Ejemplo n.º 1
0
  @Test
  public void testException() throws Exception {
    try {
      ClassLookup.find().orThrow(new NullPointerException()).get();
      fail(NullPointerException.class.getSimpleName() + " expected");
    } catch (NullPointerException e) {
      // expected
    }

    try {
      ClassLookup.find().orThrow(new IOException()).get();
      fail(RuntimeException.class.getSimpleName() + " expected");
    } catch (RuntimeException e) {
      assertSame(IOException.class, e.getCause().getClass());
    }

    String msg = "I knew it!";
    try {
      ClassLookup.find().orThrow(msg).get();
      fail(RuntimeException.class.getSimpleName() + " expected");
    } catch (RuntimeException e) {
      assertEquals(true, e.toString().endsWith(ExceptionUtils.getMessage(e)));
    }

    try {
      ClassLookup.find().orThrow(msg).list();
      fail(RuntimeException.class.getSimpleName() + " expected");
    } catch (Exception e) {
      assertEquals(true, e.toString().endsWith(ExceptionUtils.getMessage(e)));
    }
  }
Ejemplo n.º 2
0
  /**
   * Prepares the monitoring objects for the command by the default behavior:
   *
   * <ul>
   *   <li>{@link ExecutionContext} determines how the command should be monitored. By default,
   *       non-internal commands will be associated with {@code Job} to represent the command
   *       execution. Internal commands will not be monitored by default, therefore the {@code
   *       ExecutionContext} is created as non-monitored context.
   *   <li>{@link Job} is created for monitored actions
   * </ul>
   *
   * @param command The created instance of the command (can't be <code>null</code>).
   * @param actionType The action type of the command
   * @param runAsInternal Indicates if the command should be run as internal action or not
   * @param hasCorrelationId Indicates if the current command was executed under a correlation-ID
   */
  public static void prepareCommandForMonitoring(
      CommandBase<?> command, VdcActionType actionType, boolean runAsInternal) {

    ExecutionContext context = command.getExecutionContext();
    if (context == null) {
      context = new ExecutionContext();
    }

    try {
      boolean isMonitored = shouldMonitorCommand(actionType, runAsInternal);

      // A monitored job is created for monitored external flows
      if (isMonitored || context.isJobRequired()) {
        Job job = getJob(command, actionType);
        context.setExecutionMethod(ExecutionMethod.AsJob);
        context.setJob(job);
        command.setExecutionContext(context);
        command.setJobId(job.getId());
        context.setMonitored(true);
      }
    } catch (Exception e) {
      log.errorFormat(
          "Failed to prepare command of type {0} for monitoring due to error {1}",
          actionType.name(), ExceptionUtils.getMessage(e), e);
    }
  }
Ejemplo n.º 3
0
  @With({UserCredentialWrapFilter.class, ConnectToDBFilter.class})
  public static Result unfollow(String toUnfollowUsername) {
    String currentUsername = DbHelper.currentUsername();

    try {
      boolean success = FriendShipService.unfollow(currentUsername, toUnfollowUsername);
      if (success) {
        return ok();
      } else {
        return notFound("User " + currentUsername + " is not a friend of " + toUnfollowUsername);
      }
    } catch (UserNotFoundException e) {
      return notFound(ExceptionUtils.getMessage(e));
    } catch (Exception e) {
      return internalServerError(ExceptionUtils.getMessage(e));
    }
  }
 @Override
 public void init() {
   try {
     // Use GM
     GMOperation op = new GMOperation();
     // Pipe
     op.addImage(this.inputFile.getAbsolutePath());
     op.addImage(this.outputFile.getAbsolutePath());
     // GM command
     ConvertCmd convert = new ConvertCmd(true);
     // Run
     convert.run(op);
   } catch (InterruptedException e) {
     logger.error("Image convert with error: {}.", ExceptionUtils.getMessage(e));
   } catch (IM4JavaException e) {
     logger.error("Image convert with error: {}.", ExceptionUtils.getMessage(e));
   } catch (IOException e) {
     logger.error("Image convert with error: {}.", ExceptionUtils.getMessage(e));
   }
 }
Ejemplo n.º 5
0
 @With({UserCredentialWrapFilter.class, ConnectToDBFilter.class})
 public static Result disable() {
   try {
     UserService.disableCurrentUser();
   } catch (UserNotFoundException e) {
     return badRequest(ExceptionUtils.getMessage(e));
   } catch (OpenTransactionException e) {
     BaasBoxLogger.error(ExceptionUtils.getFullStackTrace(e));
     throw new RuntimeException(e);
   }
   return ok();
 }
Ejemplo n.º 6
0
  @With({UserCredentialWrapFilter.class, ConnectToDBFilter.class})
  public static Result follow(String toFollowUsername) {

