D-Net

package eu.dnetlib.openaire.user.utils;

import com.unboundid.ldap.sdk.*;

import com.unboundid.ldap.sdk.extensions.PasswordModifyExtendedRequest;

import com.unboundid.ldap.sdk.extensions.PasswordModifyExtendedResult;

import eu.dnetlib.openaire.user.store.LDAPConnector;

import org.apache.commons.validator.routines.EmailValidator;

import org.apache.log4j.Logger;

import org.springframework.beans.factory.annotation.Autowired;

import java.util.ArrayList;

import java.util.List;

/**

 * Created by kiatrop on 29/9/2017.

 */

public class LDAPActions {

    private LDAPConnector ldapConnector;

    private Logger logger = Logger.getLogger(LDAPConnector.class);

    public String getUsername(String email) throws LDAPException {

        Filter filter = Filter.createEqualityFilter("mail", email);

        SearchRequest searchRequest = new SearchRequest("dc=openaire,dc=eu", SearchScope.SUB, filter, "uid");

        SearchResult searchResult = ldapConnector.getConnection().search(searchRequest);

        if (searchResult.getSearchEntries() != null) {

            if (searchResult.getSearchEntries().size() > 1) {

                logger.warn("An email is used for two different usernames! We only keep the first one.");

            }

            if (searchResult.getSearchEntries().size() == 0) {

                return null;

            }

            if (searchResult.getSearchEntries().get(0) != null) {

                return searchResult.getSearchEntries().get(0).getAttributeValue("uid");

            }

        }

        return null;

    }

    public Entry createUser(String username, String email, String firstName, String lastName, String institution, String password) throws Exception {

        if(!username.matches("^[a-zA-Z0-9][a-zA-Z0-9_-]{4,150}")){

            throw new CustomLDAPException("Invalid username!");

        }

        if(!EmailValidator.getInstance().isValid(email)){

            throw new CustomLDAPException("Invalid email!");

        }

        Filter uidFilter = Filter.createEqualityFilter("uid", username);

        SearchRequest uidRequest = new SearchRequest("dc=openaire,dc=eu", SearchScope.SUB, uidFilter, "cn", "mail", "uid", "objectClass");

        Filter mailFilter = Filter.createEqualityFilter("mail", email);

        SearchRequest mailRequest = new SearchRequest("dc=openaire,dc=eu", SearchScope.SUB, mailFilter, "cn", "mail", "uid", "objectClass");

        SearchResult searchResult = ldapConnector.getConnection().search(uidRequest);

        if(!searchResult.getSearchEntries().isEmpty()){

            throw new CustomLDAPException("Username " + username + " already exists!");

        }

        searchResult = ldapConnector.getConnection().search(mailRequest);

        if(!searchResult.getSearchEntries().isEmpty()){

            throw new CustomLDAPException("Email " + email + " already exists!");

        }

        Entry entry = new Entry("dn: uid=" + username + ",ou=users,dc=openaire,dc=eu",

                "objectClass: inetOrgPerson",

                "objectClass: eduPerson",

                "cn: "  + username,

                "uid: " + username,

                "displayName: " + firstName + " " + lastName,

                "mail: " + email,

                "givenName: " + firstName,

                "sn: " + lastName,

                "eduPersonPrincipalName: " + username + "@openaire.eu");

        if(institution != null && !institution.isEmpty()) {

            entry.addAttribute("o", institution);

        }

        ldapConnector.getConnection().add(entry);

        PasswordModifyExtendedRequest passwordModifyExtendedRequest = new PasswordModifyExtendedRequest(entry.getDN(), (String) null, password);

        PasswordModifyExtendedResult passwordModifyResult = (PasswordModifyExtendedResult) ldapConnector.getConnection().processExtendedOperation(passwordModifyExtendedRequest);

        logger.info("User: " + username + " was created successfully!");

        return entry;

    }

    public void updateUser(String username, String email, String firstName, String lastName, String password) throws Exception {

        SearchRequest searchRequest = new SearchRequest("dc=openaire,dc=eu", SearchScope.SUB, Filter.createEqualityFilter("uid", username), "mail", "givenName", "sn", "displayName");

