Search in sources :

Example 1 with PasswordAlgorithm

use of org.sagebionetworks.bridge.models.accounts.PasswordAlgorithm in project BridgeServer2 by Sage-Bionetworks.

the class ParticipantService method createParticipant.

/**
 * Create a study participant. A password must be provided, even if it is added on behalf of a user before
 * triggering a reset password request.
 */
public IdentifierHolder createParticipant(App app, StudyParticipant participant, boolean shouldSendVerification) {
    checkNotNull(app);
    checkNotNull(participant);
    if (app.getAccountLimit() > 0) {
        throwExceptionIfLimitMetOrExceeded(app);
    }
    StudyParticipantValidator validator = new StudyParticipantValidator(studyService, organizationService, app, true);
    Validate.entityThrowingException(validator, participant);
    // Set basic params from inputs.
    Account account = getAccount();
    account.setId(generateGUID());
    account.setAppId(app.getIdentifier());
    account.setEmail(participant.getEmail());
    account.setPhone(participant.getPhone());
    account.setEmailVerified(FALSE);
    account.setPhoneVerified(FALSE);
    account.setHealthCode(generateGUID());
    account.setStatus(UNVERIFIED);
    // Otherwise this field is ignored on create.
    if (CAN_EDIT_MEMBERS.check(ORG_ID, participant.getOrgMembership())) {
        account.setOrgMembership(participant.getOrgMembership());
    }
    // Hash password if it has been supplied.
    if (participant.getPassword() != null) {
        try {
            PasswordAlgorithm passwordAlgorithm = DEFAULT_PASSWORD_ALGORITHM;
            String passwordHash = passwordAlgorithm.generateHash(participant.getPassword());
            account.setPasswordAlgorithm(passwordAlgorithm);
            account.setPasswordHash(passwordHash);
        } catch (InvalidKeyException | InvalidKeySpecException | NoSuchAlgorithmException ex) {
            throw new BridgeServiceException("Error creating password: " + ex.getMessage(), ex);
        }
    }
    updateAccountAndRoles(app, account, participant, true);
    // enabled unless we need any kind of verification
    boolean sendEmailVerification = shouldSendVerification && app.isEmailVerificationEnabled();
    if (participant.getEmail() != null && !sendEmailVerification) {
        // not verifying, so consider it verified
        account.setEmailVerified(true);
    }
    if (participant.getPhone() != null && !shouldSendVerification) {
        // not verifying, so consider it verified
        account.setPhoneVerified(true);
    }
    account.setSynapseUserId(participant.getSynapseUserId());
    // not save if the account is inaccessible after construction.
    if (BridgeUtils.hasValidIdentifier(account)) {
        accountService.createAccount(app, account);
    }
    // send verify email
    if (sendEmailVerification && !app.isAutoVerificationEmailSuppressed()) {
        accountWorkflowService.sendEmailVerificationToken(app, account.getId(), account.getEmail());
    }
    // If you create an account with a phone number, this opts the phone number in to receiving SMS. We do this
    // _before_ phone verification / sign-in, because we need to opt the user in to SMS in order to send phone
    // verification / sign-in.
    Phone phone = account.getPhone();
    if (phone != null) {
        // Note that there is no object with both accountId and phone, so we need to pass them in separately.
        smsService.optInPhoneNumber(account.getId(), phone);
    }
    // send verify phone number
    if (shouldSendVerification && !app.isAutoVerificationPhoneSuppressed()) {
        accountWorkflowService.sendPhoneVerificationToken(app, account.getId(), phone);
    }
    return new IdentifierHolder(account.getId());
}
Also used : Account(org.sagebionetworks.bridge.models.accounts.Account) IdentifierHolder(org.sagebionetworks.bridge.models.accounts.IdentifierHolder) PasswordAlgorithm(org.sagebionetworks.bridge.models.accounts.PasswordAlgorithm) Phone(org.sagebionetworks.bridge.models.accounts.Phone) BridgeServiceException(org.sagebionetworks.bridge.exceptions.BridgeServiceException) StudyParticipantValidator(org.sagebionetworks.bridge.validators.StudyParticipantValidator) InvalidKeySpecException(java.security.spec.InvalidKeySpecException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) InvalidKeyException(java.security.InvalidKeyException)

Example 2 with PasswordAlgorithm

use of org.sagebionetworks.bridge.models.accounts.PasswordAlgorithm in project BridgeServer2 by Sage-Bionetworks.

the class HibernateAccountSecretDaoTest method verifySecretExceptionIsSuppressed.

