use of org.openmrs.api.APIAuthenticationException in project openmrs-core by openmrs.
the class UserContext method becomeUser.
/**
* Change current authentication to become another user. (You can only do this if you're already
* authenticated as a superuser.)
*
* @param systemId
* @return The new user that this context has been set to. (null means no change was made)
* @throws ContextAuthenticationException
*/
public User becomeUser(String systemId) throws ContextAuthenticationException {
if (!Context.getAuthenticatedUser().isSuperUser()) {
throw new APIAuthenticationException("You must be a superuser to assume another user's identity");
}
if (log.isDebugEnabled()) {
log.debug("Turning the authenticated user into user with systemId: " + systemId);
}
User userToBecome = Context.getUserService().getUserByUsername(systemId);
if (userToBecome == null) {
throw new ContextAuthenticationException("User not found with systemId: " + systemId);
}
// hydrate the user object
if (userToBecome.getAllRoles() != null) {
userToBecome.getAllRoles().size();
}
if (userToBecome.getUserProperties() != null) {
userToBecome.getUserProperties().size();
}
if (userToBecome.getPrivileges() != null) {
userToBecome.getPrivileges().size();
}
this.user = userToBecome;
// update the user's location
setUserLocation();
if (log.isDebugEnabled()) {
log.debug("Becoming user: " + user);
}
return userToBecome;
}
use of org.openmrs.api.APIAuthenticationException in project openmrs-core by openmrs.
the class InitializationFilter method doPost.
/**
* Called by {@link #doFilter(ServletRequest, ServletResponse, FilterChain)} on POST requests
*
* @param httpRequest
* @param httpResponse
*/
@Override
protected void doPost(HttpServletRequest httpRequest, HttpServletResponse httpResponse) throws IOException, ServletException {
String page = httpRequest.getParameter("page");
Map<String, Object> referenceMap = new HashMap<>();
// will be rendered
if (httpRequest.getSession().getAttribute(FilterUtil.LOCALE_ATTRIBUTE) != null) {
referenceMap.put(FilterUtil.LOCALE_ATTRIBUTE, httpRequest.getSession().getAttribute(FilterUtil.LOCALE_ATTRIBUTE));
}
// if any body has already started installation
if (isInstallationStarted()) {
referenceMap.put("isInstallationStarted", true);
httpResponse.setContentType("text/html");
renderTemplate(PROGRESS_VM, referenceMap, httpResponse);
return;
}
if (DEFAULT_PAGE.equals(page)) {
// get props and render the first page
File runtimeProperties = getRuntimePropertiesFile();
if (!runtimeProperties.exists()) {
try {
runtimeProperties.createNewFile();
// reset the error objects in case of refresh
wizardModel.canCreate = true;
wizardModel.cannotCreateErrorMessage = "";
} catch (IOException io) {
wizardModel.canCreate = false;
wizardModel.cannotCreateErrorMessage = io.getMessage();
}
// check this before deleting the file again
wizardModel.canWrite = runtimeProperties.canWrite();
// delete the file again after testing the create/write
// so that if the user stops the webapp before finishing
// this wizard, they can still get back into it
runtimeProperties.delete();
} else {
wizardModel.canWrite = runtimeProperties.canWrite();
wizardModel.databaseConnection = Context.getRuntimeProperties().getProperty("connection.url", wizardModel.databaseConnection);
wizardModel.currentDatabaseUsername = Context.getRuntimeProperties().getProperty("connection.username", wizardModel.currentDatabaseUsername);
wizardModel.currentDatabasePassword = Context.getRuntimeProperties().getProperty("connection.password", wizardModel.currentDatabasePassword);
}
wizardModel.runtimePropertiesPath = runtimeProperties.getAbsolutePath();
checkLocaleAttributes(httpRequest);
referenceMap.put(FilterUtil.LOCALE_ATTRIBUTE, httpRequest.getSession().getAttribute(FilterUtil.LOCALE_ATTRIBUTE));
log.info("Locale stored in session is " + httpRequest.getSession().getAttribute(FilterUtil.LOCALE_ATTRIBUTE));
httpResponse.setContentType("text/html");
// otherwise do step one of the wizard
renderTemplate(INSTALL_METHOD, referenceMap, httpResponse);
} else if (INSTALL_METHOD.equals(page)) {
if (goBack(httpRequest)) {
referenceMap.put(FilterUtil.REMEMBER_ATTRIBUTE, httpRequest.getSession().getAttribute(FilterUtil.REMEMBER_ATTRIBUTE) != null);
