/** * Creates new agent user with only the not null values set * * @param email * @param fname * @param lname * @param pwd * @param title * @return */ public Users createNewAgent(String email, String fname, String lname, String pwd, String title) { String uname = generateUsername(email); List<BbcGroup> groups = new ArrayList<>(); String salt = authController.generateSalt(); String password = authController.getPasswordHash(pwd, salt); Users user = new Users(uname, password, email, fname, lname, title, "-", UserAccountStatus.NEW_MOBILE_ACCOUNT, UserAccountType.M_ACCOUNT_TYPE, 0, salt); user.setBbcGroupCollection(groups); return user; }
public UserDTO(Users user) { this.username = user.getUsername(); this.email = user.getEmail(); this.firstName = user.getFname(); this.lastName = user.getLname(); this.telephoneNum = user.getMobile(); if (user.getOrganization() != null) { this.orgName = user.getOrganization().getOrgName(); this.dep = user.getOrganization().getDepartment(); } if (user.getAddress() != null) { this.street = user.getAddress().getAddress2(); this.city = user.getAddress().getCity(); this.postCode = user.getAddress().getPostalcode(); this.country = user.getAddress().getCountry(); } this.maxNumProjects = user.getMaxNumProjects(); this.numCreatedProjects = user.getNumCreatedProjects(); this.twoFactor = user.getTwoFactor(); this.toursState = user.getToursState(); this.userAccountType = user.getMode().toString(); this.numActiveProjects = user.getNumActiveProjects(); numRemainingProjects = maxNumProjects-numCreatedProjects; }
public List<String> getUserRoles(Users p) { Collection<BbcGroup> groupList = p.getBbcGroupCollection(); List<String> list = new ArrayList<>(); for (BbcGroup g : groupList) { list.add(g.getGroupName()); } return list; }
public boolean numProjectsLimitReached(Users user) { if (user.getMaxNumProjects() > 0 && user.getNumCreatedProjects() >= user.getMaxNumProjects()) { return true; } return false; }
boolean generateProjectWideCerts) throws Exception { String userKeyPwd = HopsUtils.randomString(64); String encryptedKey = HopsUtils.encrypt(user.getPassword(), userKeyPwd, certificatesMgmService.getMasterEncryptionPassword()); ReentrantLock lock = certificatesMgmService.getOpensslLock(); user.getUsername(), user.getAddress().getCountry(), user.getAddress().getCity(), user.getOrganization().getOrgName(), user.getEmail(), user.getOrcid(), userKeyPwd); LOG.log(Level.FINE, "Created project specific certificates for user: " + project.getName() + "__" + user.getUsername()); } finally { lock.unlock(); lock.lock(); opensslOperations.createServiceCertificate(project.getProjectGenericUser(), user.getAddress().getCountry(), user.getAddress().getCity(), user.getOrganization().getOrgName(), user.getEmail(), user.getOrcid(), userKeyPwd); } finally { certsFacade.putUserCerts(project.getName(), user.getUsername(), encryptedKey);
/** * Validates password and update account audit. Use validatePwd if ldap user. * * @param user * @param password * @param req * @return */ public boolean validatePassword(Users user, String password, HttpServletRequest req) { if (user == null) { throw new IllegalArgumentException("User not set."); } if (user.getMode().equals(UserAccountType.LDAP_ACCOUNT_TYPE)) { throw new IllegalArgumentException("Operation not allowed for LDAP account."); } String userPwdHash = user.getPassword(); String pwdHash = getPasswordHash(password, user.getSalt()); if (!userPwdHash.equals(pwdHash)) { registerFalseLogin(user, req); LOGGER.log(Level.WARNING, "False login attempt by user: {0}", user.getEmail()); return false; } resetFalseLogin(user); return true; }
