12815918623

Committed 16 Jan 2025 07:10PM UTC coverage: 37.265% (-0.03%) from 37.299%

Build # 12815918623

Build Type

push

github

Committed by

rowleya

Commit Message

Try without ignore here?

Run Details

8824 of 23679 relevant lines covered (37.27%)

1.12 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

0.0

/SpiNNaker-allocserv/src/main/java/uk/ac/manchester/spinnaker/alloc/model/UserRecord.java

/*
 * Copyright (c) 2021 The University of Manchester
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     https://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package uk.ac.manchester.spinnaker.alloc.model;

import static com.fasterxml.jackson.annotation.JsonAutoDetect.Visibility.NON_PRIVATE;
import static com.fasterxml.jackson.annotation.JsonInclude.Include.NON_NULL;
import static java.util.Objects.isNull;
import static java.util.Objects.nonNull;
import static uk.ac.manchester.spinnaker.alloc.security.TrustLevel.USER;

import java.net.URI;
import java.time.Instant;
import java.util.Map;

import javax.validation.constraints.AssertTrue;
import javax.validation.constraints.NotBlank;
import javax.validation.constraints.NotNull;
import javax.validation.constraints.Null;

import com.fasterxml.jackson.annotation.JsonAutoDetect;
import com.fasterxml.jackson.annotation.JsonIgnore;
import com.fasterxml.jackson.annotation.JsonInclude;
import com.google.errorprone.annotations.CanIgnoreReturnValue;

import uk.ac.manchester.spinnaker.alloc.db.Row;
import uk.ac.manchester.spinnaker.alloc.db.SQLQueries;
import uk.ac.manchester.spinnaker.alloc.security.TrustLevel;
import uk.ac.manchester.spinnaker.utils.UsedInJavadocOnly;

/**
 * The description and model of a user. POJO class. Some things are stated to be
 * not settable despite having setters; they're settable <em>in instances of
 * this class</em> but the service itself will not respect being asked to change
 * them.
 */
@JsonAutoDetect(setterVisibility = NON_PRIVATE)
public final class UserRecord {
        private Integer userId;

        private String userName;

        private String password;

        private Boolean hasPassword;

        private Boolean enabled;

        private Boolean locked;

        private TrustLevel trustLevel;

        private Instant lastSuccessfulLogin;

        private Instant lastFailedLogin;

        private String openIdSubject;

        private boolean isInternal;

        private Map<String, URI> groups;

        /** Create an empty instance. */
        public UserRecord() {
        }

        /**
         * Inflate the result of a {@link SQLQueries#GET_USER_DETAILS} query (or
         * anything else that includes the same columns) into an object. Doesn't
         * include inflating the groups that the user is a member of.
         *
         * @param row
         *            The row with the result.
         */
        @UsedInJavadocOnly(SQLQueries.class)
        public UserRecord(Row row) {
                try {
                        setUserId(row.getInt("user_id"));
                        setUserName(row.getString("user_name"));
                        setHasPassword(row.getBoolean("has_password"));
                        setTrustLevel(row.getEnum("trust_level", TrustLevel.class));
                        setEnabled(!row.getBoolean("disabled"));
                        setLocked(row.getBoolean("locked"));
                        setLastSuccessfulLogin(
                                        row.getInstant("last_successful_login_timestamp"));
                        setLastFailedLogin(row.getInstant("last_fail_timestamp"));
                        setOpenIdSubject(row.getString("openid_subject"));
                        isInternal = row.getBoolean("is_internal");
                } finally {
                        // I mean it!
                        setPassword(null);
                }
        }

        /**
         * @return The user identifier. Read-only; cannot be set by the service.
         */
        @JsonInclude(NON_NULL)
        @Null
        public Integer getUserId() {
                return userId;
        }

        /**
         * @param userId
         *            The user identifier. Read-only within the administration
         *            interface; cannot be set by the service.
         */
        public void setUserId(Integer userId) {
                this.userId = userId;
        }

        /**
         * @return The user's username.
         */
        @NotBlank
        public String getUserName() {
                return userName;
        }

        /**
         * @param userName
         *            The user's username.
         */
        public void setUserName(String userName) {
                this.userName = userName;
        }

