/**
* Update user password.
*
* @param headers
* @param username
* @return
* @throws IOException
* @throws JargonException
*/
@RequestMapping(value = "/services/users/{username}/updatepwd", method = RequestMethod.GET)
@ResponseBody
public IBIOMESResponse updateUserPassword(
@PathVariable("username") String username,
@RequestParam("oldPwd") String oldPwd,
@RequestParam("newPwd") String newPwd)
throws JargonException, IOException {
IRODSAccount irodsAccount =
(IRODSAccount) request.getSession().getAttribute("SPRING_SECURITY_CONTEXT");
UserAO userAO = irodsAccessObjectFactory.getUserAO(irodsAccount);
try {
userAO.changeAUserPasswordByThatUser(username, oldPwd, newPwd);
// create new iRODS account object to reflect changes
IRODSAccount newAccount =
IRODSAccount.instance(
irodsAccount.getHost(),
irodsAccount.getPort(),
irodsAccount.getUserName(),
newPwd,
irodsAccount.getHomeDirectory(),
irodsAccount.getZone(),
irodsAccount.getDefaultStorageResource());
IRODSSession session = irodsAccessObjectFactory.getIrodsSession();
// TODO UPDATE SESSION INFO!!! OR SOEMTHING WRONG HERE...
AuthResponse authResponse = null;
IRODSAccessObjectFactory accessAO = IRODSAccessObjectFactoryImpl.instance(session);
try {
request.getSession().removeAttribute("SPRING_SECURITY_CONTEXT");
authResponse = accessAO.authenticateIRODSAccount(newAccount);
session.currentConnection(authResponse.getAuthenticatedIRODSAccount());
request
.getSession()
.setAttribute("SPRING_SECURITY_CONTEXT", authResponse.getAuthenticatedIRODSAccount());
} catch (JargonException e) {
e.printStackTrace();
return new IBIOMESResponse(
false,
"Cannot update session information. Exception: " + e.getLocalizedMessage(),
null);
}
} catch (AuthenticationException exc) {
return new IBIOMESResponse(false, "Current password is not correct", null);
}
return new IBIOMESResponse(true, "Password successfully updated", null);
}
/**
* Retrieve list of iBIOMES users.
*
* @param usertype User type (admins, users, or groups)
* @return User list
* @throws JargonException
* @throws IOException
* @throws Exception
*/
@RequestMapping(value = "/services/users", method = RequestMethod.GET)
@ResponseBody
public UserListMetadata getUsers() throws JargonException, IOException {
IRODSAccount irodsAccount =
(IRODSAccount) request.getSession().getAttribute("SPRING_SECURITY_CONTEXT");
UserAO userAO = irodsAccessObjectFactory.getUserAO(irodsAccount);
UserListMetadata users = new UserListMetadata(userAO.findAll());
return users;
}
/**
* Retrieve info for particular iBIOMES user.
*
* @param headers
* @param username
* @return
* @throws IOException
* @throws JargonException
*/
@RequestMapping(value = "/services/users/{username}", method = RequestMethod.GET)
@ResponseBody
public UserMetadata getUser(@PathVariable("username") String username)
throws JargonException, IOException {
IRODSAccount irodsAccount =
(IRODSAccount) request.getSession().getAttribute("SPRING_SECURITY_CONTEXT");
UserAO userAO = irodsAccessObjectFactory.getUserAO(irodsAccount);
UserMetadata user = new UserMetadata(userAO.findByName(username));
return user;
}
/**
* Retrieve list of user groups.
*
* @param headers
* @param username
* @return
* @throws IOException
* @throws JargonException
*/
@RequestMapping(value = "/services/usergroups/{groupname}/users", method = RequestMethod.GET)
@ResponseBody
public UserListMetadata getUserGroupMembers(@PathVariable("groupname") String groupname)
throws JargonException, IOException {
IRODSAccount irodsAccount =
(IRODSAccount) request.getSession().getAttribute("SPRING_SECURITY_CONTEXT");
UserGroupAO userGroupAO = irodsAccessObjectFactory.getUserGroupAO(irodsAccount);
UserListMetadata users = new UserListMetadata(userGroupAO.listUserGroupMembers(groupname));
return users;
}
/**
* Create temporary user password.
*
* @return
* @throws JargonException
*/
@RequestMapping(value = "/services/user/getTmpPassword", method = RequestMethod.GET)
@ResponseBody
public IBIOMESResponse getTemporaryPassword() throws JargonException {
IRODSAccount irodsAccount =
(IRODSAccount) request.getSession().getAttribute("SPRING_SECURITY_CONTEXT");
if (irodsAccount.isAnonymousAccount()) {
return new IBIOMESResponse(true, "", "");
} else {
UserAO userAO = irodsAccessObjectFactory.getUserAO(irodsAccount);
try {
String password = userAO.getTemporaryPasswordForConnectedUser();
return new IBIOMESResponse(true, "", password);
} catch (AuthenticationException exc) {
return new IBIOMESResponse(
false,
"Could not generate temporary password for user '" + irodsAccount.getUserName() + "'",
null);
}
}
}
@Test
public void testAddUserDuplicateByAdmin() throws Exception {
String testUser = "******";
String testPassword = "******";
IRODSAccount irodsAccount =
testingPropertiesHelper.buildIRODSAccountFromTestProperties(testingProperties);
IRODSAccessObjectFactory accessObjectFactory = irodsFileSystem.getIRODSAccessObjectFactory();
UserAO userAO = accessObjectFactory.getUserAO(irodsAccount);
userAO.deleteUser(testUser);
User user = new User();
user.setName(testUser);
user.setUserType(UserTypeEnum.RODS_USER);
userAO.addUser(user);
StringBuilder sb = new StringBuilder();
sb.append("http://localhost:");
sb.append(
testingPropertiesHelper.getPropertyValueAsInt(
testingProperties, RestTestingProperties.REST_PORT_PROPERTY));
sb.append("/user/");
DefaultHttpClientAndContext clientAndContext =
RestAuthUtils.httpClientSetup(irodsAccount, testingProperties);
try {
HttpPut httpPut = new HttpPut(sb.toString());
httpPut.addHeader("accept", "application/json");
httpPut.addHeader("Content-Type", "application/json");
ObjectMapper mapper = new ObjectMapper();
UserAddByAdminRequest addRequest = new UserAddByAdminRequest();
addRequest.setDistinguishedName("dn here");
addRequest.setTempPassword(testPassword);
addRequest.setUserName(testUser);
String body = mapper.writeValueAsString(addRequest);
System.out.println(body);
httpPut.setEntity(new StringEntity(body));
HttpResponse response =
clientAndContext.getHttpClient().execute(httpPut, clientAndContext.getHttpContext());
HttpEntity entity = response.getEntity();
Assert.assertEquals(200, response.getStatusLine().getStatusCode());
String entityData = EntityUtils.toString(entity);
System.out.println(entityData);
UserAddActionResponse actual = mapper.readValue(entityData, UserAddActionResponse.class);
Assert.assertEquals(testUser, actual.getUserName());
Assert.assertEquals(
UserAddActionResponse.UserAddActionResponseCode.USER_NAME_IS_TAKEN,
actual.getUserAddActionResponse());
Assert.assertEquals(
UserAddActionResponse.UserAddActionResponseCode.USER_NAME_IS_TAKEN.ordinal(),
actual.getUserAddActionResponseNumericCode());
} finally {
// When HttpClient instance is no longer needed,
// shut down the connection manager to ensure
// immediate deallocation of all system resources
clientAndContext.getHttpClient().getConnectionManager().shutdown();
}
}
@Test
public void testAddUserByAdminLongDn() throws Exception {
String testUser = "******";
String testPassword = "******";
String testDN =
"/CN=xxxxxyyxx-64f0-4d49-a0a9-508a8a5328cd/emailAddress=xxxxxxxxxxthismaynotshowup";
IRODSAccount irodsAccount =
testingPropertiesHelper.buildIRODSAccountFromTestProperties(testingProperties);
IRODSAccount userAccount =
testingPropertiesHelper.buildIRODSAccountForIRODSUserFromTestPropertiesForGivenUser(
testingProperties, testUser, testPassword);
IRODSAccessObjectFactory accessObjectFactory = irodsFileSystem.getIRODSAccessObjectFactory();
UserAO userAO = accessObjectFactory.getUserAO(irodsAccount);
try {
userAO.findByName(testUser);
String homeDir = MiscIRODSUtils.computeHomeDirectoryForIRODSAccount(userAccount);
IRODSFile userHomeDir =
irodsFileSystem.getIRODSFileFactory(userAccount).instanceIRODSFile(homeDir);
for (File homeDirFile : userHomeDir.listFiles()) {
homeDirFile.delete();
}
userAO.deleteUser(testUser);
} catch (DataNotFoundException dnf) {
// OK
}
StringBuilder sb = new StringBuilder();
sb.append("http://localhost:");
sb.append(
testingPropertiesHelper.getPropertyValueAsInt(
testingProperties, RestTestingProperties.REST_PORT_PROPERTY));
sb.append("/user/");
DefaultHttpClientAndContext clientAndContext =
RestAuthUtils.httpClientSetup(irodsAccount, testingProperties);
try {
HttpPut httpPut = new HttpPut(sb.toString());
httpPut.addHeader("accept", "application/json");
httpPut.addHeader("Content-Type", "application/json");
ObjectMapper mapper = new ObjectMapper();
UserAddByAdminRequest addRequest = new UserAddByAdminRequest();
addRequest.setDistinguishedName(testDN);
addRequest.setTempPassword(testPassword);
addRequest.setUserName(testUser);
String body = mapper.writeValueAsString(addRequest);
System.out.println(body);
httpPut.setEntity(new StringEntity(body));
HttpResponse response =
clientAndContext.getHttpClient().execute(httpPut, clientAndContext.getHttpContext());
HttpEntity entity = response.getEntity();
Assert.assertEquals(200, response.getStatusLine().getStatusCode());
String entityData = EntityUtils.toString(entity);
System.out.println(entityData);
UserAddActionResponse actual = mapper.readValue(entityData, UserAddActionResponse.class);
Assert.assertEquals(testUser, actual.getUserName());
Assert.assertEquals(
UserAddActionResponse.UserAddActionResponseCode.SUCCESS,
actual.getUserAddActionResponse());
Assert.assertEquals(
UserAddActionResponse.UserAddActionResponseCode.SUCCESS.ordinal(),
actual.getUserAddActionResponseNumericCode());
} finally {
// When HttpClient instance is no longer needed,
// shut down the connection manager to ensure
// immediate deallocation of all system resources
clientAndContext.getHttpClient().getConnectionManager().shutdown();
}
User user = userAO.findByName(testUser);
Assert.assertNotNull("user not added", user);
Assert.assertEquals("dn not set", testDN, user.getUserDN());
}