import java.util.Set;
import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpSession;
import org.opendaylight.controller.clustering.services.IClusterGlobalServices;
import org.opendaylight.controller.connectionmanager.IConnectionManager;
/**
* Returns list of clustered controllers. Highlights "this" controller and
* if controller is coordinator
+ *
* @return List<ClusterBean>
*/
@RequestMapping("/cluster")
for (InetAddress controller : controllers) {
ClusterNodeBean.Builder clusterBeanBuilder = new ClusterNodeBean.Builder(controller);
- //get number of connected nodes
+ // get number of connected nodes
Set<Node> connectedNodes = connectionManager.getNodes(controller);
int numNodes = connectedNodes == null ? 0 : connectedNodes.size();
clusterBeanBuilder.nodesConnected(numNodes);
- //determine if this is the executing controller
+ // determine if this is the executing controller
if (controller.equals(clusterServices.getMyAddress())) {
clusterBeanBuilder.highlightMe();
}
- //determine whether this is coordinator
+ // determine whether this is coordinator
if (clusterServices.getCoordinatorAddress().equals(controller)) {
clusterBeanBuilder.iAmCoordinator();
}
/**
* Return nodes connected to controller {controller}
+ *
* @param controller
* - byte[] of the address of the controller
* @return List<NodeBean>
return gson.toJson(result);
}
- @RequestMapping("/users")
+ @RequestMapping(value = "/users", method = RequestMethod.GET)
@ResponseBody
- public List<UserConfig> getUsers() {
+ public List<UserBean> getUsers() {
IUserManager userManager = (IUserManager) ServiceHelper.getGlobalInstance(IUserManager.class, this);
if (userManager == null) {
return null;
}
- List<UserConfig> userConfList = userManager.getLocalUserList();
+ List<UserBean> result = new ArrayList<UserBean>();
+ List<UserConfig> configs = userManager.getLocalUserList();
+ for (UserConfig config : configs) {
+ UserBean bean = new UserBean(config);
+ result.add(bean);
+ }
- return userConfList;
+ return result;
}
/*
*/
@RequestMapping(value = "/users", method = RequestMethod.POST)
@ResponseBody
- public String saveLocalUserConfig(@RequestParam(required = true) String json,
+ public Status saveLocalUserConfig(@RequestParam(required = true) String json,
@RequestParam(required = true) String action, HttpServletRequest request) {
IUserManager userManager = (IUserManager) ServiceHelper.getGlobalInstance(IUserManager.class, this);
if (userManager == null) {
- return "Internal Error";
+ return new Status(StatusCode.NOSERVICE, "User Manager unavailable");
}
if (!authorize(userManager, UserLevel.NETWORKADMIN, request)) {
- return "Operation not permitted";
+ return new Status(StatusCode.UNAUTHORIZED, "Operation not permitted");
}
Gson gson = new Gson();
Status result = (action.equals("add")) ? userManager.addLocalUser(config) : userManager.removeLocalUser(config);
if (result.isSuccess()) {
- String userAction = (action.equals("add")) ? "added" : "removed";
- DaylightWebUtil.auditlog("User", request.getUserPrincipal().getName(), userAction, config.getUser());
- return "Success";
+ if (action.equals("add")) {
+ DaylightWebUtil.auditlog("User", request.getUserPrincipal().getName(), "added", config.getUser()
+ + " as " + config.getRoles().toString());
+ } else {
+ DaylightWebUtil.auditlog("User", request.getUserPrincipal().getName(), "removed", config.getUser());
+ }
}
- return result.getDescription();
+ return result;
}
+ @RequestMapping(value = "/user/modify", method = RequestMethod.POST)
+ @ResponseBody
+ public Status modifyUser(@RequestParam(required = true) String json,
+ @RequestParam(required = true) String action, HttpServletRequest request) {
+
+ IUserManager userManager = (IUserManager) ServiceHelper.getGlobalInstance(IUserManager.class, this);
+ if (userManager == null) {
+ return new Status(StatusCode.NOSERVICE, "User Manager unavailable");
+ }
+
+ if (!authorize(userManager, UserLevel.NETWORKADMIN, request)) {
+ return new Status(StatusCode.UNAUTHORIZED, "Operation not permitted");
+ }
+
+ UserConfig newConfig = gson.fromJson(json, UserConfig.class);
+ List<UserConfig> currentUserConfig = userManager.getLocalUserList();
+ String password = null;
+ String user = newConfig.getUser();
+ for (UserConfig userConfig : currentUserConfig) {
+ if(userConfig.getUser().equals(user)){
+ password = userConfig.getPassword();
+ break;
+ }
+ }
+ if (password == null) {
+ String msg = String.format("User %s not found in configuration database", user);
+ return new Status(StatusCode.NOTFOUND, msg);
+ }
+
+ //While modifying a user role, the password is not provided from GUI for any user.
+ //The password is stored in hash mode, hence it cannot be retrieved and added to UserConfig object
+ //The hashed password is injected below to the json string containing username and new roles before
+ //converting to UserConfig object.