        /**
         * @return The user's unencrypted password. <em>Never</em> returned by the
         *         service, but may be written.
         */
        @JsonInclude(NON_NULL)
        public String getPassword() {
                return password;
        }

        /**
         * @param password
         *            The user's unencrypted password. <em>Never</em> returned by
         *            the service, but may be written.
         */
        public void setPassword(String password) {
                this.password = password;
        }

        /**
         * @return Whether the user has a password set. If they don't, they'll have
         *         to log in by other mechanisms (e.g., HBP/EBRAINS OpenID Connect).
         */
        public Boolean getHasPassword() {
                return hasPassword;
        }

        /**
         * @param hasPassword
         *            Whether the user has a password set. If they don't, they'll
         *            have to log in by other mechanisms (e.g., HBP/EBRAINS OpenID
         *            Connect).
         */
        public void setHasPassword(Boolean hasPassword) {
                this.hasPassword = hasPassword;
        }

        /**
         * @return Whether this account is enabled. Disabled accounts
         *         <em>cannot</em> log into the service until explicitly enabled.
         */
        public Boolean getEnabled() {
                return enabled;
        }

        /**
         * @param enabled
         *            Whether this account is enabled. Disabled accounts
         *            <em>cannot</em> log into the service until explicitly enabled.
         */
        public void setEnabled(Boolean enabled) {
                this.enabled = enabled;
        }

        /**
         * @return Whether this account is temporarily locked. Locked accounts
         *         should unlock automatically after 24 hours. Can be explicitly set
         *         to {@code false} to force an unlock.
         */
        public Boolean getLocked() {
                return locked;
        }

        /**
         * @param locked
         *            Whether this account is temporarily locked. Locked accounts
         *            should unlock automatically after 24 hours. Can be explicitly
         *            set to {@code false} to force an unlock.
         */
        public void setLocked(Boolean locked) {
                this.locked = locked;
        }

        /**
         * @return The permissions of the account.
         */
        @NotNull(message = "a trust level must be given")
        public TrustLevel getTrustLevel() {
                return trustLevel;
        }

        /**
         * @param trustLevel
         *            The permissions of the account.
         */
        public void setTrustLevel(TrustLevel trustLevel) {
                this.trustLevel = trustLevel;
        }

        /**
         * @return The time that the last successful login was. Read-only; cannot be
         *         set via the admin API.
         */
        @JsonInclude(NON_NULL)
        @Null
        public Instant getLastSuccessfulLogin() {
                return lastSuccessfulLogin;
        }

        void setLastSuccessfulLogin(Instant timestamp) {
                this.lastSuccessfulLogin = timestamp;
        }

        /**
         * @return The time that the last failed login was. Read-only; cannot be set
         *         via the admin API.
         */
        @JsonInclude(NON_NULL)
        @Null
        public Instant getLastFailedLogin() {
                return lastFailedLogin;
        }

        void setLastFailedLogin(Instant timestamp) {
                this.lastFailedLogin = timestamp;
        }

        /**
         * Note that no API that sets a user's information using a
         * {@link UserRecord} allows setting the groups that user is a member of at
         * the same time.
         *
         * @return The groups that the user is a member of. May be {@code null} if
         *         this information is not being reported.
         */
        public Map<String, URI> getGroups() {
                return groups;
        }

        /**
         * @param groups
         *            The groups that the user is a member of.
         */
        public void setGroups(Map<String, URI> groups) {
                this.groups = groups;
        }

        /** @return The OpenID subject that this user relates to, if known. */
        public String getOpenIdSubject() {
                return openIdSubject;
        }

        /**
         * @param subject
         *            The OpenID subject that this user relates to.
         */
        public void setOpenIdSubject(String subject) {
                this.openIdSubject = subject;
        }

        /** @return Whether this is an internal user. */
        public boolean isInternal() {
                return isInternal;
        }

        /**
         * @param internal
         *            Whether this is an internal user.
         */
        public void setInternal(boolean internal) {
                this.isInternal = internal;
        }

        @JsonIgnore
        private boolean isPasswordSetForAccount() {
                return nonNull(hasPassword) && hasPassword;
        }

