private void setUpBackground()
throws VoExistsException, InternalErrorException, GroupExistsException,
AlreadyMemberException, WrongAttributeValueException, WrongAttributeAssignmentException,
WrongReferenceAttributeValueException, NotMemberOfParentGroupException,
AlreadyAdminException, AttributeNotExistsException {
vo1 = perun.getVosManagerBl().createVo(session, new Vo(1, "vo1", "vo1"));
group1 =
perun.getGroupsManagerBl().createGroup(session, vo1, new Group("group1", "group1 in vo1"));
group2 =
perun
.getGroupsManagerBl()
.createGroup(session, group1, new Group("group2", "group2 is subgroup of group1"));
member1 = perun.getMembersManagerBl().createMember(session, vo1, user1);
perun.getGroupsManagerBl().addMember(session, group2, member1);
}
/**
* Creates ExtSource and UserExtSource if necessary for the purpose of joining users identities.
*
* @param user User to add UES to
* @param actor Actor to add
* @param extSourceName ExtSource name to add
* @param extSourceType ExtSource type to add
* @param loa loa in ext source
* @throws PerunException when anything fails
*/
private void createExtSourceAndUserExtSource(
User user, String actor, String extSourceName, String extSourceType, int loa)
throws PerunException {
ExtSource extSource = new ExtSource(extSourceName, extSourceType);
try {
extSource =
perun.getExtSourcesManagerBl().getExtSourceByName(registrarSession, extSourceName);
} catch (ExtSourceNotExistsException ex) {
extSource = perun.getExtSourcesManager().createExtSource(registrarSession, extSource, null);
}
UserExtSource ues = new UserExtSource();
ues.setLogin(actor);
ues.setLoa(loa);
ues.setExtSource(extSource);
perun.getUsersManager().addUserExtSource(registrarSession, user, ues);
}
private User setUpUser1()
throws InternalErrorException, WrongAttributeAssignmentException,
WrongAttributeValueException, WrongReferenceAttributeValueException {
User user = new User();
user.setFirstName("James");
user.setMiddleName("");
user.setLastName("Bond");
user.setTitleBefore("");
user.setTitleAfter("");
return perun.getUsersManagerBl().createUser(session, user);
}
@Before
public void setUpSession() throws Exception {
session =
perun.getPerunSession(
new PerunPrincipal(
"perunTests",
ExtSourcesManager.EXTSOURCE_INTERNAL,
ExtSourcesManager.EXTSOURCE_INTERNAL));
user1 = setUpUser1();
setUpBackground();
session.getPerunPrincipal().setUser(user1);
}
@Override
public List<Identity> checkForSimilarUsers(
PerunSession sess, List<ApplicationFormItemData> formItems) throws PerunException {
if (sess.getPerunPrincipal().getUser() != null || formItems == null) {
return new ArrayList<Identity>();
}
Set<RichUser> res = new HashSet<RichUser>();
List<String> attrNames = new ArrayList<String>();
attrNames.add("urn:perun:user:attribute-def:def:preferredMail");
attrNames.add("urn:perun:user:attribute-def:def:organization");
for (ApplicationFormItemData item : formItems) {
String value = item.getValue();
if (item.getFormItem().getType().equals(ApplicationFormItem.Type.VALIDATED_EMAIL)) {
// search by email
if (value != null && !value.isEmpty())
res.addAll(
perun
.getUsersManager()
.findRichUsersWithAttributesByExactMatch(registrarSession, value, attrNames));
}
if (Objects.equals(
item.getFormItem().getPerunDestinationAttribute(),
"urn:perun:user:attribute-def:core:displayName")) {
// search by name
if (value != null && !value.isEmpty())
res.addAll(
perun
