001/*
002    Licensed to the Apache Software Foundation (ASF) under one
003    or more contributor license agreements.  See the NOTICE file
004    distributed with this work for additional information
005    regarding copyright ownership.  The ASF licenses this file
006    to you under the Apache License, Version 2.0 (the
007    "License"); you may not use this file except in compliance
008    with the License.  You may obtain a copy of the License at
009
010       http://www.apache.org/licenses/LICENSE-2.0
011
012    Unless required by applicable law or agreed to in writing,
013    software distributed under the License is distributed on an
014    "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
015    KIND, either express or implied.  See the License for the
016    specific language governing permissions and limitations
017    under the License.
018 */
019package org.apache.wiki.auth;
020
021import org.apache.wiki.api.core.Context;
022import org.apache.wiki.api.core.Session;
023import org.apache.wiki.api.engine.Initializable;
024import org.apache.wiki.api.exceptions.WikiException;
025import org.apache.wiki.auth.user.DuplicateUserException;
026import org.apache.wiki.auth.user.UserDatabase;
027import org.apache.wiki.auth.user.UserProfile;
028import org.apache.wiki.event.WikiEventListener;
029import org.apache.wiki.event.WikiEventManager;
030import org.apache.wiki.event.WikiSecurityEvent;
031
032import java.security.Principal;
033
034
035/**
036 * Provides a facade for obtaining user information.
037 *
038 * @since 2.3
039 */
040public interface UserManager extends Initializable {
041
042    /** Message key for the "save profile" message. */
043    String PROP_DATABASE = "jspwiki.userdatabase";
044
045    String JSON_USERS = "users";
046
047    /**
048     * Returns the UserDatabase employed by this Engine. The UserDatabase is lazily initialized by this method, if it does
049     * not exist yet. If the initialization fails, this method will use the inner class DummyUserDatabase as a default (which
050     * is enough to get JSPWiki running).
051     *
052     * @return the dummy user database
053     * @since 2.3
054     */
055    UserDatabase getUserDatabase();
056
057    /**
058     * <p>Retrieves the {@link org.apache.wiki.auth.user.UserProfile} for the user in a session. If the user is authenticated, the
059     * UserProfile returned will be the one stored in the user database; if one does not exist, a new one will be initialized and returned.
060     * If the user is anonymous or asserted, the UserProfile will <i>always</i> be newly initialized to prevent spoofing of identities.
061     * If a UserProfile needs to be initialized, its {@link org.apache.wiki.auth.user.UserProfile#isNew()} method will return
062     * <code>true</code>, and its login name will will be set automatically if the user is authenticated. Note that this method does
063     * not modify the retrieved (or newly created) profile otherwise; other fields in the user profile may be <code>null</code>.</p>
064     * <p>If a new UserProfile was created, but its {@link org.apache.wiki.auth.user.UserProfile#isNew()} method returns
065     * <code>false</code>, this method throws an {@link IllegalStateException}. This is meant as a quality check for UserDatabase providers;
066     * it should only be thrown if the implementation is faulty.</p>
067     *
068     * @param session the session, which may not be <code>null</code>
069     * @return the user's profile, which will be newly initialized if the user is anonymous or asserted, or if the user cannot be found in
070     *         the user database
071     */
072    UserProfile getUserProfile( Session session );
073
074    /**
075     * <p>
076     * Saves the {@link org.apache.wiki.auth.user.UserProfile} for the user in a wiki session. This method verifies that a user profile to
077     * be saved doesn't collide with existing profiles; that is, the login name or full name is already used by another profile. If the
078     * profile collides, a <code>DuplicateUserException</code> is thrown. After saving the profile, the user database changes are committed,
079     * and the user's credential set is refreshed; if custom authentication is used, this means the user will be automatically be logged in.
080     * </p>
081     * <p>
082     * When the user's profile is saved successfully, this method fires a {@link WikiSecurityEvent#PROFILE_SAVE} event with the Session
083     * as the source and the UserProfile as target. For existing profiles, if the user's full name changes, this method also fires a
084     * "name changed" event ({@link WikiSecurityEvent#PROFILE_NAME_CHANGED}) with the Session as the source and an array containing
085     * the old and new UserProfiles, respectively. The <code>NAME_CHANGED</code> event allows the GroupManager and PageManager can change
086     * group memberships and ACLs if needed.
087     * </p>
088     * <p>
089     * Note that Sessions normally attach event listeners to the UserManager, so changes to the profile will automatically cause the
090     * correct Principals to be reloaded into the current Session's Subject.
091     * </p>
092     *
093     * @param context the wiki context, which may not be <code>null</code>
094     * @param profile the user profile, which may not be <code>null</code>
095     * @throws DuplicateUserException if the proposed profile's login name or full name collides with another
096     * @throws WikiException if the save fails for some reason. If the current user does not have
097     * permission to save the profile, this will be a {@link org.apache.wiki.auth.WikiSecurityException};
098     * if if the user profile must be approved before it can be saved, it will be a
099     * {@link org.apache.wiki.workflow.DecisionRequiredException}. All other WikiException
100     * indicate a condition that is not normal is probably due to mis-configuration
101     */
102    void setUserProfile( Context context, UserProfile profile ) throws DuplicateUserException, WikiException;
103
104    void startUserProfileCreationWorkflow( Context context, UserProfile profile ) throws WikiException;
105
106    /**
107     * <p> Extracts user profile parameters from the HTTP request and populates a UserProfile with them. The UserProfile will either be a
108     * copy of the user's existing profile (if one can be found), or a new profile (if not). The rules for populating the profile as as
109     * follows: </p>
110     * <ul>
111     * <li>If the <code>email</code> or <code>password</code> parameter values differ from those in the existing profile, the passed
112     * parameters override the old values.</li>
113     * <li>For new profiles, the user-supplied <code>fullname</code> parameter is always used; for existing profiles the existing value is
114     * used, and whatever value the user supplied is discarded. The wiki name is automatically computed by taking the full name and
115     * extracting all whitespace.</li>
116     * <li>In all cases, the created/last modified timestamps of the user's existing or new profile always override whatever values the user
117     * supplied.</li>
118     * <li>If container authentication is used, the login name property of the profile is set to the name of
119     * {@link org.apache.wiki.api.core.Session#getLoginPrincipal()}. Otherwise, the value of the <code>loginname</code> parameter is used.</li>
120     * </ul>
121     *
122     * @param context the current wiki context
123     * @return a new, populated user profile
124     */
125    UserProfile parseProfile( Context context );
126
127    /**
128     * Validates a user profile, and appends any errors to the session errors list. If the profile is new, the password will be checked to
129     * make sure it isn't null. Otherwise, the password is checked for length and that it matches the value of the 'password2' HTTP
130     * parameter. Note that we have a special case when container-managed authentication is used and the user is not authenticated;
131     * this will always cause validation to fail. Any validation errors are added to the wiki session's messages collection
132     * (see {@link org.apache.wiki.api.core.Session#getMessages()}.
133     *
134     * @param context the current wiki context
135     * @param profile the supplied UserProfile
136     */
137    void validateProfile( Context context, UserProfile profile );
138
139    /**
140     *  A helper method for returning all of the known WikiNames in this system.
141     *
142     *  @return An Array of Principals
143     *  @throws WikiSecurityException If for reason the names cannot be fetched
144     */
145    Principal[] listWikiNames() throws WikiSecurityException;
146
147    // events processing .......................................................
148
149    /**
150     * Registers a WikiEventListener with this instance. This is a convenience method.
151     *
152     * @param listener the event listener
153     */
154    void addWikiEventListener( WikiEventListener listener );
155
156    /**
157     * Un-registers a WikiEventListener with this instance. This is a convenience method.
158     *
159     * @param listener the event listener
160     */
161    void removeWikiEventListener( WikiEventListener listener );
162
163    /**
164     *  Fires a WikiSecurityEvent of the provided type, Principal and target Object to all registered listeners.
165     *
166     * @see org.apache.wiki.event.WikiSecurityEvent
167     * @param type       the event type to be fired
168     * @param session    the wiki session supporting the event
169     * @param profile    the user profile (or array of user profiles), which may be <code>null</code>
170     */
171    default void fireEvent( final int type, final Session session, final Object profile ) {
172        if( WikiEventManager.isListening( this ) ) {
173            WikiEventManager.fireEvent( this, new WikiSecurityEvent( session, type, profile ) );
174        }
175    }
176
177}