Skip to content

Commit

Permalink
Merge pull request DSpace#9678 from saschaszott/saschaszott-patch-2
Browse files Browse the repository at this point in the history 
LDAPAuthentication considers update of eperson's attributes
  • Loading branch information
@tdonohue
tdonohue authored Sep 26, 2024
2 parents 9845d54 + aaa74b8 commit 538f503
Showing 1 changed file with 46 additions and 28 deletions.
74 changes: 46 additions & 28 deletions dspace-api/src/main/java/org/dspace/authenticate/LDAPAuthentication.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,7 @@
import java.util.Hashtable;
import java.util.Iterator;
import java.util.List;
import java.util.Optional;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.Attribute;
Expand Down Expand Up @@ -68,12 +69,8 @@
* @author Ivan Masár
* @author Michael Plate
*/
public class LDAPAuthentication
implements AuthenticationMethod {
public class LDAPAuthentication implements AuthenticationMethod {

/**
* log4j category
*/
private static final Logger log
= org.apache.logging.log4j.LogManager.getLogger(LDAPAuthentication.class);

Expand Down Expand Up @@ -130,15 +127,15 @@ public boolean allowSetPassword(Context context,
return false;
}

/*
/**
* This is an explicit method.
*/
@Override
public boolean isImplicit() {
return false;
}

/*
/**
* Add authenticated users to the group defined in dspace.cfg by
* the login.specialgroup key.
*/
Expand Down Expand Up @@ -177,7 +174,7 @@ public List<Group> getSpecialGroups(Context context, HttpServletRequest request)
return Collections.EMPTY_LIST;
}

/*
/**
* Authenticate the given credentials.
* This is the heart of the authentication method: test the
* credentials for authenticity, and if accepted, attempt to match
Expand All @@ -187,7 +184,7 @@ public List<Group> getSpecialGroups(Context context, HttpServletRequest request)
* @param context
* DSpace context, will be modified (ePerson set) upon success.
*
* @param username
* @param netid
* Username (or email address) when method is explicit. Use null for
* implicit method.
*
Expand Down Expand Up @@ -250,7 +247,7 @@ public int authenticate(Context context,
}

// Check a DN was found
if ((dn == null) || (dn.trim().equals(""))) {
if (StringUtils.isBlank(dn)) {
log.info(LogHelper
.getHeader(context, "failed_login", "no DN found for user " + netid));
return BAD_CREDENTIALS;
Expand All @@ -269,6 +266,18 @@ public int authenticate(Context context,
context.setCurrentUser(eperson);
request.setAttribute(LDAP_AUTHENTICATED, true);

// update eperson's attributes
context.turnOffAuthorisationSystem();
setEpersonAttributes(context, eperson, ldap, Optional.empty());
try {
ePersonService.update(context, eperson);
context.dispatchEvents();
} catch (AuthorizeException e) {
log.warn("update of eperson " + eperson.getID() + " failed", e);
} finally {
context.restoreAuthSystemState();
}

// assign user to groups based on ldap dn
assignGroups(dn, ldap.ldapGroup, context);

Expand Down Expand Up @@ -313,14 +322,13 @@ public int authenticate(Context context,
log.info(LogHelper.getHeader(context,
"type=ldap-login", "type=ldap_but_already_email"));
context.turnOffAuthorisationSystem();
eperson.setNetid(netid.toLowerCase());
setEpersonAttributes(context, eperson, ldap, Optional.of(netid));
ePersonService.update(context, eperson);
context.dispatchEvents();
context.restoreAuthSystemState();
context.setCurrentUser(eperson);
request.setAttribute(LDAP_AUTHENTICATED, true);


// assign user to groups based on ldap dn
assignGroups(dn, ldap.ldapGroup, context);

Expand All @@ -331,20 +339,7 @@ public int authenticate(Context context,
try {
context.turnOffAuthorisationSystem();
eperson = ePersonService.create(context);
if (StringUtils.isNotEmpty(email)) {
eperson.setEmail(email);
}
if (StringUtils.isNotEmpty(ldap.ldapGivenName)) {
eperson.setFirstName(context, ldap.ldapGivenName);
}
if (StringUtils.isNotEmpty(ldap.ldapSurname)) {
eperson.setLastName(context, ldap.ldapSurname);
}
if (StringUtils.isNotEmpty(ldap.ldapPhone)) {
ePersonService.setMetadataSingleValue(context, eperson,
MD_PHONE, ldap.ldapPhone, null);
}
eperson.setNetid(netid.toLowerCase());
setEpersonAttributes(context, eperson, ldap, Optional.of(netid));
eperson.setCanLogIn(true);
authenticationService.initEPerson(context, request, eperson);
ePersonService.update(context, eperson);
Expand Down Expand Up @@ -382,6 +377,29 @@ public int authenticate(Context context,
return BAD_ARGS;
}

/**
* Update eperson's attributes
*/
private void setEpersonAttributes(Context context, EPerson eperson, SpeakerToLDAP ldap, Optional<String> netid)
throws SQLException {

if (StringUtils.isNotEmpty(ldap.ldapEmail)) {
eperson.setEmail(ldap.ldapEmail);
}
if (StringUtils.isNotEmpty(ldap.ldapGivenName)) {
eperson.setFirstName(context, ldap.ldapGivenName);
}
if (StringUtils.isNotEmpty(ldap.ldapSurname)) {
eperson.setLastName(context, ldap.ldapSurname);
}
if (StringUtils.isNotEmpty(ldap.ldapPhone)) {
ePersonService.setMetadataSingleValue(context, eperson, MD_PHONE, ldap.ldapPhone, null);
}
if (netid.isPresent()) {
eperson.setNetid(netid.get().toLowerCase());
}
}

/**
* Internal class to manage LDAP query and results, mainly
* because there are multiple values to return.
Expand Down Expand Up @@ -673,7 +691,7 @@ protected boolean ldapAuthenticate(String netid, String password,
}
}

/*
/**
* Returns the URL of an external login page which is not applicable for this authn method.
*
* Note: Prior to DSpace 7, this method return the page of login servlet.
Expand Down Expand Up @@ -701,7 +719,7 @@ public String getName() {
return "ldap";
}

/*
/**
* Add authenticated users to the group defined in dspace.cfg by
* the authentication-ldap.login.groupmap.* key.
*
Expand Down

0 comments on commit 538f503

Please sign in to comment.