From 890037e49790a6270a99e5a54580c2d7bad0da6a Mon Sep 17 00:00:00 2001 From: Enquier Date: Wed, 15 Sep 2021 08:59:09 -0600 Subject: [PATCH 1/7] Add fix to allow authenticated users to "Get" user data --- .../openmbee/mms/localuser/controllers/LocalUserController.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/localuser/src/main/java/org/openmbee/mms/localuser/controllers/LocalUserController.java b/localuser/src/main/java/org/openmbee/mms/localuser/controllers/LocalUserController.java index 4d908cccc..615616170 100644 --- a/localuser/src/main/java/org/openmbee/mms/localuser/controllers/LocalUserController.java +++ b/localuser/src/main/java/org/openmbee/mms/localuser/controllers/LocalUserController.java @@ -43,7 +43,7 @@ public UserCreateRequest createUser(@RequestBody UserCreateRequest req) { } @GetMapping(value = "/users") - @PreAuthorize(AuthorizationConstants.IS_MMSADMIN) + @PreAuthorize("isAuthenticated()") public UsersResponse getUsers() { UsersResponse res = new UsersResponse(); res.setUsers(userDetailsService.getUsers()); From be16390a9383b28801278dc7abea8a8bb797483f Mon Sep 17 00:00:00 2001 From: Enquier Date: Mon, 20 Sep 2021 16:28:34 -0600 Subject: [PATCH 2/7] Add proposal for users controller and runJava --- build.gradle | 35 ++++++++++++++++++- .../controllers/LocalUserController.java | 19 ++++++---- 2 files changed, 47 insertions(+), 7 deletions(-) diff --git a/build.gradle b/build.gradle index 8e2930869..1c1ff72b5 100644 --- a/build.gradle +++ b/build.gradle @@ -157,4 +157,37 @@ subprojects { sign publishing.publications.mavenJava } } -} \ No newline at end of file + +} + +task copyJar { + copy { + from layout.projectDirectory.dir("example/build/libs") + into layout.buildDirectory.dir("libs") + include "*.jar" + rename '(.*)', 'app.jar' + } + copy { + from layout.projectDirectory.dir("example/src/main/resources") + into layout.buildDirectory.dir("config") + include "*.properties" + } +} + +copyJar.dependsOn(':example:bootJar') + + + +task runJava(type: JavaExec, dependsOn: copyJar) { + workingDir layout.buildDirectory + + environment "SPRING_PROFILES_ACTIVE", "local" + + ignoreExitValue true + classpath = files(project.buildDir.toPath().toString() + "/libs/app.jar") + standardOutput = System.out + errorOutput = System.err + jvmArgs '--add-opens', 'java.base/java.lang=ALL-UNNAMED', '-Djdk.tls.client.protocols="TLSv1.1"' + +} + diff --git a/localuser/src/main/java/org/openmbee/mms/localuser/controllers/LocalUserController.java b/localuser/src/main/java/org/openmbee/mms/localuser/controllers/LocalUserController.java index 615616170..4b67a4fc1 100644 --- a/localuser/src/main/java/org/openmbee/mms/localuser/controllers/LocalUserController.java +++ b/localuser/src/main/java/org/openmbee/mms/localuser/controllers/LocalUserController.java @@ -6,6 +6,7 @@ import org.openmbee.mms.core.exceptions.NotFoundException; import org.openmbee.mms.core.exceptions.UnauthorizedException; import org.openmbee.mms.core.utils.AuthenticationUtils; +import org.openmbee.mms.data.domains.global.User; import org.openmbee.mms.localuser.security.UserCreateRequest; import org.openmbee.mms.localuser.security.UserDetailsServiceImpl; import org.openmbee.mms.localuser.security.UsersResponse; @@ -14,10 +15,10 @@ import org.springframework.security.access.prepost.PreAuthorize; import org.springframework.security.core.Authentication; import org.springframework.security.core.userdetails.UsernameNotFoundException; -import org.springframework.web.bind.annotation.GetMapping; -import org.springframework.web.bind.annotation.PostMapping; -import org.springframework.web.bind.annotation.RequestBody; -import org.springframework.web.bind.annotation.RestController; +import org.springframework.web.bind.annotation.