referenceMap.put(FilterUtil.LOCALE_ATTRIBUTE, httpRequest.getSession().getAttribute(FilterUtil.LOCALE_ATTRIBUTE));
renderTemplate(CHOOSE_LANG, referenceMap, httpResponse);
return;
}
wizardModel.installMethod = httpRequest.getParameter("install_method");
if (InitializationWizardModel.INSTALL_METHOD_SIMPLE.equals(wizardModel.installMethod)) {
page = SIMPLE_SETUP;
} else if (InitializationWizardModel.INSTALL_METHOD_TESTING.equals(wizardModel.installMethod)) {
page = TESTING_REMOTE_DETAILS_SETUP;
wizardModel.currentStepNumber = 1;
wizardModel.numberOfSteps = skipDatabaseSetupPage() ? 1 : 3;
} else {
page = DATABASE_SETUP;
wizardModel.currentStepNumber = 1;
wizardModel.numberOfSteps = 5;
}
renderTemplate(page, referenceMap, httpResponse);
} else // simple method
if (SIMPLE_SETUP.equals(page)) {
if (goBack(httpRequest)) {
renderTemplate(INSTALL_METHOD, referenceMap, httpResponse);
return;
}
wizardModel.databaseConnection = Context.getRuntimeProperties().getProperty("connection.url", wizardModel.databaseConnection);
wizardModel.createDatabaseUsername = Context.getRuntimeProperties().getProperty("connection.username", wizardModel.createDatabaseUsername);
wizardModel.createUserUsername = wizardModel.createDatabaseUsername;
wizardModel.databaseRootPassword = httpRequest.getParameter("database_root_password");
checkForEmptyValue(wizardModel.databaseRootPassword, errors, ErrorMessageConstants.ERROR_DB_PSDW_REQ);
wizardModel.hasCurrentOpenmrsDatabase = false;
wizardModel.createTables = true;
// default wizardModel.databaseName is openmrs
// default wizardModel.createDatabaseUsername is root
wizardModel.createDatabasePassword = wizardModel.databaseRootPassword;
wizardModel.addDemoData = "yes".equals(httpRequest.getParameter("add_demo_data"));
wizardModel.hasCurrentDatabaseUser = false;
wizardModel.createDatabaseUser = true;
// default wizardModel.createUserUsername is root
wizardModel.createUserPassword = wizardModel.databaseRootPassword;
wizardModel.moduleWebAdmin = true;
wizardModel.autoUpdateDatabase = false;
wizardModel.adminUserPassword = InitializationWizardModel.ADMIN_DEFAULT_PASSWORD;
createSimpleSetup(httpRequest.getParameter("database_root_password"), httpRequest.getParameter("add_demo_data"));
try {
loadedDriverString = DatabaseUtil.loadDatabaseDriver(wizardModel.databaseConnection, wizardModel.databaseDriver);
} catch (ClassNotFoundException e) {
errors.put(ErrorMessageConstants.ERROR_DB_DRIVER_CLASS_REQ, null);
renderTemplate(page, referenceMap, httpResponse);
return;
}
if (errors.isEmpty()) {
page = WIZARD_COMPLETE;
}
renderTemplate(page, referenceMap, httpResponse);
} else // step one
if (DATABASE_SETUP.equals(page)) {
if (goBack(httpRequest)) {
wizardModel.currentStepNumber -= 1;
if (InitializationWizardModel.INSTALL_METHOD_TESTING.equals(wizardModel.installMethod)) {
renderTemplate(TESTING_REMOTE_DETAILS_SETUP, referenceMap, httpResponse);
} else {
renderTemplate(INSTALL_METHOD, referenceMap, httpResponse);
}
return;
}
wizardModel.databaseConnection = httpRequest.getParameter("database_connection");
checkForEmptyValue(wizardModel.databaseConnection, errors, ErrorMessageConstants.ERROR_DB_CONN_REQ);
wizardModel.databaseDriver = httpRequest.getParameter("database_driver");
checkForEmptyValue(wizardModel.databaseConnection, errors, ErrorMessageConstants.ERROR_DB_DRIVER_REQ);
loadedDriverString = loadDriver(wizardModel.databaseConnection, wizardModel.databaseDriver);
if (!StringUtils.hasText(loadedDriverString)) {
errors.put(ErrorMessageConstants.ERROR_DB_DRIVER_CLASS_REQ, null);
renderTemplate(page, referenceMap, httpResponse);
return;
}
if ("yes".equals(httpRequest.getParameter("current_openmrs_database"))) {
wizardModel.databaseName = httpRequest.getParameter("openmrs_current_database_name");
checkForEmptyValue(wizardModel.databaseName, errors, ErrorMessageConstants.ERROR_DB_CURR_NAME_REQ);
wizardModel.hasCurrentOpenmrsDatabase = true;
// TODO check to see if this is an active database
} else {
// mark this wizard as a "to create database" (done at the end)
wizardModel.hasCurrentOpenmrsDatabase = false;
wizardModel.createTables = true;
wizardModel.databaseName = httpRequest.getParameter("openmrs_new_database_name");
checkForEmptyValue(wizardModel.databaseName, errors, ErrorMessageConstants.ERROR_DB_NEW_NAME_REQ);
// TODO create database now to check if its possible?
wizardModel.createDatabaseUsername = httpRequest.getParameter("create_database_username");
checkForEmptyValue(wizardModel.createDatabaseUsername, errors, ErrorMessageConstants.ERROR_DB_USER_NAME_REQ);
wizardModel.createDatabasePassword = httpRequest.getParameter("create_database_password");
checkForEmptyValue(wizardModel.createDatabasePassword, errors, ErrorMessageConstants.ERROR_DB_USER_PSWD_REQ);
}
if (errors.isEmpty()) {
page = DATABASE_TABLES_AND_USER;
if (InitializationWizardModel.INSTALL_METHOD_TESTING.equals(wizardModel.installMethod)) {
wizardModel.currentStepNumber = 3;
} else {
wizardModel.currentStepNumber = 2;
}
}
renderTemplate(page, referenceMap, httpResponse);
} else // step two
if (DATABASE_TABLES_AND_USER.equals(page)) {
if (goBack(httpRequest)) {
wizardModel.currentStepNumber -= 1;
renderTemplate(DATABASE_SETUP, referenceMap, httpResponse);
return;
}
if (wizardModel.hasCurrentOpenmrsDatabase) {
wizardModel.createTables = "yes".equals(httpRequest.getParameter("create_tables"));
}
wizardModel.addDemoData = "yes".equals(httpRequest.getParameter("add_demo_data"));
if ("yes".equals(httpRequest.getParameter("current_database_user"))) {
wizardModel.currentDatabaseUsername = httpRequest.getParameter("current_database_username");
checkForEmptyValue(wizardModel.currentDatabaseUsername, errors, ErrorMessageConstants.ERROR_DB_CUR_USER_NAME_REQ);
wizardModel.currentDatabasePassword = httpRequest.getParameter("current_database_password");
checkForEmptyValue(wizardModel.currentDatabasePassword, errors, ErrorMessageConstants.ERROR_DB_CUR_USER_PSWD_REQ);
wizardModel.hasCurrentDatabaseUser = true;
wizardModel.createDatabaseUser = false;
} else {
wizardModel.hasCurrentDatabaseUser = false;
wizardModel.createDatabaseUser = true;
// asked for the root mysql username/password
wizardModel.createUserUsername = httpRequest.getParameter("create_user_username");
checkForEmptyValue(wizardModel.createUserUsername, errors, ErrorMessageConstants.ERROR_DB_USER_NAME_REQ);
wizardModel.createUserPassword = httpRequest.getParameter("create_user_password");
checkForEmptyValue(wizardModel.createUserPassword, errors, ErrorMessageConstants.ERROR_DB_USER_PSWD_REQ);
}
if (errors.isEmpty()) {
// go to next page
page = InitializationWizardModel.INSTALL_METHOD_TESTING.equals(wizardModel.installMethod) ? WIZARD_COMPLETE : OTHER_RUNTIME_PROPS;
}
renderTemplate(page, referenceMap, httpResponse);
} else // step three
if (OTHER_RUNTIME_PROPS.equals(page)) {
if (goBack(httpRequest)) {
renderTemplate(DATABASE_TABLES_AND_USER, referenceMap, httpResponse);
return;
}
wizardModel.moduleWebAdmin = "yes".equals(httpRequest.getParameter("module_web_admin"));
wizardModel.autoUpdateDatabase = "yes".equals(httpRequest.getParameter("auto_update_database"));
if (wizardModel.createTables) {
// go to next page if they are creating tables
page = ADMIN_USER_SETUP;
} else {
// skip a page
page = IMPLEMENTATION_ID_SETUP;
}
renderTemplate(page, referenceMap, httpResponse);
} else // optional step four
if (ADMIN_USER_SETUP.equals(page)) {
if (goBack(httpRequest)) {
renderTemplate(OTHER_RUNTIME_PROPS, referenceMap, httpResponse);
return;
}
wizardModel.adminUserPassword = httpRequest.getParameter("new_admin_password");
String adminUserConfirm = httpRequest.getParameter("new_admin_password_confirm");
// throw back to admin user if passwords don't match
if (!wizardModel.adminUserPassword.equals(adminUserConfirm)) {
errors.put(ErrorMessageConstants.ERROR_DB_ADM_PSWDS_MATCH, null);
renderTemplate(ADMIN_USER_SETUP, referenceMap, httpResponse);
return;
}
// throw back if the user didn't put in a password
if ("".equals(wizardModel.adminUserPassword)) {
errors.put(ErrorMessageConstants.ERROR_DB_ADM_PSDW_EMPTY, null);
renderTemplate(ADMIN_USER_SETUP, referenceMap, httpResponse);
return;
}
try {
OpenmrsUtil.validatePassword("admin", wizardModel.adminUserPassword, "admin");
} catch (PasswordException p) {
errors.put(ErrorMessageConstants.ERROR_DB_ADM_PSDW_WEAK, null);
renderTemplate(ADMIN_USER_SETUP, referenceMap, httpResponse);
return;
}
if (errors.isEmpty()) {
// go to next page
page = IMPLEMENTATION_ID_SETUP;
}
renderTemplate(page, referenceMap, httpResponse);
} else // optional step five
if (IMPLEMENTATION_ID_SETUP.equals(page)) {
if (goBack(httpRequest)) {
if (wizardModel.createTables) {
renderTemplate(ADMIN_USER_SETUP, referenceMap, httpResponse);
} else {
renderTemplate(OTHER_RUNTIME_PROPS, referenceMap, httpResponse);
}
return;
}
wizardModel.implementationIdName = httpRequest.getParameter("implementation_name");
wizardModel.implementationId = httpRequest.getParameter("implementation_id");
wizardModel.implementationIdPassPhrase = httpRequest.getParameter("pass_phrase");
wizardModel.implementationIdDescription = httpRequest.getParameter("description");
// throw back if the user-specified ID is invalid (contains ^ or |).
if (wizardModel.implementationId.indexOf('^') != -1 || wizardModel.implementationId.indexOf('|') != -1) {
errors.put(ErrorMessageConstants.ERROR_DB_IMPL_ID_REQ, null);
renderTemplate(IMPLEMENTATION_ID_SETUP, referenceMap, httpResponse);
return;
}
if (errors.isEmpty()) {
// go to next page
page = WIZARD_COMPLETE;
}
renderTemplate(page, referenceMap, httpResponse);
} else if (WIZARD_COMPLETE.equals(page)) {
if (goBack(httpRequest)) {
if (InitializationWizardModel.INSTALL_METHOD_SIMPLE.equals(wizardModel.installMethod)) {
page = SIMPLE_SETUP;
} else if (InitializationWizardModel.INSTALL_METHOD_TESTING.equals(wizardModel.installMethod)) {
if (skipDatabaseSetupPage()) {
page = TESTING_REMOTE_DETAILS_SETUP;
} else {
page = DATABASE_TABLES_AND_USER;
}
} else {
page = IMPLEMENTATION_ID_SETUP;
}
renderTemplate(page, referenceMap, httpResponse);
return;
}
wizardModel.tasksToExecute = new ArrayList<>();
createDatabaseTask();
if (InitializationWizardModel.INSTALL_METHOD_TESTING.equals(wizardModel.installMethod)) {
wizardModel.importTestData = true;
wizardModel.createTables = false;
wizardModel.addDemoData = false;
// if we have a runtime properties file
if (skipDatabaseSetupPage()) {
wizardModel.hasCurrentOpenmrsDatabase = false;
wizardModel.hasCurrentDatabaseUser = true;
wizardModel.createDatabaseUser = false;
Properties props = OpenmrsUtil.getRuntimeProperties(WebConstants.WEBAPP_NAME);
wizardModel.currentDatabaseUsername = props.getProperty("connection.username");
wizardModel.currentDatabasePassword = props.getProperty("connection.password");
wizardModel.createDatabaseUsername = wizardModel.currentDatabaseUsername;
wizardModel.createDatabasePassword = wizardModel.currentDatabasePassword;
}
wizardModel.tasksToExecute.add(WizardTask.IMPORT_TEST_DATA);
wizardModel.tasksToExecute.add(WizardTask.ADD_MODULES);
} else {
createTablesTask();
createDemoDataTask();
}
wizardModel.tasksToExecute.add(WizardTask.UPDATE_TO_LATEST);
referenceMap.put("tasksToExecute", wizardModel.tasksToExecute);
startInstallation();
renderTemplate(PROGRESS_VM, referenceMap, httpResponse);
} else if (TESTING_REMOTE_DETAILS_SETUP.equals(page)) {
if (goBack(httpRequest)) {
wizardModel.currentStepNumber -= 1;
renderTemplate(INSTALL_METHOD, referenceMap, httpResponse);
return;
}