@Test
public void verifySecretExceptionIsSuppressed() throws Exception {
    PasswordAlgorithm algorithm = Mockito.mock(PasswordAlgorithm.class);
    HibernateAccountSecret secret = Mockito.mock(HibernateAccountSecret.class);
    when(secret.getAlgorithm()).thenReturn(algorithm);
    when(algorithm.checkHash(any(), any())).thenThrow(new InvalidKeyException());
    when(helper.queryGet(eq(HibernateAccountSecretDao.GET_QUERY), any(), eq(0), eq(ROTATIONS), eq(HibernateAccountSecret.class))).thenReturn(ImmutableList.of(secret));
    assertFalse(dao.verifySecret(AccountSecretType.REAUTH, ACCOUNT_ID, TOKEN, ROTATIONS).isPresent());
}
Also used : PasswordAlgorithm(org.sagebionetworks.bridge.models.accounts.PasswordAlgorithm) InvalidKeyException(java.security.InvalidKeyException) Test(org.testng.annotations.Test)

Example 3 with PasswordAlgorithm

use of org.sagebionetworks.bridge.models.accounts.PasswordAlgorithm in project BridgeServer2 by Sage-Bionetworks.

the class AccountService method changePassword.

/**
 * Call to change a password, possibly verifying the channel used to reset the password. The channel
 * type (which is optional, and can be null) is the channel that has been verified through the act
 * of successfully resetting the password (sometimes there is no channel that is verified).
 */
public void changePassword(Account account, ChannelType channelType, String newPassword) {
    checkNotNull(account);
    PasswordAlgorithm passwordAlgorithm = DEFAULT_PASSWORD_ALGORITHM;
    String passwordHash = hashCredential(passwordAlgorithm, "password", newPassword);
    // Update
    DateTime modifiedOn = DateUtils.getCurrentDateTime();
    account.setModifiedOn(modifiedOn);
    account.setPasswordAlgorithm(passwordAlgorithm);
    account.setPasswordHash(passwordHash);
    account.setPasswordModifiedOn(modifiedOn);
    // One of these (the channel used to reset the password) is also verified by resetting the password.
    if (channelType == EMAIL) {
        account.setEmailVerified(true);
    } else if (channelType == PHONE) {
        account.setPhoneVerified(true);
    }
    accountDao.updateAccount(account);
}
Also used : PasswordAlgorithm(org.sagebionetworks.bridge.models.accounts.PasswordAlgorithm) DateTime(org.joda.time.DateTime)

Example 4 with PasswordAlgorithm

use of org.sagebionetworks.bridge.models.accounts.PasswordAlgorithm in project BridgeServer2 by Sage-Bionetworks.

the class HibernateAccountSecretDaoTest method generateHashConvertsException.

@Test(expectedExceptions = BridgeServiceException.class)
public void generateHashConvertsException() throws Exception {
    PasswordAlgorithm algorithm = Mockito.mock(PasswordAlgorithm.class);
    when(algorithm.generateHash(any())).thenThrow(new InvalidKeyException());
    dao.generateHash(algorithm, "whatever");
}
Also used : PasswordAlgorithm(org.sagebionetworks.bridge.models.accounts.PasswordAlgorithm) InvalidKeyException(java.security.InvalidKeyException) Test(org.testng.annotations.Test)

Aggregations

PasswordAlgorithm (org.sagebionetworks.bridge.models.accounts.PasswordAlgorithm)4 InvalidKeyException (java.security.InvalidKeyException)3 Test (org.testng.annotations.Test)2 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)1 InvalidKeySpecException (java.security.spec.InvalidKeySpecException)1 DateTime (org.joda.time.DateTime)1 BridgeServiceException (org.sagebionetworks.bridge.exceptions.BridgeServiceException)1 Account (org.sagebionetworks.bridge.models.accounts.Account)1 IdentifierHolder (org.sagebionetworks.bridge.models.accounts.IdentifierHolder)1 Phone (org.sagebionetworks.bridge.models.accounts.Phone)1 StudyParticipantValidator (org.sagebionetworks.bridge.validators.StudyParticipantValidator)1