Examples of org.graylog2.users.User

• org.graylog2.versioncheck.VersionCheckResponse
  @author Dennis Oelkers

            "own account or for users with the necessary permissions to edit permissions.")
    @ApiResponses({
            @ApiResponse(code = 404, message = "The user could not be found.")
    })
    public Response get(@ApiParam(name = "username", value = "The username to return information for.", required = true) @PathParam("username") String username) {
        final User user = userService.load(username);
        if (user == null) {
            return status(NOT_FOUND).build();
        }
        // if the requested username does not match the authenticated user, then we don't return permission information
        final boolean allowedToSeePermissions = isPermitted(RestPermissions.USERS_PERMISSIONSEDIT, username);

            LOG.error("Cannot create user {}: username is already taken.", cr.username);
            return status(BAD_REQUEST).build();
        }

        // Create user.
        User user = userService.create();
        user.setName(cr.username);
        user.setPassword(cr.password, configuration.getPasswordSecret());
        user.setFullName(cr.fullname);
        user.setEmail(cr.email);
        user.setPermissions(cr.permissions);
        if (cr.timezone != null)
            user.setTimeZone(cr.timezone);
        if (cr.session_timeout_ms != null)
            user.setSessionTimeoutMs(cr.session_timeout_ms);

        String id;
        try {
            // TODO JPA this is wrong, the primary key is the username
            id = userService.save(user);

            throw new BadRequestException("Missing request body.");
        }
        checkPermission(USERS_EDIT, username);
        CreateRequest cr = getCreateRequest(body);

        final User user = userService.load(username);
        if (user == null) {
            return status(NOT_FOUND).build();
        }
        if (user.isReadOnly()) {
            throw new BadRequestException("Cannot modify readonly user " + username);
        }
        // we only allow setting a subset of the fields in CreateStreamRuleRequest
        if (cr.email != null) {
            user.setEmail(cr.email);
        }
        if (cr.fullname != null) {
            user.setFullName(cr.fullname);
        }
        final boolean permitted = isPermitted(USERS_PERMISSIONSEDIT, user.getName());
        if (permitted && cr.permissions != null) {
            user.setPermissions(cr.permissions);
        }
        if (cr.timezone == null) {
            user.setTimeZone((String)null);
        } else {
            try {
                if (cr.timezone.isEmpty()) {
                    user.setTimeZone((String)null);
                } else {
                    final DateTimeZone tz = DateTimeZone.forID(cr.timezone);
                    user.setTimeZone(tz);
                }
            } catch (IllegalArgumentException e) {
                LOG.error("Invalid timezone '{}', ignoring it for user {}.", cr.timezone, username);
            }
        }

        if (cr.startpage != null) {
            user.setStartpage(cr.startpage.type, cr.startpage.id);
        }
        if (isPermitted("*")) {
            if (cr.session_timeout_ms != null && cr.session_timeout_ms != 0) {
                user.setSessionTimeoutMs(cr.session_timeout_ms);
            }
        }
        try {
            // TODO JPA this is wrong, the primary key is the username
            userService.save(user);

    @Override
    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
        LOG.debug("Retrieving authorization information for {}", principals);
        final SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
        final User user = userService.load(principals.getPrimaryPrincipal().toString());

        final List<String> permissions;
        if (null == user) {
            permissions = Collections.emptyList();
        } else {
            permissions = user.getPermissions();

            if (permissions != null) {
                info.setStringPermissions(Sets.newHashSet(permissions));
            }

            if (!authenticated) {
                LOG.info("Invalid credentials for user {} (DN {})", principal, userEntry.getDn());
                return null;
            }
            // user found and authenticated, sync the user entry with mongodb
            final User user = userService.syncFromLdapEntry(userEntry, ldapSettings, principal);
            if (user == null) {
                // in case there was an error reading, creating or modifying the user in mongodb, we do not authenticate the user.
                LOG.error("Unable to sync LDAP user {}", userEntry.getDn());
                return null;
            }

        final AccessToken accessToken = accessTokenService.load(String.valueOf(authToken.getToken()));

        if (accessToken == null) {
            return null;
        }
        final User user = userService.load(accessToken.getUserName());
        if (user == null) {
            return null;
        }
        if (user.isExternalUser() && !ldapAuthenticator.isEnabled()) {
            throw new LockedAccountException("LDAP authentication is currently disabled.");
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug("Found user {} for access token.", user);
        }
        try {
            accessTokenService.touch(accessToken);
        } catch (ValidationException e) {
            LOG.warn("Unable to update access token's last access date.", e);
        }
        return new SimpleAccount(user.getName(), null, "access token realm");
    }

