View Javadoc
1   /**
2    * This file Copyright (c) 2003-2018 Magnolia International
3    * Ltd.  (http://www.magnolia-cms.com). All rights reserved.
4    *
5    *
6    * This file is dual-licensed under both the Magnolia
7    * Network Agreement and the GNU General Public License.
8    * You may elect to use one or the other of these licenses.
9    *
10   * This file is distributed in the hope that it will be
11   * useful, but AS-IS and WITHOUT ANY WARRANTY; without even the
12   * implied warranty of MERCHANTABILITY or FITNESS FOR A
13   * PARTICULAR PURPOSE, TITLE, or NONINFRINGEMENT.
14   * Redistribution, except as permitted by whichever of the GPL
15   * or MNA you select, is prohibited.
16   *
17   * 1. For the GPL license (GPL), you can redistribute and/or
18   * modify this file under the terms of the GNU General
19   * Public License, Version 3, as published by the Free Software
20   * Foundation.  You should have received a copy of the GNU
21   * General Public License, Version 3 along with this program;
22   * if not, write to the Free Software Foundation, Inc., 51
23   * Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
24   *
25   * 2. For the Magnolia Network Agreement (MNA), this file
26   * and the accompanying materials are made available under the
27   * terms of the MNA which accompanies this distribution, and
28   * is available at http://www.magnolia-cms.com/mna.html
29   *
30   * Any modifications to this file must keep this entire header
31   * intact.
32   *
33   */
34  package info.magnolia.cms.security;
35  
36  import info.magnolia.cms.core.Content;
37  import info.magnolia.cms.util.DeprecationUtil;
38  
39  import java.io.Serializable;
40  import java.util.Calendar;
41  import java.util.Collection;
42  import java.util.Collections;
43  import java.util.Map;
44  
45  import org.apache.jackrabbit.util.ISO8601;
46  
47  /**
48   * A read-only snapshot of a Magnolia user as found in JCR at the moment of creation (e.g. upon login).
49   * Any changes to the underlying properties, roles and groups will be reflected here only upon first logging out
50   * and then logging in again.
51   * To get a "real-time" view of a user's status, use {@link MgnlUserManager#getUser(String)} or similar methods instead.
52   */
53  public class MgnlUser extends AbstractUser implements User, Serializable {
54      private final Map<String, String> properties;
55      private final Collection<String> directGroups;
56      private final Collection<String> directRoles;
57      private final Collection<String> allGroups;
58      private final Collection<String> allRoles;
59  
60      private final String name;
61      private final String language;
62      private final String encodedPassword;
63      private boolean enabled = true;
64      private String path;
65      private String uuid;
66      private final String realm;
67  
68      /**
69       * This constructor is mainly used by {@link MgnlUserManager} or by custom extensions of this object.
70       * If you extend MgnlUser, chances are you need to provide your own {@link MgnlUserManager} as well.
71       *
72       * @see MgnlUserManager#getUser(String)
73       * @see MgnlUserManager#newUserInstance(javax.jcr.Node)
74       *
75       */
76      public MgnlUser(String name, String realm, Collection<String> directGroups, Collection<String> directRoles, Map<String, String> properties, String path, String uuid, Collection<String> allGroups, Collection<String> allRoles) {
77          this.name = name;
78          this.directRoles = directRoles;
79          this.directGroups = directGroups;
80          this.allRoles = allRoles;
81          this.allGroups = allGroups;
82          this.properties = properties;
83          this.realm = realm;
84  
85          //shortcut some often accessed props so we don't have to search hashmap for them.
86          this.language = properties.get(MgnlUserManager.PROPERTY_LANGUAGE);
87  
88          final String enabledByDefault = properties.get(MgnlUserManager.PROPERTY_ENABLED);
89          // all accounts are enabled by default and prop doesn't exist if the account was not disabled before
90          this.enabled = enabledByDefault == null ? true : Boolean.parseBoolean(properties.get(MgnlUserManager.PROPERTY_ENABLED));
91  
92          this.encodedPassword = properties.get(MgnlUserManager.PROPERTY_PASSWORD);
93          this.path = path;
94          this.uuid = uuid;
95      }
96  
97      /**
98       * @deprecated since 5.5.5. Please use {@link #MgnlUser(String, String, Collection, Collection, Map, String, String, Collection, Collection)} instead.
