Search in sources :

Example 1 with UserEntity

use of org.platformlayer.auth.UserEntity in project platformlayer by platformlayer.

the class RegisterResource method register.

private RegistrationResponse register(RegistrationRequest request) {
    RegistrationResponse response = new RegistrationResponse();
    String username = request.username;
    String password = request.password;
    UserEntity userEntity;
    try {
        OpsUser user = registrationService.registerUser(username, password);
        userEntity = (UserEntity) user;
    } catch (CustomerFacingException e) {
        response.errorMessage = e.getMessage();
        return response;
    }
    if (userEntity == null) {
        log.warn("Authentication request failed immediately after registration.  Username=" + username);
        throw new IllegalStateException();
    }
    response.access = tokenHelpers.buildAccess(userEntity);
    return response;
}
Also used : CustomerFacingException(org.platformlayer.CustomerFacingException) OpsUser(org.platformlayer.auth.OpsUser) RegistrationResponse(org.platformlayer.auth.model.RegistrationResponse) UserEntity(org.platformlayer.auth.UserEntity)

Example 2 with UserEntity

use of org.platformlayer.auth.UserEntity in project platformlayer by platformlayer.

the class JoinProject method runCommand.

@Override
public Object runCommand() throws RepositoryException, IOException {
    UserDatabase userRepository = getContext().getUserRepository();
    UserEntity me = getContext().loginDirect();
    ProjectEntity project = userRepository.findProjectByKey(projectKey.getKey());
    if (project == null) {
        throw new CliException("Project not found: " + projectKey.getKey());
    }
    SecretStore secretStore = new SecretStore(project.secretData);
    CryptoKey projectSecret = secretStore.getSecretFromUser(me);
    if (projectSecret == null) {
        String msg = "Cannot retrieve project secret.";
        msg += " Is " + me.key + " a member of " + project.getName() + "?";
        throw new CliException(msg);
    }
    if (Strings.isNullOrEmpty(roleKey)) {
        throw new CliException("Role is required");
    }
    RoleId role = new RoleId(roleKey);
    userRepository.addUserToProject(username.getKey(), project.getName(), projectSecret, Collections.singletonList(role));
    return project;
}
Also used : CliException(com.fathomdb.cli.CliException) ProjectEntity(org.platformlayer.auth.ProjectEntity) UserDatabase(org.platformlayer.auth.UserDatabase) CryptoKey(com.fathomdb.crypto.CryptoKey) SecretStore(org.platformlayer.auth.crypto.SecretStore) RoleId(org.platformlayer.model.RoleId) UserEntity(org.platformlayer.auth.UserEntity)

Example 3 with UserEntity

use of org.platformlayer.auth.UserEntity in project platformlayer by platformlayer.

the class KeychainResource method authorizeCertificateChain.

@POST
public ValidateTokenResponse authorizeCertificateChain(@QueryParam("project") String project, CertificateChainInfo chain) {
    try {
        requireSystemAccess();
    } catch (AuthenticatorException e) {
        log.warn("Error while checking system token", e);
        throwInternalError();
    }
    UserEntity userEntity = null;
    try {
        boolean unlock = false;
        userEntity = userAuthenticator.findUserFromKeychain(chain, unlock);
    } catch (AuthenticatorException e) {
        log.warn("Error while fetching user", e);
        throwInternalError();
    }
    if (userEntity == null) {
        throw404NotFound();
    }
    ValidateTokenResponse response = new ValidateTokenResponse();
    response.access = new ValidateAccess();
    response.access.user = Mapping.mapToUserValidation(userEntity);
    // response.access.token = new Token();
    // response.access.token.expires = checkTokenInfo.expiration;
    // response.access.token.id = checkToken;
    String checkProject = project;
    if (checkProject != null) {
        ProjectEntity projectEntity = null;
        try {
            projectEntity = userAuthenticator.findProject(checkProject);
        } catch (AuthenticatorException e) {
            log.warn("Error while fetching project", e);
            throwInternalError();
        }
        if (projectEntity == null) {
            throw404NotFound();
        }
        // Note that we do not unlock the user / project; we don't have any secret material
        // TODO: We could return stuff encrypted with the user's public key
        // projectEntity.unlockWithUser(userEntity);
        //
        // if (!projectEntity.isSecretValid()) {
        // throw404NotFound();
        // }
        UserProjectEntity userProject = null;
        try {
            userProject = userAuthenticator.findUserProject(userEntity, projectEntity);
        } catch (AuthenticatorException e) {
            log.warn("Error while fetching project", e);
            throwInternalError();
        }
        if (userProject == null) {
            // Not a member of project
            throw404NotFound();
        }
        response.access.project = Mapping.mapToProject(projectEntity);
        response.access.project.roles = Mapping.mapToRoles(userProject.getRoles());
    }
    return response;
}
Also used : ValidateTokenResponse(org.platformlayer.auth.model.ValidateTokenResponse) ValidateAccess(org.platformlayer.auth.model.ValidateAccess) UserProjectEntity(org.platformlayer.auth.UserProjectEntity) ProjectEntity(org.platformlayer.auth.ProjectEntity) AuthenticatorException(org.platformlayer.auth.AuthenticatorException) UserProjectEntity(org.platformlayer.auth.UserProjectEntity) UserEntity(org.platformlayer.auth.UserEntity) POST(javax.ws.rs.POST)

Example 4 with UserEntity

use of org.platformlayer.auth.UserEntity in project platformlayer by platformlayer.

the class KeystoneRepositoryAuthenticator method findUserFromKeychain.

@Override
public UserEntity findUserFromKeychain(CertificateChainInfo chain, boolean unlock) throws AuthenticatorException {
    if (chain.certificates == null || chain.certificates.isEmpty()) {
        return null;
    }
    for (int i = 0; i < chain.certificates.size(); i++) {
        String publicKeyHash = chain.certificates.get(i).publicKeyHash;
        if (Strings.isNullOrEmpty(publicKeyHash)) {
            continue;
        }
        log.debug("Checking publicKeyHash: " + publicKeyHash);
        byte[] hash = Hex.fromHex(publicKeyHash);
        UserEntity user;
        try {
            user = repository.findUserByPublicKey(hash);
        } catch (RepositoryException e) {
            throw new AuthenticatorException("Error while authenticating user", e);
        }
        if (user != null) {
            return user;
        }
    }
    return null;
}
Also used : AuthenticatorException(org.platformlayer.auth.AuthenticatorException) RepositoryException(org.platformlayer.RepositoryException) UserEntity(org.platformlayer.auth.UserEntity)

Example 5 with UserEntity

use of org.platformlayer.auth.UserEntity in project platformlayer by platformlayer.

the class LoginService method authenticate.

public AuthenticateResponse authenticate(HttpServletRequest httpRequest, AuthenticateRequest request) {
    AuthenticateResponse response = new AuthenticateResponse();
    String username = null;
    UserEntity user = null;
    if (request.auth.passwordCredentials != null) {
        username = request.auth.passwordCredentials.username;
        String password = request.auth.passwordCredentials.password;
        try {
            user = userAuthenticator.authenticate(username, password);
        } catch (AuthenticatorException e) {
            // An exception indicates something went wrong (i.e. not just
            // bad credentials)
            log.warn("Error while getting user info", e);
            throw new IllegalStateException("Error while getting user info", e);
        }
    } else if (request.auth.certificateCredentials != null) {
        username = request.auth.certificateCredentials.username;
        X509Certificate[] certificateChain = HttpUtils.getCertificateChain(httpRequest);
        if (certificateChain == null) {
            return null;
        }
        byte[] challengeResponse = request.auth.certificateCredentials.challengeResponse;
        CertificateAuthenticationRequest details = new CertificateAuthenticationRequest();
        details.certificateChain = certificateChain;
        details.username = username;
        // details.projectKey = projectKey;
        details.challengeResponse = challengeResponse;
        CertificateAuthenticationResponse result = null;
        try {
            result = userAuthenticator.authenticate(details);
        } catch (AuthenticatorException e) {
            log.warn("Error while authenticating by certificate", e);
            throw new IllegalStateException("Error while authenticating by certificate", e);
        }
        if (result == null) {
            return null;
        }
        if (challengeResponse != null) {
            if (result.user == null) {
                return null;
            }
            user = (UserEntity) result.user;
        } else {
            log.debug("Returning authentication challenge for user: " + username);
            response.challenge = result.challenge;
            return response;
        }
    } else {
        return null;
    }
    if (user == null) {
        log.debug("Authentication request failed.  Username=" + username);
        return null;
    }
    log.debug("Successful authentication for user: " + user.key);
    response.access = tokenHelpers.buildAccess(user);
    return response;
}
Also used : AuthenticateResponse(org.platformlayer.auth.model.AuthenticateResponse) CertificateAuthenticationResponse(org.platformlayer.auth.CertificateAuthenticationResponse) CertificateAuthenticationRequest(org.platformlayer.auth.CertificateAuthenticationRequest) AuthenticatorException(org.platformlayer.auth.AuthenticatorException) UserEntity(org.platformlayer.auth.UserEntity)

Aggregations

UserEntity (org.platformlayer.auth.UserEntity)10 AuthenticatorException (org.platformlayer.auth.AuthenticatorException)5 ProjectEntity (org.platformlayer.auth.ProjectEntity)4 UserDatabase (org.platformlayer.auth.UserDatabase)3 CliException (com.fathomdb.cli.CliException)2 CryptoKey (com.fathomdb.crypto.CryptoKey)2 RepositoryException (org.platformlayer.RepositoryException)2 UserProjectEntity (org.platformlayer.auth.UserProjectEntity)2 ValidateAccess (org.platformlayer.auth.model.ValidateAccess)2 ValidateTokenResponse (org.platformlayer.auth.model.ValidateTokenResponse)2 GET (javax.ws.rs.GET)1 POST (javax.ws.rs.POST)1 Path (javax.ws.rs.Path)1 CustomerFacingException (org.platformlayer.CustomerFacingException)1 CertificateAuthenticationRequest (org.platformlayer.auth.CertificateAuthenticationRequest)1 CertificateAuthenticationResponse (org.platformlayer.auth.CertificateAuthenticationResponse)1 OpsUser (org.platformlayer.auth.OpsUser)1 SecretStore (org.platformlayer.auth.crypto.SecretStore)1 AuthenticateResponse (org.platformlayer.auth.model.AuthenticateResponse)1 RegistrationResponse (org.platformlayer.auth.model.RegistrationResponse)1