Convert the Authentication mechanism from User to UserAccount.
This commit is contained in:
j2blake
parent
ee577adff7
commit
72314d3598
24 changed files with 517 additions and 379 deletions
|
|
@ -9,8 +9,8 @@ import javax.servlet.http.HttpSession;
|
|||
import org.apache.commons.logging.Log;
|
||||
import org.apache.commons.logging.LogFactory;
|
||||
|
||||
import edu.cornell.mannlib.vitro.webapp.beans.User;
|
||||
import edu.cornell.mannlib.vitro.webapp.dao.UserDao;
|
||||
import edu.cornell.mannlib.vitro.webapp.beans.UserAccount;
|
||||
import edu.cornell.mannlib.vitro.webapp.dao.UserAccountsDao;
|
||||
import edu.cornell.mannlib.vitro.webapp.dao.WebappDaoFactory;
|
||||
|
||||
/**
|
||||
|
|
@ -81,7 +81,7 @@ public class LoginStatusBean {
|
|||
/**
|
||||
* Get the current user, or null if not logged in.
|
||||
*/
|
||||
public static User getCurrentUser(HttpServletRequest request) {
|
||||
public static UserAccount getCurrentUser(HttpServletRequest request) {
|
||||
if (request == null) {
|
||||
return null;
|
||||
}
|
||||
|
|
@ -91,7 +91,7 @@ public class LoginStatusBean {
|
|||
/**
|
||||
* Get the current user, or null if not logged in.
|
||||
*/
|
||||
public static User getCurrentUser(HttpSession session) {
|
||||
public static UserAccount getCurrentUser(HttpSession session) {
|
||||
if (session == null) {
|
||||
return null;
|
||||
}
|
||||
|
|
@ -108,14 +108,14 @@ public class LoginStatusBean {
|
|||
return null;
|
||||
}
|
||||
|
||||
UserDao userDao = wadf.getUserDao();
|
||||
if (userDao == null) {
|
||||
log.error("No UserDao");
|
||||
UserAccountsDao userAccountsDao = wadf.getUserAccountsDao();
|
||||
if (userAccountsDao == null) {
|
||||
log.error("No UserAccountsDao");
|
||||
return null;
|
||||
}
|
||||
|
||||
String userUri = getBean(session).getUserURI();
|
||||
return userDao.getUserByURI(userUri);
|
||||
return userAccountsDao.getUserAccountByUri(userUri);
|
||||
}
|
||||
|
||||
// ----------------------------------------------------------------------
|
||||
|
|
|
|||
|
|
@ -22,7 +22,7 @@ import edu.cornell.mannlib.vitro.webapp.auth.identifier.IdentifierBundleFactory;
|
|||
import edu.cornell.mannlib.vitro.webapp.beans.BaseResourceBean.RoleLevel;
|
||||
import edu.cornell.mannlib.vitro.webapp.beans.Individual;
|
||||
import edu.cornell.mannlib.vitro.webapp.beans.SelfEditingConfiguration;
|
||||
import edu.cornell.mannlib.vitro.webapp.beans.User;
|
||||
import edu.cornell.mannlib.vitro.webapp.beans.UserAccount;
|
||||
import edu.cornell.mannlib.vitro.webapp.dao.IndividualDao;
|
||||
import edu.cornell.mannlib.vitro.webapp.dao.WebappDaoFactory;
|
||||
|
||||
|
|
@ -104,12 +104,12 @@ public class CommonIdentifierBundleFactory implements IdentifierBundleFactory {
|
|||
HttpServletRequest req) {
|
||||
Collection<Individual> individuals = new ArrayList<Individual>();
|
||||
|
||||
User user = LoginStatusBean.getCurrentUser(req);
|
||||
UserAccount user = LoginStatusBean.getCurrentUser(req);
|
||||
if (user == null) {
|
||||
log.debug("No Associated Individuals: not logged in.");
|
||||
return individuals;
|
||||
}
|
||||
String username = user.getUsername();
|
||||
String emailAddress = user.getEmailAddress();
|
||||
|
||||
WebappDaoFactory wdf = (WebappDaoFactory) context
|
||||
.getAttribute("webappDaoFactory");
|
||||
|
|
@ -121,20 +121,20 @@ public class CommonIdentifierBundleFactory implements IdentifierBundleFactory {
|
|||
IndividualDao indDao = wdf.getIndividualDao();
|
||||
|
||||
SelfEditingConfiguration sec = SelfEditingConfiguration.getBean(req);
|
||||
String uri = sec.getIndividualUriFromUsername(indDao, username);
|
||||
String uri = sec.getIndividualUriFromUsername(indDao, emailAddress);
|
||||
if (uri == null) {
|
||||
log.debug("Could not find an Individual with a netId of "
|
||||
+ username);
|
||||
+ emailAddress);
|
||||
return individuals;
|
||||
}
|
||||
|
||||
Individual ind = indDao.getIndividualByURI(uri);
|
||||
if (ind == null) {
|
||||
log.warn("Found a URI for the netId " + username
|
||||
log.warn("Found a URI for the netId " + emailAddress
|
||||
+ " but could not build Individual");
|
||||
return individuals;
|
||||
}
|
||||
log.debug("Found an Individual for netId " + username + " URI: " + uri);
|
||||
log.debug("Found an Individual for netId " + emailAddress + " URI: " + uri);
|
||||
|
||||
individuals.add(ind);
|
||||
return individuals;
|
||||
|
|
|
|||
|
|
@ -30,6 +30,11 @@ public class PermissionSetsLoader implements ServletContextListener {
|
|||
private static final Log log = LogFactory
|
||||
.getLog(PermissionSetsLoader.class);
|
||||
|
||||
public static final String URI_SELF_EDITOR = "http://permissionSet-1";
|
||||
public static final String URI_EDITOR = "http://permissionSet-4";
|
||||
public static final String URI_CURATOR = "http://permissionSet-5";
|
||||
public static final String URI_DBA = "http://permissionSet-50";
|
||||
|
||||
@Override
|
||||
public void contextInitialized(ServletContextEvent sce) {
|
||||
ServletContext ctx = sce.getServletContext();
|
||||
|
|
@ -46,10 +51,10 @@ public class PermissionSetsLoader implements ServletContextListener {
|
|||
.getUserAccountsModel();
|
||||
|
||||
ModelWrapper wrapper = new ModelWrapper(model);
|
||||
wrapper.createPermissionSet("1", "Self Editor");
|
||||
wrapper.createPermissionSet("2", "Editor");
|
||||
wrapper.createPermissionSet("3", "Curator");
|
||||
wrapper.createPermissionSet("4", "Site Admin");
|
||||
wrapper.createPermissionSet(URI_SELF_EDITOR, "Self Editor");
|
||||
wrapper.createPermissionSet(URI_EDITOR, "Editor");
|
||||
wrapper.createPermissionSet(URI_CURATOR, "Curator");
|
||||
wrapper.createPermissionSet(URI_DBA, "Site Admin");
|
||||
} catch (Exception e) {
|
||||
log.error("could not run PermissionSetsLoader" + e);
|
||||
