diff --git a/CHANGELOG.md b/CHANGELOG.md index 8d53016..a7b1643 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,9 @@ This project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.htm # Changelog for "oidc-enrollment-hook" +## [v1.1.3-SNAPSHOT] +- Now user reconciliation/identification from OIDC token after the login is performed no more checking by using the email address but by using the User's username, the Liferay `screenname`. (#20827) (#20840) + ## [v1.1.2] - Added some info of the user is about to create in the logs expecially for screen name (auto-generated or externally provided) (#20413). Restored per-session token removal. Logs revised. (#20445) diff --git a/pom.xml b/pom.xml index 03f69a1..5b27682 100644 --- a/pom.xml +++ b/pom.xml @@ -11,7 +11,7 @@ org.gcube.portal oidc-enrollment-hook war - 1.1.2 + 1.1.3-SNAPSHOT 6.2.5 6.2.10.12 @@ -49,6 +49,16 @@ [1.0.0-SNAPSHOT, 2.0.0-SNAPSHOT) provided + + org.gcube.common.portal + portal-manager + provided + + + org.gcube.core + common-scope + provided + com.liferay.portal portal-service diff --git a/src/main/java/org/gcube/portal/oidc/lr62/OpenIdConnectAutoLogin.java b/src/main/java/org/gcube/portal/oidc/lr62/OpenIdConnectAutoLogin.java index a20c813..532cf68 100644 --- a/src/main/java/org/gcube/portal/oidc/lr62/OpenIdConnectAutoLogin.java +++ b/src/main/java/org/gcube/portal/oidc/lr62/OpenIdConnectAutoLogin.java @@ -33,8 +33,9 @@ public class OpenIdConnectAutoLogin extends BaseAutoLogin { private static final Log log = LogFactoryUtil.getLog(OpenIdConnectAutoLogin.class); - private static boolean ASSURE_AVATAR_FORMAT = true; - private static String DEFAULT_AVATAR_FORMAT = "png"; + private static final boolean ASSURE_AVATAR_FORMAT = true; + private static final String DEFAULT_AVATAR_FORMAT = "png"; + private static final boolean DELETE_AVATAR_IF_NOT_FOUND_ON_SERVER = false; @Override public String[] doLogin(HttpServletRequest request, HttpServletResponse response) throws Exception { @@ -66,7 +67,9 @@ public class OpenIdConnectAutoLogin extends BaseAutoLogin { // TODO: to be removed when tested in depth log.error("Applying strategy", t); } - log.debug("Returning logged in user's info"); + if (log.isDebugEnabled()) { + log.debug("Returning logged in user's info"); + } return new String[] { String.valueOf(user.getUserId()), UUID.randomUUID().toString(), "false" }; } else { log.warn("User is null"); @@ -77,52 +80,75 @@ public class OpenIdConnectAutoLogin extends BaseAutoLogin { public static User createOrUpdateUser(JWTToken token, long companyId, long groupId, String portalURL, LiferayOpenIdConnectConfiguration configuration) throws Exception { + String username = token.getUserName(); String email = token.getEmail(); String given = token.getGiven(); String family = token.getFamily(); String subject = token.getSub(); - String username = token.getUserName(); User user = null; try { - boolean updateUser = false; - // Search by email first - user = UserLocalServiceUtil.fetchUserByEmailAddress(companyId, email); + user = UserLocalServiceUtil.fetchUserByScreenName(companyId, username); if (user == null) { - log.debug("No Liferay user found with email address=" + email + ", trying with openId"); - // Then search by openId, in case user has changed the email address + // Then search by openId, in case an admin changed the username on OIDC server + if (log.isDebugEnabled()) { + log.debug("No Liferay user found with username=" + username + ", trying with openId"); + } user = UserLocalServiceUtil.fetchUserByOpenId(companyId, subject); if (user == null) { - log.debug("No Liferay user found with openid=" + subject + " and email address=" + email); + if (log.isDebugEnabled()) { + log.debug("No Liferay user found with openid=" + subject + " and email address=" + email); + } if (configuration.createUnexistingUser()) { log.info("A new user will be created [email=" + email + ",given=" + given + ",family=" + family + ",subject=" + subject + ",username=" + username); user = addUser(companyId, groupId, portalURL, email, given, family, subject, username); } else { - log.info("User will not be created according to configuration"); + log.warn("Unexisting user will not be created according to configuration"); return null; } - } else { - log.info("User found by its openId, the email will be updated"); - updateUser = true; + } else if (log.isDebugEnabled()) { + log.debug("User found by its openId, other info will be updated"); } } + boolean updateUser = false; if (user != null) { - log.debug("User found, updating name details with info from userinfo if changed"); - if (given != user.getFirstName()) { + if (log.isDebugEnabled()) { + log.debug("User found, checking its details against userinfo for changes"); + } + if (given != null && !given.equals(user.getFirstName())) { + if (log.isTraceEnabled()) { + log.trace("Given name is changed"); + } user.setFirstName(given); updateUser = true; } - if (family != user.getLastName()) { + if (family != null && !family.equals(user.getLastName())) { + if (log.isTraceEnabled()) { + log.trace("Last name is changed"); + } user.setLastName(family); updateUser = true; } - if (email != user.getEmailAddress()) { + if (email != null && !email.equals(user.getEmailAddress())) { + if (log.isTraceEnabled()) { + log.trace("Email address is changed"); + } user.setEmailAddress(email); updateUser = true; } + if (subject != null && !subject.equals(user.getOpenId())) { + if (log.isTraceEnabled()) { + log.trace("Setting OOID subject as openid"); + } + user.setOpenId(subject); + updateUser = true; + } } if (updateUser) { + if (log.isDebugEnabled()) { + log.debug("Updating user's details with info from userinfo"); + } UserLocalServiceUtil.updateUser(user); } @@ -130,25 +156,35 @@ public class OpenIdConnectAutoLogin extends BaseAutoLogin { byte[] userAvatar = OpenIdConnectRESTHelper.getUserAvatar(configuration.getAvatarURL(), token); if (userAvatar != null && userAvatar.length > 0) { if (ASSURE_AVATAR_FORMAT) { - log.debug("Assuring avatar image format as: " + DEFAULT_AVATAR_FORMAT); - log.debug("Reading image stream with length: " + userAvatar.length); + if (log.isDebugEnabled()) { + log.debug("Assuring avatar image format as: " + DEFAULT_AVATAR_FORMAT); + log.debug("Reading image stream with length: " + userAvatar.length); + } BufferedImage bi = ImageIO.read(new ByteArrayInputStream(userAvatar)); if (bi != null) { ByteArrayOutputStream baos = new ByteArrayOutputStream(); - log.debug("Converting avatar stream image format to: " + DEFAULT_AVATAR_FORMAT); + if (log.isDebugEnabled()) { + log.debug("Converting avatar stream image format to: " + DEFAULT_AVATAR_FORMAT); + } ImageIO.write(bi, DEFAULT_AVATAR_FORMAT, baos); baos.flush(); baos.close(); - log.debug("Reading converted image from the BAOS"); + if (log.isDebugEnabled()) { + log.debug("Reading converted image from the BAOS"); + } userAvatar = baos.toByteArray(); } else { log.warn("Buffered image read is null!"); } } - log.debug("Saving the retrieved avatar as user's portrait"); + if (log.isDebugEnabled()) { + log.debug("Saving the retrieved avatar as user's portrait"); + } UserLocalServiceUtil.updatePortrait(user.getUserId(), userAvatar); - } else { - log.debug("Deleting the user's portrait since no avatar has been found for the user"); + } else if (DELETE_AVATAR_IF_NOT_FOUND_ON_SERVER) { + if (log.isDebugEnabled()) { + log.debug("Deleting the user's portrait since no avatar has been found for the user"); + } UserLocalServiceUtil.deletePortrait(user.getUserId()); } } catch (Throwable t) { @@ -171,9 +207,13 @@ public class OpenIdConnectAutoLogin extends BaseAutoLogin { boolean autoScreenName = username == null; String screenName = StringPool.BLANK; if (autoScreenName) { - log.debug("Screen name will be auto-generated"); + if (log.isDebugEnabled()) { + log.debug("Screen name will be auto-generated"); + } } else { - log.debug("Screen name will be set to: " + username); + if (log.isDebugEnabled()) { + log.debug("Screen name will be set to: " + username); + } screenName = username; } long facebookId = 0; @@ -211,4 +251,4 @@ public class OpenIdConnectAutoLogin extends BaseAutoLogin { return user; } -} +} \ No newline at end of file