.getUsersManager()
.findRichUsersWithAttributesByExactMatch(registrarSession, value, attrNames));
}
}
return convertToIdentities(new ArrayList<RichUser>(res));
}
public void removeAdmin(PerunSession sess, Vo vo, User user)
throws InternalErrorException, PrivilegeException, VoNotExistsException,
UserNotAdminException, UserNotExistsException {
Utils.notNull(sess, "sess");
vosManagerBl.checkVoExists(sess, vo);
perunBl.getUsersManagerBl().checkUserExists(sess, user);
// Authorization - Vo admin required
if (!AuthzResolver.isAuthorized(sess, Role.VOADMIN, vo)) {
throw new PrivilegeException(sess, "deleteAdmin");
}
vosManagerBl.removeAdmin(sess, vo, user);
}
@Override
public void addAdmin(PerunSession sess, Vo vo, Group group)
throws InternalErrorException, PrivilegeException, AlreadyAdminException,
VoNotExistsException, GroupNotExistsException {
Utils.notNull(sess, "sess");
vosManagerBl.checkVoExists(sess, vo);
perunBl.getGroupsManagerBl().checkGroupExists(sess, group);
// Authorization - Vo admin required
if (!AuthzResolver.isAuthorized(sess, Role.VOADMIN, vo)) {
throw new PrivilegeException(sess, "addAdmin");
}
vosManagerBl.addAdmin(sess, vo, group);
}
protected void initialize() throws PerunException {
// gets session for a system principal "perunRegistrar"
final PerunPrincipal pp =
new PerunPrincipal(
"perunRegistrar",
ExtSourcesManager.EXTSOURCE_NAME_INTERNAL,
ExtSourcesManager.EXTSOURCE_INTERNAL);
registrarSession = perun.getPerunSession(pp, new PerunClient());
// cache expires after 5 minutes from creation
requestCache =
ExpiringMap.builder()
.expiration(5, TimeUnit.MINUTES)
.expirationPolicy(ExpiringMap.ExpirationPolicy.CREATED)
.build();
}
public List<String> pollConsumerFullMessages(String consumerName) throws InternalErrorException {
return perunBl.getAuditer().pollConsumerFullMessages(consumerName);
}
@Override
public List<UserExtSource> consolidateIdentityUsingToken(PerunSession sess, String token)
throws PerunException {
Map<String, Object> originalIdentity = requestCache.get(token);
if (originalIdentity == null) {
throw new InvalidTokenException(
"Your token for joining identities is no longer valid. Please retry from the start.");
}
User originalUser = (User) originalIdentity.get("user");
User currentUser = sess.getPerunPrincipal().getUser();
if (originalUser == null && currentUser == null) {
IdentityUnknownException ex =
new IdentityUnknownException(
"Neither original or current identity is know to Perun. Please use at least one identity known to Perun.");
ex.setLogin((String) originalIdentity.get("actor"));
ex.setSource2((String) originalIdentity.get("extSourceName"));
ex.setSourceType2((String) originalIdentity.get("extSourceType"));
ex.setLogin2(sess.getPerunPrincipal().getActor());
ex.setSource2(sess.getPerunPrincipal().getExtSourceName());
ex.setSourceType2(sess.getPerunPrincipal().getExtSourceType());
throw ex;
}
if (originalIdentity.get("extSourceName").equals(sess.getPerunPrincipal().getExtSourceName())
&& originalIdentity.get("actor").equals(sess.getPerunPrincipal().getActor())
&& originalIdentity
.get("extSourceType")
.equals(sess.getPerunPrincipal().getExtSourceType())) {
IdentityIsSameException ex =
new IdentityIsSameException(
"You tried to join same identity with itself. Please try again but select different identity.");
ex.setLogin(sess.getPerunPrincipal().getActor());
ex.setSource(sess.getPerunPrincipal().getExtSourceName());
ex.setSourceType(sess.getPerunPrincipal().getExtSourceType());
throw ex;
}
if (originalUser != null && currentUser != null && originalUser.equals(currentUser)) {
throw new IdentitiesAlreadyJoinedException("You already have both identities joined.");
}
if (originalUser != null && currentUser != null && !originalUser.equals(currentUser)) {
throw new IdentityAlreadyInUseException(
"Your identity is already associated with a different user. If you are really the same person, please contact support to help you.",
originalUser,
currentUser);
}
// merge original identity into current user
if (originalUser == null) {
createExtSourceAndUserExtSource(
currentUser,
(String) originalIdentity.get("actor"),
(String) originalIdentity.get("extSourceName"),
(String) originalIdentity.get("extSourceType"),
(Integer) originalIdentity.get("extSourceLoa"));
}
// merge current identity into original user
if (currentUser == null) {
createExtSourceAndUserExtSource(
originalUser,
sess.getPerunPrincipal().getActor(),
sess.getPerunPrincipal().getExtSourceName(),
sess.getPerunPrincipal().getExtSourceType(),
sess.getPerunPrincipal().getExtSourceLoa());
}
AuthzResolverBlImpl.refreshSession(sess);
requestCache.remove(token);
return perun.getUsersManager().getUserExtSources(sess, sess.getPerunPrincipal().getUser());
}
@Override
public List<Identity> checkForSimilarUsers(PerunSession sess, int appId) throws PerunException {
String email = "";
String name = "";
List<RichUser> result = new ArrayList<RichUser>();
List<String> attrNames = new ArrayList<String>();
attrNames.add("urn:perun:user:attribute-def:def:preferredMail");
attrNames.add("urn:perun:user:attribute-def:def:organization");
Application app = registrarManager.getApplicationById(registrarSession, appId);
if (app.getGroup() == null) {
if (!AuthzResolver.isAuthorized(sess, Role.VOADMIN, app.getVo())) {
if (sess.getPerunPrincipal().getUser() != null) {
// check if application to find similar users by belongs to user
if (!sess.getPerunPrincipal().getUser().equals(app.getUser()))
throw new PrivilegeException("checkForSimilarUsers");
} else {
if (!sess.getPerunPrincipal().getExtSourceName().equals(app.getExtSourceName())
&& !sess.getPerunPrincipal().getActor().equals(app.getCreatedBy()))
throw new PrivilegeException("checkForSimilarUsers");
}
}
} else {
if (!AuthzResolver.isAuthorized(sess, Role.VOADMIN, app.getVo())
&& !AuthzResolver.isAuthorized(sess, Role.GROUPADMIN, app.getGroup())) {
if (sess.getPerunPrincipal().getUser() != null) {
// check if application to find similar users by belongs to user
if (!sess.getPerunPrincipal().getUser().equals(app.getUser()))
throw new PrivilegeException("checkForSimilarUsers");
} else {
if (!sess.getPerunPrincipal().getExtSourceName().equals(app.getExtSourceName())
&& !sess.getPerunPrincipal().getActor().equals(app.getCreatedBy()))
throw new PrivilegeException("checkForSimilarUsers");
}
}
}
// only for initial VO applications if user==null
if (app.getType().equals(Application.AppType.INITIAL)
&& app.getGroup() == null
&& app.getUser() == null) {
try {
User u =
perun
.getUsersManager()
.getUserByExtSourceNameAndExtLogin(
registrarSession, app.getExtSourceName(), app.getCreatedBy());
if (u != null) {
// user connected his identity after app creation and before it's approval.
// do not show error message in GUI by returning an empty array.
