1
|
package eu.dnetlib.openaire.user.utils;
|
2
|
|
3
|
import com.unboundid.ldap.sdk.*;
|
4
|
import com.unboundid.ldap.sdk.extensions.PasswordModifyExtendedRequest;
|
5
|
import com.unboundid.ldap.sdk.extensions.PasswordModifyExtendedResult;
|
6
|
|
7
|
import eu.dnetlib.openaire.user.store.LDAPConnector;
|
8
|
|
9
|
import org.apache.commons.validator.routines.EmailValidator;
|
10
|
import org.apache.log4j.Logger;
|
11
|
import org.springframework.beans.factory.annotation.Autowired;
|
12
|
|
13
|
import java.util.ArrayList;
|
14
|
import java.util.List;
|
15
|
|
16
|
/**
|
17
|
* Created by kiatrop on 29/9/2017.
|
18
|
*/
|
19
|
|
20
|
public class LDAPActions {
|
21
|
|
22
|
private LDAPConnector ldapConnector;
|
23
|
|
24
|
private Logger logger = Logger.getLogger(LDAPConnector.class);
|
25
|
|
26
|
public String getUsername(String email) throws LDAPException {
|
27
|
Filter filter = Filter.createEqualityFilter("mail", email);
|
28
|
SearchRequest searchRequest = new SearchRequest("dc=openaire,dc=eu", SearchScope.SUB, filter, "uid");
|
29
|
SearchResult searchResult = ldapConnector.getConnection().search(searchRequest);
|
30
|
|
31
|
if (searchResult.getSearchEntries() != null) {
|
32
|
if (searchResult.getSearchEntries().size() > 1) {
|
33
|
logger.warn("An email is used for two different usernames! We only keep the first one.");
|
34
|
}
|
35
|
|
36
|
if (searchResult.getSearchEntries().size() == 0) {
|
37
|
return null;
|
38
|
}
|
39
|
|
40
|
if (searchResult.getSearchEntries().get(0) != null) {
|
41
|
return searchResult.getSearchEntries().get(0).getAttributeValue("uid");
|
42
|
}
|
43
|
}
|
44
|
|
45
|
return null;
|
46
|
}
|
47
|
|
48
|
public Entry createUser(String username, String email, String fistName, String lastName, String institution, String password) throws Exception {
|
49
|
|
50
|
if(!username.matches("^[a-zA-Z0-9][a-zA-Z0-9_-]{5,150}")){
|
51
|
throw new CustomLDAPException("Invalid username!");
|
52
|
}
|
53
|
|
54
|
if(!EmailValidator.getInstance().isValid(email)){
|
55
|
throw new CustomLDAPException("Invalid email!");
|
56
|
}
|
57
|
|
58
|
Filter uidFilter = Filter.createEqualityFilter("uid", username);
|
59
|
SearchRequest uidRequest = new SearchRequest("dc=openaire,dc=eu", SearchScope.SUB, uidFilter, "cn", "mail", "uid", "objectClass");
|
60
|
|
61
|
Filter mailFilter = Filter.createEqualityFilter("mail", email);
|
62
|
SearchRequest mailRequest = new SearchRequest("dc=openaire,dc=eu", SearchScope.SUB, mailFilter, "cn", "mail", "uid", "objectClass");
|
63
|
|
64
|
SearchResult searchResult = ldapConnector.getConnection().search(uidRequest);
|
65
|
if(!searchResult.getSearchEntries().isEmpty()){
|
66
|
throw new CustomLDAPException("Username " + username + " already exists!");
|
67
|
}
|
68
|
searchResult = ldapConnector.getConnection().search(mailRequest);
|
69
|
if(!searchResult.getSearchEntries().isEmpty()){
|
70
|
throw new CustomLDAPException("Email " + email + " already exists!");
|
71
|
}
|
72
|
|
73
|
Entry entry = new Entry("dn: uid=" + username + ",ou=users,dc=openaire,dc=eu",
|
74
|
"objectClass: inetOrgPerson",
|
75
|
"objectClass: eduPerson",
|
76
|
"cn: " + username,
|
77
|
"uid: " + username,
|
78
|
"displayName: " + fistName + " " + lastName,
|
79
|
"mail: " + email,
|
80
|
"givenName: " + fistName,
|
81
|
"sn: " + lastName,
|
82
|
"eduPersonPrincipalName: " + username + "@openaire.eu",
|
83
|
"o: " + institution);
|
84
|
ldapConnector.getConnection().add(entry);
|
85
|
PasswordModifyExtendedRequest passwordModifyExtendedRequest = new PasswordModifyExtendedRequest(entry.getDN(), (String) null, password);
