/** Try to make this user a super-user */
private void tryToMakeAdmin(User u) throws IOException {
WwpassIdentity p = u.getProperty(WwpassIdentity.class);
p.activate();
u.save();
AuthorizationStrategy as = Jenkins.getInstance().getAuthorizationStrategy();
for (PermissionAdder adder : Jenkins.getInstance().getExtensionList(PermissionAdder.class)) {
if (adder.add(as, u, Jenkins.ADMINISTER)) {
return;
}
}
LOGGER.severe(
"Admin permission wasn't added for user: "******", ID: " + u.getId());
}
@Override
public WwpassIdentity loadUserByUsername(String puid)
throws UsernameNotFoundException, DataAccessException {
Collection<User> all = User.getAll();
for (User u : all) {
WwpassIdentity p = u.getProperty(WwpassIdentity.class);
if (puid.equals(p != null ? p.getPuid() : null)) {
return p;
}
}
throw new UsernameNotFoundException("There is no any user with: " + puid);
}
/**
* @return <code>null</code> if failed. The browser is already redirected to retry by the time
* this method returns. a valid {@link User} object if the user creation was successful.
*/
private User createAccount(StaplerRequest req, StaplerResponse rsp, String formView)
throws ServletException, IOException {
SignupInfo si = new SignupInfo(req);
String puid = authenticateInWwpass(si.ticket, certFile, keyFile);
try {
if (loadUserByUsername(puid) != null) {
si.errorMessages.add(Messages.WwpassSecurityRealm_PuidIsAlreadyTaken());
}
} catch (UsernameNotFoundException e) {
}
if (si.nickname == null || si.nickname.length() == 0)
si.errorMessages.add(Messages.WwpassSecurityRealm_NicknameIsRequired());
else {
User user = User.get(si.nickname, false);
if (null != user)
if (user.getProperty(WwpassIdentity.class) != null)
si.errorMessages.add(Messages.WwpassSecurityRealm_NicknameIsAlreadyTaken());
}
if (si.fullname == null || si.fullname.length() == 0)
si.errorMessages.add(Messages.WwpassSecurityRealm_FullnameIsRequired());
else {
User user = User.get(si.fullname, false);
if (null != user)
if (user.getProperty(WwpassIdentity.class) != null)
si.errorMessages.add(Messages.WwpassSecurityRealm_FullnameIsAlreadyTaken());
}
if (si.email == null || !si.email.contains("@"))
si.errorMessages.add(Messages.WwpassSecurityRealm_InvalidEmailAddress());
if (!si.errorMessages.isEmpty()) {
// failed. ask the user to try again.
req.setAttribute("data", si);
req.getView(this, formView).forward(req, rsp);
return null;
}
// register the user
WwpassIdentity id = new WwpassIdentity(puid);
id.populate(si);
User user = createAccount(id);
id.updateProfile(user);
user.save();
return user;
}
/** Lets the current user silently login as the given user and report back accordingly. */
@SuppressWarnings("ACL.impersonate")
private void loginAndTakeBack(StaplerRequest req, StaplerResponse rsp, User u)
throws ServletException, IOException {
// ... and let him login
Authentication a = new WwpassAuthenticationToken(u.getId());
a = this.getSecurityComponents().manager.authenticate(a);
SecurityContextHolder.getContext().setAuthentication(a);
// then back to top
req.getView(this, "success.jelly").forward(req, rsp);
}
/**
* Computes if this Jenkins has some user accounts configured.
*
* <p>This is used to check for the initial
*/
private static boolean hasSomeUser() {
for (User u : User.getAll()) if (u.getProperty(WwpassIdentity.class) != null) return true;
return false;
}
/** Creates a new user account by registering a password to the user. */
public User createAccount(WwpassIdentity id) throws IOException {
User user = User.get(id.getNickname());
user.addProperty(id);
return user;
}
