public void updatePassword(User user, String hash) { this.findById(user.getId()).setPassword(hash); }
@Override public User map(int index, ResultSet result, StatementContext statementContext) throws SQLException { User user = new User((UUID) result.getObject("id")); user.setEmail(result.getString("email")); user.setPassword(result.getString("password")); user.setSlug(result.getString("slug")); user.setValidationKey(result.getString("validation_key")); if (result.getObject("active") != null) { user.setActive(result.getBoolean("active")); } else { user.setActive(false); } if (result.getObject("tenant_id") == null) { user.setGlobal(true); } return user; } }
@Override public void changePassword(User user, String currentPassword, String newPassword) throws WrongPasswordException, PasswordDoesNotMeetRequirementsException { Preconditions.checkNotNull(user); Preconditions.checkNotNull(user.getId()); User stored = this.userStore.get().findById(user.getId()); if (!this.passwordManager.verifyPassword(currentPassword, stored.getPassword())) { throw new WrongPasswordException("Refusing to change password : given current password is incorrect"); } if (!passwordStrengthChecker.checkLength(newPassword)) { throw new PasswordDoesNotMeetRequirementsException( "Provided password does not meet requirements : length too short"); } if (!passwordStrengthChecker.checkEntropy(newPassword)) { throw new PasswordDoesNotMeetRequirementsException( "Provided password does not meet requirements : not enough bits of entropy"); } this.userStore.get().updatePassword(user, passwordManager.hashPassword(newPassword)); }
public void update(User user) throws EntityDoesNotExistException, InvalidEntityException { if (this.findById(user.getId()) == null) { throw new EntityDoesNotExistException(); } this.dao.update(user); }
@Override public User validateAccount(String validationKey) throws NoSuchValidationKeyException, IncompatibleConnectedUserException, UserAlreadyValidatedException { User user = this.userStore.get().findByValidationKey(validationKey); if (user == null) { throw new NoSuchValidationKeyException("Validation key does not exist"); } if (context.getUser() != null && !context.getUser().getId().equals(user.getId())) { throw new IncompatibleConnectedUserException("Refusing to validate user not matching connected user"); } if (user.isActive()) { throw new UserAlreadyValidatedException("User already validated"); } user.setActive(true); try { this.userStore.get().update(user); } catch (InvalidEntityException | EntityDoesNotExistException e) { this.logger.error("Failed to validate user", e); throw new RuntimeException(e); } return user; }
private void create(User user, Role initialRole, Map<String, Object> additionalContext) throws InvalidEntityException, EntityAlreadyExistsException, PasswordDoesNotMeetRequirementsException { AccountsSettings settings = getSettings(); Boolean validationIsRequired = settings.getUserValidation().getValue(); if (user.getPassword().length() < settings.getPasswordRequirements().getMinimalLength()) { throw new PasswordDoesNotMeetRequirementsException("Provided password does not meet requirements"); } if (validationIsRequired) { if (context.getTenant() != null) { throw new RuntimeException("Validation is not supported for local users"); } user.setActive(false); user.setValidationKey(generateSecret()); } else { user.setActive(true); } user.setPassword(this.passwordManager.hashPassword(user.getPassword())); final User createdUser = this.userStore.get().create(user, initialRole); if (validationIsRequired) { sendValidationMail(createdUser, settings, additionalContext); } }
public User create(User user, Role initialRole) throws EntityAlreadyExistsException, InvalidEntityException { if (this.dao.findBySlug(user.getSlug(), getTenant()) != null) { throw new EntityAlreadyExistsException(); } this.dao.begin(); UUID entityId = UUID.randomUUID(); user.setId(entityId); if (getTenant() == null && user.isGlobal()) { this.dao.createEntity(user, USER_ENTITY_TYPE); } else { this.dao.createEntity(user, USER_ENTITY_TYPE, getTenant()); } this.dao.create(user); this.dao.addRoleToUser(entityId, initialRole.toString()); this.dao.commit(); return user; }
@Override public Optional<User> verify(String value, Tenant tenant) { final int space = value.indexOf(' '); if (space > 0) { final String decoded = B64Code.decode(value.substring(space + 1), StringUtil.__ISO_8859_1); final int i = decoded.indexOf(':'); if (i > 0) { final String username = decoded.substring(0, i); final String password = decoded.substring(i + 1); User user = userStore.get().findUserByEmailOrUserName(username); if (user != null) { if (this.passwordManager.verifyPassword(password, user.getPassword())) { return Optional.of(user); } } } } return Optional.absent(); } }