            LOG.debug("Invalid session {}. Either it has expired or did not exist.", sessionIdToken.getSessionId());
            return null;
        }

        final Object username = subject.getPrincipal();
        final User user = userService.load(String.valueOf(username));
        if (user == null) {
            LOG.debug("No user named {} found for session {}", username, sessionIdToken.getSessionId());
            return null;
        }
        if (user.isExternalUser() && !ldapAuthenticator.isEnabled()) {
            throw new LockedAccountException("LDAP authentication is currently disabled.");
        }

        if (LOG.isDebugEnabled()) {
            LOG.debug("Found session {} for user name {}", session.getId(), username);
        }

        @SuppressWarnings("unchecked")
        final MultivaluedMap<String, String> requestHeaders = (MultivaluedMap<String, String>) ThreadContext.get(
                "REQUEST_HEADERS");
        // extend session unless the relevant header was passed.
        if (requestHeaders == null || !"true".equalsIgnoreCase(requestHeaders.getFirst("X-Graylog2-No-Session-Extension"))) {
            session.touch();
        } else {
            LOG.debug("Not extending session because the request indicated not to.");
        }
        ThreadContext.bind(subject);

        return new SimpleAccount(user.getName(), null, "session authenticator");
    }

    @Override
    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authToken) throws AuthenticationException {
        UsernamePasswordToken token = (UsernamePasswordToken) authToken;
        LOG.debug("Retrieving authc info for user {}", token.getUsername());

        final User user = userService.load(token.getUsername());
        if (user == null || user.isLocalAdmin()) {
            // skip the local admin user here, it's ugly, but for auth that user is treated specially.
            return null;
        }
        if (user.isExternalUser()) {
            // we don't store passwords for LDAP users, so we can't handle them here.
            LOG.trace("Skipping mongodb-based password check for LDAP user {}", token.getUsername());
            return null;
        }

        if (LOG.isDebugEnabled()) {
            LOG.debug("Found user {} to be authenticated with password.", user.getName());
        }
        return new SimpleAccount(token.getPrincipal(),
                user.getHashedPassword(),
                ByteSource.Util.bytes(configuration.getPasswordSecret()),
                "graylog2MongoDbRealm");
    }

        }

        // Send emails to subscribed users.
        if(stream.getAlertReceivers().get("users") != null) {
            for (String username : stream.getAlertReceivers().get("users")) {
                User user = userService.load(username);

                if(user != null && user.getEmail() != null && !user.getEmail().isEmpty()) {
                    sendEmail(user.getEmail(), stream, checkResult, backlog);
                }
            }
        }

        // Send emails to directly subscribed email addresses.

            StringWriter writer = new StringWriter();
            IOUtils.copy(entity.getContent(), writer, Charset.forName("UTF-8"));
            String body = writer.toString();

            VersionCheckResponse parsedResponse = parse(body);
            Version reportedVersion = new Version(parsedResponse.version.major, parsedResponse.version.minor, parsedResponse.version.patch);

            LOG.debug("Version check reports current version: " + parsedResponse);

            if (reportedVersion.greaterMinor(ServerVersion.VERSION)) {
                LOG.debug("Reported version is higher than ours ({}). Writing notification.", ServerVersion.VERSION);

                Notification notification = notificationService.buildNow()
                        .addSeverity(Notification.Severity.NORMAL)
                        .addType(Notification.Type.OUTDATED_VERSION)
                        .addDetail("current_version", parsedResponse.toString());
                notificationService.publishIfFirst(notification);
            } else {
                LOG.debug("Reported version is not higher than ours ({}).", ServerVersion.VERSION);
                notificationService.fixed(Notification.Type.OUTDATED_VERSION);
            }