AbortStartup.abortStartup(ctx);
|
||||
|
|
@ -77,9 +82,7 @@ public class PermissionSetsLoader implements ServletContextListener {
|
|||
permissionSet = model.createResource(VitroVocabulary.PERMISSIONSET);
|
||||
}
|
||||
|
||||
public void createPermissionSet(String uriSuffix, String label) {
|
||||
String uri = "http://permissionSet-" + uriSuffix;
|
||||
|
||||
public void createPermissionSet(String uri, String label) {
|
||||
model.enterCriticalSection(Lock.WRITE);
|
||||
try {
|
||||
Resource r = model.createResource(uri);
|
||||
|
|
|
|||
|
|
@ -2,6 +2,8 @@
|
|||
|
||||
package edu.cornell.mannlib.vitro.webapp.beans;
|
||||
|
||||
import java.util.Set;
|
||||
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
|
||||
import org.apache.commons.logging.Log;
|
||||
|
|
@ -9,6 +11,7 @@ import org.apache.commons.logging.LogFactory;
|
|||
import org.openrdf.model.impl.URIImpl;
|
||||
|
||||
import edu.cornell.mannlib.vedit.beans.LoginStatusBean;
|
||||
import edu.cornell.mannlib.vitro.webapp.auth.permissions.PermissionSetsLoader;
|
||||
import edu.cornell.mannlib.vitro.webapp.dao.VitroVocabulary;
|
||||
|
||||
public class BaseResourceBean implements ResourceBean {
|
||||
|
|
@ -69,17 +72,20 @@ public class BaseResourceBean implements ResourceBean {
|
|||
}
|
||||
|
||||
public static RoleLevel getRoleFromLoginStatus(HttpServletRequest req) {
|
||||
User u = LoginStatusBean.getCurrentUser(req);
|
||||
UserAccount u = LoginStatusBean.getCurrentUser(req);
|
||||
if (u == null) {
|
||||
return PUBLIC;
|
||||
} else if ("1".equals(u.getRoleURI())) {
|
||||
return SELF;
|
||||
} else if ("4".equals(u.getRoleURI())) {
|
||||
return EDITOR;
|
||||
} else if ("5".equals(u.getRoleURI())) {
|
||||
}
|
||||
|
||||
Set<String> roles = u.getPermissionSetUris();
|
||||
if (roles.contains(PermissionSetsLoader.URI_DBA)) {
|
||||
return DB_ADMIN;
|
||||
} else if (roles.contains(PermissionSetsLoader.URI_CURATOR)) {
|
||||
return CURATOR;
|
||||
} else if ("50".equals(u.getRoleURI())) {
|
||||
return DB_ADMIN;
|
||||
} else if (roles.contains(PermissionSetsLoader.URI_EDITOR)) {
|
||||
return EDITOR;
|
||||
} else if (roles.contains(PermissionSetsLoader.URI_SELF_EDITOR)) {
|
||||
return SELF;
|
||||
} else {
|
||||
return PUBLIC;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -87,6 +87,7 @@ public class SelfEditingConfiguration {
|
|||
}
|
||||
}
|
||||
|
||||
// TODO JB This should move to UserAccountsDao.
|
||||
public String getIndividualUriFromUsername(IndividualDao indDao,
|
||||
String username) {
|
||||
if (indDao == null) {
|
||||
|
|
|
|||
|
|
@ -13,6 +13,7 @@ import org.apache.commons.logging.Log;
|
|||
import org.apache.commons.logging.LogFactory;
|
||||
|
||||
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.Actions;
|
||||
import edu.cornell.mannlib.vitro.webapp.beans.UserAccount;
|
||||
import edu.cornell.mannlib.vitro.webapp.controller.VitroRequest;
|
||||
import edu.cornell.mannlib.vitro.webapp.controller.freemarker.FreemarkerHttpServlet;
|
||||
import edu.cornell.mannlib.vitro.webapp.controller.freemarker.UrlBuilder;
|
||||
|
|
@ -31,7 +32,7 @@ public class AdminLoginController extends FreemarkerHttpServlet {
|
|||
private static final Log log = LogFactory
|
||||
.getLog(AdminLoginController.class);
|
||||
|
||||
public static final String PARAMETER_USERNAME = "username";
|
||||
public static final String PARAMETER_EMAIL_ADDRESS = "email";
|
||||
public static final String PARAMETER_PASSWORD = "password";
|
||||
public static final String PARAMETER_NEW_PASSWORD = "newPassword";
|
||||
public static final String PARAMETER_CONFIRM_PASSWORD = "confirmPassword";
|
||||
|
|
@ -41,7 +42,7 @@ public class AdminLoginController extends FreemarkerHttpServlet {
|
|||
|
||||
public static final String TEMPLATE_NAME = "adminLogin.ftl";
|
||||
|
||||
private static final String MESSAGE_NO_USERNAME = "errorNoUser";
|
||||
private static final String MESSAGE_NO_EMAIL_ADDRESS = "errorNoEmail";
|
||||
private static final String MESSAGE_NO_PASSWORD = "errorNoPassword";
|
||||
private static final String MESSAGE_LOGIN_FAILED = "errorLoginFailed";
|
||||
private static final String MESSAGE_NEW_PASSWORD_REQUIRED = "newPasswordRequired";
|
||||
|
|
@ -65,32 +66,37 @@ public class AdminLoginController extends FreemarkerHttpServlet {
|
|||
private static class Core {
|
||||
private final Authenticator auth;
|
||||
|
||||
private final String username;
|
||||
private final String emailAddress;
|
||||
private final String password;
|
||||
private final String newPassword;
|
||||
private final String confirmPassword;
|
||||
private final UserAccount userAccount;
|
||||
|
||||
public Core(VitroRequest vreq) {
|
||||
this.auth = Authenticator.getInstance(vreq);
|
||||
|
||||
this.username = nonNull(vreq.getParameter(PARAMETER_USERNAME));
|
||||
this.emailAddress = nonNull(vreq
|
||||
.getParameter(PARAMETER_EMAIL_ADDRESS));
|
||||
this.password = nonNull(vreq.getParameter(PARAMETER_PASSWORD));
|
||||
this.newPassword = nonNull(vreq
|
||||
.getParameter(PARAMETER_NEW_PASSWORD));
|
||||
this.confirmPassword = nonNull(vreq
|
||||
.getParameter(PARAMETER_CONFIRM_PASSWORD));
|
||||
|
||||
log.debug("Parameters: username='" + username + "', password='"
|
||||
log.debug("Parameters: email='" + emailAddress + "', password='"
|
||||
+ password + "', newPassword='" + newPassword
|
||||
+ "', confirmPassword='" + confirmPassword + "'");
|
||||
|
||||
this.userAccount = this.auth
|
||||
.getAccountForInternalAuth(emailAddress);
|
||||
}
|
||||
|
||||
public ResponseValues process() {
|
||||
if (username.isEmpty() && password.isEmpty()) {
|
||||
if (emailAddress.isEmpty() && password.isEmpty()) {
|
||||
return showForm();
|
||||
}
|
||||
if (username.isEmpty()) {
|
||||
return showForm(MESSAGE_NO_USERNAME);
