This project has retired. For details please refer to its Attic page.
DefaultPasswordService xref
View Javadoc

1   package org.apache.archiva.redback.rest.services;
2   /*
3    * Licensed to the Apache Software Foundation (ASF) under one
4    * or more contributor license agreements.  See the NOTICE file
5    * distributed with this work for additional information
6    * regarding copyright ownership.  The ASF licenses this file
7    * to you under the Apache License, Version 2.0 (the
8    * "License"); you may not use this file except in compliance
9    * with the License.  You may obtain a copy of the License at
10   *
11   *   http://www.apache.org/licenses/LICENSE-2.0
12   *
13   * Unless required by applicable law or agreed to in writing,
14   * software distributed under the License is distributed on an
15   * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
16   * KIND, either express or implied.  See the License for the
17   * specific language governing permissions and limitations
18   * under the License.
19   */
20  
21  import org.apache.archiva.redback.policy.PasswordEncoder;
22  import org.apache.archiva.redback.policy.PasswordRuleViolationException;
23  import org.apache.archiva.redback.policy.PasswordRuleViolations;
24  import org.apache.archiva.redback.users.User;
25  import org.apache.archiva.redback.users.UserManagerException;
26  import org.apache.commons.lang.StringUtils;
27  import org.apache.archiva.redback.keys.AuthenticationKey;
28  import org.apache.archiva.redback.keys.KeyManagerException;
29  import org.apache.archiva.redback.system.SecuritySystem;
30  import org.apache.archiva.redback.users.UserNotFoundException;
31  import org.apache.archiva.redback.integration.filter.authentication.HttpAuthenticator;
32  import org.apache.archiva.redback.rest.api.model.ErrorMessage;
33  import org.apache.archiva.redback.rest.api.services.PasswordService;
34  import org.apache.archiva.redback.rest.api.services.RedbackServiceException;
35  import org.apache.archiva.redback.rest.services.utils.PasswordValidator;
36  import org.slf4j.Logger;
37  import org.slf4j.LoggerFactory;
38  import org.springframework.stereotype.Service;
39  
40  import javax.inject.Inject;
41  import javax.inject.Named;
42  import javax.servlet.http.HttpServletRequest;
43  import javax.ws.rs.core.Context;
44  import javax.ws.rs.core.Response;
45  import java.util.ArrayList;
46  import java.util.Arrays;
47  import java.util.List;
48  
49  /**
50   * @author Olivier Lamy
51   * @since 1.4
52   */
53  @Service("passwordService#rest")
54  public class DefaultPasswordService
55      implements PasswordService
56  {
57  
58      private Logger log = LoggerFactory.getLogger( getClass() );
59  
60      private SecuritySystem securitySystem;
61  
62      private HttpAuthenticator httpAuthenticator;
63  
64      private PasswordValidator passwordValidator;
65  
66      @Context
67      private HttpServletRequest httpServletRequest;
68  
69      @Inject
70      public DefaultPasswordService( SecuritySystem securitySystem,
71                                     @Named("httpAuthenticator#basic") HttpAuthenticator httpAuthenticator,
72                                     PasswordValidator passwordValidator )
73      {
74          this.securitySystem = securitySystem;
75          this.httpAuthenticator = httpAuthenticator;
76          this.passwordValidator = passwordValidator;
77      }
78  
79      public org.apache.archiva.redback.rest.api.model.User changePasswordWithKey( String password,
80                                                                                   String passwordConfirmation,
81                                                                                   String key )
82          throws RedbackServiceException
83      {
84  
85          //RedbackRequestInformation redbackRequestInformation = RedbackAuthenticationThreadLocal.get();
86  
87          String principal = null;
88  
89          if ( StringUtils.isEmpty( password ) )
90          {
91              throw new RedbackServiceException( "password cannot be empty", Response.Status.FORBIDDEN.getStatusCode() );
92          }
93          if ( StringUtils.isEmpty( passwordConfirmation ) )
94          {
95              throw new RedbackServiceException( "password confirmation cannot be empty",
96                                                 Response.Status.FORBIDDEN.getStatusCode() );
97          }
98          if ( !StringUtils.equals( password, passwordConfirmation ) )
99          {
100             throw new RedbackServiceException( "password confirmation must be same as password",
101                                                Response.Status.FORBIDDEN.getStatusCode() );
102         }
103 
104         try
105         {
106             AuthenticationKey authKey = securitySystem.getKeyManager().findKey( key );
107 
108             principal = authKey.getForPrincipal();
109 
110             String encodedPassword = passwordValidator.validatePassword( password, principal );
111 
112             User user = securitySystem.getUserManager().findUser( principal );
113             user.setPassword( password );
114             user.setEncodedPassword( encodedPassword );
115             user = securitySystem.getUserManager().updateUser( user );
116 
117             return new org.apache.archiva.redback.rest.api.model.User( user );
118 
119         }
120         catch ( KeyManagerException e )
121         {
122             log.info( "issue to find key {}: {}", key, e.getMessage() );
123             throw new RedbackServiceException( "issue with key", Response.Status.FORBIDDEN.getStatusCode() );
124         }
125         catch ( UserNotFoundException e )
126         {
127             log.info( "user {} not found", e.getMessage() );
128             List<ErrorMessage> errorMessages = new ArrayList<ErrorMessage>( 2 );
129             ErrorMessage errorMessage = new ErrorMessage( "cannot.update.user.not.found", new String[]{ principal } );
130             errorMessages.add( errorMessage );
131             errorMessage = new ErrorMessage( "admin.deleted.account" );
132             errorMessages.add( errorMessage );
133             throw new RedbackServiceException( errorMessages );
134         }
135         catch ( UserManagerException e )
136         {
137             log.info( "UserManagerException: {}", e.getMessage() );
138             List<ErrorMessage> errorMessages =
139                 Arrays.asList( new ErrorMessage().message( "UserManagerException: " + e.getMessage() ) );
140             throw new RedbackServiceException( errorMessages );
141         }
142         catch ( PasswordRuleViolationException e )
143         {
144             PasswordRuleViolations violations = e.getViolations();
145             List<ErrorMessage> errorMessages = new ArrayList<ErrorMessage>( violations.getViolations().size() );
146             if ( violations != null )
147             {
148                 for ( String violation : violations.getLocalizedViolations() )
149                 {
150                     errorMessages.add( new ErrorMessage( violation ) );
151                 }
152             }
153             throw new RedbackServiceException( errorMessages );
154         }
155 
156     }
157 
158     public org.apache.archiva.redback.rest.api.model.User changePassword( String userName, String previousPassword,
159                                                                           String password, String passwordConfirmation )
160         throws RedbackServiceException
161     {
162         if ( StringUtils.isEmpty( userName ) )
163         {
164             throw new RedbackServiceException( new ErrorMessage( "username.cannot.be.empty" ),
165                                                Response.Status.BAD_REQUEST.getStatusCode() );
166         }
167         if ( StringUtils.isEmpty( previousPassword ) )
168         {
169             throw new RedbackServiceException( new ErrorMessage( "password.previous.empty" ),
170                                                Response.Status.BAD_REQUEST.getStatusCode() );
171         }
172         if ( StringUtils.isEmpty( password ) )
173         {
174             throw new RedbackServiceException( new ErrorMessage( "password.empty" ),
175                                                Response.Status.BAD_REQUEST.getStatusCode() );
176         }
177         if ( StringUtils.isEmpty( passwordConfirmation ) )
178         {
179             throw new RedbackServiceException( new ErrorMessage( "password.confirmation.empty" ),
180                                                Response.Status.BAD_REQUEST.getStatusCode() );
181         }
182 
183         if ( !StringUtils.equals( password, passwordConfirmation ) )
184         {
185             throw new RedbackServiceException( new ErrorMessage( "password.confirmation.same" ),
186                                                Response.Status.BAD_REQUEST.getStatusCode() );
187         }
188         try
189         {
190             User u = securitySystem.getUserManager().findUser( userName );
191 
192             String previousEncodedPassword = u.getEncodedPassword();
193 
194             // check oldPassword with the current one
195 
196             PasswordEncoder encoder = securitySystem.getPolicy().getPasswordEncoder();
197 
198             if ( !encoder.isPasswordValid( previousEncodedPassword, previousPassword ) )
199             {
200 
201                 throw new RedbackServiceException( new ErrorMessage( "password.provided.does.not.match.existing" ),
202                                                    Response.Status.BAD_REQUEST.getStatusCode() );
203             }
204 
205             u.setPassword( password );
206 
207             u = securitySystem.getUserManager().updateUser( u );
208             return new org.apache.archiva.redback.rest.api.model.User( u );
209         }
210         catch ( UserNotFoundException e )
211         {
212             throw new RedbackServiceException( new ErrorMessage( "user.not.found" ),
213                                                Response.Status.BAD_REQUEST.getStatusCode() );
214         }
215         catch ( UserManagerException e )
216         {
217             log.info( "UserManagerException: {}", e.getMessage() );
218             List<ErrorMessage> errorMessages =
219                 Arrays.asList( new ErrorMessage().message( "UserManagerException: " + e.getMessage() ) );
220             throw new RedbackServiceException( errorMessages );
221         }
222 
223     }
224 }