use of org.structr.core.entity.Principal in project structr by structr.
the class AddToGroupFunction method apply.
@Override
public Object apply(final ActionContext ctx, final Object caller, final Object[] sources) throws FrameworkException {
try {
if (!arrayHasLengthAndAllElementsNotNull(sources, 2)) {
return "";
}
if (!(sources[0] instanceof Group)) {
logger.warn("Error: first argument is not a Group. Parameters: {}", getParametersAsString(sources));
return "Error: first argument is not a Group.";
}
if (!(sources[1] instanceof Principal)) {
logger.warn("Error: second argument is not a Principal. Parameters: {}", getParametersAsString(sources));
return "Error: second argument is not a Principal.";
}
final Group group = (Group) sources[0];
final Principal user = (Principal) sources[1];
group.addMember(user);
} catch (final IllegalArgumentException e) {
logParameterError(caller, sources, ctx.isJavaScriptContext());
return usage(ctx.isJavaScriptContext());
}
return "";
}
use of org.structr.core.entity.Principal in project structr by structr.
the class SourcePattern method getContent.
private String getContent(final String urlString) throws FrameworkException {
final SourceSite site = getSite();
String proxyUrl = site.getProperty(SourceSite.proxyUrl);
String proxyUsername = site.getProperty(SourceSite.proxyUsername);
String proxyPassword = site.getProperty(SourceSite.proxyPassword);
Principal user = securityContext.getCachedUser();
if (user != null & StringUtils.isBlank(proxyUrl)) {
proxyUrl = user.getProperty(StructrApp.key(User.class, "proxyUrl"));
proxyUsername = user.getProperty(StructrApp.key(User.class, "proxyUsername"));
proxyPassword = user.getProperty(StructrApp.key(User.class, "proxyPassword"));
}
final String cookie = site.getProperty(SourceSite.cookie);
return HttpHelper.get(urlString, proxyUrl, proxyUsername, proxyPassword, cookie, Collections.EMPTY_MAP).replace("<head>", "<head>\n <base href=\"" + urlString + "\">");
}
use of org.structr.core.entity.Principal in project structr by structr.
the class LoginResource method doPost.
@Override
public RestMethodResult doPost(Map<String, Object> propertySet) throws FrameworkException {
final ConfigurationProvider config = StructrApp.getConfiguration();
final PropertyMap properties = PropertyMap.inputTypeToJavaType(securityContext, User.class, propertySet);
final PropertyKey<String> nameKey = StructrApp.key(User.class, "name");
final PropertyKey<String> eMailKey = StructrApp.key(User.class, "eMail");
final PropertyKey<String> pwdKey = StructrApp.key(User.class, "password");
final String name = properties.get(nameKey);
final String email = properties.get(eMailKey);
final String password = properties.get(pwdKey);
String emailOrUsername = StringUtils.isNotEmpty(email) ? email : name;
if (StringUtils.isNotEmpty(emailOrUsername) && StringUtils.isNotEmpty(password)) {
Principal user = securityContext.getAuthenticator().doLogin(securityContext.getRequest(), emailOrUsername, password);
if (user != null) {
logger.info("Login successful: {}", new Object[] { user });
// make logged in user available to caller
securityContext.setCachedUser(user);
RestMethodResult methodResult = new RestMethodResult(200);
methodResult.addContent(user);
return methodResult;
}
}
logger.info("Invalid credentials (name, email, password): {}, {}, {}", new Object[] { name, email, password });
return new RestMethodResult(401);
}
use of org.structr.core.entity.Principal in project structr by structr.
the class ResetPasswordResource method doPost.
@Override
public RestMethodResult doPost(Map<String, Object> propertySet) throws FrameworkException {
if (propertySet.containsKey("eMail")) {
final String emailString = (String) propertySet.get("eMail");
if (StringUtils.isEmpty(emailString)) {
return new RestMethodResult(HttpServletResponse.SC_BAD_REQUEST);
}
final ConfigurationProvider config = StructrApp.getConfiguration();
final PropertyKey<String> confirmationKey = StructrApp.key(User.class, "confirmationKey");
final PropertyKey<String> eMail = StructrApp.key(User.class, "eMail");
final String localeString = (String) propertySet.get("locale");
final String confKey = UUID.randomUUID().toString();
final Principal user = StructrApp.getInstance().nodeQuery(User.class).and(eMail, emailString).getFirst();
if (user != null) {
// update confirmation key
user.setProperties(SecurityContext.getSuperUserInstance(), new PropertyMap(confirmationKey, confKey));
if (!sendResetPasswordLink(user, propertySet, localeString, confKey)) {
// return 400 Bad request
return new RestMethodResult(HttpServletResponse.SC_BAD_REQUEST);
}
// return 200 OK
return new RestMethodResult(HttpServletResponse.SC_OK);
} else {
// so we're failing silently here
return new RestMethodResult(HttpServletResponse.SC_OK);
}
} else {
// return 400 Bad request
return new RestMethodResult(HttpServletResponse.SC_BAD_REQUEST);
}
}
use of org.structr.core.entity.Principal in project structr by structr.
the class HtmlServlet method doGet.
@Override
protected void doGet(final HttpServletRequest request, final HttpServletResponse response) {
final Authenticator auth = getConfig().getAuthenticator();
List<Page> pages = null;
boolean requestUriContainsUuids = false;
SecurityContext securityContext;
final App app;
try {
assertInitialized();
final String path = request.getPathInfo() != null ? request.getPathInfo() : "/";
// check for registration (has its own tx because of write access
if (checkRegistration(auth, request, response, path)) {
return;
}
// check for registration (has its own tx because of write access
if (checkResetPassword(auth, request, response, path)) {
return;
}
// isolate request authentication in a transaction
try (final Tx tx = StructrApp.getInstance().tx()) {
securityContext = auth.initializeAndExamineRequest(request, response);
tx.success();
} catch (AuthenticationException aex) {
response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
return;
}
app = StructrApp.getInstance(securityContext);
try (final Tx tx = app.tx()) {
// Ensure access mode is frontend
securityContext.setAccessMode(AccessMode.Frontend);
request.setCharacterEncoding("UTF-8");
// Important: Set character encoding before calling response.getWriter() !!, see Servlet Spec 5.4
response.setCharacterEncoding("UTF-8");
boolean dontCache = false;
logger.debug("Path info {}", path);
// don't continue on redirects
if (response.getStatus() == 302) {
tx.success();
return;
}
final Principal user = securityContext.getUser(false);
if (user != null) {
// Don't cache if a user is logged in
dontCache = true;
}
final RenderContext renderContext = RenderContext.getInstance(securityContext, request, response);
renderContext.setResourceProvider(config.getResourceProvider());
final EditMode edit = renderContext.getEditMode(user);
DOMNode rootElement = null;
AbstractNode dataNode = null;
final String[] uriParts = PathHelper.getParts(path);
if ((uriParts == null) || (uriParts.length == 0)) {
// find a visible page
rootElement = findIndexPage(securityContext, pages, edit);
logger.debug("No path supplied, trying to find index page");
} else {
if (rootElement == null) {
rootElement = findPage(securityContext, pages, path, edit);
} else {
dontCache = true;
}
}
if (rootElement == null) {
// No page found
// In case of a file, try to find a file with the query string in the filename
final String queryString = request.getQueryString();
// Look for a file, first include the query string
File file = findFile(securityContext, request, path + (queryString != null ? "?" + queryString : ""));
// If no file with query string in the file name found, try without query string
if (file == null) {
file = findFile(securityContext, request, path);
}
if (file != null) {
streamFile(securityContext, file, request, response, edit);
tx.success();
return;
}
if (uriParts != null) {
// store remaining path parts in request
final Matcher matcher = threadLocalUUIDMatcher.get();
for (int i = 0; i < uriParts.length; i++) {
request.setAttribute(uriParts[i], i);
matcher.reset(uriParts[i]);
// set to "true" if part matches UUID pattern
requestUriContainsUuids |= matcher.matches();
}
}
if (!requestUriContainsUuids) {
// Try to find a data node by name
dataNode = findFirstNodeByName(securityContext, request, path);
} else {
dataNode = findNodeByUuid(securityContext, PathHelper.getName(path));
}
// if (dataNode != null && !(dataNode instanceof Linkable)) {
if (dataNode != null) {
// Last path part matches a data node
// Remove last path part and try again searching for a page
// clear possible entry points
request.removeAttribute(POSSIBLE_ENTRY_POINTS_KEY);
rootElement = findPage(securityContext, pages, StringUtils.substringBeforeLast(path, PathHelper.PATH_SEP), edit);
renderContext.setDetailsDataObject(dataNode);
// Start rendering on data node
if (rootElement == null && dataNode instanceof DOMNode) {
// check visibleForSite here as well
if (!(dataNode instanceof Page) || isVisibleForSite(request, (Page) dataNode)) {
rootElement = ((DOMNode) dataNode);
}
}
}
}
// look for pages with HTTP Basic Authentication (must be done as superuser)
if (rootElement == null) {
final HttpBasicAuthResult authResult = checkHttpBasicAuth(request, response, path);
switch(authResult.authState()) {
// Element with Basic Auth found and authentication succeeded
case Authenticated:
final Linkable result = authResult.getRootElement();
if (result instanceof Page) {
rootElement = (DOMNode) result;
securityContext = authResult.getSecurityContext();
renderContext.pushSecurityContext(securityContext);
} else if (result instanceof File) {
streamFile(authResult.getSecurityContext(), (File) result, request, response, EditMode.NONE);
tx.success();
return;
}
break;
// Page with Basic Auth found but not yet authenticated
case MustAuthenticate:
final Page errorPage = StructrApp.getInstance().nodeQuery(Page.class).and(StructrApp.key(Page.class, "showOnErrorCodes"), "401", false).getFirst();
if (errorPage != null && isVisibleForSite(request, errorPage)) {
// set error page
rootElement = errorPage;
// don't cache the error page
dontCache = true;
} else {
// send error
response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
tx.success();
return;
}
break;
// no Basic Auth for given path, go on
case NoBasicAuth:
break;
}
}
// Still nothing found, do error handling
if (rootElement == null) {
rootElement = notFound(response, securityContext);
}
if (rootElement == null) {
tx.success();
return;
}
// check dont cache flag on page (if root element is a page)
// but don't modify true to false
dontCache |= rootElement.dontCache();
if (EditMode.WIDGET.equals(edit) || dontCache) {
setNoCacheHeaders(response);
}
if (!securityContext.isVisible(rootElement)) {
rootElement = notFound(response, securityContext);
if (rootElement == null) {
tx.success();
return;
}
} else {
if (!EditMode.WIDGET.equals(edit) && !dontCache && notModifiedSince(request, response, rootElement, dontCache)) {
ServletOutputStream out = response.getOutputStream();
out.flush();
// response.flushBuffer();
out.close();
} else {
// prepare response
response.setCharacterEncoding("UTF-8");
String contentType = rootElement.getProperty(StructrApp.key(Page.class, "contentType"));
if (contentType == null) {
// Default
contentType = "text/html;charset=UTF-8";
}
if (contentType.equals("text/html")) {
contentType = contentType.concat(";charset=UTF-8");
}
response.setContentType(contentType);
setCustomResponseHeaders(response);
final boolean createsRawData = rootElement.getProperty(StructrApp.key(Page.class, "pageCreatesRawData"));
// async or not?
if (isAsync && !createsRawData) {
final AsyncContext async = request.startAsync();
final ServletOutputStream out = async.getResponse().getOutputStream();
final AtomicBoolean finished = new AtomicBoolean(false);
final DOMNode rootNode = rootElement;
threadPool.submit(new Runnable() {
@Override
public void run() {
try (final Tx tx = app.tx()) {
// render
rootNode.render(renderContext, 0);
finished.set(true);
tx.success();
} catch (Throwable t) {
t.printStackTrace();
logger.warn("Error while rendering page {}: {}", rootNode.getName(), t.getMessage());
try {
response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
finished.set(true);
} catch (IOException ex) {
logger.warn("", ex);
}
}
}
});
// start output write listener
out.setWriteListener(new WriteListener() {
@Override
public void onWritePossible() throws IOException {
try {
final Queue<String> queue = renderContext.getBuffer().getQueue();
while (out.isReady()) {
String buffer = null;
synchronized (queue) {
buffer = queue.poll();
}
if (buffer != null) {
out.print(buffer);
} else {
if (finished.get()) {
async.complete();
// prevent this block from being called again
break;
}
Thread.sleep(1);
}
}
} catch (Throwable t) {
logger.warn("", t);
}
}
@Override
public void onError(Throwable t) {
logger.warn("", t);
}
});
} else {
final StringRenderBuffer buffer = new StringRenderBuffer();
renderContext.setBuffer(buffer);
// render
rootElement.render(renderContext, 0);
try {
response.getOutputStream().write(buffer.getBuffer().toString().getBytes("utf-8"));
response.getOutputStream().flush();
response.getOutputStream().close();
} catch (IOException ioex) {
logger.warn("", ioex);
}
}
}
}
tx.success();
} catch (FrameworkException fex) {
logger.error("Exception while processing request: {}", fex.getMessage());
}
} catch (FrameworkException fex) {
logger.error("Exception while processing request: {}", fex.getMessage());
UiAuthenticator.writeFrameworkException(response, fex);
} catch (IOException ioex) {
logger.error("Exception while processing request: {}", ioex.getMessage());
UiAuthenticator.writeInternalServerError(response);
}
}
Aggregations