Google Git
Sign in
apache / archiva-redback-core / 98c98b3979f35aef0435ca779e5bf73ed22ab3af / . / redback-integrations / redback-rest / redback-rest-services / src / main / java / org / apache / archiva / redback / rest / services / DefaultPasswordService.java
blob: cd2c9b5f2e8c3a96a9aead621725bb0f12df2081 [file] [log] [blame]
package org.apache.archiva.redback.rest.services;
/*
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
import org.apache.archiva.redback.policy.PasswordEncoder;
import org.apache.archiva.redback.policy.PasswordRuleViolationException;
import org.apache.archiva.redback.policy.PasswordRuleViolations;
import org.apache.archiva.redback.users.User;
import org.apache.archiva.redback.users.UserManagerException;
import org.apache.commons.lang.StringUtils;
import org.apache.archiva.redback.keys.AuthenticationKey;
import org.apache.archiva.redback.keys.KeyManagerException;
import org.apache.archiva.redback.system.SecuritySystem;
import org.apache.archiva.redback.users.UserNotFoundException;
import org.apache.archiva.redback.integration.filter.authentication.HttpAuthenticator;
import org.apache.archiva.redback.rest.api.model.ErrorMessage;
import org.apache.archiva.redback.rest.api.services.PasswordService;
import org.apache.archiva.redback.rest.api.services.RedbackServiceException;
import org.apache.archiva.redback.rest.services.utils.PasswordValidator;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.stereotype.Service;
import javax.inject.Inject;
import javax.inject.Named;
import javax.servlet.http.HttpServletRequest;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.Response;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
/**
* @author Olivier Lamy
* @since 1.4
*/
@Service("passwordService#rest")
public class DefaultPasswordService
implements PasswordService
{
private Logger log = LoggerFactory.getLogger( getClass() );
private SecuritySystem securitySystem;
private HttpAuthenticator httpAuthenticator;
private PasswordValidator passwordValidator;
@Context
private HttpServletRequest httpServletRequest;
@Inject
public DefaultPasswordService( SecuritySystem securitySystem,
@Named("httpAuthenticator#basic") HttpAuthenticator httpAuthenticator,
PasswordValidator passwordValidator )
{
this.securitySystem = securitySystem;
this.httpAuthenticator = httpAuthenticator;
this.passwordValidator = passwordValidator;
}
public org.apache.archiva.redback.rest.api.model.User changePasswordWithKey( String password,
String passwordConfirmation,
String key )
throws RedbackServiceException
{
String principal = null;
if ( StringUtils.isEmpty( password ) )
{
throw new RedbackServiceException( "password cannot be empty", Response.Status.FORBIDDEN.getStatusCode() );
}
if ( StringUtils.isEmpty( passwordConfirmation ) )
{
throw new RedbackServiceException( "password confirmation cannot be empty",
Response.Status.FORBIDDEN.getStatusCode() );
}
if ( !StringUtils.equals( password, passwordConfirmation ) )
{
throw new RedbackServiceException( "password confirmation must be same as password",
Response.Status.FORBIDDEN.getStatusCode() );
}
try
{
AuthenticationKey authKey = securitySystem.getKeyManager().findKey( key );
principal = authKey.getForPrincipal();
String encodedPassword = passwordValidator.validatePassword( password, principal );
User user = securitySystem.getUserManager().findUser( principal, false );
user.setPassword( password );
user.setEncodedPassword( encodedPassword );
user = securitySystem.getUserManager().updateUser( user );
return new org.apache.archiva.redback.rest.api.model.User( user );
}
catch ( KeyManagerException e )
{
log.info( "issue to find key {}: {}", key, e.getMessage() );
throw new RedbackServiceException( "issue with key", Response.Status.FORBIDDEN.getStatusCode() );
}
catch ( UserNotFoundException e )
{
log.info( "user {} not found", e.getMessage() );
List<ErrorMessage> errorMessages = new ArrayList<ErrorMessage>( 2 );
ErrorMessage errorMessage = new ErrorMessage( "cannot.update.user.not.found", new String[]{ principal } );
errorMessages.add( errorMessage );
errorMessage = new ErrorMessage( "admin.deleted.account" );
errorMessages.add( errorMessage );
throw new RedbackServiceException( errorMessages );
}
catch ( UserManagerException e )
{
log.info( "UserManagerException: {}", e.getMessage() );
List<ErrorMessage> errorMessages =
Arrays.asList( new ErrorMessage().message( "UserManagerException: " + e.getMessage() ) );
throw new RedbackServiceException( errorMessages );
}
catch ( PasswordRuleViolationException e )
{
PasswordRuleViolations violations = e.getViolations();
List<ErrorMessage> errorMessages = new ArrayList<ErrorMessage>( violations.getViolations().size() );
if ( violations != null )
{
for ( String violation : violations.getLocalizedViolations() )
{
errorMessages.add( new ErrorMessage( violation ) );
}
}
throw new RedbackServiceException( errorMessages );
}
}
public org.apache.archiva.redback.rest.api.model.User changePassword( String userName, String previousPassword,
String password, String passwordConfirmation )
throws RedbackServiceException
{
if ( StringUtils.isEmpty( userName ) )
{
throw new RedbackServiceException( new ErrorMessage( "username.cannot.be.empty" ),
Response.Status.BAD_REQUEST.getStatusCode() );
}
if ( StringUtils.isEmpty( previousPassword ) )
{
throw new RedbackServiceException( new ErrorMessage( "password.previous.empty" ),
Response.Status.BAD_REQUEST.getStatusCode() );
}
if ( StringUtils.isEmpty( password ) )
{
throw new RedbackServiceException( new ErrorMessage( "password.empty" ),
Response.Status.BAD_REQUEST.getStatusCode() );
}
if ( StringUtils.isEmpty( passwordConfirmation ) )
{
throw new RedbackServiceException( new ErrorMessage( "password.confirmation.empty" ),
Response.Status.BAD_REQUEST.getStatusCode() );
}
if ( !StringUtils.equals( password, passwordConfirmation ) )
{
throw new RedbackServiceException( new ErrorMessage( "password.confirmation.same" ),
Response.Status.BAD_REQUEST.getStatusCode() );
}
try
{
User u = securitySystem.getUserManager().findUser( userName );
String previousEncodedPassword = u.getEncodedPassword();
// check oldPassword with the current one
PasswordEncoder encoder = securitySystem.getPolicy().getPasswordEncoder();
if ( !encoder.isPasswordValid( previousEncodedPassword, previousPassword ) )
{
throw new RedbackServiceException( new ErrorMessage( "password.provided.does.not.match.existing" ),
Response.Status.BAD_REQUEST.getStatusCode() );
}
u.setPassword( password );
u = securitySystem.getUserManager().updateUser( u );
return new org.apache.archiva.redback.rest.api.model.User( u );
}
catch ( UserNotFoundException e )
{
throw new RedbackServiceException( new ErrorMessage( "user.not.found" ),
Response.Status.BAD_REQUEST.getStatusCode() );
}
catch ( UserManagerException e )
{
log.info( "UserManagerException: {}", e.getMessage() );
List<ErrorMessage> errorMessages =
Arrays.asList( new ErrorMessage().message( "UserManagerException: " + e.getMessage() ) );
throw new RedbackServiceException( errorMessages );
}
}
}