    String currentUsername = DbHelper.currentUsername();

    try {
      UserService.getOUserByUsername(currentUsername);
    } catch (Exception e) {
      return internalServerError(ExceptionUtils.getMessage(e));
    }
    try {
      ODocument followed = FriendShipService.follow(currentUsername, toFollowUsername);
      return created(prepareResponseToJson(followed));
    } catch (UserToFollowNotExistsException e) {
      return notFound(ExceptionUtils.getMessage(e));
    } catch (UserNotFoundException e) {
      return internalServerError(ExceptionUtils.getMessage(e));
    } catch (AlreadyFriendsException e) {
      return badRequest(ExceptionUtils.getMessage(e));
    } catch (SqlInjectionException e) {
      return badRequest(
          "The username "
              + toFollowUsername
              + " is not a valid username. HINT: check if it contains invalid character, the server has encountered a possible SQL Injection attack");
    } catch (IllegalArgumentException e) {
      return badRequest(ExceptionUtils.getMessage(e));
    } catch (Exception e) {
      return internalServerError(ExceptionUtils.getMessage(e));
    }
  }
Ejemplo n.º 7
0
 /** @inheritDoc */
 @Override
 public void printError(Throwable e) {
   switch (config.getVerboseLevel()) {
     case VERBOSE:
       output.printError(e);
       break;
     case SILENT:
       break;
     case BRIEF:
     default:
       output.printMessage("#" + ExceptionUtils.getMessage(e));
       break;
   }
 }
Ejemplo n.º 8
0
 public static void loadDbFacadeConfig() throws Exception {
   boolean configSucceeded = false;
   final String ENGINE_CONF_FILE = "/etc/ovirt-engine/engine.conf";
   final String ON_START_CONNECTION_TIMEOUT = "OnStartConnectionTimeout";
   final String CONNECTION_CHECK_INTERVAL = "ConnectionCheckInterval";
   final String DEFAULT_TIMEOUT_VALUE = "300000";
   final String DEFAULT_INTERVAL_VALUE = "1000";
   InputStream inputStream = null;
   try {
     String onStartConnectionTimeout = null;
     String connectionCheckInterval = null;
     Properties props = new Properties();
     if (FileUtil.fileExists(ENGINE_CONF_FILE)) {
       // File exists, load /etc/ovirt-engine/engine.conf and set values in DbFacade
       inputStream = new FileInputStream(ENGINE_CONF_FILE);
       props.load(inputStream);
       onStartConnectionTimeout = props.getProperty(ON_START_CONNECTION_TIMEOUT);
       connectionCheckInterval = props.getProperty(CONNECTION_CHECK_INTERVAL);
       if (!validNumber(onStartConnectionTimeout)) {
         onStartConnectionTimeout = DEFAULT_TIMEOUT_VALUE;
       }
       if (!validNumber(connectionCheckInterval)) {
         connectionCheckInterval = DEFAULT_INTERVAL_VALUE;
       }
     } else {
       // File does not exist - use defaults
       log.warn(
           String.format(
               "%1$s file is not found. Please check your engine installation. "
                   + "Default values will be used",
               ENGINE_CONF_FILE));
       onStartConnectionTimeout = DEFAULT_TIMEOUT_VALUE;
       connectionCheckInterval = DEFAULT_INTERVAL_VALUE;
     }
     dbFacade.setOnStartConnectionTimeout(Integer.parseInt(onStartConnectionTimeout));
     dbFacade.setConnectionCheckInterval(Integer.parseInt(connectionCheckInterval));
     configSucceeded = true;
   } catch (Exception ex) {
     log.error("Error in configuration of db facade " + ExceptionUtils.getMessage(ex));
   } finally {
     if (!configSucceeded) {
       dbFacade.setOnStartConnectionTimeout(300000);
       dbFacade.setConnectionCheckInterval(1000);
     }
     if (inputStream != null) {
       inputStream.close();
     }
   }
 }
Ejemplo n.º 9
0
 @With({UserCredentialWrapFilter.class, ConnectToDBFilter.class, ExtractQueryParameters.class})
 public static Result getUsers() {
   if (BaasBoxLogger.isTraceEnabled()) BaasBoxLogger.trace("Method Start");
   Context ctx = Http.Context.current.get();
   QueryParams criteria = (QueryParams) ctx.args.get(IQueryParametersKeys.QUERY_PARAMETERS);
   List<ODocument> profiles = null;
   ;
   try {
     profiles = UserService.getUsers(criteria, true);
   } catch (SqlInjectionException e) {
     return badRequest(
         ExceptionUtils.getMessage(e) + " -- " + ExceptionUtils.getRootCauseMessage(e));
   }
   String result = prepareResponseToJson(profiles);
   if (BaasBoxLogger.isTraceEnabled()) BaasBoxLogger.trace("Method End");
   return ok(result);
 }
 @Override
 public void destroy() {
   if (this.outputFile != null && this.outputFile.exists() && this.outputFile.isFile()) {
     try {
       boolean deleted = this.outputFile.delete();
       if (deleted) {
         logger.info("Temp file {} has been deleted.", this.outputFile.getAbsolutePath());
       } else {
         logger.warn("Temp file {} can not be deleted.", this.outputFile.getAbsolutePath());
       }
     } catch (SecurityException e) {
       logger.error(
           "Try to delete temp file {} with Security Exception: {}",
           this.outputFile.getAbsolutePath(),
           ExceptionUtils.getMessage(e));
     }
   }
 }
Ejemplo n.º 11
0
  @With({UserCredentialWrapFilter.class, ConnectToDBFilter.class})
  @BodyParser.Of(BodyParser.Json.class)
  public static Result changeUserName() throws UserNotFoundException {
    Http.RequestBody body = request().body();

