public void updateChangeLog(
final Principal user,
final Verb verb,
final PropertyKey key,
final Object previousValue,
final Object newValue) {
if (changeLogEnabled && changeLog != null && key != null) {
final String name = key.jsonName();
if (!hiddenPropertiesInAuditLog.contains(name)
&& !(key.isUnvalidated() || key.isReadOnly())) {
final JsonObject obj = new JsonObject();
obj.add("time", toElement(System.currentTimeMillis()));
obj.add("userId", toElement(user.getUuid()));
obj.add("userName", toElement(user.getName()));
obj.add("verb", toElement(verb));
obj.add("key", toElement(key.jsonName()));
obj.add("prev", toElement(previousValue));
obj.add("val", toElement(newValue));
changeLog.append(obj.toString());
changeLog.append("\n");
}
}
}
@Override
public String getGroupName() {
String name = "";
try (Tx tx = StructrApp.getInstance().tx()) {
Principal owner = getOwner();
if (owner != null) {
List<Principal> parents = owner.getParents();
if (!parents.isEmpty()) {
name = parents.get(0).getProperty(AbstractNode.name);
}
}
tx.success();
} catch (FrameworkException fex) {
logger.log(Level.SEVERE, "Error while getting group name of " + this, fex);
}
return name;
}
// ----- private methods -----
private void invalidateSessionId(final String sessionId) {
// find user with given session ID and remove ID from list of valid sessions
final Principal userWithInvalidSession = AuthHelper.getPrincipalForSessionId(sessionId);
if (userWithInvalidSession != null) {
userWithInvalidSession.removeSessionId(sessionId);
}
}
public void updateChangeLog(final Principal user, final Verb verb, final String object) {
if (changeLogEnabled && changeLog != null) {
final JsonObject obj = new JsonObject();
obj.add("time", toElement(System.currentTimeMillis()));
obj.add("userId", toElement(user.getUuid()));
obj.add("userName", toElement(user.getName()));
obj.add("verb", toElement(verb));
obj.add("target", toElement(object));
changeLog.append(obj.toString());
changeLog.append("\n");
}
}
@Override
public String getOwnerName() {
String name = "";
try (Tx tx = StructrApp.getInstance().tx()) {
Principal owner = getOwner();
if (owner != null) {
name = owner.getProperty(AbstractUser.name);
}
tx.success();
} catch (FrameworkException fex) {
logger.log(Level.SEVERE, "Error while getting owner name of " + this, fex);
}
return name;
}
private String getContent(final String urlString) throws FrameworkException {
final SourceSite site = getSite();
String proxyUrl = site.getProperty(SourceSite.proxyUrl);
String proxyUsername = site.getProperty(SourceSite.proxyUsername);
String proxyPassword = site.getProperty(SourceSite.proxyPassword);
Principal user = securityContext.getCachedUser();
if (user != null & StringUtils.isBlank(proxyUrl)) {
proxyUrl = user.getProperty(Principal.proxyUrl);
proxyUsername = user.getProperty(Principal.proxyUsername);
proxyPassword = user.getProperty(Principal.proxyPassword);
}
final String cookie = site.getProperty(SourceSite.cookie);
return HttpHelper.get(
urlString, proxyUrl, proxyUsername, proxyPassword, cookie, Collections.EMPTY_MAP)
.replace("<head>", "<head>\n <base href=\"" + urlString + "\">");
}
@Override
public Principal doLogin(
final HttpServletRequest request, final String emailOrUsername, final String password)
throws AuthenticationException, FrameworkException {
final Principal user =
AuthHelper.getPrincipalForPassword(Person.eMail, emailOrUsername, password);
if (user != null) {
final String allowLoginBeforeConfirmation =
Services.getInstance()
.getConfigurationValue(RegistrationResource.ALLOW_LOGIN_BEFORE_CONFIRMATION);
if (user.getProperty(User.confirmationKey) != null
&& Boolean.FALSE.equals(Boolean.parseBoolean(allowLoginBeforeConfirmation))) {
logger.log(Level.WARNING, "Login as {0} not allowed before confirmation.", user);
throw new AuthenticationException(AuthHelper.STANDARD_ERROR_MSG);
}
AuthHelper.doLogin(request, user);
}
return user;
}
// ----- private methods -----
private void updateAccessInformation(
final SecurityContext securityContext, final PropertyContainer propertyContainer)
throws FrameworkException {
try {
final Principal user = securityContext.getUser(false);
String modifiedById = null;
if (user != null) {
if (user instanceof SuperUser) {
// "virtual" UUID of superuser
modifiedById = Principal.SUPERUSER_ID;
} else {
modifiedById = user.getUuid();
}
propertyContainer.setProperty(AbstractNode.lastModifiedBy.dbName(), modifiedById);
}
if (!securityContext.dontModifyAccessTime()) {
propertyContainer.setProperty(
AbstractNode.lastModifiedDate.dbName(), System.currentTimeMillis());
}
} catch (Throwable t) {
// fail without throwing an exception here
logger.warn("", t);
}
}
public boolean isAuthenticated() {
final Principal user = getCurrentUser();
return (user != null
&& (user.getProperty(Principal.isAdmin) || user.getProperty(User.backendUser)));
}
/**
* This method checks if the current request is a user registration confirmation, usually
* triggered by a user clicking on a confirmation link in an e-mail.
*
* @param request
* @param response
* @param path
* @return true if the registration was successful
* @throws FrameworkException
* @throws IOException
*/
private boolean checkRegistration(
final Authenticator auth,
final HttpServletRequest request,
final HttpServletResponse response,
final String path)
throws FrameworkException, IOException {
logger.log(Level.FINE, "Checking registration ...");
String key = request.getParameter(CONFIRM_KEY_KEY);
if (StringUtils.isEmpty(key)) {
return false;
}
String targetPage = request.getParameter(TARGET_PAGE_KEY);
String errorPage = request.getParameter(ERROR_PAGE_KEY);
if (CONFIRM_REGISTRATION_PAGE.equals(path)) {
final App app = StructrApp.getInstance();
Result<Principal> results;
try (final Tx tx = app.tx()) {
results = app.nodeQuery(Principal.class).and(User.confirmationKey, key).getResult();
}
if (!results.isEmpty()) {
final Principal user = results.get(0);
try (final Tx tx = app.tx()) {
// Clear confirmation key and set session id
user.setProperty(User.confirmationKey, null);
if (auth.getUserAutoLogin()) {
AuthHelper.doLogin(request, user);
}
tx.success();
}
// Redirect to target page
if (StringUtils.isNotBlank(targetPage)) {
response.sendRedirect("/" + targetPage);
}
return true;
} else {
// Redirect to error page
if (StringUtils.isNotBlank(errorPage)) {
response.sendRedirect("/" + errorPage);
}
return true;
}
}
return false;
}
@Override
public void checkResourceAccess(
final SecurityContext securityContext,
final HttpServletRequest request,
final String rawResourceSignature,
final String propertyView)
throws FrameworkException {
final ResourceAccess resourceAccess =
ResourceAccess.findGrant(securityContext, rawResourceSignature);
final Method method = methods.get(request.getMethod());
final Principal user = getUser(request, true);
final boolean validUser = (user != null);
// super user is always authenticated
if (validUser && (user instanceof SuperUser || user.getProperty(Principal.isAdmin))) {
return;
}
// no grants => no access rights
if (resourceAccess == null) {
logger.log(
Level.INFO, "No resource access grant found for signature {0}.", rawResourceSignature);
throw new UnauthorizedException("Forbidden");
} else {
switch (method) {
case GET:
if (!validUser && resourceAccess.hasFlag(NON_AUTH_USER_GET)) {
return;
}
if (validUser && resourceAccess.hasFlag(AUTH_USER_GET)) {
return;
}
break;
case PUT:
if (!validUser && resourceAccess.hasFlag(NON_AUTH_USER_PUT)) {
return;
}
if (validUser && resourceAccess.hasFlag(AUTH_USER_PUT)) {
return;
}
break;
case POST:
if (!validUser && resourceAccess.hasFlag(NON_AUTH_USER_POST)) {
return;
}
if (validUser && resourceAccess.hasFlag(AUTH_USER_POST)) {
return;
}
break;
case DELETE:
if (!validUser && resourceAccess.hasFlag(NON_AUTH_USER_DELETE)) {
return;
}
if (validUser && resourceAccess.hasFlag(AUTH_USER_DELETE)) {
return;
}
break;
case OPTIONS:
if (!validUser && resourceAccess.hasFlag(NON_AUTH_USER_OPTIONS)) {
return;
}
if (validUser && resourceAccess.hasFlag(AUTH_USER_OPTIONS)) {
return;
}
break;
case HEAD:
if (!validUser && resourceAccess.hasFlag(NON_AUTH_USER_HEAD)) {
return;
}
if (validUser && resourceAccess.hasFlag(AUTH_USER_HEAD)) {
return;
}
break;
}
}
logger.log(
Level.INFO,
"Resource access grant found for signature {0}, but method {1} not allowed for {2}.",
new Object[] {
rawResourceSignature, method, validUser ? "authenticated users" : "public users"
});
throw new UnauthorizedException("Forbidden");
}