This project has retired. For details please refer to its
Attic page.
DefaultPasswordService xref
1 package org.apache.archiva.redback.rest.services;
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21 import org.apache.archiva.redback.policy.PasswordEncoder;
22 import org.apache.archiva.redback.policy.PasswordRuleViolationException;
23 import org.apache.archiva.redback.policy.PasswordRuleViolations;
24 import org.apache.archiva.redback.users.User;
25 import org.apache.archiva.redback.users.UserManagerException;
26 import org.apache.commons.lang.StringUtils;
27 import org.apache.archiva.redback.keys.AuthenticationKey;
28 import org.apache.archiva.redback.keys.KeyManagerException;
29 import org.apache.archiva.redback.system.SecuritySystem;
30 import org.apache.archiva.redback.users.UserNotFoundException;
31 import org.apache.archiva.redback.integration.filter.authentication.HttpAuthenticator;
32 import org.apache.archiva.redback.rest.api.model.ErrorMessage;
33 import org.apache.archiva.redback.rest.api.services.PasswordService;
34 import org.apache.archiva.redback.rest.api.services.RedbackServiceException;
35 import org.apache.archiva.redback.rest.services.utils.PasswordValidator;
36 import org.slf4j.Logger;
37 import org.slf4j.LoggerFactory;
38 import org.springframework.stereotype.Service;
39
40 import javax.inject.Inject;
41 import javax.inject.Named;
42 import javax.servlet.http.HttpServletRequest;
43 import javax.ws.rs.core.Context;
44 import javax.ws.rs.core.Response;
45 import java.util.ArrayList;
46 import java.util.Arrays;
47 import java.util.List;
48
49
50
51
52
53 @Service("passwordService#rest")
54 public class DefaultPasswordService
55 implements PasswordService
56 {
57
58 private Logger log = LoggerFactory.getLogger( getClass() );
59
60 private SecuritySystem securitySystem;
61
62 private HttpAuthenticator httpAuthenticator;
63
64 private PasswordValidator passwordValidator;
65
66 @Context
67 private HttpServletRequest httpServletRequest;
68
69 @Inject
70 public DefaultPasswordService( SecuritySystem securitySystem,
71 @Named("httpAuthenticator#basic") HttpAuthenticator httpAuthenticator,
72 PasswordValidator passwordValidator )
73 {
74 this.securitySystem = securitySystem;
75 this.httpAuthenticator = httpAuthenticator;
76 this.passwordValidator = passwordValidator;
77 }
78
79 public org.apache.archiva.redback.rest.api.model.User changePasswordWithKey( String password,
80 String passwordConfirmation,
81 String key )
82 throws RedbackServiceException
83 {
84
85
86
87 String principal = null;
88
89 if ( StringUtils.isEmpty( password ) )
90 {
91 throw new RedbackServiceException( "password cannot be empty", Response.Status.FORBIDDEN.getStatusCode() );
92 }
93 if ( StringUtils.isEmpty( passwordConfirmation ) )
94 {
95 throw new RedbackServiceException( "password confirmation cannot be empty",
96 Response.Status.FORBIDDEN.getStatusCode() );
97 }
98 if ( !StringUtils.equals( password, passwordConfirmation ) )
99 {
100 throw new RedbackServiceException( "password confirmation must be same as password",
101 Response.Status.FORBIDDEN.getStatusCode() );
102 }
103
104 try
105 {
106 AuthenticationKey authKey = securitySystem.getKeyManager().findKey( key );
107
108 principal = authKey.getForPrincipal();
109
110 String encodedPassword = passwordValidator.validatePassword( password, principal );
111
112 User user = securitySystem.getUserManager().findUser( principal );
113 user.setPassword( password );
114 user.setEncodedPassword( encodedPassword );
115 user = securitySystem.getUserManager().updateUser( user );
116
117 return new org.apache.archiva.redback.rest.api.model.User( user );
118
119 }
120 catch ( KeyManagerException e )
121 {
122 log.info( "issue to find key {}: {}", key, e.getMessage() );
123 throw new RedbackServiceException( "issue with key", Response.Status.FORBIDDEN.getStatusCode() );
124 }
125 catch ( UserNotFoundException e )
126 {
127 log.info( "user {} not found", e.getMessage() );
128 List<ErrorMessage> errorMessages = new ArrayList<ErrorMessage>( 2 );
129 ErrorMessage errorMessage = new ErrorMessage( "cannot.update.user.not.found", new String[]{ principal } );
130 errorMessages.add( errorMessage );
131 errorMessage = new ErrorMessage( "admin.deleted.account" );
132 errorMessages.add( errorMessage );
133 throw new RedbackServiceException( errorMessages );
134 }
135 catch ( UserManagerException e )
136 {
137 log.info( "UserManagerException: {}", e.getMessage() );
138 List<ErrorMessage> errorMessages =
139 Arrays.asList( new ErrorMessage().message( "UserManagerException: " + e.getMessage() ) );
140 throw new RedbackServiceException( errorMessages );
141 }
142 catch ( PasswordRuleViolationException e )
143 {
144 PasswordRuleViolations violations = e.getViolations();
145 List<ErrorMessage> errorMessages = new ArrayList<ErrorMessage>( violations.getViolations().size() );
146 if ( violations != null )
147 {
148 for ( String violation : violations.getLocalizedViolations() )
149 {
150 errorMessages.add( new ErrorMessage( violation ) );
151 }
152 }
153 throw new RedbackServiceException( errorMessages );
154 }
155
156 }
157
158 public org.apache.archiva.redback.rest.api.model.User changePassword( String userName, String previousPassword,
159 String password, String passwordConfirmation )
160 throws RedbackServiceException
161 {
162 if ( StringUtils.isEmpty( userName ) )
163 {
164 throw new RedbackServiceException( new ErrorMessage( "username.cannot.be.empty" ),
165 Response.Status.BAD_REQUEST.getStatusCode() );
166 }
167 if ( StringUtils.isEmpty( previousPassword ) )
168 {
169 throw new RedbackServiceException( new ErrorMessage( "password.previous.empty" ),
170 Response.Status.BAD_REQUEST.getStatusCode() );
171 }
172 if ( StringUtils.isEmpty( password ) )
173 {
174 throw new RedbackServiceException( new ErrorMessage( "password.empty" ),
175 Response.Status.BAD_REQUEST.getStatusCode() );
176 }
177 if ( StringUtils.isEmpty( passwordConfirmation ) )
178 {
179 throw new RedbackServiceException( new ErrorMessage( "password.confirmation.empty" ),
180 Response.Status.BAD_REQUEST.getStatusCode() );
181 }
182
183 if ( !StringUtils.equals( password, passwordConfirmation ) )
184 {
185 throw new RedbackServiceException( new ErrorMessage( "password.confirmation.same" ),
186 Response.Status.BAD_REQUEST.getStatusCode() );
187 }
188 try
189 {
190 User u = securitySystem.getUserManager().findUser( userName );
191
192 String previousEncodedPassword = u.getEncodedPassword();
193
194
195
196 PasswordEncoder encoder = securitySystem.getPolicy().getPasswordEncoder();
197
198 if ( !encoder.isPasswordValid( previousEncodedPassword, previousPassword ) )
199 {
200
201 throw new RedbackServiceException( new ErrorMessage( "password.provided.does.not.match.existing" ),
202 Response.Status.BAD_REQUEST.getStatusCode() );
203 }
204
205 u.setPassword( password );
206
207 u = securitySystem.getUserManager().updateUser( u );
208 return new org.apache.archiva.redback.rest.api.model.User( u );
209 }
210 catch ( UserNotFoundException e )
211 {
212 throw new RedbackServiceException( new ErrorMessage( "user.not.found" ),
213 Response.Status.BAD_REQUEST.getStatusCode() );
214 }
215 catch ( UserManagerException e )
216 {
217 log.info( "UserManagerException: {}", e.getMessage() );
218 List<ErrorMessage> errorMessages =
219 Arrays.asList( new ErrorMessage().message( "UserManagerException: " + e.getMessage() ) );
220 throw new RedbackServiceException( errorMessages );
221 }
222
223 }
224 }