org.wso2.carbon.identity.application.common.model.User Java Examples

private void validateUserExistence(User user, int tenantId) throws FederatedAssociationManagerException {

        try {
            UserStoreManager userStoreManager = IdentityUserProfileServiceDataHolder.getInstance().getRealmService()
                    .getTenantUserRealm(tenantId).getUserStoreManager();
            if (!userStoreManager.isExistingUser(
                    UserCoreUtil.addDomainToName(user.getUserName(), user.getUserStoreDomain()))) {
                if (log.isDebugEnabled()) {
                    log.error("UserNotFound: userName: " + user.getUserName() + ", in the domain: "
                            + user.getUserStoreDomain() + ", and in the tenant: " + user.getTenantDomain());
                }
                throw handleFederatedAssociationManagerClientException(INVALID_USER_IDENTIFIER_PROVIDED, null, true);
            }
        } catch (UserStoreException e) {
            if (log.isDebugEnabled()) {
                String msg = "Error occurred while verifying the existence of the userName: " + user.getUserName()
                        + ", in the domain: " + user.getUserStoreDomain() + ", and in the tenant: "
                        + user.getTenantDomain();
                log.debug(msg);
            }
            throw handleFederatedAssociationManagerServerException(ERROR_WHILE_GETTING_THE_USER, e, true);
        }
    }
 

private AssociatedAccountDTO[] getAssociatedAccounts(User user)
        throws FederatedAssociationManagerException, UserProfileException {

    FederatedAssociation[] federatedAssociations = getFederatedAssociationManager()
            .getFederatedAssociationsOfUser(user);
    List<AssociatedAccountDTO> associatedAccountDTOS = new ArrayList<>();
    for (FederatedAssociation federatedAssociation : federatedAssociations) {
        String identityProviderName = getIdentityProviderName(getTenantDomain(),
                federatedAssociation.getIdp().getId());
        associatedAccountDTOS.add(new AssociatedAccountDTO(
                federatedAssociation.getId(),
                identityProviderName,
                federatedAssociation.getFederatedUserId()
        ));
    }
    return associatedAccountDTOS.toArray(new AssociatedAccountDTO[0]);
}
 

@Override
public boolean terminateSessionsByUser(User user, int idpId) throws SessionManagementException {

    if (user == null) {
        throw handleSessionManagementClientException(SessionMgtConstants.ErrorMessages.ERROR_CODE_INVALID_USER,
                null);
    }
    List<String> sessionIdList = getSessionIdListByUser(user, idpId);
    if (log.isDebugEnabled()) {
        log.debug("Terminating all the active sessions of user: " + user.getUserName() + " of user store " +
                "domain: " + user.getUserStoreDomain() + ".");
    }
    terminateSessionsOfUser(sessionIdList);
    if (!sessionIdList.isEmpty()) {
        UserSessionStore.getInstance().removeTerminatedSessionRecords(sessionIdList);
    }
    return true;
}
 

@Override
public void createFederatedAssociation(User user, String idpName, String federatedUserId)
        throws FederatedAssociationManagerException {

    validateUserObject(user);
    int tenantId = getValidatedTenantId(user);
    validateUserExistence(user, tenantId);
    validateIfFederatedUserAccountAlreadyAssociated(user.getTenantDomain(), idpName, federatedUserId);
    try {
        UserProfileMgtDAO.getInstance().createAssociation(tenantId, user.getUserStoreDomain(), user.getUserName(),
                idpName, federatedUserId);
    } catch (UserProfileException e) {
        throw handleFederatedAssociationManagerServerException(ERROR_WHILE_CREATING_FEDERATED_ASSOCIATION_OF_USER
                , e, false);
    }
}
 

/**
 * Remove the association with the given federated identifier for the given user.
 *
 * @param username     username of the user to be associated with
 * @param idpID        Identity Provider ID
 * @param associatedID Federated Identity ID
 * @throws UserProfileException
 */
public void removeAssociateIDForUser(String username, String idpID, String associatedID) throws
        UserProfileException {

    String auditData = getAuditData(username, idpID, associatedID);
    validateFederatedAssociationParameters(username, idpID, associatedID, auditData);
    User user = getUser(username);
    try {
        getFederatedAssociationManager().deleteFederatedAssociation(user, idpID, associatedID);
        audit(auditActionForDeleteAssociation, username, auditData, AUDIT_SUCCESS);
    } catch (FederatedAssociationManagerException e) {
        // This error could be caused if federated association trying to delete does not exists for the user. In
        // order to preserve backward compatibility, this error is silently ignored.
        if (!isFederatedAssociationDoesNotExistsError(e)) {
            audit(auditActionForDeleteAssociation, username, auditData, AUDIT_FAIL);
            String msg = "Error while removing association with federated IdP: " + idpID + " for user: " + username +
                    " in tenant: " + getTenantDomain();
            throw new UserProfileException(msg, e);
        }
    }
}
 

@Override
public void deleteFederatedAssociation(User user, String idpName, String federatedUserId)
        throws FederatedAssociationManagerException {

    validateUserObject(user);
    int tenantId = getValidatedTenantId(user);
    validateFederatedAssociation(user, idpName, federatedUserId);
    try {
        UserProfileMgtDAO.getInstance().deleteAssociation(tenantId, user.getUserStoreDomain(), user.getUserName(),
                idpName, federatedUserId);
    } catch (UserProfileException e) {
        if (log.isDebugEnabled()) {
            String msg = "Error while removing the federated association with idpId: " + idpName + ", and " +
                    "federatedUserId: " + federatedUserId + ", for user: " + user.toFullQualifiedUsername();
            log.debug(msg);
        }
        throw handleFederatedAssociationManagerServerException(ERROR_WHILE_DELETING_FEDERATED_ASSOCIATION_OF_USER
                , e, true);
    }
}
 

@Override
public void deleteFederatedAssociation(User user, String federatedAssociationId)
        throws FederatedAssociationManagerException {

    validateUserObject(user);
    validateFederatedAssociation(user, federatedAssociationId);
    try {
        UserProfileMgtDAO.getInstance().deleteFederatedAssociation(user.getUserStoreDomain(), user.getUserName(),
                federatedAssociationId);
    } catch (UserProfileException e) {
        if (log.isDebugEnabled()) {
            String msg = "Error while removing the federated association: " + federatedAssociationId
                    + ", for user: " + user.toFullQualifiedUsername();
            log.debug(msg, e);
        }
        throw handleFederatedAssociationManagerServerException(ERROR_WHILE_DELETING_FEDERATED_ASSOCIATION_OF_USER
                , e, true);
    }
}
 

@Override
public void deleteFederatedAssociation(User user) throws FederatedAssociationManagerException {

    validateUserObject(user);
    int tenantId = getValidatedTenantId(user);
    validateExistenceOfFederatedAssociations(user);
    try {
        UserProfileMgtDAO.getInstance().deleteFederatedAssociation(tenantId, user.getUserStoreDomain(),
                user.getUserName());
    } catch (UserProfileException e) {
        if (log.isDebugEnabled()) {
            String msg = "Error while removing the federated associations of user: "
                    + user.toFullQualifiedUsername();
            log.debug(msg, e);
        }
        throw handleFederatedAssociationManagerServerException(ERROR_WHILE_DELETING_FEDERATED_ASSOCIATION_OF_USER
                , e, true);
    }
}
 

@Override
protected void handleFailedAuthentication(HttpServletRequest request, HttpServletResponse response,
                                          AuthenticationContext context, AuthenticatorConfig authenticatorConfig,
                                          User user) {

    super.handleFailedAuthentication(request, response, context, authenticatorConfig, user);

    if (user != null) {
        AuthenticatedUser lastAttemptedUser = buildAuthenticatedUser(user);
        context.setProperty(FrameworkConstants.JSAttributes.JS_LAST_LOGIN_FAILED_USER, lastAttemptedUser);
        if (log.isDebugEnabled()) {
            log.debug("Last attempted user : " + lastAttemptedUser.toFullQualifiedUsername() + " is set in the " +
                    "authentication context for failed login attempt to service provider: " +
                    context.getServiceProviderName());
        }
    }

    request.setAttribute(FrameworkConstants.RequestParams.FLOW_STATUS, AuthenticatorFlowStatus.FAIL_COMPLETED);
    if (log.isDebugEnabled()) {
        log.debug("Authentication flow status set to '" + AuthenticatorFlowStatus.FAIL_COMPLETED + "' for " +
                "authentication attempt made to service provider: " + context.getServiceProviderName());
    }
}
 

private int getValidatedTenantId(User user) throws FederatedAssociationManagerException {

        int tenantId;
        RealmService realmService;
        try {
            realmService = IdentityUserProfileServiceDataHolder.getInstance().getRealmService();
            tenantId = realmService.getTenantManager().getTenantId(user.getTenantDomain());
        } catch (UserStoreException e) {
            if (log.isDebugEnabled()) {
                log.debug("Error while getting the tenant Id for the tenant domain: "
                        + user.getTenantDomain());
            }
            throw handleFederatedAssociationManagerServerException(ERROR_WHILE_WORKING_WITH_FEDERATED_ASSOCIATIONS, e,
                    false);
        }
        if (MultitenantConstants.INVALID_TENANT_ID == tenantId) {
            if (log.isDebugEnabled()) {
                log.debug("Invalid tenant id is resolved for the tenant domain: " + user.getTenantDomain());
            }
            throw handleFederatedAssociationManagerClientException(INVALID_TENANT_DOMAIN_PROVIDED, null, true);
        }
        return tenantId;
    }
 

/**
 * Remove the association with the given federated identifier for the logged in user.
 *
 * @param idpID        Identity Provider ID
 * @param associatedID Federated Identity ID
 * @throws UserProfileException
 */
public void removeAssociateID(String idpID, String associatedID) throws UserProfileException {

    String tenantAwareUsername = CarbonContext.getThreadLocalCarbonContext().getUsername();
    User user = getUser(tenantAwareUsername);
    try {
        getFederatedAssociationManager().deleteFederatedAssociation(user, idpID, associatedID);
    } catch (FederatedAssociationManagerException e) {
        String msg = "Error while removing association with federated IdP: " + idpID + " for user: " +
                tenantAwareUsername + " in tenant: " + getTenantDomain();
        throw new UserProfileException(msg, e);
    }
}
 

/**
 * Associate the given user with the given federated identifier.
 *
 * @param username     username of the user to be associated with
 * @param idpID        Identity Provider ID
 * @param associatedID Federated Identity ID
 * @throws UserProfileException
 */
public void associateIDForUser(String username, String idpID, String associatedID) throws UserProfileException {

    User user = getUser(username);
    String auditData = getAuditData(username, idpID, associatedID);
    try {
        getFederatedAssociationManager().createFederatedAssociation(user, idpID, associatedID);
        audit(auditActionForCreateAssociation, username, auditData, AUDIT_SUCCESS);
    } catch (FederatedAssociationManagerException e) {
        audit(auditActionForCreateAssociation, username, auditData, AUDIT_FAIL);
        String msg = "Error while creating association for user: " + username + " with federated IdP: " + idpID +
                " in tenant: " + getTenantDomain();
        throw new UserProfileException(msg, e);
    }
}
 

/**
 * Return an array of federated identifiers associated with the logged in user.
 *
 * @return an array of AssociatedAccountDTO objects which contains the federated identifier info
 * @throws UserProfileException
 */
public AssociatedAccountDTO[] getAssociatedIDs() throws UserProfileException {

