Examples with User org.libresonic.player.domain.User used on opensource projects

Example 6 with User

use of org.libresonic.player.domain.User in project libresonic by Libresonic.

the class RESTController method changePassword.

@RequestMapping(value = "/rest/changePassword", method = { RequestMethod.GET, RequestMethod.POST })
public void changePassword(HttpServletRequest request, HttpServletResponse response) throws Exception {
    request = wrapRequest(request);
    String username = getRequiredStringParameter(request, "username");
    String password = decrypt(getRequiredStringParameter(request, "password"));
    User authUser = securityService.getCurrentUser(request);
    boolean allowed = authUser.isAdminRole() || username.equals(authUser.getUsername()) && authUser.isSettingsRole();
    if (!allowed) {
        error(request, response, ErrorCode.NOT_AUTHORIZED, authUser.getUsername() + " is not authorized to change password for " + username);
        return;
    }
    User user = securityService.getUserByName(username);
    user.setPassword(password);
    securityService.updateUser(user);
    writeEmptyResponse(request, response);
}

Example 7 with User

use of org.libresonic.player.domain.User in project libresonic by Libresonic.

the class RESTController method deleteUser.

@RequestMapping(value = "/rest/deleteUser", method = { RequestMethod.GET, RequestMethod.POST })
public void deleteUser(HttpServletRequest request, HttpServletResponse response) throws Exception {
    request = wrapRequest(request);
    User user = securityService.getCurrentUser(request);
    if (!user.isAdminRole()) {
        error(request, response, ErrorCode.NOT_AUTHORIZED, user.getUsername() + " is not authorized to delete users.");
        return;
    }
    String username = getRequiredStringParameter(request, "username");
    if (User.USERNAME_ADMIN.equals(username)) {
        error(request, response, ErrorCode.NOT_AUTHORIZED, "Not allowed to delete admin user");
        return;
    }
    securityService.deleteUser(username);
    writeEmptyResponse(request, response);
}

Example 8 with User

use of org.libresonic.player.domain.User in project libresonic by Libresonic.

the class RESTController method getUser.

@RequestMapping(value = "/rest/getUser", method = { RequestMethod.GET, RequestMethod.POST })
public void getUser(HttpServletRequest request, HttpServletResponse response) throws Exception {
    request = wrapRequest(request);
    String username = getRequiredStringParameter(request, "username");
    User currentUser = securityService.getCurrentUser(request);
    if (!username.equals(currentUser.getUsername()) && !currentUser.isAdminRole()) {
        error(request, response, ErrorCode.NOT_AUTHORIZED, currentUser.getUsername() + " is not authorized to get details for other users.");
        return;
    }
    User requestedUser = securityService.getUserByName(username);
    if (requestedUser == null) {
        error(request, response, ErrorCode.NOT_FOUND, "No such user: " + username);
        return;
    }
    Response res = createResponse();
    res.setUser(createJaxbUser(requestedUser));
    jaxbWriter.writeResponse(request, response, res);
}

Example 9 with User

use of org.libresonic.player.domain.User in project libresonic by Libresonic.

the class SecurityService method loadUserByUsername.

public UserDetails loadUserByUsername(String username, boolean caseSensitive) throws UsernameNotFoundException, DataAccessException {
    User user = getUserByName(username, caseSensitive);
    if (user == null) {
        throw new UsernameNotFoundException("User \"" + username + "\" was not found.");
    }
    List<GrantedAuthority> authorities = getGrantedAuthorities(username);
    return new org.springframework.security.core.userdetails.User(username, user.getPassword(), authorities);
}

Example 10 with User

use of org.libresonic.player.domain.User in project libresonic by Libresonic.

the class LibresonicUserDetailsContextMapper method mapUserFromContext.

// ~ Methods
// ========================================================================================================
public UserDetails mapUserFromContext(DirContextOperations ctx, String username, Collection<? extends GrantedAuthority> authorities) {
    String dn = ctx.getNameInNamespace();
    logger.debug("Mapping user details from context with DN: " + dn);
    // User must be defined in Libresonic, unless auto-shadowing is enabled.
    User user = securityService.getUserByName(username, false);
    if (user == null && !settingsService.isLdapAutoShadowing()) {
        throw new BadCredentialsException("User does not exist.");
    }
    if (user == null) {
        User newUser = new User(username, "", null, true, 0L, 0L, 0L);
        newUser.setStreamRole(true);
        newUser.setSettingsRole(true);
        securityService.createUser(newUser);
        logger.info("Created local user '" + username + "' for DN " + dn);
        user = securityService.getUserByName(username, false);
    }
    // LDAP authentication must be enabled for the given user.
    if (!user.isLdapAuthenticated()) {
        throw new BadCredentialsException("LDAP authentication disabled for user.");
    }
    LdapUserDetailsImpl.Essence essence = new LdapUserDetailsImpl.Essence();
    essence.setDn(dn);
    Object passwordValue = ctx.getObjectAttribute(passwordAttributeName);
    if (passwordValue != null) {
        essence.setPassword(mapPassword(passwordValue));
    }
    essence.setUsername(user.getUsername());
    // Add the supplied authorities
    for (GrantedAuthority authority : securityService.getGrantedAuthorities(user.getUsername())) {
        essence.addAuthority(authority);
    }
    // Check for PPolicy data
    PasswordPolicyResponseControl ppolicy = (PasswordPolicyResponseControl) ctx.getObjectAttribute(PasswordPolicyControl.OID);
    if (ppolicy != null) {
        essence.setTimeBeforeExpiration(ppolicy.getTimeBeforeExpiration());
        essence.setGraceLoginsRemaining(ppolicy.getGraceLoginsRemaining());
    }
    return essence.createUserDetails();
}