return convertToIdentities(result);
}
} catch (Exception ex) {
// we don't care, let's try to search by name
}
List<ApplicationFormItemData> data = registrarManager.getApplicationDataById(sess, appId);
// search by email, which should be unique (check is more precise)
for (ApplicationFormItemData item : data) {
if ("urn:perun:user:attribute-def:def:preferredMail"
.equals(item.getFormItem().getPerunDestinationAttribute())) {
email = item.getValue();
}
if (email != null && !email.isEmpty()) break;
}
List<RichUser> users =
(email != null && !email.isEmpty())
? perun
.getUsersManager()
.findRichUsersWithAttributesByExactMatch(registrarSession, email, attrNames)
: new ArrayList<RichUser>();
if (users != null && !users.isEmpty()) {
// found by preferredMail
return convertToIdentities(users);
}
// search by different mail
email = ""; // clear previous value
for (ApplicationFormItemData item : data) {
if ("urn:perun:member:attribute-def:def:mail"
.equals(item.getFormItem().getPerunDestinationAttribute())) {
email = item.getValue();
}
if (email != null && !email.isEmpty()) break;
}
users =
(email != null && !email.isEmpty())
? perun
.getUsersManager()
.findRichUsersWithAttributesByExactMatch(registrarSession, email, attrNames)
: new ArrayList<RichUser>();
if (users != null && !users.isEmpty()) {
// found by member mail
return convertToIdentities(users);
}
// continue to search by display name
for (ApplicationFormItemData item : data) {
if (RegistrarManagerImpl.URN_USER_DISPLAY_NAME.equals(
item.getFormItem().getPerunDestinationAttribute())) {
name = item.getValue();
// use parsed name to drop mistakes on IDP side
try {
if (name != null && !name.isEmpty()) {
Map<String, String> nameMap = Utils.parseCommonName(name);
// drop name titles to spread search
String newName = "";
if (nameMap.get("firstName") != null && !nameMap.get("firstName").isEmpty()) {
newName += nameMap.get("firstName") + " ";
}
if (nameMap.get("lastName") != null && !nameMap.get("lastName").isEmpty()) {
newName += nameMap.get("lastName");
}
// fill parsed name instead of input
if (newName != null && !newName.isEmpty()) {
name = newName;
}
}
} catch (Exception ex) {
log.error(
"[REGISTRAR] Unable to parse new user's display/common name when searching for similar users. Exception: {}",
ex);
}
if (name != null && !name.isEmpty()) break;
}
}
users =
(name != null && !name.isEmpty())
? perun
.getUsersManager()
.findRichUsersWithAttributesByExactMatch(registrarSession, name, attrNames)
: new ArrayList<RichUser>();
if (users != null && !users.isEmpty()) {
// found by member display name
return convertToIdentities(users);
}
// continue to search by last name
name = ""; // clear previous value
for (ApplicationFormItemData item : data) {
if (RegistrarManagerImpl.URN_USER_LAST_NAME.equals(
item.getFormItem().getPerunDestinationAttribute())) {
name = item.getValue();
if (name != null && !name.isEmpty()) break;
}
}
if (name != null && !name.isEmpty()) {
// what was found by name
return convertToIdentities(
perun
.getUsersManager()
.findRichUsersWithAttributesByExactMatch(registrarSession, name, attrNames));
} else {
// not found by name
return convertToIdentities(result);
}
} else {
// not found, since not proper type of application to check users for
return convertToIdentities(result);
}
}
@Override
public List<Identity> checkForSimilarUsers(PerunSession sess) throws PerunException {
// if user known, doesn't actually search and offer joining.
if (sess.getPerunPrincipal().getUser() != null) {
return new ArrayList<Identity>();
}
// if user known, doesn't actually search and offer joining.
try {
perun
.getUsersManager()
.getUserByExtSourceNameAndExtLogin(
registrarSession,
sess.getPerunPrincipal().getExtSourceName(),
sess.getPerunPrincipal().getActor());
return new ArrayList<Identity>();
} catch (Exception ex) {
// we don't care, that search failed. That is actually OK case.
}
String name = "";
String mail = "";
Set<RichUser> res = new HashSet<RichUser>();
List<String> attrNames = new ArrayList<String>();
attrNames.add("urn:perun:user:attribute-def:def:preferredMail");
attrNames.add("urn:perun:user:attribute-def:def:organization");
mail = sess.getPerunPrincipal().getAdditionalInformations().get("mail");
if (mail != null) {
if (mail.contains(";")) {
String mailSearch[] = mail.split(";");
for (String m : mailSearch) {
if (m != null && !m.isEmpty())
res.addAll(
perun
.getUsersManager()
.findRichUsersWithAttributesByExactMatch(registrarSession, m, attrNames));
}
} else {
res.addAll(
perun
.getUsersManager()
.findRichUsersWithAttributesByExactMatch(registrarSession, mail, attrNames));
}
}
// check by mail is more precise, so check by name only if nothing is found.
