Exemplo n.º 1
0
  @RequestMapping(value = "/createUser", method = RequestMethod.POST)
  public final BaseResponse createUser(
      @RequestHeader("Accept-Language") final String encoding,
      @RequestParam("username") final String username,
      @RequestParam("password") final String password,
      @RequestParam("enabled") final boolean enabled,
      @RequestParam("email") final String email,
      @RequestParam("groups") final Group group) {
    final BaseResponse response = new BaseResponse();

    try {

      PasswordEncoder encoder = new BCryptPasswordEncoder();
      User user = new User();
      user.setUsername(username);
      String encryptionPassword = encoder.encode(password);
      user.setPassword(encryptionPassword);
      user.setEnabled(enabled);
      user.setEmail(email);
      user.setGroups(Arrays.asList(group));

      userRepository.save(user);

      response.setSuccess();
      response.setResponseMessage("Success!");
    } catch (Exception e) {
      response.setError(ErrorCodeEnum.SQL_QUERY_ERROR, e.getMessage());
      LOGGER.error(e.getMessage());
    }

    return response;
  }
Exemplo n.º 2
0
  @RequestMapping(value = "/{id}/resetPassword", method = RequestMethod.POST)
  public final BaseResponse resetPassword(
      @RequestHeader("Accept-Language") final String encoding,
      @PathVariable("id") final long id,
      @RequestParam("oldPassword") final String oldPassword,
      @RequestParam("password") final String password) {
    final BaseResponse response = new BaseResponse();

    try {
      User user = userRepository.findOne(id);
      PasswordEncoder encoder = new BCryptPasswordEncoder();
      if ((oldPassword.length() > 0) && !encoder.matches(oldPassword, user.getPassword())) {
        response.setError(
            ErrorCodeEnum.PASSWORD_NOT_MATCH,
            "The old password and the original password does not match");
        LOGGER.error("The old password and the original password does not match");
        return response;
      }
      String encryptionPassword = encoder.encode(password);
      user.setPassword(encryptionPassword);
      userRepository.save(user);

      response.setSuccess();
      response.setResponseMessage("Success!");
    } catch (Exception e) {
      response.setError(ErrorCodeEnum.SQL_QUERY_ERROR, e.getMessage());
      LOGGER.error(e.getMessage());
    }

    return response;
  }
  @Override
  public void onApplicationEvent(ContextRefreshedEvent event) {
    if (log.isInfoEnabled()) {
      log.info("importing data into database...");
    }

    Long usersCount = userRepository.count();
    if (usersCount == 0) {
      if (log.isDebugEnabled()) {
        log.debug("import users data into database...");
      }
      userRepository.save(
          new User()
              .builder()
              .username("admin")
              .password(passwordEncoder.encode("test123"))
              .name("Administrator")
              .role("ADMIN")
              .build());
      userRepository.save(
          new User()
              .builder()
              .username("testuser")
              .password(passwordEncoder.encode("test123"))
              .name("Test User")
              .role("USER")
              .build());
    }
  }
  @Override
  public void addUser(UserRoles userRoles) throws DataAccessException {
    try {
      if (userRoles.getId() == null) {
        /* em = em.getEntityManagerFactory().createEntityManager();
        Session session = (Session) em.unwrap(Session.class);*/
        userRoles.setTransactionDate(new Date());
        // this is Temp fix for createdBy, TODO--> Based on admin Login
        if (userRoles.getCreatedBy() == null) {
          userRoles.setCreatedBy("*****@*****.**");
          userRoles.setRole("ADMIN");
        }
        if (userRoles.getUsers() != null) {
          String password = userRoles.getUsers().getPassword();
          PasswordEncoder passwordEncoder = new BCryptPasswordEncoder();
          String hashedPassword = passwordEncoder.encode(password);
          userRoles.getUsers().setPassword(hashedPassword);
          logger.info(" user Encrypted Password", hashedPassword);
        }