        SearchResult searchResult = ldapConnector.getConnection().search(searchRequest);

        List<Modification> mods = new ArrayList<>();

        if (!searchResult.getSearchEntries().isEmpty()) {

            Entry entry = searchResult.getSearchEntries().get(0);

            if(!entry.getAttributeValue("mail").equals(email)){

                if(!EmailValidator.getInstance().isValid(email)){

                    throw new CustomLDAPException("Invalid email!");

                }

                Filter uidFilter = Filter.createEqualityFilter("uid", username);

                Filter mailFilter = Filter.createEqualityFilter("mail", email);

                SearchRequest mailRequest = new SearchRequest("dc=openaire,dc=eu", SearchScope.SUB, Filter.createANDFilter(mailFilter, Filter.createNOTFilter(uidFilter)), "mail", "givenName", "sn", "displayName");

                SearchResult mailResult = ldapConnector.getConnection().search(mailRequest);

                if(!mailResult.getSearchEntries().isEmpty()){

                    throw new CustomLDAPException("Email " + email + " already in use!");

                }

                mods.add(new Modification(ModificationType.REPLACE, "mail", email));

            }

            if(entry.getAttributeValue("givenName") == null){

                mods.add(new Modification(ModificationType.ADD, "givenName", firstName));

            } else if(!entry.getAttributeValue("givenName").equals(firstName)){

                mods.add(new Modification(ModificationType.REPLACE, "givenName", firstName));

            }

            if(entry.getAttributeValue("sn") == null){

                mods.add(new Modification(ModificationType.ADD, "sn", lastName));

            } else if(!entry.getAttributeValue("sn").equals(lastName)){

                mods.add(new Modification(ModificationType.REPLACE, "sn", lastName));

            }

            if(entry.getAttributeValue("displayName") == null) {

                mods.add(new Modification(ModificationType.ADD, "displayName", firstName + " " + lastName));

            } else if (!entry.getAttributeValue("displayName").equals(firstName + " " + lastName)) {

                mods.add(new Modification(ModificationType.REPLACE, "displayName", firstName + " " + lastName));

            }

            //mods.add(new Modification(ModificationType.REPLACE, "userPassword",password));

            if(!mods.isEmpty()) {

                ldapConnector.getConnection().modify(entry.getDN(), mods);

            }

            PasswordModifyExtendedRequest passwordModifyExtendedRequest = new PasswordModifyExtendedRequest(entry.getDN(), (String) null, password);

            PasswordModifyExtendedResult passwordModifyResult = (PasswordModifyExtendedResult) ldapConnector.getConnection().processExtendedOperation(passwordModifyExtendedRequest);

        } else {

            throw new CustomLDAPException("Username " + username + " not found!");

        }

    }

//    public void resetPassword(String username, String email, String password) throws Exception {

//        SearchRequest searchRequest = new SearchRequest("dc=openaire,dc=eu", SearchScope.SUB, Filter.createEqualityFilter("uid", username), "mail");

//        SearchResult searchResult = ldapConnector.getConnection().search(searchRequest);

//        List<Modification> mods = new ArrayList<>();

//

//        if (!searchResult.getSearchEntries().isEmpty()) {

//            Entry entry = searchResult.getSearchEntries().get(0);

//            if(!entry.getAttributeValue("mail").equals(email)){

//                if(!EmailValidator.getInstance().isValid(email)){

//                    throw new CustomLDAPException("Invalid email!");

//                }

//                Filter uidFilter = Filter.createEqualityFilter("uid", username);

//                Filter mailFilter = Filter.createEqualityFilter("mail", email);

//                SearchRequest mailRequest = new SearchRequest("dc=openaire,dc=eu", SearchScope.SUB, Filter.createANDFilter(mailFilter, Filter.createNOTFilter(uidFilter)), "mail", "givenName", "sn", "displayName");

//                SearchResult mailResult = ldapConnector.getConnection().search(mailRequest);

//                if(!mailResult.getSearchEntries().isEmpty()){

//                    throw new CustomLDAPException("Email " + email + " already in use!");