*; + +import java.util.ArrayList; +import java.util.List; @RestController @Tag(name = "Auth") @@ -44,9 +45,15 @@ public UserCreateRequest createUser(@RequestBody UserCreateRequest req) { @GetMapping(value = "/users") @PreAuthorize("isAuthenticated()") - public UsersResponse getUsers() { + public UsersResponse getUsers(@RequestParam(required = false) String user) { UsersResponse res = new UsersResponse(); - res.setUsers(userDetailsService.getUsers()); + List users = new ArrayList<>(); + if (user != null) { + users.add(userDetailsService.loadUserByUsername(user).getUser()); + } else { + users = userDetailsService.getUsers(); + } + res.setUsers(users); return res; } From d186c2e1c9c380b599878c95a35958941885a206 Mon Sep 17 00:00:00 2001 From: Enquier Date: Mon, 20 Sep 2021 18:33:15 -0600 Subject: [PATCH 3/7] Adding ability to update LDAP user on fixed interval;Adding First/Last name --- .../resources/application.properties.example | 3 ++ .../openmbee/mms/ldap/LdapSecurityConfig.java | 47 ++++++++++++++++--- 2 files changed, 44 insertions(+), 6 deletions(-) diff --git a/example/src/main/resources/application.properties.example b/example/src/main/resources/application.properties.example index 367f032d3..234fcd9ce 100644 --- a/example/src/main/resources/application.properties.example +++ b/example/src/main/resources/application.properties.example @@ -16,6 +16,9 @@ ldap.provider.password= ldap.user.dn.pattern=uid={0} ldap.user.attributes.username= ldap.user.attributes.email= +ldap.user.attributes.firstname= +ldap.user.attributes.lastname= +ldap.user.attributes.update=24 ldap.group.role.attribute=cn ldap.group.search.base= ldap.group.search.filter=uniqueMember={0} diff --git a/ldap/src/main/java/org/openmbee/mms/ldap/LdapSecurityConfig.java b/ldap/src/main/java/org/openmbee/mms/ldap/LdapSecurityConfig.java index 6ce9185d0..ede76fb50 100644 --- a/ldap/src/main/java/org/openmbee/mms/ldap/LdapSecurityConfig.java +++ b/ldap/src/main/java/org/openmbee/mms/ldap/LdapSecurityConfig.java @@ -1,8 +1,11 @@ package org.openmbee.mms.ldap; +import java.time.Instant; +import java.time.temporal.ChronoUnit; import java.util.*; import org.openmbee.mms.core.config.AuthorizationConstants; +import org.openmbee.mms.data.domains.global.Base; import org.openmbee.mms.data.domains.global.Group; import org.openmbee.mms.rdb.repositories.GroupRepository; import org.openmbee.mms.rdb.repositories.UserRepository; @@ -52,9 +55,18 @@ public class LdapSecurityConfig { @Value("${ldap.user.attributes.username:uid}") private String userAttributesUsername; + @Value("${ldap.user.attributes.firstname:givenname}") + private String userAttributesFirstName; + + @Value("${ldap.user.attributes.lastname:sn}") + private String userAttributesLastName; + @Value("${ldap.user.attributes.email:mail}") private String userAttributesEmail; + @Value("${ldap.user.attributes.update:24}") + private int userAttributesUpdate; + @Value("${ldap.group.search.base:#{''}}") private String groupSearchBase; @@ -115,18 +127,17 @@ private CustomLdapAuthoritiesPopulator(BaseLdapPathContextSource ldapContextSour public Collection getGrantedAuthorities( DirContextOperations userData, String username) { Optional userOptional = userRepository.findByUsername(username); + if (!userOptional.isPresent()) { - User newUser = new User(); - newUser.setEmail(userData.getStringAttribute(userAttributesEmail)); - newUser.setUsername(userData.getStringAttribute(userAttributesUsername)); - newUser.setEnabled(true); - newUser.setAdmin(false); - userRepository.save(newUser); + User newUser = saveLdapUser(userData); userOptional = Optional.of(newUser); } User user = userOptional.get(); + if (user.getModified().isBefore(Instant.now().minus(userAttributesUpdate, ChronoUnit.HOURS))) { + saveLdapUser(userData, user); + } user.setPassword(null); String userDn = userAttributesUsername + "=" + user.getUsername() + "," + providerBase; @@ -178,4 +189,28 @@ public BaseLdapPathContextSource contextSource() { return contextSource; } + private User saveLdapUser(DirContextOperations userData, User saveUser) { + if (!saveUser.getEmail().equals(userData.getStringAttribute(userAttributesEmail))) { + saveUser.setEmail(userData.getStringAttribute(userAttributesEmail)); + } + if (!saveUser.getFirstName().equals(userData.getStringAttribute(userAttributesFirstName))) { + saveUser.setFirstName(userData.getStringAttribute(userAttributesFirstName)); + } + if (!saveUser.getLastName().equals(userData.getStringAttribute(userAttributesLastName))) { + saveUser.setLastName(userData.getStringAttribute(userAttributesLastName)); + } + + saveUser.setEnabled(true); + saveUser.setAdmin(false); + + return saveUser; + } + + private User saveLdapUser(DirContextOperations userData) { + User user = saveLdapUser(userData, new User()); + user.setUsername(userData.getStringAttribute(userAttributesUsername)); + userRepository.save(user); + + return user; + } } \ No newline at end of file From 576a08c3a79f988ae688cc85ba85e5f02f07975b Mon Sep 17 00:00:00 2001 From: Enquier Date: Tue, 21 Sep 2021 15:03:29 -0600 Subject: [PATCH 4/7] move admin and enable logic to create only side --- .../main/java/org/openmbee/mms/ldap/LdapSecurityConfig.java | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/ldap/src/main/java/org/openmbee/mms/ldap/LdapSecurityConfig.java b/ldap/src/main/java/org/openmbee/mms/ldap/LdapSecurityConfig.java index ede76fb50..deaf0b87d 100644 --- a/ldap/src/main/java/org/openmbee/mms/ldap/LdapSecurityConfig.java +++ b/ldap/src/main/java/org/openmbee/mms/ldap/LdapSecurityConfig.java @@ -200,17 +200,17 @@ private User saveLdapUser(DirContextOperations userData, User saveUser) { saveUser.setLastName(userData.getStringAttribute(userAttributesLastName)); } - saveUser.setEnabled(true); - saveUser.setAdmin(false); - return saveUser; } private User saveLdapUser(DirContextOperations userData) { User user = saveLdapUser(userData, new User()); user.setUsername(userData.getStringAttribute(userAttributesUsername)); + user.setEnabled(true); + user.setAdmin(false); userRepository.save(user); + return user; } } \ No newline at end of file From 1006d1731e45e630d13528da7365628e0b48c86b Mon Sep 17 00:00:00 2001 From: Enquier Date: Tue, 21 Sep 2021 15:10:16 -0600 Subject: [PATCH 5/7] Rename ldap methods for clairity --- .../main/java/org/openmbee/mms/ldap/LdapSecurityConfig.java | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ldap/src/main/java/org/openmbee/mms/ldap/LdapSecurityConfig.java b/ldap/src/main/java/org/openmbee/mms/ldap/LdapSecurityConfig.java index deaf0b87d..cdc21e6b4 100644 --- a/ldap/src/main/java/org/openmbee/mms/ldap/LdapSecurityConfig.java +++ b/ldap/src/main/java/org/openmbee/mms/ldap/LdapSecurityConfig.java @@ -129,7 +129,7 @@ public Collection getGrantedAuthorities( Optional userOptional = userRepository.findByUsername(username); if (!userOptional.isPresent()) { - User newUser = saveLdapUser(userData); + User newUser = createLdapUser(userData); userOptional = Optional.of(newUser); } @@ -203,7 +203,7 @@ private User saveLdapUser(DirContextOperations userData, User saveUser) { return saveUser; } - private User saveLdapUser(DirContextOperations userData) { + private User createLdapUser(DirContextOperations userData) { User user = saveLdapUser(userData, new User()); user.setUsername(userData.getStringAttribute(userAttributesUsername)); user.setEnabled(true); From 299b9b367e1ed46a823948b7d398b4d3200c814a Mon Sep 17 00:00:00 2001 From: Enquier Date: Wed, 22 Sep 2021 14:09:19 -0600 Subject: [PATCH 6/7] Remove extra tasks from gradle --- build.gradle | 34 +--------------------------------- 1 file changed, 1 insertion(+), 33 deletions(-) diff --git a/build.gradle b/build.gradle index 1c1ff72b5..e76bd4e9d 100644 --- a/build.gradle +++ b/build.gradle @@ -158,36 +158,4 @@ subprojects { } } -} - -task copyJar { - copy { - from layout.projectDirectory.dir("example/build/libs") - into layout.buildDirectory.dir("libs") - include "*.jar" - rename '(.*)', 'app.jar' - } - copy { - from layout.projectDirectory.dir("example/src/main/resources") - into layout.buildDirectory.dir("config") - include "*.properties" - } -} - -copyJar.dependsOn(':example:bootJar') - - - -task runJava(type: JavaExec, dependsOn: copyJar) { - workingDir layout.buildDirectory - - environment "SPRING_PROFILES_ACTIVE", "local" - - ignoreExitValue true - classpath = files(project.buildDir.toPath().toString() + "/libs/app.jar") - standardOutput = System.out - errorOutput = System.err - jvmArgs '--add-opens', 'java.base/java.lang=ALL-UNNAMED', '-Djdk.tls.client.protocols="TLSv1.1"' - -} - +} \ No newline at end of file From 485ee2e7b4208138de460b70e91e9f7d9bc5a8f3 Mon Sep 17 00:00:00 2001 From: Enquier Date: Wed, 22 Sep 2021 14:23:51 -0600 Subject: [PATCH 7/7] .... --- build.gradle | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build.gradle b/build.gradle index e76bd4e9d..6f274e1d9 100644 --- a/build.gradle +++ b/build.gradle @@ -158,4 +158,4 @@ subprojects { } } -} \ No newline at end of file +}