/** The login process starts from here. */
public HttpResponse doCommenceLogin(
StaplerRequest req,
StaplerResponse rsp,
@QueryParameter String from,
@QueryParameter String ticket)
throws ServletException, IOException {
// TODO write login method
String puid = authenticateInWwpass(ticket, certFile, keyFile);
WwpassIdentity u;
try {
u = loadUserByUsername(puid);
} catch (UsernameNotFoundException e) {
if (allowsSignup()) {
req.setAttribute("errorMessage", Messages.WwpassSecurityRealm_NoSuchUserAllowsSignup());
} else {
req.setAttribute("errorMessage", Messages.WwpassSecurityRealm_NoSuchUserDisableSignup());
}
req.getView(this, "login.jelly").forward(req, rsp);
throw e;
}
if (!u.isAccountNonLocked() || !u.isEnabled()) {
// throw new LockedException("Account is not activated for " + puid);
throw new Failure(Messages.WwpassSecurityRealm_AccountNotActivated());
}
Authentication a = new WwpassAuthenticationToken(u.getNickname());
a = this.getSecurityComponents().manager.authenticate(a);
SecurityContextHolder.getContext().setAuthentication(a);
return new HttpRedirect(Jenkins.getInstance().getRootUrl());
}
/**
* @return <code>null</code> if failed. The browser is already redirected to retry by the time
* this method returns. a valid {@link User} object if the user creation was successful.
*/
private User createAccount(StaplerRequest req, StaplerResponse rsp, String formView)
throws ServletException, IOException {
SignupInfo si = new SignupInfo(req);
String puid = authenticateInWwpass(si.ticket, certFile, keyFile);
try {
if (loadUserByUsername(puid) != null) {
si.errorMessages.add(Messages.WwpassSecurityRealm_PuidIsAlreadyTaken());
}
} catch (UsernameNotFoundException e) {
}
if (si.nickname == null || si.nickname.length() == 0)
si.errorMessages.add(Messages.WwpassSecurityRealm_NicknameIsRequired());
else {
User user = User.get(si.nickname, false);
if (null != user)
if (user.getProperty(WwpassIdentity.class) != null)
si.errorMessages.add(Messages.WwpassSecurityRealm_NicknameIsAlreadyTaken());
}
if (si.fullname == null || si.fullname.length() == 0)
si.errorMessages.add(Messages.WwpassSecurityRealm_FullnameIsRequired());
else {
User user = User.get(si.fullname, false);
if (null != user)
if (user.getProperty(WwpassIdentity.class) != null)
si.errorMessages.add(Messages.WwpassSecurityRealm_FullnameIsAlreadyTaken());
}
if (si.email == null || !si.email.contains("@"))
si.errorMessages.add(Messages.WwpassSecurityRealm_InvalidEmailAddress());
if (!si.errorMessages.isEmpty()) {
// failed. ask the user to try again.
req.setAttribute("data", si);
req.getView(this, formView).forward(req, rsp);
return null;
}
// register the user
WwpassIdentity id = new WwpassIdentity(puid);
id.populate(si);
User user = createAccount(id);
id.updateProfile(user);
user.save();
return user;
}
/** Try to make this user a super-user */
private void tryToMakeAdmin(User u) throws IOException {
WwpassIdentity p = u.getProperty(WwpassIdentity.class);
p.activate();
u.save();
AuthorizationStrategy as = Jenkins.getInstance().getAuthorizationStrategy();
for (PermissionAdder adder : Jenkins.getInstance().getExtensionList(PermissionAdder.class)) {
if (adder.add(as, u, Jenkins.ADMINISTER)) {
return;
}
}
LOGGER.severe(
"Admin permission wasn't added for user: "******", ID: " + u.getId());
}
@Override
public WwpassIdentity loadUserByUsername(String puid)
throws UsernameNotFoundException, DataAccessException {
Collection<User> all = User.getAll();
for (User u : all) {
WwpassIdentity p = u.getProperty(WwpassIdentity.class);
if (puid.equals(p != null ? p.getPuid() : null)) {
return p;
}
}
throw new UsernameNotFoundException("There is no any user with: " + puid);
}
/** Creates a new user account by registering a password to the user. */
public User createAccount(WwpassIdentity id) throws IOException {
User user = User.get(id.getNickname());
user.addProperty(id);
return user;
}