|
||||
if (emailAddress.isEmpty()) {
|
||||
return showForm(MESSAGE_NO_EMAIL_ADDRESS);
|
||||
}
|
||||
if (password.isEmpty()) {
|
||||
return showForm(MESSAGE_NO_PASSWORD);
|
||||
|
|
@ -122,8 +128,8 @@ public class AdminLoginController extends FreemarkerHttpServlet {
|
|||
}
|
||||
|
||||
private boolean newPasswordRequired() {
|
||||
return auth.isCurrentPassword(username, password)
|
||||
&& auth.isPasswordChangeRequired(username);
|
||||
return auth.isCurrentPassword(userAccount, password)
|
||||
&& (userAccount.isPasswordChangeRequired());
|
||||
}
|
||||
|
||||
private boolean isPasswordValidLength(String pw) {
|
||||
|
|
@ -132,11 +138,11 @@ public class AdminLoginController extends FreemarkerHttpServlet {
|
|||
}
|
||||
|
||||
private boolean tryToLogin() {
|
||||
if (auth.isCurrentPassword(username, password)) {
|
||||
auth.recordLoginAgainstUserAccount(username, INTERNAL);
|
||||
if (auth.isCurrentPassword(userAccount, password)) {
|
||||
auth.recordLoginAgainstUserAccount(userAccount, INTERNAL);
|
||||
|
||||
if (!newPassword.isEmpty()) {
|
||||
auth.recordNewPassword(username, newPassword);
|
||||
auth.recordNewPassword(userAccount, newPassword);
|
||||
}
|
||||
|
||||
return true;
|
||||
|
|
@ -148,7 +154,7 @@ public class AdminLoginController extends FreemarkerHttpServlet {
|
|||
private ResponseValues showForm(String... codes) {
|
||||
Map<String, Object> body = new HashMap<String, Object>();
|
||||
body.put("controllerUrl", UrlBuilder.getUrl(URL_THIS));
|
||||
body.put("username", username);
|
||||
body.put("email", emailAddress);
|
||||
body.put("password", password);
|
||||
body.put("newPassword", newPassword);
|
||||
body.put("confirmPassword", confirmPassword);
|
||||
|
|
@ -158,7 +164,7 @@ public class AdminLoginController extends FreemarkerHttpServlet {
|
|||
}
|
||||
|
||||
log.debug("showing form with values: " + body);
|
||||
|
||||
|
||||
return new TemplateResponseValues(TEMPLATE_NAME, body);
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -11,7 +11,7 @@ import javax.servlet.http.HttpServletRequest;
|
|||
import org.apache.commons.codec.binary.Hex;
|
||||
|
||||
import edu.cornell.mannlib.vedit.beans.LoginStatusBean.AuthenticationSource;
|
||||
import edu.cornell.mannlib.vitro.webapp.beans.User;
|
||||
import edu.cornell.mannlib.vitro.webapp.beans.UserAccount;
|
||||
|
||||
/**
|
||||
* The tool that a login process will use to interface with the user records in
|
||||
|
|
@ -55,37 +55,40 @@ public abstract class Authenticator {
|
|||
public static final int PRIVILEGED_TIMEOUT_INTERVAL = 32000;
|
||||
|
||||
/**
|
||||
* Does a user by this name exist?
|
||||
* Get the UserAccount for this external ID, or null if there is none.
|
||||
*/
|
||||
public abstract boolean isExistingUser(String username);
|
||||
public abstract UserAccount getAccountForExternalAuth(String externalAuthId);
|
||||
|
||||
/**
|
||||
* Does a user by this name have this password?
|
||||
* Get the UserAccount for this email address, or null if there is none.
|
||||
*/
|
||||
public abstract boolean isCurrentPassword(String username,
|
||||
public abstract UserAccount getAccountForInternalAuth(String emailAddress);
|
||||
|
||||
/**
|
||||
* Internal: does this UserAccount have this password? False if the
|
||||
* userAccount is null.
|
||||
*/
|
||||
public abstract boolean isCurrentPassword(UserAccount userAccount,
|
||||
String clearTextPassword);
|
||||
|
||||
/**
|
||||
* Get the user with this name, or null if no such user exists.
|
||||
* Internal: record a new password for the user. Takes no action if the
|
||||
* userAccount is null.
|
||||
*/
|
||||
public abstract User getUserByUsername(String username);
|
||||
public abstract void recordNewPassword(UserAccount userAccount,
|
||||
String newClearTextPassword);
|
||||
|
||||
/**
|
||||
* Is a change in name or email required when the user logs in?
|
||||
*/
|
||||
public abstract boolean accountRequiresEditing(UserAccount userAccount);
|
||||
|
||||
/**
|
||||
* Get the URIs of all individuals associated with this user, whether by a
|
||||
* self-editing property like cornellEmailNetid, or by mayEditAs.
|
||||
*/
|
||||
public abstract List<String> getAssociatedIndividualUris(String username);
|
||||
|
||||
/**
|
||||
* Is a password change needed when the user logs in?
|
||||
*/
|
||||
public abstract boolean isPasswordChangeRequired(String username);
|
||||
|
||||
/**
|
||||
* Record a new password for the user.
|
||||
*/
|
||||
public abstract void recordNewPassword(String username,
|
||||
String newClearTextPassword);
|
||||
public abstract List<String> getAssociatedIndividualUris(
|
||||
UserAccount userAccount);
|
||||
|
||||
/**
|
||||
* <pre>
|
||||
|
|
@ -97,7 +100,7 @@ public abstract class Authenticator {
|
|||
* - notify other users of the model
|
||||
* </pre>
|
||||
*/
|
||||
public abstract void recordLoginAgainstUserAccount(String username,
|
||||
public abstract void recordLoginAgainstUserAccount(UserAccount userAccount,
|
||||
AuthenticationSource authSource);
|
||||
|
||||
/**
|
||||
|
|
@ -106,9 +109,10 @@ public abstract class Authenticator {
|
|||
* info, so no internal user account.
|
||||
* - this involves everything except updating the user record.
|
||||
* </pre>
|
||||
*
|
||||
* TODO JB This goes away.
|
||||
*/
|
||||
public abstract void recordLoginWithoutUserAccount(String username,
|
||||
String individualUri, AuthenticationSource authSource);
|
||||
public abstract void recordLoginWithoutUserAccount(String individualUri);
|
||||
|
||||
/**
|
||||
* <pre>
|
||||
|
|
@ -140,4 +144,8 @@ public abstract class Authenticator {
|
|||
}
|
||||
}
|
||||
|
||||
public static boolean isValidEmailAddress(String emailAddress) {
|
||||
// TODO check for valid syntax.
