@Test
public void testException() throws Exception {
try {
ClassLookup.find().orThrow(new NullPointerException()).get();
fail(NullPointerException.class.getSimpleName() + " expected");
} catch (NullPointerException e) {
// expected
}
try {
ClassLookup.find().orThrow(new IOException()).get();
fail(RuntimeException.class.getSimpleName() + " expected");
} catch (RuntimeException e) {
assertSame(IOException.class, e.getCause().getClass());
}
String msg = "I knew it!";
try {
ClassLookup.find().orThrow(msg).get();
fail(RuntimeException.class.getSimpleName() + " expected");
} catch (RuntimeException e) {
assertEquals(true, e.toString().endsWith(ExceptionUtils.getMessage(e)));
}
try {
ClassLookup.find().orThrow(msg).list();
fail(RuntimeException.class.getSimpleName() + " expected");
} catch (Exception e) {
assertEquals(true, e.toString().endsWith(ExceptionUtils.getMessage(e)));
}
}
/**
* Prepares the monitoring objects for the command by the default behavior:
*
* <ul>
* <li>{@link ExecutionContext} determines how the command should be monitored. By default,
* non-internal commands will be associated with {@code Job} to represent the command
* execution. Internal commands will not be monitored by default, therefore the {@code
* ExecutionContext} is created as non-monitored context.
* <li>{@link Job} is created for monitored actions
* </ul>
*
* @param command The created instance of the command (can't be <code>null</code>).
* @param actionType The action type of the command
* @param runAsInternal Indicates if the command should be run as internal action or not
* @param hasCorrelationId Indicates if the current command was executed under a correlation-ID
*/
public static void prepareCommandForMonitoring(
CommandBase<?> command, VdcActionType actionType, boolean runAsInternal) {
ExecutionContext context = command.getExecutionContext();
if (context == null) {
context = new ExecutionContext();
}
try {
boolean isMonitored = shouldMonitorCommand(actionType, runAsInternal);
// A monitored job is created for monitored external flows
if (isMonitored || context.isJobRequired()) {
Job job = getJob(command, actionType);
context.setExecutionMethod(ExecutionMethod.AsJob);
context.setJob(job);
command.setExecutionContext(context);
command.setJobId(job.getId());
context.setMonitored(true);
}
} catch (Exception e) {
log.errorFormat(
"Failed to prepare command of type {0} for monitoring due to error {1}",
actionType.name(), ExceptionUtils.getMessage(e), e);
}
}
@With({UserCredentialWrapFilter.class, ConnectToDBFilter.class})
public static Result unfollow(String toUnfollowUsername) {
String currentUsername = DbHelper.currentUsername();
try {
boolean success = FriendShipService.unfollow(currentUsername, toUnfollowUsername);
if (success) {
return ok();
} else {
return notFound("User " + currentUsername + " is not a friend of " + toUnfollowUsername);
}
} catch (UserNotFoundException e) {
return notFound(ExceptionUtils.getMessage(e));
} catch (Exception e) {
return internalServerError(ExceptionUtils.getMessage(e));
}
}
@Override
public void init() {
try {
// Use GM
GMOperation op = new GMOperation();
// Pipe
op.addImage(this.inputFile.getAbsolutePath());
op.addImage(this.outputFile.getAbsolutePath());
// GM command
ConvertCmd convert = new ConvertCmd(true);
// Run
convert.run(op);
} catch (InterruptedException e) {
logger.error("Image convert with error: {}.", ExceptionUtils.getMessage(e));
} catch (IM4JavaException e) {
logger.error("Image convert with error: {}.", ExceptionUtils.getMessage(e));
} catch (IOException e) {
logger.error("Image convert with error: {}.", ExceptionUtils.getMessage(e));
}
}
@With({UserCredentialWrapFilter.class, ConnectToDBFilter.class})
public static Result disable() {
try {
UserService.disableCurrentUser();
} catch (UserNotFoundException e) {
return badRequest(ExceptionUtils.getMessage(e));
} catch (OpenTransactionException e) {
BaasBoxLogger.error(ExceptionUtils.getFullStackTrace(e));
throw new RuntimeException(e);
}
return ok();
}
@With({UserCredentialWrapFilter.class, ConnectToDBFilter.class})
public static Result follow(String toFollowUsername) {
String currentUsername = DbHelper.currentUsername();
try {
UserService.getOUserByUsername(currentUsername);
} catch (Exception e) {
return internalServerError(ExceptionUtils.getMessage(e));
}
try {
ODocument followed = FriendShipService.follow(currentUsername, toFollowUsername);
return created(prepareResponseToJson(followed));
} catch (UserToFollowNotExistsException e) {
return notFound(ExceptionUtils.getMessage(e));
} catch (UserNotFoundException e) {
return internalServerError(ExceptionUtils.getMessage(e));
} catch (AlreadyFriendsException e) {
return badRequest(ExceptionUtils.getMessage(e));
} catch (SqlInjectionException e) {
return badRequest(
"The username "
+ toFollowUsername
+ " is not a valid username. HINT: check if it contains invalid character, the server has encountered a possible SQL Injection attack");
} catch (IllegalArgumentException e) {
return badRequest(ExceptionUtils.getMessage(e));
} catch (Exception e) {
return internalServerError(ExceptionUtils.getMessage(e));
}
}
/** @inheritDoc */
@Override
public void printError(Throwable e) {
switch (config.getVerboseLevel()) {
case VERBOSE:
output.printError(e);
break;
case SILENT:
break;
case BRIEF:
default:
output.printMessage("#" + ExceptionUtils.getMessage(e));
break;
}
}
public static void loadDbFacadeConfig() throws Exception {
boolean configSucceeded = false;
final String ENGINE_CONF_FILE = "/etc/ovirt-engine/engine.conf";
final String ON_START_CONNECTION_TIMEOUT = "OnStartConnectionTimeout";
final String CONNECTION_CHECK_INTERVAL = "ConnectionCheckInterval";
final String DEFAULT_TIMEOUT_VALUE = "300000";
final String DEFAULT_INTERVAL_VALUE = "1000";
InputStream inputStream = null;
try {
String onStartConnectionTimeout = null;
String connectionCheckInterval = null;
Properties props = new Properties();
if (FileUtil.fileExists(ENGINE_CONF_FILE)) {
// File exists, load /etc/ovirt-engine/engine.conf and set values in DbFacade
inputStream = new FileInputStream(ENGINE_CONF_FILE);
props.load(inputStream);
onStartConnectionTimeout = props.getProperty(ON_START_CONNECTION_TIMEOUT);
connectionCheckInterval = props.getProperty(CONNECTION_CHECK_INTERVAL);
if (!validNumber(onStartConnectionTimeout)) {
onStartConnectionTimeout = DEFAULT_TIMEOUT_VALUE;
}
if (!validNumber(connectionCheckInterval)) {
connectionCheckInterval = DEFAULT_INTERVAL_VALUE;
}
} else {
// File does not exist - use defaults
log.warn(
String.format(
"%1$s file is not found. Please check your engine installation. "
+ "Default values will be used",
ENGINE_CONF_FILE));
onStartConnectionTimeout = DEFAULT_TIMEOUT_VALUE;
connectionCheckInterval = DEFAULT_INTERVAL_VALUE;
}
dbFacade.setOnStartConnectionTimeout(Integer.parseInt(onStartConnectionTimeout));
dbFacade.setConnectionCheckInterval(Integer.parseInt(connectionCheckInterval));
configSucceeded = true;
} catch (Exception ex) {
log.error("Error in configuration of db facade " + ExceptionUtils.getMessage(ex));
} finally {
if (!configSucceeded) {
dbFacade.setOnStartConnectionTimeout(300000);
dbFacade.setConnectionCheckInterval(1000);
}
if (inputStream != null) {
inputStream.close();
}
}
}
@With({UserCredentialWrapFilter.class, ConnectToDBFilter.class, ExtractQueryParameters.class})
public static Result getUsers() {
if (BaasBoxLogger.isTraceEnabled()) BaasBoxLogger.trace("Method Start");
Context ctx = Http.Context.current.get();
QueryParams criteria = (QueryParams) ctx.args.get(IQueryParametersKeys.QUERY_PARAMETERS);
List<ODocument> profiles = null;
;
try {
profiles = UserService.getUsers(criteria, true);
} catch (SqlInjectionException e) {
return badRequest(
ExceptionUtils.getMessage(e) + " -- " + ExceptionUtils.getRootCauseMessage(e));
}
String result = prepareResponseToJson(profiles);
if (BaasBoxLogger.isTraceEnabled()) BaasBoxLogger.trace("Method End");
return ok(result);
}
@Override
public void destroy() {
if (this.outputFile != null && this.outputFile.exists() && this.outputFile.isFile()) {
try {
boolean deleted = this.outputFile.delete();
if (deleted) {
logger.info("Temp file {} has been deleted.", this.outputFile.getAbsolutePath());
} else {
logger.warn("Temp file {} can not be deleted.", this.outputFile.getAbsolutePath());
}
} catch (SecurityException e) {
logger.error(
"Try to delete temp file {} with Security Exception: {}",
this.outputFile.getAbsolutePath(),
ExceptionUtils.getMessage(e));
}
}
}
@With({UserCredentialWrapFilter.class, ConnectToDBFilter.class})
@BodyParser.Of(BodyParser.Json.class)
public static Result changeUserName() throws UserNotFoundException {
Http.RequestBody body = request().body();
JsonNode bodyJson = body.asJson();
if (BaasBoxLogger.isTraceEnabled()) BaasBoxLogger.trace("updateuserName bodyJson: " + bodyJson);
if (bodyJson == null)
return badRequest(
"The body payload cannot be empty. Hint: put in the request header Content-Type: application/json");
if (bodyJson.get("username") == null || !bodyJson.get("username").isTextual())
return badRequest("'username' field must be a String");
String newUsername = bodyJson.get("username").asText();
try {
UserService.changeUsername(DbHelper.getCurrentHTTPUsername(), newUsername);
} catch (OpenTransactionException e) {
return internalServerError(ExceptionUtils.getMessage(e));
} catch (SqlInjectionException e) {
return badRequest("Username not valid");
}
return ok();
}
@With({AdminCredentialWrapFilter.class, ConnectToDBFilter.class})
public static Result resetPasswordStep1(String username) {
if (BaasBoxLogger.isTraceEnabled()) BaasBoxLogger.trace("Method Start");
// check and validate input
if (username == null)
return badRequest(
"The 'username' field is missing in the URL, please check the documentation");
if (!UserService.exists(username)) return badRequest("Username " + username + " not found!");
QueryParams criteria =
QueryParams.getInstance().where("user.name=?").params(new String[] {username});
ODocument user;
try {
List<ODocument> users = UserService.getUsers(criteria);
user = UserService.getUsers(criteria).get(0);
ODocument attrObj = user.field(UserDao.ATTRIBUTES_VISIBLE_ONLY_BY_THE_USER);
if (attrObj == null || attrObj.field("email") == null)
return badRequest(
"Cannot reset password, the \"email\" attribute is not defined into the user's private profile");
// if (UserService.checkResetPwdAlreadyRequested(username)) return badRequest("You have
// already requested a reset of your password.");
String appCode = (String) Http.Context.current.get().args.get("appcode");
UserService.sendResetPwdMail(appCode, user);
} catch (PasswordRecoveryException e) {
BaasBoxLogger.warn("resetPasswordStep1", e);
return badRequest(ExceptionUtils.getMessage(e));
} catch (Exception e) {
BaasBoxLogger.warn("resetPasswordStep1", e);
return internalServerError(ExceptionUtils.getFullStackTrace(e));
}
if (BaasBoxLogger.isTraceEnabled()) BaasBoxLogger.trace("Method End");
return ok();
}
@With({UserCredentialWrapFilter.class, ConnectToDBFilter.class})
@BodyParser.Of(BodyParser.Json.class)
public static Result updateProfile() {
if (BaasBoxLogger.isTraceEnabled()) BaasBoxLogger.trace("Method Start");
Http.RequestBody body = request().body();
JsonNode bodyJson = body.asJson();
if (BaasBoxLogger.isTraceEnabled()) BaasBoxLogger.trace("updateProfile bodyJson: " + bodyJson);
if (bodyJson == null)
return badRequest(
"The body payload cannot be empty. Hint: put in the request header Content-Type: application/json");
// extract the profile fields
JsonNode nonAppUserAttributes = bodyJson.get(UserDao.ATTRIBUTES_VISIBLE_BY_ANONYMOUS_USER);
JsonNode privateAttributes = bodyJson.get(UserDao.ATTRIBUTES_VISIBLE_ONLY_BY_THE_USER);
JsonNode friendsAttributes = bodyJson.get(UserDao.ATTRIBUTES_VISIBLE_BY_FRIENDS_USER);
JsonNode appUsersAttributes = bodyJson.get(UserDao.ATTRIBUTES_VISIBLE_BY_REGISTERED_USER);
if (privateAttributes != null && privateAttributes.has("email")) {
// check if email address is valid
