diff --git a/build.gradle b/build.gradle index 8e2930869..6f274e1d9 100644 --- a/build.gradle +++ b/build.gradle @@ -157,4 +157,5 @@ subprojects { sign publishing.publications.mavenJava } } -} \ No newline at end of file + +} diff --git a/example/src/main/resources/application.properties.example b/example/src/main/resources/application.properties.example index 367f032d3..234fcd9ce 100644 --- a/example/src/main/resources/application.properties.example +++ b/example/src/main/resources/application.properties.example @@ -16,6 +16,9 @@ ldap.provider.password= ldap.user.dn.pattern=uid={0} ldap.user.attributes.username= ldap.user.attributes.email= +ldap.user.attributes.firstname= +ldap.user.attributes.lastname= +ldap.user.attributes.update=24 ldap.group.role.attribute=cn ldap.group.search.base= ldap.group.search.filter=uniqueMember={0} diff --git a/ldap/src/main/java/org/openmbee/mms/ldap/LdapSecurityConfig.java b/ldap/src/main/java/org/openmbee/mms/ldap/LdapSecurityConfig.java index 6ce9185d0..cdc21e6b4 100644 --- a/ldap/src/main/java/org/openmbee/mms/ldap/LdapSecurityConfig.java +++ b/ldap/src/main/java/org/openmbee/mms/ldap/LdapSecurityConfig.java @@ -1,8 +1,11 @@ package org.openmbee.mms.ldap; +import java.time.Instant; +import java.time.temporal.ChronoUnit; import java.util.*; import org.openmbee.mms.core.config.AuthorizationConstants; +import org.openmbee.mms.data.domains.global.Base; import org.openmbee.mms.data.domains.global.Group; import org.openmbee.mms.rdb.repositories.GroupRepository; import org.openmbee.mms.rdb.repositories.UserRepository; @@ -52,9 +55,18 @@ public class LdapSecurityConfig { @Value("${ldap.user.attributes.username:uid}") private String userAttributesUsername; + @Value("${ldap.user.attributes.firstname:givenname}") + private String userAttributesFirstName; + + @Value("${ldap.user.attributes.lastname:sn}") + private String userAttributesLastName; + @Value("${ldap.user.attributes.email:mail}") private String userAttributesEmail; + @Value("${ldap.user.attributes.update:24}") + private int userAttributesUpdate; + @Value("${ldap.group.search.base:#{''}}") private String groupSearchBase; @@ -115,18 +127,17 @@ private CustomLdapAuthoritiesPopulator(BaseLdapPathContextSource ldapContextSour public Collection getGrantedAuthorities( DirContextOperations userData, String username) { Optional userOptional = userRepository.findByUsername(username); + if (!userOptional.isPresent()) { - User newUser = new User(); - newUser.setEmail(userData.getStringAttribute(userAttributesEmail)); - newUser.setUsername(userData.getStringAttribute(userAttributesUsername)); - newUser.setEnabled(true); - newUser.setAdmin(false); - userRepository.save(newUser); + User newUser = createLdapUser(userData); userOptional = Optional.of(newUser); } User user = userOptional.get(); + if (user.getModified().isBefore(Instant.now().minus(userAttributesUpdate, ChronoUnit.HOURS))) { + saveLdapUser(userData, user); + } user.setPassword(null); String userDn = userAttributesUsername + "=" + user.getUsername() + "," + providerBase; @@ -178,4 +189,28 @@ public BaseLdapPathContextSource contextSource() { return contextSource; } + private User saveLdapUser(DirContextOperations userData, User saveUser) { + if (!saveUser.getEmail().equals(userData.getStringAttribute(userAttributesEmail))) { + saveUser.setEmail(userData.getStringAttribute(userAttributesEmail)); + } + if (!saveUser.getFirstName().equals(userData.getStringAttribute(userAttributesFirstName))) { + saveUser.setFirstName(userData.getStringAttribute(userAttributesFirstName)); + } + if (!saveUser.getLastName().equals(userData.getStringAttribute(userAttributesLastName))) { + saveUser.setLastName(userData.getStringAttribute(userAttributesLastName)); + } + + return saveUser; + } + + private User createLdapUser(DirContextOperations userData) { + User user = saveLdapUser(userData, new User()); + user.setUsername(userData.getStringAttribute(userAttributesUsername)); + user.setEnabled(true); + user.setAdmin(false); + userRepository.save(user); + + + return user; + } } \ No newline at end of file diff --git a/localuser/src/main/java/org/openmbee/mms/localuser/controllers/LocalUserController.java b/localuser/src/main/java/org/openmbee/mms/localuser/controllers/LocalUserController.java index 4d908cccc..4b67a4fc1 100644 --- a/localuser/src/main/java/org/openmbee/mms/localuser/controllers/LocalUserController.java +++ b/localuser/src/main/java/org/openmbee/mms/localuser/controllers/LocalUserController.java @@ -6,6 +6,7 @@ import org.openmbee.mms.core.exceptions.NotFoundException; import org.openmbee.mms.core.exceptions.UnauthorizedException; import org.openmbee.mms.core.utils.AuthenticationUtils; +import org.openmbee.mms.data.domains.global.User; import org.openmbee.mms.localuser.security.UserCreateRequest; import org.openmbee.mms.localuser.security.UserDetailsServiceImpl; import org.openmbee.mms.localuser.security.UsersResponse; @@ -14,10 +15,10 @@ import org.springframework.security.access.prepost.PreAuthorize; import org.springframework.security.core.Authentication; import org.springframework.security.core.userdetails.UsernameNotFoundException; -import org.springframework.web.bind.annotation.GetMapping; -import org.springframework.web.bind.annotation.PostMapping; -import org.springframework.web.bind.annotation.RequestBody; -import org.springframework.web.bind.annotation.RestController; +import org.springframework.web.bind.annotation.*; + +import java.util.ArrayList; +import java.util.List; @RestController @Tag(name = "Auth") @@ -43,10 +44,16 @@ public UserCreateRequest createUser(@RequestBody UserCreateRequest req) { } @GetMapping(value = "/users") - @PreAuthorize(AuthorizationConstants.IS_MMSADMIN) - public UsersResponse getUsers() { + @PreAuthorize("isAuthenticated()") + public UsersResponse getUsers(@RequestParam(required = false) String user) { UsersResponse res = new UsersResponse(); - res.setUsers(userDetailsService.getUsers()); + List users = new ArrayList<>(); + if (user != null) { + users.add(userDetailsService.loadUserByUsername(user).getUser()); + } else { + users = userDetailsService.getUsers(); + } + res.setUsers(users); return res; }