Merge pull request DSpace#9152 from wwuck/bugfix/ldap-groupmap-null

Add a null check when assigning ldap groups
4Science · Oct 29, 2023 · 90d9dfa · 90d9dfa
2 parents e9886c3 + bb6498e
commit 90d9dfa
Showing 1 changed file with 60 additions and 37 deletions.
diff --git a/dspace-api/src/main/java/org/dspace/authenticate/LDAPAuthentication.java b/dspace-api/src/main/java/org/dspace/authenticate/LDAPAuthentication.java
@@ -713,8 +713,8 @@ public String getName() {
     private void assignGroups(String dn, ArrayList<String> group, Context context) {
         if (StringUtils.isNotBlank(dn)) {
             System.out.println("dn:" + dn);
-            int i = 1;
-            String groupMap = configurationService.getProperty("authentication-ldap.login.groupmap." + i);
+            int groupmapIndex = 1;
+            String groupMap = configurationService.getProperty("authentication-ldap.login.groupmap." + groupmapIndex);
             boolean cmp;
 
 
@@ -725,49 +725,72 @@ private void assignGroups(String dn, ArrayList<String> group, Context context) {
                 String ldapSearchString = t[0];
                 String dspaceGroupName = t[1];
 
-                // list of strings with dn from LDAP groups
-                // inner loop
-                Iterator<String> groupIterator = group.iterator();
-                while (groupIterator.hasNext())  {
+                if (group == null) {
+                    cmp = StringUtils.containsIgnoreCase(dn, ldapSearchString + ",");
 
-                    // save the current entry from iterator for further use
-                    String currentGroup = groupIterator.next();
-
-                    // very much the old code from DSpace <= 7.5
-                    if (currentGroup == null) {
-                        cmp = StringUtils.containsIgnoreCase(dn, ldapSearchString + ",");
-                    } else {
-                        cmp = StringUtils.equalsIgnoreCase(currentGroup, ldapSearchString);
+                    if (cmp) {
+                        assignGroup(context, groupmapIndex, dspaceGroupName);
                     }
+                } else {
+                    // list of strings with dn from LDAP groups
+                    // inner loop
+                    Iterator<String> groupIterator = group.iterator();
+                    while (groupIterator.hasNext())  {
 
-                    if (cmp) {
-                        // assign user to this group
-                        try {
-                            Group ldapGroup = groupService.findByName(context, dspaceGroupName);
-                            if (ldapGroup != null) {
-                                groupService.addMember(context, ldapGroup, context.getCurrentUser());
-                                groupService.update(context, ldapGroup);
-                            } else {
-                                // The group does not exist
-                                log.warn(LogHelper.getHeader(context,
-                                                            "ldap_assignGroupsBasedOnLdapDn",
-                                                            "Group defined in authentication-ldap.login.groupmap." + i
-                                                                + " does not exist :: " + dspaceGroupName));
-                            }
-                        } catch (AuthorizeException ae) {
-                            log.debug(LogHelper.getHeader(context,
-                                                        "assignGroupsBasedOnLdapDn could not authorize addition to " +
-                                                            "group",
-                                                        dspaceGroupName));
-                        } catch (SQLException e) {
-                            log.debug(LogHelper.getHeader(context, "assignGroupsBasedOnLdapDn could not find group",
-                                                            dspaceGroupName));
+                        // save the current entry from iterator for further use
+                        String currentGroup = groupIterator.next();
+
+                        // very much the old code from DSpace <= 7.5
+                        if (currentGroup == null) {
+                            cmp = StringUtils.containsIgnoreCase(dn, ldapSearchString + ",");
+                        } else {
+                            cmp = StringUtils.equalsIgnoreCase(currentGroup, ldapSearchString);
+                        }
+
+                        if (cmp) {
+                            assignGroup(context, groupmapIndex, dspaceGroupName);
                         }
                     }
                 }
 
-                groupMap = configurationService.getProperty("authentication-ldap.login.groupmap." + ++i);
+                groupMap = configurationService.getProperty("authentication-ldap.login.groupmap." + ++groupmapIndex);
+            }
+        }
+    }
+
+    /**
+     * Add the current authenticated user to the specified group
+     *
+     * @param context
+     *  DSpace context
+     *
+     * @param groupmapIndex
+     *  authentication-ldap.login.groupmap.* key index defined in dspace.cfg
+     *
+     * @param dspaceGroupName
+     *  The DSpace group to add the user to
+     */
+    private void assignGroup(Context context, int groupmapIndex, String dspaceGroupName) {
+        try {
+            Group ldapGroup = groupService.findByName(context, dspaceGroupName);
+            if (ldapGroup != null) {
+                groupService.addMember(context, ldapGroup, context.getCurrentUser());
+                groupService.update(context, ldapGroup);
+            } else {
+                // The group does not exist
+                log.warn(LogHelper.getHeader(context,
+                        "ldap_assignGroupsBasedOnLdapDn",
+                        "Group defined in authentication-ldap.login.groupmap." + groupmapIndex
+                        + " does not exist :: " + dspaceGroupName));
             }
+        } catch (AuthorizeException ae) {
+            log.debug(LogHelper.getHeader(context,
+                    "assignGroupsBasedOnLdapDn could not authorize addition to " +
+                            "group",
+                            dspaceGroupName));
+        } catch (SQLException e) {
+            log.debug(LogHelper.getHeader(context, "assignGroupsBasedOnLdapDn could not find group",
+                    dspaceGroupName));
         }
     }