Now user reconciliation/identification from OIDC token after the login is performed no more checking by using the User's email address but the username field, the Liferay `screenname`. (#20827) (#20840)
This commit is contained in:
Mauro Mugnaini
parent
77e62a0eeb
commit
012a8e24e4
|
|
@ -2,6 +2,9 @@ This project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.htm
|
||||||
|
|
||||||
# Changelog for "oidc-enrollment-hook"
|
# Changelog for "oidc-enrollment-hook"
|
||||||
|
|
||||||
|
## [v1.1.3-SNAPSHOT]
|
||||||
|
- Now user reconciliation/identification from OIDC token after the login is performed no more checking by using the email address but by using the User's username, the Liferay `screenname`. (#20827) (#20840)
|
||||||
|
|
||||||
## [v1.1.2]
|
## [v1.1.2]
|
||||||
- Added some info of the user is about to create in the logs expecially for screen name (auto-generated or externally provided) (#20413). Restored per-session token removal. Logs revised. (#20445)
|
- Added some info of the user is about to create in the logs expecially for screen name (auto-generated or externally provided) (#20413). Restored per-session token removal. Logs revised. (#20445)
|
||||||
|
|
||||||
|
|
|
||||||
12
pom.xml
12
pom.xml
|
|
@ -11,7 +11,7 @@
|
||||||
<groupId>org.gcube.portal</groupId>
|
<groupId>org.gcube.portal</groupId>
|
||||||
<artifactId>oidc-enrollment-hook</artifactId>
|
<artifactId>oidc-enrollment-hook</artifactId>
|
||||||
<packaging>war</packaging>
|
<packaging>war</packaging>
|
||||||
<version>1.1.2</version>
|
<version>1.1.3-SNAPSHOT</version>
|
||||||
<properties>
|
<properties>
|
||||||
<liferay.version>6.2.5</liferay.version>
|
<liferay.version>6.2.5</liferay.version>
|
||||||
<liferay.maven.plugin.version>6.2.10.12</liferay.maven.plugin.version>
|
<liferay.maven.plugin.version>6.2.10.12</liferay.maven.plugin.version>
|
||||||
|
|
@ -49,6 +49,16 @@
|
||||||
<version>[1.0.0-SNAPSHOT, 2.0.0-SNAPSHOT)</version>
|
<version>[1.0.0-SNAPSHOT, 2.0.0-SNAPSHOT)</version>
|
||||||
<scope>provided</scope>
|
<scope>provided</scope>
|
||||||
</dependency>
|
</dependency>
|
||||||
|
<dependency>
|
||||||
|
<groupId>org.gcube.common.portal</groupId>
|
||||||
|
<artifactId>portal-manager</artifactId>
|
||||||
|
<scope>provided</scope>
|
||||||
|
</dependency>
|
||||||
|
<dependency>
|
||||||
|
<groupId>org.gcube.core</groupId>
|
||||||
|
<artifactId>common-scope</artifactId>
|
||||||
|
<scope>provided</scope>
|
||||||
|
</dependency>
|
||||||
<dependency>
|
<dependency>
|
||||||
<groupId>com.liferay.portal</groupId>
|
<groupId>com.liferay.portal</groupId>
|
||||||
<artifactId>portal-service</artifactId>
|
<artifactId>portal-service</artifactId>
|
||||||
|
|
|
||||||
|
|
@ -33,8 +33,9 @@ public class OpenIdConnectAutoLogin extends BaseAutoLogin {
|
||||||
|
|
||||||
private static final Log log = LogFactoryUtil.getLog(OpenIdConnectAutoLogin.class);
|
private static final Log log = LogFactoryUtil.getLog(OpenIdConnectAutoLogin.class);
|
||||||
|
|
||||||
private static boolean ASSURE_AVATAR_FORMAT = true;
|
private static final boolean ASSURE_AVATAR_FORMAT = true;
|
||||||
private static String DEFAULT_AVATAR_FORMAT = "png";
|
private static final String DEFAULT_AVATAR_FORMAT = "png";
|
||||||
|
private static final boolean DELETE_AVATAR_IF_NOT_FOUND_ON_SERVER = false;
