Exemplo n.º 1
0
 /**
  * Tries to authenticate with given credentials
  *
  * @return User object if authentication is successful or null if not
  */
 public User authenticate(String login, String password) {
   User user = userDAO.findByLogin(login);
   if (user == null) {
     return null;
   }
   if (!passwordService.checkPassword(password, user.getPasswordSalt(), user.getPasswordHash())) {
     user.setLoginAttempts(user.getLoginAttempts() + 1);
     if (user.getLoginAttempts()
         >= configurationService.getInt(
             Constants.MAX_LOGIN_ATTEMPTS, Constants.MAX_LOGIN_ATTEMPTS_DEFAULT)) {
       user.setStatus(UserStatus.LOCKED_OUT);
     }
     return null;
   } else {
     if (user.getLoginAttempts() != 0) {
       user.setLoginAttempts(0);
     }
     if (user.getLastLogin() == null
         || System.currentTimeMillis() - user.getLastLogin().getTime()
             > configurationService.getLong(
                 Constants.LAST_LOGIN_TIMEOUT, Constants.LAST_LOGIN_TIMEOUT_DEFAULT)) {
       user.setLastLogin(timestampService.getTimestamp());
     }
     return user;
   }
 }
Exemplo n.º 2
0
  @TransactionAttribute(TransactionAttributeType.NOT_SUPPORTED)
  public User createUser(@NotNull User user, String password) {
    if (user.getId() != null) {
      throw new HiveException(Messages.ID_NOT_ALLOWED, BAD_REQUEST.getStatusCode());
    }
    user.setLogin(StringUtils.trim(user.getLogin()));
    User existing = userDAO.findByLogin(user.getLogin());
    if (existing != null) {
      throw new HiveException(Messages.DUPLICATE_LOGIN, FORBIDDEN.getStatusCode());
    }
    if (StringUtils.isEmpty(password)) {
      throw new HiveException(Messages.PASSWORD_REQUIRED, BAD_REQUEST.getStatusCode());
    }
    String salt = passwordService.generateSalt();
    String hash = passwordService.hashPassword(password, salt);
    user.setPasswordSalt(salt);
    user.setPasswordHash(hash);
    user.setLoginAttempts(Constants.INITIAL_LOGIN_ATTEMPTS);

    hiveValidator.validate(user);
    return userDAO.create(user);
  }
Exemplo n.º 3
0
  @TransactionAttribute(TransactionAttributeType.NOT_SUPPORTED)
  public User updateUser(@NotNull Long id, UserUpdate userToUpdate) {
    User existing = userDAO.findById(id);

    if (existing == null) {
      throw new HiveException(
          String.format(Messages.USER_NOT_FOUND, id), NOT_FOUND.getStatusCode());
    }
    if (userToUpdate == null) {
      return existing;
    }
    if (userToUpdate.getLogin() != null) {
      String newLogin = StringUtils.trim(userToUpdate.getLogin().getValue());
      User withSuchLogin = userDAO.findByLogin(newLogin);
      if (withSuchLogin != null && !withSuchLogin.getId().equals(id)) {
        throw new HiveException(Messages.DUPLICATE_LOGIN, FORBIDDEN.getStatusCode());
      }
      existing.setLogin(newLogin);
    }
    if (userToUpdate.getPassword() != null) {
      if (StringUtils.isEmpty(userToUpdate.getPassword().getValue())) {
        throw new HiveException(Messages.PASSWORD_REQUIRED, BAD_REQUEST.getStatusCode());
      }
      String salt = passwordService.generateSalt();
      String hash = passwordService.hashPassword(userToUpdate.getPassword().getValue(), salt);
      existing.setPasswordSalt(salt);
      existing.setPasswordHash(hash);
    }
    if (userToUpdate.getRole() != null) {
      existing.setRole(userToUpdate.getRoleEnum());
    }
    if (userToUpdate.getStatus() != null) {
      existing.setStatus(userToUpdate.getStatusEnum());
    }

    hiveValidator.validate(existing);
    return userDAO.update(existing);
  }