|
||||
return (emailAddress != null) && (!emailAddress.isEmpty());
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -4,7 +4,6 @@ package edu.cornell.mannlib.vitro.webapp.controller.authenticate;
|
|||
|
||||
import java.util.ArrayList;
|
||||
import java.util.Collections;
|
||||
import java.util.Date;
|
||||
import java.util.List;
|
||||
import java.util.Map;
|
||||
|
||||
|
|
@ -19,10 +18,10 @@ import edu.cornell.mannlib.vedit.beans.LoginStatusBean;
|
|||
import edu.cornell.mannlib.vedit.beans.LoginStatusBean.AuthenticationSource;
|
||||
import edu.cornell.mannlib.vitro.webapp.beans.BaseResourceBean.RoleLevel;
|
||||
import edu.cornell.mannlib.vitro.webapp.beans.SelfEditingConfiguration;
|
||||
import edu.cornell.mannlib.vitro.webapp.beans.User;
|
||||
import edu.cornell.mannlib.vitro.webapp.beans.UserAccount;
|
||||
import edu.cornell.mannlib.vitro.webapp.controller.edit.Authenticate;
|
||||
import edu.cornell.mannlib.vitro.webapp.dao.IndividualDao;
|
||||
import edu.cornell.mannlib.vitro.webapp.dao.UserDao;
|
||||
import edu.cornell.mannlib.vitro.webapp.dao.UserAccountsDao;
|
||||
import edu.cornell.mannlib.vitro.webapp.dao.WebappDaoFactory;
|
||||
import edu.cornell.mannlib.vitro.webapp.dao.jena.LoginEvent;
|
||||
import edu.cornell.mannlib.vitro.webapp.dao.jena.LogoutEvent;
|
||||
|
|
@ -40,75 +39,98 @@ public class BasicAuthenticator extends Authenticator {
|
|||
}
|
||||
|
||||
@Override
|
||||
public boolean isExistingUser(String username) {
|
||||
return getUserByUsername(username) != null;
|
||||
}
|
||||
|
||||
@Override
|
||||
public User getUserByUsername(String username) {
|
||||
UserDao userDao = getUserDao();
|
||||
if (userDao == null) {
|
||||
public UserAccount getAccountForInternalAuth(String emailAddress) {
|
||||
UserAccountsDao userAccountsDao = getUserAccountsDao();
|
||||
if (userAccountsDao == null) {
|
||||
return null;
|
||||
}
|
||||
return userDao.getUserByUsername(username);
|
||||
return userAccountsDao.getUserAccountByEmail(emailAddress);
|
||||
}
|
||||
|
||||
@Override
|
||||
public UserAccount getAccountForExternalAuth(String externalAuthId) {
|
||||
UserAccountsDao userAccountsDao = getUserAccountsDao();
|
||||
if (userAccountsDao == null) {
|
||||
return null;
|
||||
}
|
||||
return userAccountsDao.getUserAccountByExternalAuthId(externalAuthId);
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean isCurrentPassword(String username, String clearTextPassword) {
|
||||
User user = getUserDao().getUserByUsername(username);
|
||||
if (user == null) {
|
||||
log.trace("Checking password '" + clearTextPassword
|
||||
+ "' for user '" + username + "', but user doesn't exist.");
|
||||
public boolean isCurrentPassword(UserAccount userAccount,
|
||||
String clearTextPassword) {
|
||||
if (userAccount == null) {
|
||||
return false;
|
||||
}
|
||||
|
||||
String md5NewPassword = applyMd5Encoding(clearTextPassword);
|
||||
return md5NewPassword.equals(user.getMd5password());
|
||||
if (clearTextPassword == null) {
|
||||
return false;
|
||||
}
|
||||
String encodedPassword = applyMd5Encoding(clearTextPassword);
|
||||
return encodedPassword.equals(userAccount.getMd5Password());
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean isPasswordChangeRequired(String username) {
|
||||
User user = getUserDao().getUserByUsername(username);
|
||||
if ((user != null) && (user.getLoginCount() == 0)) {
|
||||
public void recordNewPassword(UserAccount userAccount,
|
||||
String newClearTextPassword) {
|
||||
if (userAccount == null) {
|
||||
log.error("Trying to change password on null user.");
|
||||
return;
|
||||
}
|
||||
userAccount.setMd5Password(applyMd5Encoding(newClearTextPassword));
|
||||
userAccount.setPasswordChangeRequired(false);
|
||||
userAccount.setPasswordLinkExpires(0L);
|
||||
getUserAccountsDao().updateUserAccount(userAccount);
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean accountRequiresEditing(UserAccount userAccount) {
|
||||
if (userAccount == null) {
|
||||
log.error("Trying to check for valid fields on a null user.");
|
||||
return false;
|
||||
}
|
||||
if (userAccount.getFirstName().isEmpty()) {
|
||||
return true;
|
||||
} else {
|
||||
return false;
|
||||
}
|
||||
if (userAccount.getLastName().isEmpty()) {
|
||||
return true;
|
||||
}
|
||||
if (userAccount.getEmailAddress().isEmpty()) {
|
||||
return true;
|
||||
}
|
||||
if (!isValidEmailAddress(userAccount.getEmailAddress())) {
|
||||
return true;
|
||||
}
|
||||
return false;
|
||||
}
|
||||
|
||||
|
||||
@Override
|
||||
public List<String> getAssociatedIndividualUris(UserAccount userAccount) {
|
||||
List<String> uris = new ArrayList<String>();
|
||||
if (userAccount == null) {
|
||||
return uris;
|
||||
}
|
||||
uris.addAll(getUrisAssociatedBySelfEditorConfig(userAccount));
|
||||
return uris;
|
||||
}
|
||||
|
||||
@Override
|
||||
public void recordNewPassword(String username, String newClearTextPassword) {
|
||||
User user = getUserByUsername(username);
|
||||
if (user == null) {
|
||||
log.error("Trying to change password on non-existent user: "
|
||||
+ username);
|
||||
return;
|
||||
}
|
||||
user.setOldPassword(user.getMd5password());
|
||||
user.setMd5password(applyMd5Encoding(newClearTextPassword));
|
||||
getUserDao().updateUser(user);
|
||||
}
|
||||
|
||||
@Override
|
||||
public void recordLoginAgainstUserAccount(String username,
|
||||
public void recordLoginAgainstUserAccount(UserAccount userAccount,
|
||||
AuthenticationSource authSource) {
|
||||
User user = getUserByUsername(username);
|
||||
if (user == null) {
|
||||
log.error("Trying to record the login of a non-existent user: "
|
||||
+ username);
|
||||
if (userAccount == null) {
|
||||
log.error("Trying to record the login of a null user. ");
|
||||
return;
|
||||
}
|
||||
|
||||
recordLoginOnUserRecord(user);
|
||||
|
||||
String userUri = user.getURI();
|
||||
recordLoginWithOrWithoutUserAccount(userUri, authSource);
|
||||
recordLoginOnUserRecord(userAccount);
|
||||
recordLoginWithOrWithoutUserAccount(userAccount.getUri(), authSource);
|
||||
}
|
||||
|
||||
// TODO JB This goes away.
|
||||
@Override
|
||||
public void recordLoginWithoutUserAccount(String username,
|
||||
String individualUri, AuthenticationSource authSource) {
|
||||
recordLoginWithOrWithoutUserAccount(individualUri, authSource);
|
||||
public void recordLoginWithoutUserAccount(String individualUri) {
|
||||
recordLoginWithOrWithoutUserAccount(individualUri,
|
||||
AuthenticationSource.EXTERNAL);
|
||||
}
|
||||
|
||||
/** This much is in common on login, whether or not you have a user account. */
|
||||
|
|
@ -124,12 +146,9 @@ public class BasicAuthenticator extends Authenticator {
|
|||
/**
|
||||
* Update the user record to record the login.