if (!Util.validateEmail((String) privateAttributes.findValuesAsText("email").get(0)))
return badRequest("The email address must be valid.");
}
ODocument profile;
try {
profile =
UserService.updateCurrentProfile(
nonAppUserAttributes, privateAttributes, friendsAttributes, appUsersAttributes);
} catch (Throwable e) {
BaasBoxLogger.warn("updateProfile", e);
if (Play.isDev()) return internalServerError(ExceptionUtils.getFullStackTrace(e));
else return internalServerError(ExceptionUtils.getMessage(e));
}
if (BaasBoxLogger.isTraceEnabled()) BaasBoxLogger.trace("Method End");
return ok(prepareResponseToJson(profile));
} // updateProfile
/**
* * Returns the followers of the current user
*
* @return
*/
@With({UserCredentialWrapFilter.class, ConnectToDBFilter.class, ExtractQueryParameters.class})
public static Result followers(boolean justCountThem, String username) {
if (StringUtils.isEmpty(username)) username = DbHelper.currentUsername();
Context ctx = Http.Context.current.get();
QueryParams criteria = (QueryParams) ctx.args.get(IQueryParametersKeys.QUERY_PARAMETERS);
List<ODocument> listOfFollowers = new ArrayList<ODocument>();
long count = 0;
try {
if (justCountThem) count = FriendShipService.getCountFriendsOf(username, criteria);
else listOfFollowers = FriendShipService.getFriendsOf(username, criteria);
} catch (InvalidCriteriaException e) {
return badRequest(ExceptionUtils.getMessage(e));
} catch (SqlInjectionException e) {
return badRequest(
"The parameters you passed are incorrect. HINT: check if the querystring is correctly encoded");
}
if (justCountThem) {
response().setContentType("application/json");
return ok("{\"count\": " + count + " }");
} else {
String ret = prepareResponseToJson(listOfFollowers);
return ok(ret);
}
}
// NOTE: this controller is called via a web link by a mail client to reset the user's password
// Filters to extract username/appcode/atc.. from the headers have no sense in this case
public static Result resetPasswordStep2(String base64) throws ResetPasswordException {
// loads the received token and extracts data by the hashcode in the url
String tokenReceived = "";
String appCode = "";
String username = "";
String tokenId = "";
String adminUser = "";
String adminPassword = "";
Boolean isJSON = false;
ObjectNode result = Json.newObject();
if (base64.endsWith(".json")) {
isJSON = true;
}
try {
// if isJSON it's true, in input I have a json. So I need to delete the "extension" .json
if (isJSON) {
base64 = base64.substring(0, base64.lastIndexOf('.'));
}
tokenReceived = new String(Base64.decodeBase64(base64.getBytes()));
if (BaasBoxLogger.isDebugEnabled())
BaasBoxLogger.debug("resetPasswordStep2 - sRandom: " + tokenReceived);
// token format should be APP_Code%%%%Username%%%%ResetTokenId
String[] tokens = tokenReceived.split("%%%%");
if (tokens.length != 3)
throw new Exception(
"The reset password code is invalid. Please repeat the reset password procedure");
appCode = tokens[0];
username = tokens[1];
tokenId = tokens[2];
adminUser = BBConfiguration.configuration.getString(IBBConfigurationKeys.ADMIN_USERNAME);
adminPassword = BBConfiguration.configuration.getString(IBBConfigurationKeys.ADMIN_PASSWORD);
try {
DbHelper.open(appCode, adminUser, adminPassword);
} catch (InvalidAppCodeException e1) {
throw new Exception(
"The code to reset the password seems to be invalid. Please repeat the reset password procedure");
}
boolean isTokenValid = ResetPwdDao.getInstance().verifyTokenStep1(base64, username);
if (!isTokenValid)
throw new Exception(
"Reset password procedure is expired! Please repeat the reset password procedure");
} catch (Exception e) {
if (isJSON) {
result.put("status", "KO");
result.put("user_name", username);
result.put("error", ExceptionUtils.getMessage(e));
result.put(
"application_name",
com.baasbox.configuration.Application.APPLICATION_NAME.getValueAsString());
DbHelper.getConnection().close();
return badRequest(result);
} else {
ST pageTemplate =
new ST(PasswordRecovery.PAGE_HTML_FEEDBACK_TEMPLATE.getValueAsString(), '$', '$');