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public String[] doLogin(HttpServletRequest request, HttpServletResponse response) throws Exception {
|
public String[] doLogin(HttpServletRequest request, HttpServletResponse response) throws Exception {
|
||||||
|
|
@ -66,7 +67,9 @@ public class OpenIdConnectAutoLogin extends BaseAutoLogin {
|
||||||
// TODO: to be removed when tested in depth
|
// TODO: to be removed when tested in depth
|
||||||
log.error("Applying strategy", t);
|
log.error("Applying strategy", t);
|
||||||
}
|
}
|
||||||
log.debug("Returning logged in user's info");
|
if (log.isDebugEnabled()) {
|
||||||
|
log.debug("Returning logged in user's info");
|
||||||
|
}
|
||||||
return new String[] { String.valueOf(user.getUserId()), UUID.randomUUID().toString(), "false" };
|
return new String[] { String.valueOf(user.getUserId()), UUID.randomUUID().toString(), "false" };
|
||||||
} else {
|
} else {
|
||||||
log.warn("User is null");
|
log.warn("User is null");
|
||||||
|
|
@ -77,52 +80,75 @@ public class OpenIdConnectAutoLogin extends BaseAutoLogin {
|
||||||
public static User createOrUpdateUser(JWTToken token, long companyId, long groupId, String portalURL,
|
public static User createOrUpdateUser(JWTToken token, long companyId, long groupId, String portalURL,
|
||||||
LiferayOpenIdConnectConfiguration configuration) throws Exception {
|
LiferayOpenIdConnectConfiguration configuration) throws Exception {
|
||||||
|
|
||||||
|
String username = token.getUserName();
|
||||||
String email = token.getEmail();
|
String email = token.getEmail();
|
||||||
String given = token.getGiven();
|
String given = token.getGiven();
|
||||||
String family = token.getFamily();
|
String family = token.getFamily();
|
||||||
String subject = token.getSub();
|
String subject = token.getSub();
|
||||||
String username = token.getUserName();
|
|
||||||
User user = null;
|
User user = null;
|
||||||
try {
|
try {
|
||||||
boolean updateUser = false;
|
user = UserLocalServiceUtil.fetchUserByScreenName(companyId, username);
|
||||||
// Search by email first
|
|
||||||
user = UserLocalServiceUtil.fetchUserByEmailAddress(companyId, email);
|
|
||||||
if (user == null) {
|
if (user == null) {
|
||||||
log.debug("No Liferay user found with email address=" + email + ", trying with openId");
|
// Then search by openId, in case an admin changed the username on OIDC server
|
||||||
// Then search by openId, in case user has changed the email address
|
if (log.isDebugEnabled()) {
|
||||||
|
log.debug("No Liferay user found with username=" + username + ", trying with openId");
|
||||||
|
}
|
||||||
user = UserLocalServiceUtil.fetchUserByOpenId(companyId, subject);
|
user = UserLocalServiceUtil.fetchUserByOpenId(companyId, subject);
|
||||||
if (user == null) {
|
if (user == null) {
|
||||||
log.debug("No Liferay user found with openid=" + subject + " and email address=" + email);
|
if (log.isDebugEnabled()) {
|
||||||
|
log.debug("No Liferay user found with openid=" + subject + " and email address=" + email);
|
||||||
|
}
|
||||||
if (configuration.createUnexistingUser()) {
|
if (configuration.createUnexistingUser()) {
|
||||||
log.info("A new user will be created [email=" + email + ",given=" + given + ",family=" + family
|
log.info("A new user will be created [email=" + email + ",given=" + given + ",family=" + family
|
||||||
+ ",subject=" + subject + ",username=" + username);
|
+ ",subject=" + subject + ",username=" + username);
|
||||||
|
|
||||||
user = addUser(companyId, groupId, portalURL, email, given, family, subject, username);
|
user = addUser(companyId, groupId, portalURL, email, given, family, subject, username);
|
||||||
} else {
|
} else {
|
||||||
log.info("User will not be created according to configuration");
|
log.warn("Unexisting user will not be created according to configuration");
|
||||||
return null;
|
return null;
|
||||||
}
|
}
|
||||||
} else {
|
} else if (log.isDebugEnabled()) {
|
||||||
log.info("User found by its openId, the email will be updated");
|
log.debug("User found by its openId, other info will be updated");
|
||||||
updateUser = true;
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
boolean updateUser = false;
|
||||||
if (user != null) {
|
if (user != null) {
|
||||||
log.debug("User found, updating name details with info from userinfo if changed");
|
if (log.isDebugEnabled()) {
|
||||||
if (given != user.getFirstName()) {
|
log.debug("User found, checking its details against userinfo for changes");
|
||||||
|
}
|
||||||
|
if (given != null && !given.equals(user.getFirstName())) {
|
||||||
|
if (log.isTraceEnabled()) {
|
||||||
|
log.trace("Given name is changed");
|
||||||
|
}
|
||||||
user.setFirstName(given);
|
user.setFirstName(given);
|
||||||
updateUser = true;
|
updateUser = true;
|
||||||
}
|
}
|
||||||
if (family != user.getLastName()) {
|
if (family != null && !family.equals(user.getLastName())) {
|
||||||
|
if (log.isTraceEnabled()) {
|
||||||
|
log.trace("Last name is changed");
|
||||||
|
}
|
||||||
user.setLastName(family);
|
user.setLastName(family);
|
||||||
updateUser = true;
|
updateUser = true;
|
||||||
}
|
}
|
||||||
if (email != user.getEmailAddress()) {
|
if (email != null && !email.equals(user.getEmailAddress())) {
|
||||||
|
if (log.isTraceEnabled()) {
|
||||||
|
log.trace("Email address is changed");
|
||||||
|
}
|
||||||
user.setEmailAddress(email);
|
user.setEmailAddress(email);
|
||||||
updateUser = true;
|
updateUser = true;
|
||||||
}
|
}
|
||||||
|
if (subject != null && !subject.equals(user.getOpenId())) {
|
||||||
|
if (log.isTraceEnabled()) {
|
||||||
|
log.trace("Setting OOID subject as openid");
|
||||||
|
}
|
||||||
|
user.setOpenId(subject);
|
||||||
|
updateUser = true;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
if (updateUser) {
|
if (updateUser) {
|
||||||
|
if (log.isDebugEnabled()) {
|
||||||
|
log.debug("Updating user's details with info from userinfo");
|
||||||
|
}
|
||||||
UserLocalServiceUtil.updateUser(user);
|
UserLocalServiceUtil.updateUser(user);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -130,25 +156,35 @@ public class OpenIdConnectAutoLogin extends BaseAutoLogin {
|
||||||
byte[] userAvatar = OpenIdConnectRESTHelper.getUserAvatar(configuration.getAvatarURL(), token);
|
byte[] userAvatar = OpenIdConnectRESTHelper.getUserAvatar(configuration.getAvatarURL(), token);
|
||||||
if (userAvatar != null && userAvatar.length > 0) {
|
if (userAvatar != null && userAvatar.length > 0) {
|
||||||
if (ASSURE_AVATAR_FORMAT) {
|
if (ASSURE_AVATAR_FORMAT) {
|
||||||
log.debug("Assuring avatar image format as: " + DEFAULT_AVATAR_FORMAT);
|
if (log.isDebugEnabled()) {
|
||||||
log.debug("Reading image stream with length: " + userAvatar.length);
|
log.debug("Assuring avatar image format as: " + DEFAULT_AVATAR_FORMAT);
|
||||||
|
log.debug("Reading image stream with length: " + userAvatar.length);
|
||||||
|
}
|
||||||
BufferedImage bi = ImageIO.read(new ByteArrayInputStream(userAvatar));
|
BufferedImage bi = ImageIO.read(new ByteArrayInputStream(userAvatar));
|
||||||
if (bi != null) {
|
if (bi != null) {
|
||||||
ByteArrayOutputStream baos = new ByteArrayOutputStream();
|
ByteArrayOutputStream baos = new ByteArrayOutputStream();
|
||||||
log.debug("Converting avatar stream image format to: " + DEFAULT_AVATAR_FORMAT);
|
if (log.isDebugEnabled()) {
|
||||||
|
log.debug("Converting avatar stream image format to: " + DEFAULT_AVATAR_FORMAT);
|
||||||
|
}
|
||||||
ImageIO.write(bi, DEFAULT_AVATAR_FORMAT, baos);
|
ImageIO.write(bi, DEFAULT_AVATAR_FORMAT, baos);
|
||||||
baos.flush();
|
baos.flush();
|
||||||
baos.close();
|
baos.close();
|
||||||
log.debug("Reading converted image from the BAOS");
|
if (log.isDebugEnabled()) {
|
||||||
|
log.debug("Reading converted image from the BAOS");
|
||||||
|
}
|
||||||
userAvatar = baos.toByteArray();
|
userAvatar = baos.toByteArray();
|
||||||
} else {
|
} else {
|
||||||
log.warn("Buffered image read is null!");
|
log.warn("Buffered image read is null!");
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
log.debug("Saving the retrieved avatar as user's portrait");
|
if (log.isDebugEnabled()) {
|
||||||
|
log.debug("Saving the retrieved avatar as user's portrait");
|
||||||
|
}
|
||||||
UserLocalServiceUtil.updatePortrait(user.getUserId(), userAvatar);
|
UserLocalServiceUtil.updatePortrait(user.getUserId(), userAvatar);
|
||||||
} else {
|
} else if (DELETE_AVATAR_IF_NOT_FOUND_ON_SERVER) {
|
||||||
log.debug("Deleting the user's portrait since no avatar has been found for the user");
|
if (log.isDebugEnabled()) {
|
||||||
|
log.debug("Deleting the user's portrait since no avatar has been found for the user");
|
||||||
|
}
|
||||||
UserLocalServiceUtil.deletePortrait(user.getUserId());
|
UserLocalServiceUtil.deletePortrait(user.getUserId());
|
||||||
}
|
}
|
||||||
} catch (Throwable t) {
|
} catch (Throwable t) {
|
||||||
|
|
@ -171,9 +207,13 @@ public class OpenIdConnectAutoLogin extends BaseAutoLogin {
|
||||||
boolean autoScreenName = username == null;
|
boolean autoScreenName = username == null;
|
||||||
String screenName = StringPool.BLANK;
|
String screenName = StringPool.BLANK;
|
||||||
if (autoScreenName) {
|
if (autoScreenName) {
|
||||||
log.debug("Screen name will be auto-generated");
|
if (log.isDebugEnabled()) {
|
||||||
|
log.debug("Screen name will be auto-generated");
|
||||||
|
}
|
||||||
} else {
|
} else {
|
||||||
log.debug("Screen name will be set to: " + username);
|
if (log.isDebugEnabled()) {
|
||||||
|
log.debug("Screen name will be set to: " + username);
|
||||||
|
}
|
||||||
screenName = username;
|
screenName = username;
|
||||||
}
|
}
|
||||||
long facebookId = 0;
|
long facebookId = 0;
|
||||||
|
|
@ -211,4 +251,4 @@ public class OpenIdConnectAutoLogin extends BaseAutoLogin {
|
||||||
return user;
|
return user;
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
Loading…
Reference in New Issue