|
||||
*/
|
||||
private void recordLoginOnUserRecord(User user) {
|
||||
user.setLoginCount(user.getLoginCount() + 1);
|
||||
if (user.getFirstTime() == null) { // first login
|
||||
user.setFirstTime(new Date());
|
||||
}
|
||||
getUserDao().updateUser(user);
|
||||
private void recordLoginOnUserRecord(UserAccount userAccount) {
|
||||
userAccount.setLoginCount(userAccount.getLoginCount() + 1);
|
||||
getUserAccountsDao().updateUserAccount(userAccount);
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
@ -175,16 +194,8 @@ public class BasicAuthenticator extends Authenticator {
|
|||
session.getServletContext(), session);
|
||||
}
|
||||
|
||||
@Override
|
||||
public List<String> getAssociatedIndividualUris(String username) {
|
||||
List<String> uris = new ArrayList<String>();
|
||||
uris.addAll(getUrisAssociatedBySelfEditorConfig(username));
|
||||
uris.addAll(getUrisAssociatedByMayEditAs(username));
|
||||
return uris;
|
||||
}
|
||||
|
||||
private List<String> getUrisAssociatedBySelfEditorConfig(String username) {
|
||||
if (username == null) {
|
||||
private List<String> getUrisAssociatedBySelfEditorConfig(UserAccount user) {
|
||||
if (user == null) {
|
||||
return Collections.emptyList();
|
||||
}
|
||||
|
||||
|
|
@ -194,7 +205,7 @@ public class BasicAuthenticator extends Authenticator {
|
|||
}
|
||||
|
||||
String selfEditorUri = SelfEditingConfiguration.getBean(request)
|
||||
.getIndividualUriFromUsername(iDao, username);
|
||||
.getIndividualUriFromUsername(iDao, user.getExternalAuthId());
|
||||
if (selfEditorUri == null) {
|
||||
return Collections.emptyList();
|
||||
} else {
|
||||
|
|
@ -202,29 +213,6 @@ public class BasicAuthenticator extends Authenticator {
|
|||
}
|
||||
}
|
||||
|
||||
private List<String> getUrisAssociatedByMayEditAs(String username) {
|
||||
if (username == null) {
|
||||
return Collections.emptyList();
|
||||
}
|
||||
|
||||
UserDao userDao = getUserDao();
|
||||
if (userDao == null) {
|
||||
return Collections.emptyList();
|
||||
}
|
||||
|
||||
User user = userDao.getUserByUsername(username);
|
||||
if (user == null) {
|
||||
return Collections.emptyList();
|
||||
}
|
||||
|
||||
String userUri = user.getURI();
|
||||
if (userUri == null) {
|
||||
return Collections.emptyList();
|
||||
}
|
||||
|
||||
return userDao.getIndividualsUserMayEditAs(userUri);
|
||||
}
|
||||
|
||||
@Override
|
||||
public void recordUserIsLoggedOut() {
|
||||
HttpSession session = request.getSession();
|
||||
|
|
@ -233,44 +221,32 @@ public class BasicAuthenticator extends Authenticator {
|
|||
}
|
||||
|
||||
private void notifyOtherUsersOfLogout(HttpSession session) {
|
||||
LoginStatusBean loginBean = LoginStatusBean.getBean(session);
|
||||
if (!loginBean.isLoggedIn()) {
|
||||
String userUri = LoginStatusBean.getBean(session).getUserURI();
|
||||
if ((userUri == null) || userUri.isEmpty()) {
|
||||
return;
|
||||
}
|
||||
|
||||
UserDao userDao = getUserDao();
|
||||
if (userDao == null) {
|
||||
return;
|
||||
}
|
||||
|
||||
String userUri = loginBean.getUserURI();
|
||||
User user = userDao.getUserByURI(userUri);
|
||||
if (user == null) {
|
||||
log.error("Unable to retrieve user " + userUri + " from model");
|
||||
return;
|
||||
}
|
||||
|
||||
Authenticate.sendLoginNotifyEvent(new LogoutEvent(user.getURI()),
|
||||
Authenticate.sendLoginNotifyEvent(new LogoutEvent(userUri),
|
||||
session.getServletContext(), session);
|
||||
}
|
||||
|
||||
/**
|
||||
* Get a reference to the UserDao, or null.
|
||||
* Get a reference to the UserAccountsDao, or null.
|
||||
*/
|
||||
private UserDao getUserDao() {
|
||||
private UserAccountsDao getUserAccountsDao() {
|
||||
WebappDaoFactory wadf = getWebappDaoFactory();
|
||||
if (wadf == null) {
|
||||
return null;
|
||||
}
|
||||
|
||||
UserDao userDao = wadf.getUserDao();
|
||||
if (userDao == null) {
|
||||
log.error("getUserDao: no UserDao");
|
||||
|
||||
UserAccountsDao userAccountsDao = wadf.getUserAccountsDao();
|
||||
if (userAccountsDao == null) {
|
||||
log.error("getUserAccountsDao: no UserAccountsDao");
|
||||
}
|
||||
|
||||
return userDao;
|
||||
|
||||
return userAccountsDao;
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* Get a reference to the IndividualDao, or null.
|
||||
*/
|
||||
|
|
|
|||
|
|
@ -15,6 +15,7 @@ import org.apache.commons.logging.Log;
|
|||
import org.apache.commons.logging.LogFactory;
|
||||
|
||||
import edu.cornell.mannlib.vedit.beans.LoginStatusBean.AuthenticationSource;
|
||||
import edu.cornell.mannlib.vitro.webapp.beans.UserAccount;
|
||||
|
||||
/**
|
||||
* Handle the return from the external authorization login server. If we are
|
||||
|
|
@ -40,36 +41,44 @@ public class LoginExternalAuthReturn extends BaseLoginServlet {
|
|||
@Override
|
||||
protected void doPost(HttpServletRequest req, HttpServletResponse resp)
|
||||
throws ServletException, IOException {
|
||||
String username = ExternalAuthHelper.getHelper(req).getExternalAuthId(
|
||||
req);
|
||||
List<String> associatedUris = getAuthenticator(req)
|
||||
.getAssociatedIndividualUris(username);
|
||||
|
||||
if (username == null) {
|
||||
log.debug("No username.");
|
||||
String externalAuthId = ExternalAuthHelper.getHelper(req)
|
||||
.getExternalAuthId(req);
|
||||
if (externalAuthId == null) {
|
||||
log.debug("No externalAuthId.");
|
||||
complainAndReturnToReferrer(req, resp, ATTRIBUTE_REFERRER,
|
||||
MESSAGE_LOGIN_FAILED);
|
||||
} else if (getAuthenticator(req).isExistingUser(username)) {
|
||||
log.debug("Logging in as " + username);
|
||||
getAuthenticator(req).recordLoginAgainstUserAccount(username,
|
||||
return;
|
||||
}
|
||||
|
||||
UserAccount userAccount = getAuthenticator(req)
|
||||
.getAccountForExternalAuth(externalAuthId);
|
||||
if (userAccount != null) {
|
||||
log.debug("Logging in as " + userAccount.getUri());
|
||||
getAuthenticator(req).recordLoginAgainstUserAccount(userAccount,
|
||||
AuthenticationSource.EXTERNAL);
|
||||
removeLoginProcessArtifacts(req);
|
||||
new LoginRedirector(req, resp).redirectLoggedInUser();
|
||||
} else if (!associatedUris.isEmpty()) {
|
||||
log.debug("Recognize '" + username + "' as self-editor for "
|
||||
return;
|
||||
}
|
||||
|
||||
List<String> associatedUris = getAuthenticator(req)
|
||||
.getAssociatedIndividualUris(userAccount);
|
||||
// TODO JB - this case should lead to creating a new account.
|
||||
if (!associatedUris.isEmpty()) {
|
||||
log.debug("Recognize '" + externalAuthId + "' as self-editor for "
|
||||
+ associatedUris);
|
||||
String uri = associatedUris.get(0);
|
||||
|
||||
getAuthenticator(req).recordLoginWithoutUserAccount(username, uri,
|
||||
AuthenticationSource.EXTERNAL);
|
||||
getAuthenticator(req).recordLoginWithoutUserAccount(uri);
|
||||
removeLoginProcessArtifacts(req);
|
||||
new LoginRedirector(req, resp).redirectLoggedInUser();
|
||||
} else {
|
||||
log.debug("User is not recognized: " + username);
|
||||
removeLoginProcessArtifacts(req);
|
||||
new LoginRedirector(req, resp)
|
||||
.redirectUnrecognizedExternalUser(username);
|
||||
return;
|
||||
}
|
||||
|
||||
log.debug("User is not recognized: " + externalAuthId);
|
||||
removeLoginProcessArtifacts(req);
|
||||
new LoginRedirector(req, resp)
|
||||
.redirectUnrecognizedExternalUser(externalAuthId);
|
||||
}
|
||||
|
||||
private void removeLoginProcessArtifacts(HttpServletRequest req) {
|
||||
|
|
|
|||
|
|
@ -18,10 +18,9 @@ import org.apache.commons.logging.LogFactory;
|
|||
import edu.cornell.mannlib.vedit.beans.LoginStatusBean;
|
||||
import edu.cornell.mannlib.vitro.webapp.beans.BaseResourceBean.RoleLevel;
|
||||
import edu.cornell.mannlib.vitro.webapp.beans.DisplayMessage;
|
||||
import edu.cornell.mannlib.vitro.webapp.beans.User;
|
||||
import edu.cornell.mannlib.vitro.webapp.beans.UserAccount;
|
||||
import edu.cornell.mannlib.vitro.webapp.controller.Controllers;
|
||||
import edu.cornell.mannlib.vitro.webapp.controller.login.LoginProcessBean;
|
||||
import freemarker.template.utility.StringUtil;
|
||||
|
||||
/**
|
||||
* A user has just completed the login process. What page do we direct them to?