wizardModel.remoteUrl = httpRequest.getParameter("remoteUrl");
checkForEmptyValue(wizardModel.remoteUrl, errors, "install.testing.remote.url.required");
if (errors.isEmpty()) {
// Check if the remote system is running
if (TestInstallUtil.testConnection(wizardModel.remoteUrl)) {
// Check if the test module is installed by connecting to its setting page
if (TestInstallUtil.testConnection(wizardModel.remoteUrl.concat(RELEASE_TESTING_MODULE_PATH + "settings.htm"))) {
wizardModel.remoteUsername = httpRequest.getParameter("username");
wizardModel.remotePassword = httpRequest.getParameter("password");
checkForEmptyValue(wizardModel.remoteUsername, errors, "install.testing.username.required");
checkForEmptyValue(wizardModel.remotePassword, errors, "install.testing.password.required");
if (errors.isEmpty()) {
// check if the username and password are valid
try {
TestInstallUtil.getResourceInputStream(wizardModel.remoteUrl + RELEASE_TESTING_MODULE_PATH + "verifycredentials.htm", wizardModel.remoteUsername, wizardModel.remotePassword);
} catch (APIAuthenticationException e) {
if (log.isDebugEnabled()) {
log.debug("Error generated: ", e);
}
page = TESTING_REMOTE_DETAILS_SETUP;
errors.put(ErrorMessageConstants.UPDATE_ERROR_UNABLE_AUTHENTICATE, null);
renderTemplate(page, referenceMap, httpResponse);
return;
}
// If we have a runtime properties file, get the database setup details from it
if (skipDatabaseSetupPage()) {
Properties props = OpenmrsUtil.getRuntimeProperties(WebConstants.WEBAPP_NAME);
wizardModel.databaseConnection = props.getProperty("connection.url");
loadedDriverString = loadDriver(wizardModel.databaseConnection, wizardModel.databaseDriver);
if (!StringUtils.hasText(loadedDriverString)) {
page = TESTING_REMOTE_DETAILS_SETUP;
errors.put(ErrorMessageConstants.ERROR_DB_DRIVER_CLASS_REQ, null);
renderTemplate(page, referenceMap, httpResponse);
return;
}
wizardModel.databaseName = InitializationWizardModel.DEFAULT_DATABASE_NAME;
page = WIZARD_COMPLETE;
} else {
page = DATABASE_SETUP;
wizardModel.currentStepNumber = 2;
}
msgs.put("install.testing.testingModuleFound", null);
} else {
renderTemplate(page, referenceMap, httpResponse);
return;
}
} else {
errors.put("install.testing.noTestingModule", null);
}
} else {
errors.put("install.testing.invalidProductionUrl", new Object[] { wizardModel.remoteUrl });
}
}
renderTemplate(page, referenceMap, httpResponse);
}
}
use of org.openmrs.api.APIAuthenticationException in project openmrs-core by openmrs.
the class TestInstallUtil method getResourceInputStream.
/**
* @param url
* @param openmrsUsername
* @param openmrsPassword
* @return input stream
* @throws MalformedURLException
* @throws IOException
*/
protected static InputStream getResourceInputStream(String url, String openmrsUsername, String openmrsPassword) throws MalformedURLException, IOException, APIException {
HttpURLConnection connection = createConnection(url);
OutputStreamWriter out = new OutputStreamWriter(connection.getOutputStream(), StandardCharsets.UTF_8);
out.write(encodeCredentials(openmrsUsername, openmrsPassword));
out.flush();
out.close();
log.info("Http response message: {}, Code: {}", connection.getResponseMessage(), connection.getResponseCode());
if (connection.getResponseCode() == HttpURLConnection.HTTP_UNAUTHORIZED) {
throw new APIAuthenticationException("Invalid username or password");
} else if (connection.getResponseCode() == HttpURLConnection.HTTP_INTERNAL_ERROR) {
throw new APIException("error.occurred.on.remote.server", (Object[]) null);
}
return connection.getInputStream();
}
Aggregations