1
|
package eu.dnetlib.openaire.user.utils;
|
2
|
|
3
|
import com.unboundid.ldap.sdk.*;
|
4
|
import com.unboundid.ldap.sdk.extensions.PasswordModifyExtendedRequest;
|
5
|
import com.unboundid.ldap.sdk.extensions.PasswordModifyExtendedResult;
|
6
|
|
7
|
import eu.dnetlib.openaire.user.store.LDAPConnector;
|
8
|
|
9
|
import org.apache.commons.validator.routines.EmailValidator;
|
10
|
import org.apache.log4j.Logger;
|
11
|
import org.springframework.beans.factory.annotation.Autowired;
|
12
|
|
13
|
import java.util.ArrayList;
|
14
|
import java.util.List;
|
15
|
|
16
|
/**
|
17
|
* Created by kiatrop on 29/9/2017.
|
18
|
*/
|
19
|
|
20
|
public class LDAPActions {
|
21
|
|
22
|
private LDAPConnector ldapConnector;
|
23
|
|
24
|
private Logger logger = Logger.getLogger(LDAPConnector.class);
|
25
|
|
26
|
public String getUsername(String email) throws LDAPException {
|
27
|
Filter filter = Filter.createEqualityFilter("mail", email);
|
28
|
SearchRequest searchRequest = new SearchRequest("dc=openaire,dc=eu", SearchScope.SUB, filter, "uid");
|
29
|
SearchResult searchResult = ldapConnector.getConnection().search(searchRequest);
|
30
|
|
31
|
if (searchResult.getSearchEntries() != null) {
|
32
|
if (searchResult.getSearchEntries().size() > 1) {
|
33
|
logger.warn("An email is used for two different usernames! We only keep the first one.");
|
34
|
}
|
35
|
|
36
|
if (searchResult.getSearchEntries().size() == 0) {
|
37
|
return null;
|
38
|
}
|
39
|
|
40
|
if (searchResult.getSearchEntries().get(0) != null) {
|
41
|
return searchResult.getSearchEntries().get(0).getAttributeValue("uid");
|
42
|
}
|
43
|
}
|
44
|
|
45
|
return null;
|
46
|
}
|
47
|
|
48
|
public Entry createUser(String username, String email, String firstName, String lastName, String institution, String password) throws Exception {
|
49
|
|
50
|
if(!username.matches("^[a-zA-Z0-9][a-zA-Z0-9\\.\\_\\-]{4,150}")){
|
51
|
throw new CustomLDAPException("Invalid username!");
|
52
|
}
|
53
|
|
54
|
if(!EmailValidator.getInstance().isValid(email)){
|
55
|
throw new CustomLDAPException("Invalid email!");
|
56
|
}
|
57
|
|
58
|
Filter uidFilter = Filter.createEqualityFilter("uid", username);
|
59
|
SearchRequest uidRequest = new SearchRequest("dc=openaire,dc=eu", SearchScope.SUB, uidFilter, "cn", "mail", "uid", "objectClass");
|
60
|
|
61
|
Filter mailFilter = Filter.createEqualityFilter("mail", email);
|
62
|
SearchRequest mailRequest = new SearchRequest("dc=openaire,dc=eu", SearchScope.SUB, mailFilter, "cn", "mail", "uid", "objectClass");
|
63
|
|
64
|
SearchResult searchResult = ldapConnector.getConnection().search(uidRequest);
|
65
|
if(!searchResult.getSearchEntries().isEmpty()){
|
66
|
throw new CustomLDAPException("Username " + username + " already exists!");
|
67
|
}
|
68
|
searchResult = ldapConnector.getConnection().search(mailRequest);
|
69
|
if(!searchResult.getSearchEntries().isEmpty()){
|
70
|
throw new CustomLDAPException("Email " + email + " already exists!");
|
71
|
}
|
72
|
|
73
|
Entry entry = new Entry("dn: uid=" + username + ",ou=users,dc=openaire,dc=eu",
|
74
|
"objectClass: inetOrgPerson",
|
75
|
"objectClass: eduPerson",
|
76
|