99       */
100     @Deprecated
101     public MgnlUser(String name, String realm, Collection<String> directGroups, Collection<String> directRoles, Map<String, String> properties, String path, String uuid) {
102         this(name, realm, directGroups, directRoles, properties, path, uuid, Collections.emptySet(), Collections.emptySet());
103         final String reason = "This constructor is deprecated since Magnolia 5.5.5.\n" +
104                 "Be warned that instantiating directly MgnlUser with this constructor will result in an inconsistent object missing all roles and groups.\n" +
105                 "Please use new public constructor instead.";
106         DeprecationUtil.isDeprecated(reason);
107     }
108 
109     /**
110      * @deprecated since 5.5.5. Please use {@link #MgnlUser(String, String, Collection, Collection, Map, String, String, Collection, Collection)} instead.
111      */
112     @Deprecated
113     public MgnlUser(String name, String realm, Collection<String> directGroups, Collection<String> directRoles, Map<String, String> properties) {
114         this(name, realm, directGroups, directRoles, properties, null, null);
115     }
116 
117     @Override
118     public boolean inGroup(String groupName) {
119         return allGroups.contains(groupName);
120     }
121 
122     @Override
123     public boolean isEnabled() {
124         return enabled;
125     }
126 
127     @Override
128     public boolean hasRole(String roleName) {
129         return allRoles.contains(roleName);
130     }
131 
132     public int getFailedLoginAttempts() {
133         try {
134             return Integer.valueOf(this.properties.get("failedLoginAttempts"));
135         } catch (Exception e) {
136             return 0;
137         }
138     }
139 
140     public Calendar getReleaseTime() {
141         try {
142             return ISO8601.parse(this.properties.get("releaseTime"));
143         } catch (Exception e) {
144             return null;
145         }
146     }
147 
148     @Override
149     public String getName() {
150         return name;
151     }
152 
153     @Override
154     public String getPassword() {
155         return encodedPassword;
156     }
157 
158     @Deprecated
159     /**
160      * @deprecated Since 4.5.8. Password is now encoded by BCrypt and therefore cannot be decoded.
161      */
162     protected String decodePassword(String encodedPassword) {
163         throw new UnsupportedOperationException();
164     }
165 
166     @Override
167     public String getLanguage() {
168         return this.language;
169     }
170 
171     @Override
172     public String getProperty(String propertyName) {
173         return properties.get(propertyName);
174     }
175 
176     @Override
177     public Collection<String> getGroups() {
178         return Collections.unmodifiableCollection(directGroups);
179     }
180 
181     @Override
182     public Collection<String> getAllGroups() {
183         return Collections.unmodifiableCollection(allGroups);
184     }
185 
186     @Override
187     public Collection<String> getRoles() {
188         return Collections.unmodifiableCollection(directRoles);
189     }
190 
191     @Override
192     public Collection<String> getAllRoles() {
193         return Collections.unmodifiableCollection(allRoles);
194     }
195 
196     public String getPath() {
197         return this.path;
198     }
199 
200     @Deprecated
201     public void setPath(String path) {
202         this.path = path;
203     }
204 
205 
206     public String getRealm() {
207         return realm;
208     }
209 
210     /**
211      * Update the "last access" timestamp.
212      *
213      * @deprecated since 4.5, use {@link UserManager#updateLastAccessTimestamp(User)} instead
214      */
215     @Deprecated
216     public void setLastAccess() {
217         throw new UnsupportedOperationException("Use manager to update user details.");
218     }
219 
220     /**
221      * Not every user needs to have a node behind. Use manager to obtain nodes
222      *
223      * @deprecated since 4.5, use {@link UserManager#updateLastAccessTimestamp(User)} instead
224      */
225     @Deprecated
226     public Content getUserNode() {
227         throw new UnsupportedOperationException("Underlying storage node is no longer exposed nor required for custom user stores.");
228     }
229 
230     /**
231      * @deprecated since 4.5, use {@link UserManager} instead
232      */
233     @Override
234     @Deprecated
235     public void setProperty(String propertyName, String value) {
236         throw new UnsupportedOperationException("Use manager to modify properties of the user.");
237     }
238 
239     @Override
240     public String getIdentifier() {
241         return uuid;
242     }
243 
244     /**
245      * @deprecated since 4.5.1, use {@link MgnlUser#getIdentifier()} instead
246      */
247     @Deprecated
248     public String getUuid() {
249         return uuid;
250     }
251 
252     @Override
253     public String toString() {
254         return "MgnlUser - " + name + " [" + uuid + "]";
255     }
256 }