-
Notifications
You must be signed in to change notification settings - Fork 160
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
6 changed files
with
219 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
38 changes: 38 additions & 0 deletions
38
...pi/src/main/java/org/eclipse/kapua/service/authentication/user/PasswordChangeRequest.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,38 @@ | ||
/******************************************************************************* | ||
* Copyright (c) 2023, 2022 Eurotech and/or its affiliates and others | ||
* | ||
* This program and the accompanying materials are made | ||
* available under the terms of the Eclipse Public License 2.0 | ||
* which is available at https://www.eclipse.org/legal/epl-2.0/ | ||
* | ||
* SPDX-License-Identifier: EPL-2.0 | ||
* | ||
* Contributors: | ||
* Eurotech - initial API and implementation | ||
*******************************************************************************/ | ||
package org.eclipse.kapua.service.authentication.user; | ||
|
||
public class PasswordChangeRequest { | ||
private String oldPassword; | ||
private String newPassword; | ||
|
||
|
||
public String getOldPassword() { | ||
return oldPassword; | ||
} | ||
|
||
|
||
public void setOldPassword(String oldPassword) { | ||
this.oldPassword = oldPassword; | ||
} | ||
|
||
|
||
public String getNewPassword() { | ||
return newPassword; | ||
} | ||
|
||
|
||
public void setNewPassword(String newPassword) { | ||
this.newPassword = newPassword; | ||
} | ||
} |
27 changes: 27 additions & 0 deletions
27
...pi/src/main/java/org/eclipse/kapua/service/authentication/user/UserCredentialService.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,27 @@ | ||
/******************************************************************************* | ||
* Copyright (c) 2023, 2022 Eurotech and/or its affiliates and others | ||
* | ||
* This program and the accompanying materials are made | ||
* available under the terms of the Eclipse Public License 2.0 | ||
* which is available at https://www.eclipse.org/legal/epl-2.0/ | ||
* | ||
* SPDX-License-Identifier: EPL-2.0 | ||
* | ||
* Contributors: | ||
* Eurotech - initial API and implementation | ||
*******************************************************************************/ | ||
package org.eclipse.kapua.service.authentication.user; | ||
|
||
import org.eclipse.kapua.KapuaException; | ||
import org.eclipse.kapua.service.KapuaService; | ||
import org.eclipse.kapua.service.authentication.credential.Credential; | ||
|
||
/** | ||
* Credential service definition. | ||
* | ||
* @since 2.0.0 | ||
*/ | ||
public interface UserCredentialService extends KapuaService { | ||
|
||
Credential changePasswordRequest(PasswordChangeRequest passwordChangeRequest) throws KapuaException; | ||
} |
40 changes: 40 additions & 0 deletions
40
...main/java/org/eclipse/kapua/service/authentication/credential/shiro/KeyChangeRequest.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,40 @@ | ||
/******************************************************************************* | ||
* Copyright (c) 2023, 2022 Eurotech and/or its affiliates and others | ||
* | ||
* This program and the accompanying materials are made | ||
* available under the terms of the Eclipse Public License 2.0 | ||
* which is available at https://www.eclipse.org/legal/epl-2.0/ | ||
* | ||
* SPDX-License-Identifier: EPL-2.0 | ||
* | ||
* Contributors: | ||
* Eurotech - initial API and implementation | ||
*******************************************************************************/ | ||
package org.eclipse.kapua.service.authentication.credential.shiro; | ||
|
||
import org.eclipse.kapua.service.authentication.credential.Credential; | ||
|
||
public class KeyChangeRequest { | ||
private Credential credential; | ||
private String newCredentialKey; | ||
|
||
|
||
public Credential getCredential() { | ||
return credential; | ||
} | ||
|
||
|
||
public void setCredential(Credential credential) { | ||
this.credential = credential; | ||
} | ||
|
||
|
||
public String getNewCredentialKey() { | ||
return newCredentialKey; | ||
} | ||
|
||
|
||
public void setNewCredentialKey(String newCredentialKey) { | ||
this.newCredentialKey = newCredentialKey; | ||
} | ||
} |
29 changes: 29 additions & 0 deletions
29
...c/main/java/org/eclipse/kapua/service/authentication/user/shiro/UserCredentialModule.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,29 @@ | ||
/******************************************************************************* | ||
* Copyright (c) 2023, 2022 Eurotech and/or its affiliates and others | ||
* | ||
* This program and the accompanying materials are made | ||
* available under the terms of the Eclipse Public License 2.0 | ||
* which is available at https://www.eclipse.org/legal/epl-2.0/ | ||
* | ||
* SPDX-License-Identifier: EPL-2.0 | ||
* | ||
* Contributors: | ||
* Eurotech - initial API and implementation | ||
*******************************************************************************/ | ||
package org.eclipse.kapua.service.authentication.user.shiro; | ||
|
||
import com.google.inject.Module; | ||
import org.eclipse.kapua.commons.core.AbstractKapuaModule; | ||
import org.eclipse.kapua.service.authentication.user.UserCredentialService; | ||
|
||
/** | ||
* {@code kapua-security-shiro} {@link Module} implementation. | ||
* | ||
* @since 2.0.0 | ||
*/ | ||
public class UserCredentialModule extends AbstractKapuaModule implements Module { | ||
@Override | ||
protected void configureModule() { | ||
bind(UserCredentialService.class).to(UserCredentialServiceImpl.class); | ||
} | ||
} |
79 changes: 79 additions & 0 deletions
79
...n/java/org/eclipse/kapua/service/authentication/user/shiro/UserCredentialServiceImpl.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,79 @@ | ||
/******************************************************************************* | ||
* Copyright (c) 2023, 2022 Eurotech and/or its affiliates and others | ||
* | ||
* This program and the accompanying materials are made | ||
* available under the terms of the Eclipse Public License 2.0 | ||
* which is available at https://www.eclipse.org/legal/epl-2.0/ | ||
* | ||
* SPDX-License-Identifier: EPL-2.0 | ||
* | ||
* Contributors: | ||
* Eurotech - initial API and implementation | ||
*******************************************************************************/ | ||
package org.eclipse.kapua.service.authentication.user.shiro; | ||
|
||
import org.eclipse.kapua.KapuaEntityNotFoundException; | ||
import org.eclipse.kapua.KapuaErrorCodes; | ||
import org.eclipse.kapua.KapuaException; | ||
import org.eclipse.kapua.commons.security.KapuaSecurityUtils; | ||
import org.eclipse.kapua.commons.util.ArgumentValidator; | ||
import org.eclipse.kapua.locator.KapuaLocator; | ||
import org.eclipse.kapua.service.authentication.AuthenticationService; | ||
import org.eclipse.kapua.service.authentication.CredentialsFactory; | ||
import org.eclipse.kapua.service.authentication.UsernamePasswordCredentials; | ||
import org.eclipse.kapua.service.authentication.credential.Credential; | ||
import org.eclipse.kapua.service.authentication.credential.CredentialListResult; | ||
import org.eclipse.kapua.service.authentication.credential.CredentialService; | ||
import org.eclipse.kapua.service.authentication.credential.CredentialType; | ||
import org.eclipse.kapua.service.authentication.shiro.utils.AuthenticationUtils; | ||
import org.eclipse.kapua.service.authentication.shiro.utils.CryptAlgorithm; | ||
import org.eclipse.kapua.service.authentication.user.PasswordChangeRequest; | ||
import org.eclipse.kapua.service.authentication.user.UserCredentialService; | ||
import org.eclipse.kapua.service.user.User; | ||
import org.eclipse.kapua.service.user.UserService; | ||
|
||
import javax.inject.Singleton; | ||
|
||
/** | ||
* {@link UserCredentialService} implementation. | ||
* | ||
* @since 2.0.0 | ||
*/ | ||
@Singleton | ||
public class UserCredentialServiceImpl implements UserCredentialService { | ||
@Override | ||
public Credential changePasswordRequest(PasswordChangeRequest passwordChangeRequest) throws KapuaException { | ||
ArgumentValidator.notNull(passwordChangeRequest.getNewPassword(), "passwordChangeRequest.newPassword"); | ||
ArgumentValidator.notNull(passwordChangeRequest.getOldPassword(), "passwordChangeRequest.oldPassword"); | ||
|
||
return KapuaSecurityUtils.doPrivileged(() -> { | ||
KapuaLocator locator = KapuaLocator.getInstance(); | ||
UserService userService = locator.getService(UserService.class); | ||
User user = userService.find(KapuaSecurityUtils.getSession().getScopeId(), KapuaSecurityUtils.getSession().getUserId()); | ||
if (user == null) { | ||
throw new KapuaEntityNotFoundException(User.TYPE, KapuaSecurityUtils.getSession().getUserId()); | ||
} | ||
|
||
AuthenticationService authenticationService = locator.getService(AuthenticationService.class); | ||
CredentialsFactory credentialsFactory = locator.getFactory(CredentialsFactory.class); | ||
UsernamePasswordCredentials usernamePasswordCredentials = credentialsFactory.newUsernamePasswordCredentials(user.getName(), passwordChangeRequest.getOldPassword()); | ||
try { | ||
authenticationService.verifyCredentials(usernamePasswordCredentials); | ||
} catch (KapuaException e) { | ||
throw new KapuaException(KapuaErrorCodes.OPERATION_NOT_ALLOWED, "passwordChangeRequest.oldPassword"); | ||
} | ||
|
||
CredentialService credentialService = locator.getService(CredentialService.class); | ||
CredentialListResult credentials = credentialService.findByUserId(KapuaSecurityUtils.getSession().getScopeId(), KapuaSecurityUtils.getSession().getUserId()); | ||
Credential passwordCredential = credentials.getItems().stream() | ||
.filter(credential -> credential.getCredentialType().equals(CredentialType.PASSWORD)) | ||
.findAny() | ||
.orElseThrow(() -> new IllegalStateException("User does not have any credential of type password")); | ||
|
||
String encryptedPass = AuthenticationUtils.cryptCredential(CryptAlgorithm.BCRYPT, passwordCredential.getCredentialKey()); | ||
passwordCredential.setCredentialKey(encryptedPass); | ||
|
||
return credentialService.update(passwordCredential); | ||
}); | ||
} | ||
} |