|
86
|
PasswordModifyExtendedResult passwordModifyResult = (PasswordModifyExtendedResult) ldapConnector.getConnection().processExtendedOperation(passwordModifyExtendedRequest);
|
87
|
logger.info("User: " + username + " was created successfully!");
|
88
|
|
89
|
return entry;
|
90
|
}
|
91
|
|
92
|
public void updateUser(String username, String email, String firstName, String lastName, String password) throws Exception {
|
93
|
SearchRequest searchRequest = new SearchRequest("dc=openaire,dc=eu", SearchScope.SUB, Filter.createEqualityFilter("uid", username), "mail", "givenName", "sn", "displayName");
|
94
|
SearchResult searchResult = ldapConnector.getConnection().search(searchRequest);
|
95
|
List<Modification> mods = new ArrayList<>();
|
96
|
|
97
|
if (!searchResult.getSearchEntries().isEmpty()) {
|
98
|
Entry entry = searchResult.getSearchEntries().get(0);
|
99
|
if(!entry.getAttributeValue("mail").equals(email)){
|
100
|
if(!EmailValidator.getInstance().isValid(email)){
|
101
|
throw new CustomLDAPException("Invalid email!");
|
102
|
}
|
103
|
Filter uidFilter = Filter.createEqualityFilter("uid", username);
|
104
|
Filter mailFilter = Filter.createEqualityFilter("mail", email);
|
105
|
SearchRequest mailRequest = new SearchRequest("dc=openaire,dc=eu", SearchScope.SUB, Filter.createANDFilter(mailFilter, Filter.createNOTFilter(uidFilter)), "mail", "givenName", "sn", "displayName");
|
106
|
SearchResult mailResult = ldapConnector.getConnection().search(mailRequest);
|
107
|
if(!mailResult.getSearchEntries().isEmpty()){
|
108
|
throw new CustomLDAPException("Email " + email + " already in use!");
|
109
|
}
|
110
|
mods.add(new Modification(ModificationType.REPLACE, "mail", email));
|
111
|
}
|
112
|
if(entry.getAttributeValue("givenName") == null){
|
113
|
mods.add(new Modification(ModificationType.ADD, "givenName", firstName));
|
114
|
} else if(!entry.getAttributeValue("givenName").equals(firstName)){
|
115
|
mods.add(new Modification(ModificationType.REPLACE, "givenName", firstName));
|
116
|
}
|
117
|
if(entry.getAttributeValue("sn") == null){
|
118
|
mods.add(new Modification(ModificationType.ADD, "sn", lastName));
|
119
|
} else if(!entry.getAttributeValue("sn").equals(lastName)){
|
120
|
mods.add(new Modification(ModificationType.REPLACE, "sn", lastName));
|
121
|
}
|
122
|
if(entry.getAttributeValue("displayName") == null) {
|
123
|
mods.add(new Modification(ModificationType.ADD, "displayName", firstName + " " + lastName));
|
124
|
} else if (!entry.getAttributeValue("displayName").equals(firstName + " " + lastName)) {
|
125
|
mods.add(new Modification(ModificationType.REPLACE, "displayName", firstName + " " + lastName));
|
126
|
}
|
127
|
|
128
|
//mods.add(new Modification(ModificationType.REPLACE, "userPassword",password));
|
129
|
if(!mods.isEmpty()) {
|
130
|
ldapConnector.getConnection().modify(entry.getDN(), mods);
|
131
|
}
|
132
|
PasswordModifyExtendedRequest passwordModifyExtendedRequest = new PasswordModifyExtendedRequest(entry.getDN(), (String) null, password);
|
133
|
PasswordModifyExtendedResult passwordModifyResult = (PasswordModifyExtendedResult) ldapConnector.getConnection().processExtendedOperation(passwordModifyExtendedRequest);
|
134
|
} else {
|
135
|
throw new CustomLDAPException("Username " + username + " not found!");
|
136
|
}
|
137
|
}
|
138
|
|
139
|
// public void resetPassword(String username, String email, String password) throws Exception {
|
140
|
// SearchRequest searchRequest = new SearchRequest("dc=openaire,dc=eu", SearchScope.SUB, Filter.createEqualityFilter("uid", username), "mail");
|
141
|
// SearchResult searchResult = ldapConnector.getConnection().search(searchRequest);
|
142
|
// List<Modification> mods = new ArrayList<>();
|
143
|
//
|
144
|
// if (!searchResult.getSearchEntries().isEmpty()) {
|
145
|
// Entry entry = searchResult.getSearchEntries().get(0);
|
146
|
// if(!entry.getAttributeValue("mail").equals(email)){
|
147
|
// if(!EmailValidator.getInstance().isValid(email)){
|
148
|
// throw new CustomLDAPException("Invalid email!");
|
149
|
// }
|
150
|
// Filter uidFilter = Filter.createEqualityFilter("uid", username);
|
151
|
// Filter mailFilter = Filter.createEqualityFilter("mail", email);
|
152
|
// SearchRequest mailRequest = new SearchRequest("dc=openaire,dc=eu", SearchScope.SUB, Filter.createANDFilter(mailFilter, Filter.createNOTFilter(uidFilter)), "mail", "givenName", "sn", "displayName");
|
153
|
// SearchResult mailResult = ldapConnector.getConnection().search(mailRequest);
|
154
|
// if(!mailResult.getSearchEntries().isEmpty()){
|
155
|
// throw new CustomLDAPException("Email " + email + " already in use!");
|
156
|
// }
|
157
|
// mods.add(new Modification(ModificationType.REPLACE, "mail", email));
|
158
|
// }
|
159
|
// //mods.add(new Modification(ModificationType.REPLACE, "userPassword",password));
|
160
|
// if(!mods.isEmpty()) {
|
161
|
// ldapConnector.getConnection().modify(entry.getDN(), mods);
|
162
|
// }
|
163
|
// PasswordModifyExtendedRequest passwordModifyExtendedRequest = new PasswordModifyExtendedRequest(entry.getDN(), (String) null, password);
|
164
|
// PasswordModifyExtendedResult passwordModifyResult = (PasswordModifyExtendedResult) ldapConnector.getConnection().processExtendedOperation(passwordModifyExtendedRequest);
|
165
|
// } else {
|
166
|
// throw new CustomLDAPException("Username " + username + " not found!");
|
167
|
// }
|
168
|
// }
|
169
|
|
170
|
public void resetPassword(String username, String password) throws Exception {
|
171
|
LDAPConnection connection = ldapConnector.getConnection();
|
172
|
|
173
|
try {
|
174
|
|
175
|
Filter filter = Filter.createEqualityFilter("uid", username); //uid
|
176
|
SearchRequest searchRequest = new SearchRequest(ldapConnector.getUsersDN(), SearchScope.SUB, filter, "uid");
|
177
|
SearchResult searchResult = connection.search(searchRequest);
|
178
|
String dn = null;
|
179
|
for (SearchResultEntry entry : searchResult.getSearchEntries()) {
|
180
|
dn = "uid=" + entry.getAttributeValue("uid") + "," + ldapConnector.getUsersDN();
|
181
|
//logger.info("dn " + dn);
|
182
|
}
|
183
|
//Modification mod1 = new Modification(ModificationType.REPLACE, "userPassword", password);
|
184
|
PasswordModifyExtendedRequest passwordModifyExtendedRequest = new PasswordModifyExtendedRequest(dn, (String) null, password);
|
185
|
PasswordModifyExtendedResult passwordModifyResult = (PasswordModifyExtendedResult) ldapConnector.getConnection().processExtendedOperation(passwordModifyExtendedRequest);
|
186
|
//connection.modify(dn, mod1);
|
187
|
|
188
|
} catch (Exception e) {
|
189
|
logger.error("Fail to reset password.", e);
|
190
|
throw e;
|
191
|
|
192
|
} finally {
|
193
|
if (connection != null)
|
194
|
connection.close();
|
195
|
}
|
196
|
}
|
197
|
|
198
|
|
199
|
public LDAPConnector getLdapConnector() {
|
200
|
return ldapConnector;
|
201
|
}
|
202
|
|
203
|
public void setLdapConnector(LDAPConnector ldapConnector) {
|
204
|
this.ldapConnector = ldapConnector;
|
205
|
}
|
206
|
}
|