Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Udl #13

Open
wants to merge 8 commits into
base: 7.10
Choose a base branch
from
+78 −25
Open

Udl #13

Show file tree
Hide file tree
Changes from 6 commits
Commits
Show all changes
8 commits
Select commit Hold shift + click to select a range
83446d7
first test
zzOzz Dec 7, 2017
74c65c7
refactor all
zzOzz Dec 12, 2017
d179913
add normal invitation
zzOzz Dec 15, 2017
62977cc
remove nuxeo code
zzOzz Dec 15, 2017
1088deb
Merge branch '7.10' into udl
zzOzz Dec 18, 2017
3528387
Merge branch '7.10' into udl
zzOzz Dec 18, 2017
ce53d69
changes for MR
zzOzz Dec 18, 2017
a2d7acd
changes for MR
zzOzz Dec 18, 2017
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions .gitignore
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,8 @@ pojo-bin
seam-bin
deploy.sh
log/
.idea
nuxeo-shibboleth-invitation.iml

*.pyc
*~
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This file should be removed from the commit.

Expand Down
6 changes: 3 additions & 3 deletions pom.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,8 +7,8 @@
<version>7.10-HF36-SNAPSHOT</version>
</parent>

<groupId>org.nuxeo.shibboleth.invitation</groupId>
<artifactId>nuxeo-shibboleth-invitation</artifactId>
<groupId>${marketplace.bundle.groupId}</groupId>
<artifactId>nuxeo-shibboleth-invitation-udl</artifactId>
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The original groupId/artifactId should be set back.

<name>nuxeo-shibboleth-invitation</name>
<description>
This addon provides the ability to invite external users to join Nuxeo
Expand Down Expand Up @@ -122,4 +122,4 @@
</pluginRepository>
</pluginRepositories>

</project>
</project>
97 changes: 85 additions & 12 deletions src/main/java/org/nuxeo/shibboleth/invitation/ShibboInviteObject.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,18 +17,28 @@
package org.nuxeo.shibboleth.invitation;

import java.io.Serializable;
import java.io.UnsupportedEncodingException;
import java.net.URLEncoder;
import java.util.HashMap;
import java.util.Map;

import javax.ws.rs.FormParam;
import javax.ws.rs.GET;
import javax.ws.rs.POST;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.Produces;
import javax.servlet.http.HttpServletRequest;
import javax.ws.rs.*;
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Wildcard imports shouldn't be used.

import javax.ws.rs.core.Context;

import com.google.common.base.MoreObjects;
import com.google.common.collect.BiMap;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.nuxeo.ecm.core.api.*;
import org.nuxeo.ecm.core.api.impl.DocumentModelImpl;
import org.nuxeo.ecm.core.api.repository.RepositoryManager;
import org.nuxeo.ecm.core.api.security.ACE;
import org.nuxeo.ecm.core.api.security.ACL;
import org.nuxeo.ecm.core.api.security.ACP;
import org.nuxeo.ecm.platform.shibboleth.service.ShibbolethAuthenticationService;
import org.nuxeo.ecm.platform.usermanager.NuxeoPrincipalImpl;
import org.nuxeo.ecm.platform.usermanager.UserManager;
import org.nuxeo.ecm.platform.web.common.vh.VirtualHostHelper;
import org.nuxeo.ecm.user.invite.AlreadyProcessedRegistrationException;
import org.nuxeo.ecm.user.invite.DefaultInvitationUserFactory;
Expand All @@ -45,8 +55,63 @@
@WebObject(type = "shibboInvite")
@Produces("text/html;charset=UTF-8")
public class ShibboInviteObject extends ModuleRoot {
public static final String DEFAULT_REGISTRATION = "default_registration";
private static final Log log = LogFactory.getLog(ShibboInviteObject.class);

private DocumentModel findUser(String field, String userName) {
log.trace("findUser");
Map<String, Serializable> query = new HashMap<>();
query.put(field, userName);
DocumentModelList users = Framework.getLocalService(UserManager.class).searchUsers(query, null);

if (users.isEmpty()) {
return null;
}
return users.get(0);
}

@GET
@Path("shibboleth")
public Object mapShibbolethUser(@Context HttpServletRequest httpServletRequest, @QueryParam("RequestId") final String requestID) {
log.trace("requestID:" + requestID);
log.trace("principal:" + getContext().getUserSession().getPrincipal());
ShibbolethAuthenticationService shiboService = Framework.getService(ShibbolethAuthenticationService.class);
final String userID = shiboService.getUserID(httpServletRequest);
log.trace("userID:" + userID);
log.trace("getUserInfoUsernameField:" +Framework.getLocalService(UserRegistrationService.class).getConfiguration(DEFAULT_REGISTRATION).getUserInfoUsernameField());
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Framework.getService can in fact directly be used.

