1
|
package eu.dnetlib.validator.web.api.impls.users;
|
2
|
|
3
|
import java.security.GeneralSecurityException;
|
4
|
import java.security.MessageDigest;
|
5
|
import java.util.Random;
|
6
|
import java.util.UUID;
|
7
|
|
8
|
import org.apache.log4j.Logger;
|
9
|
|
10
|
import com.unboundid.ldap.sdk.Attribute;
|
11
|
import com.unboundid.ldap.sdk.DN;
|
12
|
import com.unboundid.ldap.sdk.Entry;
|
13
|
import com.unboundid.ldap.sdk.Filter;
|
14
|
import com.unboundid.ldap.sdk.LDAPConnection;
|
15
|
import com.unboundid.ldap.sdk.Modification;
|
16
|
import com.unboundid.ldap.sdk.ModificationType;
|
17
|
import com.unboundid.ldap.sdk.SearchRequest;
|
18
|
import com.unboundid.ldap.sdk.SearchResult;
|
19
|
import com.unboundid.ldap.sdk.SearchResultEntry;
|
20
|
import com.unboundid.ldap.sdk.SearchScope;
|
21
|
import com.unboundid.util.Base64;
|
22
|
|
23
|
import eu.dnetlib.domain.functionality.UserProfile;
|
24
|
import eu.dnetlib.validator.web.api.UserApi;
|
25
|
|
26
|
public class UserApiLDAP implements UserApi {
|
27
|
|
28
|
transient Logger logger = Logger.getLogger(UserApiLDAP.class);
|
29
|
|
30
|
private int ldapPort = 0;
|
31
|
private String ldapAddress;
|
32
|
private String ldapUsername;
|
33
|
private String ldapPassword;
|
34
|
private String ldapUsersDN;
|
35
|
|
36
|
@Override
|
37
|
public boolean activateUser(String activationId) throws Exception {
|
38
|
LDAPConnection connection = null;
|
39
|
try {
|
40
|
logger.debug("activating user with activationId " + activationId);
|
41
|
connection = new LDAPConnection(ldapAddress, ldapPort, ldapUsername, ldapPassword);
|
42
|
Filter filter = Filter.createEqualityFilter("employeeNumber", activationId);
|
43
|
SearchRequest searchRequest = new SearchRequest(ldapUsersDN, SearchScope.SUB, filter, "uid");
|
44
|
SearchResult searchResult = connection.search(searchRequest);
|
45
|
String dn = null;
|
46
|
|
47
|
if ( searchResult.getSearchEntries().size() > 0 ) {
|
48
|
|
49
|
for (SearchResultEntry entry : searchResult.getSearchEntries()) {
|
50
|
dn = "uid=" + entry.getAttributeValue("uid") + "," + ldapUsersDN;
|
51
|
}
|
52
|
|
53
|
Modification mod1 = new Modification(ModificationType.REPLACE, "JoomlaBlockUser", "0");
|
54
|
Modification mod2 = new Modification(ModificationType.REPLACE, "employeeNumber");
|
55
|
connection.modify(dn, mod1, mod2);
|
56
|
return true;
|
57
|
} else {
|
58
|
return false;
|
59
|
}
|
60
|
} catch (Exception e) {
|
61
|
logger.error("", e);
|
62
|
throw e;
|
63
|
} finally {
|
64
|
if (connection != null)
|
65
|
connection.close();
|
66
|
}
|
67
|
}
|
68
|
|
69
|
@Override
|
70
|
public String addUser(String username, String email, String password, String firstName, String lastName, String institution) throws Exception {
|
71
|
logger.debug("adding user " + username + " " + email + " to ldap");
|
72
|
Attribute cn = new Attribute("cn", username);
|
73
|
Attribute displayName = new Attribute("displayName", firstName + " " + lastName);
|
74
|
Attribute mail = new Attribute("mail", email);
|
75
|
Attribute givenName = new Attribute("givenName", firstName);
|
76
|
Attribute joomlaBlockUser = new Attribute("JoomlaBlockUser", "1");
|
77
|
Attribute joomlaGroup = new Attribute("JoomlaGroup", "Registered");
|
78
|
Attribute objectClass = new Attribute("objectClass", "top", "inetOrgPerson", "JoomlaUser");
|
79
|
Attribute userPassword = new Attribute("userPassword", Joomla15PasswordHash.create(password));
|
80
|
Attribute sn = new Attribute("sn", lastName);
|
81
|
Attribute uid = new Attribute("uid", username);
|
82
|
|
83
|
|
84
|
// Attribute joomlaUserParams = new Attribute("JoomlaUserParams", "");
|
85
|
String activationId = UUID.randomUUID().toString();
|
86
|
Attribute x500UniqueIdentifier = new Attribute("employeeNumber", activationId);
|
87
|
LDAPConnection connection = null;
|
88
|
try {
|
89
|
DN dn = new DN("uid=" + username + "," + ldapUsersDN);
|
90
|
Entry entry;
|
91
|
if ((institution != null) && (institution.length() > 0)) {
|
92
|
Attribute o = new Attribute("o", institution);
|
93
|
entry = new Entry(dn.toNormalizedString(), cn, displayName, mail, givenName, joomlaBlockUser, joomlaGroup, objectClass, userPassword, sn, uid, x500UniqueIdentifier, o);
|
94
|
|
95
|
} else {
|
96
|
entry = new Entry(dn.toNormalizedString(), cn, displayName, mail, givenName, joomlaBlockUser, joomlaGroup, objectClass, userPassword, sn, uid/*
|
97
|
* ,
|
98
|
* ,
|
99
|
* ,
|
100
|
* joomlaUserParams
|
101
|
*/, x500UniqueIdentifier);
|
102
|
}
|
103
|
connection = new LDAPConnection(ldapAddress, ldapPort, ldapUsername, ldapPassword);
|
104
|
connection.add(entry);
|
105
|
|
106
|
return activationId;
|
107
|
} catch (Exception e) {
|
108
|
logger.error("", e);
|
109
|
throw e;
|
110
|
} finally {
|
111
|
if (connection != null)
|
112
|
connection.close();
|
113
|
}
|
114
|
}
|
115
|
|
116
|
@Override
|
117
|
public boolean correctCreds(String email, String password) throws Exception {
|
118
|
LDAPConnection connection = null;
|
119
|
try {
|
120
|
logger.debug("checking if user " + email + " entered a correct password when logging in");
|
121
|
connection = new LDAPConnection(ldapAddress, ldapPort, ldapUsername, ldapPassword);
|
122
|
Filter filter = Filter.createEqualityFilter("mail", email);
|
123
|
SearchRequest searchRequest = new SearchRequest(ldapUsersDN, SearchScope.SUB, filter, "userPassword");
|
124
|
SearchResult searchResult = connection.search(searchRequest);
|
125
|
for (SearchResultEntry entry : searchResult.getSearchEntries()) {
|
126
|
if (Joomla15PasswordHash.check(password, entry.getAttributeValue("userPassword")))
|
127
|
return true;
|
128
|
}
|
129
|
return false;
|
130
|
} catch (Exception e) {
|
131
|
logger.error("", e);
|
132
|
throw e;
|
133
|
} finally {
|
134
|
if (connection != null)
|
135
|
connection.close();
|
136
|
}
|
137
|
}
|
138
|
|
139
|
@Override
|
140
|
public void editUser(UserProfile user) throws Exception {
|
141
|
LDAPConnection connection = null;
|
142
|
try {
|
143
|
logger.debug("editing user " + user.getEmail());
|
144
|
connection = new LDAPConnection(ldapAddress, ldapPort, ldapUsername, ldapPassword);
|
145
|
Filter filter = Filter.createEqualityFilter("mail", user.getEmail());
|
146
|
SearchRequest searchRequest = new SearchRequest(ldapUsersDN, SearchScope.SUB, filter, "uid");
|
147
|
SearchResult searchResult = connection.search(searchRequest);
|
148
|
String dn = null;
|
149
|
for (SearchResultEntry entry : searchResult.getSearchEntries()) {
|
150
|
dn = "uid=" + entry.getAttributeValue("uid") + "," + ldapUsersDN;
|
151
|
}
|
152
|
Modification mod1 = new Modification(ModificationType.REPLACE, "displayName", user.getFirstname() + " " + user.getLastname());
|
153
|
Modification mod2 = new Modification(ModificationType.REPLACE, "givenName", user.getFirstname());
|
154
|
Modification mod3 = new Modification(ModificationType.REPLACE, "sn", user.getLastname());
|
155
|
Modification mod4 = new Modification(ModificationType.REPLACE, "o", user.getInstitution());
|
156
|
connection.modify(dn, mod1, mod2, mod3, mod4);
|
157
|
} catch (Exception e) {
|
158
|
logger.error("", e);
|
159