/** * Validate security question and update false login attempts * * @param user * @param securityQ * @param securityAnswer * @param req * @return */ public boolean validateSecurityQA(Users user, String securityQ, String securityAnswer, HttpServletRequest req) { if (user == null) { throw new IllegalArgumentException("User not set."); } if (user.getMode().equals(UserAccountType.LDAP_ACCOUNT_TYPE)) { throw new IllegalArgumentException("Operation not allowed for LDAP account."); } if (securityQ == null || securityQ.isEmpty() || securityAnswer == null || securityAnswer.isEmpty()) { return false; } if (!user.getSecurityQuestion().getValue().equalsIgnoreCase(securityQ) || !user.getSecurityAnswer().equals(DigestUtils.sha256Hex(securityAnswer.toLowerCase()))) { registerFalseLogin(user, req); LOGGER.log(Level.WARNING, "False Security Question attempt by user: {0}", user.getEmail()); return false; } return true; }
private LdapUser updateLdapUser(LdapUserDTO user, LdapUser ldapUser) { if (!ldapUser.getUid().getFname().equals(user.getGivenName())) { ldapUser.getUid().setFname(user.getGivenName()); } if (!ldapUser.getUid().getLname().equals(user.getSn())) { ldapUser.getUid().setLname(user.getSn()); } return ldapUserFacade.update(ldapUser); }
/** * Register failed login attempt. * * @param user * @param req */ public void registerFalseLogin(Users user, HttpServletRequest req) { if (user != null) { int count = user.getFalseLogin() + 1; user.setFalseLogin(count); // block the user account if more than allowed false logins if (count > Settings.ALLOWED_FALSE_LOGINS) { user.setStatus(UserAccountStatus.BLOCKED_ACCOUNT); try { emailBean.sendEmail(user.getEmail(), Message.RecipientType.TO, UserAccountsEmailMessages.ACCOUNT_BLOCKED__SUBJECT, UserAccountsEmailMessages.accountBlockedMessage()); } catch (MessagingException ex) { LOGGER.log(Level.SEVERE, "Failed to send email. ", ex); } accountAuditFacade.registerRoleChange(user, UserAccountStatus.SPAM_ACCOUNT.name(), RolesAuditAction.SUCCESS. name(), "False login retries:" + Integer.toString(count), user, req); } // notify user about the false attempts userFacade.update(user); } }
/** * Get the owner of the given project. * <p/> * @param project The project for which to get the current owner. * @return The primary key of the owner of the project. * @deprecated Use project.getOwner().getEmail(); instead. */ public String findOwner(Project project) { return project.getOwner().getEmail(); }
if (user.getTwoFactor()) { user.setTwoFactor(false); userFacade.update(user); accountAuditFacade.registerAccountChange(user, AccountsAuditActions.TWO_FACTOR.name(), } else { try { user.setTwoFactor(true); userFacade.update(user); qr_code = QRCodeGenerator.getQRCodeBytes(user.getEmail(), Settings.ISSUER, user.getSecret()); accountAuditFacade.registerAccountChange(user, AccountsAuditActions.TWO_FACTOR.name(), AccountsAuditActions.SUCCESS.name(), "Enabled 2-factor", user,
/** * Registers failed email validation * * @param user * @param req */ public void registerFalseKeyValidation(Users user, HttpServletRequest req) { if (user != null) { int count = user.getFalseLogin() + 1; user.setFalseLogin(count); // make the user spam account if more than allowed tries if (count > Settings.ACCOUNT_VALIDATION_TRIES) { user.setStatus(UserAccountStatus.SPAM_ACCOUNT); } userFacade.update(user); accountAuditFacade.registerRoleChange(user, UserAccountStatus.SPAM_ACCOUNT.name(), RolesAuditAction.SUCCESS. name(), "Wrong validation key retries: " + Integer.toString(count), user, req); } }
