Example 6 with PasswordRecovery
use of org.motechproject.security.domain.PasswordRecovery in project motech by motech.
the class PasswordRecoveryServiceImpl method oneTimeTokenOpenId.
@Override
@Transactional
public String oneTimeTokenOpenId(String email, DateTime expiration, boolean notify) throws UserNotFoundException, NonAdminUserException {
MotechUser user = motechUsersDao.findUserByEmail(email);
DateTime expirationDate = expiration;
if (expirationDate == null) {
expirationDate = DateTime.now().plusHours(DEFAULT_EXPIRATION_HOURS);
} else if (expirationDate.isBefore(DateTime.now())) {
throw new IllegalArgumentException("The expiration date shouldn't be a past date!");
}
if (user == null) {
throw new UserNotFoundException("User with email not found: " + email);
}
List<String> roles = user.getRoles();
boolean isAdminUser = false;
for (String role : roles) {
if (role.toLowerCase().contains("admin")) {
isAdminUser = true;
}
}
if (!isAdminUser) {
throw new NonAdminUserException("You are not admin User: " + user.getUserName());
}
String token = RandomStringUtils.randomAlphanumeric(TOKEN_LENGTH);
PasswordRecovery recovery = createRecovery(user.getUserName(), user.getEmail(), token, expirationDate, user.getLocale());
if (notify) {
emailSender.sendOneTimeToken(recovery);
}
LOGGER.info("Created a one time token for user " + user.getUserName());
return token;
}
Also used :
UserNotFoundException(org.motechproject.security.exception.UserNotFoundException)
MotechUser(org.motechproject.security.domain.MotechUser)
NonAdminUserException(org.motechproject.security.exception.NonAdminUserException)
PasswordRecovery(org.motechproject.security.domain.PasswordRecovery)
DateTime(org.joda.time.DateTime)
Transactional(org.springframework.transaction.annotation.Transactional)
Example 7 with PasswordRecovery
use of org.motechproject.security.domain.PasswordRecovery in project motech by motech.
the class PasswordRecoveryServiceImpl method validateTokenAndLoginUser.
@Override
@Transactional
public void validateTokenAndLoginUser(String token, HttpServletRequest request, HttpServletResponse response) throws IOException {
PasswordRecovery recovery = findForToken(token);
if (validateRecovery(recovery)) {
MotechUser user = motechUsersDao.findUserByEmail(recovery.getEmail());
OpenIDAuthenticationToken openIDToken = new OpenIDAuthenticationToken(OpenIDAuthenticationStatus.SUCCESS, user.getOpenId(), "one time login ", new ArrayList<>());
Authentication authentication = authenticationManager.authenticate(openIDToken);
SecurityContextHolder.getContext().setAuthentication(authentication);
request.getSession(true).setAttribute(HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY, SecurityContextHolder.getContext());
passwordRecoveriesDataService.delete(recovery);
redirectStrategy.sendRedirect(request, response, "/server/home");
} else {
redirectStrategy.sendRedirect(request, response, "/server/login");
}
}
Also used :
MotechUser(org.motechproject.security.domain.MotechUser)
Authentication(org.springframework.security.core.Authentication)
OpenIDAuthenticationToken(org.springframework.security.openid.OpenIDAuthenticationToken)
PasswordRecovery(org.motechproject.security.domain.PasswordRecovery)
Transactional(org.springframework.transaction.annotation.Transactional)
Example 8 with PasswordRecovery
use of org.motechproject.security.domain.PasswordRecovery in project motech by motech.
the class PasswordRecoveryServiceImpl method resetPassword.
@Override
@Transactional
public void resetPassword(String token, String password, String passwordConfirmation) throws InvalidTokenException {
if (!password.equals(passwordConfirmation)) {
throw new IllegalArgumentException("Password and confirmation do not match");
}
PasswordRecovery recovery = findForToken(token);
if (!validateRecovery(recovery)) {
throw new InvalidTokenException();
}
MotechUser user = motechUsersDao.findByUserName(recovery.getUsername());
if (user == null) {
throw new InvalidTokenException("This user has been deleted");
}
String encodedPassword = passwordEncoder.encodePassword(password);
user.setPassword(encodedPassword);
motechUsersDao.update(user);
passwordRecoveriesDataService.delete(recovery);
}
Also used :
InvalidTokenException(org.motechproject.security.exception.InvalidTokenException)
MotechUser(org.motechproject.security.domain.MotechUser)
PasswordRecovery(org.motechproject.security.domain.PasswordRecovery)
Transactional(org.springframework.transaction.annotation.Transactional)
Example 9 with PasswordRecovery
use of org.motechproject.security.domain.PasswordRecovery in project motech by motech.
the class PasswordRecoveryServiceImpl method cleanUpExpiredRecoveries.
@Override
@Transactional
public void cleanUpExpiredRecoveries() {
Range<DateTime> range = new Range<>(new DateTime(0), DateUtil.now());
List<PasswordRecovery> expiredRecoveries = passwordRecoveriesDataService.findByExpirationDate(range);
for (PasswordRecovery recovery : expiredRecoveries) {
passwordRecoveriesDataService.delete(recovery);
}
LOGGER.info("Cleaned up all expired password recoveries");
}
Also used :
Range(org.motechproject.commons.api.Range)
PasswordRecovery(org.motechproject.security.domain.PasswordRecovery)
DateTime(org.joda.time.DateTime)
Transactional(org.springframework.transaction.annotation.Transactional)
Example 10 with PasswordRecovery
use of org.motechproject.security.domain.PasswordRecovery in project motech by motech.
the class PasswordRecoveryServiceTest method shouldCreateRecoveryWithDefaultExpirationTimeForOpenIDIfNoneWasProvided.
@Test
public void shouldCreateRecoveryWithDefaultExpirationTimeForOpenIDIfNoneWasProvided() throws UserNotFoundException, NonAdminUserException {
final DateTime now = DateTime.now();
testCreateOpenIDRecoveryTemplate(now, EMAIL, null);
ArgumentCaptor<PasswordRecovery> captor = ArgumentCaptor.forClass(PasswordRecovery.class);
verify(passwordRecoveriesDataService).create(captor.capture());
PasswordRecovery createdRecovery = captor.getValue();
assertEquals(USERNAME, createdRecovery.getUsername());
assertEquals(EMAIL, createdRecovery.getEmail());
// 3 is the default set in PasswordRecoveryServiceImpl
assertEquals(now.plusHours(3), createdRecovery.getExpirationDate());
assertEquals(Locale.ENGLISH, createdRecovery.getLocale());
assertEquals(60, createdRecovery.getToken().length());
verify(emailSender).sendOneTimeToken(createdRecovery);
}
Also used :
PasswordRecovery(org.motechproject.security.domain.PasswordRecovery)
DateTime(org.joda.time.DateTime)
Test(org.junit.Test)
Aggregations
PasswordRecovery (org.motechproject.security.domain.PasswordRecovery)14
DateTime (org.joda.time.DateTime)8
Test (org.junit.Test)8
Transactional (org.springframework.transaction.annotation.Transactional)5
MotechUser (org.motechproject.security.domain.MotechUser)4
UserNotFoundException (org.motechproject.security.exception.UserNotFoundException)2
Range (org.motechproject.commons.api.Range)1
MotechSettings (org.motechproject.config.domain.MotechSettings)1
InvalidTokenException (org.motechproject.security.exception.InvalidTokenException)1
NonAdminUserException (org.motechproject.security.exception.NonAdminUserException)1
Authentication (org.springframework.security.core.Authentication)1
OpenIDAuthenticationToken (org.springframework.security.openid.OpenIDAuthenticationToken)1