+ json = json.replace("\"roles\"", "\"password\":\""+ password + "\",\"roles\"");
+ Gson gson = new Gson();
+ newConfig = gson.fromJson(json, UserConfig.class);
+
+ Status result = userManager.modifyLocalUser(newConfig);
+ if (result.isSuccess()) {
+ DaylightWebUtil.auditlog("Roles of", request.getUserPrincipal().getName(), "updated", newConfig.getUser()
+ + " to " + newConfig.getRoles().toString());
+ }
+ return result;
+ }
+
+
@RequestMapping(value = "/users/{username}", method = RequestMethod.POST)
@ResponseBody
- public String removeLocalUser(@PathVariable("username") String userName, HttpServletRequest request) {
+ public Status removeLocalUser(@PathVariable("username") String userName, HttpServletRequest request) {
- String username = request.getUserPrincipal().getName();
- if (username.equals(userName)) {
- return "Invalid Request: User cannot delete itself";
+ String loggedInUser = request.getUserPrincipal().getName();
+ if (loggedInUser.equals(userName)) {
+ String msg = "Invalid Request: User cannot delete itself";
+ return new Status(StatusCode.NOTALLOWED, msg);
}
IUserManager userManager = (IUserManager) ServiceHelper.getGlobalInstance(IUserManager.class, this);
if (userManager == null) {
- return "Internal Error";
+ return new Status(StatusCode.NOSERVICE, "User Manager unavailable");
}
if (!authorize(userManager, UserLevel.NETWORKADMIN, request)) {
- return "Operation not permitted";
+ return new Status(StatusCode.UNAUTHORIZED, "Operation not permitted");
}
- Status result = userManager.removeLocalUser(userName);
- if (result.isSuccess()) {
+ Status status = userManager.removeLocalUser(userName);
+ if (status.isSuccess()) {
DaylightWebUtil.auditlog("User", request.getUserPrincipal().getName(), "removed", userName);
- return "Success";
+ return status;
}
- return result.getDescription();
+ return status;
}
@RequestMapping(value = "/users/password/{username}", method = RequestMethod.POST)
@ResponseBody
- public Status changePassword(@PathVariable("username") String username, HttpServletRequest request,
- @RequestParam("currentPassword") String currentPassword, @RequestParam("newPassword") String newPassword) {
+ public Status changePassword(
+ @PathVariable("username") String username, HttpServletRequest request,
+ @RequestParam(value = "currentPassword", required=false) String currentPassword,
+ @RequestParam("newPassword") String newPassword) {
IUserManager userManager = (IUserManager) ServiceHelper.getGlobalInstance(IUserManager.class, this);
if (userManager == null) {
- return new Status(StatusCode.GONE, "User Manager not found");
+ return new Status(StatusCode.NOSERVICE, "User Manager unavailable");
}
- if (!authorize(userManager, UserLevel.NETWORKADMIN, request)) {
- return new Status(StatusCode.FORBIDDEN, "Operation not permitted");
- }
+ Status status;
+ String requestingUser = request.getUserPrincipal().getName();
+
+ //changing own password
+ if (requestingUser.equals(username) ) {
+ status = userManager.changeLocalUserPassword(username, currentPassword, newPassword);
+ //enforce the user to re-login with new password
+ if (status.isSuccess() && !newPassword.equals(currentPassword)) {
+ userManager.userLogout(username);
+ HttpSession session = request.getSession(false);
+ if ( session != null) {
+ session.invalidate();
+ }
+ }
+
+ //admin level user resetting other's password
+ } else if (authorize(userManager, UserLevel.NETWORKADMIN, request)) {
+
+ //Since User Manager doesn't have an unprotected password change API,
+ //we re-create the user with the new password (and current roles).
+ List<String> roles = userManager.getUserRoles(username);
+ UserConfig newConfig = new UserConfig(username, newPassword, roles);
+
+ //validate before removing existing config, so we don't remove but fail to add
+ status = newConfig.validate();
+ if (!status.isSuccess()) {
+ return status;
+ }
+
+ userManager.userLogout(username);
+ status = userManager.removeLocalUser(username);
+ if (!status.isSuccess()) {
+ return status;
+ }
+ if (userManager.addLocalUser(newConfig).isSuccess()) {
+ status = new Status(StatusCode.SUCCESS, "Password for user " + username + " reset successfully.");
+ } else {
+ //unexpected
+ status = new Status(StatusCode.INTERNALERROR, "Failed resetting password for user " + username + ". User is now removed.");
+ }
- if (newPassword.isEmpty()) {
- return new Status(StatusCode.BADREQUEST, "Empty passwords not allowed");
+ //unauthorized
+ } else {
+ status = new Status(StatusCode.UNAUTHORIZED, "Operation not permitted");
}
- Status status = userManager.changeLocalUserPassword(username, currentPassword, newPassword);
if (status.isSuccess()) {
- DaylightWebUtil.auditlog("User", request.getUserPrincipal().getName(), "changed password for", username);
+ DaylightWebUtil.auditlog("User", request.getUserPrincipal().getName(), "changed password for",
+ username);
}
return status;
}
/**
* Is the operation permitted for the given level
+ *
* @param level
*/
private boolean authorize(IUserManager userManager, UserLevel level, HttpServletRequest request) {