"cn: " + username,
|
77
|
"uid: " + username,
|
78
|
"displayName: " + firstName + " " + lastName,
|
79
|
"mail: " + email,
|
80
|
"givenName: " + firstName,
|
81
|
"sn: " + lastName,
|
82
|
"eduPersonPrincipalName: " + username + "@openaire.eu");
|
83
|
if(institution != null && !institution.isEmpty()) {
|
84
|
entry.addAttribute("o", institution);
|
85
|
}
|
86
|
ldapConnector.getConnection().add(entry);
|
87
|
PasswordModifyExtendedRequest passwordModifyExtendedRequest = new PasswordModifyExtendedRequest(entry.getDN(), (String) null, password);
|
88
|
PasswordModifyExtendedResult passwordModifyResult = (PasswordModifyExtendedResult) ldapConnector.getConnection().processExtendedOperation(passwordModifyExtendedRequest);
|
89
|
logger.info("User: " + username + " was created successfully!");
|
90
|
|
91
|
return entry;
|
92
|
}
|
93
|
|
94
|
public void updateUser(String username, String email, String firstName, String lastName, String password) throws Exception {
|
95
|
SearchRequest searchRequest = new SearchRequest("dc=openaire,dc=eu", SearchScope.SUB, Filter.createEqualityFilter("uid", username), "mail", "givenName", "sn", "displayName");
|
96
|
SearchResult searchResult = ldapConnector.getConnection().search(searchRequest);
|
97
|
List<Modification> mods = new ArrayList<>();
|
98
|
|
99
|
if (!searchResult.getSearchEntries().isEmpty()) {
|
100
|
Entry entry = searchResult.getSearchEntries().get(0);
|
101
|
if(!entry.getAttributeValue("mail").equals(email)){
|
102
|
if(!EmailValidator.getInstance().isValid(email)){
|
103
|
throw new CustomLDAPException("Invalid email!");
|
104
|
}
|
105
|
Filter uidFilter = Filter.createEqualityFilter("uid", username);
|
106
|
Filter mailFilter = Filter.createEqualityFilter("mail", email);
|
107
|
SearchRequest mailRequest = new SearchRequest("dc=openaire,dc=eu", SearchScope.SUB, Filter.createANDFilter(mailFilter, Filter.createNOTFilter(uidFilter)), "mail", "givenName", "sn", "displayName");
|
108
|
SearchResult mailResult = ldapConnector.getConnection().search(mailRequest);
|
109
|
if(!mailResult.getSearchEntries().isEmpty()){
|
110
|
throw new CustomLDAPException("Email " + email + " already in use!");
|
111
|
}
|
112
|
mods.add(new Modification(ModificationType.REPLACE, "mail", email));
|
113
|
}
|
114
|
if(entry.getAttributeValue("givenName") == null){
|
115
|
mods.add(new Modification(ModificationType.ADD, "givenName", firstName));
|
116
|
} else if(!entry.getAttributeValue("givenName").equals(firstName)){
|
117
|
mods.add(new Modification(ModificationType.REPLACE, "givenName", firstName));
|
118
|
}
|
119
|
if(entry.getAttributeValue("sn") == null){
|
120
|
mods.add(new Modification(ModificationType.ADD, "sn", lastName));
|
121
|
} else if(!entry.getAttributeValue("sn").equals(lastName)){
|
122
|
mods.add(new Modification(ModificationType.REPLACE, "sn", lastName));
|
123
|
}
|
124
|
if(entry.getAttributeValue("displayName") == null) {
|
125
|
mods.add(new Modification(ModificationType.ADD, "displayName", firstName + " " + lastName));
|
126
|
} else if (!entry.getAttributeValue("displayName").equals(firstName + " " + lastName)) {
|
127
|
