Skip to content
Snippets Groups Projects
Commit 39d66d1f authored by brinn's avatar brinn
Browse files

LMS-405 Prevent using ':' in names and e-mail of file-based authentication admin tool 

SVN: 5808
parent 95a579d3
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
authentication/source/java/ch/systemsx/cisd/authentication/file/Parameters.java
+ 18
0
View file @ 39d66d1f
......@@ -28,6 +28,7 @@ import org.kohsuke.args4j.Option;
import ch.systemsx.cisd.common.exceptions.HighLevelException;
import ch.systemsx.cisd.common.exceptions.UserFailureException;
import ch.systemsx.cisd.common.utilities.IExitHandler;
import ch.systemsx.cisd.common.utilities.StringUtilities;
import ch.systemsx.cisd.common.utilities.SystemExit;
/**
......@@ -177,6 +178,19 @@ final class Parameters
return null;
}
private static void checkValid(String fieldOrNull, String describer)
{
if (fieldOrNull == null)
{
return;
}
if (fieldOrNull.indexOf(':') >= 0)
{
throw new UserFailureException(StringUtilities.capitalize(describer)
+ " '" + fieldOrNull + "'" + " must not contain a ':'.");
}
}
/**
* Returns the {@link Command} to be executed.
*/
......@@ -194,6 +208,7 @@ final class Parameters
{
assert userId != null;
checkValid(userId, "user id");
return userId;
}
......@@ -202,6 +217,7 @@ final class Parameters
*/
final String getFirstName()
{
checkValid(firstNameOrNull, "first name");
return firstNameOrNull == null ? "" : firstNameOrNull;
}
......@@ -210,6 +226,7 @@ final class Parameters
*/
final String getLastName()
{
checkValid(lastNameOrNull, "last name");
return lastNameOrNull == null ? "" : lastNameOrNull;
}
......@@ -218,6 +235,7 @@ final class Parameters
*/
final String getEmail()
{
checkValid(emailOrNull, "email");
return emailOrNull == null ? "" : emailOrNull;
}
......
authentication/source/java/ch/systemsx/cisd/authentication/file/PasswordEditorCommand.java
+ 106
98
View file @ 39d66d1f
......@@ -22,6 +22,7 @@ import java.io.IOException;
import jline.ConsoleReader;
import ch.systemsx.cisd.common.exceptions.EnvironmentFailureException;
import ch.systemsx.cisd.common.exceptions.HighLevelException;
/**
* A class to create and edit password entries.
......@@ -95,119 +96,126 @@ public class PasswordEditorCommand
public static void main(String[] args)
{
final Parameters params = new Parameters(args);
final ILineStore lineStore = new FileBasedLineStore(getPasswordFile(), "Password file");
final IUserStore userStore = new LineBasedUserStore(lineStore);
switch (params.getCommand())
try
{
case ADD:
{
final String userId = params.getUserId();
final UserEntry userOrNull = userStore.tryGetUser(userId);
if (userOrNull != null)
{
System.err.printf("User '%s' already exists.\n", userId);
System.exit(1);
}
final String password;
if (params.tryGetPassword() != null)
{
password = params.tryGetPassword();
} else
{
password = readPassword(ENTER_NEW_PASSWORD_MSG);
}
final UserEntry user =
new UserEntry(params.getUserId(), params.getFirstName(), params
.getLastName(), params.getEmail(), password);
userStore.addOrUpdateUser(user);
break;
}
case CHANGE:
final Parameters params = new Parameters(args);
final ILineStore lineStore = new FileBasedLineStore(getPasswordFile(), "Password file");
final IUserStore userStore = new LineBasedUserStore(lineStore);
switch (params.getCommand())
{
final String userId = params.getUserId();
final UserEntry userOrNull = userStore.tryGetUser(userId);
if (userOrNull == null)
{
System.err.printf("User '%s' does not exist.\n", userId);
System.exit(1);
return; // Fake: convince compiler that it is save to dereference userOrNull
}
if (params.getFirstName() != null)
{
userOrNull.setFirstName(params.getFirstName());
}
if (params.getLastName() != null)
{
userOrNull.setLastName(params.getLastName());
}
if (params.getEmail() != null)
case ADD:
{
userOrNull.setEmail(params.getEmail());
final String userId = params.getUserId();
final UserEntry userOrNull = userStore.tryGetUser(userId);
if (userOrNull != null)
{
System.err.printf("User '%s' already exists.\n", userId);
System.exit(1);
}
final String password;
if (params.tryGetPassword() != null)
{
password = params.tryGetPassword();
} else
{
password = readPassword(ENTER_NEW_PASSWORD_MSG);
}
final UserEntry user =
new UserEntry(params.getUserId(), params.getFirstName(), params
.getLastName(), params.getEmail(), password);
userStore.addOrUpdateUser(user);
break;
}
if (params.tryGetPassword() != null)
case CHANGE:
{
userOrNull.setPassword(params.tryGetPassword());
} else if (params.isChangePassword())
{
userOrNull.setPassword(readPassword(ENTER_NEW_PASSWORD_MSG));
final String userId = params.getUserId();
final UserEntry userOrNull = userStore.tryGetUser(userId);
if (userOrNull == null)
{
System.err.printf("User '%s' does not exist.\n", userId);
System.exit(1);
return; // Fake: convince compiler that it is save to dereference userOrNull
}
if (params.getFirstName() != null)
{
userOrNull.setFirstName(params.getFirstName());
}
if (params.getLastName() != null)
{
userOrNull.setLastName(params.getLastName());
}
if (params.getEmail() != null)
{
userOrNull.setEmail(params.getEmail());
}
if (params.tryGetPassword() != null)
{
userOrNull.setPassword(params.tryGetPassword());
} else if (params.isChangePassword())
{
userOrNull.setPassword(readPassword(ENTER_NEW_PASSWORD_MSG));
}
userStore.addOrUpdateUser(userOrNull);
break;
}
userStore.addOrUpdateUser(userOrNull);
break;
}
case LIST:
{
printHeader();
for (UserEntry user : userStore.listUsers())
{
printUser(user);
}
break;
}
case REMOVE:
{
final String userId = params.getUserId();
if (userStore.removeUser(userId) == false)
case LIST:
{
System.err.printf("User '%s' does not exist.\n", userId);
System.exit(1);
printHeader();
for (UserEntry user : userStore.listUsers())
{
printUser(user);
}
break;
}
break;
}
case SHOW:
{
final String userId = params.getUserId();
final UserEntry userOrNull = userStore.tryGetUser(userId);
if (userOrNull == null)
case REMOVE:
{
System.err.printf("User '%s' does not exist.\n", userId);
System.exit(1);
return; // Fake: convince compiler that it is save to dereference userOrNull
final String userId = params.getUserId();
if (userStore.removeUser(userId) == false)
{
System.err.printf("User '%s' does not exist.\n", userId);
System.exit(1);
}
break;
}
printHeader();
printUser(userOrNull);
break;
}
case TEST:
{
final String userId = params.getUserId();
final UserEntry userOrNull = userStore.tryGetUser(userId);
if (userOrNull == null)
case SHOW:
{
System.err.printf("User '%s' does not exist.\n", userId);
System.exit(1);
return; // Fake: convince compiler that it is save to dereference userOrNull
final String userId = params.getUserId();
final UserEntry userOrNull = userStore.tryGetUser(userId);
if (userOrNull == null)
{
System.err.printf("User '%s' does not exist.\n", userId);
System.exit(1);
return; // Fake: convince compiler that it is save to dereference userOrNull
}
printHeader();
printUser(userOrNull);
break;
}
final String password = readPassword(ENTER_PASSWORD_MSG);
if (userStore.isPasswordCorrect(userId, password))
case TEST:
{
System.out.printf("User '%s' successfully authenticated.\n", userId);
} else
{
System.out.printf("User '%s' authentication failed.\n", userId);
final String userId = params.getUserId();
final UserEntry userOrNull = userStore.tryGetUser(userId);
if (userOrNull == null)
{
System.err.printf("User '%s' does not exist.\n", userId);
System.exit(1);
return; // Fake: convince compiler that it is save to dereference userOrNull
}
final String password = readPassword(ENTER_PASSWORD_MSG);
if (userStore.isPasswordCorrect(userId, password))
{
System.out.printf("User '%s' successfully authenticated.\n", userId);
} else
{
System.out.printf("User '%s' authentication failed.\n", userId);
}
break;
}
break;
}
} catch (HighLevelException ex)
{
System.err.println(ex.getMessage());
System.exit(1);
}
}
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment