LocalUserStoreConnector.java

/*
 * Copyright 2000-2013 Enonic AS
 * http://www.enonic.com/license
 */
package com.enonic.cms.core.security.userstore.connector.local;

import org.springframework.util.Assert;

import com.enonic.cms.api.plugin.ext.auth.AuthenticationResult;
import com.enonic.cms.api.plugin.ext.userstore.UserFields;
import com.enonic.cms.core.security.InvalidCredentialsException;
import com.enonic.cms.core.security.group.DeleteGroupCommand;
import com.enonic.cms.core.security.group.GroupEntity;
import com.enonic.cms.core.security.group.GroupKey;
import com.enonic.cms.core.security.group.StoreNewGroupCommand;
import com.enonic.cms.core.security.group.UpdateGroupCommand;
import com.enonic.cms.core.security.user.DeleteUserCommand;
import com.enonic.cms.core.security.user.DisplayNameResolver;
import com.enonic.cms.core.security.user.ReadOnlyUserFieldValidator;
import com.enonic.cms.core.security.user.StoreNewUserCommand;
import com.enonic.cms.core.security.user.UpdateUserCommand;
import com.enonic.cms.core.security.user.User;
import com.enonic.cms.core.security.user.UserEntity;
import com.enonic.cms.core.security.user.UserImpl;
import com.enonic.cms.core.security.user.UserKey;
import com.enonic.cms.core.security.user.UserSpecification;
import com.enonic.cms.core.security.userstore.UserStoreKey;
import com.enonic.cms.core.security.userstore.connector.AbstractBaseUserStoreConnector;
import com.enonic.cms.core.security.userstore.connector.AuthenticationChain;

public class LocalUserStoreConnector
    extends AbstractBaseUserStoreConnector
{
    public LocalUserStoreConnector( final UserStoreKey userStoreKey, final String userStoreName )
    {
        super( userStoreKey, userStoreName, "local" );
    }

    public boolean canCreateUser()
    {
        return true;
    }

    public boolean canUpdateUser()
    {
        return true;
    }

    public boolean canUpdateUserPassword()
    {
        return true;
    }

    public boolean canDeleteUser()
    {
        return true;
    }

    public boolean canCreateGroup()
    {
        return true;
    }

    public boolean canReadGroup()
    {
        return true;
    }

    public boolean canUpdateGroup()
    {
        return true;
    }

    public boolean canDeleteGroup()
    {
        return true;
    }

    public UserKey storeNewUser( final StoreNewUserCommand command )
    {
        Assert.isTrue( command.getUserStoreKey().equals( userStoreKey ) );
        ensureValidUserName( command );

        return storeNewUserLocally( command, new DisplayNameResolver( getUserStore().getConfig() ) );
    }

    protected boolean isUsernameUnique( String userName )
    {
        UserEntity localUser = getLocalUserWithUsername( userName );

        return localUser == null;
    }

    public void updateUser( final UpdateUserCommand command )
    {
        final UserEntity existingUser = userDao.findSingleBySpecification( command.getSpecification() );
        final UserFields userFields = existingUser.getUserFields();
        final UserFields changedUserFields = command.getUserFields().getChangedUserFields( userFields, command.isUpdateStrategy() );
        new ReadOnlyUserFieldValidator( getUserStore().getConfig() ).validate( changedUserFields );
        updateUserLocally( command );
    }

    public void deleteUser( DeleteUserCommand command )
    {
        deleteUserLocally( command );
    }

    public GroupKey storeNewGroup( final StoreNewGroupCommand command )
    {
        return storeNewGroupLocally( command );
    }

    public void updateGroup( final UpdateGroupCommand command )
    {
        updateGroupLocally( command );
    }

    public void addMembershipToGroup( GroupEntity groupToAdd, GroupEntity groupToAddTo )
    {
        addMembershipToGroupLocally( groupToAdd, groupToAddTo );
    }

    public void removeMembershipFromGroup( GroupEntity groupToRemove, GroupEntity groupToRemoveFrom )
    {
        removeMembershipFromGroupLocally( groupToRemove, groupToRemoveFrom );
    }

    public void deleteGroup( DeleteGroupCommand command )
    {
        deleteGroupLocally( command );
    }

    private boolean verifyPassword( final UserEntity user, final String password, final AuthenticationChain authChain )
    {
        final AuthenticationResult result = authChain.authenticate( getUserStoreName(), user.getName(), password );
        if ( result == AuthenticationResult.CONTINUE )
        {
            return user.verifyPassword( password );
        }

        return result == AuthenticationResult.OK;
    }

    public String authenticateUser( final String uid, final String password, final AuthenticationChain authChain )
    {
        final UserSpecification spec = new UserSpecification();
        spec.setUserStoreKey( userStoreKey );
        spec.setName( uid );
        spec.setDeletedStateNotDeleted();

        final UserEntity user = userDao.findSingleBySpecification( spec );
        if ( user == null )
        {
            throw new InvalidCredentialsException( uid );
        }

        if ( !verifyPassword( user, password, authChain ) )
        {
            throw new InvalidCredentialsException( uid );
        }

        return user.getSync();
    }

    public void changePassword( final String uid, final String newPassword )
    {
        userStorerFactory.create( userStoreKey ).changePassword( uid, newPassword );
    }

    public User getUserByEntity( UserEntity userEntity )
    {
        return UserImpl.createFrom( userEntity );
    }

}