    String tenantAwareUsername = CarbonContext.getThreadLocalCarbonContext().getUsername();
    User user = getUser(tenantAwareUsername);
    try {
        return getAssociatedAccounts(user);
    } catch (FederatedAssociationManagerException e) {
        String msg = "Error while retrieving federated identifiers associated for user: " + tenantAwareUsername +
                " in tenant: " + getTenantDomain();
        throw new UserProfileException(msg, e);
    }
}
 

/**
 * Associate the user logged in with the given federated identifier.
 *
 * @param idpID        Identity Provider ID
 * @param associatedID Federated Identity ID
 * @throws UserProfileException
 */
public void associateID(String idpID, String associatedID) throws UserProfileException {

    String tenantAwareUsername = CarbonContext.getThreadLocalCarbonContext().getUsername();
    User user = getUser(tenantAwareUsername);
    try {
        getFederatedAssociationManager().createFederatedAssociation(user, idpID, associatedID);
    } catch (FederatedAssociationManagerException e) {
        String msg = "Error while creating association for user: " + tenantAwareUsername + ", with federated IdP: "
                + idpID + ", in tenant: " + getTenantDomain();
        throw new UserProfileException(msg, e);
    }
}
 

private boolean isOwnerUpdateRequest(User storedAppOwner, User updatedAppOwner) {

        if (updatedAppOwner != null) {
            boolean isValidAppOwnerInUpdateRequest = StringUtils.isNotEmpty(updatedAppOwner.getUserName())
                    && !CarbonConstants.REGISTRY_SYSTEM_USERNAME.equals(updatedAppOwner.getUserName());
            boolean isOwnerChanged = !storedAppOwner.equals(updatedAppOwner);

            return isValidAppOwnerInUpdateRequest && isOwnerChanged;
        } else {
            // There is no app owner defined in the update request. Nothing to do there.
            return false;
        }
    }
 

private User extractUser(String userId, String tenantDomain) {

        try {
            String decodedUsername = new String(Base64.getDecoder().decode(userId), StandardCharsets.UTF_8);

            if (StringUtils.isBlank(userId)) {
                throw new WebApplicationException("UserID is empty.");
            }
            String[] strComponent = decodedUsername.split("/");

            String username;
            String realm = UserStoreConfigConstants.PRIMARY;

            if (strComponent.length == 1) {
                username = strComponent[0];
            } else if (strComponent.length == 2) {
                realm = strComponent[0];
                username = strComponent[1];
            } else {
                throw new WebApplicationException("Provided UserID is " + "not in the correct format.");
            }

            User user = new User();
            user.setUserName(username);
            user.setUserStoreDomain(realm);
            user.setTenantDomain(tenantDomain);

            return user;
        } catch (Exception e) {
            throw new APIError(Response.Status.BAD_REQUEST,
                    new ErrorResponse.Builder().withCode(Constants.ErrorMessages.ERROR_CODE_INVALID_USERNAME.getCode())
                            .withMessage(Constants.ErrorMessages.ERROR_CODE_INVALID_USERNAME.getMessage())
                            .withDescription(Constants.ErrorMessages.ERROR_CODE_INVALID_USERNAME.getDescription())
                            .build(log, e, "Invalid userId: " + userId));
        }
    }
 

/**
 * Return an array of federated identifiers associated with the given in user.
 *
 * @param username username of the user to find associations with
 * @return an array of AssociatedAccountDTO objects which contains the federated identifier info
 * @throws UserProfileException
 */
public AssociatedAccountDTO[] getAssociatedIDsForUser(String username) throws UserProfileException {

    User user = getUser(username);
    try {
        return getAssociatedAccounts(user);
    } catch (FederatedAssociationManagerException e) {
        String msg = "Error while retrieving federated identifiers associated for user: " + username + " in " +
                "tenant: " + getTenantDomain();
        throw new UserProfileException(msg, e);
    }
}
 

/**
 * Create user object from user name and tenantDomain.
 *
 * @param tenantDomain tenantDomain
 * @param username     username
 * @return User
 */
private User getUser(String tenantDomain, String username) {

