1
|
package eu.dnetlib.openaire.user.utils;
|
2
|
|
3
|
import com.unboundid.ldap.sdk.*;
|
4
|
import com.unboundid.ldap.sdk.extensions.PasswordModifyExtendedRequest;
|
5
|
import com.unboundid.ldap.sdk.extensions.PasswordModifyExtendedResult;
|
6
|
|
7
|
import eu.dnetlib.openaire.user.store.LDAPConnector;
|
8
|
|
9
|
import org.apache.commons.validator.routines.EmailValidator;
|
10
|
import org.apache.log4j.Logger;
|
11
|
import org.springframework.beans.factory.annotation.Autowired;
|
12
|
|
13
|
import java.util.ArrayList;
|
14
|
import java.util.List;
|
15
|
|
16
|
/**
|
17
|
* Created by kiatrop on 29/9/2017.
|
18
|
*/
|
19
|
|
20
|
public class LDAPActions {
|
21
|
|
22
|
private LDAPConnector ldapConnector;
|
23
|
|
24
|
private Logger logger = Logger.getLogger(LDAPConnector.class);
|
25
|
|
26
|
public String getUsername(String email) throws LDAPException {
|
27
|
Filter filter = Filter.createEqualityFilter("mail", email);
|
28
|
SearchRequest searchRequest = new SearchRequest("dc=openaire,dc=eu", SearchScope.SUB, filter, "uid");
|
29
|
SearchResult searchResult = ldapConnector.getConnection().search(searchRequest);
|
30
|
|
31
|
if (searchResult.getSearchEntries() != null) {
|
32
|
if (searchResult.getSearchEntries().size() > 1) {
|
33
|
logger.warn("An email is used for two different usernames! We only keep the first one.");
|
34
|
}
|
35
|
|
36
|
if (searchResult.getSearchEntries().size() == 0) {
|
37
|
return null;
|
38
|
}
|
39
|
|
40
|
if (searchResult.getSearchEntries().get(0) != null) {
|
41
|
return searchResult.getSearchEntries().get(0).getAttributeValue("uid");
|
42
|
}
|
43
|
}
|
44
|
|
45
|
return null;
|
46
|
}
|
47
|
|
48
|
public Entry createUser(String username, String email, String firstName, String lastName, String institution, String password) throws Exception {
|
49
|
|
50
|
if(!username.matches("^[a-zA-Z0-9][a-zA-Z0-9_-]{4,150}")){
|
51
|
throw new CustomLDAPException("Invalid username!");
|
52
|
}
|
53
|
|
54
|
if(!EmailValidator.getInstance().isValid(email)){
|
55
|
throw new CustomLDAPException("Invalid email!");
|
56
|
}
|
57
|
|
58
|
Filter uidFilter = Filter.createEqualityFilter("uid", username);
|
59
|
SearchRequest uidRequest = new SearchRequest("dc=openaire,dc=eu", SearchScope.SUB, uidFilter, "cn", "mail", "uid", "objectClass");
|
60
|
|
61
|
Filter mailFilter = Filter.createEqualityFilter("mail", email);
|
62
|
SearchRequest mailRequest = new SearchRequest("dc=openaire,dc=eu", SearchScope.SUB, mailFilter, "cn", "mail", "uid", "objectClass");
|
63
|
|
64
|
SearchResult searchResult = ldapConnector.getConnection().search(uidRequest);
|
65
|
if(!searchResult.getSearchEntries().isEmpty()){
|
66
|
throw new CustomLDAPException("Username " + username + " already exists!");
|
67
|
}
|
68
|
searchResult = ldapConnector.getConnection().search(mailRequest);
|
69
|
if(!searchResult.getSearchEntries().isEmpty()){
|
70
|
throw new CustomLDAPException("Email " + email + " already exists!");
|
71
|
}
|
72
|
|
73
|
Entry entry = new Entry("dn: uid=" + username + ",ou=users,dc=openaire,dc=eu",
|
74
|
"objectClass: inetOrgPerson",
|
75
|
"objectClass: eduPerson",
|
76
|
"cn: " + username,
|
77
|
"uid: " + username,
|
78
|
"displayName: " + firstName + " " + lastName,
|
79
|
"mail: " + email,
|
80
|
"givenName: " + firstName,
|
81
|
"sn: " + lastName,
|
82
|
"eduPersonPrincipalName: " + username + "@openaire.eu");
|
83
|
if(institution != null && !institution.isEmpty()) {
|
84
|
entry.addAttribute("o", institution);
|
85
|
}
|
86
|
ldapConnector.getConnection().add(entry);
|
87
|
PasswordModifyExtendedRequest passwordModifyExtendedRequest = new PasswordModifyExtendedRequest(entry.getDN(), (String) null, password);
|
88
|
PasswordModifyExtendedResult passwordModifyResult = (PasswordModifyExtendedResult) ldapConnector.getConnection().processExtendedOperation(passwordModifyExtendedRequest);
|
89
|
logger.info("User: " + username + " was created successfully!");
|
90
|
|
91
|
return entry;
|
92
|
}
|
93
|
|
94
|
public void updateUser(String username, String email, String firstName, String lastName, String password) throws Exception {
|
95
|
SearchRequest searchRequest = new SearchRequest("dc=openaire,dc=eu", SearchScope.SUB, Filter.createEqualityFilter("uid", username), "mail", "givenName", "sn", "displayName");
|
96
|
SearchResult searchResult = ldapConnector.getConnection().search(searchRequest);
|
97
|
List<Modification> mods = new ArrayList<>();
|
98
|
|
99
|
if (!searchResult.getSearchEntries().isEmpty()) {
|
100
|
Entry entry = searchResult.getSearchEntries().get(0);
|
101
|
if(!entry.getAttributeValue("mail").equals(email)){
|
102
|
if(!EmailValidator.getInstance().isValid(email)){
|
103
|
throw new CustomLDAPException("Invalid email!");
|
104
|
}
|
105
|
Filter uidFilter = Filter.createEqualityFilter("uid", username);
|
106
|
Filter mailFilter = Filter.createEqualityFilter("mail", email);
|
107
|
SearchRequest mailRequest = new SearchRequest("dc=openaire,dc=eu", SearchScope.SUB, Filter.createANDFilter(mailFilter, Filter.createNOTFilter(uidFilter)), "mail", "givenName", "sn", "displayName");
|
108
|
SearchResult mailResult = ldapConnector.getConnection().search(mailRequest);
|
109
|
if(!mailResult.getSearchEntries().isEmpty()){
|
110
|
throw new CustomLDAPException("Email " + email + " already in use!");
|
111
|
}
|
112
|
mods.add(new Modification(ModificationType.REPLACE, "mail", email));
|
113
|
}
|
114
|
if(entry.getAttributeValue("givenName") == null){
|
115
|
mods.add(new Modification(ModificationType.ADD, "givenName", firstName));
|
116
|
} else if(!entry.getAttributeValue("givenName").equals(firstName)){
|
117
|
mods.add(new Modification(ModificationType.REPLACE, "givenName", firstName));
|
118
|
}
|
119
|
if(entry.getAttributeValue("sn") == null){
|
120
|
mods.add(new Modification(ModificationType.ADD, "sn", lastName));
|
121
|
} else if(!entry.getAttributeValue("sn").equals(lastName)){
|
122
|
mods.add(new Modification(ModificationType.REPLACE, "sn", lastName));
|
123
|
}
|
124
|
if(entry.getAttributeValue("displayName") == null) {
|
125
|
mods.add(new Modification(ModificationType.ADD, "displayName", firstName + " " + lastName));
|
126
|
} else if (!entry.getAttributeValue("displayName").equals(firstName + " " + lastName)) {
|
127
|
mods.add(new Modification(ModificationType.REPLACE, "displayName", firstName + " " + lastName));
|
128
|
}
|
129
|
|
130
|
