public boolean saveUser(BeanFieldGroup<User> fieldGroup, String clearPass) throws FieldGroup.CommitException, BLException { fieldGroup.commit(); BeanItem<User> item = fieldGroup.getItemDataSource(); try { return (boolean) DB.execWithTransaction( (db) -> { User u = item.getBean(); db.save(u); if (clearPass != null && !clearPass.isEmpty()) { UserManager mgr = new UserManager(db); try { mgr.setPassword(u, clearPass); } catch (BLException e) { return false; } addRevisionCreated( db, getEntityName(), item.getItemProperty("id").getValue().toString()); u.setForcePasswordChange(true); db.session().update(u); return true; } return false; }); } catch (Exception e) { getApp().getLog().error(e); return false; } }
public Message startAuthentication(AuthenticationMessage msg) throws AuthenticationException, GeneralSecurityException { if (msg instanceof RequestLoginMessage) { RequestLoginMessage rlm = (RequestLoginMessage) msg; username = rlm.getLogin(); if (!allowRoot && username.equals("root")) { throw new AuthenticationException("Must authenticate as a regular user first."); } // generate challange byte[] passhash = UserManager.v().getPassHash(username); if (passhash == null) { throw new AuthenticationException("User has no password"); } ChallangeMessage cm = new ChallangeMessage(); SecureRandom rand = new SecureRandom(); rand.nextBytes(randNumber); cm.setChallange(randNumber, passhash); state = CL_CHALLANGE_SENT; // send the challange return cm; } else if (msg instanceof ChallangeCheckStatusMessage) { // After authentication is complete the client sends this message // It can be safely ignored. We don't care that the client has // actually authenticated us. return null; } throw new AuthenticationException("State Error"); }
public Message updateState(AuthenticationMessage msg) throws AuthenticationException, GeneralSecurityException { switch (state) { case CL_CHALLANGE_SENT: { ChallangeResponseMessage crm = null; byte[] resp; if (msg instanceof ChallangeResponseMessage) { crm = (ChallangeResponseMessage) msg; resp = crm.getResponse(); } else { throw new AuthenticationException("State Error"); } if (!Arrays.equals(randNumber, resp)) { throw new AuthenticationException("Authentication Failed"); } state = SR_AUTH_SERVER; // wait for challenge ChallangeCheckStatusMessage check = new ChallangeCheckStatusMessage(); check.setOk(true); return check; } case SR_AUTH_SERVER: { ChallangeMessage cm = null; if (msg instanceof ChallangeMessage) { cm = (ChallangeMessage) msg; } else { throw new AuthenticationException("State Error"); } // send reponse ChallangeResponseMessage crm = new ChallangeResponseMessage(); byte[] passhash = UserManager.v().getPassHash(username); if (passhash == null) { throw new AuthenticationException("User has no password"); } crm.produceResponse(cm.getChallange(), passhash); authenticated = true; logger.info("User " + username + " logged in"); state = DONE_STATE; // complete the challenege-response return crm; } default: { if (msg instanceof ChallangeCheckStatusMessage) { return null; } } } throw new AuthenticationException("State Incomplete"); }
public void doPost(HttpServletRequest req, HttpServletResponse resp) throws IOException, ServletException { log.info("########## START EDIT EVENT POST ###########"); // Check for valid user session lpo.User user = UserManager.GetUser(); if (user == null) resp.sendRedirect("WelcomePage.jsp"); // get event from datastore String eventKey = req.getParameter("k"); // pull the event object out lpo.Event event = EventManager.GetEvent(eventKey); String eventName = req.getParameter("eventName").trim(); String description = req.getParameter("description").trim(); boolean formIsComplete = true; int minParticipants = 0; try { minParticipants = Integer.parseInt(req.getParameter("minParticipants")); } catch (Exception e) { log.info("ERROR PARSING MIN PARTICIPANTS: " + e.toString()); formIsComplete = false; } log.info("FORM VARS : " + eventName + " " + description + " " + minParticipants); if (eventName == null || eventName.isEmpty() || description == null || description.isEmpty() || minParticipants < 1) { formIsComplete = false; } if (formIsComplete) { // create event and populate available attributes event.setName(eventName); event.setDescription(description); event.setMinParticipants(minParticipants); // persist to database DataAccessManager.UpdateEvent(event); resp.sendRedirect("/Menu"); } else { // reshow the same jsp page with error message : req.getRequestDispatcher("/WEB-INF/EditEvent.jsp").forward(req, resp); } return; }