        /**
         * @return Whether this represents a request to use external authentication
         *         (instead of just not setting the password).
         */
        @JsonIgnore
        public boolean isExternallyAuthenticated() {
                return !isInternal;
        }

        @JsonIgnore
        boolean isPasswordSet() {
                return nonNull(password) && !password.isBlank();
        }

        @AssertTrue(message = "only set a password for non-OpenID accounts")
        @JsonIgnore
        boolean isAuthenticationSane() {
                if (isInternal) {
                        return isPasswordSet() || isPasswordSetForAccount();
                } else {
                        return !isPasswordSet();
                }
        }

        /**
         * Forces correct shrouding of information.
         *
         * @return the object (for convenience)
         */
        @CanIgnoreReturnValue
        public UserRecord sanitise() {
                // Make SURE that the password doesn't go back
                if (nonNull(password)) {
                        hasPassword = true;
                        password = null;
                }
                // Never need to send the userId back
                userId = null;
                return this;
        }

        /**
         * Set up some defaults used when a user is being created.
         */
        public void initCreationDefaults() {
                setUserId(null);
                if (isNull(getTrustLevel())) {
                        setTrustLevel(USER);
                }
                if (isNull(getEnabled())) {
                        setEnabled(true);
                }
                if (isNull(getLocked())) {
                        setLocked(false);
                }
        }
}

1	/*
2	* Copyright (c) 2021 The University of Manchester
3	*
4	* Licensed under the Apache License, Version 2.0 (the "License");
5	* you may not use this file except in compliance with the License.
6	* You may obtain a copy of the License at
7	*
8	* https://www.apache.org/licenses/LICENSE-2.0
9	*
10	* Unless required by applicable law or agreed to in writing, software
11	* distributed under the License is distributed on an "AS IS" BASIS,
12	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13	* See the License for the specific language governing permissions and
14	* limitations under the License.
15	*/
16	package uk.ac.manchester.spinnaker.alloc.model;
17
18	import static com.fasterxml.jackson.annotation.JsonAutoDetect.Visibility.NON_PRIVATE;
19	import static com.fasterxml.jackson.annotation.JsonInclude.Include.NON_NULL;
20	import static java.util.Objects.isNull;
21	import static java.util.Objects.nonNull;
22	import static uk.ac.manchester.spinnaker.alloc.security.TrustLevel.USER;
23
24	import java.net.URI;
25	import java.time.Instant;
26	import java.util.Map;
27
28	import javax.validation.constraints.AssertTrue;
29	import javax.validation.constraints.NotBlank;
30	import javax.validation.constraints.NotNull;
31	import javax.validation.constraints.Null;
32
33	import com.fasterxml.jackson.annotation.JsonAutoDetect;
34	import com.fasterxml.jackson.annotation.JsonIgnore;
35	import com.fasterxml.jackson.annotation.JsonInclude;
36	import com.google.errorprone.annotations.CanIgnoreReturnValue;
37
38	import uk.ac.manchester.spinnaker.alloc.db.Row;
39	import uk.ac.manchester.spinnaker.alloc.db.SQLQueries;
40	import uk.ac.manchester.spinnaker.alloc.security.TrustLevel;
41	import uk.ac.manchester.spinnaker.utils.UsedInJavadocOnly;
42
43	/**
44	* The description and model of a user. POJO class. Some things are stated to be
45	* not settable despite having setters; they're settable <em>in instances of
46	* this class</em> but the service itself will not respect being asked to change
47	* them.
48	*/
49	@JsonAutoDetect(setterVisibility = NON_PRIVATE)
50	public final class UserRecord {
51	private Integer userId;
52
53	private String userName;
54
55	private String password;
56
57	private Boolean hasPassword;
58
59	private Boolean enabled;
60
61	private Boolean locked;
62
63	private TrustLevel trustLevel;
64
65	private Instant lastSuccessfulLogin;
66
67	private Instant lastFailedLogin;
68
69	private String openIdSubject;
70
71	private boolean isInternal;
72
73	private Map<String, URI> groups;
74
75	/** Create an empty instance. */
76	public UserRecord() {	×
77	}	×
78
79	/**
80	* Inflate the result of a {@link SQLQueries#GET_USER_DETAILS} query (or
81	* anything else that includes the same columns) into an object. Doesn't
82	* include inflating the groups that the user is a member of.
83	*
84	* @param row
85	* The row with the result.
86	*/
87	@UsedInJavadocOnly(SQLQueries.class)
88	public UserRecord(Row row) {	×
89	try {
90	setUserId(row.getInt("user_id"));	×
91	setUserName(row.getString("user_name"));	×
92	setHasPassword(row.getBoolean("has_password"));	×
93	setTrustLevel(row.getEnum("trust_level", TrustLevel.class));	×
94	setEnabled(!row.getBoolean("disabled"));	×
95	setLocked(row.getBoolean("locked"));	×
96	setLastSuccessfulLogin(	×
97	row.getInstant("last_successful_login_timestamp"));	×
98	setLastFailedLogin(row.getInstant("last_fail_timestamp"));	×
99	setOpenIdSubject(row.getString("openid_subject"));	×
100	isInternal = row.getBoolean("is_internal");	×
101	} finally {
102	// I mean it!
103	setPassword(null);	×
104	}
105	}	×
106
107	/**
108	* @return The user identifier. Read-only; cannot be set by the service.
109	*/
110	@JsonInclude(NON_NULL)
111	@Null
112	public Integer getUserId() {
113	return userId;	×
114	}
115
116	/**
117	* @param userId
118	* The user identifier. Read-only within the administration
119	* interface; cannot be set by the service.
120	*/
121	public void setUserId(Integer userId) {
122	this.userId = userId;	×
123	}	×
124
125	/**
126	* @return The user's username.
127	*/
128	@NotBlank
129	public String getUserName() {
130	return userName;	×
131	}
132
133	/**
134	* @param userName
135	* The user's username.
136	*/
137	public void setUserName(String userName) {
138	this.userName = userName;	×
139	}	×
140
141	/**
142	* @return The user's unencrypted password. <em>Never</em> returned by the
143	* service, but may be written.
144	*/
145	@JsonInclude(NON_NULL)
146	public String getPassword() {
147	return password;	×
148	}
149
150	/**
151	* @param password
152	* The user's unencrypted password. <em>Never</em> returned by
153	* the service, but may be written.
154	*/
155	public void setPassword(String password) {
156	this.password = password;	×
157	}	×
158
159	/**
160	* @return Whether the user has a password set. If they don't, they'll have
161	* to log in by other mechanisms (e.g., HBP/EBRAINS OpenID Connect).
162	*/
163	public Boolean getHasPassword() {
164	return hasPassword;	×
165	}
166
167	/**
168	* @param hasPassword
169	* Whether the user has a password set. If they don't, they'll
170	* have to log in by other mechanisms (e.g., HBP/EBRAINS OpenID
171	* Connect).
172	*/
173	public void setHasPassword(Boolean hasPassword) {
174	this.hasPassword = hasPassword;	×
175	}	×
176
177	/**
178	* @return Whether this account is enabled. Disabled accounts
179	* <em>cannot</em> log into the service until explicitly enabled.
180	*/
181	public Boolean getEnabled() {
182	return enabled;	×
183	}
184
185	/**
186	* @param enabled
187	* Whether this account is enabled. Disabled accounts
188	* <em>cannot</em> log into the service until explicitly enabled.
189	*/
190	public void setEnabled(Boolean enabled) {
191	this.enabled = enabled;	×
192	}	×
193
194	/**
195	* @return Whether this account is temporarily locked. Locked accounts
196	* should unlock automatically after 24 hours. Can be explicitly set
197	* to {@code false} to force an unlock.
198	*/
199	public Boolean getLocked() {
200	return locked;	×
201	}
202
203	/**
204	* @param locked
205	* Whether this account is temporarily locked. Locked accounts
206	* should unlock automatically after 24 hours. Can be explicitly
207	* set to {@code false} to force an unlock.
208	*/
209	public void setLocked(Boolean locked) {
210	this.locked = locked;	×
211	}	×
212
213	/**
214	* @return The permissions of the account.
215	*/
216	@NotNull(message = "a trust level must be given")
217	public TrustLevel getTrustLevel() {
218	return trustLevel;	×
219	}
220
221	/**
222	* @param trustLevel
223	* The permissions of the account.
224	*/
225	public void setTrustLevel(TrustLevel trustLevel) {
226	this.trustLevel = trustLevel;	×
227	}	×
228
229	/**
230	* @return The time that the last successful login was. Read-only; cannot be
231	* set via the admin API.
232	*/
233	@JsonInclude(NON_NULL)
234	@Null
235	public Instant getLastSuccessfulLogin() {
236	return lastSuccessfulLogin;	×
237	}
238
239	void setLastSuccessfulLogin(Instant timestamp) {
240	this.lastSuccessfulLogin = timestamp;	×
241	}	×
242
243	/**
244	* @return The time that the last failed login was. Read-only; cannot be set
245	* via the admin API.
246	*/
247	@JsonInclude(NON_NULL)
248	@Null
249	public Instant getLastFailedLogin() {
250	return lastFailedLogin;	×
251	}
252
253	void setLastFailedLogin(Instant timestamp) {
254	this.lastFailedLogin = timestamp;	×
255	}	×
256
257	/**
258	* Note that no API that sets a user's information using a
259	* {@link UserRecord} allows setting the groups that user is a member of at
260	* the same time.
261	*
262	* @return The groups that the user is a member of. May be {@code null} if
263	* this information is not being reported.
264	*/
265	public Map<String, URI> getGroups() {
266	return groups;	×
267	}
268
269	/**
270	* @param groups
271	* The groups that the user is a member of.
272	*/
273	public void setGroups(Map<String, URI> groups) {
274	this.groups = groups;	×
275	}	×
276
277	/** @return The OpenID subject that this user relates to, if known. */
278	public String getOpenIdSubject() {
279	return openIdSubject;	×
280	}
281
282	/**
283	* @param subject
284	* The OpenID subject that this user relates to.
285	*/
286	public void setOpenIdSubject(String subject) {
287	this.openIdSubject = subject;	×
288	}	×
289
290	/** @return Whether this is an internal user. */
291	public boolean isInternal() {
292	return isInternal;	×
293	}
294
295	/**
296	* @param internal
297	* Whether this is an internal user.
298	*/
299	public void setInternal(boolean internal) {
300	this.isInternal = internal;	×
301	}	×
302
303	@JsonIgnore
304	private boolean isPasswordSetForAccount() {
305	return nonNull(hasPassword) && hasPassword;	×
306	}
307
308	/**
309	* @return Whether this represents a request to use external authentication
310	* (instead of just not setting the password).
311	*/
312	@JsonIgnore
313	public boolean isExternallyAuthenticated() {
314	return !isInternal;	×
315	}
316
317	@JsonIgnore
318	boolean isPasswordSet() {
319	return nonNull(password) && !password.isBlank();	×
320	}
321
322	@AssertTrue(message = "only set a password for non-OpenID accounts")
323	@JsonIgnore
324	boolean isAuthenticationSane() {
325	if (isInternal) {	×
326	return isPasswordSet() \|\| isPasswordSetForAccount();	×
327	} else {
328	return !isPasswordSet();	×
329	}
330	}
331
332	/**
333	* Forces correct shrouding of information.
334	*
335	* @return the object (for convenience)
336	*/
337	@CanIgnoreReturnValue
338	public UserRecord sanitise() {
339	// Make SURE that the password doesn't go back
340	if (nonNull(password)) {	×
341	hasPassword = true;	×
342	password = null;	×
343	}
344	// Never need to send the userId back
345	userId = null;	×
346	return this;	×
347	}
348
349	/**
350	* Set up some defaults used when a user is being created.
351	*/
352	public void initCreationDefaults() {
353	setUserId(null);	×
354	if (isNull(getTrustLevel())) {	×
355	setTrustLevel(USER);	×
356	}
357	if (isNull(getEnabled())) {	×
358	setEnabled(true);	×
359	}
360	if (isNull(getLocked())) {	×
361	setLocked(false);	×
362	}
363	}	×
364	}

SpiNNakerManchester / JavaSpiNNaker / 12815918623

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous