diff --git a/CHANGELOG.md b/CHANGELOG.md
index 8d53016..a7b1643 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,6 +2,9 @@ This project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.htm
# Changelog for "oidc-enrollment-hook"
+## [v1.1.3-SNAPSHOT]
+- Now user reconciliation/identification from OIDC token after the login is performed no more checking by using the email address but by using the User's username, the Liferay `screenname`. (#20827) (#20840)
+
## [v1.1.2]
- Added some info of the user is about to create in the logs expecially for screen name (auto-generated or externally provided) (#20413). Restored per-session token removal. Logs revised. (#20445)
diff --git a/pom.xml b/pom.xml
index 03f69a1..5b27682 100644
--- a/pom.xml
+++ b/pom.xml
@@ -11,7 +11,7 @@
org.gcube.portal
oidc-enrollment-hook
war
- 1.1.2
+ 1.1.3-SNAPSHOT
6.2.5
6.2.10.12
@@ -49,6 +49,16 @@
[1.0.0-SNAPSHOT, 2.0.0-SNAPSHOT)
provided
+
+ org.gcube.common.portal
+ portal-manager
+ provided
+
+
+ org.gcube.core
+ common-scope
+ provided
+
com.liferay.portal
portal-service
diff --git a/src/main/java/org/gcube/portal/oidc/lr62/OpenIdConnectAutoLogin.java b/src/main/java/org/gcube/portal/oidc/lr62/OpenIdConnectAutoLogin.java
index a20c813..532cf68 100644
--- a/src/main/java/org/gcube/portal/oidc/lr62/OpenIdConnectAutoLogin.java
+++ b/src/main/java/org/gcube/portal/oidc/lr62/OpenIdConnectAutoLogin.java
@@ -33,8 +33,9 @@ public class OpenIdConnectAutoLogin extends BaseAutoLogin {
private static final Log log = LogFactoryUtil.getLog(OpenIdConnectAutoLogin.class);
- private static boolean ASSURE_AVATAR_FORMAT = true;
- private static String DEFAULT_AVATAR_FORMAT = "png";
+ private static final boolean ASSURE_AVATAR_FORMAT = true;
+ private static final String DEFAULT_AVATAR_FORMAT = "png";
+ private static final boolean DELETE_AVATAR_IF_NOT_FOUND_ON_SERVER = false;
@Override
public String[] doLogin(HttpServletRequest request, HttpServletResponse response) throws Exception {
@@ -66,7 +67,9 @@ public class OpenIdConnectAutoLogin extends BaseAutoLogin {
// TODO: to be removed when tested in depth
log.error("Applying strategy", t);
}
- log.debug("Returning logged in user's info");
+ if (log.isDebugEnabled()) {
+ log.debug("Returning logged in user's info");
+ }
return new String[] { String.valueOf(user.getUserId()), UUID.randomUUID().toString(), "false" };
} else {
log.warn("User is null");
@@ -77,52 +80,75 @@ public class OpenIdConnectAutoLogin extends BaseAutoLogin {
public static User createOrUpdateUser(JWTToken token, long companyId, long groupId, String portalURL,
LiferayOpenIdConnectConfiguration configuration) throws Exception {
+ String username = token.getUserName();
String email = token.getEmail();
String given = token.getGiven();
String family = token.getFamily();
String subject = token.getSub();
- String username = token.getUserName();
User user = null;
try {
- boolean updateUser = false;
- // Search by email first
- user = UserLocalServiceUtil.fetchUserByEmailAddress(companyId, email);
+ user = UserLocalServiceUtil.fetchUserByScreenName(companyId, username);
if (user == null) {
- log.debug("No Liferay user found with email address=" + email + ", trying with openId");
- // Then search by openId, in case user has changed the email address
+ // Then search by openId, in case an admin changed the username on OIDC server
+ if (log.isDebugEnabled()) {
+ log.debug("No Liferay user found with username=" + username + ", trying with openId");
+ }
user = UserLocalServiceUtil.fetchUserByOpenId(companyId, subject);
if (user == null) {
- log.debug("No Liferay user found with openid=" + subject + " and email address=" + email);
+ if (log.isDebugEnabled()) {
+ log.debug("No Liferay user found with openid=" + subject + " and email address=" + email);
+ }
if (configuration.createUnexistingUser()) {
log.info("A new user will be created [email=" + email + ",given=" + given + ",family=" + family
+ ",subject=" + subject + ",username=" + username);
user = addUser(companyId, groupId, portalURL, email, given, family, subject, username);
} else {
- log.info("User will not be created according to configuration");
+ log.warn("Unexisting user will not be created according to configuration");
return null;
}
- } else {
- log.info("User found by its openId, the email will be updated");
- updateUser = true;
+ } else if (log.isDebugEnabled()) {
+ log.debug("User found by its openId, other info will be updated");
}
}
+ boolean updateUser = false;
if (user != null) {
- log.debug("User found, updating name details with info from userinfo if changed");
- if (given != user.getFirstName()) {
+ if (log.isDebugEnabled()) {
+ log.debug("User found, checking its details against userinfo for changes");
+ }
+ if (given != null && !given.equals(user.getFirstName())) {
+ if (log.isTraceEnabled()) {
+ log.trace("Given name is changed");
+ }
user.setFirstName(given);
updateUser = true;
}
- if (family != user.getLastName()) {
+ if (family != null && !family.equals(user.getLastName())) {
+ if (log.isTraceEnabled()) {
+ log.trace("Last name is changed");
+ }
user.setLastName(family);
updateUser = true;
}
- if (email != user.getEmailAddress()) {
+ if (email != null && !email.equals(user.getEmailAddress())) {
+ if (log.isTraceEnabled()) {
+ log.trace("Email address is changed");
+ }
user.setEmailAddress(email);
updateUser = true;
}
+ if (subject != null && !subject.equals(user.getOpenId())) {
+ if (log.isTraceEnabled()) {
+ log.trace("Setting OOID subject as openid");
+ }
+ user.setOpenId(subject);
+ updateUser = true;
+ }
}
if (updateUser) {
+ if (log.isDebugEnabled()) {
+ log.debug("Updating user's details with info from userinfo");
+ }
UserLocalServiceUtil.updateUser(user);
}
@@ -130,25 +156,35 @@ public class OpenIdConnectAutoLogin extends BaseAutoLogin {
byte[] userAvatar = OpenIdConnectRESTHelper.getUserAvatar(configuration.getAvatarURL(), token);
if (userAvatar != null && userAvatar.length > 0) {
if (ASSURE_AVATAR_FORMAT) {
- log.debug("Assuring avatar image format as: " + DEFAULT_AVATAR_FORMAT);
- log.debug("Reading image stream with length: " + userAvatar.length);
+ if (log.isDebugEnabled()) {
+ log.debug("Assuring avatar image format as: " + DEFAULT_AVATAR_FORMAT);
+ log.debug("Reading image stream with length: " + userAvatar.length);
+ }
BufferedImage bi = ImageIO.read(new ByteArrayInputStream(userAvatar));
if (bi != null) {
ByteArrayOutputStream baos = new ByteArrayOutputStream();
- log.debug("Converting avatar stream image format to: " + DEFAULT_AVATAR_FORMAT);
+ if (log.isDebugEnabled()) {
+ log.debug("Converting avatar stream image format to: " + DEFAULT_AVATAR_FORMAT);
+ }
ImageIO.write(bi, DEFAULT_AVATAR_FORMAT, baos);
baos.flush();
baos.close();
- log.debug("Reading converted image from the BAOS");
+ if (log.isDebugEnabled()) {
+ log.debug("Reading converted image from the BAOS");
+ }
userAvatar = baos.toByteArray();
} else {
log.warn("Buffered image read is null!");
}
}
- log.debug("Saving the retrieved avatar as user's portrait");
+ if (log.isDebugEnabled()) {
+ log.debug("Saving the retrieved avatar as user's portrait");
+ }
UserLocalServiceUtil.updatePortrait(user.getUserId(), userAvatar);
- } else {
- log.debug("Deleting the user's portrait since no avatar has been found for the user");
+ } else if (DELETE_AVATAR_IF_NOT_FOUND_ON_SERVER) {
+ if (log.isDebugEnabled()) {
+ log.debug("Deleting the user's portrait since no avatar has been found for the user");
+ }
UserLocalServiceUtil.deletePortrait(user.getUserId());
}
} catch (Throwable t) {
@@ -171,9 +207,13 @@ public class OpenIdConnectAutoLogin extends BaseAutoLogin {
boolean autoScreenName = username == null;
String screenName = StringPool.BLANK;
if (autoScreenName) {
- log.debug("Screen name will be auto-generated");
+ if (log.isDebugEnabled()) {
+ log.debug("Screen name will be auto-generated");
+ }
} else {
- log.debug("Screen name will be set to: " + username);
+ if (log.isDebugEnabled()) {
+ log.debug("Screen name will be set to: " + username);
+ }
screenName = username;
}
long facebookId = 0;
@@ -211,4 +251,4 @@ public class OpenIdConnectAutoLogin extends BaseAutoLogin {
return user;
}
-}
+}
\ No newline at end of file