Search in sources :

Example 1 with PasswordData

use of org.passay.PasswordData in project dataverse by IQSS.

the class PasswordValidatorServiceBean method validate.

/**
 * validate
 * <p>
 * Validates the password properties and its modification date and determine if their valid.
 *
 * @param passwordModificationTime The time the password was set or changed.
 * @param password                 The password to check
 * @param isHumanReadable          The expression of the error messages. True if the audience is human.
 * @return A List with error messages. Empty when the password is valid.
 */
public List<String> validate(String password, Date passwordModificationTime, boolean isHumanReadable) {
    // public List<String> validate(String password, boolean isHumanReadable) {
    init();
    final PasswordData passwordData = PasswordData.newInstance(password, String.valueOf(passwordModificationTime.getTime()), null);
    // final PasswordData passwordData = PasswordData.newInstance(password, "username", null);
    final RuleResult result = new RuleResult();
    for (PasswordValidator currentUser : validators.values()) {
        logger.fine("characterRules.size(): " + characterRules.size());
        logger.fine("numberOfCharacteristics: " + numberOfCharacteristics);
        RuleResult r = currentUser.validate(passwordData);
        if (r.isValid())
            return Collections.emptyList();
        result.getDetails().addAll(r.getDetails());
    }
    if (isHumanReadable) {
        return validators.get(ValidatorTypes.StandardValidator).getMessages(result);
    } else {
        return result.getDetails().stream().map(RuleResultDetail::getErrorCode).collect(Collectors.toList());
    }
}
Also used : PasswordData(org.passay.PasswordData) PasswordValidator(org.passay.PasswordValidator) RuleResult(org.passay.RuleResult)

Example 2 with PasswordData

use of org.passay.PasswordData in project cia by Hack23.

the class RegisterUserService method processService.

@Override
@Secured({ "ROLE_ANONYMOUS" })
public RegisterUserResponse processService(final RegisterUserRequest serviceRequest) {
    final RegisterUserResponse inputValidation = inputValidation(serviceRequest);
    if (inputValidation != null) {
        return inputValidation;
    }
    final CreateApplicationEventRequest eventRequest = createApplicationEventForService(serviceRequest);
    RegisterUserResponse response;
    final ApplicationConfiguration registeredUsersGetAdminConfig = applicationConfigurationService.checkValueOrLoadDefault("Registered User All get Role Admin", "Registered User All get Role Admin", ConfigurationGroup.AUTHORIZATION, RegisterUserService.class.getSimpleName(), "Register User Service", "Responsible for create of useraccounts", "registered.users.get.admin", "true");
    final UserAccount userNameExist = userDAO.findFirstByProperty(UserAccount_.username, serviceRequest.getUsername());
    final UserAccount userEmailExist = userDAO.findFirstByProperty(UserAccount_.email, serviceRequest.getEmail());
    final RuleResult passwordRuleResults = passwordValidator.validate(new PasswordData(serviceRequest.getUserpassword()));
    if (userEmailExist == null && userNameExist == null && passwordRuleResults.isValid()) {
        final UserAccount userAccount = new UserAccount();
        userAccount.setCountry(serviceRequest.getCountry());
        userAccount.setEmail(serviceRequest.getEmail());
        userAccount.setUsername(serviceRequest.getUsername());
        userAccount.setUserId(UUID.randomUUID().toString());
        userAccount.setUserpassword(passwordEncoder.encode(userAccount.getUserId() + ".uuid" + serviceRequest.getUserpassword()));
        userAccount.setNumberOfVisits(1);
        if (serviceRequest.getUserType() == null) {
            userAccount.setUserType(UserType.PRIVATE);
        } else {
            userAccount.setUserType(serviceRequest.getUserType());
        }
        userAccount.setUserEmailStatus(UserEmailStatus.UNKNOWN);
        userAccount.setUserLockStatus(UserLockStatus.UNLOCKED);
        userAccount.setCreatedDate(new Date());
        userDAO.persist(userAccount);
        if ("true".equals(registeredUsersGetAdminConfig.getPropertyValue())) {
            userAccount.setUserRole(UserRole.ADMIN);
        } else {
            userAccount.setUserRole(UserRole.USER);
        }
        final Collection<SimpleGrantedAuthority> authorities = new ArrayList<>();
        if (UserRole.ADMIN == userAccount.getUserRole()) {
            authorities.add(new SimpleGrantedAuthority("ROLE_ADMIN"));
        } else if (UserRole.USER == userAccount.getUserRole()) {
            authorities.add(new SimpleGrantedAuthority("ROLE_USER"));
        }
        SecurityContextHolder.getContext().setAuthentication(new UsernamePasswordAuthenticationToken(userAccount, userAccount.getUserpassword(), authorities));
        eventRequest.setUserId(userAccount.getUserId());
        response = new RegisterUserResponse(ServiceResult.SUCCESS);
    } else {
        response = new RegisterUserResponse(ServiceResult.FAILURE);
        if (passwordRuleResults.isValid()) {
            response.setErrorMessage(RegisterUserResponse.ErrorMessage.USER_ALREADY_EXIST.toString());
            eventRequest.setErrorMessage(RegisterUserResponse.ErrorMessage.USER_ALREADY_EXIST.toString());
        } else {
            final String errorMessage = passwordValidator.getMessages(passwordRuleResults).toString();
            response.setErrorMessage(errorMessage);
            eventRequest.setErrorMessage(errorMessage);
        }
    }
    eventRequest.setApplicationMessage(response.getResult().toString());
    createApplicationEventService.processService(eventRequest);
    LOGGER.info("Event: {}", eventRequest);
    return response;
}
Also used : ArrayList(java.util.ArrayList) RuleResult(org.passay.RuleResult) UsernamePasswordAuthenticationToken(org.springframework.security.authentication.UsernamePasswordAuthenticationToken) Date(java.util.Date) SimpleGrantedAuthority(org.springframework.security.core.authority.SimpleGrantedAuthority) PasswordData(org.passay.PasswordData) RegisterUserResponse(com.hack23.cia.service.api.action.application.RegisterUserResponse) CreateApplicationEventRequest(com.hack23.cia.service.api.action.application.CreateApplicationEventRequest) ApplicationConfiguration(com.hack23.cia.model.internal.application.system.impl.ApplicationConfiguration) UserAccount(com.hack23.cia.model.internal.application.user.impl.UserAccount) Secured(org.springframework.security.access.annotation.Secured)

Aggregations

PasswordData (org.passay.PasswordData)2 RuleResult (org.passay.RuleResult)2 ApplicationConfiguration (com.hack23.cia.model.internal.application.system.impl.ApplicationConfiguration)1 UserAccount (com.hack23.cia.model.internal.application.user.impl.UserAccount)1 CreateApplicationEventRequest (com.hack23.cia.service.api.action.application.CreateApplicationEventRequest)1 RegisterUserResponse (com.hack23.cia.service.api.action.application.RegisterUserResponse)1 ArrayList (java.util.ArrayList)1 Date (java.util.Date)1 PasswordValidator (org.passay.PasswordValidator)1 Secured (org.springframework.security.access.annotation.Secured)1 UsernamePasswordAuthenticationToken (org.springframework.security.authentication.UsernamePasswordAuthenticationToken)1 SimpleGrantedAuthority (org.springframework.security.core.authority.SimpleGrantedAuthority)1