use of org.sagebionetworks.bridge.models.accounts.PasswordAlgorithm in project BridgeServer2 by Sage-Bionetworks.
the class ParticipantService method createParticipant.
/**
* Create a study participant. A password must be provided, even if it is added on behalf of a user before
* triggering a reset password request.
*/
public IdentifierHolder createParticipant(App app, StudyParticipant participant, boolean shouldSendVerification) {
checkNotNull(app);
checkNotNull(participant);
if (app.getAccountLimit() > 0) {
throwExceptionIfLimitMetOrExceeded(app);
}
StudyParticipantValidator validator = new StudyParticipantValidator(studyService, organizationService, app, true);
Validate.entityThrowingException(validator, participant);
// Set basic params from inputs.
Account account = getAccount();
account.setId(generateGUID());
account.setAppId(app.getIdentifier());
account.setEmail(participant.getEmail());
account.setPhone(participant.getPhone());
account.setEmailVerified(FALSE);
account.setPhoneVerified(FALSE);
account.setHealthCode(generateGUID());
account.setStatus(UNVERIFIED);
// Otherwise this field is ignored on create.
if (CAN_EDIT_MEMBERS.check(ORG_ID, participant.getOrgMembership())) {
account.setOrgMembership(participant.getOrgMembership());
}
// Hash password if it has been supplied.
if (participant.getPassword() != null) {
try {
PasswordAlgorithm passwordAlgorithm = DEFAULT_PASSWORD_ALGORITHM;
String passwordHash = passwordAlgorithm.generateHash(participant.getPassword());
account.setPasswordAlgorithm(passwordAlgorithm);
account.setPasswordHash(passwordHash);
} catch (InvalidKeyException | InvalidKeySpecException | NoSuchAlgorithmException ex) {
throw new BridgeServiceException("Error creating password: " + ex.getMessage(), ex);
}
}
updateAccountAndRoles(app, account, participant, true);
// enabled unless we need any kind of verification
boolean sendEmailVerification = shouldSendVerification && app.isEmailVerificationEnabled();
if (participant.getEmail() != null && !sendEmailVerification) {
// not verifying, so consider it verified
account.setEmailVerified(true);
}
if (participant.getPhone() != null && !shouldSendVerification) {
// not verifying, so consider it verified
account.setPhoneVerified(true);
}
account.setSynapseUserId(participant.getSynapseUserId());
// not save if the account is inaccessible after construction.
if (BridgeUtils.hasValidIdentifier(account)) {
accountService.createAccount(app, account);
}
// send verify email
if (sendEmailVerification && !app.isAutoVerificationEmailSuppressed()) {
accountWorkflowService.sendEmailVerificationToken(app, account.getId(), account.getEmail());
}
// If you create an account with a phone number, this opts the phone number in to receiving SMS. We do this
// _before_ phone verification / sign-in, because we need to opt the user in to SMS in order to send phone
// verification / sign-in.
Phone phone = account.getPhone();
if (phone != null) {
// Note that there is no object with both accountId and phone, so we need to pass them in separately.
smsService.optInPhoneNumber(account.getId(), phone);
}
// send verify phone number
if (shouldSendVerification && !app.isAutoVerificationPhoneSuppressed()) {
accountWorkflowService.sendPhoneVerificationToken(app, account.getId(), phone);
}
return new IdentifierHolder(account.getId());
}
use of org.sagebionetworks.bridge.models.accounts.PasswordAlgorithm in project BridgeServer2 by Sage-Bionetworks.
the class HibernateAccountSecretDaoTest method verifySecretExceptionIsSuppressed.
@Test
public void verifySecretExceptionIsSuppressed() throws Exception {
PasswordAlgorithm algorithm = Mockito.mock(PasswordAlgorithm.class);
HibernateAccountSecret secret = Mockito.mock(HibernateAccountSecret.class);
when(secret.getAlgorithm()).thenReturn(algorithm);
when(algorithm.checkHash(any(), any())).thenThrow(new InvalidKeyException());
when(helper.queryGet(eq(HibernateAccountSecretDao.GET_QUERY), any(), eq(0), eq(ROTATIONS), eq(HibernateAccountSecret.class))).thenReturn(ImmutableList.of(secret));
assertFalse(dao.verifySecret(AccountSecretType.REAUTH, ACCOUNT_ID, TOKEN, ROTATIONS).isPresent());
}
use of org.sagebionetworks.bridge.models.accounts.PasswordAlgorithm in project BridgeServer2 by Sage-Bionetworks.
the class AccountService method changePassword.
/**
* Call to change a password, possibly verifying the channel used to reset the password. The channel
* type (which is optional, and can be null) is the channel that has been verified through the act
* of successfully resetting the password (sometimes there is no channel that is verified).
*/
public void changePassword(Account account, ChannelType channelType, String newPassword) {
checkNotNull(account);
PasswordAlgorithm passwordAlgorithm = DEFAULT_PASSWORD_ALGORITHM;
String passwordHash = hashCredential(passwordAlgorithm, "password", newPassword);
// Update
DateTime modifiedOn = DateUtils.getCurrentDateTime();
account.setModifiedOn(modifiedOn);
account.setPasswordAlgorithm(passwordAlgorithm);
account.setPasswordHash(passwordHash);
account.setPasswordModifiedOn(modifiedOn);
// One of these (the channel used to reset the password) is also verified by resetting the password.
if (channelType == EMAIL) {
account.setEmailVerified(true);
} else if (channelType == PHONE) {
account.setPhoneVerified(true);
}
accountDao.updateAccount(account);
}
use of org.sagebionetworks.bridge.models.accounts.PasswordAlgorithm in project BridgeServer2 by Sage-Bionetworks.
the class HibernateAccountSecretDaoTest method generateHashConvertsException.
@Test(expectedExceptions = BridgeServiceException.class)
public void generateHashConvertsException() throws Exception {
PasswordAlgorithm algorithm = Mockito.mock(PasswordAlgorithm.class);
when(algorithm.generateHash(any())).thenThrow(new InvalidKeyException());
dao.generateHash(algorithm, "whatever");
}
Aggregations