    JsonNode bodyJson = body.asJson();
    if (BaasBoxLogger.isTraceEnabled()) BaasBoxLogger.trace("updateuserName bodyJson: " + bodyJson);
    if (bodyJson == null)
      return badRequest(
          "The body payload cannot be empty. Hint: put in the request header Content-Type: application/json");
    if (bodyJson.get("username") == null || !bodyJson.get("username").isTextual())
      return badRequest("'username' field must be a String");
    String newUsername = bodyJson.get("username").asText();
    try {
      UserService.changeUsername(DbHelper.getCurrentHTTPUsername(), newUsername);
    } catch (OpenTransactionException e) {
      return internalServerError(ExceptionUtils.getMessage(e));
    } catch (SqlInjectionException e) {
      return badRequest("Username not valid");
    }
    return ok();
  }
Ejemplo n.º 12
0
  @With({AdminCredentialWrapFilter.class, ConnectToDBFilter.class})
  public static Result resetPasswordStep1(String username) {
    if (BaasBoxLogger.isTraceEnabled()) BaasBoxLogger.trace("Method Start");

    // check and validate input
    if (username == null)
      return badRequest(
          "The 'username' field is missing in the URL, please check the documentation");

    if (!UserService.exists(username)) return badRequest("Username " + username + " not found!");

    QueryParams criteria =
        QueryParams.getInstance().where("user.name=?").params(new String[] {username});
    ODocument user;

    try {
      List<ODocument> users = UserService.getUsers(criteria);
      user = UserService.getUsers(criteria).get(0);

      ODocument attrObj = user.field(UserDao.ATTRIBUTES_VISIBLE_ONLY_BY_THE_USER);
      if (attrObj == null || attrObj.field("email") == null)
        return badRequest(
            "Cannot reset password, the \"email\" attribute is not defined into the user's private profile");

      // if (UserService.checkResetPwdAlreadyRequested(username)) return badRequest("You have
      // already requested a reset of your password.");

      String appCode = (String) Http.Context.current.get().args.get("appcode");
      UserService.sendResetPwdMail(appCode, user);
    } catch (PasswordRecoveryException e) {
      BaasBoxLogger.warn("resetPasswordStep1", e);
      return badRequest(ExceptionUtils.getMessage(e));
    } catch (Exception e) {
      BaasBoxLogger.warn("resetPasswordStep1", e);
      return internalServerError(ExceptionUtils.getFullStackTrace(e));
    }
    if (BaasBoxLogger.isTraceEnabled()) BaasBoxLogger.trace("Method End");
    return ok();
  }
Ejemplo n.º 13
0
  @With({UserCredentialWrapFilter.class, ConnectToDBFilter.class})
  @BodyParser.Of(BodyParser.Json.class)
  public static Result updateProfile() {
    if (BaasBoxLogger.isTraceEnabled()) BaasBoxLogger.trace("Method Start");
    Http.RequestBody body = request().body();

    JsonNode bodyJson = body.asJson();
    if (BaasBoxLogger.isTraceEnabled()) BaasBoxLogger.trace("updateProfile bodyJson: " + bodyJson);
    if (bodyJson == null)
      return badRequest(
          "The body payload cannot be empty. Hint: put in the request header Content-Type: application/json");

    // extract the profile	 fields
    JsonNode nonAppUserAttributes = bodyJson.get(UserDao.ATTRIBUTES_VISIBLE_BY_ANONYMOUS_USER);
    JsonNode privateAttributes = bodyJson.get(UserDao.ATTRIBUTES_VISIBLE_ONLY_BY_THE_USER);
    JsonNode friendsAttributes = bodyJson.get(UserDao.ATTRIBUTES_VISIBLE_BY_FRIENDS_USER);
    JsonNode appUsersAttributes = bodyJson.get(UserDao.ATTRIBUTES_VISIBLE_BY_REGISTERED_USER);

    if (privateAttributes != null && privateAttributes.has("email")) {
      // check if email address is valid
      if (!Util.validateEmail((String) privateAttributes.findValuesAsText("email").get(0)))
        return badRequest("The email address must be valid.");
    }

    ODocument profile;
    try {
      profile =
          UserService.updateCurrentProfile(
              nonAppUserAttributes, privateAttributes, friendsAttributes, appUsersAttributes);
    } catch (Throwable e) {
      BaasBoxLogger.warn("updateProfile", e);
      if (Play.isDev()) return internalServerError(ExceptionUtils.getFullStackTrace(e));
      else return internalServerError(ExceptionUtils.getMessage(e));
    }
    if (BaasBoxLogger.isTraceEnabled()) BaasBoxLogger.trace("Method End");

    return ok(prepareResponseToJson(profile));
  } // updateProfile
Ejemplo n.º 14
0
 /**
  * * Returns the followers of the current user
  *
  * @return
  */
 @With({UserCredentialWrapFilter.class, ConnectToDBFilter.class, ExtractQueryParameters.class})
 public static Result followers(boolean justCountThem, String username) {
   if (StringUtils.isEmpty(username)) username = DbHelper.currentUsername();
   Context ctx = Http.Context.current.get();
   QueryParams criteria = (QueryParams) ctx.args.get(IQueryParametersKeys.QUERY_PARAMETERS);
   List<ODocument> listOfFollowers = new ArrayList<ODocument>();
   long count = 0;
   try {
     if (justCountThem) count = FriendShipService.getCountFriendsOf(username, criteria);
     else listOfFollowers = FriendShipService.getFriendsOf(username, criteria);
   } catch (InvalidCriteriaException e) {
     return badRequest(ExceptionUtils.getMessage(e));
   } catch (SqlInjectionException e) {
     return badRequest(
         "The parameters you passed are incorrect. HINT: check if the querystring is correctly encoded");
   }
   if (justCountThem) {
     response().setContentType("application/json");
     return ok("{\"count\": " + count + " }");
   } else {
     String ret = prepareResponseToJson(listOfFollowers);
     return ok(ret);
   }
 }
Ejemplo n.º 15
0
  // NOTE: this controller is called via a web link by a mail client to reset the user's password
  // Filters to extract username/appcode/atc.. from the headers have no sense in this case
  public static Result resetPasswordStep2(String base64) throws ResetPasswordException {
    // loads the received token and extracts data by the hashcode in the url
    String tokenReceived = "";
    String appCode = "";
    String username = "";
    String tokenId = "";
    String adminUser = "";
    String adminPassword = "";
    Boolean isJSON = false;
    ObjectNode result = Json.newObject();

    if (base64.endsWith(".json")) {
      isJSON = true;
    }

    try {
      // if isJSON it's true, in input I have a json. So I need to delete the "extension" .json
      if (isJSON) {
        base64 = base64.substring(0, base64.lastIndexOf('.'));
      }
      tokenReceived = new String(Base64.decodeBase64(base64.getBytes()));
      if (BaasBoxLogger.isDebugEnabled())
        BaasBoxLogger.debug("resetPasswordStep2 - sRandom: " + tokenReceived);

      // token format should be APP_Code%%%%Username%%%%ResetTokenId
      String[] tokens = tokenReceived.split("%%%%");
      if (tokens.length != 3)
        throw new Exception(
            "The reset password code is invalid. Please repeat the reset password procedure");
      appCode = tokens[0];
      username = tokens[1];
      tokenId = tokens[2];

      adminUser = BBConfiguration.configuration.getString(IBBConfigurationKeys.ADMIN_USERNAME);
      adminPassword = BBConfiguration.configuration.getString(IBBConfigurationKeys.ADMIN_PASSWORD);

      try {
        DbHelper.open(appCode, adminUser, adminPassword);
      } catch (InvalidAppCodeException e1) {
        throw new Exception(
            "The code to reset the password seems to be invalid. Please repeat the reset password procedure");
      }

      boolean isTokenValid = ResetPwdDao.getInstance().verifyTokenStep1(base64, username);
      if (!isTokenValid)
        throw new Exception(
            "Reset password procedure is expired! Please repeat the reset password procedure");

    } catch (Exception e) {
      if (isJSON) {
        result.put("status", "KO");
        result.put("user_name", username);
        result.put("error", ExceptionUtils.getMessage(e));
        result.put(
            "application_name",
            com.baasbox.configuration.Application.APPLICATION_NAME.getValueAsString());
        DbHelper.getConnection().close();
        return badRequest(result);
      } else {
        ST pageTemplate =
            new ST(PasswordRecovery.PAGE_HTML_FEEDBACK_TEMPLATE.getValueAsString(), '$', '$');
        pageTemplate.add("user_name", username);
        pageTemplate.add("error", ExceptionUtils.getMessage(e));
        pageTemplate.add(
            "application_name",
            com.baasbox.configuration.Application.APPLICATION_NAME.getValueAsString());
        return badRequest(Html.apply(pageTemplate.render()));
      }
    }
    String tokenStep2 = ResetPwdDao.getInstance().setTokenStep2(username, appCode);

    if (isJSON) {
      result.put("user_name", username);
      result.put("link", "/user/password/reset/" + tokenStep2 + ".json");
      result.put("token", tokenStep2);
      result.put(
          "application_name",
          com.baasbox.configuration.Application.APPLICATION_NAME.getValueAsString());
      DbHelper.getConnection().close();
      return ok(result);
    } else {
      ST pageTemplate = new ST(PasswordRecovery.PAGE_HTML_TEMPLATE.getValueAsString(), '$', '$');
      pageTemplate.add(
          "form_template",
          "<form action='/user/password/reset/"
              + tokenStep2
              + "' method='POST' id='reset_pwd_form'>"
              + "<label for='password'>New password</label>"
              + "<input type='password' id='password' name='password' />"
              + "<label for='repeat-password'>Repeat the new password</label>"
              + "<input type='password' id='repeat-password' name='repeat-password' />"
              + "<button type='submit' id='reset_pwd_submit'>Reset the password</button>"
              + "</form>");
      pageTemplate.add("user_name", username);
      pageTemplate.add("link", "/user/password/reset/" + tokenStep2);
      pageTemplate.add("password", "password");
      pageTemplate.add("repeat_password", "repeat-password");
      pageTemplate.add("token", tokenStep2);
      pageTemplate.add(
          "application_name",
          com.baasbox.configuration.Application.APPLICATION_NAME.getValueAsString());
      DbHelper.getConnection().close();
      return ok(Html.apply(pageTemplate.render()));
    }
  }
Ejemplo n.º 16
0
  @With({AdminCredentialWrapFilter.class, ConnectToDBFilter.class})
  @BodyParser.Of(BodyParser.Json.class)
  public static Result signUp() throws JsonProcessingException, IOException {
    if (BaasBoxLogger.isTraceEnabled()) BaasBoxLogger.trace("Method Start");
    Http.RequestBody body = request().body();

    JsonNode bodyJson = body.asJson();
    if (BaasBoxLogger.isTraceEnabled()) BaasBoxLogger.trace("signUp bodyJson: " + bodyJson);
    if (bodyJson == null)
      return badRequest(
          "The body payload cannot be empty. Hint: put in the request header Content-Type: application/json");
    // check and validate input
    if (!bodyJson.has("username")) return badRequest("The 'username' field is missing");
    if (!bodyJson.has("password")) return badRequest("The 'password' field is missing");

    // extract mandatory fields
    JsonNode nonAppUserAttributes = bodyJson.get(UserDao.ATTRIBUTES_VISIBLE_BY_ANONYMOUS_USER);
    JsonNode privateAttributes = bodyJson.get(UserDao.ATTRIBUTES_VISIBLE_ONLY_BY_THE_USER);
    JsonNode friendsAttributes = bodyJson.get(UserDao.ATTRIBUTES_VISIBLE_BY_FRIENDS_USER);
    JsonNode appUsersAttributes = bodyJson.get(UserDao.ATTRIBUTES_VISIBLE_BY_REGISTERED_USER);
    String username = (String) bodyJson.findValuesAsText("username").get(0);
    String password = (String) bodyJson.findValuesAsText("password").get(0);
    String appcode = (String) ctx().args.get("appcode");
    if (privateAttributes != null && privateAttributes.has("email")) {
      // check if email address is valid
      if (!Util.validateEmail((String) privateAttributes.findValuesAsText("email").get(0)))
        return badRequest("The email address must be valid.");
    }
    if (StringUtils.isEmpty(password)) return status(422, "The password field cannot be empty");

    // try to signup new user
    ODocument profile = null;
    try {
      UserService.signUp(
          username,
          password,
          null,
          nonAppUserAttributes,
          privateAttributes,
          friendsAttributes,
          appUsersAttributes,
          false);
      // due to issue 412, we have to reload the profile
      profile = UserService.getUserProfilebyUsername(username);
    } catch (InvalidJsonException e) {
      if (BaasBoxLogger.isDebugEnabled()) BaasBoxLogger.debug("signUp", e);
      return badRequest("One or more profile sections is not a valid JSON object");
    } catch (UserAlreadyExistsException e) {
      if (BaasBoxLogger.isDebugEnabled()) BaasBoxLogger.debug("signUp", e);
      // Return a generic error message if the username is already in use.
      return badRequest("Error signing up");
    } catch (EmailAlreadyUsedException e) {
      // Return a generic error message if the email is already in use.
      if (BaasBoxLogger.isDebugEnabled()) BaasBoxLogger.debug("signUp", e);
      return badRequest("Error signing up");
    } catch (Throwable e) {
      BaasBoxLogger.warn("signUp", e);
      if (Play.isDev()) return internalServerError(ExceptionUtils.getFullStackTrace(e));
      else return internalServerError(ExceptionUtils.getMessage(e));
    }
    if (BaasBoxLogger.isTraceEnabled()) BaasBoxLogger.trace("Method End");
    ImmutableMap<SessionKeys, ? extends Object> sessionObject =
        SessionTokenProvider.getSessionTokenProvider().setSession(appcode, username, password);
    response()
        .setHeader(SessionKeys.TOKEN.toString(), (String) sessionObject.get(SessionKeys.TOKEN));

    String result = prepareResponseToJson(profile);
    ObjectMapper mapper = new ObjectMapper();
    result =
        result.substring(0, result.lastIndexOf("}"))
            + ",\""
            + SessionKeys.TOKEN.toString()
            + "\":\""
            + (String) sessionObject.get(SessionKeys.TOKEN)
            + "\"}";
    JsonNode jn = mapper.readTree(result);

    return created(jn);
  }
Ejemplo n.º 17
0
  // NOTE: this controller is called via a web form by a browser to reset the user's password
  // Filters to extract username/appcode/atc.. from the headers have no sense in this case
  public static Result resetPasswordStep3(String base64) {
    String tokenReceived = "";
    String appCode = "";
    String username = "";
    String tokenId = "";
    Map<String, String[]> bodyForm = null;
    Boolean isJSON = false;
    ObjectNode result = Json.newObject();

    if (base64.endsWith(".json")) {
      isJSON = true;
    }
    try {
      // if isJSON it's true, in input I have a json. So I need to delete the "extension" .json
      if (isJSON) {
        base64 = base64.substring(0, base64.lastIndexOf('.'));
      }
      // loads the received token and extracts data by the hashcode in the url
      tokenReceived = new String(Base64.decodeBase64(base64.getBytes()));
      if (BaasBoxLogger.isDebugEnabled())
        BaasBoxLogger.debug("resetPasswordStep3 - sRandom: " + tokenReceived);

      // token format should be APP_Code%%%%Username%%%%ResetTokenId
      String[] tokens = tokenReceived.split("%%%%");
      if (tokens.length != 3) return badRequest("The reset password code is invalid.");
      appCode = tokens[0];
      username = tokens[1];
      tokenId = tokens[2];

      String adminUser =
          BBConfiguration.configuration.getString(IBBConfigurationKeys.ADMIN_USERNAME);
      String adminPassword =
          BBConfiguration.configuration.getString(IBBConfigurationKeys.ADMIN_PASSWORD);

      try {
        DbHelper.open(appCode, adminUser, adminPassword);
      } catch (InvalidAppCodeException e1) {
        throw new Exception("The code to reset the password seems to be invalid");
      }

      if (!UserService.exists(username)) throw new Exception("User not found!");

      boolean isTokenValid = ResetPwdDao.getInstance().verifyTokenStep2(base64, username);
      if (!isTokenValid)
        throw new Exception(
            "Reset Code not found or expired! Please repeat the reset password procedure");

      Http.RequestBody body = request().body();

      bodyForm = body.asFormUrlEncoded();
      if (bodyForm == null)
        throw new Exception(
            "Error getting submitted data. Please repeat the reset password procedure");

    } catch (Exception e) {
      if (isJSON) {
        result.put("user_name", username);
        result.put("error", ExceptionUtils.getMessage(e));
        result.put(
            "application_name",
            com.baasbox.configuration.Application.APPLICATION_NAME.getValueAsString());
        DbHelper.getConnection().close();
        return badRequest(result);

      } else {
        ST pageTemplate =
            new ST(PasswordRecovery.PAGE_HTML_FEEDBACK_TEMPLATE.getValueAsString(), '$', '$');
        pageTemplate.add("user_name", username);
        pageTemplate.add("error", ExceptionUtils.getMessage(e));
        pageTemplate.add(
            "application_name",
            com.baasbox.configuration.Application.APPLICATION_NAME.getValueAsString());
        DbHelper.getConnection().close();
        return badRequest(Html.apply(pageTemplate.render()));
      }
    }
    // check and validate input
    String errorString = "";
    if (bodyForm.get("password").length != 1) errorString = "The 'new password' field is missing";
    if (bodyForm.get("repeat-password").length != 1)
      errorString = "The 'repeat password' field is missing";

    String password = (String) bodyForm.get("password")[0];
    String repeatPassword = (String) bodyForm.get("repeat-password")[0];

    if (!password.equals(repeatPassword)) {
      errorString =
          "The new \"password\" field and the \"repeat password\" field must be the same.";
    }
    if (!errorString.isEmpty()) {
      if (isJSON) {
        result.put("user_name", username);
        result.put("link", "/user/password/reset/" + base64 + ".json");
        result.put("token", base64);
        result.put(
            "application_name",
            com.baasbox.configuration.Application.APPLICATION_NAME.getValueAsString());
        result.put("error", errorString);
        DbHelper.getConnection().close();
        return badRequest(result);
      } else {
        ST pageTemplate = new ST(PasswordRecovery.PAGE_HTML_TEMPLATE.getValueAsString(), '$', '$');
        pageTemplate.add(
            "form_template",
            "<form action='/user/password/reset/"
                + base64
                + "' method='POST' id='reset_pwd_form'>"
                + "<label for='password'>New password</label>"
                + "<input type='password' id='password' name='password' />"
                + "<label for='repeat-password'>Repeat the new password</label>"
                + "<input type='password' id='repeat-password' name='repeat-password' />"
                + "<button type='submit' id='reset_pwd_submit'>Reset the password</button>"
                + "</form>");
        pageTemplate.add("user_name", username);
        pageTemplate.add("link", "/user/password/reset/" + base64);
        pageTemplate.add("token", base64);
        pageTemplate.add("password", "password");
        pageTemplate.add("repeat_password", "repeat-password");
        pageTemplate.add(
            "application_name",
            com.baasbox.configuration.Application.APPLICATION_NAME.getValueAsString());
        pageTemplate.add("error", errorString);
        DbHelper.getConnection().close();
        return badRequest(Html.apply(pageTemplate.render()));
      }
    }
    try {
      UserService.resetUserPasswordFinalStep(username, password);
    } catch (Throwable e) {
      BaasBoxLogger.warn("changeUserPassword", e);
      DbHelper.getConnection().close();
      if (Play.isDev()) return internalServerError(ExceptionUtils.getFullStackTrace(e));
      else return internalServerError(ExceptionUtils.getMessage(e));
    }
    if (BaasBoxLogger.isTraceEnabled()) BaasBoxLogger.trace("Method End");

    String ok_message = "Password changed";
    if (isJSON) {
      result.put("user_name", username);
      result.put("message", ok_message);
      result.put(
          "application_name",
          com.baasbox.configuration.Application.APPLICATION_NAME.getValueAsString());
      DbHelper.getConnection().close();
      return ok(result);
    } else {
      ST pageTemplate =
          new ST(PasswordRecovery.PAGE_HTML_FEEDBACK_TEMPLATE.getValueAsString(), '$', '$');
      pageTemplate.add("user_name", username);
      pageTemplate.add("message", ok_message);
      pageTemplate.add(
          "application_name",
          com.baasbox.configuration.Application.APPLICATION_NAME.getValueAsString());
      DbHelper.getConnection().close();
      return ok(Html.apply(pageTemplate.render()));
    }
  }
Ejemplo n.º 18
0
  /**
   * * Login the user. parameters: username password appcode: the App Code (API KEY) login_data:
   * json serialized string containing info related to the device used by the user. In particular,
   * for push notification, must by supplied: deviceId os: (android|ios)
   *
   * @return
   * @throws SqlInjectionException
   * @throws IOException
   * @throws JsonProcessingException
   */
  @With({NoUserCredentialWrapFilter.class})
  public static Result login() throws SqlInjectionException, JsonProcessingException, IOException {
    String username = "";
    String password = "";
    String appcode = "";
    String loginData = null;

    RequestBody body = request().body();
    // BaasBoxLogger.debug ("Login called. The body is: {}", body);
    if (body == null)
      return badRequest(
          "missing data: is the body x-www-form-urlencoded or application/json? Detected: "
              + request().getHeader(CONTENT_TYPE));
    Map<String, String[]> bodyUrlEncoded = body.asFormUrlEncoded();
    if (bodyUrlEncoded != null) {
      if (bodyUrlEncoded.get("username") == null)
        return badRequest("The 'username' field is missing");
      else username = bodyUrlEncoded.get("username")[0];
      if (bodyUrlEncoded.get("password") == null)
        return badRequest("The 'password' field is missing");
      else password = bodyUrlEncoded.get("password")[0];
      if (bodyUrlEncoded.get("appcode") == null)
        return badRequest("The 'appcode' field is missing");
      else appcode = bodyUrlEncoded.get("appcode")[0];
      if (BaasBoxLogger.isDebugEnabled()) BaasBoxLogger.debug("Username " + username);
      if (BaasBoxLogger.isDebugEnabled()) BaasBoxLogger.debug("Password " + password);
      if (BaasBoxLogger.isDebugEnabled()) BaasBoxLogger.debug("Appcode " + appcode);
      if (username.equalsIgnoreCase(BBConfiguration.getBaasBoxAdminUsername())
          || username.equalsIgnoreCase(BBConfiguration.getBaasBoxUsername()))
        return forbidden(username + " cannot login");

      if (bodyUrlEncoded.get("login_data") != null) loginData = bodyUrlEncoded.get("login_data")[0];
      if (BaasBoxLogger.isDebugEnabled()) BaasBoxLogger.debug("LoginData" + loginData);
    } else {
      JsonNode bodyJson = body.asJson();
      if (bodyJson == null)
        return badRequest(
            "missing data : is the body x-www-form-urlencoded or application/json? Detected: "
                + request().getHeader(CONTENT_TYPE));
      if (bodyJson.get("username") == null) return badRequest("The 'username' field is missing");
      else username = bodyJson.get("username").asText();
      if (bodyJson.get("password") == null) return badRequest("The 'password' field is missing");
      else password = bodyJson.get("password").asText();
      if (bodyJson.get("appcode") == null) return badRequest("The 'appcode' field is missing");
      else appcode = bodyJson.get("appcode").asText();
      if (BaasBoxLogger.isDebugEnabled()) BaasBoxLogger.debug("Username " + username);
      if (BaasBoxLogger.isDebugEnabled()) BaasBoxLogger.debug("Password " + password);
      if (BaasBoxLogger.isDebugEnabled()) BaasBoxLogger.debug("Appcode " + appcode);
      if (username.equalsIgnoreCase(BBConfiguration.getBaasBoxAdminUsername())
          || username.equalsIgnoreCase(BBConfiguration.getBaasBoxUsername()))
        return forbidden(username + " cannot login");

      if (bodyJson.get("login_data") != null) loginData = bodyJson.get("login_data").asText();
      if (BaasBoxLogger.isDebugEnabled()) BaasBoxLogger.debug("LoginData" + loginData);
    }
    /* other useful parameter to receive and to store...*/
    // validate user credentials
    ODatabaseRecordTx db = null;
    String user = null;
    try {
      db = DbHelper.open(appcode, username, password);
      user = prepareResponseToJson(UserService.getCurrentUser());

      if (loginData != null) {
        JsonNode loginInfo = null;
        try {
          loginInfo = Json.parse(loginData);
        } catch (Exception e) {
          if (BaasBoxLogger.isDebugEnabled()) BaasBoxLogger.debug("Error parsong login_data field");
          if (BaasBoxLogger.isDebugEnabled())
            BaasBoxLogger.debug(ExceptionUtils.getFullStackTrace(e));
          return badRequest("login_data field is not a valid json string");
        }
        Iterator<Entry<String, JsonNode>> it = loginInfo.fields();
        HashMap<String, Object> data = new HashMap<String, Object>();
        while (it.hasNext()) {
          Entry<String, JsonNode> element = it.next();
          String key = element.getKey();
          Object value = element.getValue().asText();
          data.put(key, value);
        }
        UserService.registerDevice(data);
      }
    } catch (OSecurityAccessException e) {
      if (BaasBoxLogger.isDebugEnabled())
        BaasBoxLogger.debug("UserLogin: "******"user " + username + " unauthorized");
    } catch (InvalidAppCodeException e) {
      if (BaasBoxLogger.isDebugEnabled())
        BaasBoxLogger.debug("UserLogin: "******"user " + username + " unauthorized");
    } finally {
      if (db != null && !db.isClosed()) db.close();
    }
    ImmutableMap<SessionKeys, ? extends Object> sessionObject =
        SessionTokenProvider.getSessionTokenProvider().setSession(appcode, username, password);
    response()
        .setHeader(SessionKeys.TOKEN.toString(), (String) sessionObject.get(SessionKeys.TOKEN));

    ObjectMapper mapper = new ObjectMapper();
    user =
        user.substring(0, user.lastIndexOf("}"))
            + ",\""
            + SessionKeys.TOKEN.toString()
            + "\":\""
            + (String) sessionObject.get(SessionKeys.TOKEN)
            + "\"}";
    JsonNode jn = mapper.readTree(user);

    return ok(jn);
  }