//                }

//                mods.add(new Modification(ModificationType.REPLACE, "mail", email));

//            }

//            //mods.add(new Modification(ModificationType.REPLACE, "userPassword",password));

//            if(!mods.isEmpty()) {

//                ldapConnector.getConnection().modify(entry.getDN(), mods);

//            }

//              if(!password.matches("(?=.*\\d)(?=.*[a-z])(?=.*[A-Z]).{6,}")){

//                   throw new CustomLDAPException("Invalid password!");

//              }

//            PasswordModifyExtendedRequest passwordModifyExtendedRequest = new PasswordModifyExtendedRequest(entry.getDN(), (String) null, password);

//            PasswordModifyExtendedResult passwordModifyResult = (PasswordModifyExtendedResult) ldapConnector.getConnection().processExtendedOperation(passwordModifyExtendedRequest);

//        } else {

//            throw new CustomLDAPException("Username " + username + " not found!");

//        }

//    }

    public boolean emailExists(String email) throws Exception {

        LDAPConnection connection = ldapConnector.getConnection();

        try {

            logger.debug("checking if user " + email + " exists in ldap");

            Filter filter = Filter.createEqualityFilter("mail", email);

            SearchRequest searchRequest = new SearchRequest(ldapConnector.getUsersDN(), SearchScope.SUB, filter, "mail");

            SearchResult searchResult = connection.search(searchRequest);

            if (!searchResult.getSearchEntries().isEmpty()) {

                logger.info("Email: " + email + "exists!");

                return true;

            } else {

                return false;

            }

        } catch (Exception e) {

            logger.error("Fail to check if user email exists.", e);

            throw e;

        } finally {

            if (connection != null)

                connection.close();

        }

    }

    public boolean usernameExists(String username) throws Exception {

        LDAPConnection connection = ldapConnector.getConnection();

        try {

            logger.debug("checking if user " + username + " exists in ldap");

            Filter filter = Filter.createEqualityFilter("uid", username);

            SearchRequest searchRequest = new SearchRequest(ldapConnector.getUsersDN(), SearchScope.SUB, filter, "uid");

            SearchResult searchResult = connection.search(searchRequest);

            if (!searchResult.getSearchEntries().isEmpty()) {

                logger.info("Username: " + username + "exists!");

                return true;

            } else {

                return false;

            }

        } catch (Exception e) {

            logger.error("Fail to check if username exists.", e);

            throw e;

        } finally {

            if (connection != null)

                connection.close();

        }

    }

    public void resetPassword(String username, String password) throws Exception {

        LDAPConnection connection = ldapConnector.getConnection();

        try {

            Filter filter = Filter.createEqualityFilter("uid", username);

            SearchRequest searchRequest = new SearchRequest(ldapConnector.getUsersDN(), SearchScope.SUB, filter, "uid");

            SearchResult searchResult = connection.search(searchRequest);

            String dn = null;

            for (SearchResultEntry entry : searchResult.getSearchEntries()) {

                dn = "uid=" + entry.getAttributeValue("uid") + "," + ldapConnector.getUsersDN();

                //logger.info("dn " + dn);

            }

            if(!password.matches("(?=.*\\d)(?=.*[a-z])(?=.*[A-Z]).{6,}")){

                throw new CustomLDAPException("Invalid password!");

            }

            //Modification mod1 = new Modification(ModificationType.REPLACE, "userPassword", password);

            PasswordModifyExtendedRequest passwordModifyExtendedRequest = new PasswordModifyExtendedRequest(dn, (String) null, password);

            PasswordModifyExtendedResult passwordModifyResult = (PasswordModifyExtendedResult) ldapConnector.getConnection().processExtendedOperation(passwordModifyExtendedRequest);

            //connection.modify(dn, mod1);

        } catch (Exception e) {

            logger.error("Fail to reset password.", e);

            throw e;

        } finally {

            if (connection != null)

                connection.close();

        }

    }

    public LDAPConnector getLdapConnector() {

        return ldapConnector;

    }

    public void setLdapConnector(LDAPConnector ldapConnector) {

        this.ldapConnector = ldapConnector;

    }

}