hazza/DSpace
1
0
Fork 0
mirror of https://github.com/DSpace/DSpace.git synced 2025-10-12 04:23:13 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #9678 from saschaszott/saschaszott-patch-2

Browse Source 
LDAPAuthentication considers update of eperson's attributes
This commit is contained in:
Tim Donohue
2024-09-26 13:27:37 -05:00
committed by GitHub
parent 9845d54235 aaa74b88c9
commit 538f503f26
1 changed files with 46 additions and 28 deletions
Download Patch File Download Diff File Expand all files Collapse all files

74
dspace-api/src/main/java/org/dspace/authenticate/LDAPAuthentication.java
View File

@@ -17,6 +17,7 @@ import java.util.Collections;
import java.util.Hashtable; import java.util.Hashtable;
import java.util.Iterator; import java.util.Iterator;
import java.util.List; import java.util.List;
import java.util.Optional;
import javax.naming.NamingEnumeration; import javax.naming.NamingEnumeration;
import javax.naming.NamingException; import javax.naming.NamingException;
import javax.naming.directory.Attribute; import javax.naming.directory.Attribute;
@@ -68,12 +69,8 @@ import org.dspace.services.factory.DSpaceServicesFactory;
* @author Ivan Masár * @author Ivan Masár
* @author Michael Plate * @author Michael Plate
*/ */
public class LDAPAuthentication public class LDAPAuthentication implements AuthenticationMethod {
implements AuthenticationMethod {
/**
* log4j category
*/
private static final Logger log private static final Logger log
= org.apache.logging.log4j.LogManager.getLogger(LDAPAuthentication.class); = org.apache.logging.log4j.LogManager.getLogger(LDAPAuthentication.class);
@@ -130,7 +127,7 @@ public class LDAPAuthentication
return false; return false;
} }
/* /**
* This is an explicit method. * This is an explicit method.
*/ */
@Override @Override
@@ -138,7 +135,7 @@ public class LDAPAuthentication
return false; return false;
} }
/* /**
* Add authenticated users to the group defined in dspace.cfg by * Add authenticated users to the group defined in dspace.cfg by
* the login.specialgroup key. * the login.specialgroup key.
*/ */
@@ -177,7 +174,7 @@ public class LDAPAuthentication
return Collections.EMPTY_LIST; return Collections.EMPTY_LIST;
} }
/* /**
* Authenticate the given credentials. * Authenticate the given credentials.
* This is the heart of the authentication method: test the * This is the heart of the authentication method: test the
* credentials for authenticity, and if accepted, attempt to match * credentials for authenticity, and if accepted, attempt to match
@@ -187,7 +184,7 @@ public class LDAPAuthentication
* @param context * @param context
* DSpace context, will be modified (ePerson set) upon success. * DSpace context, will be modified (ePerson set) upon success.
* *
* @param username * @param netid
* Username (or email address) when method is explicit. Use null for * Username (or email address) when method is explicit. Use null for
* implicit method. * implicit method.
* *
@@ -250,7 +247,7 @@ public class LDAPAuthentication
} }
// Check a DN was found // Check a DN was found
if ((dn == null) || (dn.trim().equals(""))) { if (StringUtils.isBlank(dn)) {
log.info(LogHelper log.info(LogHelper
.getHeader(context, "failed_login", "no DN found for user " + netid)); .getHeader(context, "failed_login", "no DN found for user " + netid));
return BAD_CREDENTIALS; return BAD_CREDENTIALS;
@@ -269,6 +266,18 @@ public class LDAPAuthentication
context.setCurrentUser(eperson); context.setCurrentUser(eperson);
request.setAttribute(LDAP_AUTHENTICATED, true); request.setAttribute(LDAP_AUTHENTICATED, true);
// update eperson's attributes
context.turnOffAuthorisationSystem();
setEpersonAttributes(context, eperson, ldap, Optional.empty());
try {
ePersonService.update(context, eperson);
context.dispatchEvents();
} catch (AuthorizeException e) {
log.warn("update of eperson " + eperson.getID() + " failed", e);
} finally {
context.restoreAuthSystemState();
}
// assign user to groups based on ldap dn // assign user to groups based on ldap dn
assignGroups(dn, ldap.ldapGroup, context); assignGroups(dn, ldap.ldapGroup, context);
@@ -313,14 +322,13 @@ public class LDAPAuthentication
log.info(LogHelper.getHeader(context, log.info(LogHelper.getHeader(context,
"type=ldap-login", "type=ldap_but_already_email")); "type=ldap-login", "type=ldap_but_already_email"));
context.turnOffAuthorisationSystem(); context.turnOffAuthorisationSystem();
eperson.setNetid(netid.toLowerCase()); setEpersonAttributes(context, eperson, ldap, Optional.of(netid));
ePersonService.update(context, eperson); ePersonService.update(context, eperson);
context.dispatchEvents(); context.dispatchEvents();
context.restoreAuthSystemState(); context.restoreAuthSystemState();
context.setCurrentUser(eperson); context.setCurrentUser(eperson);
request.setAttribute(LDAP_AUTHENTICATED, true); request.setAttribute(LDAP_AUTHENTICATED, true);
// assign user to groups based on ldap dn // assign user to groups based on ldap dn
assignGroups(dn, ldap.ldapGroup, context); assignGroups(dn, ldap.ldapGroup, context);
@@ -331,20 +339,7 @@ public class LDAPAuthentication
try { try {
context.turnOffAuthorisationSystem(); context.turnOffAuthorisationSystem();
eperson = ePersonService.create(context); eperson = ePersonService.create(context);
if (StringUtils.isNotEmpty(email)) { setEpersonAttributes(context, eperson, ldap, Optional.of(netid));
eperson.setEmail(email);
}
if (StringUtils.isNotEmpty(ldap.ldapGivenName)) {
eperson.setFirstName(context, ldap.ldapGivenName);
}
if (StringUtils.isNotEmpty(ldap.ldapSurname)) {
eperson.setLastName(context, ldap.ldapSurname);
}
if (StringUtils.isNotEmpty(ldap.ldapPhone)) {
ePersonService.setMetadataSingleValue(context, eperson,
MD_PHONE, ldap.ldapPhone, null);
}
eperson.setNetid(netid.toLowerCase());
eperson.setCanLogIn(true); eperson.setCanLogIn(true);
authenticationService.initEPerson(context, request, eperson); authenticationService.initEPerson(context, request, eperson);
ePersonService.update(context, eperson); ePersonService.update(context, eperson);
@@ -382,6 +377,29 @@ public class LDAPAuthentication
return BAD_ARGS; return BAD_ARGS;
} }
/**
* Update eperson's attributes
*/
private void setEpersonAttributes(Context context, EPerson eperson, SpeakerToLDAP ldap, Optional<String> netid)
throws SQLException {
if (StringUtils.isNotEmpty(ldap.ldapEmail)) {
eperson.setEmail(ldap.ldapEmail);
}
if (StringUtils.isNotEmpty(ldap.ldapGivenName)) {
eperson.setFirstName(context, ldap.ldapGivenName);
}
if (StringUtils.isNotEmpty(ldap.ldapSurname)) {
eperson.setLastName(context, ldap.ldapSurname);
}
if (StringUtils.isNotEmpty(ldap.ldapPhone)) {
ePersonService.setMetadataSingleValue(context, eperson, MD_PHONE, ldap.ldapPhone, null);
}
if (netid.isPresent()) {
eperson.setNetid(netid.get().toLowerCase());
}
}
/** /**
* Internal class to manage LDAP query and results, mainly * Internal class to manage LDAP query and results, mainly
* because there are multiple values to return. * because there are multiple values to return.
@@ -673,7 +691,7 @@ public class LDAPAuthentication
} }
} }
/* /**
* Returns the URL of an external login page which is not applicable for this authn method. * Returns the URL of an external login page which is not applicable for this authn method.
* *
* Note: Prior to DSpace 7, this method return the page of login servlet. * Note: Prior to DSpace 7, this method return the page of login servlet.
@@ -701,7 +719,7 @@ public class LDAPAuthentication
return "ldap"; return "ldap";
} }
/* /**
* Add authenticated users to the group defined in dspace.cfg by * Add authenticated users to the group defined in dspace.cfg by
* the authentication-ldap.login.groupmap.* key. * the authentication-ldap.login.groupmap.* key.
* *