dhis2-devs team mailing list archive
-
dhis2-devs team
-
Mailing list archive
-
Message #41199
[Branch ~dhis2-devs-core/dhis2/trunk] Rev 20975: Users. Impl uniqueness check for LDAP identifier.
------------------------------------------------------------
revno: 20975
committer: Lars Helge Overland <larshelge@xxxxxxxxx>
branch nick: dhis2
timestamp: Sat 2015-11-07 18:11:20 +0100
message:
Users. Impl uniqueness check for LDAP identifier.
modified:
dhis-2/dhis-api/src/main/java/org/hisp/dhis/setting/SystemSettingManager.java
dhis-2/dhis-api/src/main/java/org/hisp/dhis/user/UserCredentials.java
dhis-2/dhis-api/src/main/java/org/hisp/dhis/user/UserCredentialsStore.java
dhis-2/dhis-api/src/main/java/org/hisp/dhis/user/UserService.java
dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/security/DefaultUserDetailsService.java
dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/setting/DefaultSystemSettingManager.java
dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/user/DefaultUserService.java
dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/user/hibernate/HibernateUserCredentialsStore.java
dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-user/src/main/java/org/hisp/dhis/user/action/ValidateUserAction.java
dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-user/src/main/resources/org/hisp/dhis/user/i18n_module.properties
dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-user/src/main/webapp/dhis-web-maintenance-user/addUserForm.vm
--
lp:dhis2
https://code.launchpad.net/~dhis2-devs-core/dhis2/trunk
Your team DHIS 2 developers is subscribed to branch lp:dhis2.
To unsubscribe from this branch go to https://code.launchpad.net/~dhis2-devs-core/dhis2/trunk/+edit-subscription
=== modified file 'dhis-2/dhis-api/src/main/java/org/hisp/dhis/setting/SystemSettingManager.java'
--- dhis-2/dhis-api/src/main/java/org/hisp/dhis/setting/SystemSettingManager.java 2015-10-16 20:17:09 +0000
+++ dhis-2/dhis-api/src/main/java/org/hisp/dhis/setting/SystemSettingManager.java 2015-11-07 17:11:20 +0000
@@ -95,6 +95,8 @@
boolean hideUnapprovedDataInAnalytics();
+ boolean isOpenIdConfigured();
+
String googleAnalyticsUA();
Integer credentialsExpires();
=== modified file 'dhis-2/dhis-api/src/main/java/org/hisp/dhis/user/UserCredentials.java'
--- dhis-2/dhis-api/src/main/java/org/hisp/dhis/user/UserCredentials.java 2015-11-03 03:22:58 +0000
+++ dhis-2/dhis-api/src/main/java/org/hisp/dhis/user/UserCredentials.java 2015-11-07 17:11:20 +0000
@@ -441,13 +441,13 @@
}
/**
- * Indicates whether the LDAP identifier is present.
+ * Indicates whether a password is set.
*/
- public boolean hasLdapId()
+ public boolean hasPassword()
{
- return ldapId != null && !ldapId.isEmpty();
+ return password != null;
}
-
+
// -------------------------------------------------------------------------
// hashCode and equals
// -------------------------------------------------------------------------
=== modified file 'dhis-2/dhis-api/src/main/java/org/hisp/dhis/user/UserCredentialsStore.java'
--- dhis-2/dhis-api/src/main/java/org/hisp/dhis/user/UserCredentialsStore.java 2015-01-17 07:41:26 +0000
+++ dhis-2/dhis-api/src/main/java/org/hisp/dhis/user/UserCredentialsStore.java 2015-11-07 17:11:20 +0000
@@ -54,5 +54,14 @@
* @param openId open ID.
* @return the UserCredentials.
*/
- UserCredentials getUserCredentialsByOpenID( String openId );
+ UserCredentials getUserCredentialsByOpenId( String openId );
+
+ /**
+ * Retrieves the UserCredentials associated with the User with the given
+ * LDAP ID.
+ *
+ * @param ldapId LDAP ID.
+ * @return the UserCredentials.
+ */
+ UserCredentials getUserCredentialsByLdapId( String ldapId );
}
=== modified file 'dhis-2/dhis-api/src/main/java/org/hisp/dhis/user/UserService.java'
--- dhis-2/dhis-api/src/main/java/org/hisp/dhis/user/UserService.java 2015-09-16 14:49:50 +0000
+++ dhis-2/dhis-api/src/main/java/org/hisp/dhis/user/UserService.java 2015-11-07 17:11:20 +0000
@@ -219,7 +219,16 @@
* @param openId the openId of the User.
* @return the UserCredentials.
*/
- UserCredentials getUserCredentialsByOpenID( String openId );
+ UserCredentials getUserCredentialsByOpenId( String openId );
+
+ /**
+ * Retrieves the UserCredentials associated with the User with the given
+ * LDAP ID.
+ *
+ * @param ldapId the ldapId of the User.
+ * @return the UserCredentials.
+ */
+ UserCredentials getUserCredentialsByLdapId( String ldapId );
/**
* Retrieves all UserCredentials.
=== modified file 'dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/security/DefaultUserDetailsService.java'
--- dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/security/DefaultUserDetailsService.java 2015-11-03 04:47:50 +0000
+++ dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/security/DefaultUserDetailsService.java 2015-11-07 17:11:20 +0000
@@ -1,5 +1,6 @@
package org.hisp.dhis.security;
+import org.hisp.dhis.common.CodeGenerator;
import org.hisp.dhis.system.util.SecurityUtils;
import org.hisp.dhis.user.UserCredentials;
import org.hisp.dhis.user.UserService;
@@ -46,7 +47,7 @@
if ( credentials == null )
{
- credentials = userService.getUserCredentialsByOpenID( username );
+ credentials = userService.getUserCredentialsByOpenId( username );
if ( credentials == null )
{
@@ -55,12 +56,20 @@
}
// ---------------------------------------------------------------------
- // UserDetails
+ // If password is null, assume external authentication (OpenID, LDAP)
+ // and set not encoded, random password to satisfy Spring Security
// ---------------------------------------------------------------------
+ String password = credentials.getPassword();
+
+ if ( !credentials.hasPassword() )
+ {
+ password = CodeGenerator.generateCode( 60 );
+ }
+
boolean credentialsExpired = userService.credentialsNonExpired( credentials );
- return new User( credentials.getUsername(), credentials.getPassword(),
+ return new User( credentials.getUsername(), password,
!credentials.isDisabled(), true, credentialsExpired, true, SecurityUtils.getGrantedAuthorities( credentials ) );
}
}
=== modified file 'dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/setting/DefaultSystemSettingManager.java'
--- dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/setting/DefaultSystemSettingManager.java 2015-10-16 20:17:09 +0000
+++ dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/setting/DefaultSystemSettingManager.java 2015-11-07 17:11:20 +0000
@@ -370,6 +370,12 @@
}
@Override
+ public boolean isOpenIdConfigured()
+ {
+ return getSystemSetting( Setting.OPENID_PROVIDER ) != null && getSystemSetting( Setting.OPENID_PROVIDER_LABEL ) != null;
+ }
+
+ @Override
public String googleAnalyticsUA()
{
return StringUtils.trimToNull( (String) getSystemSetting( Setting.GOOGLE_ANALYTICS_UA ) );
=== modified file 'dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/user/DefaultUserService.java'
--- dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/user/DefaultUserService.java 2015-10-06 18:24:42 +0000
+++ dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/user/DefaultUserService.java 2015-11-07 17:11:20 +0000
@@ -583,9 +583,15 @@
}
@Override
- public UserCredentials getUserCredentialsByOpenID( String openId )
- {
- return userCredentialsStore.getUserCredentialsByOpenID( openId );
+ public UserCredentials getUserCredentialsByOpenId( String openId )
+ {
+ return userCredentialsStore.getUserCredentialsByOpenId( openId );
+ }
+
+ @Override