public String resetUserPassword(User user) { String generatedPassword = PasswordGenerator.generateRandomPassword(); try { DB.execWithTransaction( (db) -> { db.session().refresh(user); user.getPasswordhistory(); // hack to avoid LazyInitialization UserManager mgr = new UserManager(db); try { mgr.setPassword(user, generatedPassword); } catch (BLException e) { getApp().displayNotification("errorMessage.resetPassword"); return false; } user.setForcePasswordChange(true); db.session().saveOrUpdate(user); return true; }); } catch (Exception e) { getApp().getLog().error(e); return null; } return generatedPassword; }
public void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { log.info("########## START EDIT EVENT GET ###########"); // Check for valid user session lpo.User user = UserManager.GetUser(); if (user == null) resp.sendRedirect("WelcomePage.jsp"); // get event from datastore String eventKey = req.getParameter("k"); // pull the event object out lpo.Event event = EventManager.GetEvent(eventKey); req.setAttribute("event", event); // build display page req.getRequestDispatcher("/WEB-INF/EditEvent.jsp").forward(req, resp); }
public void execute() throws Exception { // TODO Auto-generated method stub Long key = (Long) getView().getAllValues().get("id"); System.out.println("\n\n\n\n\n\n\n\n\n\n The value sent===" + getView().getAllValues()); Map payingAcct = (Map) getView().getAllValues().get("payingAccount"); PaymentBatch batch = XPersistence.getManager().find(PaymentBatch.class, key); TransitAccount debitAccount = batch.getPayingAccount(); if (payingAcct.get("id") != null) { debitAccount = (TransitAccount) MapFacade.findEntity("TransitAccount", payingAcct); batch.setPayingAccount(debitAccount); XPersistence.getManager().merge(batch); } if (UserManager.loginUserHasRole("funder") && debitAccount == null) { addError("As funder, You Need to Attach Debit Account", null); return; } Long transId = (Long) getView().getObject("transId"); Boolean fina = (Boolean) getView().getObject("final"); if (fina) { if (debitAccount == null) { addError(" Debit Account Yet To be Attached", null); return; } String token = (String) getView().getObject("token"); String softToken = (String) getView().getValue("softToken"); if (Is.empty(softToken)) { addError("Soft Token Is Required", null); return; } DateTime dT = (DateTime) getView().getObject("fiveMinutes"); DateTime presentTime = new DateTime(Dates.withTime(Dates.createCurrent())); if (!Is.equalAsStringIgnoreCase(token, softToken)) { addError("Incorrect Soft Token", null); return; } if (dT.getMillis() < presentTime.getMillis()) { addError("Token Has Expired", null); return; } System.out.println( "\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n The sent object to this place ===" + transId); } Transaction transaction = XPersistence.getManager().find(Transaction.class, transId); AsyncEventBus eventBus = new AsyncEventBus(Executors.newCachedThreadPool()); eventBus.register(transaction); System.out.println(" 1111111approve already commented out......... "); eventBus.post(new Object()); // transaction.approve(); closeDialog(); setNextMode(LIST); }
private String _createUndefinedName() { UserManager u = UserManager.getInstance(); String name = "undefined" + u.getUserNum(); return name; }
