Example 1 with ExecuteWorkflow
use of com.tremolosecurity.provisioning.workflow.ExecuteWorkflow in project OpenUnison by TremoloSecurity.
the class ScaleRegister method doFilter.
@Override
public void doFilter(HttpFilterRequest request, HttpFilterResponse response, HttpFilterChain chain) throws Exception {
Gson gson = new Gson();
request.getServletRequest().setAttribute("com.tremolosecurity.unison.proxy.noRedirectOnError", "com.tremolosecurity.unison.proxy.noRedirectOnError");
if (request.getRequestURI().endsWith("/register/config")) {
response.setContentType("application/json");
ScaleJSUtils.addCacheHeaders(response);
ScaleJSRegisterConfig localCfg = gson.fromJson(gson.toJson(this.scaleConfig), ScaleJSRegisterConfig.class);
for (String attrName : scaleConfig.getAttributes().keySet()) {
ScaleAttribute fromMainCfg = scaleConfig.getAttributes().get(attrName);
if (fromMainCfg.getDynamicSource() != null) {
ScaleAttribute fromLocalCfg = localCfg.getAttributes().get(attrName);
fromLocalCfg.setValues(fromMainCfg.getDynamicSource().getSourceList(request));
}
}
response.getWriter().println(gson.toJson(localCfg).trim());
} else if (request.getRequestURI().endsWith("/register/values")) {
String attributeName = request.getParameter("name").getValues().get(0);
List<NVP> values = this.scaleConfig.getAttributes().get(attributeName).getDynamicSource().getSourceList(request);
response.setContentType("application/json");
ScaleJSUtils.addCacheHeaders(response);
response.getWriter().println(gson.toJson(values).trim());
} else if (request.getRequestURI().endsWith("/register/submit")) {
ScaleError errors = new ScaleError();
String json = new String((byte[]) request.getAttribute(ProxySys.MSG_BODY));
NewUserRequest newUser = gson.fromJson(json, NewUserRequest.class);
if (scaleConfig.isRequireReCaptcha()) {
if (newUser.getReCaptchaCode() == null || newUser.getReCaptchaCode().isEmpty()) {
errors.getErrors().add("Please verify you are not a robot");
} else {
BasicHttpClientConnectionManager bhcm = new BasicHttpClientConnectionManager(GlobalEntries.getGlobalEntries().getConfigManager().getHttpClientSocketRegistry());
RequestConfig rc = RequestConfig.custom().setCookieSpec(CookieSpecs.STANDARD).build();
CloseableHttpClient http = HttpClients.custom().setConnectionManager(bhcm).setDefaultRequestConfig(rc).build();
HttpPost httppost = new HttpPost("https://www.google.com/recaptcha/api/siteverify");
List<NameValuePair> formparams = new ArrayList<NameValuePair>();
formparams.add(new BasicNameValuePair("secret", scaleConfig.getRcSecretKey()));
formparams.add(new BasicNameValuePair("response", newUser.getReCaptchaCode()));
UrlEncodedFormEntity entity = new UrlEncodedFormEntity(formparams, "UTF-8");
httppost.setEntity(entity);
CloseableHttpResponse resp = http.execute(httppost);
ReCaptchaResponse res = gson.fromJson(EntityUtils.toString(resp.getEntity()), ReCaptchaResponse.class);
if (!res.isSuccess()) {
errors.getErrors().add("Human validation failed");
}
http.close();
bhcm.close();
}
}
if (scaleConfig.isRequireTermsAndConditions() && !newUser.isCheckedTermsAndConditions()) {
errors.getErrors().add("You must accept the terms and conditions to register");
}
if (this.scaleConfig.isRequireReason() && (newUser.getReason() == null || newUser.getReason().isEmpty())) {
errors.getErrors().add("Reason is required");
}
if (this.scaleConfig.isPreSetPassword()) {
if (newUser.getPassword() == null || newUser.getPassword().isEmpty()) {
errors.getErrors().add("Password is required");
} else if (!newUser.getPassword().equals(newUser.getPassword2())) {
errors.getErrors().add("Passwords must match");
}
}
for (String attributeName : this.scaleConfig.getAttributes().keySet()) {
String value = newUser.getAttributes().get(attributeName);
if (this.scaleConfig.getAttributes().get(attributeName) == null) {
errors.getErrors().add("Invalid attribute : '" + attributeName + "'");
}
