mirrors
/
sonarqube
mirror da https://github.com/SonarSource/sonarqube.git
Segui 1
Vota 0
Forka 0
Codice Problemi 0 Rilasci 237 Wiki Attività
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
30691 Commit
59 Rami (Branch)
Albero (Tree): 66249573d7
Rami (Branch) Tag
${ item.name }
Crea branch ${ searchTerm }
da '66249573d7'
${ noResults }
sonarqube/server/sonar-webserver-auth/src/main/java/org/sonar/server/authentication/DefaultAdminCredentialsVeri...

DefaultAdminCredentialsVerifierImpl.java 4.2KB
Originale Blame Cronologia

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113 
  1. /*

  2.  * SonarQube

  3.  * Copyright (C) 2009-2021 SonarSource SA

  4.  * mailto:info AT sonarsource DOT com

  5.  *

  6.  * This program is free software; you can redistribute it and/or

  7.  * modify it under the terms of the GNU Lesser General Public

  8.  * License as published by the Free Software Foundation; either

  9.  * version 3 of the License, or (at your option) any later version.

  10.  *

  11.  * This program is distributed in the hope that it will be useful,

  12.  * but WITHOUT ANY WARRANTY; without even the implied warranty of

  13.  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU

  14.  * Lesser General Public License for more details.

  15.  *

  16.  * You should have received a copy of the GNU Lesser General Public License

  17.  * along with this program; if not, write to the Free Software Foundation,

  18.  * Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.

  19.  */

  20. package org.sonar.server.authentication;

  21. 

  22. import org.picocontainer.Startable;

  23. import org.sonar.api.utils.log.Logger;

  24. import org.sonar.api.utils.log.Loggers;

  25. import org.sonar.db.DbClient;

  26. import org.sonar.db.DbSession;

  27. import org.sonar.db.user.UserDto;

  28. import org.sonar.server.authentication.event.AuthenticationEvent;

  29. import org.sonar.server.authentication.event.AuthenticationException;

  30. import org.sonar.server.notification.NotificationManager;

  31. 

  32. import static org.sonar.server.log.ServerProcessLogging.STARTUP_LOGGER_NAME;

  33. import static org.sonar.server.property.InternalProperties.DEFAULT_ADMIN_CREDENTIAL_USAGE_EMAIL;

  34. 

  35. /**

  36.  * Detect usage of an active admin account with default credential in order to ask this account to reset its password during authentication.

  37.  */

  38. public class DefaultAdminCredentialsVerifierImpl implements Startable, DefaultAdminCredentialsVerifier {

  39. 

  40.   private static final Logger LOGGER = Loggers.get(STARTUP_LOGGER_NAME);

  41. 

  42.   private final DbClient dbClient;

  43.   private final CredentialsLocalAuthentication localAuthentication;

  44.   private final NotificationManager notificationManager;

  45. 

  46.   public DefaultAdminCredentialsVerifierImpl(DbClient dbClient, CredentialsLocalAuthentication localAuthentication, NotificationManager notificationManager) {

  47.     this.dbClient = dbClient;

  48.     this.localAuthentication = localAuthentication;

  49.     this.notificationManager = notificationManager;

  50.   }

  51. 

  52.   @Override

  53.   public void start() {

  54.     try (DbSession session = dbClient.openSession(false)) {

  55.       UserDto admin = getAdminUser(session);

  56.       if (admin == null || !isDefaultCredentialUser(session, admin)) {

  57.         return;

  58.       }

  59.       addWarningInSonarDotLog();

  60.       dbClient.userDao().update(session, admin.setResetPassword(true));

  61.       sendEmailToAdmins(session);

  62.       session.commit();

  63.     }

  64.   }

  65. 

  66.   public boolean hasDefaultCredentialUser() {

  67.     try (DbSession session = dbClient.openSession(false)) {

  68.       UserDto admin = getAdminUser(session);

  69.       if (admin == null) {

  70.         return false;

  71.       } else {

  72.         return isDefaultCredentialUser(session, admin);

  73.       }

  74.     }

  75.   }

  76. 

  77.   private UserDto getAdminUser(DbSession session) {

  78.     return dbClient.userDao().selectActiveUserByLogin(session, "admin");

  79.   }

  80. 

  81.   private static void addWarningInSonarDotLog() {

  82.     String highlighter = "####################################################################################################################";

  83.     String msg = "Default Administrator credentials are still being used. Make sure to change the password or deactivate the account.";

  84. 

  85.     LOGGER.warn(highlighter);

  86.     LOGGER.warn(msg);

  87.     LOGGER.warn(highlighter);

  88.   }

  89. 

  90.   private boolean isDefaultCredentialUser(DbSession dbSession, UserDto user) {

  91.     try {

  92.       localAuthentication.authenticate(dbSession, user, "admin", AuthenticationEvent.Method.BASIC);

  93.       return true;

  94.     } catch (AuthenticationException ex) {

  95.       return false;

  96.     }

  97.   }

  98. 

  99.   private void sendEmailToAdmins(DbSession session) {

  100.     if (dbClient.internalPropertiesDao().selectByKey(session, DEFAULT_ADMIN_CREDENTIAL_USAGE_EMAIL)

  101.       .map(Boolean::parseBoolean)

  102.       .orElse(false)) {

  103.       return;

  104.     }

  105.     notificationManager.scheduleForSending(new DefaultAdminCredentialsVerifierNotification());

  106.     dbClient.internalPropertiesDao().save(session, DEFAULT_ADMIN_CREDENTIAL_USAGE_EMAIL, Boolean.TRUE.toString());

  107.   }

  108. 

  109.   @Override

  110.   public void stop() {

  111.     // Nothing to do

  112.   }

  113. }