pageTemplate.add("user_name", username);
pageTemplate.add("error", ExceptionUtils.getMessage(e));
pageTemplate.add(
"application_name",
com.baasbox.configuration.Application.APPLICATION_NAME.getValueAsString());
return badRequest(Html.apply(pageTemplate.render()));
}
}
String tokenStep2 = ResetPwdDao.getInstance().setTokenStep2(username, appCode);
if (isJSON) {
result.put("user_name", username);
result.put("link", "/user/password/reset/" + tokenStep2 + ".json");
result.put("token", tokenStep2);
result.put(
"application_name",
com.baasbox.configuration.Application.APPLICATION_NAME.getValueAsString());
DbHelper.getConnection().close();
return ok(result);
} else {
ST pageTemplate = new ST(PasswordRecovery.PAGE_HTML_TEMPLATE.getValueAsString(), '$', '$');
pageTemplate.add(
"form_template",
"<form action='/user/password/reset/"
+ tokenStep2
+ "' method='POST' id='reset_pwd_form'>"
+ "<label for='password'>New password</label>"
+ "<input type='password' id='password' name='password' />"
+ "<label for='repeat-password'>Repeat the new password</label>"
+ "<input type='password' id='repeat-password' name='repeat-password' />"
+ "<button type='submit' id='reset_pwd_submit'>Reset the password</button>"
+ "</form>");
pageTemplate.add("user_name", username);
pageTemplate.add("link", "/user/password/reset/" + tokenStep2);
pageTemplate.add("password", "password");
pageTemplate.add("repeat_password", "repeat-password");
pageTemplate.add("token", tokenStep2);
pageTemplate.add(
"application_name",
com.baasbox.configuration.Application.APPLICATION_NAME.getValueAsString());
DbHelper.getConnection().close();
return ok(Html.apply(pageTemplate.render()));
}
}
@With({AdminCredentialWrapFilter.class, ConnectToDBFilter.class})
@BodyParser.Of(BodyParser.Json.class)
public static Result signUp() throws JsonProcessingException, IOException {
if (BaasBoxLogger.isTraceEnabled()) BaasBoxLogger.trace("Method Start");
Http.RequestBody body = request().body();
JsonNode bodyJson = body.asJson();
if (BaasBoxLogger.isTraceEnabled()) BaasBoxLogger.trace("signUp bodyJson: " + bodyJson);
if (bodyJson == null)
return badRequest(
"The body payload cannot be empty. Hint: put in the request header Content-Type: application/json");
// check and validate input
if (!bodyJson.has("username")) return badRequest("The 'username' field is missing");
if (!bodyJson.has("password")) return badRequest("The 'password' field is missing");
// extract mandatory fields
JsonNode nonAppUserAttributes = bodyJson.get(UserDao.ATTRIBUTES_VISIBLE_BY_ANONYMOUS_USER);
JsonNode privateAttributes = bodyJson.get(UserDao.ATTRIBUTES_VISIBLE_ONLY_BY_THE_USER);
JsonNode friendsAttributes = bodyJson.get(UserDao.ATTRIBUTES_VISIBLE_BY_FRIENDS_USER);
JsonNode appUsersAttributes = bodyJson.get(UserDao.ATTRIBUTES_VISIBLE_BY_REGISTERED_USER);
String username = (String) bodyJson.findValuesAsText("username").get(0);
String password = (String) bodyJson.findValuesAsText("password").get(0);
String appcode = (String) ctx().args.get("appcode");
if (privateAttributes != null && privateAttributes.has("email")) {
// check if email address is valid
if (!Util.validateEmail((String) privateAttributes.findValuesAsText("email").get(0)))
return badRequest("The email address must be valid.");
}
if (StringUtils.isEmpty(password)) return status(422, "The password field cannot be empty");
// try to signup new user
ODocument profile = null;
try {
UserService.signUp(
username,
password,
null,
nonAppUserAttributes,
privateAttributes,
friendsAttributes,
appUsersAttributes,
false);
// due to issue 412, we have to reload the profile
profile = UserService.getUserProfilebyUsername(username);
} catch (InvalidJsonException e) {
if (BaasBoxLogger.isDebugEnabled()) BaasBoxLogger.debug("signUp", e);
return badRequest("One or more profile sections is not a valid JSON object");
} catch (UserAlreadyExistsException e) {
if (BaasBoxLogger.isDebugEnabled()) BaasBoxLogger.debug("signUp", e);
// Return a generic error message if the username is already in use.
return badRequest("Error signing up");
} catch (EmailAlreadyUsedException e) {
// Return a generic error message if the email is already in use.
if (BaasBoxLogger.isDebugEnabled()) BaasBoxLogger.debug("signUp", e);
return badRequest("Error signing up");
} catch (Throwable e) {
BaasBoxLogger.warn("signUp", e);
if (Play.isDev()) return internalServerError(ExceptionUtils.getFullStackTrace(e));
else return internalServerError(ExceptionUtils.getMessage(e));
}
if (BaasBoxLogger.isTraceEnabled()) BaasBoxLogger.trace("Method End");
ImmutableMap<SessionKeys, ? extends Object> sessionObject =
SessionTokenProvider.getSessionTokenProvider().setSession(appcode, username, password);
response()
.setHeader(SessionKeys.TOKEN.toString(), (String) sessionObject.get(SessionKeys.TOKEN));
String result = prepareResponseToJson(profile);
ObjectMapper mapper = new ObjectMapper();
result =
result.substring(0, result.lastIndexOf("}"))
+ ",\""
+ SessionKeys.TOKEN.toString()
+ "\":\""
+ (String) sessionObject.get(SessionKeys.TOKEN)
+ "\"}";
JsonNode jn = mapper.readTree(result);
return created(jn);
}
// NOTE: this controller is called via a web form by a browser to reset the user's password
// Filters to extract username/appcode/atc.. from the headers have no sense in this case
public static Result resetPasswordStep3(String base64) {
String tokenReceived = "";
String appCode = "";
String username = "";
String tokenId = "";
Map<String, String[]> bodyForm = null;
Boolean isJSON = false;
ObjectNode result = Json.newObject();
if (base64.endsWith(".json")) {
isJSON = true;
}
try {
// if isJSON it's true, in input I have a json. So I need to delete the "extension" .json
if (isJSON) {
base64 = base64.substring(0, base64.lastIndexOf('.'));
}
// loads the received token and extracts data by the hashcode in the url
tokenReceived = new String(Base64.decodeBase64(base64.getBytes()));
if (BaasBoxLogger.isDebugEnabled())
BaasBoxLogger.debug("resetPasswordStep3 - sRandom: " + tokenReceived);
// token format should be APP_Code%%%%Username%%%%ResetTokenId
String[] tokens = tokenReceived.split("%%%%");
if (tokens.length != 3) return badRequest("The reset password code is invalid.");
appCode = tokens[0];
username = tokens[1];
tokenId = tokens[2];
String adminUser =
BBConfiguration.configuration.getString(IBBConfigurationKeys.ADMIN_USERNAME);
String adminPassword =
BBConfiguration.configuration.getString(IBBConfigurationKeys.ADMIN_PASSWORD);
try {
DbHelper.open(appCode, adminUser, adminPassword);
} catch (InvalidAppCodeException e1) {
throw new Exception("The code to reset the password seems to be invalid");
}
if (!UserService.exists(username)) throw new Exception("User not found!");
boolean isTokenValid = ResetPwdDao.getInstance().verifyTokenStep2(base64, username);
if (!isTokenValid)
throw new Exception(
"Reset Code not found or expired! Please repeat the reset password procedure");
Http.RequestBody body = request().body();
bodyForm = body.asFormUrlEncoded();
if (bodyForm == null)
throw new Exception(
"Error getting submitted data. Please repeat the reset password procedure");
} catch (Exception e) {
if (isJSON) {
result.put("user_name", username);
result.put("error", ExceptionUtils.getMessage(e));
result.put(
"application_name",
com.baasbox.configuration.Application.APPLICATION_NAME.getValueAsString());
DbHelper.getConnection().close();
return badRequest(result);
} else {
ST pageTemplate =
new ST(PasswordRecovery.PAGE_HTML_FEEDBACK_TEMPLATE.getValueAsString(), '$', '$');
pageTemplate.add("user_name", username);
pageTemplate.add("error", ExceptionUtils.getMessage(e));
pageTemplate.add(
"application_name",
com.baasbox.configuration.Application.APPLICATION_NAME.getValueAsString());
DbHelper.getConnection().close();
return badRequest(Html.apply(pageTemplate.render()));
}
}
// check and validate input
String errorString = "";
if (bodyForm.get("password").length != 1) errorString = "The 'new password' field is missing";
