private void checkUserHasPassword(User user) { String password = user.getPassword(); if (password != null && !password.isEmpty()) { return; } LOG.info("Generating random password for user [{}], id [{}[", user.getName(), user.getId()); String passwordString = RandomUtils.generatePasswordString(); String hashedPassword = passwordHash.generate(passwordString.toCharArray()); user.setPassword(hashedPassword); user.setPasswordExpired(true); }
public DatabaseIdentityStore(DatabaseIdentityStoreDefinition dataBaseIdentityStoreDefinition) { this.dataBaseIdentityStoreDefinition = dataBaseIdentityStoreDefinition; validationTypes = unmodifiableSet(new HashSet<>(asList(dataBaseIdentityStoreDefinition.useFor()))); hashAlgorithm = getBeanReference(dataBaseIdentityStoreDefinition.hashAlgorithm()); hashAlgorithm.initialize( unmodifiableMap( stream( dataBaseIdentityStoreDefinition.hashAlgorithmParameters()) .flatMap(s -> toStream(evalImmediate(s, (Object)s))) .collect(toMap( s -> s.substring(0, s.indexOf('=')) , s -> evalImmediate(s.substring(s.indexOf('=') + 1)) )))); }
public CredentialValidationResult validate(UsernamePasswordCredential usernamePasswordCredential) { DataSource dataSource = getDataSource(); List<String> passwords = executeQuery( dataSource, dataBaseIdentityStoreDefinition.callerQuery(), usernamePasswordCredential.getCaller() ); if (passwords.isEmpty()) { return INVALID_RESULT; } if (hashAlgorithm.verify(usernamePasswordCredential.getPassword().getValue(), passwords.get(0))) { Set<String> groups = emptySet(); if (validationTypes.contains(ValidationType.PROVIDE_GROUPS)) { groups = new HashSet<>(executeQuery(dataSource, dataBaseIdentityStoreDefinition.groupsQuery(), usernamePasswordCredential.getCaller())); } return new CredentialValidationResult(new CallerPrincipal(usernamePasswordCredential.getCaller()), groups); } return INVALID_RESULT; }
public CredentialValidationResult validate(UsernamePasswordCredential usernamePasswordCredential) { DataSource dataSource = getDataSource(); List<String> passwords = executeQuery( dataSource, dataBaseIdentityStoreDefinition.callerQuery(), usernamePasswordCredential.getCaller() ); if (passwords.isEmpty()) { return INVALID_RESULT; } if (hashAlgorithm.verify(usernamePasswordCredential.getPassword().getValue(), passwords.get(0))) { Set<String> groups = emptySet(); if (validationTypes.contains(ValidationType.PROVIDE_GROUPS)) { groups = new HashSet<>(executeQuery(dataSource, dataBaseIdentityStoreDefinition.groupsQuery(), usernamePasswordCredential.getCaller())); } return new CredentialValidationResult(new CallerPrincipal(usernamePasswordCredential.getCaller()), groups); } return INVALID_RESULT; }
@RolesAllowed(AuthenticatorConstants.ROLE_ADMIN) public User setUserPassword(@NonNull @NotNull User user, @NonNull @ValidPassword String plainPassword) { String hashedPassword = passwordHash.generate(plainPassword.toCharArray()); user.setPassword(hashedPassword); user.setPasswordExpired(false); User managedUser = saveUser(user); passwordResetTokenUpdateService.removeAllUserTokens(managedUser); return managedUser; }
public DatabaseIdentityStore(DatabaseIdentityStoreDefinition dataBaseIdentityStoreDefinition) { this.dataBaseIdentityStoreDefinition = dataBaseIdentityStoreDefinition; validationTypes = unmodifiableSet(new HashSet<>(asList(dataBaseIdentityStoreDefinition.useFor()))); hashAlgorithm = getBeanReference(dataBaseIdentityStoreDefinition.hashAlgorithm()); hashAlgorithm.initialize( unmodifiableMap( stream( dataBaseIdentityStoreDefinition.hashAlgorithmParameters()) .flatMap(s -> toStream(evalImmediate(s, (Object)s))) .collect(toMap( s -> s.substring(0, s.indexOf('=')) , s -> evalImmediate(s.substring(s.indexOf('=') + 1)) )))); }
@RolesAllowed(AuthenticatorConstants.ROLE_USER) public User updateUserPassword(@NonNull @NotNull User user, @NonNull @ValidPassword String plainPassword) throws UnauthorizedOperationException { checkIsCallerUser(user); checkIsActive(user); String hashedPassword = passwordHash.generate(plainPassword.toCharArray()); user.setPassword(hashedPassword); user.setPasswordExpired(false); return saveUser(user); }
@PermitAll public User resetUserPassword(@NonNull @NotNull User user, @NonNull @ValidPassword String plainPassword, @NotNull String resetToken) throws UnauthorizedOperationException { checkIsActive(user); validatePasswordResetToken(user, resetToken); String hashedPassword = passwordHash.generate(plainPassword.toCharArray()); boolean emailWasVerified = user.isEmailVerified(); user.setPassword(hashedPassword); user.setPasswordExpired(false); user.setEmailVerified(true); User managedUser = saveUser(user); passwordResetTokenUpdateService.removeAllUserTokens(managedUser); if (!emailWasVerified) { applicationEventService.notifiyEmailVerified(managedUser); } return managedUser; }
private void createAdminUser() { Optional<User> existingDefaultUser = userQueryService.findUserByName(AuthenticatorConstants.DEFAULT_ADMIN_USER_NAME); if (existingDefaultUser.isPresent()) { return; } LOGGER.info("Creating default admin user"); Config config = ConfigProvider.getConfig(); String adminPassword = config.getOptionalValue(ConfigConstants.ADMIN_DEFAULT_PASSWORD, String.class) .orElseGet(this::createAndLogRandomAdminPassword); String adminEmail = config.getValue(ConfigConstants.ADMIN_DEFAULT_EMAIL, String.class); String hashedPassword = passwordHash.generate(adminPassword.toCharArray()); User adminUser = new User(); adminUser.setActive(true); adminUser.setAdmin(true); adminUser.setName(AuthenticatorConstants.DEFAULT_ADMIN_USER_NAME); adminUser.setPassword(hashedPassword); adminUser.setPasswordExpired(false); adminUser.setEmail(adminEmail); adminUser.setEmailVerified(true); try { User managedAdminUser = userUpdateService.createUserNoChecks(adminUser); } catch (@NonNull NameAlreadyExistsException | EmailAlreadyExistsException e) { throw new RuntimeException(e); } }
@RolesAllowed(AuthenticatorConstants.ROLE_APPLICATION) public UserApplication updateApplicationUserPassword(@NonNull @NotNull UserApplication userApplication, @NonNull @ValidPassword String plainPassword) throws UnauthorizedOperationException { Application application = userApplication.getApplication(); checkApplicationCanResetPasswords(application); User user = userApplication.getUser(); String hashedPassword = passwordHash.generate(plainPassword.toCharArray()); user.setPassword(hashedPassword); user.setPasswordExpired(false); User managedUser = saveUser(user); passwordResetTokenUpdateService.removeAllUserTokens(managedUser); userApplication.setUser(managedUser); UserApplication managedUserApplication = saveUserApplication(userApplication); managedUser.getUserApplications().add(managedUserApplication); return managedUserApplication; }