    User user = new User();
    user.setUserName(UserCoreUtil.removeDomainFromName(username));
    user.setUserStoreDomain(UserCoreUtil.extractDomainFromName(username));
    user.setTenantDomain(tenantDomain);
    return user;
}
 

private User getUser(String domainAwareUserName) {

        User user = new User();
        user.setTenantDomain(CarbonContext.getThreadLocalCarbonContext().getTenantDomain());
        user.setUserStoreDomain(UserCoreUtil.extractDomainFromName(domainAwareUserName));
        user.setUserName(MultitenantUtils.getTenantAwareUsername(UserCoreUtil.removeDomainFromName(domainAwareUserName)));
        return user;
    }
 

@Override
public FederatedAssociation[] getFederatedAssociationsOfUser(User user)
        throws FederatedAssociationManagerException {

    validateUserObject(user);
    int tenantId = getValidatedTenantId(user);
    validateUserExistence(user, tenantId);
    try {
        List<FederatedAssociation> federatedAssociations = new ArrayList<>();
        List<AssociatedAccountDTO> associatedAccountDTOS = UserProfileMgtDAO.getInstance()
                .getAssociatedFederatedAccountsForUser(tenantId, user.getUserStoreDomain(), user.getUserName());
        for (AssociatedAccountDTO associatedAccount : associatedAccountDTOS) {
            AssociatedIdentityProvider idp = getAssociatedIdentityProvider(user.getTenantDomain(),
                    associatedAccount.getIdentityProviderName());
            federatedAssociations.add(
                    new FederatedAssociation(
                            associatedAccount.getId(),
                            idp,
                            associatedAccount.getUsername()
                    )
            );
        }
        return federatedAssociations.toArray(new FederatedAssociation[0]);
    } catch (UserProfileException e) {
        if (log.isDebugEnabled()) {
            String msg = "Error while retrieving federated account associations of user: "
                    + user.toFullQualifiedUsername();
            log.debug(msg);
        }
        throw handleFederatedAssociationManagerServerException(ERROR_WHILE_RETRIEVING_FEDERATED_ASSOCIATION_OF_USER,
                e, true);
    }
}
 

private void validateUserObject(User user) throws FederatedAssociationManagerException {

        boolean isValidUserObject = (user != null && isRequiredUserParametersPresent(user));
        if (!isValidUserObject) {
            if (log.isDebugEnabled()) {
                log.debug("Either provided user is null or missing user parameters.");
            }
            throw handleFederatedAssociationManagerClientException(INVALID_USER_IDENTIFIER_PROVIDED, null, true);
        }
    }
 

private void validateExistenceOfFederatedAssociations(User user) throws FederatedAssociationManagerException {

        if (!isValidFederatedAssociationsExist(user)) {
            if (log.isDebugEnabled()) {
                log.debug("Valid federated associations does not exist for the user: "
                        + user.toFullQualifiedUsername());
            }
            throw handleFederatedAssociationManagerClientException(FEDERATED_ASSOCIATION_DOES_NOT_EXISTS, null, true);
        }
    }
 

private void validateFederatedAssociation(User user, String federatedAssociationId)
        throws FederatedAssociationManagerException {

    if (StringUtils.isEmpty(federatedAssociationId)
            || !isValidFederatedAssociation(user, federatedAssociationId)) {
        if (log.isDebugEnabled()) {
            log.debug("A valid federated association does not exist for the Id: " + federatedAssociationId
                    + ", of the user: " + user.toFullQualifiedUsername());
        }
        throw handleFederatedAssociationManagerClientException(INVALID_FEDERATED_ASSOCIATION, null, true);
    }
}
 

private boolean isValidFederatedAssociation(User user, String federatedAssociationId)
        throws FederatedAssociationManagerException {