new UnrestrictedSessionRunner(Framework.getService(RepositoryManager.class).getDefaultRepositoryName()) {
@Override
public void run() {
DocumentModel doc = session.getDocument(new IdRef(requestID));
// "userinfo:login"
doc.setPropertyValue("userinfo:login", userID);
log.trace("groups:" + doc.getPropertyValue("userinfo:groups"));
session.saveDocument(doc);
DocumentModel target = session.getDocument(new IdRef(
(String) doc.getPropertyValue("docinfo:documentId")));
NuxeoPrincipal targetPrincipal = Framework.getLocalService(UserManager.class).getPrincipal(userID);
ACP acp = target.getACP();
Map<String, Serializable> contextData = new HashMap<>();
contextData.put("notify", true);
contextData.put("comment", doc.getPropertyValue("registration:comment"));
acp.addACE(ACL.LOCAL_ACL,
ACE.builder(targetPrincipal.getName(), (String) doc.getPropertyValue("docinfo:permission"))
.creator((String) doc.getPropertyValue("docinfo:creator"))
.contextData(contextData)
.build());
target.setACP(acp, true);
java.util.List<String> userGroups = targetPrincipal.getGroups();
userGroups.addAll((java.util.List<String>)doc.getPropertyValue("userinfo:groups"));
targetPrincipal.setGroups(userGroups);
Framework.getLocalService(UserManager.class).updateUser(targetPrincipal.getModel());
session.saveDocument(target);

}
}.runUnrestricted();
return getView("UserCreated").arg("redirectUrl", "/");
}


@POST
@Path("validate")
public Object validateTrialForm(@FormParam("isShibbo") boolean isShibbo) {
Expand All @@ -56,6 +121,7 @@ public Object validateTrialForm(@FormParam("isShibbo") boolean isShibbo) {
String requestId = formData.getString("RequestId");
String password = formData.getString("Password");
String passwordConfirmation = formData.getString("PasswordConfirmation");
String configurationName = formData.getString("ConfigurationName");

// Check if the requestId is an existing one
try {
Expand Down Expand Up @@ -86,29 +152,36 @@ public Object validateTrialForm(@FormParam("isShibbo") boolean isShibbo) {
ctx.getMessage("label.registerForm.validation.passwordvalidation"), formData);
}
}
Map<String, Serializable> registrationData;
Map<String, Serializable> registrationData = null;
try {
Map<String, Serializable> additionalInfo = buildAdditionalInfos();
// Add the entered password to the document model
additionalInfo.put(DefaultInvitationUserFactory.PASSWORD_KEY, password);
// Validate the creation of the user
registrationData = usr.validateRegistration(requestId, additionalInfo);
if(!isShibbo) {
registrationData = usr.validateRegistration(requestId, additionalInfo);
log.info("registrate user with normal login");
}
} catch (AlreadyProcessedRegistrationException ape) {
log.info("Try to validate an already processed registration");
return getView("ValidationErrorTemplate").arg("exceptionMsg",
ctx.getMessage("label.error.requestAlreadyProcessed"));
} catch (UserRegistrationException ue) {
log.warn("Unable to validate registration request", ue);
return getView("ValidationErrorTemplate").arg("exceptionMsg",
ctx.getMessage("label.errror.requestNotAccepted"));
ctx.getMessage("label.error.requestNotAccepted"));
}
// User redirected to the logout page after validating the password
String webappName = VirtualHostHelper.getWebAppName(getContext().getRequest());
String redirectUrl = "/" + webappName + "/logout";
if (isShibbo) {
return getView("UserCreated").arg("data", registrationData)
.arg("redirectUrl", "/nuxeo/site/shibboleth?requestedUrl=")
.arg("isShibbo", isShibbo);
String validationRelUrl = "https://nuxeo.universite-lyon.fr/" + usr.getConfiguration(configurationName).getValidationRelUrl()+ "?isShibbo=true&RequestId="+requestId+"&ConfigurationName="+configurationName;
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This url should be refactored as it is specific to a use case.

try {
redirectUrl = "/nuxeo/login.jsp?requestedUrl=" + URLEncoder.encode(validationRelUrl, "UTF-8");
} catch (UnsupportedEncodingException e) {
log.error(e.getLocalizedMessage());
}
redirectUrl = "/nuxeo/site/shibboInvite/shibboleth?RequestId="+requestId;
}
return getView("UserCreated").arg("redirectUrl", redirectUrl)
.arg("data", registrationData)
Expand Down
83 changes: 0 additions & 83 deletions src/main/java/org/nuxeo/shibboleth/invitation/ShibbolethUserInfo.java
View file
Open in desktop

This file was deleted.

Loading