|
throw e;
|
160
|
} finally {
|
161
|
if (connection != null)
|
162
|
connection.close();
|
163
|
}
|
164
|
}
|
165
|
|
166
|
@Override
|
167
|
public UserProfile getUser(String userIdentifier) throws Exception {
|
168
|
LDAPConnection connection = null;
|
169
|
try {
|
170
|
logger.debug("getting user " + userIdentifier + " from ldap");
|
171
|
connection = new LDAPConnection(ldapAddress, ldapPort, ldapUsername, ldapPassword);
|
172
|
Filter filter = Filter.createEqualityFilter("mail", userIdentifier);
|
173
|
SearchRequest searchRequest = new SearchRequest(ldapUsersDN, SearchScope.SUB, filter, "mail", "givenName", "sn", "o", "uid");
|
174
|
SearchResult searchResult = connection.search(searchRequest);
|
175
|
UserProfile profile = new UserProfile();
|
176
|
for (SearchResultEntry entry : searchResult.getSearchEntries()) {
|
177
|
profile.setEmail(entry.getAttributeValue("mail"));
|
178
|
profile.setFirstname(entry.getAttributeValue("givenName"));
|
179
|
profile.setLastname(entry.getAttributeValue("sn"));
|
180
|
profile.setInstitution(entry.getAttributeValue("o"));
|
181
|
profile.setUsername(entry.getAttributeValue("uid"));
|
182
|
}
|
183
|
return profile;
|
184
|
} catch (Exception e) {
|
185
|
logger.error("", e);
|
186
|
throw e;
|
187
|
} finally {
|
188
|
if (connection != null)
|
189
|
connection.close();
|
190
|
}
|
191
|
}
|
192
|
|
193
|
@Override
|
194
|
public boolean isAdmin(String email) throws Exception {
|
195
|
LDAPConnection connection = null;
|
196
|
try {
|
197
|
logger.debug("checking if user " + email + " is an administrator");
|
198
|
connection = new LDAPConnection(ldapAddress, ldapPort, ldapUsername, ldapPassword);
|
199
|
Filter filter = Filter.createEqualityFilter("mail", email);
|
200
|
SearchRequest searchRequest = new SearchRequest(ldapUsersDN, SearchScope.SUB, filter, "JoomlaGroup");
|
201
|
SearchResult searchResult = connection.search(searchRequest);
|
202
|
|
203
|
for (SearchResultEntry entry : searchResult.getSearchEntries()) {
|
204
|
for (String role : entry.getAttributeValues("JoomlaGroup"))
|
205
|
if (role.equals("validatorAdmin"))
|
206
|
return true;
|
207
|
}
|
208
|
logger.debug(email + " is not administrator");
|
209
|
return false;
|
210
|
} catch (Exception e) {
|
211
|
logger.error("", e);
|
212
|
throw e;
|
213
|
} finally {
|
214
|
if (connection != null)
|
215
|
connection.close();
|
216
|
}
|
217
|
}
|
218
|
|
219
|
@Override
|
220
|
public boolean isUserActivated(String email) throws Exception {
|
221
|
LDAPConnection connection = null;
|
222
|
try {
|
223
|
logger.debug("checking if user " + email + " is activated");
|
224
|
connection = new LDAPConnection(ldapAddress, ldapPort, ldapUsername, ldapPassword);
|
225
|
Filter filter = Filter.createEqualityFilter("mail", email);
|
226
|
SearchRequest searchRequest = new SearchRequest(ldapUsersDN, SearchScope.SUB, filter, "JoomlaBlockUser");
|
227
|
SearchResult searchResult = connection.search(searchRequest);
|
228
|
for (SearchResultEntry entry : searchResult.getSearchEntries()) {
|
229
|
int val = entry.getAttributeValueAsInteger("JoomlaBlockUser");
|
230
|
if (val == 0)
|
231
|
return true;
|
232
|
else
|
233
|
return false;
|
234
|
}
|
235
|
} catch (Exception e) {
|
236
|
logger.error("", e);
|
237
|
throw e;
|
238
|
} finally {
|
239
|
if (connection != null)
|
240
|
connection.close();
|
241
|
}
|
242
|
return false;
|
243
|
}
|
244
|
|
245
|
@Override
|
246
|
public String prepareResetPassword(String email) throws Exception {
|
247
|
LDAPConnection connection = null;
|
248
|
try {
|
249
|
logger.debug("preparing reset password for user " + email);
|
250
|
connection = new LDAPConnection(ldapAddress, ldapPort, ldapUsername, ldapPassword);
|
251
|
Filter filter = Filter.createEqualityFilter("mail", email);
|
252
|
SearchRequest searchRequest = new SearchRequest(ldapUsersDN, SearchScope.SUB, filter, "uid");
|
253
|
SearchResult searchResult = connection.search(searchRequest);
|
254
|
String dn = null;
|
255
|
for (SearchResultEntry entry : searchResult.getSearchEntries()) {
|
256
|
dn = "uid=" + entry.getAttributeValue("uid") + "," + ldapUsersDN;
|
257
|
}
|
258
|
String uuid = UUID.randomUUID().toString();
|
259
|
Modification mod = new Modification(ModificationType.REPLACE, "employeeNumber", uuid);
|
260
|
connection.modify(dn, mod);
|
261
|
return uuid;
|
262
|
} catch (Exception e) {
|
263
|
logger.error("", e);
|
264
|
throw e;
|
265
|
} finally {
|
266
|
if (connection != null)
|
267
|
connection.close();
|
268
|
}
|
269
|
}
|
270
|
|
271
|
@Override
|
272
|
public void resetPassword(String uuid, String password) throws Exception {
|
273
|
LDAPConnection connection = null;
|
274
|
try {
|
275
|
connection = new LDAPConnection(ldapAddress, ldapPort, ldapUsername, ldapPassword);
|
276
|
Filter filter = Filter.createEqualityFilter("employeeNumber", uuid);
|
277
|
SearchRequest searchRequest = new SearchRequest(ldapUsersDN, SearchScope.SUB, filter, "uid");
|
278
|
SearchResult searchResult = connection.search(searchRequest);
|
279
|
String dn = null;
|
280
|
for (SearchResultEntry entry : searchResult.getSearchEntries()) {
|
281
|
dn = "uid=" + entry.getAttributeValue("uid") + "," + ldapUsersDN;
|
282
|
}
|
283
|
Modification mod1 = new Modification(ModificationType.REPLACE, "userPassword", Joomla15PasswordHash.create(password));
|
284
|
Modification mod2 = new Modification(ModificationType.REPLACE, "employeeNumber");
|
285
|
connection.modify(dn, mod1, mod2);
|
286
|
} catch (Exception e) {
|
287
|
logger.error("", e);
|
288
|
throw e;
|
289
|
} finally {
|
290
|
if (connection != null)
|
291
|
connection.close();
|
292
|
}
|
293
|
}
|
294
|
|
295
|
@Override
|
296
|
public boolean userExists(String email) throws Exception {
|
297
|
LDAPConnection connection = null;
|
298
|
try {
|
299
|
logger.debug("checking if user " + email + " exists in ldap");
|
300
|
connection = new LDAPConnection(ldapAddress, ldapPort, ldapUsername, ldapPassword);
|
301
|
Filter filter = Filter.createEqualityFilter("mail", email);
|
302
|
SearchRequest searchRequest = new SearchRequest(ldapUsersDN, SearchScope.SUB, filter, "mail");
|
303
|
|
304
|
SearchResult searchResult = connection.search(searchRequest);
|
305
|
if (!searchResult.getSearchEntries().isEmpty())
|
306
|
return true;
|
307
|
|
308
|
return false;
|
309
|
} catch (Exception e) {
|
310
|
logger.error("", e);
|
311
|
throw e;
|
312
|
} finally {
|
313
|
if (connection != null)
|
314
|
connection.close();
|
315
|
}
|
316
|
}
|
317
|
|
318
|
@Override
|
319
|
public boolean usernameExists(String username) throws Exception {
|
320
|
LDAPConnection connection = null;
|
321
|
try {
|
322
|
logger.debug("checking if user " + username + " exists in ldap");
|
323
|
connection = new LDAPConnection(ldapAddress, ldapPort, ldapUsername, ldapPassword);
|
324
|
Filter filter = Filter.createEqualityFilter("uid", username);
|
325
|
SearchRequest searchRequest = new SearchRequest(ldapUsersDN, SearchScope.SUB, filter, "uid");
|
326
|
SearchResult searchResult = connection.search(searchRequest);
|
327
|
|
328
|
if (!searchResult.getSearchEntries().isEmpty()) {
|
329
|
return true;
|
330
|
}
|
331
|
|
332
|
return false;
|
333
|
} catch (Exception e) {
|
334
|
logger.error("", e);
|
335
|
throw e;
|
336
|
} finally {
|
337
|
if (connection != null)
|
338
|
connection.close();
|
339
|
}
|
340
|
}
|
341
|
|
342
|
@Override
|
343
|
public String getEmailFromUsername(String username) throws Exception {
|
344
|
LDAPConnection connection = null;
|
345
|
try {
|
346
|
logger.debug("getting email for user " + username);
|
347
|
connection = new LDAPConnection(ldapAddress, ldapPort, ldapUsername, ldapPassword);
|
348
|
Filter filter = Filter.createEqualityFilter("uid", username);
|
349
|
SearchRequest searchRequest = new SearchRequest(ldapUsersDN, SearchScope.SUB, filter, "mail");
|
350
|
SearchResult searchResult = connection.search(searchRequest);
|
351
|
for (SearchResultEntry entry : searchResult.getSearchEntries()) {
|
352
|
return entry.getAttributeValue("mail");
|
353
|
}
|
354
|
return null;
|
355
|
} catch (Exception e) {
|
356
|
logger.error("", e);
|
357
|
throw e;
|
358
|
} finally {
|
359
|
if (connection != null)
|
360
|
connection.close();
|
361
|
}
|
362
|
}
|
363
|
|
364
|
public void setLdapPort(int ldapPort) {
|
365
|
this.ldapPort = ldapPort;
|
366
|
}
|
367
|
|
368
|
public void setLdapAddress(String ldapAddress) {
|
369
|
this.ldapAddress = ldapAddress;
|
370
|
}
|
371
|
|
372
|
public void setLdapUsername(String ldapUsername) {
|
373
|
this.ldapUsername = ldapUsername;
|
374
|
}
|
375
|
|
376
|
public void setLdapPassword(String ldapPassword) {
|
377
|
this.ldapPassword = ldapPassword;
|
378
|
}
|
379
|
|
380
|
public void setLdapUsersDN(String ldapUsersDN) {
|
381
|
this.ldapUsersDN = ldapUsersDN;
|
382
|
}
|
383
|
}
|
384
|
|
385
|
class Joomla15PasswordHash
|
386
|
{
|
387
|
public static boolean check(String passwd,String dbEntry) {
|
388
|
String hashed = "{MD5}"+Base64.encode(pack(Joomla15PasswordHash.md5(passwd)));
|
389
|
if(dbEntry.equals(hashed))
|
390
|
return true;
|
391
|
else
|
392
|
return false;
|
393
|
}
|
394
|
|
395
|
static Random _rnd;
|
396
|
|
397
|
public static String create(String passwd) {
|
398
|
return "{MD5}"+Base64.encode(pack(Joomla15PasswordHash.md5(passwd)));
|
399
|
}
|
400
|
|
401
|
/** Takes the MD5 hash of a sequence of ASCII or LATIN1 characters,
|
402
|
* and returns it as a 32-character lowercase hex string.
|
403
|
*
|
404
|
* Equivalent to MySQL's MD5() function
|
405
|
* and to perl's Digest::MD5::md5_hex(),
|
406
|
* and to PHP's md5().
|
407
|
*
|
408
|
* Does no error-checking of the input, but only uses the low 8 bits
|
409
|
* from each input character.
|
410
|
*/
|
411
|
public static String md5(String data) {
|
412
|
byte[] bdata = new byte[data.length()]; int i; byte[] hash;
|
413
|
|
414
|
for (i=0;i<data.length();i++) bdata[i]=(byte)(data.charAt(i)&0xff );
|
415
|
|
416
|
try {
|
417
|
MessageDigest md5er = MessageDigest.getInstance("MD5");
|
418
|
hash = md5er.digest(bdata);
|
419
|
} catch (GeneralSecurityException e) { throw new RuntimeException(e); }
|
420
|
|
421
|
StringBuffer r = new StringBuffer(32);
|
422
|
for (i=0;i<hash.length;i++) {
|
423
|
String x = Integer.toHexString(hash[i]&0xff);
|
424
|
if (x.length()<2) r.append("0");
|
425
|
r.append(x);
|
426
|
}
|
427
|
return r.toString();
|
428
|
}
|
429
|
|
430
|
public static byte[] pack(String md5) {
|
431
|
byte[] bytes = new byte[16];
|
432
|
int j = 0;
|
433
|
for(int i=0; i < 31; i+=2) {
|
434
|
bytes[j] = (byte) Integer.parseInt(md5.charAt(i)+""+md5.charAt(i+1),16);
|
435
|
j++;
|
436
|
}
|
437
|
return bytes;
|
438
|
}
|
439
|
}
|
440
|
|