private void disableUserInCloudStack(UserAccount user) { if (user != null) { _accountManager.disableUser(user.getId()); } }
private void removeUserInCloudStack(UserAccount user) { if (user != null) { _accountManager.disableUser(user.getId()); } }
@Override public UserAccountJoinVO newUserView(UserAccount usr) { SearchCriteria<UserAccountJoinVO> sc = vrIdSearch.create(); sc.setParameters("id", usr.getId()); List<UserAccountJoinVO> users = searchIncludingRemoved(sc, null, null, false); assert users != null && users.size() == 1 : "No user found for user id " + usr.getId(); return users.get(0); }
private void enableUserInCloudStack(UserAccount user) { if(user != null && (user.getState().equalsIgnoreCase(Account.State.disabled.toString()))) { _accountManager.enableUser(user.getId()); } }
if (user.getId() == User.UID_SYSTEM) { s_logger.error("Failed to authenticate user: " + username + " in domain " + domainId); return null; ActionEventUtils.onActionEvent(user.getId(), user.getAccountId(), user.getDomainId(), EventTypes.EVENT_USER_LOGIN, "user has logged in from IP Address " + loginIpAddress);
/** * If it fails to authenticate the user, the method gets the value from configuration * Saml2FailedLoginRedirectUrl; if the user configured an error URL then it redirects to that * URL, otherwise it throws the ServerApiException */ protected void whenFailToAuthenticateThrowExceptionOrRedirectToUrl(final Map<String, Object[]> params, final String responseType, final HttpServletResponse resp, Issuer issuer, UserAccount userAccount) throws IOException { if (userAccount == null || userAccount.getExternalEntity() == null || !samlAuthManager.isUserAuthorized(userAccount.getId(), issuer.getValue())) { String saml2RedirectUrl = saml2FailedLoginRedirectUrl.value(); if (StringUtils.isBlank(saml2RedirectUrl)) { throw new ServerApiException(ApiErrorCode.ACCOUNT_ERROR, apiServer.getSerializedApiError(ApiErrorCode.ACCOUNT_ERROR.getHttpCode(), "Your authenticated user is not authorized for SAML Single Sign-On, please contact your administrator", params, responseType)); } else { resp.sendRedirect(saml2RedirectUrl); } } }
if (!isInternalAccount(userAccount.getId())) { updateLoginAttempts(userAccount.getId(), 0, false); if (!isInternalAccount(userAccount.getId())) { updateLoginAttempts(userAccount.getId(), attemptsMade, false); s_logger.warn("Login attempt failed. You have " + (_allowedLoginAttempts - attemptsMade) + " attempt(s) remaining"); } else { updateLoginAttempts(userAccount.getId(), _allowedLoginAttempts, true); s_logger.warn("User " + userAccount.getUsername() + " has been disabled due to multiple failed login attempts." + " Please contact admin.");
@Override public Pair<Boolean, ActionOnFailedAuthentication> authenticate(String username, String password, Long domainId, Map<String, Object[]> requestParameters) { if (s_logger.isDebugEnabled()) { s_logger.debug("Trying SAML2 auth for user: " + username); } if (StringUtils.isEmpty(username) || StringUtils.isEmpty(password)) { s_logger.debug("Username or Password cannot be empty"); return new Pair<Boolean, ActionOnFailedAuthentication>(false, null); } final UserAccount userAccount = _userAccountDao.getUserAccount(username, domainId); if (userAccount == null || userAccount.getSource() != User.Source.SAML2) { s_logger.debug("Unable to find user with " + username + " in domain " + domainId + ", or user source is not SAML2"); return new Pair<Boolean, ActionOnFailedAuthentication>(false, null); } else { User user = _userDao.getUser(userAccount.getId()); if (user != null && user.getSource() == User.Source.SAML2 && user.getExternalEntity() != null) { return new Pair<Boolean, ActionOnFailedAuthentication>(true, null); } } // Deny all by default return new Pair<Boolean, ActionOnFailedAuthentication>(false, ActionOnFailedAuthentication.INCREMENT_INCORRECT_LOGIN_ATTEMPT_COUNT); }
private void createCloudstackUserAccount(LdapUser user, String accountName, Domain domain) { Account account = _accountService.getActiveAccountByName(accountName, domain.getId()); if (account == null) { s_logger.debug("No account exists with name: " + accountName + " creating the account and an user with name: " + user.getUsername() + " in the account"); _accountService.createUserAccount(user.getUsername(), generatePassword(), user.getFirstname(), user.getLastname(), user.getEmail(), timezone, accountName, getAccountType(), getRoleId(), domain.getId(), domain.getNetworkDomain(), details, UUID.randomUUID().toString(), UUID.randomUUID().toString(), User.Source.LDAP); } else { // check if the user exists. if yes, call update UserAccount csuser = _accountService.getActiveUserAccount(user.getUsername(), domain.getId()); if (csuser == null) { s_logger.debug("No user exists with name: " + user.getUsername() + " creating a user in the account: " + accountName); _accountService.createUser(user.getUsername(), generatePassword(), user.getFirstname(), user.getLastname(), user.getEmail(), timezone, accountName, domain.getId(), UUID.randomUUID().toString(), User.Source.LDAP); } else { s_logger.debug("Account [name=%s] and user [name=%s] already exist in CloudStack. Executing the user update."); UpdateUserCmd updateUserCmd = new UpdateUserCmd(); updateUserCmd.setId(csuser.getId()); updateUserCmd.setFirstname(user.getFirstname()); updateUserCmd.setLastname(user.getLastname()); updateUserCmd.setEmail(user.getEmail()); _accountService.updateUser(updateUserCmd); } } }
_accountManager.moveUser(userAccount.getId(),userAccount.getDomainId(),mapping.getAccountId());
if (apiServer.verifyUser(userAccount.getId())) { LoginCmdResponse loginResponse = (LoginCmdResponse) apiServer.loginUser(session, userAccount.getUsername(), userAccount.getUsername() + userAccount.getSource().toString(), userAccount.getDomainId(), null, remoteAddress, params);
if (_apiServer.verifyUser(nextUserAccount.getId())) { final LoginCmdResponse loginResponse = (LoginCmdResponse) _apiServer.loginUser(session, nextUserAccount.getUsername(), nextUserAccount.getUsername() + nextUserAccount.getSource().toString(), nextUserAccount.getDomainId(), null, remoteAddress, params);
@Override @Transactional public List<UserGroup> findUserGroupOf(UserAccount userAccount) { Criteria criteria = getSession().createCriteria(UserGroup.class); criteria.createAlias("userAccountsRole", "userAccountsRole"); criteria.createAlias("userAccountsRole.userAccountList", "userAccountList"); criteria.add(Restrictions.eq("userAccountList.id", userAccount.getId())); return criteria.list(); }