        em.persist(userRoles);
        // Here the TransactionRequiredException happens.
        em.flush();
      } else {
        em.merge(userRoles);
      }
    } catch (Exception e) {
      throw new RuntimeException(e);
    }
  }
 @Override
 @Transactional(propagation = Propagation.REQUIRED, readOnly = false)
 public void updateUserPassword(User user) {
   PasswordEncoder passwordEncoder = new BCryptPasswordEncoder();
   String hashedPassword = passwordEncoder.encode(user.getPassword());
   user.setPassword(hashedPassword);
   userDao.updateUser(user);
 }
Exemplo n.º 6
0
  @CacheEvict(value = "users", allEntries = true)
  public User updatePassword(PasswordUpdateRequest request, PasswordResetToken passwordResetToken) {
    User user = userRepository.findByIdForUpdate(request.getUserId());
    if (user == null) {
      throw new IllegalArgumentException("The user does not exist");
    }
    PasswordEncoder passwordEncoder = new StandardPasswordEncoder();
    user.setLoginPassword(passwordEncoder.encode(request.getPassword()));
    user.setUpdatedAt(LocalDateTime.now());
    user.setUpdatedBy(passwordResetToken.getUser().toString());
    user = userRepository.saveAndFlush(user);

    passwordResetTokenRepository.delete(passwordResetToken);

    try {
      Blog blog = blogService.readBlogById(Blog.DEFAULT_ID);
      String blogTitle = blog.getTitle(LocaleContextHolder.getLocale().getLanguage());

      ServletUriComponentsBuilder builder = ServletUriComponentsBuilder.fromCurrentContextPath();
      if (blog.isMultiLanguage()) {
        builder.path("/{language}");
      }
      builder.path("/login");

      Map<String, Object> urlVariables = new LinkedHashMap<>();
      urlVariables.put("language", request.getLanguage());
      urlVariables.put("token", passwordResetToken.getToken());
      String loginLink = builder.buildAndExpand(urlVariables).toString();

      Context ctx = new Context(LocaleContextHolder.getLocale());
      ctx.setVariable("passwordResetToken", passwordResetToken);
      ctx.setVariable("resetLink", loginLink);

      MimeMessage mimeMessage = mailSender.createMimeMessage();
      MimeMessageHelper message =
          new MimeMessageHelper(mimeMessage, true, "UTF-8"); // true = multipart
      message.setSubject(
          MessageFormat.format(
              messageSourceAccessor.getMessage(
                  "PasswordChangedSubject", LocaleContextHolder.getLocale()),
              blogTitle));
      message.setFrom(mailProperties.getProperties().get("mail.from"));
      message.setTo(passwordResetToken.getEmail());

      String htmlContent = templateEngine.process("password-changed", ctx);
      message.setText(htmlContent, true); // true = isHtml

      mailSender.send(mimeMessage);
    } catch (MessagingException e) {
      throw new ServiceException(e);
    }

    return user;
  }
  public static void main(String[] args) {
    PasswordEncoder enc = new BCryptPasswordEncoder();

