@Override public String getConsolidatorToken(PerunSession sess) throws PerunException { Map<String, Object> value = new HashMap<String, Object>(); String actor = sess.getPerunPrincipal().getActor(); String extSourceName = sess.getPerunPrincipal().getExtSourceName(); String extSourceType = sess.getPerunPrincipal().getExtSourceType(); Integer extSourceLoa = sess.getPerunPrincipal().getExtSourceLoa(); User user = sess.getPerunPrincipal().getUser(); value.put("actor", actor); value.put("extSourceName", extSourceName); value.put("extSourceType", extSourceType); value.put("extSourceLoa", extSourceLoa); value.put("user", user); // create token from actual properties String token = registrarManager .getMailManager() .getMessageAuthenticationCode( System.currentTimeMillis() + actor + extSourceName + extSourceType + extSourceLoa); requestCache.putIfAbsent(token, value); return token; }
@Override public List<UserExtSource> consolidateIdentityUsingToken(PerunSession sess, String token) throws PerunException { Map<String, Object> originalIdentity = requestCache.get(token); if (originalIdentity == null) { throw new InvalidTokenException( "Your token for joining identities is no longer valid. Please retry from the start."); } User originalUser = (User) originalIdentity.get("user"); User currentUser = sess.getPerunPrincipal().getUser(); if (originalUser == null && currentUser == null) { IdentityUnknownException ex = new IdentityUnknownException( "Neither original or current identity is know to Perun. Please use at least one identity known to Perun."); ex.setLogin((String) originalIdentity.get("actor")); ex.setSource2((String) originalIdentity.get("extSourceName")); ex.setSourceType2((String) originalIdentity.get("extSourceType")); ex.setLogin2(sess.getPerunPrincipal().getActor()); ex.setSource2(sess.getPerunPrincipal().getExtSourceName()); ex.setSourceType2(sess.getPerunPrincipal().getExtSourceType()); throw ex; } if (originalIdentity.get("extSourceName").equals(sess.getPerunPrincipal().getExtSourceName()) && originalIdentity.get("actor").equals(sess.getPerunPrincipal().getActor()) && originalIdentity .get("extSourceType") .equals(sess.getPerunPrincipal().getExtSourceType())) { IdentityIsSameException ex = new IdentityIsSameException( "You tried to join same identity with itself. Please try again but select different identity."); ex.setLogin(sess.getPerunPrincipal().getActor()); ex.setSource(sess.getPerunPrincipal().getExtSourceName()); ex.setSourceType(sess.getPerunPrincipal().getExtSourceType()); throw ex; } if (originalUser != null && currentUser != null && originalUser.equals(currentUser)) { throw new IdentitiesAlreadyJoinedException("You already have both identities joined."); } if (originalUser != null && currentUser != null && !originalUser.equals(currentUser)) { throw new IdentityAlreadyInUseException( "Your identity is already associated with a different user. If you are really the same person, please contact support to help you.", originalUser, currentUser); } // merge original identity into current user if (originalUser == null) { createExtSourceAndUserExtSource( currentUser, (String) originalIdentity.get("actor"), (String) originalIdentity.get("extSourceName"), (String) originalIdentity.get("extSourceType"), (Integer) originalIdentity.get("extSourceLoa")); } // merge current identity into original user if (currentUser == null) { createExtSourceAndUserExtSource( originalUser, sess.getPerunPrincipal().getActor(), sess.getPerunPrincipal().getExtSourceName(), sess.getPerunPrincipal().getExtSourceType(), sess.getPerunPrincipal().getExtSourceLoa()); } AuthzResolverBlImpl.refreshSession(sess); requestCache.remove(token); return perun.getUsersManager().getUserExtSources(sess, sess.getPerunPrincipal().getUser()); }
@Override public List<Identity> checkForSimilarUsers(PerunSession sess, int appId) throws PerunException { String email = ""; String name = ""; List<RichUser> result = new ArrayList<RichUser>(); List<String> attrNames = new ArrayList<String>(); attrNames.add("urn:perun:user:attribute-def:def:preferredMail"); attrNames.add("urn:perun:user:attribute-def:def:organization"); Application app = registrarManager.getApplicationById(registrarSession, appId); if (app.getGroup() == null) { if (!AuthzResolver.isAuthorized(sess, Role.VOADMIN, app.getVo())) { if (sess.getPerunPrincipal().getUser() != null) { // check if application to find similar users by belongs to user if (!sess.getPerunPrincipal().getUser().equals(app.getUser())) throw new PrivilegeException("checkForSimilarUsers"); } else { if (!sess.getPerunPrincipal().getExtSourceName().equals(app.getExtSourceName()) && !sess.getPerunPrincipal().getActor().equals(app.getCreatedBy())) throw new PrivilegeException("checkForSimilarUsers"); } } } else { if (!AuthzResolver.isAuthorized(sess, Role.VOADMIN, app.getVo()) && !AuthzResolver.isAuthorized(sess, Role.GROUPADMIN, app.getGroup())) { if (sess.getPerunPrincipal().getUser() != null) { // check if application to find similar users by belongs to user if (!sess.getPerunPrincipal().getUser().equals(app.getUser())) throw new PrivilegeException("checkForSimilarUsers"); } else { if (!sess.getPerunPrincipal().getExtSourceName().equals(app.getExtSourceName()) && !sess.getPerunPrincipal().getActor().equals(app.getCreatedBy())) throw new PrivilegeException("checkForSimilarUsers"); } } } // only for initial VO applications if user==null if (app.getType().equals(Application.AppType.INITIAL) && app.getGroup() == null && app.getUser() == null) { try { User u = perun .getUsersManager() .getUserByExtSourceNameAndExtLogin( registrarSession, app.getExtSourceName(), app.getCreatedBy()); if (u != null) { // user connected his identity after app creation and before it's approval. // do not show error message in GUI by returning an empty array. return convertToIdentities(result); } } catch (Exception ex) { // we don't care, let's try to search by name } List<ApplicationFormItemData> data = registrarManager.getApplicationDataById(sess, appId); // search by email, which should be unique (check is more precise) for (ApplicationFormItemData item : data) { if ("urn:perun:user:attribute-def:def:preferredMail" .equals(item.getFormItem().getPerunDestinationAttribute())) { email = item.getValue(); } if (email != null && !email.isEmpty()) break; } List<RichUser> users = (email != null && !email.isEmpty()) ? perun .getUsersManager() .findRichUsersWithAttributesByExactMatch(registrarSession, email, attrNames) : new ArrayList<RichUser>(); if (users != null && !users.isEmpty()) { // found by preferredMail return convertToIdentities(users); } // search by different mail email = ""; // clear previous value for (ApplicationFormItemData item : data) { if ("urn:perun:member:attribute-def:def:mail" .equals(item.getFormItem().getPerunDestinationAttribute())) { email = item.getValue(); } if (email != null && !email.isEmpty()) break; } users = (email != null && !email.isEmpty()) ? perun .getUsersManager() .findRichUsersWithAttributesByExactMatch(registrarSession, email, attrNames) : new ArrayList<RichUser>(); if (users != null && !users.isEmpty()) { // found by member mail return convertToIdentities(users); } // continue to search by display name for (ApplicationFormItemData item : data) { if (RegistrarManagerImpl.URN_USER_DISPLAY_NAME.equals( item.getFormItem().getPerunDestinationAttribute())) { name = item.getValue(); // use parsed name to drop mistakes on IDP side try { if (name != null && !name.isEmpty()) { Map<String, String> nameMap = Utils.parseCommonName(name); // drop name titles to spread search String newName = ""; if (nameMap.get("firstName") != null && !nameMap.get("firstName").isEmpty()) { newName += nameMap.get("firstName") + " "; } if (nameMap.get("lastName") != null && !nameMap.get("lastName").isEmpty()) { newName += nameMap.get("lastName"); } // fill parsed name instead of input if (newName != null && !newName.isEmpty()) { name = newName; } } } catch (Exception ex) { log.error( "[REGISTRAR] Unable to parse new user's display/common name when searching for similar users. Exception: {}", ex); } if (name != null && !name.isEmpty()) break; } } users = (name != null && !name.isEmpty()) ? perun .getUsersManager() .findRichUsersWithAttributesByExactMatch(registrarSession, name, attrNames) : new ArrayList<RichUser>(); if (users != null && !users.isEmpty()) { // found by member display name return convertToIdentities(users); } // continue to search by last name name = ""; // clear previous value for (ApplicationFormItemData item : data) { if (RegistrarManagerImpl.URN_USER_LAST_NAME.equals( item.getFormItem().getPerunDestinationAttribute())) { name = item.getValue(); if (name != null && !name.isEmpty()) break; } } if (name != null && !name.isEmpty()) { // what was found by name return convertToIdentities( perun .getUsersManager() .findRichUsersWithAttributesByExactMatch(registrarSession, name, attrNames)); } else { // not found by name return convertToIdentities(result); } } else { // not found, since not proper type of application to check users for return convertToIdentities(result); } }