Search in sources :

Example 56 with UserRealm

use of org.wso2.carbon.user.core.UserRealm in project jaggery by wso2.

the class RegistryHostObject method isAuthorized.

private boolean isAuthorized(UserRegistry registry, String resourcePath, String action) throws RegistryException {
    UserRealm userRealm = registry.getUserRealm();
    String userName = registry.getUserName();
    try {
        if (!userRealm.getAuthorizationManager().isUserAuthorized(userName, resourcePath, action)) {
            return false;
        }
    } catch (UserStoreException e) {
        throw new org.wso2.carbon.registry.core.exceptions.RegistryException("Error at Authorizing " + resourcePath + " with user " + userName + ":" + e.getMessage(), e);
    }
    return true;
}
Also used : UserRealm(org.wso2.carbon.user.core.UserRealm) UserStoreException(org.wso2.carbon.user.core.UserStoreException)

Example 57 with UserRealm

use of org.wso2.carbon.user.core.UserRealm in project identity-outbound-auth-sms-otp by wso2-extensions.

the class SMSOTPAuthenticator method checkWithBackUpCodes.

/**
 * If user forgets the mobile, then user can use the back up codes to authenticate the user.
 *
 * @param context           the AuthenticationContext
 * @param userToken         the userToken
 * @param authenticatedUser the name of authenticatedUser
 * @throws AuthenticationFailedException
 */
private void checkWithBackUpCodes(AuthenticationContext context, String userToken, AuthenticatedUser authenticatedUser) throws AuthenticationFailedException {
    String savedOTPString = null;
    String username = context.getProperty(SMSOTPConstants.USER_NAME).toString();
    String tenantAwareUsername = MultitenantUtils.getTenantAwareUsername(username);
    UserRealm userRealm = getUserRealm(username);
    try {
        if (userRealm != null) {
            savedOTPString = userRealm.getUserStoreManager().getUserClaimValue(tenantAwareUsername, SMSOTPConstants.SAVED_OTP_LIST, null);
        }
        if (StringUtils.isEmpty(savedOTPString)) {
            if (log.isDebugEnabled()) {
                log.debug("The claim " + SMSOTPConstants.SAVED_OTP_LIST + " does not contain any values");
            }
            throw new AuthenticationFailedException("The claim " + SMSOTPConstants.SAVED_OTP_LIST + " does not contain any values");
        } else if (savedOTPString.contains(userToken)) {
            if (log.isDebugEnabled()) {
                log.debug("Found saved backup SMS OTP for user :" + authenticatedUser);
            }
            context.setSubject(authenticatedUser);
            savedOTPString = savedOTPString.replaceAll(userToken, "").replaceAll(",,", ",");
            userRealm.getUserStoreManager().setUserClaimValue(tenantAwareUsername, SMSOTPConstants.SAVED_OTP_LIST, savedOTPString, null);
        } else {
            if (log.isDebugEnabled()) {
                log.debug("User entered OTP :" + userToken + " does not match with any of the saved backup codes");
            }
            throw new AuthenticationFailedException("Verification Error due to Code " + userToken + " mismatch.");
        }
    } catch (UserStoreException e) {
        throw new AuthenticationFailedException("Cannot find the user claim for OTP list for user : " + authenticatedUser, e);
    }
}
Also used : UserRealm(org.wso2.carbon.user.api.UserRealm) AuthenticationFailedException(org.wso2.carbon.identity.application.authentication.framework.exception.AuthenticationFailedException) UserStoreException(org.wso2.carbon.user.api.UserStoreException)

Example 58 with UserRealm

use of org.wso2.carbon.user.core.UserRealm in project identity-outbound-auth-sms-otp by wso2-extensions.

the class SMSOTPUtils method updateUserAttribute.

/**
 * Update the mobile number (user attribute) in user's profile.
 *
 * @param username  the Username
 * @param attribute the Attribute
 * @throws SMSOTPException
 */
public static void updateUserAttribute(String username, Map<String, String> attribute, String tenantDomain) throws SMSOTPException {
    try {
        // updating user attributes is independent from tenant association.not tenant association check needed here.
        UserRealm userRealm;
        // user is always in the super tenant.
        userRealm = SMSOTPUtils.getUserRealm(tenantDomain);
        if (userRealm == null) {
            throw new SMSOTPException("The specified tenant domain " + tenantDomain + " does not exist.");
        }
        // check whether user already exists in the system.
        SMSOTPUtils.verifyUserExists(username, tenantDomain);
        UserStoreManager userStoreManager = userRealm.getUserStoreManager();
        userStoreManager.setUserClaimValues(username, attribute, null);
    } catch (UserStoreException | AuthenticationFailedException e) {
        throw new SMSOTPException("Exception occurred while connecting to User Store: Authentication is failed. ", e);
    }
}
Also used : UserRealm(org.wso2.carbon.user.api.UserRealm) AuthenticationFailedException(org.wso2.carbon.identity.application.authentication.framework.exception.AuthenticationFailedException) UserStoreException(org.wso2.carbon.user.api.UserStoreException) SMSOTPException(org.wso2.carbon.identity.authenticator.smsotp.exception.SMSOTPException) UserStoreManager(org.wso2.carbon.user.api.UserStoreManager)

Example 59 with UserRealm

use of org.wso2.carbon.user.core.UserRealm in project identity-outbound-auth-sms-otp by wso2-extensions.

the class SMSOTPUtils method getUserRealm.

/**
 * Get the user realm of the logged in user.
 *
 * @param tenantDomain the tenantDomain
 * @return th user realm
 * @throws AuthenticationFailedException
 */
public static UserRealm getUserRealm(String tenantDomain) throws AuthenticationFailedException {
    UserRealm userRealm;
    try {
        int tenantId = IdentityTenantUtil.getTenantId(tenantDomain);
        RealmService realmService = IdentityTenantUtil.getRealmService();
        userRealm = realmService.getTenantUserRealm(tenantId);
    } catch (Exception e) {
        throw new AuthenticationFailedException("Cannot find the user realm for the tenant domain " + tenantDomain, e);
    }
    return userRealm;
}
Also used : UserRealm(org.wso2.carbon.user.api.UserRealm) AuthenticationFailedException(org.wso2.carbon.identity.application.authentication.framework.exception.AuthenticationFailedException) RealmService(org.wso2.carbon.user.core.service.RealmService) UserStoreException(org.wso2.carbon.user.api.UserStoreException) AuthenticationFailedException(org.wso2.carbon.identity.application.authentication.framework.exception.AuthenticationFailedException) SMSOTPException(org.wso2.carbon.identity.authenticator.smsotp.exception.SMSOTPException)

Example 60 with UserRealm

use of org.wso2.carbon.user.core.UserRealm in project identity-outbound-auth-sms-otp by wso2-extensions.

the class SMSOTPUtils method isSMSOTPDisableForLocalUser.

/**
 * Check whether SMSOTP is disable by user.
 *
 * @param username the Username
 * @param context  the AuthenticationContext
 * @return true or false
 * @throws SMSOTPException
 */
public static boolean isSMSOTPDisableForLocalUser(String username, AuthenticationContext context, String authenticatorName) throws SMSOTPException, AuthenticationFailedException {
    UserRealm userRealm;
    try {
        String tenantDomain = MultitenantUtils.getTenantDomain(username);
        int tenantId = IdentityTenantUtil.getTenantId(tenantDomain);
        RealmService realmService = IdentityTenantUtil.getRealmService();
        userRealm = realmService.getTenantUserRealm(tenantId);
        username = MultitenantUtils.getTenantAwareUsername(String.valueOf(username));
        boolean isEnablingControlledByUser = isSMSOTPEnableOrDisableByUser(context, authenticatorName);
        if (userRealm != null) {
            if (isEnablingControlledByUser) {
                Map<String, String> claimValues = userRealm.getUserStoreManager().getUserClaimValues(username, new String[] { SMSOTPConstants.USER_SMSOTP_DISABLED_CLAIM_URI }, null);
                return Boolean.parseBoolean(claimValues.get(SMSOTPConstants.USER_SMSOTP_DISABLED_CLAIM_URI));
            }
        } else {
            throw new SMSOTPException("Cannot find the user realm for the given tenant domain : " + CarbonContext.getThreadLocalCarbonContext().getTenantDomain());
        }
    } catch (UserStoreException e) {
        throw new SMSOTPException("Failed while trying to access userRealm of the user : " + username, e);
    }
    return false;
}
Also used : UserRealm(org.wso2.carbon.user.api.UserRealm) RealmService(org.wso2.carbon.user.core.service.RealmService) UserStoreException(org.wso2.carbon.user.api.UserStoreException) SMSOTPException(org.wso2.carbon.identity.authenticator.smsotp.exception.SMSOTPException)

Aggregations

RealmService (org.wso2.carbon.user.core.service.RealmService)34 UserRealm (org.wso2.carbon.user.core.UserRealm)32 PrepareForTest (org.powermock.core.classloader.annotations.PrepareForTest)23 Test (org.junit.Test)21 UserRealm (org.wso2.carbon.user.api.UserRealm)20 UserStoreException (org.wso2.carbon.user.api.UserStoreException)18 TenantManager (org.wso2.carbon.user.core.tenant.TenantManager)15 ServiceReferenceHolder (org.wso2.carbon.apimgt.impl.internal.ServiceReferenceHolder)14 UserStoreManager (org.wso2.carbon.user.core.UserStoreManager)13 UserStoreManager (org.wso2.carbon.user.api.UserStoreManager)11 APIManagementException (org.wso2.carbon.apimgt.api.APIManagementException)10 RegistryService (org.wso2.carbon.registry.core.service.RegistryService)9 UserRegistry (org.wso2.carbon.registry.core.session.UserRegistry)9 UserStoreException (org.wso2.carbon.user.core.UserStoreException)7 PrivilegedCarbonContext (org.wso2.carbon.context.PrivilegedCarbonContext)6 AuthenticationFailedException (org.wso2.carbon.identity.application.authentication.framework.exception.AuthenticationFailedException)6 APIManagerConfiguration (org.wso2.carbon.apimgt.impl.APIManagerConfiguration)5 RealmConfiguration (org.wso2.carbon.user.api.RealmConfiguration)5 Matchers.anyString (org.mockito.Matchers.anyString)4 Organization (org.wso2.carbon.apimgt.persistence.dto.Organization)4