|
||||
|
|
@ -51,23 +50,22 @@ public class LoginRedirector {
|
|||
|
||||
/** Is there an Individual associated with this user? */
|
||||
private String getAssociatedIndividualUri() {
|
||||
User user = LoginStatusBean.getCurrentUser(request);
|
||||
if (user == null) {
|
||||
log.warn("Not logged in? How did we get here?");
|
||||
UserAccount userAccount = LoginStatusBean.getCurrentUser(request);
|
||||
if (userAccount == null) {
|
||||
log.debug("Not logged in? Must be cancelling the password change");
|
||||
return null;
|
||||
}
|
||||
String username = user.getUsername();
|
||||
|
||||
List<String> uris = Authenticator.getInstance(request)
|
||||
.getAssociatedIndividualUris(username);
|
||||
.getAssociatedIndividualUris(userAccount);
|
||||
if (uris.isEmpty()) {
|
||||
log.debug("'" + username
|
||||
log.debug("'" + userAccount.getEmailAddress()
|
||||
+ "' is not associated with an individual.");
|
||||
return null;
|
||||
} else {
|
||||
String uri = uris.get(0);
|
||||
log.debug("'" + username + "' is associated with an individual: "
|
||||
+ uri);
|
||||
log.debug("'" + userAccount.getEmailAddress()
|
||||
+ "' is associated with an individual: " + uri);
|
||||
return uri;
|
||||
}
|
||||
}
|
||||
|
|
@ -111,13 +109,13 @@ public class LoginRedirector {
|
|||
String backString = "";
|
||||
String greeting = "";
|
||||
|
||||
User user = LoginStatusBean.getCurrentUser(request);
|
||||
if (user != null) {
|
||||
greeting = user.getUsername();
|
||||
if (user.getLoginCount() > 1) {
|
||||
UserAccount userAccount = LoginStatusBean.getCurrentUser(request);
|
||||
if (userAccount != null) {
|
||||
greeting = userAccount.getEmailAddress();
|
||||
if (userAccount.getLoginCount() > 1) {
|
||||
backString = " back";
|
||||
}
|
||||
String name = user.getFirstName();
|
||||
String name = userAccount.getFirstName();
|
||||
if (!StringUtils.isEmpty(name)) {
|
||||
greeting = name;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -14,13 +14,18 @@ import javax.servlet.http.HttpServlet;
|
|||
import javax.servlet.http.HttpServletRequest;
|
||||
import javax.servlet.http.HttpServletResponse;
|
||||
|
||||
import edu.cornell.mannlib.vitro.webapp.beans.User;
|
||||
import org.apache.commons.logging.Log;
|
||||
import org.apache.commons.logging.LogFactory;
|
||||
|
||||
import edu.cornell.mannlib.vitro.webapp.beans.UserAccount;
|
||||
|
||||
/**
|
||||
* Provide a means for programmatic login If they provide the right parameters,
|
||||
* log them in and send 200. Otherwise, send 403 error.
|
||||
*/
|
||||
public class ProgramLogin extends HttpServlet {
|
||||
private static final Log log = LogFactory.getLog(ProgramLogin.class);
|
||||
|
||||
@Override
|
||||
protected void doGet(HttpServletRequest req, HttpServletResponse resp)
|
||||
throws ServletException, IOException {
|
||||
|
|
@ -34,16 +39,16 @@ public class ProgramLogin extends HttpServlet {
|
|||
}
|
||||
|
||||
static class ProgramLoginCore {
|
||||
public static final String PARAM_USERNAME = "username";
|
||||
public static final String PARAM_EMAIL_ADDRESS = "email";
|
||||
public static final String PARAM_PASSWORD = "password";
|
||||
public static final String PARAM_NEW_PASSWORD = "newPassword";
|
||||
public static final int ERROR_CODE = 403;
|
||||
|
||||
private static final String MESSAGE_NEED_USERNAME = PARAM_USERNAME
|
||||
private static final String MESSAGE_NEED_EMAIL_ADDRESS = PARAM_EMAIL_ADDRESS
|
||||
+ " parameter is required.";
|
||||
private static final String MESSAGE_NEED_PASSWORD = PARAM_PASSWORD
|
||||
+ " parameter is required.";
|
||||
private static final String MESSAGE_WRONG_USER_OR_PASSWORD = PARAM_USERNAME
|
||||
private static final String MESSAGE_WRONG_USER_OR_PASSWORD = PARAM_EMAIL_ADDRESS
|
||||
+ " or " + PARAM_PASSWORD + " is incorrect.";
|
||||
private static final String MESSAGE_NEED_NEW_PASSWORD = "first-time login: "
|
||||
+ PARAM_NEW_PASSWORD + " parameter is required.";
|
||||
|
|
@ -63,24 +68,31 @@ public class ProgramLogin extends HttpServlet {
|
|||
private final HttpServletResponse resp;
|
||||
private final Authenticator auth;
|
||||
|
||||
private final String username;
|
||||
private final String emailAddress;
|
||||
private final String password;
|
||||
private final String newPassword;
|
||||
private final UserAccount userAccount;
|
||||
|
||||
ProgramLoginCore(HttpServletRequest req, HttpServletResponse resp) {
|
||||
this.req = req;
|
||||
this.resp = resp;
|
||||
|
||||
this.username = getParameter(PARAM_USERNAME);
|
||||
this.emailAddress = getParameter(PARAM_EMAIL_ADDRESS);
|
||||
this.password = getParameter(PARAM_PASSWORD);
|
||||
this.newPassword = getParameter(PARAM_NEW_PASSWORD);
|
||||
|
||||
log.debug("request: email='" + emailAddress + "', password='"
|
||||
+ password + "', newPassword='" + newPassword + "'");
|
||||
|
||||
this.auth = Authenticator.getInstance(req);
|
||||
|
||||
this.userAccount = auth
|
||||
.getAccountForInternalAuth(this.emailAddress);
|
||||
}
|
||||
|
||||
void process() throws IOException {
|
||||
if (username.isEmpty()) {
|
||||
sendError(MESSAGE_NEED_USERNAME);
|
||||
if (emailAddress.isEmpty()) {
|
||||
sendError(MESSAGE_NEED_EMAIL_ADDRESS);
|
||||
return;
|
||||
}
|
||||
if (password.isEmpty()) {
|
||||
|
|
@ -92,9 +104,7 @@ public class ProgramLogin extends HttpServlet {
|
|||
return;
|
||||
}
|
||||
|
||||
boolean passwordChangeRequired = isFirstTimeLogin();
|
||||
|
||||
if (!passwordChangeRequired) {
|
||||
if (!isPasswordChangeRequired()) {
|
||||
if (!newPassword.isEmpty()) {
|
||||
sendError(MESSAGE_NEW_PASSWORD_NOT_NEEDED);
|
||||
return;
|
||||
|
|
@ -104,7 +114,7 @@ public class ProgramLogin extends HttpServlet {
|
|||
return;
|
||||
}
|
||||
|
||||
if (passwordChangeRequired) {
|
||||
if (isPasswordChangeRequired()) {
|
||||
if (newPassword.isEmpty()) {
|
||||
sendError(MESSAGE_NEED_NEW_PASSWORD);
|
||||
return;
|
||||
|
|
@ -134,8 +144,7 @@ public class ProgramLogin extends HttpServlet {
|
|||
}
|
||||
|
||||
private boolean usernameAndPasswordAreValid() {
|
||||
return auth.isExistingUser(username)
|
||||
&& auth.isCurrentPassword(username, password);
|
||||
return auth.isCurrentPassword(userAccount, password);
