Skip to content

Enhance Users controller and LDAP logic #173

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
Enquier merged 8 commits into from
Oct 6, 2021
Merged

Enhance Users controller and LDAP logic #173

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
8 commits
Select commit Hold shift + click to select a range
95d7012
Merge commit '7579eafbe29cb9aab3d1c6401209e2fc79aeef15' into develop
Sep 15, 2021
890037e
Add fix to allow authenticated users to "Get" user data
Sep 15, 2021
be16390
Add proposal for users controller and runJava
Sep 20, 2021
d186c2e
Adding ability to update LDAP user on fixed interval;Adding First/Las…
Sep 21, 2021
576a08c
move admin and enable logic to create only side
Sep 21, 2021
1006d17
Rename ldap methods for clairity
Sep 21, 2021
299b9b3
Remove extra tasks from gradle
Sep 22, 2021
485ee2e
....
Sep 22, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 2 additions & 1 deletion build.gradle
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -157,4 +157,5 @@ subprojects {
sign publishing.publications.mavenJava
}
}
}

}
3 changes: 3 additions & 0 deletions example/src/main/resources/application.properties.example
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,9 @@ ldap.provider.password=
ldap.user.dn.pattern=uid={0}
ldap.user.attributes.username=
ldap.user.attributes.email=
ldap.user.attributes.firstname=
ldap.user.attributes.lastname=
ldap.user.attributes.update=24
ldap.group.role.attribute=cn
ldap.group.search.base=
ldap.group.search.filter=uniqueMember={0}
Expand Down
47 changes: 41 additions & 6 deletions ldap/src/main/java/org/openmbee/mms/ldap/LdapSecurityConfig.java
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,8 +1,11 @@
package org.openmbee.mms.ldap;

import java.time.Instant;
import java.time.temporal.ChronoUnit;
import java.util.*;

import org.openmbee.mms.core.config.AuthorizationConstants;
import org.openmbee.mms.data.domains.global.Base;
import org.openmbee.mms.data.domains.global.Group;
import org.openmbee.mms.rdb.repositories.GroupRepository;
import org.openmbee.mms.rdb.repositories.UserRepository;
Expand Down Expand Up @@ -52,9 +55,18 @@ public class LdapSecurityConfig {
@Value("${ldap.user.attributes.username:uid}")
private String userAttributesUsername;

@Value("${ldap.user.attributes.firstname:givenname}")
private String userAttributesFirstName;

@Value("${ldap.user.attributes.lastname:sn}")
private String userAttributesLastName;

@Value("${ldap.user.attributes.email:mail}")
private String userAttributesEmail;

@Value("${ldap.user.attributes.update:24}")
private int userAttributesUpdate;

@Value("${ldap.group.search.base:#{''}}")
private String groupSearchBase;

Expand Down Expand Up @@ -115,18 +127,17 @@ private CustomLdapAuthoritiesPopulator(BaseLdapPathContextSource ldapContextSour
public Collection<? extends GrantedAuthority> getGrantedAuthorities(
DirContextOperations userData, String username) {
Optional<User> userOptional = userRepository.findByUsername(username);

if (!userOptional.isPresent()) {
User newUser = new User();
newUser.setEmail(userData.getStringAttribute(userAttributesEmail));
newUser.setUsername(userData.getStringAttribute(userAttributesUsername));
newUser.setEnabled(true);
newUser.setAdmin(false);
userRepository.save(newUser);
User newUser = createLdapUser(userData);

userOptional = Optional.of(newUser);
}

User user = userOptional.get();
if (user.getModified().isBefore(Instant.now().minus(userAttributesUpdate, ChronoUnit.HOURS))) {
saveLdapUser(userData, user);
}
user.setPassword(null);
String userDn = userAttributesUsername + "=" + user.getUsername() + "," + providerBase;

Expand Down Expand Up @@ -178,4 +189,28 @@ public BaseLdapPathContextSource contextSource() {
return contextSource;
}

private User saveLdapUser(DirContextOperations userData, User saveUser) {
if (!saveUser.getEmail().equals(userData.getStringAttribute(userAttributesEmail))) {
saveUser.setEmail(userData.getStringAttribute(userAttributesEmail));
}
if (!saveUser.getFirstName().equals(userData.getStringAttribute(userAttributesFirstName))) {
saveUser.setFirstName(userData.getStringAttribute(userAttributesFirstName));
}
if (!saveUser.getLastName().equals(userData.getStringAttribute(userAttributesLastName))) {
saveUser.setLastName(userData.getStringAttribute(userAttributesLastName));
}

return saveUser;
}

private User createLdapUser(DirContextOperations userData) {
User user = saveLdapUser(userData, new User());
user.setUsername(userData.getStringAttribute(userAttributesUsername));
user.setEnabled(true);
user.setAdmin(false);
userRepository.save(user);


return user;
}
}
21 changes: 14 additions & 7 deletions localuser/src/main/java/org/openmbee/mms/localuser/controllers/LocalUserController.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@
import org.openmbee.mms.core.exceptions.NotFoundException;
import org.openmbee.mms.core.exceptions.UnauthorizedException;
import org.openmbee.mms.core.utils.AuthenticationUtils;
import org.openmbee.mms.data.domains.global.User;
import org.openmbee.mms.localuser.security.UserCreateRequest;
import org.openmbee.mms.localuser.security.UserDetailsServiceImpl;
import org.openmbee.mms.localuser.security.UsersResponse;
Expand All @@ -14,10 +15,10 @@
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RestController;
import org.springframework.web.bind.annotation.*;

import java.util.ArrayList;
import java.util.List;

@RestController
@Tag(name = "Auth")
Expand All @@ -43,10 +44,16 @@ public UserCreateRequest createUser(@RequestBody UserCreateRequest req) {
}

@GetMapping(value = "/users")
@PreAuthorize(AuthorizationConstants.IS_MMSADMIN)
public UsersResponse getUsers() {
@PreAuthorize("isAuthenticated()")
public UsersResponse getUsers(@RequestParam(required = false) String user) {
UsersResponse res = new UsersResponse();
res.setUsers(userDetailsService.getUsers());
List<User> users = new ArrayList<>();
if (user != null) {
users.add(userDetailsService.loadUserByUsername(user).getUser());
} else {
users = userDetailsService.getUsers();
}
res.setUsers(users);
return res;
}

Expand Down