@Override public UserAccount getActiveUserAccount(String username, Long domainId) { return _userAccountDao.getUserAccount(username, domainId); }
@Override public UserAccount getUserAccountById(Long userId) { return _userAccountDao.findById(userId); }
@Override public UserAccount getUserByApiKey(String apiKey) { return _userAccountDao.getUserByApiKey(apiKey); }
if (!_userAccountDao.validateUsernameInDomain(userName, domainId)) { throw new InvalidParameterValueException("The user " + userName + " already exists in domain " + domainId); return _userAccountDao.findById(userId);
List<UserAccountVO> switchableAccounts = _userAccountDao.getAllUsersByNameAndEntity(currentUserAccount.getUsername(), currentUserAccount.getExternalEntity()); if (switchableAccounts != null && switchableAccounts.size() > 0 && currentUserId != User.UID_SYSTEM) { List<SamlUserAccountResponse> accountResponses = new ArrayList<SamlUserAccountResponse>();
List<UserAccountVO> possibleUserAccounts = userAccountDao.getAllUsersByNameAndEntity(username, issuer.getValue()); if (possibleUserAccounts != null && possibleUserAccounts.size() > 0) {
@Override public Pair<Boolean, ActionOnFailedAuthentication> authenticate(String username, String password, Long domainId, Map<String, Object[]> requestParameters) { if (s_logger.isDebugEnabled()) { s_logger.debug("Retrieving user: " + username); } if (StringUtils.isEmpty(username) || StringUtils.isEmpty(password)) { s_logger.debug("Username or Password cannot be empty"); return new Pair<Boolean, ActionOnFailedAuthentication>(false, null); } UserAccount user = _userAccountDao.getUserAccount(username, domainId); if (user == null) { s_logger.debug("Unable to find user with " + username + " in domain " + domainId); return new Pair<Boolean, ActionOnFailedAuthentication>(false, null); } if (!user.getPassword().equals(password)) { s_logger.debug("Password does not match"); return new Pair<Boolean, ActionOnFailedAuthentication>(false, ActionOnFailedAuthentication.INCREMENT_INCORRECT_LOGIN_ATTEMPT_COUNT); } return new Pair<Boolean, ActionOnFailedAuthentication>(true, null); }
@Override public void logoutUser(long userId) { UserAccount userAcct = _userAccountDao.findById(userId); if (userAcct != null) { ActionEventUtils.onActionEvent(userId, userAcct.getAccountId(), userAcct.getDomainId(), EventTypes.EVENT_USER_LOGOUT, "user has logged out"); } // else log some kind of error event? This likely means the user doesn't exist, or has been deleted... }
@Override public Pair<Boolean, ActionOnFailedAuthentication> authenticate(String username, String password, Long domainId, Map<String, Object[]> requestParameters) { if (s_logger.isDebugEnabled()) { s_logger.debug("Retrieving user: " + username); } if (StringUtils.isEmpty(username) || StringUtils.isEmpty(password)) { s_logger.debug("Username or Password cannot be empty"); return new Pair<Boolean, ActionOnFailedAuthentication>(false, null); } UserAccount user = _userAccountDao.getUserAccount(username, domainId); if (user == null) { s_logger.debug("Unable to find user with " + username + " in domain " + domainId); return new Pair<Boolean, ActionOnFailedAuthentication>(false, null); } if (!user.getPassword().equals(encode(password))) { s_logger.debug("Password does not match"); return new Pair<Boolean, ActionOnFailedAuthentication>(false, ActionOnFailedAuthentication.INCREMENT_INCORRECT_LOGIN_ATTEMPT_COUNT); } return new Pair<Boolean, ActionOnFailedAuthentication>(true, null); }
@Override @ActionEvent(eventType = EventTypes.EVENT_USER_UPDATE, eventDescription = "Updating User") public UserAccount updateUser(UpdateUserCmd updateUserCmd) { UserVO user = retrieveAndValidateUser(updateUserCmd); s_logger.debug("Updating user with Id: " + user.getUuid()); validateAndUpdateApiAndSecretKeyIfNeeded(updateUserCmd, user); Account account = retrieveAndValidateAccount(user); validateAndUpdateFirstNameIfNeeded(updateUserCmd, user); validateAndUpdateLastNameIfNeeded(updateUserCmd, user); validateAndUpdateUsernameIfNeeded(updateUserCmd, user, account); validateUserPasswordAndUpdateIfNeeded(updateUserCmd.getPassword(), user, updateUserCmd.getCurrentPassword()); String email = updateUserCmd.getEmail(); if (StringUtils.isNotBlank(email)) { user.setEmail(email); } String timezone = updateUserCmd.getTimezone(); if (StringUtils.isNotBlank(timezone)) { user.setTimezone(timezone); } _userDao.update(user.getId(), user); return _userAccountDao.findById(user.getId()); }
@Override public Pair<Boolean, ActionOnFailedAuthentication> authenticate(final String username, final String password, final Long domainId, final Map<String, Object[]> requestParameters) { Pair<Boolean, ActionOnFailedAuthentication> rc = new Pair<Boolean, ActionOnFailedAuthentication>(false, null); // TODO not allowing an empty password is a policy we shouldn't decide on. A private cloud may well want to allow this. if (StringUtils.isEmpty(username) || StringUtils.isEmpty(password)) { s_logger.debug("Username or Password cannot be empty"); return rc; } if (_ldapManager.isLdapEnabled()) { final UserAccount user = _userAccountDao.getUserAccount(username, domainId); List<LdapTrustMapVO> ldapTrustMapVOs = _ldapManager.getDomainLinkage(domainId); if(ldapTrustMapVOs != null && ldapTrustMapVOs.size() > 0) { if(ldapTrustMapVOs.size() == 1 && ldapTrustMapVOs.get(0).getAccountId() == 0) { // We have a single mapping of a domain to an ldap group or ou return authenticate(username, password, domainId, user, ldapTrustMapVOs.get(0)); } else { // we are dealing with mapping of accounts in a domain to ldap groups return authenticate(username, password, domainId, user, ldapTrustMapVOs); } } else { //domain is not linked to ldap follow normal authentication return authenticate(username, password, domainId, user); } } return rc; }
if (user.getState().equals(State.locked)) { return _userAccountDao.findById(userId); } else if (user.getState().equals(State.enabled)) { success = doSetUserStatus(user.getId(), State.locked); return _userAccountDao.findById(userId); } else { throw new CloudRuntimeException("Unable to lock user " + userId);
UserAccount user = _userAccountDao.getUserAccount(username, domainId); if (user == null) { s_logger.debug("Unable to find user with " + username + " in domain " + domainId);
return _userAccountDao.findById(userId); } else { throw new CloudRuntimeException("Unable to disable user " + userId);
s_logger.info("User signature: " + signature + " is not equaled to computed signature: " + computedSignature); } else { user = _userAccountDao.getUserAccount(username, domainId);
return _userAccountDao.findById(userId); } else { throw new CloudRuntimeException("Unable to enable user " + userId);
UserAccount user = this._userAccountDao.getUserAccount(username, domainId); if (user != null) { isValidUser = true;
@Override public Pair<Boolean, ActionOnFailedAuthentication> authenticate(String username, String password, Long domainId, Map<String, Object[]> requestParameters) { if (s_logger.isDebugEnabled()) { s_logger.debug("Trying SAML2 auth for user: " + username); } if (StringUtils.isEmpty(username) || StringUtils.isEmpty(password)) { s_logger.debug("Username or Password cannot be empty"); return new Pair<Boolean, ActionOnFailedAuthentication>(false, null); } final UserAccount userAccount = _userAccountDao.getUserAccount(username, domainId); if (userAccount == null || userAccount.getSource() != User.Source.SAML2) { s_logger.debug("Unable to find user with " + username + " in domain " + domainId + ", or user source is not SAML2"); return new Pair<Boolean, ActionOnFailedAuthentication>(false, null); } else { User user = _userDao.getUser(userAccount.getId()); if (user != null && user.getSource() == User.Source.SAML2 && user.getExternalEntity() != null) { return new Pair<Boolean, ActionOnFailedAuthentication>(true, null); } } // Deny all by default return new Pair<Boolean, ActionOnFailedAuthentication>(false, ActionOnFailedAuthentication.INCREMENT_INCORRECT_LOGIN_ATTEMPT_COUNT); }
s_logger.debug("Attempting to log in user: " + username + " in domain " + domainId); UserAccount userAccount = _userAccountDao.getUserAccount(username, domainId); domainName = domain.getName(); userAccount = _userAccountDao.getUserAccount(username, domainId);