From a5cac5b109fe61bd5d3875ccfd7a54048a997fa0 Mon Sep 17 00:00:00 2001 From: Massimiliano Assante Date: Thu, 30 Jan 2020 12:58:46 +0100 Subject: [PATCH] fixed bug that could ask liferay db data after the user was cancelled --- .../thread/RemoveUserFromJCR.java | 60 +++++-------------- .../thread/RemovedUserAccountThread.java | 39 ++++-------- .../MyCreateUserAccountListener.java | 52 ++++++++++++++-- 3 files changed, 76 insertions(+), 75 deletions(-) diff --git a/src/main/java/org/gcube/portal/removeaccount/thread/RemoveUserFromJCR.java b/src/main/java/org/gcube/portal/removeaccount/thread/RemoveUserFromJCR.java index d72b6bd..163accf 100644 --- a/src/main/java/org/gcube/portal/removeaccount/thread/RemoveUserFromJCR.java +++ b/src/main/java/org/gcube/portal/removeaccount/thread/RemoveUserFromJCR.java @@ -2,19 +2,10 @@ package org.gcube.portal.removeaccount.thread; import static org.gcube.common.authorization.client.Constants.authorizationService; -import java.util.ArrayList; import java.util.List; import org.gcube.common.authorization.library.provider.SecurityTokenProvider; -import org.gcube.common.portal.PortalContext; import org.gcube.common.storagehub.client.dsl.StorageHubClient; -import org.gcube.portal.usersaccount.Constants; -import org.gcube.vomanagement.usermanagement.GroupManager; -import org.gcube.vomanagement.usermanagement.RoleManager; -import org.gcube.vomanagement.usermanagement.UserManager; -import org.gcube.vomanagement.usermanagement.impl.LiferayRoleManager; -import org.gcube.vomanagement.usermanagement.model.GCubeRole; -import org.gcube.vomanagement.usermanagement.model.GCubeUser; import com.liferay.portal.kernel.log.Log; import com.liferay.portal.kernel.log.LogFactoryUtil; @@ -28,46 +19,27 @@ public class RemoveUserFromJCR { private static Log _log = LogFactoryUtil.getLog(RemoveUserFromJCR.class); private String username2Delete; - private GroupManager gm; - private UserManager uMan; - private RoleManager rm; + private String theAdminToken; + private List theAdminRolesString; - public RemoveUserFromJCR(String username2Delete, GroupManager gm, UserManager uMan) { - this.username2Delete = username2Delete; - this.gm = gm; - this.uMan = uMan; - this.rm = new LiferayRoleManager(); + + public RemoveUserFromJCR(String userNameToDelete, String theAdminToken, List theAdminRolesString) { + super(); + this.username2Delete = userNameToDelete; + this.theAdminRolesString = theAdminRolesString; + this.theAdminToken = theAdminToken; } public boolean remove() { try { - _log.debug("in RemoveUserFromJCR remove() for " + username2Delete ); - //get the super user - String infraContext = "/"+PortalContext.getConfiguration().getInfrastructureName(); - long groupId = gm.getGroupIdFromInfrastructureScope(infraContext); - long roleId = rm.getRoleId(Constants.AUTORISED_INFRA_ROLE, groupId); - List users = uMan.listUsersByGroupAndRole(groupId, roleId); - if (users.isEmpty()) { - _log.error("Cannot delete the user: there is no user having role " + Constants.AUTORISED_INFRA_ROLE + " on context: " + infraContext); - return false; - } - else { - GCubeUser theAdmin = users.get(0); - String adminUsername = theAdmin.getUsername(); - String theAdminToken = PortalContext.getConfiguration().getCurrentUserToken(infraContext, adminUsername); - List theAdminRoles = rm.listRolesByUserAndGroup(theAdmin.getUserId(), groupId); - List rolesString = new ArrayList(); - for (GCubeRole gCubeRole : theAdminRoles) { - rolesString.add(gCubeRole.getRoleName()); - } - authorizationService().setTokenRoles(theAdminToken, rolesString); - SecurityTokenProvider.instance.set(theAdminToken); - _log.debug("Autorising drop workspace with infra manager token of " + theAdminToken); - StorageHubClient shc = new StorageHubClient(); - _log.debug("BEFORE stohub.deleteUserAccount " + username2Delete); - shc.deleteUserAccount(username2Delete); - return true; - } + authorizationService().setTokenRoles(theAdminToken, theAdminRolesString); + SecurityTokenProvider.instance.set(theAdminToken); + _log.debug("Autorising drop workspace with infra manager token of " + theAdminToken); + StorageHubClient shc = new StorageHubClient(); + _log.debug("BEFORE stohub.deleteUserAccount " + username2Delete); + shc.deleteUserAccount(username2Delete); + return true; + } catch (Exception e) { e.printStackTrace(); _log.error("Could not delete " + username2Delete + " from JCR an error occurred on the service"); diff --git a/src/main/java/org/gcube/portal/removeaccount/thread/RemovedUserAccountThread.java b/src/main/java/org/gcube/portal/removeaccount/thread/RemovedUserAccountThread.java index 2e2aeee..ca4d368 100644 --- a/src/main/java/org/gcube/portal/removeaccount/thread/RemovedUserAccountThread.java +++ b/src/main/java/org/gcube/portal/removeaccount/thread/RemovedUserAccountThread.java @@ -2,27 +2,10 @@ package org.gcube.portal.removeaccount.thread; import java.util.List; -import javax.portlet.PortletPreferences; - -import org.gcube.common.portal.PortalContext; -import org.gcube.common.portal.mailing.EmailNotification; import org.gcube.portal.usersaccount.Constants; -import org.gcube.vomanagement.usermanagement.GroupManager; -import org.gcube.vomanagement.usermanagement.RoleManager; -import org.gcube.vomanagement.usermanagement.UserManager; -import org.gcube.vomanagement.usermanagement.exception.RoleRetrievalFault; -import org.gcube.vomanagement.usermanagement.impl.LiferayGroupManager; -import org.gcube.vomanagement.usermanagement.impl.LiferayRoleManager; -import org.gcube.vomanagement.usermanagement.impl.LiferayUserManager; -import org.gcube.vomanagement.usermanagement.model.GCubeUser; -import org.gcube.vomanagement.usermanagement.model.GatewayRolesNames; import org.slf4j.Logger; import org.slf4j.LoggerFactory; -import com.liferay.portal.service.PortalPreferencesLocalServiceUtil; -import com.liferay.portal.service.UserLocalServiceUtil; -import com.liferay.portal.util.PortalUtil; - /** * @@ -35,24 +18,26 @@ public class RemovedUserAccountThread implements Runnable { final String SUBJECT = "Removed account notification"; - private String userName; - private GroupManager gm; - private UserManager uMan; + private String userNameToDelete; + private String theAdminToken; + private List theAdminRolesString; - public RemovedUserAccountThread(long userId,String userName) { + + + public RemovedUserAccountThread(String userNameToDelete, String theAdminToken, List theAdminRolesString) { super(); - this.userName = userName; - this.uMan = new LiferayUserManager(); - this.gm = new LiferayGroupManager(); + this.userNameToDelete = userNameToDelete; + this.theAdminRolesString = theAdminRolesString; + this.theAdminToken = theAdminToken; } @Override public void run() { try { - _log.info("Trying to remove user " + userName + " from JCR first, using storageHub with role: "+Constants.AUTORISED_INFRA_ROLE); - RemoveUserFromJCR rmJCR = new RemoveUserFromJCR(userName, gm, uMan); + _log.info("Trying to remove user " + userNameToDelete + " from JCR first, using storageHub with role: "+Constants.AUTORISED_INFRA_ROLE); + RemoveUserFromJCR rmJCR = new RemoveUserFromJCR(userNameToDelete, theAdminToken, theAdminRolesString); boolean result = rmJCR.remove(); - _log.info("The user " + userName + " has been removed from JCR with success? " + result); + _log.info("The user " + userNameToDelete + " has been removed from JCR with success? " + result); } catch (Exception e) { _log.error("An error occurred during user workspace removal: ", e); diff --git a/src/main/java/org/gcube/portal/usersaccount/MyCreateUserAccountListener.java b/src/main/java/org/gcube/portal/usersaccount/MyCreateUserAccountListener.java index 95a6936..cf5b539 100644 --- a/src/main/java/org/gcube/portal/usersaccount/MyCreateUserAccountListener.java +++ b/src/main/java/org/gcube/portal/usersaccount/MyCreateUserAccountListener.java @@ -1,9 +1,25 @@ package org.gcube.portal.usersaccount; +import static org.gcube.common.authorization.client.Constants.authorizationService; + +import java.util.ArrayList; +import java.util.List; + +import org.gcube.common.authorization.library.provider.SecurityTokenProvider; +import org.gcube.common.portal.PortalContext; +import org.gcube.common.storagehub.client.dsl.StorageHubClient; import org.gcube.portal.notifications.thread.NewUserAccountNotificationThread; import org.gcube.portal.removeaccount.thread.RemoveUserTokenFromInfraThread; import org.gcube.portal.removeaccount.thread.RemovedUserAccountThread; import org.gcube.portal.removeaccount.thread.RemovedUserFromLDAPThread; +import org.gcube.vomanagement.usermanagement.GroupManager; +import org.gcube.vomanagement.usermanagement.RoleManager; +import org.gcube.vomanagement.usermanagement.UserManager; +import org.gcube.vomanagement.usermanagement.impl.LiferayGroupManager; +import org.gcube.vomanagement.usermanagement.impl.LiferayRoleManager; +import org.gcube.vomanagement.usermanagement.impl.LiferayUserManager; +import org.gcube.vomanagement.usermanagement.model.GCubeRole; +import org.gcube.vomanagement.usermanagement.model.GCubeUser; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -23,6 +39,9 @@ import com.liferay.portal.model.User; public class MyCreateUserAccountListener extends BaseModelListener { private static final Logger _log = LoggerFactory.getLogger(MyCreateUserAccountListener.class); final String SUBJECT = "New user account notification"; + private GroupManager gm; + private UserManager uMan; + private RoleManager rm; @Override public void onAfterCreate(User user) throws ModelListenerException { @@ -36,16 +55,41 @@ public class MyCreateUserAccountListener extends BaseModelListener { @Override public void onBeforeRemove(User user) throws ModelListenerException { + gm = new LiferayGroupManager(); + uMan = new LiferayUserManager(); + rm = new LiferayRoleManager(); + _log.info("onBeforeRemove userAccount listener for: " + user.getScreenName() + " / " + user.getFullName()); String username2Delete = user.getScreenName(); _log.info("Trying to remove user from JCR and not notify infra-managers ..."); - try { - Thread dropUserWorkspaceThread = new Thread(new RemovedUserAccountThread(user.getUserId(), username2Delete)); - dropUserWorkspaceThread.start(); + try { + _log.debug("Getting super user with role {}", Constants.AUTORISED_INFRA_ROLE); + //get the super user + String infraContext = "/"+PortalContext.getConfiguration().getInfrastructureName(); + long groupId = gm.getGroupIdFromInfrastructureScope(infraContext); + long roleId = rm.getRoleId(Constants.AUTORISED_INFRA_ROLE, groupId); + List users = uMan.listUsersByGroupAndRole(groupId, roleId); + if (users.isEmpty()) { + _log.error("Cannot delete the user: there is no user having role " + Constants.AUTORISED_INFRA_ROLE + " on context: " + infraContext); + return; + } + else { + GCubeUser theAdmin = users.get(0); + String adminUsername = theAdmin.getUsername(); + String theAdminToken = PortalContext.getConfiguration().getCurrentUserToken(infraContext, adminUsername); + List theAdminRoles = rm.listRolesByUserAndGroup(theAdmin.getUserId(), groupId); + List rolesString = new ArrayList(); + for (GCubeRole gCubeRole : theAdminRoles) { + rolesString.add(gCubeRole.getRoleName()); + } + Thread dropUserWorkspaceThread = new Thread(new RemovedUserAccountThread(username2Delete, theAdminToken, rolesString)); + dropUserWorkspaceThread.start(); + } + _log.info("Trying to remove user from LDAP ..."); Thread removeFromLDAPThread = new Thread(new RemovedUserFromLDAPThread(username2Delete)); removeFromLDAPThread.start(); - + _log.info("Trying to remove user from Auth ..."); Thread deleteAllUserAuthThread = new Thread(new RemoveUserTokenFromInfraThread(username2Delete)); deleteAllUserAuthThread.start();