1
|
package eu.dnetlib.openaire.user.utils;
|
2
|
|
3
|
import com.unboundid.ldap.sdk.*;
|
4
|
import com.unboundid.ldap.sdk.extensions.PasswordModifyExtendedRequest;
|
5
|
import com.unboundid.ldap.sdk.extensions.PasswordModifyExtendedResult;
|
6
|
|
7
|
import eu.dnetlib.openaire.user.store.LDAPConnector;
|
8
|
|
9
|
import org.apache.commons.validator.routines.EmailValidator;
|
10
|
import org.apache.log4j.Logger;
|
11
|
import org.springframework.beans.factory.annotation.Autowired;
|
12
|
|
13
|
import java.util.ArrayList;
|
14
|
import java.util.List;
|
15
|
|
16
|
/**
|
17
|
* Created by kiatrop on 29/9/2017.
|
18
|
*/
|
19
|
public class LDAPActions {
|
20
|
|
21
|
@Autowired
|
22
|
private LDAPConnector ldapConnector;
|
23
|
|
24
|
private Logger logger = Logger.getLogger(LDAPConnector.class);
|
25
|
|
26
|
public String getUsername(String email) throws LDAPException {
|
27
|
Filter filter = Filter.createEqualityFilter("mail", email);
|
28
|
SearchRequest searchRequest = new SearchRequest("dc=openaire,dc=eu", SearchScope.SUB, filter, "uid");
|
29
|
|
30
|
SearchResult searchResult = ldapConnector.getConnection().search(searchRequest);
|
31
|
|
32
|
if (searchResult.getSearchEntries() != null) {
|
33
|
if (searchResult.getSearchEntries().size() > 1) {
|
34
|
logger.warn("An email is used for two different usernames! We only keep the first one.");
|
35
|
}
|
36
|
|
37
|
if (searchResult.getSearchEntries().get(0) != null) {
|
38
|
return searchResult.getSearchEntries().get(0).getAttributeValue("uid");
|
39
|
}
|
40
|
}
|
41
|
|
42
|
return null;
|
43
|
}
|
44
|
|
45
|
public Entry createUser(String username, String email, String fistName, String lastName, String password) throws Exception {
|
46
|
|
47
|
if(!username.matches("^[a-zA-Z0-9][a-zA-Z0-9_-]{2,15}")){
|
48
|
throw new CustomLDAPException("Invalid username!");
|
49
|
}
|
50
|
|
51
|
if(!EmailValidator.getInstance().isValid(email)){
|
52
|
throw new CustomLDAPException("Invalid email!");
|
53
|
}
|
54
|
|
55
|
Filter uidFilter = Filter.createEqualityFilter("uid", username);
|
56
|
SearchRequest uidRequest = new SearchRequest("dc=openaire,dc=eu", SearchScope.SUB, uidFilter, "cn", "mail", "uid", "objectClass");
|
57
|
|
58
|
Filter mailFilter = Filter.createEqualityFilter("mail", email);
|
59
|
SearchRequest mailRequest = new SearchRequest("dc=openaire,dc=eu", SearchScope.SUB, mailFilter, "cn", "mail", "uid", "objectClass");
|
60
|
|
61
|
SearchResult searchResult = ldapConnector.getConnection().search(uidRequest);
|
62
|
if(!searchResult.getSearchEntries().isEmpty()){
|
63
|
throw new CustomLDAPException("Username " + username + " already exists!");
|
64
|
}
|
65
|
searchResult = ldapConnector.getConnection().search(mailRequest);
|
66
|
if(!searchResult.getSearchEntries().isEmpty()){
|
67
|
throw new CustomLDAPException("Email " + email + " already exists!");
|
68
|
}
|
69
|
|
70
|
Entry entry = new Entry("dn: uid=" + username + ",ou=users,dc=openaire,dc=eu",
|
71
|
"objectClass: inetOrgPerson",
|
72
|
"objectClass: eduPerson",
|
73
|
"cn: " + username,
|
74
|
"uid: " + username,
|
75
|
"displayName: " + fistName + " " + lastName,
|
76
|
"mail: " + email,
|
77
|
"givenName: " + fistName,
|
78
|
"sn: " + lastName,
|
79
|
"eduPersonPrincipalName: " + username + "@openaire.eu",
|
80
|
"userPassword: " + password);
|
81
|
ldapConnector.getConnection().add(entry);
|
82
|
logger.info("User: " + username + " was created successfully!");
|
83
|
|
84
|
return entry;
|
85
|
}
|
86
|
|
87
|
public void updateUser(String username, String email, String firstName, String lastName, String password) throws Exception {
|
88
|
SearchRequest searchRequest = new SearchRequest("dc=openaire,dc=eu", SearchScope.SUB, Filter.createEqualityFilter("uid", username), "mail", "givenName", "sn", "displayName");
|
89
|
SearchResult searchResult = ldapConnector.getConnection().search(searchRequest);
|
90
|
List<Modification> mods = new ArrayList<>();
|
91
|
|
92
|
if (!searchResult.getSearchEntries().isEmpty()) {
|
93
|
Entry entry = searchResult.getSearchEntries().get(0);
|
94
|
if(!entry.getAttributeValue("mail").equals(email)){
|
95
|
if(!EmailValidator.getInstance().isValid(email)){
|
96
|
throw new CustomLDAPException("Invalid email!");
|
97
|
}
|
98
|
Filter uidFilter = Filter.createEqualityFilter("uid", username);
|
99
|
Filter mailFilter = Filter.createEqualityFilter("mail", email);
|
100
|
SearchRequest mailRequest = new SearchRequest("dc=openaire,dc=eu", SearchScope.SUB, Filter.createANDFilter(mailFilter, Filter.createNOTFilter(uidFilter)), "mail", "givenName", "sn", "displayName");
|
101
|
SearchResult mailResult = ldapConnector.getConnection().search(mailRequest);
|
102
|
if(!mailResult.getSearchEntries().isEmpty()){
|
103
|
throw new CustomLDAPException("Email " + email + " already in use!");
|
104
|
}
|
105
|
mods.add(new Modification(ModificationType.REPLACE, "mail", email));
|
106
|
}
|
107
|
if(entry.getAttributeValue("givenName") == null){
|
108
|
mods.add(new Modification(ModificationType.ADD, "givenName", firstName));
|
109
|
} else if(!entry.getAttributeValue("givenName").equals(firstName)){
|
110
|
mods.add(new Modification(ModificationType.REPLACE, "givenName", firstName));
|
111
|
}
|
112
|
if(entry.getAttributeValue("sn") == null){
|
113
|
mods.add(new Modification(ModificationType.ADD, "sn", lastName));
|
114
|
} else if(!entry.getAttributeValue("sn").equals(lastName)){
|
115
|
mods.add(new Modification(ModificationType.REPLACE, "sn", lastName));
|
116
|
}
|
117
|
if(entry.getAttributeValue("displayName") == null) {
|
118
|
mods.add(new Modification(ModificationType.ADD, "displayName", firstName + " " + lastName));
|
119
|
} else if (!entry.getAttributeValue("displayName").equals(firstName + " " + lastName)) {
|
120
|
mods.add(new Modification(ModificationType.REPLACE, "displayName", firstName + " " + lastName));
|
121
|
}
|
122
|
|
123
|
//mods.add(new Modification(ModificationType.REPLACE, "userPassword",password));
|
124
|
if(!mods.isEmpty()) {
|
125
|
ldapConnector.getConnection().modify(entry.getDN(), mods);
|
126
|
}
|
127
|
PasswordModifyExtendedRequest passwordModifyExtendedRequest = new PasswordModifyExtendedRequest(entry.getDN(), (String) null, password);
|
128
|
PasswordModifyExtendedResult passwordModifyResult = (PasswordModifyExtendedResult) ldapConnector.getConnection().processExtendedOperation(passwordModifyExtendedRequest);
|
129
|
} else {
|
130
|
throw new CustomLDAPException("Username " + username + " not found!");
|
131
|
}
|
132
|
}
|
133
|
|
134
|
}
|