    FederatedAssociation[] federatedUserAccountAssociationDTOS
            = getFederatedAssociationsOfUser(user);
    if (federatedUserAccountAssociationDTOS != null) {
        for (FederatedAssociation federatedUserAccountAssociationDTO : federatedUserAccountAssociationDTOS) {
            if (federatedAssociationId.equals(federatedUserAccountAssociationDTO.getId())) {
                return true;
            }
        }
    }
    return false;
}
 

private void validateFederatedAssociation(User user, String idpName, String federatedUserId)
        throws FederatedAssociationManagerException {

    if (StringUtils.isEmpty(idpName) || StringUtils.isEmpty(federatedUserId)
            || !isValidFederatedAssociation(user, idpName, federatedUserId)) {
        if (log.isDebugEnabled()) {
            log.debug("A valid federated association does not exist for the idpName: " + idpName + ", and " +
                    "federatedUserId: " + federatedUserId + ", of the user: " + user.toFullQualifiedUsername());
        }
        throw handleFederatedAssociationManagerClientException(INVALID_FEDERATED_ASSOCIATION, null, true);
    }
}
 

private boolean isValidFederatedAssociation(User user, String idpName, String federatedUserId)
        throws FederatedAssociationManagerException {

    FederatedAssociation[] federatedUserAccountAssociationDTOS = getFederatedAssociationsOfUser(user);
    if (federatedUserAccountAssociationDTOS != null) {
        for (FederatedAssociation eachFederatedAssociation : federatedUserAccountAssociationDTOS) {
            if (idpName.equals(getResolvedIdPName(user, eachFederatedAssociation.getIdp().getId()))
                    && federatedUserId.equals(eachFederatedAssociation.getFederatedUserId())) {
                return true;
            }
        }
    }
    return false;
}
 

@Test(dataProvider = "userProvider")
public void testSetTenantDomainToUserName(Object userObj, boolean isSuccess) throws Exception {

    User user = (User) userObj;
    mockStatic(FrameworkServiceDataHolder.class);
    when(FrameworkServiceDataHolder.getInstance()).thenReturn(frameworkServiceDataHolder);
    when(frameworkServiceDataHolder.getAuthnDataPublisherProxy()).thenReturn(authenticationDataPublisherProxy);
    when(authenticationDataPublisherProxy.isEnabled(any())).thenReturn(true);
    doCallRealMethod().when(testApplicationAuthenticator)
            .publishAuthenticationStepAttempt(request, context, user, true);
    testApplicationAuthenticator.publishAuthenticationStepAttempt(request, context, user, isSuccess);
    if (user != null) {
        Assert.assertEquals(user.getTenantDomain(), TENANT_DOMAIN);
    }
}
 

protected void handleFailedAuthentication(HttpServletRequest request,
                                          HttpServletResponse response,
                                          AuthenticationContext context,
                                          AuthenticatorConfig authenticatorConfig,
                                          User user) {
    context.setRequestAuthenticated(false);
    request.setAttribute(FrameworkConstants.RequestParams.FLOW_STATUS, AuthenticatorFlowStatus.FAIL_COMPLETED);
}
 

private AuthenticatedUser buildAuthenticatedUser(User user) {

        AuthenticatedUser authenticatedUser = new AuthenticatedUser();
        authenticatedUser.setUserName(user.getUserName());
        authenticatedUser.setTenantDomain(user.getTenantDomain());
        authenticatedUser.setUserStoreDomain(user.getUserStoreDomain());
        return authenticatedUser;
    }
 

@Override
public List<UserSession> getSessionsByUser(User user, int idpId) throws SessionManagementException {

    if (user == null) {
        throw handleSessionManagementClientException(SessionMgtConstants.ErrorMessages.ERROR_CODE_INVALID_USER,
                null);
    }
    if (log.isDebugEnabled()) {
        log.debug("Retrieving all the active sessions of user: " + user.getUserName() + " of user store " +
                "domain: " + user.getUserStoreDomain() + ".");
    }
    return getActiveSessionList(getSessionIdListByUser(user, idpId));
}