributeService.updateAttributeValues(user, jsonAttributeValues);
}
// ---------------------------------------------------------------------
// Organisation units
// ---------------------------------------------------------------------
Set<OrganisationUnit> dataCaptureOrgUnits = new HashSet<>(selectionManager.getSelectedOrganisationUnits());
user.updateOrganisationUnits(dataCaptureOrgUnits);
Set<OrganisationUnit> dataViewOrgUnits = new HashSet<>(selectionTreeManager.getReloadedSelectedOrganisationUnits());
user.setDataViewOrganisationUnits(dataViewOrgUnits);
if (dataViewOrgUnits.size() == 0 && currentUser.getDataViewOrganisationUnits().size() != 0) {
user.setDataViewOrganisationUnits(new HashSet<>(currentUser.getDataViewOrganisationUnits()));
}
// ---------------------------------------------------------------------
// User roles
// ---------------------------------------------------------------------
Set<UserAuthorityGroup> userAuthorityGroups = new HashSet<>();
for (String id : urSelected) {
userAuthorityGroups.add(userService.getUserAuthorityGroup(id));
}
userService.canIssueFilter(userAuthorityGroups);
userCredentials.setUserAuthorityGroups(userAuthorityGroups);
// ---------------------------------------------------------------------
// Dimension constraints. Note that any new user must inherit dimension
// constraints if any from the current user.
// ---------------------------------------------------------------------
userCredentials.setCogsDimensionConstraints(new HashSet<>(currentUser.getUserCredentials().getCogsDimensionConstraints()));
userCredentials.setCatDimensionConstraints(new HashSet<>(currentUser.getUserCredentials().getCatDimensionConstraints()));
for (String id : dcSelected) {
CategoryOptionGroupSet cogs = categoryService.getCategoryOptionGroupSet(id);
if (cogs != null) {
userCredentials.getCogsDimensionConstraints().add(cogs);
continue;
}
DataElementCategory cat = categoryService.getDataElementCategory(id);
if (cat != null) {
userCredentials.getCatDimensionConstraints().add(cat);
continue;
}
}
// ---------------------------------------------------------------------
// Add User
// ---------------------------------------------------------------------
userService.addUser(user);
userService.addUserCredentials(userCredentials);
// ---------------------------------------------------------------------
// User settings
// ---------------------------------------------------------------------
userSettingService.saveUserSetting(UserSettingKey.UI_LOCALE, LocaleUtils.getLocale(localeUi), user);
userSettingService.saveUserSetting(UserSettingKey.DB_LOCALE, LocaleUtils.getLocale(localeDb), user);
if (ACCOUNT_ACTION_INVITE.equals(accountAction)) {
RestoreOptions restoreOptions = inviteUsername == null || inviteUsername.isEmpty() ? RestoreOptions.INVITE_WITH_USERNAME_CHOICE : RestoreOptions.INVITE_WITH_DEFINED_USERNAME;
securityService.sendRestoreMessage(userCredentials, getRootPath(), restoreOptions);
}
for (String id : ugSelected) {
UserGroup userGroup = userGroupService.getUserGroup(id);
userGroup.addUser(user);
userGroupService.updateUserGroup(userGroup);
}
if (ouwtSelected != null && manager.search(OrganisationUnit.class, ouwtSelected) != null) {
selectionManager.setSelectedOrganisationUnits(Lists.newArrayList(manager.search(OrganisationUnit.class, ouwtSelected)));
} else {
selectionManager.setSelectedOrganisationUnits(currentUser.getOrganisationUnits());
}
return SUCCESS;
}
Also used :
OrganisationUnit(org.hisp.dhis.organisationunit.OrganisationUnit)
RestoreOptions(org.hisp.dhis.security.RestoreOptions)
AccessDeniedException(org.springframework.security.access.AccessDeniedException)
User(org.hisp.dhis.user.User)
CategoryOptionGroupSet(org.hisp.dhis.dataelement.CategoryOptionGroupSet)
DataElementCategory(org.hisp.dhis.dataelement.DataElementCategory)
UserGroup(org.hisp.dhis.user.UserGroup)
UserAuthorityGroup(org.hisp.dhis.user.UserAuthorityGroup)
UserCredentials(org.hisp.dhis.user.UserCredentials)
HashSet(java.util.HashSet)
Example 5 with RestoreOptions
use of org.hisp.dhis.security.RestoreOptions in project dhis2-core by dhis2.
the class UserController method inviteUser.
/**
* Creates a user invitation and invites the user.
*
* @param user user object parsed from the POST request.
*/
private ObjectReport inviteUser(User user, User currentUser, HttpServletRequest request) throws Exception {
RestoreOptions restoreOptions = user.getUsername() == null || user.getUsername().isEmpty() ? RestoreOptions.INVITE_WITH_USERNAME_CHOICE : RestoreOptions.INVITE_WITH_DEFINED_USERNAME;
securityService.prepareUserForInvite(user);
ImportReport importReport = createUser(user, currentUser);
ObjectReport objectReport = getObjectReport(importReport);
if (importReport.getStatus() == Status.OK && importReport.getStats().getCreated() == 1) {
securityService.sendRestoreMessage(user.getUserCredentials(), ContextUtils.getContextPath(request), restoreOptions);
}
return objectReport;
}
Also used :
RestoreOptions(org.hisp.dhis.security.RestoreOptions)
ImportReport(org.hisp.dhis.dxf2.metadata.feedback.ImportReport)
ObjectReport(org.hisp.dhis.feedback.ObjectReport)
Aggregations
RestoreOptions (org.hisp.dhis.security.RestoreOptions)5
WebMessageException (org.hisp.dhis.dxf2.webmessage.WebMessageException)2
OrganisationUnit (org.hisp.dhis.organisationunit.OrganisationUnit)2
User (org.hisp.dhis.user.User)2
RequestMapping (org.springframework.web.bind.annotation.RequestMapping)2
HashSet (java.util.HashSet)1
CategoryOptionGroupSet (org.hisp.dhis.dataelement.CategoryOptionGroupSet)1
DataElementCategory (org.hisp.dhis.dataelement.DataElementCategory)1
ImportReport (org.hisp.dhis.dxf2.metadata.feedback.ImportReport)1
ObjectReport (org.hisp.dhis.feedback.ObjectReport)1
UserAuthorityGroup (org.hisp.dhis.user.UserAuthorityGroup)1
UserCredentials (org.hisp.dhis.user.UserCredentials)1
UserGroup (org.hisp.dhis.user.UserGroup)1
AccessDeniedException (org.springframework.security.access.AccessDeniedException)1
GrantedAuthority (org.springframework.security.core.GrantedAuthority)1
SimpleGrantedAuthority (org.springframework.security.core.authority.SimpleGrantedAuthority)1
ResponseStatus (org.springframework.web.bind.annotation.ResponseStatus)1