private void sendValidationMail(final User createdUser, AccountsSettings settings, Map<String, Object> additionalContext) { MailTemplate mailTemplate = new MailTemplate().template("account-validation").to(createdUser.getEmail()) .from(generalSettings.getNotificationsEmail()); try { Map<String, Object> context = Maps.newHashMap(); context.putAll(additionalContext); String validationUriTemplate; if (!Strings.isNullOrEmpty(settings.getUserValidationUriTemplate().getValue())) { validationUriTemplate = settings.getUserValidationUriTemplate().getValue(); } else { validationUriTemplate = urlHelper.getContextWebURL("/account/validation/${validationKey}").toString(); } SimpleTemplateEngine templateEngine = new SimpleTemplateEngine(); groovy.text.Template uriTemplate = templateEngine.createTemplate(validationUriTemplate); context.put("validationLink", uriTemplate.make(new HashMap() { { put("validationKey", createdUser.getValidationKey()); } }).toString()); context.put("siteName", siteSettings.getName()); mailTemplateService.sendTemplateMail(mailTemplate, context); } catch (MailException | ClassNotFoundException | IOException e) { logger.error("Failed to send validation email", e); } }
private boolean checkAuthorization(User user) { if (annotation.requiresGlobalUser() && !user.isGlobal()) { return false; } if (context.getRequest().isApiRequest() && !gatekeeper.userHasRole(user, Role.ADMIN)) { // For now, hard-code the fact API requests require Admin role. // If/when we need several admin roles (like "manager", "content creator" etc. ; then review the need // for this check, and maybe ban only users with role "NONE" from API requests. return false; } if (this.annotation.roles().length == 0 && user != null) { // No specific role is required, just an authenticated user return true; } for (Role role : this.annotation.roles()) { if (gatekeeper.userHasRole(user, role)) { return true; } } return false; }
private void sendPasswordResetMail(User user, final String secret, AccountsSettings settings) { MailTemplate mailTemplate = new MailTemplate().template("password-reset").to(user.getEmail()) .from(generalSettings.getNotificationsEmail()); try { Map<String, Object> context = Maps.newHashMap(); for (UserDataSupplier supplier : userDataSuppliers.values()) { supplier.supply(user, context); } String passwordResetUriLink; if (!Strings.isNullOrEmpty(settings.getUserPasswordResetUriTemplate().getValue())) { passwordResetUriLink = settings.getUserPasswordResetUriTemplate().getValue(); } else { passwordResetUriLink = urlHelper.getContextWebURL("/login/reset-password/${resetKey}").toString(); } SimpleTemplateEngine templateEngine = new SimpleTemplateEngine(); groovy.text.Template uriTemplate = templateEngine.createTemplate(passwordResetUriLink); context.put("resetLink", uriTemplate.make(new HashMap() { { put("resetKey", secret); } }).toString()); context.put("siteName", siteSettings.getName()); mailTemplateService.sendTemplateMail(mailTemplate, context); } catch (MailException | ClassNotFoundException | IOException e) { logger.error("Failed to send validation email", e); } }
public boolean apply(@Nullable User input) { return input.getValidationKey().equals(validationKey); } };
@Override public void createInitialUser(User user) throws EntityAlreadyExistsException, InvalidEntityException, PasswordDoesNotMeetRequirementsException { if (this.hasUsers()) { throw new RuntimeException("Illegal attempt at create the initial user"); } // Initial user does not have to validate, whatever the settings user.setActive(true); this.create(user, Role.ADMIN, Maps.<String, Object>newHashMap()); }
@Override public void supply(User user, Map<String, Object> data) { Customer customer = customerStore.get().findByUserId(user.getId()); if (customer == null) { return; } CustomerWebObject customerWebObject = new CustomerWebObject().withCustomer(customer); Address delivery = addressStore.get().findByCustomerIdAndType(customer.getId(), "delivery"); if (delivery != null) { customerWebObject.withDeliveryAddress(delivery); } Address billing = addressStore.get().findByCustomerIdAndType(customer.getId(), "billing"); if (billing != null) { customerWebObject.withBillingAddress(billing); } if (customer != null) { data.put("customer", customerWebObject); } } }
User user = userStore.get().findUserByEmailOrUserName(username); if (user != null) { if (this.passwordManager.verifyPassword(password, user.getPassword())) { return Optional.of(user);
Customer customer = customerStore.get().findByUserId(webContext.getUser().getId()); if (customer != null) { Address deliveryAddress = addressStore.get().findByCustomerIdAndType(customer.getId(), "delivery");