if (res.isEmpty()) {
name = sess.getPerunPrincipal().getAdditionalInformations().get("cn");
if (name != null && !name.isEmpty())
res.addAll(
perun
.getUsersManager()
.findRichUsersWithAttributesByExactMatch(registrarSession, name, attrNames));
name = sess.getPerunPrincipal().getAdditionalInformations().get("displayName");
if (name != null && !name.isEmpty())
res.addAll(
perun
.getUsersManager()
.findRichUsersWithAttributesByExactMatch(registrarSession, name, attrNames));
}
return convertToIdentities(new ArrayList<RichUser>(res));
}
public List<AuditMessage> getMessagesByCount(PerunSession perunSession, int count)
throws InternalErrorException {
return perunBl.getAuditer().getMessagesByCount(count);
}
public List<AuditMessage> pollConsumerMessagesForParser(String consumerName)
throws InternalErrorException {
return perunBl.getAuditer().pollConsumerMessagesForParser(consumerName);
}
public void setLastProcessedId(String consumerName, int lastProcessedId)
throws InternalErrorException {
perunBl.getAuditer().setLastProcessedId(consumerName, lastProcessedId);
}
public int getLastMessageId() throws InternalErrorException {
return perunBl.getAuditer().getLastMessageId();
}
public Map<String, Integer> getAllAuditerConsumers(PerunSession perunSession)
throws InternalErrorException {
return perunBl.getAuditer().getAllAuditerConsumers(perunSession);
}
public void log(PerunSession perunSession, String message) throws InternalErrorException {
perunBl.getAuditer().log(perunSession, message);
}
@Override
public Set<Integer> send(List<PerunNotifMessageDto> dtosToSend) {
Set<Integer> usedPoolIds = new HashSet<Integer>();
List<PerunNotifEmailMessageToSendDto> messagesToSend =
new ArrayList<PerunNotifEmailMessageToSendDto>();
for (PerunNotifMessageDto messageDto : dtosToSend) {
PoolMessage dto = messageDto.getPoolMessage();
PerunNotifTemplate template = messageDto.getTemplate();
PerunNotifReceiver receiver = messageDto.getReceiver();
try {
String groupSender = dto.getKeyAttributes().get(template.getSender());
if (groupSender == null || groupSender.isEmpty()) {
groupSender = template.getSender();
}
logger.debug("Calculated sender : {}", groupSender);
Integer groupId = Integer.valueOf(receiver.getTarget());
Group group = perun.getGroupsManagerBl().getGroupById(session, groupId);
List<Member> groupMembers = perun.getGroupsManagerBl().getGroupMembers(session, group);
if (groupMembers != null) {
for (Member member : groupMembers) {
try {
PerunNotifEmailMessageToSendDto memberEmailDto =
new PerunNotifEmailMessageToSendDto();
memberEmailDto.setMessage(messageDto.getMessageToSend());
memberEmailDto.setSubject(messageDto.getSubject());
memberEmailDto.setReceiver(
(String)
perun
.getAttributesManagerBl()
.getAttribute(
session,
perun.getUsersManager().getUserByMember(session, member),
"urn:perun:user:attribute-def:def:preferredMail")
.getValue());
memberEmailDto.setSender(groupSender);
messagesToSend.add(memberEmailDto);
} catch (Exception ex) {
logger.error(
"PreferredEmail cannot be retrieved, userId: {}", member.getUserId(), ex);
}
}
}
usedPoolIds.addAll(messageDto.getUsedPoolIds());
} catch (NumberFormatException ex) {
logger.error("GroupId cannot be parsed: {}", receiver.getTarget());
} catch (GroupNotExistsException ex) {
logger.error("Group with id: {} does not exists.", receiver.getTarget());
} catch (InternalErrorException ex) {
logger.error("Error during processing messageDto.", ex);
}
}
perunNotifEmailManager.sendMessages(messagesToSend);
return usedPoolIds;
}
public int getAuditerMessagesCount(PerunSession perunSession) throws InternalErrorException {
return perunBl.getAuditer().getAuditerMessagesCount(perunSession);
}