D-Net

package eu.dnetlib.openaire.user.ldap;

import com.unboundid.ldap.sdk.*;

import org.apache.log4j.Logger;

import java.util.UUID;

/**

 * Created by sofia on 31/10/2016.

 */

public class UserActionsLDAP {

    transient Logger logger = Logger.getLogger(UserActionsLDAP.class);

    private int ldapPort = 0;

    private String ldapAddress;

    private String ldapUsername;

    private String ldapPassword;

    private String ldapUsersDN;

    public boolean activateUser(String activationId) throws Exception {

        LDAPConnection connection = null;

        try {

            logger.debug("activating user with activationId " + activationId);

            connection = new LDAPConnection(ldapAddress, ldapPort, ldapUsername, ldapPassword);

            Filter filter = Filter.createEqualityFilter("employeeNumber", activationId);

            SearchRequest searchRequest = new SearchRequest(ldapUsersDN, SearchScope.SUB, filter, "uid");

            SearchResult searchResult = connection.search(searchRequest);

            String dn = null;

            if ( searchResult.getSearchEntries().size() > 0	) {

                for (SearchResultEntry entry : searchResult.getSearchEntries()) {

                    dn = "uid=" + entry.getAttributeValue("uid") + "," + ldapUsersDN;

                }

                Modification mod1 = new Modification(ModificationType.REPLACE, "JoomlaBlockUser", "0");

                Modification mod2 = new Modification(ModificationType.REPLACE, "employeeNumber");

                connection.modify(dn, mod1, mod2);

                return true;

            } else {

                return false;

            }

        } catch (Exception e) {

            logger.error("", e);

            throw e;

        } finally {

            if (connection != null)

                connection.close();

        }

    }

    public String addUser(String email, String password) throws Exception {

        throw new UnsupportedOperationException();

    }

    public String addUser(String username, String email, String password, String firstName, String lastName) throws Exception {

        logger.debug("adding user " + username + " " + email + " to ldap");

        Attribute cn = new Attribute("cn", username);

        Attribute displayName = new Attribute("displayName", firstName + " " + lastName);

        Attribute mail = new Attribute("mail", email);

        Attribute givenName = new Attribute("givenName", firstName);

        Attribute joomlaBlockUser = new Attribute("JoomlaBlockUser", "1");

        Attribute joomlaGroup = new Attribute("JoomlaGroup", "Registered");

        Attribute objectClass = new Attribute("objectClass", "top", "inetOrgPerson", "JoomlaUser");

        Attribute userPassword = new Attribute("userPassword", Joomla15PasswordHash.create(password));

        Attribute sn = new Attribute("sn", lastName);

        Attribute uid = new Attribute("uid", username);

        // Attribute joomlaUserParams = new Attribute("JoomlaUserParams", "");

        String activationId = UUID.randomUUID().toString();

        Attribute x500UniqueIdentifier = new Attribute("employeeNumber", activationId);

        LDAPConnection connection = null;

        try {

            DN dn = new DN("uid=" + username + "," + ldapUsersDN);

            System.out.println("cn: " + cn + " displayName: " + displayName + " mail: " + mail + " givenName: " + givenName + " joomlaBlockUser: " + joomlaBlockUser + " joomlaGroup: " + joomlaGroup + " objectClass: " + objectClass + " userPassword: " + userPassword + " sn: " + sn + " uid: " + uid + " x500UniqueIdentifier: " + x500UniqueIdentifier);

            Entry entry = new Entry(dn.toNormalizedString(), cn, displayName, mail, givenName, joomlaBlockUser, joomlaGroup, objectClass, userPassword, sn, uid/*

																																								 * ,

																																								 * joomlaUserParams

																																								 */, x500UniqueIdentifier);

            connection = new LDAPConnection(ldapAddress, ldapPort, ldapUsername, ldapPassword);

            connection.add(entry);

            return activationId;

        } catch (Exception e) {

            logger.error("", e);

            throw e;

        } finally {

            if (connection != null)

                connection.close();

        }

    }

    public boolean correctCreds(String email, String password) throws Exception {

        LDAPConnection connection = null;

        try {

            logger.debug("checking if user " + email + " entered a correct password when logging in");

            connection = new LDAPConnection(ldapAddress, ldapPort, ldapUsername, ldapPassword);

            Filter filter = Filter.createEqualityFilter("mail", email);

            SearchRequest searchRequest = new SearchRequest(ldapUsersDN, SearchScope.SUB, filter, "userPassword");

            SearchResult searchResult = connection.search(searchRequest);

            for (SearchResultEntry entry : searchResult.getSearchEntries()) {

                if (Joomla15PasswordHash.check(password, entry.getAttributeValue("userPassword")))

                    return true;

            }

            return false;

        } catch (Exception e) {

            logger.error("", e);

            throw e;

        } finally {

            if (connection != null)

                connection.close();

        }

    }

    public void editUser(String email, String fname, String lname, String inst) throws Exception {

        LDAPConnection connection = null;

        try {

            logger.debug("editing user " + email);

            connection = new LDAPConnection(ldapAddress, ldapPort, ldapUsername, ldapPassword);

            Filter filter = Filter.createEqualityFilter("mail", email);

            SearchRequest searchRequest = new SearchRequest(ldapUsersDN, SearchScope.SUB, filter, "uid");

            SearchResult searchResult = connection.search(searchRequest);

            String dn = null;

            for (SearchResultEntry entry : searchResult.getSearchEntries()) {

                dn = "uid=" + entry.getAttributeValue("uid") + "," + ldapUsersDN;

            }

            Modification mod1 = new Modification(ModificationType.REPLACE, "displayName", fname + " " + lname);

            Modification mod2 = new Modification(ModificationType.REPLACE, "givenName", fname);

            Modification mod3 = new Modification(ModificationType.REPLACE, "sn", lname);

            Modification mod4 = new Modification(ModificationType.REPLACE, "o", inst);

            connection.modify(dn, mod1, mod2, mod3, mod4);

        } catch (Exception e) {

            logger.error("", e);

            throw e;

        } finally {

            if (connection != null)

                connection.close();

        }

    }

    /*

    @Override

    public eu.dnetlib.openaire.user.user.UserProfile getUser(String userIdentifier) throws Exception {

        LDAPConnection connection = null;

        try {

            logger.debug("getting user " + userIdentifier + " from ldap");

            connection = new LDAPConnection(ldapAddress, ldapPort, ldapUsername, ldapPassword);

            Filter filter = Filter.createEqualityFilter("mail", userIdentifier);

            SearchRequest searchRequest = new SearchRequest(ldapUsersDN, SearchScope.SUB, filter, "mail", "givenName", "sn", "o", "uid");

            SearchResult searchResult = connection.search(searchRequest);

            UserProfileIS profile = new UserProfileIS();

            for (SearchResultEntry entry : searchResult.getSearchEntries()) {

                profile.setEmail(entry.getAttributeValue("mail"));

                profile.setFname(entry.getAttributeValue("givenName"));

                profile.setLname(entry.getAttributeValue("sn"));

                profile.setInstitution(entry.getAttributeValue("o"));

                profile.setUsername(entry.getAttributeValue("uid"));

            }

            return profile;

        } catch (Exception e) {

            logger.error("", e);

            throw e;

        } finally {

            if (connection != null)

                connection.close();

        }

    }*/

    public boolean isAdmin(String email) throws Exception {

        LDAPConnection connection = null;

        try {

            logger.debug("checking if user " + email + " is an administrator");

            connection = new LDAPConnection(ldapAddress, ldapPort, ldapUsername, ldapPassword);

            Filter filter = Filter.createEqualityFilter("mail", email);

            SearchRequest searchRequest = new SearchRequest(ldapUsersDN, SearchScope.SUB, filter, "JoomlaGroup");

            SearchResult searchResult = connection.search(searchRequest);

            for (SearchResultEntry entry : searchResult.getSearchEntries()) {

                for (String role : entry.getAttributeValues("JoomlaGroup"))

                    if (role.equals("validatorAdmin"))

                        return true;

            }

            logger.debug(email + " is not administrator");

            return false;

        } catch (Exception e) {

            logger.error("", e);

            throw e;

        } finally {

            if (connection != null)

                connection.close();

        }

    }

    public boolean isUserActivated(String email) throws Exception {

        LDAPConnection connection = null;

        try {

            logger.debug("checking if user " + email + " is activated");

            connection = new LDAPConnection(ldapAddress, ldapPort, ldapUsername, ldapPassword);

            Filter filter = Filter.createEqualityFilter("mail", email);

            SearchRequest searchRequest = new SearchRequest(ldapUsersDN, SearchScope.SUB, filter, "JoomlaBlockUser");

            SearchResult searchResult = connection.search(searchRequest);

            for (SearchResultEntry entry : searchResult.getSearchEntries()) {

                int val = entry.getAttributeValueAsInteger("JoomlaBlockUser");

                if (val == 0)

                    return true;

                else

                    return false;

            }

        } catch (Exception e) {

            logger.error("", e);

            throw e;

        } finally {

            if (connection != null)

                connection.close();

        }

        return false;

    }

    public String prepareResetPassword(String email) throws Exception {

        LDAPConnection connection = null;

        try {

            logger.debug("preparing reset password for user " + email);

            connection = new LDAPConnection(ldapAddress, ldapPort, ldapUsername, ldapPassword);

            Filter filter = Filter.createEqualityFilter("mail", email);

            SearchRequest searchRequest = new SearchRequest(ldapUsersDN, SearchScope.SUB, filter, "uid");

            SearchResult searchResult = connection.search(searchRequest);

            String dn = null;

            for (SearchResultEntry entry : searchResult.getSearchEntries()) {

                dn = "uid=" + entry.getAttributeValue("uid") + "," + ldapUsersDN;

            }

            String uuid = UUID.randomUUID().toString();

            Modification mod = new Modification(ModificationType.REPLACE, "employeeNumber", uuid);

            connection.modify(dn, mod);

            return uuid;

        } catch (Exception e) {

            logger.error("", e);

            throw e;

        } finally {

            if (connection != null)

                connection.close();

        }

    }

    public void resetPassword(String uuid, String password) throws Exception {

        LDAPConnection connection = null;

        try {

            connection = new LDAPConnection(ldapAddress, ldapPort, ldapUsername, ldapPassword);

            Filter filter = Filter.createEqualityFilter("employeeNumber", uuid);

            SearchRequest searchRequest = new SearchRequest(ldapUsersDN, SearchScope.SUB, filter, "uid");

            SearchResult searchResult = connection.search(searchRequest);

            String dn = null;

            for (SearchResultEntry entry : searchResult.getSearchEntries()) {

                dn = "uid=" + entry.getAttributeValue("uid") + "," + ldapUsersDN;

            }

            Modification mod1 = new Modification(ModificationType.REPLACE, "userPassword", Joomla15PasswordHash.create(password));

            Modification mod2 = new Modification(ModificationType.REPLACE, "employeeNumber");

            connection.modify(dn, mod1, mod2);

        } catch (Exception e) {

            logger.error("", e);

            throw e;

        } finally {

            if (connection != null)

                connection.close();

        }

    }

    public boolean userExists(String email) throws Exception {

        LDAPConnection connection = null;

        try {

            logger.debug("checking if user " + email + " exists in ldap");

            connection = new LDAPConnection(ldapAddress, ldapPort, ldapUsername, ldapPassword);

            Filter filter = Filter.createEqualityFilter("mail", email);

            SearchRequest searchRequest = new SearchRequest(ldapUsersDN, SearchScope.SUB, filter, "mail");

            SearchResult searchResult = connection.search(searchRequest);

            if (!searchResult.getSearchEntries().isEmpty())

                return true;

            return false;

        } catch (Exception e) {

            logger.error("", e);

            throw e;

        } finally {

            if (connection != null)

                connection.close();

        }

    }

    public boolean usernameExists(String username) throws Exception {

        LDAPConnection connection = null;

        try {

            logger.debug("checking if user " + username + " exists in ldap");

            connection = new LDAPConnection(ldapAddress, ldapPort, ldapUsername, ldapPassword);

            Filter filter = Filter.createEqualityFilter("uid", username);

            SearchRequest searchRequest = new SearchRequest(ldapUsersDN, SearchScope.SUB, filter, "uid");

            SearchResult searchResult = connection.search(searchRequest);

            if (!searchResult.getSearchEntries().isEmpty()) {

                return true;

            }

            return false;

        } catch (Exception e) {

            logger.error("", e);

            throw e;

        } finally {

            if (connection != null)

                connection.close();

        }

    }

    public String getEmailFromUsername(String username) throws Exception {

        LDAPConnection connection = null;

        try {

            logger.debug("getting email for user " + username);

            connection = new LDAPConnection(ldapAddress, ldapPort, ldapUsername, ldapPassword);

            Filter filter = Filter.createEqualityFilter("uid", username);

            SearchRequest searchRequest = new SearchRequest(ldapUsersDN, SearchScope.SUB, filter, "mail");

            SearchResult searchResult = connection.search(searchRequest);

            for (SearchResultEntry entry : searchResult.getSearchEntries()) {

                return entry.getAttributeValue("mail");

            }

            return null;

        } catch (Exception e) {

            logger.error("", e);

            throw e;

        } finally {

            if (connection != null)

                connection.close();

        }

    }

    public String getUsername(String email) throws LDAPException {

        LDAPConnection ldapConnection = new LDAPConnection(ldapAddress, ldapPort, ldapUsername, ldapPassword);

        Filter filter = Filter.createEqualityFilter("mail", email);

        SearchRequest searchRequest = new SearchRequest("dc=openaire,dc=eu", SearchScope.SUB, filter, "uid");

        SearchResult searchResult = ldapConnection.search(searchRequest);

        if (searchResult.getSearchEntries() != null) {

            if (searchResult.getSearchEntries().size() > 1) {

                logger.warn("An email is used for two different usernames! We only keep the first one");

            }

            if (searchResult.getSearchEntries().get(0) != null) {

                return searchResult.getSearchEntries().get(0).getAttributeValue("uid");

            }

        }

        return null;

    }

    public void setLdapPort(int ldapPort) {

        this.ldapPort = ldapPort;

    }

    public void setLdapAddress(String ldapAddress) {

        this.ldapAddress = ldapAddress;

    }

    public void setLdapUsername(String ldapUsername) {

        this.ldapUsername = ldapUsername;

    }

    public void setLdapPassword(String ldapPassword) {

        this.ldapPassword = ldapPassword;

    }

    public void setLdapUsersDN(String ldapUsersDN) {

        this.ldapUsersDN = ldapUsersDN;

    }

    public static void main(String[] args) {

        UserActionsLDAP ldap =  new UserActionsLDAP();

        String ldapAddress = "esperos.di.uoa.gr";

        String ldapUsername = "cn=admin,dc=openaire,dc=eu";

        String ldapPassword = "serenata";

        String ldapUsersDN = "ou=users,dc=openaire,dc=eu";

        int ldapPort = 389;

        ldap.setLdapAddress(ldapAddress);

        ldap.setLdapUsername(ldapUsername);

        ldap.setLdapPassword(ldapPassword);

        ldap.setLdapUsersDN(ldapUsersDN);

        ldap.setLdapPort(ldapPort);

        // CHECK: usernameExists(uid)

        // TERMINAL: ldapsearch -x -LLL -h esperos.di.uoa.gr -b dc=openaire,dc=eu dn

//        try {

//            if (ldap.usernameExists("ngasparis"))

//                System.out.println("username exists");

//            else

//                System.out.println("username doesn't exist");

//

//        } catch (Exception e) {

//            e.printStackTrace();

//        }

        // CHECK: userExists(mail)

        // TERMINAL: ldapsearch -x -LLL -h esperos.di.uoa.gr -b dc=openaire,dc=eu mail

//        try {

//            if (ldap.userExists("n.gasparis@di.uoa.gr"))

//                System.out.println("user exists");

//            else

//                System.out.println("user doesn't exist");

//        } catch (Exception e) {

//            e.printStackTrace();

//        }

        // CHECK: isUserActivated(mail)

        // TODO not sure!

        // TERMINAL: ldapsearch -x -LLL -h esperos.di.uoa.gr -b dc=openaire,dc=eu mail

//        try {

//            if (ldap.isUserActivated("n.gasparis@di.uoa.gr"))

//                System.out.println("user is activated");

//            else

//                System.out.println("user isn't activated");

//        } catch (Exception e) {

//            e.printStackTrace();

//        }

        // CHECK: getUser(mail)

        // TERMINAL(mail): ldapsearch -x -LLL -h esperos.di.uoa.gr -b dc=openaire,dc=eu mail

        // TERMINAL(firstname): ldapsearch -x -LLL -h esperos.di.uoa.gr -b dc=openaire,dc=eu givenName

        // TERMINAL(lastname): ldapsearch -x -LLL -h esperos.di.uoa.gr -b dc=openaire,dc=eu sn

        // TERMINAL(institution): ldapsearch -x -LLL -h esperos.di.uoa.gr -b dc=openaire,dc=eu o

        // TERMINAL(username): ldapsearch -x -LLL -h esperos.di.uoa.gr -b dc=openaire,dc=eu uid

//        try {

//            gr.uoa.di.validator.api.user.UserProfileIS userProfile = (gr.uoa.di.validator.api.user.UserProfileIS) ldap.getUser("n.gasparis@di.uoa.gr");

//            System.out.println("User with Firstname: "        + userProfile.getFname() +

//                                  "\n          Lastname: "    + userProfile.getLname() +

//                                  "\n          Username: "    + userProfile.getUsername() +

//                                  "\n          Email: "       + userProfile.getEmail() +

//                                  "\n          Institution: " + userProfile.getInstitution());

//

//        } catch (Exception e) {

//            e.printStackTrace();

//        }

        // CHECK: getEmailFromUsername(username)

        // ldapsearch -x -LLL -h esperos.di.uoa.gr -b dc=openaire,dc=eu mail

//        try {

//            if (ldap.usernameExists("user is adminngasparis")) {

//                String email = ldap.getEmailFromUsername("ngasparis");

//                System.out.println("username exists with email: " + email);

//            }

//            else

//                System.out.println("username doesn't exist");

//

//        } catch (Exception e) {

//            e.printStackTrace();

//        }

        // CHECK: isAdmin(mail)

        // TODO not sure

//        try {

//            if (ldap.isAdmin("n.gasparis@di.uoa.gr"))

//                System.out.println("user is admin");

//            else

//                System.out.println("user isn't admin");

//        } catch (Exception e) {

//            e.printStackTrace();

//        }

        // CHECK: addUser(username, email, password, firstname, lastname)

        // TERMINAL (check only): ldapsearch -x -LLL -h esperos.di.uoa.gr -b dc=openaire,dc=eu dn

//

//        try {

//            String activationId = ldap.addUser("sbaltzi", "sbaltzi@di.uoa.gr", "12345678", "sofia", "baltzi");

//            System.out.println("Added user with activation id:" + activationId);

//            gr.uoa.di.validator.api.user.UserProfileIS userProfile = (gr.uoa.di.validator.api.user.UserProfileIS) ldap.getUser("sbaltzi@di.uoa.gr");

//            System.out.println("User with Firstname: "        + userProfile.getFname() +

//                                  "\n          Lastname: "    + userProfile.getLname() +

//                                  "\n          Username: "    + userProfile.getUsername() +

//                                  "\n          Email: "       + userProfile.getEmail() +

//                                  "\n          Institution: " + userProfile.getInstitution());

//

//        } catch (Exception e) {

//            e.printStackTrace();

//        }

        // CHECK: correctCreds(mail, password)

//        try {

//            if (ldap.correctCreds("sbaltzi@di.uoa.gr", "12345678"))

//                System.out.println("correct credentials");

//            else

//                System.out.println("wrong credentials");

//        } catch (Exception e) {

//            e.printStackTrace();

//        }

        // CHECK: editUser()

        // TERMINAL(mail): ldapsearch -x -LLL -h esperos.di.uoa.gr -b dc=openaire,dc=eu mail

        // TERMINAL(firstname): ldapsearch -x -LLL -h esperos.di.uoa.gr -b dc=openaire,dc=eu givenName

        // TERMINAL(lastname): ldapsearch -x -LLL -h esperos.di.uoa.gr -b dc=openaire,dc=eu sn

        // TERMINAL(institution): ldapsearch -x -LLL -h esperos.di.uoa.gr -b dc=openaire,dc=eu o

        // TERMINAL(username): ldapsearch -x -LLL -h esperos.di.uoa.gr -b dc=openaire,dc=eu uid

//        try {

//            ldap.editUser("sbaltzi@di.uoa.gr", "sofie", "baltzi", "di");

//            gr.uoa.di.validator.api.user.UserProfileIS userProfile = (gr.uoa.di.validator.api.user.UserProfileIS) ldap.getUser("sbaltzi@di.uoa.gr");

//            System.out.println("User with Firstname: "        + userProfile.getFname() +

//                                  "\n          Lastname: "    + userProfile.getLname() +

//                                  "\n          Username: "    + userProfile.getUsername() +

//                                  "\n          Email: "       + userProfile.getEmail() +

//                                  "\n          Institution: " + userProfile.getInstitution());

//

//        } catch (Exception e) {

//            e.printStackTrace();

//        }

        // CHECK: prepareResetPassword(mail)

        // CHECK: resetPassword(mail, newpassword)

//        try {

//            String uuid = ldap.prepareResetPassword("sbaltzi@di.uoa.gr");

//            System.out.println("uuid is " + uuid);

//            ldap.resetPassword(uuid, "12345678");

//            if (ldap.correctCreds("sbaltzi@di.uoa.gr", "12345678"))

//                System.out.println("correct credentials");

//            else

//                System.out.println("wrong credentials");

//        } catch (Exception e) {

//            e.printStackTrace();

//        }

    }

}