mods.add(new Modification(ModificationType.REPLACE, "displayName", firstName + " " + lastName));
|
128
|
}
|
129
|
|
130
|
//mods.add(new Modification(ModificationType.REPLACE, "userPassword",password));
|
131
|
if(!mods.isEmpty()) {
|
132
|
ldapConnector.getConnection().modify(entry.getDN(), mods);
|
133
|
}
|
134
|
PasswordModifyExtendedRequest passwordModifyExtendedRequest = new PasswordModifyExtendedRequest(entry.getDN(), (String) null, password);
|
135
|
PasswordModifyExtendedResult passwordModifyResult = (PasswordModifyExtendedResult) ldapConnector.getConnection().processExtendedOperation(passwordModifyExtendedRequest);
|
136
|
} else {
|
137
|
throw new CustomLDAPException("Username " + username + " not found!");
|
138
|
}
|
139
|
}
|
140
|
|
141
|
// public void resetPassword(String username, String email, String password) throws Exception {
|
142
|
// SearchRequest searchRequest = new SearchRequest("dc=openaire,dc=eu", SearchScope.SUB, Filter.createEqualityFilter("uid", username), "mail");
|
143
|
// SearchResult searchResult = ldapConnector.getConnection().search(searchRequest);
|
144
|
// List<Modification> mods = new ArrayList<>();
|
145
|
//
|
146
|
// if (!searchResult.getSearchEntries().isEmpty()) {
|
147
|
// Entry entry = searchResult.getSearchEntries().get(0);
|
148
|
// if(!entry.getAttributeValue("mail").equals(email)){
|
149
|
// if(!EmailValidator.getInstance().isValid(email)){
|
150
|
// throw new CustomLDAPException("Invalid email!");
|
151
|
// }
|
152
|
// Filter uidFilter = Filter.createEqualityFilter("uid", username);
|
153
|
// Filter mailFilter = Filter.createEqualityFilter("mail", email);
|
154
|
// SearchRequest mailRequest = new SearchRequest("dc=openaire,dc=eu", SearchScope.SUB, Filter.createANDFilter(mailFilter, Filter.createNOTFilter(uidFilter)), "mail", "givenName", "sn", "displayName");
|
155
|
// SearchResult mailResult = ldapConnector.getConnection().search(mailRequest);
|
156
|
// if(!mailResult.getSearchEntries().isEmpty()){
|
157
|
// throw new CustomLDAPException("Email " + email + " already in use!");
|
158
|
// }
|
159
|
// mods.add(new Modification(ModificationType.REPLACE, "mail", email));
|
160
|
// }
|
161
|
// //mods.add(new Modification(ModificationType.REPLACE, "userPassword",password));
|
162
|
// if(!mods.isEmpty()) {
|
163
|
// ldapConnector.getConnection().modify(entry.getDN(), mods);
|
164
|
// }
|
165
|
// if(!password.matches("(?=.*\\d)(?=.*[a-z])(?=.*[A-Z]).{6,}")){
|
166
|
// throw new CustomLDAPException("Invalid password!");
|
167
|
// }
|
168
|
// PasswordModifyExtendedRequest passwordModifyExtendedRequest = new PasswordModifyExtendedRequest(entry.getDN(), (String) null, password);
|
169
|
// PasswordModifyExtendedResult passwordModifyResult = (PasswordModifyExtendedResult) ldapConnector.getConnection().processExtendedOperation(passwordModifyExtendedRequest);
|
170
|
// } else {
|
171
|
// throw new CustomLDAPException("Username " + username + " not found!");
|
172
|
// }
|
173
|
// }
|
174
|
|
175
|
// public void deleteUser(String username/*, String email */) throws Exception {
|
176
|
// LDAPConnection connection = ldapConnector.getConnection();
|
177
|
// List<Modification> mods = new ArrayList<>();
|
178
|
//
|
179
|
// try {
|
180
|
//
|
181
|
// //mods.add(new Modification(ModificationType.DELETE, "mail", email));
|
182
|
// mods.add(new Modification(ModificationType.DELETE, "uid", username));
|
183
|
// logger.info("User: " + username + "was deleted!");
|
184
|
// if(!mods.isEmpty()) {
|
185
|
// ldapConnector.getConnection().modify(ldapConnector.getUsersDN(), mods);
|
186
|
// }
|
187
|
//
|
188
|
// } catch (Exception e) {
|
189
|
// logger.error("Fail to delete user.", e);
|
190
|
// throw e;
|
191
|
// } finally {
|
192
|
// if (connection != null)
|
193
|
// connection.close();
|
194
|
// }
|
195
|
// }
|
196
|
|
197
|
public Entry createZombieUser(String username, String email, String firstName, String lastName, String institution, String password) throws Exception {
|
198
|
|
199
|
if(!username.matches("^[a-zA-Z0-9][a-zA-Z0-9\\.\\_\\-]{4,150}")){
|
200
|
throw new CustomLDAPException("Invalid username!");
|
201
|
}
|
202
|
|
203
|
if(!EmailValidator.getInstance().isValid(email)){
|
204
|
throw new CustomLDAPException("Invalid email!");
|
205
|
}
|
206
|
|
207
|
Filter uidFilter = Filter.createEqualityFilter("uid", username);
|
208
|
SearchRequest uidRequest = new SearchRequest("dc=openaire,dc=eu", SearchScope.SUB, uidFilter, "cn", "mail", "uid", "objectClass");
|
209
|
|
210
|
Filter mailFilter = Filter.createEqualityFilter("mail", email);
|
211
|
SearchRequest mailRequest = new SearchRequest("dc=openaire,dc=eu", SearchScope.SUB, mailFilter, "cn", "mail", "uid", "objectClass");
|
212
|
|
213
|
SearchResult searchResult = ldapConnector.getConnection().search(uidRequest);
|
214
|
if(!searchResult.getSearchEntries().isEmpty()){
|
215
|
logger.info("S" + searchResult.getSearchEntries());
|
216
|
throw new CustomLDAPException("Username " + username + " already exists!");
|
217
|
}
|
218
|
searchResult = ldapConnector.getConnection().search(mailRequest);
|
219
|
if(!searchResult.getSearchEntries().isEmpty()){
|
220
|
throw new CustomLDAPException("Email " + email + " already exists!");
|
221
|
}
|
222
|
|
223
|
Entry entry = new Entry("dn: uid=" + username + ",ou=zombies,dc=openaire,dc=eu",
|
224
|
"objectClass: inetOrgPerson",
|
225
|
"objectClass: eduPerson",
|
226
|
"cn: " + username,
|
227
|
"uid: " + username,
|
228
|
"displayName: " + firstName + " " + lastName,
|
229
|
"mail: " + email,
|
230
|
"givenName: " + firstName,
|
231
|
"sn: " + lastName,
|
232
|
"eduPersonPrincipalName: " + username + "@openaire.eu");
|
233
|
if(institution != null && !institution.isEmpty()) {
|
234
|
entry.addAttribute("o", institution);
|
235
|
}
|
236
|
ldapConnector.getConnection().add(entry);
|
237
|
PasswordModifyExtendedRequest passwordModifyExtendedRequest = new PasswordModifyExtendedRequest(entry.getDN(), (String) null, password);
|
238
|
PasswordModifyExtendedResult passwordModifyResult = (PasswordModifyExtendedResult) ldapConnector.getConnection().processExtendedOperation(passwordModifyExtendedRequest);
|
239
|
logger.info("User: " + username + " was created successfully!");
|
240
|
|
241
|
return entry;
|
242
|
}
|
243
|
|
244
|
public void moveUser(String username) throws Exception {
|
245
|
LDAPConnection connection = ldapConnector.getConnection();
|
246
|
|
247
|
try {
|
248
|
logger.info("Moving user:" +username);
|
249
|
ModifyDNRequest modifyDNRequest =
|
250
|
new ModifyDNRequest("uid=" + username + ",ou=zombies,dc=openaire,dc=eu", "uid=" + username, true, "ou=users,dc=openaire,dc=eu");
|
251
|
|
252
|
// ModifyDNRequest modifyDNRequest =
|
253
|
// new ModifyDNRequest("uid=" + username + ",ou=zombies,dc=openaire,dc=eu","uid=" + username + ",ou=users,dc=openaire,dc=eu", true);
|
254
|
//
|
255
|
LDAPResult result = connection.modifyDN(modifyDNRequest);
|
256
|
}
|
257
|
catch (Exception e){
|
258
|
logger.error("Fail to move user.", e);
|
259
|
throw e;
|
260
|
} finally {
|
261
|
if (connection != null)
|
262
|
connection.close();
|
263
|
}
|
264
|
|
265
|
}
|
266
|
|
267
|
public boolean isZombieUsersEmail(String email) throws Exception{
|
268
|
LDAPConnection connection = ldapConnector.getConnection();
|
269
|
|
270
|
try {
|
271
|
logger.debug("checking if zombie user " + email + " exists in ldap");
|
272
|
Filter filter = Filter.createEqualityFilter("mail", email);
|
273
|
SearchRequest searchRequest = new SearchRequest(ldapConnector.getZombiesDN(), SearchScope.SUB, filter, "mail");
|
274
|
SearchResult searchResult = connection.search(searchRequest);
|
275
|
|
276
|
if (!searchResult.getSearchEntries().isEmpty()) {
|
277
|
logger.info("Zombie user with email: " + email + " exists!");
|
278
|
return true;
|
279
|
} else {
|
280
|
return false;
|
281
|
}
|
282
|
} catch (Exception e) {
|
283
|
logger.error("Fail to check if zombie user email exists.", e);
|
284
|
throw e;
|
285
|
} finally {
|
286
|
if (connection != null)
|
287
|
connection.close();
|
288
|
}
|
289
|
}
|
290
|
|
291
|
public boolean isZombieUsersUsername(String username) throws Exception {
|
292
|
LDAPConnection connection = ldapConnector.getConnection();
|
293
|
|
294
|
try {
|
295
|
logger.debug("checking if zombie user " + username + " exists in ldap");
|
296
|
Filter filter = Filter.createEqualityFilter("uid", username);
|
297
|
SearchRequest searchRequest = new SearchRequest(ldapConnector.getZombiesDN(), SearchScope.SUB, filter, "uid");
|
298
|
SearchResult searchResult = connection.search(searchRequest);
|
299
|
|
300
|
if (!searchResult.getSearchEntries().isEmpty()) {
|
301
|
logger.info("Zombie user with username: " + username + " exists!");
|
302
|
return true;
|
303
|
} else {
|
304
|
return false;
|
305
|
}
|
306
|
|
307
|
} catch (Exception e) {
|
308
|
logger.error("Fail to check if zombie username exists.", e);
|
309
|
throw e;
|
310
|
} finally {
|
311
|
if (connection != null)
|
312
|
connection.close();
|
313
|
}
|
314
|
}
|
315
|
|
316
|
|
317
|
public boolean emailExists(String email) throws Exception {
|
318
|
LDAPConnection connection = ldapConnector.getConnection();
|
319
|
|
320
|
try {
|
321
|
logger.debug("checking if user " + email + " exists in ldap");
|
322
|
Filter filter = Filter.createEqualityFilter("mail", email);
|
323
|
SearchRequest searchRequest = new SearchRequest(ldapConnector.getUsersDN(), SearchScope.SUB, filter, "mail");
|
324
|
SearchResult searchResult = connection.search(searchRequest);
|
325
|
|
326
|
if (!searchResult.getSearchEntries().isEmpty()) {
|
327
|
logger.info("User with email: " + email + " exists!");
|
328
|
return true;
|
329
|
} else {
|
330
|
return false;
|
331
|
}
|
332
|
} catch (Exception e) {
|
333
|
logger.error("Fail to check if user email exists.", e);
|
334
|
throw e;
|
335
|
} finally {
|
336
|
if (connection != null)
|
337
|
connection.close();
|
338
|
}
|
339
|
}
|
340
|
|
341
|
public boolean usernameExists(String username) throws Exception {
|
342
|
LDAPConnection connection = ldapConnector.getConnection();
|
343
|
|
344
|
try {
|
345
|
logger.debug("checking if user " + username + " exists in ldap");
|
346
|
Filter filter = Filter.createEqualityFilter("uid", username);
|
347
|
SearchRequest searchRequest = new SearchRequest(ldapConnector.getUsersDN(), SearchScope.SUB, filter, "uid");
|
348
|
SearchResult searchResult = connection.search(searchRequest);
|
349
|
|
350
|
if (!searchResult.getSearchEntries().isEmpty()) {
|
351
|
logger.info("User with username: " + username + " exists!");
|
352
|
return true;
|
353
|
} else {
|
354
|
return false;
|
355
|
}
|
356
|
|
357
|
} catch (Exception e) {
|
358
|
logger.error("Fail to check if username exists.", e);
|
359
|
throw e;
|
360
|
} finally {
|
361
|
if (connection != null)
|
362
|
connection.close();
|
363
|
}
|
364
|
}
|
365
|
|
366
|
public void resetPassword(String username, String password) throws Exception {
|
367
|
LDAPConnection connection = ldapConnector.getConnection();
|
368
|
|
369
|
try {
|
370
|
|
371
|
Filter filter = Filter.createEqualityFilter("uid", username);
|
372
|
SearchRequest searchRequest = new SearchRequest(ldapConnector.getUsersDN(), SearchScope.SUB, filter, "uid");
|
373
|
SearchResult searchResult = connection.search(searchRequest);
|
374
|
String dn = null;
|
375
|
for (SearchResultEntry entry : searchResult.getSearchEntries()) {
|
376
|
dn = "uid=" + entry.getAttributeValue("uid") + "," + ldapConnector.getUsersDN();
|
377
|
//logger.info("dn " + dn);
|
378
|
}
|
379
|
|
380
|
if(!password.matches("(?=.*\\d)(?=.*[a-z])(?=.*[A-Z]).{6,}")){
|
381
|
throw new CustomLDAPException("Invalid password!");
|
382
|
}
|
383
|
|
384
|
//Modification mod1 = new Modification(ModificationType.REPLACE, "userPassword", password);
|
385
|
PasswordModifyExtendedRequest passwordModifyExtendedRequest = new PasswordModifyExtendedRequest(dn, (String) null, password);
|
386
|
PasswordModifyExtendedResult passwordModifyResult = (PasswordModifyExtendedResult) ldapConnector.getConnection().processExtendedOperation(passwordModifyExtendedRequest);
|
387
|
//connection.modify(dn, mod1);
|
388
|
|
389
|
} catch (Exception e) {
|
390
|
logger.error("Fail to reset password.", e);
|
391
|
throw e;
|
392
|
|
393
|
} finally {
|
394
|
if (connection != null)
|
395
|
connection.close();
|
396
|
}
|
397
|
}
|
398
|
|
399
|
|
400
|
public LDAPConnector getLdapConnector() {
|
401
|
return ldapConnector;
|
402
|
}
|
403
|
|
404
|
public void setLdapConnector(LDAPConnector ldapConnector) {
|
405
|
this.ldapConnector = ldapConnector;
|
406
|
}
|
407
|
}
|