/** * Displays a given Meeting page for a HTTP Get, or creates a new Meeting for a HTTP Post * * <p>- Requires a cookie for the session user - Requires a meetingId request parameter for a GET * - Requires description, createdByUserId, datepicker, meetingTime, groupId request parameters * for a POST * * @param req The HTTP Request * @param res The HTTP Response */ public void meetingAction(HttpServletRequest req, HttpServletResponse res) { // Ensure there is a cookie for the session user if (AccountController.redirectIfNoCookie(req, res)) return; Map<String, Object> viewData = new HashMap<String, Object>(); viewData.put("title", "Meeting"); // Initialise Manager connections MeetingManager meetingMan = new MeetingManager(); GroupManager groupMan = new GroupManager(); if (req.getMethod() == HttpMethod.Get) { // Get request parameter int meetingId = Integer.parseInt(req.getParameter("meetingId")); Meeting meeting = meetingMan.get(meetingId); if (meeting != null) { List<User> meetingUsers = groupMan.getGroupUsers(meeting.getGroupId()); viewData.put("meetingUsers", meetingUsers); viewData.put("meeting", meeting); view(req, res, "/views/group/Meeting.jsp", viewData); } else { httpNotFound(req, res); } } else if (req.getMethod() == HttpMethod.Post) { // Get details from request String description = req.getParameter("description"); int createdByUserId = Integer.parseInt(req.getParameter("createdByUserId")); Date dateCreated = new Date(); String meetingDate = req.getParameter("datepicker"); String meetingTime = req.getParameter("meetingTime"); // Parse meeting date time details DateFormat format = new SimpleDateFormat("MM/dd/yyyy HH:mm"); Date dateDue = new Date(); try { dateDue = format.parse(meetingDate + " " + meetingTime); } catch (ParseException e) { // Unable to parse date. This shouldn't happen since we are // performing javascript validation. } int groupId = Integer.parseInt(req.getParameter("groupId")); // Create a Meeting Meeting meeting = new Meeting(); meeting.setDescription(description); meeting.setCreatedByUserId(createdByUserId); meeting.setDateCreated(dateCreated); meeting.setDateDue(dateDue); meeting.setGroupId(groupId); meetingMan.createMeeting(meeting); int meetingId = meetingMan.getIdFor(meeting); meeting.setId(meetingId); UserManager userMan = new UserManager(); User createdByUser = userMan.get(createdByUserId); // Create a notification for all users in group NotificationManager notificationMan = new NotificationManager(); List<User> users = groupMan.getGroupUsers(groupId); for (User u : users) { Notification notification = new Notification( u.getId(), u, groupId, null, "Meeting " + description + " was created by " + createdByUser.getFullName(), "/group/meeting?meetingId=" + meetingId); notificationMan.createNotification(notification); } // Update the User Session to show new meeting HttpSession session = req.getSession(); Session userSession = (Session) session.getAttribute("userSession"); User admin = userSession.getUser(); admin.getMeetings().add(meeting); // Show meeting page viewData.put("meetingUsers", users); viewData.put("meeting", meeting); view(req, res, "/views/group/Meeting.jsp", viewData); } }
/** 回复短信 */ public String reply() { User user = userManager.getById(Integer.parseInt(noteSend.getSendid())); getRequest().setAttribute("user", user); return NOTE_NEW_JSP; }
public boolean updateUser( BeanFieldGroup<User> fieldGroup, String currentPass, String newClearPass) throws BLException, FieldGroup.CommitException, CloneNotSupportedException { BeanItem<User> old = fieldGroup.getItemDataSource(); Object oldUser = old.getBean().clone(); fieldGroup.commit(); BeanItem<User> item = fieldGroup.getItemDataSource(); User u = item.getBean(); boolean userUpdated = false; try { userUpdated = (boolean) DB.execWithTransaction( (db) -> { User user = (User) db.session().merge(u); UserManager mgr = new UserManager(db); boolean updated = false; if (!newClearPass.isEmpty()) { boolean passwordOK = false; boolean newPasswordOK = false; try { passwordOK = mgr.checkPassword(user, currentPass); newPasswordOK = mgr.checkNewPassword(user, newClearPass); if (passwordOK && newPasswordOK) { mgr.setPassword(user, newClearPass); updated = true; } else if (!newPasswordOK) { throw new BLException("This password has already been used"); } } catch (BLException e) { // do nothing return false; } } updated = updated || addRevisionUpdated( db, getEntityName(), String.valueOf(u.getId()), oldUser, u, new String[] { "nick", "name", "email", "active", "roles", "password" }); return updated; }); } catch (Exception e) { getApp().getLog().error(e); return false; } if (userUpdated && u.equals(getApp().getUser())) { try { DB.exec( (db) -> { db.session().refresh(getApp().getUser()); return null; }); } catch (Exception e) { getApp().getLog().error(e); } } return userUpdated; }