@Override
  public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler)
      throws Exception {
    User user = userService.getUserFromSecurityContext();
    if (user == null || user.isSystemAdmin()) {
      return true;
    }

    String servletPath = request.getServletPath();
    Organization organization = user.getActiveOrganization();
    if (organization != null && organization.getDomainConfiguration().isDisabledDomain()) {
      if (!servletPath.startsWith("/manager/organization/accountManagement")
          && !servletPath.startsWith("/disabled")
          && !servletPath.startsWith("/activeOrganization")
          && !servletPath.startsWith("/image")
          && !servletPath.startsWith("/getSystemNotifications")
          && !servletPath.startsWith("/contacts")
          && !servletPath.startsWith("/profile/changePassword")
          && !servletPath.startsWith("/profile/resetPassword")
          && !servletPath.startsWith("/legal")
          && !servletPath.startsWith("/activate")
          && !servletPath.startsWith("/manager/modifyBandwidthBilling")
          && !servletPath.startsWith("/error")
          && !servletPath.startsWith("/403")
          && !servletPath.startsWith("/404")) {
        response.sendRedirect(request.getContextPath() + "/disabled");
        return false;
      }
    }

    return true;
  }
Пример #2
0
  @Test
  public void getByEmailTest() {
    User user = getUser(UserRole.ROLE_ORG_USER, UserRole.ROLE_GROUP_USER);

    user = userService.getByEmail(user.getEmail());
    assertNotNull(user);
  }
  @Override
  public User registerUser(UserModel userModel, boolean useTemporaryPassword) {
    User user = null;
    if (userModel != null) {
      List<Role> userRoles = new ArrayList<Role>();
      Role userRole = roleService.getRoleByAuthority(UserRole.ROLE_USER.toString());
      userRoles.add(userRole);

      user =
          new User(
              userModel.getEmail(),
              passwordEncoder.encodePassword(userModel.getPassword(), userModel.getEmail()),
              userModel.getEmail(),
              userModel.getFirstName(),
              userModel.getLastName(),
              userRoles);
      user.setPasswordExpired(useTemporaryPassword);
      // If this is the first user in the application, set them as a Knappsack administrator
      if (userService.countAll() == 0) {
        setAdminRole(user);
      }
      userDetailsDao.add(user);
      addUserToInvitedDomains(user);
    }

    return user;
  }
Пример #4
0
 @Test
 public void getApplicationsByUserApplicationTypeAppStates() {
   User user = getUser(UserRole.ROLE_ORG_USER, UserRole.ROLE_GROUP_USER);
   user = userService.getByEmail(user.getEmail());
   List<Application> applications =
       userService.getApplicationsForUser(user, ApplicationType.ANDROID, AppState.GROUP_PUBLISH);
   assertTrue(applications.size() == 1);
 }
Пример #5
0
  @Test
  public void getGroupsForOrgAdminTest() {
    User user = getUser(UserRole.ROLE_ORG_ADMIN, UserRole.ROLE_GROUP_USER);
    user = userService.getByEmail(user.getEmail());

    List<Group> groups = userService.getGroups(user);
    assertTrue(groups.size() == 1);
  }
Пример #6
0
  @Test
  public void getOrganizationsTest() {
    User user = getUser(UserRole.ROLE_ORG_ADMIN, UserRole.ROLE_GROUP_USER);
    user = userService.getByEmail(user.getEmail());

    List<Organization> organizations = userService.getOrganizations(user);
    assertTrue(organizations.size() == 1);
  }
Пример #7
0
  @Test
  public void getApplicationVersionsByUserTest() {
    User user = getUser(UserRole.ROLE_ORG_ADMIN, UserRole.ROLE_GROUP_USER);
    user = userService.getByEmail(user.getEmail());

    List<ApplicationVersion> applicationVersions = userService.getApplicationVersions(user);
    assertTrue(applicationVersions.size() == 2);
  }
Пример #8
0
  @Test
  public void updateTest() {
    User user = getUser(UserRole.ROLE_ORG_USER, UserRole.ROLE_GROUP_USER);
    user.setLastName("Tester");

    user = userService.getByEmail(user.getEmail());
    userService.update(user);
    assertEquals(user.getLastName(), "Tester");
  }
Пример #9
0
 @Test
 public void getApplicationsByUserApplicationTypeCategoryAppStatesTest() {
   User user = getUser(UserRole.ROLE_ORG_USER, UserRole.ROLE_GROUP_USER);
   user = userService.getByEmail(user.getEmail());
   Organization organization = organizationService.getAll().get(0);
   Category category = organization.getCategories().get(0);
   List<Application> applications =
       userService.getApplicationsForUser(
           user, ApplicationType.ANDROID, category.getId(), AppState.GROUP_PUBLISH);
   assertTrue(applications.size() == 1);
 }
 private void setAdminRole(User user) {
   Role role = roleService.getRoleByAuthority(UserRole.ROLE_ADMIN.toString());
   user.getRoles().add(role);
   GrantedAuthority grantedAuthority =
       new GrantedAuthority() {
         @Override
         public String getAuthority() {
           return UserRole.ROLE_ADMIN.toString();
         }
       };
   user.getAuthorities().add(grantedAuthority);
 }
Пример #11
0
  @Test
  public void deleteTest() {
    User user = getUser(UserRole.ROLE_ORG_USER, UserRole.ROLE_GROUP_USER);

    List<Group> groups = userService.getGroups(user);
    assertTrue(groups.size() == 1);
    List<UserDomain> userGroupDomains =
        userDomainService.getAll(groups.get(0).getId(), DomainType.GROUP);
    assertTrue(userGroupDomains.size() == 1);
    userService.delete(user.getId());
    userGroupDomains = userDomainService.getAll(groups.get(0).getId(), DomainType.GROUP);
    assertTrue(userGroupDomains.size() == 0);
  }
Пример #12
0
  @Test
  public void canUserEditApplicationTest() {
    // Initial setup
    User user = getUser();
    userService.add(user);
    Organization organization = createOrganization();
    Category category = createCategory(organization);
    organization.getCategories().add(category);
    Application application =
        createApplication(category, "Test Application", AppState.GROUP_PUBLISH);
    Group group = createGroup(organization);
    group.getOwnedApplications().add(application);

    entityManager.flush();

    createUserDomain(user, group.getId(), DomainType.GROUP, UserRole.ROLE_GROUP_ADMIN);
    entityManager.flush();

    assertTrue(userService.canUserEditApplication(user.getId(), application.getId()));

    // Reset
    userService.delete(user.getId());
    ReflectionTestUtils.setField(this, "user", null);
    entityManager.flush();

    // Test if org admin can edit application
    user = getUser();
    userService.add(user);
    entityManager.flush();
    createUserDomain(user, organization.getId(), DomainType.ORGANIZATION, UserRole.ROLE_ORG_ADMIN);
    entityManager.flush();
    assertTrue(userService.canUserEditApplication(user.getId(), application.getId()));

    // Reset
    userService.delete(user.getId());
    ReflectionTestUtils.setField(this, "user", null);
    entityManager.flush();

    // Test user is org user
    user = getUser();
    userService.add(user);
    entityManager.flush();
    createUserDomain(user, organization.getId(), DomainType.ORGANIZATION, UserRole.ROLE_ORG_USER);
    entityManager.flush();
    assertFalse(userService.canUserEditApplication(user.getId(), application.getId()));

    // Reset
    userService.delete(user.getId());
    ReflectionTestUtils.setField(this, "user", null);
    entityManager.flush();

    // Test user is not part of organization and not group admin
    user = getUser();
    userService.add(user);
    entityManager.flush();
    assertFalse(userService.canUserEditApplication(user.getId(), application.getId()));
  }
Пример #13
0
  @Test
  public void getApplicationVersionByUserApplicationAppState() {
    User user = getUser(UserRole.ROLE_ORG_ADMIN, UserRole.ROLE_GROUP_USER);
    user = userService.getByEmail(user.getEmail());

    List<ApplicationVersion> applicationVersions = userService.getApplicationVersions(user);
    for (ApplicationVersion applicationVersion : applicationVersions) {
      applicationVersions =
          userService.getApplicationVersions(
              user,
              applicationVersion.getApplication().getId(),
              SortOrder.ASCENDING,
              AppState.ORGANIZATION_PUBLISH,
              AppState.GROUP_PUBLISH);
      assertTrue(applicationVersions.size() == 1);
    }
  }
Пример #14
0
  private UserDomain createUserDomain(
      User user, Long domainId, DomainType domainType, UserRole userRole) {
    UserDomain userDomain = new UserDomain();
    userDomain.setUser(user);
    userDomain.setDomainId(domainId);
    userDomain.setDomainType(domainType);
    userDomain.setRole(roleService.getRoleByAuthority(userRole.name()));

    user.getUserDomains().add(userDomain);

    return userDomain;
  }
Пример #15
0
 @Test
 public void activationTest() {
   User user = getUser(UserRole.ROLE_ORG_USER, UserRole.ROLE_GROUP_USER);
   user = userService.getByEmail(user.getEmail());
   assertFalse(user.isActivated());
   boolean activated = userService.activate(user.getId(), user.getActivationCode());
   assertTrue(activated);
   assertTrue(user.isActivated());
 }
Пример #16
0
  protected User getUser() {
    if (user == null) {
      MessageDigestPasswordEncoder passwordEncoder =
          new MessageDigestPasswordEncoder("SHA-256", true);
      user = new User();
      user.setEmail("*****@*****.**");
      user.setFirstName("John");
      user.setLastName("Doe");
      user.setUsername("*****@*****.**");
      user.setPassword(passwordEncoder.encodePassword("1234", user.getEmail()));
      user.setActivationCode(UUID.randomUUID().toString());
      user.getUuid();

      userService.add(user);
    }

    return user;
  }
  private void addUserToInvitedDomains(User user) {

    String email = user.getEmail();

    List<Invitation> invitations = invitationService.getByEmail(email);
    for (Invitation invitation : invitations) {
      if (DomainType.GROUP.equals(invitation.getDomain().getDomainType())) {
        userService.addUserToGroup(
            user,
            invitation.getDomain().getId(),
            UserRole.valueOf(invitation.getRole().getAuthority()));
      } else if (DomainType.ORGANIZATION.equals(invitation.getDomain().getDomainType())) {
        userService.addUserToOrganization(
            user,
            invitation.getDomain().getId(),
            UserRole.valueOf(invitation.getRole().getAuthority()));
      }
    }

    for (Invitation invitation : invitations) {
      invitationService.delete(invitation.getId());
    }
  }
  @Override
  public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler)
      throws IOException {
    HttpSession session = request.getSession();
    boolean redirect = false;

    if (session != null) {
      SecurityContext context = (SecurityContext) session.getAttribute("SPRING_SECURITY_CONTEXT");
      if (context != null) {
        if (context.getAuthentication() != null
            && context.getAuthentication().getPrincipal() != null
            && context.getAuthentication().getPrincipal() instanceof User) {
          User user = userService.getUserFromSecurityContext();

          String servletPath = request.getServletPath();

          if (!servletPath.startsWith("/auth")
              && !servletPath.startsWith("/resources")
              && user != null) {
            boolean skipValidation = false;

            if (user.isPasswordExpired()
                && !servletPath.startsWith("/profile/changePassword")
                && !servletPath.startsWith("/auth/forgotPassword")) {
              response.sendRedirect(request.getContextPath() + "/profile/changePassword");
              skipValidation = true;
              redirect = true;
            } else if (user.isPasswordExpired()
                && (servletPath.startsWith("/profile/changePassword")
                    || servletPath.startsWith("/auth/forgotPassword"))) {
              skipValidation = true;
            }

            if (!user.isActivated() && !servletPath.startsWith("/activate") && !skipValidation) {
              response.sendRedirect(request.getContextPath() + "/activate");
              redirect = true;
            }
          }
        }
      }
    }

    // We do not want the healthcheck to ever populate the WebRequest object
    if (request != null
        && !StringUtils.startsWithIgnoreCase(request.getServletPath(), "/healthcheck")) {
      String serverName;
      // If ApplicationDomain is set on the properties then use that as the server name, else use
      // what came off the request
      if (StringUtils.hasText(applicationDomain)
          && !("${" + SystemProperties.APPLICATION_DOMAIN + "}")
              .equalsIgnoreCase(applicationDomain)) {
        serverName = applicationDomain;
      } else {
        serverName = request.getServerName();
      }
      WebRequest.getInstance(
          request.getScheme(), serverName, request.getServerPort(), request.getContextPath());
    }

    if (redirect) {
      return false;
    }

    return true;
  }
Пример #19
0
  private User getUser(UserRole organizationUserRole, UserRole groupUserRole) {
    User user = getUser();

    Role orgRole = null;
    if (organizationUserRole != null) {
      orgRole = roleService.getRoleByAuthority(organizationUserRole.name());
      user.getRoles().add(orgRole);
    }
    Role groupRole = null;
    if (groupUserRole != null) {
      groupRole = roleService.getRoleByAuthority(groupUserRole.name());
      user.getRoles().add(groupRole);
    }

    Organization organization = createOrganization();

    Application application =
        createApplication(
            organization.getCategories().get(0), "Test Application", AppState.GROUP_PUBLISH);
    Application application2 =
        createApplication(
            organization.getCategories().get(0),
            "Test Application 2",
            AppState.ORGANIZATION_PUBLISH);

    Group group = createGroup(organization);

    group.getOwnedApplications().add(application);
    group.getOwnedApplications().add(application2);

    organization.getGroups().add(group);

    userService.save(user);

    organizationService.getAll();

    if (groupRole != null) {
      UserDomain userDomainGroup = new UserDomain();
      userDomainGroup.setUser(user);
      userDomainGroup.setDomainId(group.getId());
      userDomainGroup.setDomainType(DomainType.GROUP);
      userDomainGroup.setRole(groupRole);
      userDomainGroup.setDomainId(group.getId());

      user.getUserDomains().add(userDomainGroup);
    }

    if (orgRole != null) {
      UserDomain userDomainOrg = new UserDomain();
      userDomainOrg.setUser(user);
      userDomainOrg.setDomainId(group.getId());
      userDomainOrg.setDomainType(DomainType.ORGANIZATION);
      userDomainOrg.setRole(orgRole);
      userDomainOrg.setDomainId(organization.getId());

      user.getUserDomains().add(userDomainOrg);
    }

    userService.save(user);

    entityManager.flush();

    return user;
  }