    Arrays.asList("root", "admin", "usuario")
        .stream()
        .forEach(
            pass -> {
              System.out.println(
                  String.format(
                      "'%s', '%s'", pass, StringUtils.strip(enc.encode(pass).substring(10))));
            });
  }
Exemplo n.º 8
0
 @CacheEvict(value = "users", allEntries = true)
 public User updatePassword(PasswordUpdateRequest request, AuthorizedUser updatedBy) {
   User user = userRepository.findByIdForUpdate(request.getUserId());
   if (user == null) {
     throw new IllegalArgumentException("The user does not exist");
   }
   PasswordEncoder passwordEncoder = new StandardPasswordEncoder();
   user.setLoginPassword(passwordEncoder.encode(request.getPassword()));
   user.setUpdatedAt(LocalDateTime.now());
   user.setUpdatedBy(updatedBy.toString());
   return userRepository.saveAndFlush(user);
 }
 @Override
 @Transactional(propagation = Propagation.REQUIRED, readOnly = false)
 public Integer addUser(User user) throws UserAlreadyExistsException {
   if (userDao.findUserByUserName(user.getUsername()) != null)
     throw new UserAlreadyExistsException(user.getUsername());
   else {
     PasswordEncoder passwordEncoder = new BCryptPasswordEncoder();
     String hashedPassword = passwordEncoder.encode(user.getPassword());
     user.setPassword(hashedPassword);
     return userDao.addUser(user);
   }
 }
Exemplo n.º 10
0
 @Secured(value = {"ROLE_ADMIN", "ROLE_MANAGER", "ROLE_USER"})
 @RequestMapping(method = RequestMethod.GET, value = "reset-password")
 public @ResponseBody ResponseEntity<Object> resetPassword(
     Principal principal,
     @RequestParam("oldpw") String oldPassword,
     @RequestParam("newpw") String newPassword) {
   PipUser user = PipUser.findPipUsersByEmailEquals(principal.getName()).getSingleResult();
   if (!encoder.matches(oldPassword, user.getPassword()))
     return new ResponseEntity<Object>(HttpStatus.FORBIDDEN);
   user.setPassword(encoder.encode(newPassword));
   user.merge();
   return new ResponseEntity<Object>(HttpStatus.OK);
 }
Exemplo n.º 11
0
  @Transactional
  public void create(final Employee employee) {
    employee.setPwdExpiryDate(
        new DateTime().plusDays(applicationProperties.userPasswordExpiryInDays()).toDate());

    employee.setPassword(passwordEncoder.encode(EisConstants.DEFAULT_EMPLOYEE_PWD));
    // Following is added to prevent null values and empty assignment
    // objects getting persisted
    employee.setAssignments(
        employee
            .getAssignments()
            .parallelStream()
            .filter(assignment -> assignment.getPosition() != null)
            .collect(Collectors.toList()));
    for (final Assignment assign : employee.getAssignments()) {
      assign.setEmployee(employee);
      assign.setDepartment(assign.getDepartment());
      for (final HeadOfDepartments hod : assign.getDeptSet()) hod.setAssignment(assign);
    }
    employee.setJurisdictions(
        employee
            .getJurisdictions()
            .parallelStream()
            .filter(
                Jurisdictions ->
                    Jurisdictions.getBoundaryType() != null && Jurisdictions.getBoundary() != null)
            .collect(Collectors.toList()));
    for (final Jurisdiction jurisdiction : employee.getJurisdictions()) {
      jurisdiction.setEmployee(employee);
      jurisdiction.setBoundaryType(jurisdiction.getBoundaryType());
      jurisdiction.setBoundary(jurisdiction.getBoundary());
    }
    employee.getRoles().add(roleService.getRoleByName(EisConstants.ROLE_EMPLOYEE));
    employeeRepository.save(employee);
  }
Exemplo n.º 12
0
 @Override
 public void changePassword(final String id, String oldPassword, final String newPassword)
     throws ScimResourceNotFoundException {
   if (oldPassword != null && !checkPasswordMatches(id, oldPassword)) {
     throw new BadCredentialsException("Old password is incorrect");
   }
   if (checkPasswordMatches(id, newPassword)) {
     return; // we don't want to update the same password
   }
   final String encNewPassword = passwordEncoder.encode(newPassword);
   final String zoneId = IdentityZoneHolder.get().getId();
   int updated =
       jdbcTemplate.update(
           CHANGE_PASSWORD_SQL,
           new PreparedStatementSetter() {
             @Override
             public void setValues(PreparedStatement ps) throws SQLException {
               Timestamp t = new Timestamp(System.currentTimeMillis());
               ps.setTimestamp(1, t);
               ps.setString(2, encNewPassword);
               ps.setTimestamp(3, getPasswordLastModifiedTimestamp(t));
               ps.setString(4, id);
               ps.setString(5, zoneId);
             }
           });
   if (updated == 0) {
     throw new ScimResourceNotFoundException("User " + id + " does not exist");
   }
   if (updated != 1) {
     throw new ScimResourceConstraintFailedException("User " + id + " duplicated");
   }
 }
 public void updateClientSecret(String clientId, String secret) throws NoSuchClientException {
   int count =
       jdbcTemplate.update(updateClientSecretSql, passwordEncoder.encode(secret), clientId);
   if (count != 1) {
     throw new NoSuchClientException("No client found with id = " + clientId);
   }
 }
 @Test
 public void identifyUser_usesDAO() {
   when(userRepository.findOne(USER_A_NAME)).thenReturn(userAStored);
   when(passwordEncoder.matches(USER_A_PASSWORD, USER_A_PASSWORD_ENCODED)).thenReturn(true);
   communityServiceImpl.identifyUser(userA);
   verify(userRepository, times(1)).findOne(USER_A_NAME);
 }
Exemplo n.º 15
0
 public void changePassword(String password) {
   User currentUser = userRepository.findOneByLogin(SecurityUtils.getCurrentLogin());
   String encryptedPassword = passwordEncoder.encode(password);
   currentUser.setPassword(encryptedPassword);
   userRepository.save(currentUser);
   log.debug("Changed password for User: {}", currentUser);
 }
 @Test(expected = IllegalArgumentException.class)
 public void identifyUser_throwsIllegalArgumentException_002() {
   when(userRepository.findOne(USER_A_NAME)).thenReturn(userAStored);
   when(passwordEncoder.matches(USER_A_PASSWORD, USER_A_PASSWORD_ENCODED)).thenReturn(false);
   userA.setPassword("");
   communityServiceImpl.identifyUser(userA);
 }
Exemplo n.º 17
0
  /** {@inheritDoc} */
  @Override
  public User updatePassword(
      final String username,
      final String currentPassword,
      final String recoveryToken,
      final String newPassword,
      final String applicationUrl)
      throws UserExistsException {
    User user = getUserByUsername(username);
    if (isRecoveryTokenValid(user, recoveryToken)) {
      log.debug("Updating password from recovery token for user: "******"Password Updated");

      return user;
    } else if (StringUtils.isNotBlank(currentPassword)) {
      if (passwordEncoder.matches(currentPassword, user.getPassword())) {
        log.debug("Updating password (providing current password) for user:" + username);
        user.setPassword(newPassword);
        user = saveUser(user);
        return user;
      }
    }
    // or throw exception
    return null;
  }
Exemplo n.º 18
0
 @Override
 public void checkLogin(int userId, String password) {
   User u = userRepository.findOne(userId);
   if (u == null || !passwordEncoder.matches(password, u.getPassword())) {
     throw new UserServiceException("Username or password isn't correct");
   }
 }
Exemplo n.º 19
0
  @Override
  @Transactional
  public void onApplicationEvent(final ContextRefreshedEvent event) {
    if (alreadySetup) {
      return;
    }

    // == create initial privileges
    final Privilege readPrivilege = createPrivilegeIfNotFound("READ_PRIVILEGE");
    final Privilege writePrivilege = createPrivilegeIfNotFound("WRITE_PRIVILEGE");

    // == create initial roles
    final List<Privilege> adminPrivileges = Arrays.asList(readPrivilege, writePrivilege);
    createRoleIfNotFound("ROLE_ADMIN", adminPrivileges);
    createRoleIfNotFound("ROLE_USER", Arrays.asList(readPrivilege));

    final Role adminRole = roleRepository.findByName("ROLE_ADMIN");
    final User user = new User();
    user.setFirstName("Test");
    user.setLastName("Test");
    user.setPassword(passwordEncoder.encode("test"));
    user.setEmail("*****@*****.**");
    user.setRoles(Arrays.asList(adminRole));
    user.setEnabled(true);
    userRepository.save(user);

    alreadySetup = true;
  }
Exemplo n.º 20
0
  public User createUserInformation(
      String login,
      String password,
      String firstName,
      String lastName,
      String email,
      String langKey) {

    User newUser = new User();
    Authority authority = authorityRepository.findOne("ROLE_USER");
    Set<Authority> authorities = new HashSet<>();
    String encryptedPassword = passwordEncoder.encode(password);
    newUser.setLogin(login);
    // new user gets initially a generated password
    newUser.setPassword(encryptedPassword);
    newUser.setFirstName(firstName);
    newUser.setLastName(lastName);
    newUser.setEmail(email);
    newUser.setLangKey(langKey);
    // new user is not active
    newUser.setActivated(false);
    // new user gets registration key
    newUser.setActivationKey(RandomUtil.generateActivationKey());
    authorities.add(authority);
    newUser.setAuthorities(authorities);
    userRepository.save(newUser);
    userSearchRepository.save(newUser);
    log.debug("Created Information for User: {}", newUser);
    return newUser;
  }
Exemplo n.º 21
0
 public User createUser(ManagedUserDTO managedUserDTO) {
   User user = new User();
   user.setLogin(managedUserDTO.getLogin());
   user.setFirstName(managedUserDTO.getFirstName());
   user.setLastName(managedUserDTO.getLastName());
   user.setEmail(managedUserDTO.getEmail());
   if (managedUserDTO.getLangKey() == null) {
     user.setLangKey("en"); // default language is English
   } else {
     user.setLangKey(managedUserDTO.getLangKey());
   }
   if (managedUserDTO.getAuthorities() != null) {
     Set<Authority> authorities = new HashSet<>();
     managedUserDTO
         .getAuthorities()
         .stream()
         .forEach(authority -> authorities.add(authorityRepository.findOne(authority)));
     user.setAuthorities(authorities);
   }
   String encryptedPassword = passwordEncoder.encode(RandomUtil.generatePassword());
   user.setPassword(encryptedPassword);
   user.setResetKey(RandomUtil.generateResetKey());
   user.setResetDate(ZonedDateTime.now());
   user.setActivated(true);
   userRepository.save(user);
   log.debug("Created Information for User: {}", user);
   return user;
 }
Exemplo n.º 22
0
  @Secured(value = {"ROLE_ADMIN", "ROLE_MANAGER"})
  @RequestMapping(method = RequestMethod.POST)
  public @ResponseBody void createUser(@RequestBody UserDto dto, Principal principal) {
    PipUser user = new PipUser();
    user.setEmail(dto.getEmail());
    Set<OrganisazionDto> organizations = dto.getOrganizations();
    if (organizations.isEmpty()) {
      PipUser currentUser =
          PipUser.findPipUsersByEmailEquals(principal.getName()).getSingleResult();
      List<Organisazion> organisazions = currentUser.getOrganisazions();
      if (!organisazions.isEmpty()) {
        user.getOrganisazions().add(organisazions.get(0));
      }
    } else {
      Organisazion organisazion =
          Organisazion.findOrganisazionsByName(
                  new ArrayList<OrganisazionDto>(organizations).get(0).getName())
              .getSingleResult();
      user.getOrganisazions().add(organisazion);
    }

    String randomPassword = RandomStringUtils.randomAlphanumeric(6);
    user.setPassword(encoder.encode(randomPassword));
    user.setRole(PipRole.USER.getName());
    user.persist();
    mailingUtil.sendCreationMail(user, randomPassword);
  }
Exemplo n.º 23
0
 /**
  * Used to create a user. Implements special logic by encoding the password.
  *
  * @param user
  * @return
  */
 public void saveUser(User user) {
   LOG.trace("Trying to create a new user");
   // encode the raw password using bcrypt
   final String pwHash = passwordEncoder.encode(user.getPassword());
   user.setPassword(pwHash);
   dao.saveOrUpdate(user);
   LOG.info("Created the user " + user.getAccountName());
 }
Exemplo n.º 24
0
 @Transactional
 @Override
 public User saveUserWithNewPassword(User user, String rawPassword) {
   validate(user, rawPassword);
   user.setPassword(passwordEncoder.encode(rawPassword));
   user = saveUser(user);
   return user;
 }
  @Override
  public Customer register(Customer customer, String rawPassword) {

    String password = passwordEncoder.encode(rawPassword);

    customer.setCustomerPass(password);
    customerRepository.insert(customer);
    return customer;
  }
Exemplo n.º 26
0
 private User createExistingUser(String login, String email, String firstName, String lastName) {
   User user = new User();
   user.setLogin(login);
   user.setPassword(passwordEncoder.encode("password"));
   user.setEmail(email);
   user.setFirstName(firstName);
   user.setLastName(lastName);
   return userRepository.saveAndFlush(user);
 }
 /**
  * Metodo que se va a utilizar para crear los usuarios
  *
  * @param userDto TODO: Queda por hacer el tema de los updates
  * @return
  */
 @Override
 public UserDTO saveAndFlush(UserDTO userDto) {
   Role iniciado = roleRepository.findOne(1L);
   User u = userDto.toEntity(null, iniciado);
   u.setPassword(passwordEncoder.encode(userDto.getPassword()));
   u = userRepository.saveAndFlush(u);
   userDto.toDTO(u);
   return userDto;
 }
Exemplo n.º 28
0
  @Override
  public Authentication authenticate(Authentication req) throws AuthenticationException {
    logger.debug("Processing authentication request for " + req.getName());

    if (req.getCredentials() == null) {
      BadCredentialsException e = new BadCredentialsException("No password supplied");
      publish(new AuthenticationFailureBadCredentialsEvent(req, e));
      throw e;
    }

    UaaUser user;
    try {
      user = userDatabase.retrieveUserByName(req.getName().toLowerCase(Locale.US));
    } catch (UsernameNotFoundException e) {
      user = dummyUser;
    }

    final boolean passwordMatches =
        encoder.matches((CharSequence) req.getCredentials(), user.getPassword());

    if (!accountLoginPolicy.isAllowed(user, req)) {
      logger.warn(
          "Login policy rejected authentication for "
              + user.getUsername()
              + ", "
              + user.getId()
              + ". Ignoring login request.");
      BadCredentialsException e =
          new BadCredentialsException("Login policy rejected authentication");
      publish(new AuthenticationFailureLockedEvent(req, e));
      throw e;
    }

    if (passwordMatches) {
      logger.debug("Password successfully matched");
      Authentication success =
          new UaaAuthentication(
              new UaaPrincipal(user),
              user.getAuthorities(),
              (UaaAuthenticationDetails) req.getDetails());
      publish(new UserAuthenticationSuccessEvent(user, success));

      return success;
    }

    if (user == dummyUser) {
      logger.debug("No user named '" + req.getName() + "' was found");
      publish(new UserNotFoundEvent(req));
    } else {
      logger.debug("Password did not match for user " + req.getName());
      publish(new UserAuthenticationFailureEvent(user, req));
    }
    BadCredentialsException e = new BadCredentialsException("Bad credentials");
    publish(new AuthenticationFailureBadCredentialsEvent(req, e));
    throw e;
  }
 @Test
 public void validateCurrentUserPassword() throws DatabaseException {
   MolgenisUser existingMolgenisUser = mock(MolgenisUser.class);
   when(existingMolgenisUser.getId()).thenReturn(1);
   when(existingMolgenisUser.getPassword()).thenReturn("encrypted-password");
   when(existingMolgenisUser.getUsername()).thenReturn("username");
   when(passwordEncoder.matches("password", "encrypted-password")).thenReturn(true);
   assertTrue(userAccountServiceImpl.validateCurrentUserPassword("password"));
   assertFalse(userAccountServiceImpl.validateCurrentUserPassword("wrong-password"));
 }
 @Override
 public String checkLoginAndCalculateBasicAuth(UserDTO userDTO) {
   UserDTO user = findUserByEmailAndAlta(userDTO.getUsername());
   if (user != null) {
     if (passwordEncoder.matches(userDTO.getPassword(), user.getPassword())) {
       return PasswordUtils.calculateBasicAuth(user.getEmail(), userDTO.getPassword());
     }
   }
   return null;
 }