if (bodyForm.get("repeat-password").length != 1)
errorString = "The 'repeat password' field is missing";
String password = (String) bodyForm.get("password")[0];
String repeatPassword = (String) bodyForm.get("repeat-password")[0];
if (!password.equals(repeatPassword)) {
errorString =
"The new \"password\" field and the \"repeat password\" field must be the same.";
}
if (!errorString.isEmpty()) {
if (isJSON) {
result.put("user_name", username);
result.put("link", "/user/password/reset/" + base64 + ".json");
result.put("token", base64);
result.put(
"application_name",
com.baasbox.configuration.Application.APPLICATION_NAME.getValueAsString());
result.put("error", errorString);
DbHelper.getConnection().close();
return badRequest(result);
} else {
ST pageTemplate = new ST(PasswordRecovery.PAGE_HTML_TEMPLATE.getValueAsString(), '$', '$');
pageTemplate.add(
"form_template",
"<form action='/user/password/reset/"
+ base64
+ "' method='POST' id='reset_pwd_form'>"
+ "<label for='password'>New password</label>"
+ "<input type='password' id='password' name='password' />"
+ "<label for='repeat-password'>Repeat the new password</label>"
+ "<input type='password' id='repeat-password' name='repeat-password' />"
+ "<button type='submit' id='reset_pwd_submit'>Reset the password</button>"
+ "</form>");
pageTemplate.add("user_name", username);
pageTemplate.add("link", "/user/password/reset/" + base64);
pageTemplate.add("token", base64);
pageTemplate.add("password", "password");
pageTemplate.add("repeat_password", "repeat-password");
pageTemplate.add(
"application_name",
com.baasbox.configuration.Application.APPLICATION_NAME.getValueAsString());
pageTemplate.add("error", errorString);
DbHelper.getConnection().close();
return badRequest(Html.apply(pageTemplate.render()));
}
}
try {
UserService.resetUserPasswordFinalStep(username, password);
} catch (Throwable e) {
BaasBoxLogger.warn("changeUserPassword", e);
DbHelper.getConnection().close();
if (Play.isDev()) return internalServerError(ExceptionUtils.getFullStackTrace(e));
else return internalServerError(ExceptionUtils.getMessage(e));
}
if (BaasBoxLogger.isTraceEnabled()) BaasBoxLogger.trace("Method End");
String ok_message = "Password changed";
if (isJSON) {
result.put("user_name", username);
result.put("message", ok_message);
result.put(
"application_name",
com.baasbox.configuration.Application.APPLICATION_NAME.getValueAsString());
DbHelper.getConnection().close();
return ok(result);
} else {
ST pageTemplate =
new ST(PasswordRecovery.PAGE_HTML_FEEDBACK_TEMPLATE.getValueAsString(), '$', '$');
pageTemplate.add("user_name", username);
pageTemplate.add("message", ok_message);
pageTemplate.add(
"application_name",
com.baasbox.configuration.Application.APPLICATION_NAME.getValueAsString());
DbHelper.getConnection().close();
return ok(Html.apply(pageTemplate.render()));
}
}
/**
* * Login the user. parameters: username password appcode: the App Code (API KEY) login_data:
* json serialized string containing info related to the device used by the user. In particular,
* for push notification, must by supplied: deviceId os: (android|ios)
*
* @return
* @throws SqlInjectionException
* @throws IOException
* @throws JsonProcessingException
*/
@With({NoUserCredentialWrapFilter.class})
public static Result login() throws SqlInjectionException, JsonProcessingException, IOException {
String username = "";
String password = "";
String appcode = "";
String loginData = null;
RequestBody body = request().body();
// BaasBoxLogger.debug ("Login called. The body is: {}", body);
if (body == null)
return badRequest(
"missing data: is the body x-www-form-urlencoded or application/json? Detected: "
+ request().getHeader(CONTENT_TYPE));
Map<String, String[]> bodyUrlEncoded = body.asFormUrlEncoded();
if (bodyUrlEncoded != null) {
if (bodyUrlEncoded.get("username") == null)
return badRequest("The 'username' field is missing");
else username = bodyUrlEncoded.get("username")[0];