//mods.add(new Modification(ModificationType.REPLACE, "userPassword",password));
|
131
|
if(!mods.isEmpty()) {
|
132
|
ldapConnector.getConnection().modify(entry.getDN(), mods);
|
133
|
}
|
134
|
PasswordModifyExtendedRequest passwordModifyExtendedRequest = new PasswordModifyExtendedRequest(entry.getDN(), (String) null, password);
|
135
|
PasswordModifyExtendedResult passwordModifyResult = (PasswordModifyExtendedResult) ldapConnector.getConnection().processExtendedOperation(passwordModifyExtendedRequest);
|
136
|
} else {
|
137
|
throw new CustomLDAPException("Username " + username + " not found!");
|
138
|
}
|
139
|
}
|
140
|
|
141
|
// public void resetPassword(String username, String email, String password) throws Exception {
|
142
|
// SearchRequest searchRequest = new SearchRequest("dc=openaire,dc=eu", SearchScope.SUB, Filter.createEqualityFilter("uid", username), "mail");
|
143
|
// SearchResult searchResult = ldapConnector.getConnection().search(searchRequest);
|
144
|
// List<Modification> mods = new ArrayList<>();
|
145
|
//
|
146
|
// if (!searchResult.getSearchEntries().isEmpty()) {
|
147
|
// Entry entry = searchResult.getSearchEntries().get(0);
|
148
|
// if(!entry.getAttributeValue("mail").equals(email)){
|
149
|
// if(!EmailValidator.getInstance().isValid(email)){
|
150
|
// throw new CustomLDAPException("Invalid email!");
|
151
|
// }
|
152
|
// Filter uidFilter = Filter.createEqualityFilter("uid", username);
|
153
|
// Filter mailFilter = Filter.createEqualityFilter("mail", email);
|
154
|
// SearchRequest mailRequest = new SearchRequest("dc=openaire,dc=eu", SearchScope.SUB, Filter.createANDFilter(mailFilter, Filter.createNOTFilter(uidFilter)), "mail", "givenName", "sn", "displayName");
|
155
|
// SearchResult mailResult = ldapConnector.getConnection().search(mailRequest);
|
156
|
// if(!mailResult.getSearchEntries().isEmpty()){
|
157
|
// throw new CustomLDAPException("Email " + email + " already in use!");
|
158
|
// }
|
159
|
// mods.add(new Modification(ModificationType.REPLACE, "mail", email));
|
160
|
// }
|
161
|
// //mods.add(new Modification(ModificationType.REPLACE, "userPassword",password));
|
162
|
// if(!mods.isEmpty()) {
|
163
|
// ldapConnector.getConnection().modify(entry.getDN(), mods);
|
164
|
// }
|
165
|
// if(!password.matches("(?=.*\\d)(?=.*[a-z])(?=.*[A-Z]).{6,}")){
|
166
|
// throw new CustomLDAPException("Invalid password!");
|
167
|
// }
|
168
|
// PasswordModifyExtendedRequest passwordModifyExtendedRequest = new PasswordModifyExtendedRequest(entry.getDN(), (String) null, password);
|
169
|
// PasswordModifyExtendedResult passwordModifyResult = (PasswordModifyExtendedResult) ldapConnector.getConnection().processExtendedOperation(passwordModifyExtendedRequest);
|
170
|
// } else {
|
171
|
// throw new CustomLDAPException("Username " + username + " not found!");
|
172
|
// }
|
173
|
// }
|
174
|
|
175
|
public boolean emailExists(String email) throws Exception {
|
176
|
LDAPConnection connection = ldapConnector.getConnection();
|
177
|
|
178
|
try {
|
179
|
logger.debug("checking if user " + email + " exists in ldap");
|
180
|
Filter filter = Filter.createEqualityFilter("mail", email);
|
181
|
SearchRequest searchRequest = new SearchRequest(ldapConnector.getUsersDN(), SearchScope.SUB, filter, "mail");
|
182
|
SearchResult searchResult = connection.search(searchRequest);
|
183
|
|
184
|
if (!searchResult.getSearchEntries().isEmpty()) {
|
185
|
logger.info("Email: " + email + "exists!");
|
186
|
return true;
|
187
|
} else {
|
188
|
return false;
|
189
|
}
|
190
|
} catch (Exception e) {
|
191
|
logger.error("Fail to check if user email exists.", e);
|
192
|
throw e;
|
193
|
} finally {
|
194
|
if (connection != null)
|
195
|
connection.close();
|
196
|
}
|
197
|
}
|
198
|
|
199
|
public boolean usernameExists(String username) throws Exception {
|
200
|
LDAPConnection connection = ldapConnector.getConnection();
|
201
|
|
202
|
try {
|
203
|
logger.debug("checking if user " + username + " exists in ldap");
|
204
|
Filter filter = Filter.createEqualityFilter("uid", username);
|
205
|
SearchRequest searchRequest = new SearchRequest(ldapConnector.getUsersDN(), SearchScope.SUB, filter, "uid");
|
206
|
SearchResult searchResult = connection.search(searchRequest);
|
207
|
|
208
|
if (!searchResult.getSearchEntries().isEmpty()) {
|
209
|
logger.info("Username: " + username + "exists!");
|
210
|
return true;
|
211
|
} else {
|
212
|
return false;
|
213
|
}
|
214
|
|
215
|
} catch (Exception e) {
|
216
|
logger.error("Fail to check if username exists.", e);
|
217
|
throw e;
|
218
|
} finally {
|
219
|
if (connection != null)
|
220
|
connection.close();
|
221
|
}
|
222
|
}
|
223
|
|
224
|
public void resetPassword(String username, String password) throws Exception {
|
225
|
LDAPConnection connection = ldapConnector.getConnection();
|
226
|
|
227
|
try {
|
228
|
|
229
|
Filter filter = Filter.createEqualityFilter("uid", username);
|
230
|
SearchRequest searchRequest = new SearchRequest(ldapConnector.getUsersDN(), SearchScope.SUB, filter, "uid");
|
231
|
SearchResult searchResult = connection.search(searchRequest);
|
232
|
String dn = null;
|
233
|
for (SearchResultEntry entry : searchResult.getSearchEntries()) {
|
234
|
dn = "uid=" + entry.getAttributeValue("uid") + "," + ldapConnector.getUsersDN();
|
235
|
//logger.info("dn " + dn);
|
236
|
}
|
237
|
|
238
|
if(!password.matches("(?=.*\\d)(?=.*[a-z])(?=.*[A-Z]).{6,}")){
|
239
|
throw new CustomLDAPException("Invalid password!");
|
240
|
}
|
241
|
|
242
|
//Modification mod1 = new Modification(ModificationType.REPLACE, "userPassword", password);
|
243
|
PasswordModifyExtendedRequest passwordModifyExtendedRequest = new PasswordModifyExtendedRequest(dn, (String) null, password);
|
244
|
PasswordModifyExtendedResult passwordModifyResult = (PasswordModifyExtendedResult) ldapConnector.getConnection().processExtendedOperation(passwordModifyExtendedRequest);
|
245
|
//connection.modify(dn, mod1);
|
246
|
|
247
|
} catch (Exception e) {
|
248
|
logger.error("Fail to reset password.", e);
|
249
|
throw e;
|
250
|
|
251
|
} finally {
|
252
|
if (connection != null)
|
253
|
connection.close();
|
254
|
}
|
255
|
}
|
256
|
|
257
|
|
258
|
public LDAPConnector getLdapConnector() {
|
259
|
return ldapConnector;
|
260
|
}
|
261
|
|
262
|
public void setLdapConnector(LDAPConnector ldapConnector) {
|
263
|
this.ldapConnector = ldapConnector;
|
264
|
}
|
265
|
}
|