/** * Returns the QR code for the user if two factor is enabled. * * @param user * @param password * @param req * @return null if two factor is disabled. * @throws AppException */ public byte[] getQRCode(Users user, String password, HttpServletRequest req) throws AppException { byte[] qr_code = null; if (user == null) { throw new AppException(Response.Status.NOT_FOUND.getStatusCode(), ResponseMessages.USER_WAS_NOT_FOUND); } if (!authController.validatePassword(user, password, req)) { throw new AppException(Response.Status.BAD_REQUEST.getStatusCode(), ResponseMessages.PASSWORD_INCORRECT); } if (user.getTwoFactor()) { try { qr_code = QRCodeGenerator.getQRCodeBytes(user.getEmail(), Settings.ISSUER, user.getSecret()); } catch (IOException | WriterException ex) { LOGGER.log(Level.SEVERE, null, ex); } } return qr_code; }
/** * Sends new activation key to the given user. * * @param user * @param req * @throws MessagingException */ public void sendNewValidationKey(Users user, HttpServletRequest req) throws MessagingException { if (user == null) { throw new IllegalArgumentException("User not set."); } String activationKey = SecurityUtils.getRandomPassword(RANDOM_PWD_LEN); emailBean.sendEmail(user.getEmail(), Message.RecipientType.TO, UserAccountsEmailMessages.ACCOUNT_REQUEST_SUBJECT, UserAccountsEmailMessages.buildMobileRequestMessageRest(settings.getVerificationEndpoint(), user.getUsername() + activationKey)); user.setValidationKey(activationKey); userFacade.update(user); }
try { for (Project project : projects) { UserCerts userCert = userCertsFacade.findUserCert(project.getName(), p.getUsername()); String masterEncryptionPassword = certificatesMgmService.getMasterEncryptionPassword(); String certPassword = HopsUtils.decrypt(oldPass, userCert.getUserKeyPwd(), masterEncryptionPassword); String newSecret = HopsUtils.encrypt(p.getPassword(), certPassword, masterEncryptionPassword); userCert.setUserKeyPwd(newSecret); userCertsFacade.update(userCert); if (project.getOwner().equals(p)) { if (pguCerts == null) { pguCerts = new ArrayList<>(); masterEncryptionPassword); String newPguSecret = HopsUtils.encrypt(p.getPassword(), pguCertPassword, masterEncryptionPassword); pguCert.setCertificatePassword(newPguSecret); userCertsFacade.updatePGUCert(pguCert);
private ClusterCert checkCSR(String userEmail, String csr) throws IOException, DelaCSRCheckException{ Users user = userFacade.findByEmail(userEmail); if (user == null || user.getEmail() == null || csr == null || csr.isEmpty()) { throw new DelaCSRCheckException(BADREQUEST); String organizationName = keyVal.get("O"); String organizationalUnitName = keyVal.get("OU"); if (email == null || email.isEmpty() || !email.equals(user.getEmail())) { throw new DelaCSRCheckException(EMAIL); throw new DelaCSRCheckException(CNNOTFOUND); if (!clusterCert.getAgentId().equals(user)) { throw new DelaCSRCheckException(AGENTIDNOTFOUND);
if (!project.getOwner().equals(user)) { throw new AppException(Response.Status.BAD_REQUEST.getStatusCode(), ResponseMessages.PROJECT_REMOVAL_NOT_ALLOWED); certificateMaterializer.forceRemoveLocalMaterial(user.getUsername(), project.getName(), null, true); if (settings.isPythonKernelEnabled()) { jupyterProcessFacade.removePythonKernelsForProject(project.getName());
for (ProjectTeam projectTeam : projectTeams) { try { if (!projectTeam.getProjectTeamPK().getTeamMember().equals(owner.getEmail())) { kafkaController.addProjectMemberToTopics(project, newMember.getEmail()); } catch (IOException | InterruptedException | ExecutionException | CAException e) { String failedUser = project.getName() + HdfsUsersController.USER_NAME_DELIMITER + newMember. getUsername(); LOGGER.log(Level.SEVERE, "Could not delete user certificates for user " + failedUser + ". Manual cleanup is needed!!! ", e); new Object[]{newMember.getEmail(), project.getName()}); + " was not found in the system."); } else { failedList.add(newMember.getEmail() + " is already a member in this project.");