|
||||
}
|
||||
|
||||
private boolean newPasswordIsValidPasswordLength() {
|
||||
|
|
@ -147,18 +156,17 @@ public class ProgramLogin extends HttpServlet {
|
|||
return newPassword.equals(password);
|
||||
}
|
||||
|
||||
private boolean isFirstTimeLogin() {
|
||||
User user = auth.getUserByUsername(username);
|
||||
return (user.getLoginCount() == 0);
|
||||
private boolean isPasswordChangeRequired() {
|
||||
return (userAccount.isPasswordChangeRequired());
|
||||
}
|
||||
|
||||
private void recordLogin() {
|
||||
auth.recordLoginAgainstUserAccount(username, INTERNAL);
|
||||
auth.recordLoginAgainstUserAccount(userAccount, INTERNAL);
|
||||
}
|
||||
|
||||
private void recordLoginWithPasswordChange() {
|
||||
auth.recordNewPassword(username, newPassword);
|
||||
auth.recordLoginAgainstUserAccount(username, INTERNAL);
|
||||
auth.recordNewPassword(userAccount, newPassword);
|
||||
auth.recordLoginAgainstUserAccount(userAccount, INTERNAL);
|
||||
}
|
||||
|
||||
private void sendError(String message) throws IOException {
|
||||
|
|
|
|||
|
|
@ -28,7 +28,7 @@ import com.hp.hpl.jena.ontology.OntModel;
|
|||
|
||||
import edu.cornell.mannlib.vedit.beans.LoginStatusBean;
|
||||
import edu.cornell.mannlib.vedit.beans.LoginStatusBean.AuthenticationSource;
|
||||
import edu.cornell.mannlib.vitro.webapp.beans.User;
|
||||
import edu.cornell.mannlib.vitro.webapp.beans.UserAccount;
|
||||
import edu.cornell.mannlib.vitro.webapp.controller.Controllers;
|
||||
import edu.cornell.mannlib.vitro.webapp.controller.VitroHttpServlet;
|
||||
import edu.cornell.mannlib.vitro.webapp.controller.VitroRequest;
|
||||
|
|
@ -313,8 +313,9 @@ public class Authenticate extends VitroHttpServlet {
|
|||
|
||||
bean.setUsername(username);
|
||||
|
||||
User user = getAuthenticator(request).getUserByUsername(username);
|
||||
log.trace("User is " + (user == null ? "null" : user.getURI()));
|
||||
UserAccount user = getAuthenticator(request).getAccountForInternalAuth(
|
||||
username);
|
||||
log.trace("User is " + (user == null ? "null" : user.getUri()));
|
||||
|
||||
if (user == null) {
|
||||
bean.setMessage(Message.UNKNOWN_USERNAME, username);
|
||||
|
|
@ -326,16 +327,16 @@ public class Authenticate extends VitroHttpServlet {
|
|||
return;
|
||||
}
|
||||
|
||||
if (!getAuthenticator(request).isCurrentPassword(username, password)) {
|
||||
if (!getAuthenticator(request).isCurrentPassword(user, password)) {
|
||||
bean.setMessage(Message.INCORRECT_PASSWORD);
|
||||
return;
|
||||
}
|
||||
|
||||
// Username and password are correct. What next?
|
||||
if (isFirstTimeLogin(user)) {
|
||||
if (user.isPasswordChangeRequired()) {
|
||||
transitionToForcedPasswordChange(request);
|
||||
} else {
|
||||
transitionToLoggedIn(request, username);
|
||||
transitionToLoggedIn(request, user);
|
||||
}
|
||||
}
|
||||
|
||||
|
|
@ -383,13 +384,15 @@ public class Authenticate extends VitroHttpServlet {
|
|||
|
||||
String username = bean.getUsername();
|
||||
|
||||
if (getAuthenticator(request).isCurrentPassword(username, newPassword)) {
|
||||
UserAccount user = getAuthenticator(request).getAccountForInternalAuth(
|
||||
username);
|
||||
if (getAuthenticator(request).isCurrentPassword(user, newPassword)) {
|
||||
bean.setMessage(Message.USING_OLD_PASSWORD);
|
||||
return;
|
||||
}
|
||||
|
||||
// New password is acceptable. Store it and go on.
|
||||
transitionToLoggedIn(request, username, newPassword);
|
||||
transitionToLoggedIn(request, user, newPassword);
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
@ -400,17 +403,6 @@ public class Authenticate extends VitroHttpServlet {
|
|||
// Nothing to do. No transition.
|
||||
}
|
||||
|
||||
/**
|
||||
* Has this user ever logged in before?
|
||||
*/
|
||||
private boolean isFirstTimeLogin(User user) {
|
||||
if (user.getLoginCount() == 0) {
|
||||
return true;
|
||||
} else {
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* State change: they are starting the login process.
|
||||
*/
|
||||
|
|
@ -432,9 +424,9 @@ public class Authenticate extends VitroHttpServlet {
|
|||
* State change: all requirements are satisfied. Log them in.
|
||||
*/
|
||||
private void transitionToLoggedIn(HttpServletRequest request,
|
||||
String username) {
|
||||
log.debug("Completed login: " + username);
|
||||
getAuthenticator(request).recordLoginAgainstUserAccount(username,
|
||||
UserAccount user) {
|
||||
log.debug("Completed login: " + user.getEmailAddress());
|
||||
getAuthenticator(request).recordLoginAgainstUserAccount(user,
|
||||
AuthenticationSource.INTERNAL);
|
||||
}
|
||||
|
||||
|
|
@ -443,10 +435,11 @@ public class Authenticate extends VitroHttpServlet {
|
|||
* log them in.
|
||||
*/
|
||||
private void transitionToLoggedIn(HttpServletRequest request,
|
||||
String username, String newPassword) {
|
||||
log.debug("Completed login: " + username + ", password changed.");
|
||||
getAuthenticator(request).recordNewPassword(username, newPassword);
|
||||
getAuthenticator(request).recordLoginAgainstUserAccount(username,
|
||||
UserAccount user, String newPassword) {
|
||||
log.debug("Completed login: " + user.getEmailAddress()
|
||||
+ ", password changed.");
|
||||
getAuthenticator(request).recordNewPassword(user, newPassword);
|
||||
getAuthenticator(request).recordLoginAgainstUserAccount(user,
|
||||
AuthenticationSource.INTERNAL);
|
||||
}
|
||||
|
||||
|
|
@ -478,7 +471,7 @@ public class Authenticate extends VitroHttpServlet {
|
|||
log.debug("logging in.");
|
||||
|
||||
LoginInProcessFlag.set(vreq);
|
||||
|
||||
|
||||
String loginProcessPage = LoginProcessBean.getBean(vreq)
|
||||
.getLoginPageUrl();
|
||||
response.sendRedirect(loginProcessPage);
|
||||
|
|
|
|||
|
|
@ -28,6 +28,13 @@ public interface UserAccountsDao {
|
|||
*/
|
||||
UserAccount getUserAccountByEmail(String emailAddress);
|
||||
|
||||
/**
|
||||
* Get the UserAccount for this External Authentication ID
|
||||
*
|
||||
* @return null if the ID is null, or if there is no such UserAccount
|
||||
*/
|
||||
UserAccount getUserAccountByExternalAuthId(String externalAuthId);
|
||||
|
||||
/**
|
||||
* Create a new UserAccount in the model.
|
||||
*
|
||||
|
|
|
|||
|
|
@ -37,6 +37,11 @@ public class UserAccountsDaoFiltering extends BaseFiltering implements
|
|||
return innerDao.getUserAccountByEmail(emailAddress);
|
||||
}
|
||||
|
||||
@Override
|
||||
public UserAccount getUserAccountByExternalAuthId(String externalAuthId) {
|
||||
return innerDao.getUserAccountByExternalAuthId(externalAuthId);
|
||||
}
|
||||
|
||||
@Override
|
||||
public String insertUserAccount(UserAccount userAccount) {
|
||||
return innerDao.insertUserAccount(userAccount);
|
||||
|
|
@ -61,4 +66,5 @@ public class UserAccountsDaoFiltering extends BaseFiltering implements
|
|||
public Collection<PermissionSet> getAllPermissionSets() {
|
||||
return innerDao.getAllPermissionSets();
|
||||
}
|
||||
|
||||
}
|
||||
|
|
@ -103,6 +103,30 @@ public class UserAccountsDaoJena extends JenaBaseDao implements UserAccountsDao
|
|||
return getUserAccountByUri(userUri);
|
||||
}
|
||||
|
||||
@Override
|
||||
public UserAccount getUserAccountByExternalAuthId(String externalAuthId) {
|
||||
if (externalAuthId == null) {
|
||||
return null;
|
||||
}
|
||||
|
||||
String userUri = null;
|
||||
|
||||
getOntModel().enterCriticalSection(Lock.READ);
|
||||
try {
|
||||
StmtIterator stmts = getOntModel().listStatements(null,
|
||||
USERACCOUNT_EXTERNAL_AUTH_ID,
|
||||
getOntModel().createLiteral(externalAuthId));
|
||||
if (stmts.hasNext()) {
|
||||
userUri = stmts.next().getSubject().getURI();
|
||||
}
|
||||
stmts.close();
|
||||
} finally {
|
||||
getOntModel().leaveCriticalSection();
|
||||
}
|
||||
|
||||
return getUserAccountByUri(userUri);
|
||||
}
|
||||
|
||||
@Override
|
||||
public String insertUserAccount(UserAccount userAccount) {
|
||||
if (userAccount == null) {
|
||||
|
|
@ -324,4 +348,5 @@ public class UserAccountsDaoJena extends JenaBaseDao implements UserAccountsDao
|
|||
return ps1.getUri().compareTo(ps2.getUri());
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
|||
|
|
@ -17,6 +17,7 @@ import javax.servlet.ServletContextListener;
|
|||
import org.apache.commons.logging.Log;
|
||||
import org.apache.commons.logging.LogFactory;
|
||||
|
||||
import edu.cornell.mannlib.vitro.webapp.auth.permissions.PermissionSetsLoader;
|
||||
import edu.cornell.mannlib.vitro.webapp.beans.User;
|
||||
import edu.cornell.mannlib.vitro.webapp.beans.UserAccount;
|
||||
import edu.cornell.mannlib.vitro.webapp.beans.UserAccount.Status;
|
||||
|
|
@ -32,11 +33,6 @@ import edu.cornell.mannlib.vitro.webapp.dao.WebappDaoFactory;
|
|||
public class UpdateUserAccounts implements ServletContextListener {
|
||||
private static final Log log = LogFactory.getLog(UpdateUserAccounts.class);
|
||||
|
||||
private static final String URI_PERMISSION_SET_SELF_EDITOR = "http://permissionSet-1";
|
||||
private static final String URI_PERMISSION_SET_EDITOR = "http://permissionSet-2";
|
||||
private static final String URI_PERMISSION_SET_CURATOR = "http://permissionSet-3";
|
||||
private static final String URI_PERMISSION_SET_DBA = "http://permissionSet-4";
|
||||
|
||||
@Override
|
||||
public void contextInitialized(ServletContextEvent sce) {
|
||||
ServletContext ctx = sce.getServletContext();
|
||||
|
|
@ -149,13 +145,13 @@ public class UpdateUserAccounts implements ServletContextListener {
|
|||
}
|
||||
|
||||
private Set<String> translateFromRoleUri(String roleUri) {
|
||||
String permissionSetUri = URI_PERMISSION_SET_SELF_EDITOR;
|
||||
String permissionSetUri = PermissionSetsLoader.URI_SELF_EDITOR;
|
||||
if ("4".equals(roleUri)) {
|
||||
permissionSetUri = URI_PERMISSION_SET_EDITOR;
|
||||
permissionSetUri = PermissionSetsLoader.URI_EDITOR;
|
||||
} else if ("5".equals(roleUri)) {
|
||||
permissionSetUri = URI_PERMISSION_SET_CURATOR;
|
||||
permissionSetUri = PermissionSetsLoader.URI_CURATOR;
|
||||
} else if ("50".equals(roleUri)) {
|
||||
permissionSetUri = URI_PERMISSION_SET_DBA;
|
||||
permissionSetUri = PermissionSetsLoader.URI_DBA;
|
||||
}
|
||||
return Collections.singleton(permissionSetUri);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -4,6 +4,7 @@ package edu.cornell.mannlib.vitro.webapp.web.templatemodels;
|
|||
|
||||
import edu.cornell.mannlib.vedit.beans.LoginStatusBean;
|
||||
import edu.cornell.mannlib.vitro.webapp.auth.policy.PolicyHelper;
|
||||
import edu.cornell.mannlib.vitro.webapp.beans.UserAccount;
|
||||
import edu.cornell.mannlib.vitro.webapp.controller.VitroRequest;
|
||||
import edu.cornell.mannlib.vitro.webapp.controller.freemarker.RevisionInfoController;
|
||||
import edu.cornell.mannlib.vitro.webapp.controller.freemarker.SiteAdminController;
|
||||
|
|
@ -11,8 +12,7 @@ import edu.cornell.mannlib.vitro.webapp.controller.freemarker.SiteAdminControlle
|
|||
public class User extends BaseTemplateModel {
|
||||
private final VitroRequest vreq;
|
||||
|
||||
// TODO JB Modify this to use UserAccount instead of User.
|
||||
private final edu.cornell.mannlib.vitro.webapp.beans.User currentUser;
|
||||
private final UserAccount currentUser;
|
||||
|
||||
public User(VitroRequest vreq) {
|
||||
this.vreq = vreq;
|
||||
|
|
@ -24,7 +24,7 @@ public class User extends BaseTemplateModel {
|
|||
}
|
||||
|
||||
public String getEmailAddress() {
|
||||
return (currentUser == null) ? "" : currentUser.getUsername();
|
||||
return (currentUser == null) ? "" : currentUser.getEmailAddress();
|
||||
}
|
||||
|
||||
public String getLoginName() {
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue