/** The login process starts from here. */ public HttpResponse doCommenceLogin( StaplerRequest req, StaplerResponse rsp, @QueryParameter String from, @QueryParameter String ticket) throws ServletException, IOException { // TODO write login method String puid = authenticateInWwpass(ticket, certFile, keyFile); WwpassIdentity u; try { u = loadUserByUsername(puid); } catch (UsernameNotFoundException e) { if (allowsSignup()) { req.setAttribute("errorMessage", Messages.WwpassSecurityRealm_NoSuchUserAllowsSignup()); } else { req.setAttribute("errorMessage", Messages.WwpassSecurityRealm_NoSuchUserDisableSignup()); } req.getView(this, "login.jelly").forward(req, rsp); throw e; } if (!u.isAccountNonLocked() || !u.isEnabled()) { // throw new LockedException("Account is not activated for " + puid); throw new Failure(Messages.WwpassSecurityRealm_AccountNotActivated()); } Authentication a = new WwpassAuthenticationToken(u.getNickname()); a = this.getSecurityComponents().manager.authenticate(a); SecurityContextHolder.getContext().setAuthentication(a); return new HttpRedirect(Jenkins.getInstance().getRootUrl()); }
/** * @return <code>null</code> if failed. The browser is already redirected to retry by the time * this method returns. a valid {@link User} object if the user creation was successful. */ private User createAccount(StaplerRequest req, StaplerResponse rsp, String formView) throws ServletException, IOException { SignupInfo si = new SignupInfo(req); String puid = authenticateInWwpass(si.ticket, certFile, keyFile); try { if (loadUserByUsername(puid) != null) { si.errorMessages.add(Messages.WwpassSecurityRealm_PuidIsAlreadyTaken()); } } catch (UsernameNotFoundException e) { } if (si.nickname == null || si.nickname.length() == 0) si.errorMessages.add(Messages.WwpassSecurityRealm_NicknameIsRequired()); else { User user = User.get(si.nickname, false); if (null != user) if (user.getProperty(WwpassIdentity.class) != null) si.errorMessages.add(Messages.WwpassSecurityRealm_NicknameIsAlreadyTaken()); } if (si.fullname == null || si.fullname.length() == 0) si.errorMessages.add(Messages.WwpassSecurityRealm_FullnameIsRequired()); else { User user = User.get(si.fullname, false); if (null != user) if (user.getProperty(WwpassIdentity.class) != null) si.errorMessages.add(Messages.WwpassSecurityRealm_FullnameIsAlreadyTaken()); } if (si.email == null || !si.email.contains("@")) si.errorMessages.add(Messages.WwpassSecurityRealm_InvalidEmailAddress()); if (!si.errorMessages.isEmpty()) { // failed. ask the user to try again. req.setAttribute("data", si); req.getView(this, formView).forward(req, rsp); return null; } // register the user WwpassIdentity id = new WwpassIdentity(puid); id.populate(si); User user = createAccount(id); id.updateProfile(user); user.save(); return user; }
/** Try to make this user a super-user */ private void tryToMakeAdmin(User u) throws IOException { WwpassIdentity p = u.getProperty(WwpassIdentity.class); p.activate(); u.save(); AuthorizationStrategy as = Jenkins.getInstance().getAuthorizationStrategy(); for (PermissionAdder adder : Jenkins.getInstance().getExtensionList(PermissionAdder.class)) { if (adder.add(as, u, Jenkins.ADMINISTER)) { return; } } LOGGER.severe( "Admin permission wasn't added for user: "******", ID: " + u.getId()); }
@Override public WwpassIdentity loadUserByUsername(String puid) throws UsernameNotFoundException, DataAccessException { Collection<User> all = User.getAll(); for (User u : all) { WwpassIdentity p = u.getProperty(WwpassIdentity.class); if (puid.equals(p != null ? p.getPuid() : null)) { return p; } } throw new UsernameNotFoundException("There is no any user with: " + puid); }
/** Creates a new user account by registering a password to the user. */ public User createAccount(WwpassIdentity id) throws IOException { User user = User.get(id.getNickname()); user.addProperty(id); return user; }