+ public UserCredentials getUserCredentialsByLdapId( String ldapId )
+ {
+ return userCredentialsStore.getUserCredentialsByLdapId( ldapId );
}
@Override
=== modified file 'dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/user/hibernate/HibernateUserCredentialsStore.java'
--- dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/user/hibernate/HibernateUserCredentialsStore.java 2015-01-17 07:41:26 +0000
+++ dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/user/hibernate/HibernateUserCredentialsStore.java 2015-11-07 17:11:20 +0000
@@ -49,10 +49,17 @@
}
@Override
- public UserCredentials getUserCredentialsByOpenID( String openId )
+ public UserCredentials getUserCredentialsByOpenId( String openId )
{
Query query = getQuery( "from UserCredentials uc where uc.openId = :openId" );
query.setString( "openId", openId );
return (UserCredentials) query.uniqueResult();
}
+
+ public UserCredentials getUserCredentialsByLdapId( String ldapId )
+ {
+ Query query = getQuery( "from UserCredentials uc where uc.ldapId = :ldapId" );
+ query.setString( "ldapId", ldapId );
+ return (UserCredentials) query.uniqueResult();
+ }
}
=== modified file 'dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-user/src/main/java/org/hisp/dhis/user/action/ValidateUserAction.java'
--- dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-user/src/main/java/org/hisp/dhis/user/action/ValidateUserAction.java 2015-01-17 07:41:26 +0000
+++ dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-user/src/main/java/org/hisp/dhis/user/action/ValidateUserAction.java 2015-11-07 17:11:20 +0000
@@ -83,6 +83,13 @@
this.openId = openId;
}
+ private String ldapId;
+
+ public void setLdapId( String ldapId )
+ {
+ this.ldapId = ldapId;
+ }
+
private String inviteUsername;
public void setInviteUsername( String inviteUsername )
@@ -123,7 +130,7 @@
if ( openId != null )
{
- UserCredentials match = userService.getUserCredentialsByOpenID( openId );
+ UserCredentials match = userService.getUserCredentialsByOpenId( openId );
if ( match != null && (id == null || match.getId() != id) )
{
@@ -133,6 +140,18 @@
}
}
+ if ( ldapId != null )
+ {
+ UserCredentials match = userService.getUserCredentialsByLdapId( ldapId );
+
+ if ( match != null && (id == null || match.getId() != id) )
+ {
+ message = i18n.getString( "ldap_in_use" );
+
+ return ERROR;
+ }
+ }
+
if ( inviteUsername != null )
{
UserCredentials match = userService.getUserCredentialsByUsername( inviteUsername );
=== modified file 'dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-user/src/main/resources/org/hisp/dhis/user/i18n_module.properties'
--- dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-user/src/main/resources/org/hisp/dhis/user/i18n_module.properties 2015-11-03 03:22:58 +0000
+++ dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-user/src/main/resources/org/hisp/dhis/user/i18n_module.properties 2015-11-07 17:11:20 +0000
@@ -383,4 +383,5 @@
resend_invitation=Resend invitation
invitation_sent=Invitation sent
programs = Programs
-ldap_id=LDAP identifier
\ No newline at end of file
+ldap_id=LDAP identifier
+ldap_in_use=LDAP identifier in use
\ No newline at end of file
=== modified file 'dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-user/src/main/webapp/dhis-web-maintenance-user/addUserForm.vm'
--- dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-user/src/main/webapp/dhis-web-maintenance-user/addUserForm.vm 2015-11-03 03:22:58 +0000
+++ dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-user/src/main/webapp/dhis-web-maintenance-user/addUserForm.vm 2015-11-07 17:11:20 +0000
@@ -28,6 +28,7 @@
checkValueIsExist("username", "validateUser.action");
checkValueIsExist("openId", "validateUser.action");
+ checkValueIsExist("ldapId", "validateUser.action");
checkValueIsExist("inviteUsername", "validateUser.action");
ouwtSelected = selection.getSelected();
