3 * Copyright (C) 2009-2023 SonarSource SA
4 * mailto:info AT sonarsource DOT com
6 * This program is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 3 of the License, or (at your option) any later version.
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
16 * You should have received a copy of the GNU Lesser General Public License
17 * along with this program; if not, write to the Free Software Foundation,
18 * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
20 package org.sonar.server.authentication;
22 import java.util.Optional;
23 import javax.servlet.http.HttpServletRequest;
24 import org.sonar.api.server.http.HttpRequest;
25 import org.sonar.db.DbClient;
26 import org.sonar.db.DbSession;
27 import org.sonar.db.user.UserDto;
28 import org.sonar.server.authentication.event.AuthenticationEvent;
29 import org.sonar.server.authentication.event.AuthenticationException;
31 import static org.sonar.server.authentication.event.AuthenticationEvent.Method;
32 import static org.sonar.server.authentication.event.AuthenticationEvent.Source;
35 * Authentication based on the tuple {login, password}. Validation can be
36 * delegated to an external system, e.g. LDAP.
38 public class CredentialsAuthentication {
39 static final String ERROR_PASSWORD_CANNOT_BE_NULL = "Password cannot be null";
40 private final DbClient dbClient;
41 private final AuthenticationEvent authenticationEvent;
42 private final CredentialsExternalAuthentication externalAuthentication;
43 private final CredentialsLocalAuthentication localAuthentication;
44 private final LdapCredentialsAuthentication ldapCredentialsAuthentication;
46 public CredentialsAuthentication(DbClient dbClient, AuthenticationEvent authenticationEvent,
47 CredentialsExternalAuthentication externalAuthentication, CredentialsLocalAuthentication localAuthentication,
48 LdapCredentialsAuthentication ldapCredentialsAuthentication) {
49 this.dbClient = dbClient;
50 this.authenticationEvent = authenticationEvent;
51 this.externalAuthentication = externalAuthentication;
52 this.localAuthentication = localAuthentication;
53 this.ldapCredentialsAuthentication = ldapCredentialsAuthentication;
56 public UserDto authenticate(Credentials credentials, HttpRequest request, Method method) {
57 try (DbSession dbSession = dbClient.openSession(false)) {
58 return authenticate(dbSession, credentials, request, method);
62 private UserDto authenticate(DbSession dbSession, Credentials credentials, HttpRequest request, Method method) {
63 UserDto localUser = dbClient.userDao().selectActiveUserByLogin(dbSession, credentials.getLogin());
64 if (localUser != null && localUser.isLocal()) {
65 String password = getNonNullPassword(credentials);
66 localAuthentication.authenticate(dbSession, localUser, password, method);
68 authenticationEvent.loginSuccess(request, localUser.getLogin(), Source.local(method));
71 Optional<UserDto> externalUser = externalAuthentication.authenticate(credentials, request, method)
72 .or(() -> ldapCredentialsAuthentication.authenticate(credentials, request, method));
73 if (externalUser.isPresent()) {
74 return externalUser.get();
76 localAuthentication.generateHashToAvoidEnumerationAttack();
77 throw AuthenticationException.newBuilder()
78 .setSource(Source.local(method))
79 .setLogin(credentials.getLogin())
80 .setMessage(localUser != null && !localUser.isLocal() ? "User is not local" : "No active user for login")
84 private static String getNonNullPassword(Credentials credentials) {
85 return credentials.getPassword().orElseThrow(() -> new IllegalArgumentException(ERROR_PASSWORD_CANNOT_BE_NULL));
projects / sonarqube.git / blob