if (bodyUrlEncoded.get("password") == null)
return badRequest("The 'password' field is missing");
else password = bodyUrlEncoded.get("password")[0];
if (bodyUrlEncoded.get("appcode") == null)
return badRequest("The 'appcode' field is missing");
else appcode = bodyUrlEncoded.get("appcode")[0];
if (BaasBoxLogger.isDebugEnabled()) BaasBoxLogger.debug("Username " + username);
if (BaasBoxLogger.isDebugEnabled()) BaasBoxLogger.debug("Password " + password);
if (BaasBoxLogger.isDebugEnabled()) BaasBoxLogger.debug("Appcode " + appcode);
if (username.equalsIgnoreCase(BBConfiguration.getBaasBoxAdminUsername())
|| username.equalsIgnoreCase(BBConfiguration.getBaasBoxUsername()))
return forbidden(username + " cannot login");
if (bodyUrlEncoded.get("login_data") != null) loginData = bodyUrlEncoded.get("login_data")[0];
if (BaasBoxLogger.isDebugEnabled()) BaasBoxLogger.debug("LoginData" + loginData);
} else {
JsonNode bodyJson = body.asJson();
if (bodyJson == null)
return badRequest(
"missing data : is the body x-www-form-urlencoded or application/json? Detected: "
+ request().getHeader(CONTENT_TYPE));
if (bodyJson.get("username") == null) return badRequest("The 'username' field is missing");
else username = bodyJson.get("username").asText();
if (bodyJson.get("password") == null) return badRequest("The 'password' field is missing");
else password = bodyJson.get("password").asText();
if (bodyJson.get("appcode") == null) return badRequest("The 'appcode' field is missing");
else appcode = bodyJson.get("appcode").asText();
if (BaasBoxLogger.isDebugEnabled()) BaasBoxLogger.debug("Username " + username);
if (BaasBoxLogger.isDebugEnabled()) BaasBoxLogger.debug("Password " + password);
if (BaasBoxLogger.isDebugEnabled()) BaasBoxLogger.debug("Appcode " + appcode);
if (username.equalsIgnoreCase(BBConfiguration.getBaasBoxAdminUsername())
|| username.equalsIgnoreCase(BBConfiguration.getBaasBoxUsername()))
return forbidden(username + " cannot login");
if (bodyJson.get("login_data") != null) loginData = bodyJson.get("login_data").asText();
if (BaasBoxLogger.isDebugEnabled()) BaasBoxLogger.debug("LoginData" + loginData);
}
/* other useful parameter to receive and to store...*/
// validate user credentials
ODatabaseRecordTx db = null;
String user = null;
try {
db = DbHelper.open(appcode, username, password);
user = prepareResponseToJson(UserService.getCurrentUser());
if (loginData != null) {
JsonNode loginInfo = null;
try {
loginInfo = Json.parse(loginData);
} catch (Exception e) {
if (BaasBoxLogger.isDebugEnabled()) BaasBoxLogger.debug("Error parsong login_data field");
if (BaasBoxLogger.isDebugEnabled())
BaasBoxLogger.debug(ExceptionUtils.getFullStackTrace(e));
return badRequest("login_data field is not a valid json string");
}
Iterator<Entry<String, JsonNode>> it = loginInfo.fields();
HashMap<String, Object> data = new HashMap<String, Object>();
while (it.hasNext()) {
Entry<String, JsonNode> element = it.next();
String key = element.getKey();
Object value = element.getValue().asText();
data.put(key, value);
}
UserService.registerDevice(data);
}
} catch (OSecurityAccessException e) {
if (BaasBoxLogger.isDebugEnabled())
BaasBoxLogger.debug("UserLogin: "******"user " + username + " unauthorized");
} catch (InvalidAppCodeException e) {
if (BaasBoxLogger.isDebugEnabled())
BaasBoxLogger.debug("UserLogin: "******"user " + username + " unauthorized");
} finally {
if (db != null && !db.isClosed()) db.close();
}
ImmutableMap<SessionKeys, ? extends Object> sessionObject =
SessionTokenProvider.getSessionTokenProvider().setSession(appcode, username, password);
response()
.setHeader(SessionKeys.TOKEN.toString(), (String) sessionObject.get(SessionKeys.TOKEN));
ObjectMapper mapper = new ObjectMapper();
user =
user.substring(0, user.lastIndexOf("}"))
+ ",\""
+ SessionKeys.TOKEN.toString()
+ "\":\""
+ (String) sessionObject.get(SessionKeys.TOKEN)
+ "\"}";
JsonNode jn = mapper.readTree(user);
return ok(jn);
}
