Search in sources :

Example 1 with SimbaException

use of org.simbasecurity.core.exception.SimbaException in project simba-os by cegeka.

the class UserServiceImpl method create.

@Override
public User create(User user, List<String> roleNames) {
    for (String roleName : roleNames) {
        Role role = roleRepository.findByName(roleName);
        if (role == null) {
            throw new IllegalArgumentException("Role name " + roleName + " doesn't exist");
        }
        user.addRole(role);
    }
    if (userRepository.findByName(user.getUserName()) != null) {
        throw new SimbaException(USER_ALREADY_EXISTS, user.getUserName());
    }
    User newUser = userRepository.persist(user);
    audit.log(eventFactory.createEventForSession(user.getUserName(), null, "", "User created"));
    return newUser;
}
Also used : TRole(org.simbasecurity.api.service.thrift.TRole) SimbaException(org.simbasecurity.core.exception.SimbaException) TUser(org.simbasecurity.api.service.thrift.TUser)

Example 2 with SimbaException

use of org.simbasecurity.core.exception.SimbaException in project simba-os by cegeka.

the class ValidateRequestParametersCommand method checkIfLoginTokenExpired.

/**
     * Validates the login token to see if it exists in the logging mapping
     * database. If the login token isn't present no error is generated because
     * there are cases that there is no login token or it can be null.
     *
     * @param context
     */
private void checkIfLoginTokenExpired(ChainContext context) {
    String loginToken = context.getLoginToken();
    if (loginToken != null) {
        LoginMapping loginMapping = loginMappingService.getMapping(loginToken);
        if (loginMapping == null) {
            throw new SimbaException(SimbaMessageKey.LOGIN_TIME_EXPIRED);
        }
        context.setLoginMapping(loginMapping);
    }
}
Also used : SimbaException(org.simbasecurity.core.exception.SimbaException) LoginMapping(org.simbasecurity.core.domain.LoginMapping)

Example 3 with SimbaException

use of org.simbasecurity.core.exception.SimbaException in project simba-os by cegeka.

the class UserEntityTest method setUp.

@Before
public void setUp() {
    implantMock(UserValidator.class);
    PasswordValidator mockPasswordValidator = implantMock(PasswordValidator.class);
    doThrow(new SimbaException(PASSWORD_INVALID_LENGTH)).when(mockPasswordValidator).validatePassword(INVALID_PASSWORD);
    ConfigurationServiceImpl configurationServiceMock = implantMock(ConfigurationServiceImpl.class);
    when(configurationServiceMock.getValue(SimbaConfigurationParameter.DEFAULT_PASSWORD)).thenReturn(DEFAULT_PASSWORD);
    user = new UserEntity(USERNAME, null, null, null, Language.en_US, Status.ACTIVE, true, true);
}
Also used : SimbaException(org.simbasecurity.core.exception.SimbaException) PasswordValidator(org.simbasecurity.core.domain.validator.PasswordValidator) ConfigurationServiceImpl(org.simbasecurity.core.service.config.ConfigurationServiceImpl) Before(org.junit.Before)

Example 4 with SimbaException

use of org.simbasecurity.core.exception.SimbaException in project simba-os by cegeka.

the class UserService method changePassword.

@RequestMapping("changePassword")
@ResponseBody
public void changePassword(@RequestHeader(value = SIMBA_SSO_TOKEN, required = false) String ssoTokenFromHeader, @CookieValue(value = SIMBA_SSO_TOKEN, required = false) String ssoTokenFromCookie, @RequestBody ChangePasswordDTO changePasswordDTO, HttpServletResponse response) {
    String ssoToken = (ssoTokenFromHeader != null ? ssoTokenFromHeader : ssoTokenFromCookie);
    if (ssoToken == null || changePasswordDTO.getUserName() == null) {
        sendUnauthorizedError(response);
        return;
    }
    Session activeSession = sessionRepository.findBySSOToken(new SSOToken(ssoToken));
    if (activeSession == null) {
        sendUnauthorizedError(response);
        return;
    } else {
        User sessionUser = activeSession.getUser();
        User userThatNeedsPasswordChange = userRepository.findByName(changePasswordDTO.getUserName());
        if (!sessionUser.getUserName().equals(userThatNeedsPasswordChange.getUserName())) {
            sendUnauthorizedError(response);
            return;
        } else {
            try {
                userThatNeedsPasswordChange.changePassword(changePasswordDTO.getNewPassword(), changePasswordDTO.getNewPasswordConfirmation());
            } catch (SimbaException ex) {
                sendError(ErrorSender.UNABLE_TO_CHANGE_PASSWORD_ERROR_CODE, response, ex.getMessage());
                return;
            }
            userRepository.flush();
        }
    }
}
Also used : SimbaException(org.simbasecurity.core.exception.SimbaException) SSOToken(org.simbasecurity.api.service.thrift.SSOToken) User(org.simbasecurity.core.domain.User) Session(org.simbasecurity.core.domain.Session)

Example 5 with SimbaException

use of org.simbasecurity.core.exception.SimbaException in project simba-os by cegeka.

the class ChangePasswordCommandTest method testPasswordReset_passwordNotValid.

@Test
public void testPasswordReset_passwordNotValid() throws Exception {
    String simbaURL = "simbaURL";
    String requestURL = "requestURL";
    when(chainContextMock.getSimbaWebURL()).thenReturn(simbaURL);
    when(chainContextMock.getRequestURL()).thenReturn(requestURL);
    when(chainContextMock.getClientIpAddress()).thenReturn(IP_ADDRESS);
    when(chainContextMock.getUserName()).thenReturn(USERNAME);
    when(chainContextMock.getRequestParameter(AuthenticationConstants.NEW_PASSWORD)).thenReturn(NEW_PASSWORD);
    when(chainContextMock.getRequestParameter(AuthenticationConstants.NEW_PASSWORD_CONFIRMATION)).thenReturn(NEW_PASSWORD);
    doThrow(new SimbaException(PASSWORD_INVALID_LENGTH)).when(credentialServiceMock).changePassword(USERNAME, NEW_PASSWORD, NEW_PASSWORD);
    when(chainContextMock.isChangePasswordRequest()).thenReturn(Boolean.TRUE);
    State state = command.execute(chainContextMock);
    verify(auditMock).log(captor.capture());
    AuditLogEvent resultAuditLogEvent = captor.getValue();
    assertEquals(AuditLogEventCategory.SESSION, resultAuditLogEvent.getCategory());
    assertEquals(AuditMessages.FAILURE + AuditMessages.PASSWORD_NOT_VALID, resultAuditLogEvent.getMessage());
    verify(chainContextMock).redirectWithCredentialError(PASSWORD_INVALID_LENGTH);
    assertEquals(State.FINISH, state);
}
Also used : SimbaException(org.simbasecurity.core.exception.SimbaException) State(org.simbasecurity.core.chain.Command.State) Test(org.junit.Test)

Aggregations

SimbaException (org.simbasecurity.core.exception.SimbaException)5 Before (org.junit.Before)1 Test (org.junit.Test)1 SSOToken (org.simbasecurity.api.service.thrift.SSOToken)1 TRole (org.simbasecurity.api.service.thrift.TRole)1 TUser (org.simbasecurity.api.service.thrift.TUser)1 State (org.simbasecurity.core.chain.Command.State)1 LoginMapping (org.simbasecurity.core.domain.LoginMapping)1 Session (org.simbasecurity.core.domain.Session)1 User (org.simbasecurity.core.domain.User)1 PasswordValidator (org.simbasecurity.core.domain.validator.PasswordValidator)1 ConfigurationServiceImpl (org.simbasecurity.core.service.config.ConfigurationServiceImpl)1