if (this.scaleConfig.getAttributes().get(attributeName).isReadOnly()) {
errors.getErrors().add("Attribute is read only : '" + this.scaleConfig.getAttributes().get(attributeName).getDisplayName() + "'");
}
if (this.scaleConfig.getAttributes().get(attributeName).isRequired() && (value == null || value.length() == 0)) {
errors.getErrors().add("Attribute is required : '" + this.scaleConfig.getAttributes().get(attributeName).getDisplayName() + "'");
}
if (this.scaleConfig.getAttributes().get(attributeName).getMinChars() > 0 && this.scaleConfig.getAttributes().get(attributeName).getMinChars() > value.length()) {
errors.getErrors().add(this.scaleConfig.getAttributes().get(attributeName).getDisplayName() + " must have at least " + this.scaleConfig.getAttributes().get(attributeName).getMinChars() + " characters");
}
if (this.scaleConfig.getAttributes().get(attributeName).getMaxChars() > 0 && this.scaleConfig.getAttributes().get(attributeName).getMaxChars() < value.length()) {
errors.getErrors().add(this.scaleConfig.getAttributes().get(attributeName).getDisplayName() + " must have at most " + this.scaleConfig.getAttributes().get(attributeName).getMaxChars() + " characters");
}
if (this.scaleConfig.getAttributes().get(attributeName).getType().equalsIgnoreCase("list")) {
if (this.scaleConfig.getAttributes().get(attributeName).getDynamicSource() == null) {
boolean found = false;
for (NVP nvp : this.scaleConfig.getAttributes().get(attributeName).getValues()) {
if (nvp.getValue().equalsIgnoreCase(value)) {
found = true;
}
}
if (!found) {
errors.getErrors().add(this.scaleConfig.getAttributes().get(attributeName).getDisplayName() + " has an invalid value");
}
}
}
if (this.scaleConfig.getAttributes().get(attributeName).getPattern() != null) {
boolean ok = true;
try {
Matcher m = this.scaleConfig.getAttributes().get(attributeName).getPattern().matcher(value);
if (m == null || !m.matches()) {
ok = false;
}
} catch (Exception e) {
ok = false;
}
if (!ok) {
errors.getErrors().add("Attribute value not valid : '" + this.scaleConfig.getAttributes().get(attributeName).getDisplayName() + "' - " + this.scaleConfig.getAttributes().get(attributeName).getRegExFailedMsg());
}
}
if (this.scaleConfig.getAttributes().get(attributeName).isUnique()) {
String filter = equal(attributeName, value).toString();
LDAPSearchResults res = GlobalEntries.getGlobalEntries().getConfigManager().getMyVD().search(GlobalEntries.getGlobalEntries().getConfigManager().getCfg().getLdapRoot(), 2, filter, new ArrayList<String>());
if (res.hasMore()) {
errors.getErrors().add(this.scaleConfig.getAttributes().get(attributeName).getDisplayName() + " is not available");
}
while (res.hasMore()) res.next();
}
if (this.scaleConfig.getAttributes().get(attributeName).getDynamicSource() != null) {
String error = this.scaleConfig.getAttributes().get(attributeName).getDynamicSource().validate(value, request);
if (error != null) {
errors.getErrors().add(this.scaleConfig.getAttributes().get(attributeName).getDisplayName() + " - " + error);
}
}
}
WFCall wfcall = null;
String wfName = this.scaleConfig.getWorkflowName();
if (errors.getErrors().isEmpty()) {
if (scaleConfig.isUseCustomSubmission()) {
AuthInfo userData = ((AuthController) request.getSession().getAttribute(ProxyConstants.AUTH_CTL)).getAuthInfo();
wfName = cru.createTremoloUser(newUser, errors.getErrors(), userData);
}
}
if (errors.getErrors().isEmpty()) {
TremoloUser user = new TremoloUser();
AuthInfo userData = ((AuthController) request.getSession().getAttribute(ProxyConstants.AUTH_CTL)).getAuthInfo();
if (this.scaleConfig.isSubmitLoggedInUser()) {
user.setUid(userData.getAttribs().get(this.scaleConfig.getUidAttributeName()).getValues().get(0));
user.getAttributes().add(new Attribute(this.scaleConfig.getUidAttributeName(), userData.getAttribs().get(this.scaleConfig.getUidAttributeName()).getValues().get(0)));
} else {
user.setUid(newUser.getAttributes().get(this.scaleConfig.getUidAttributeName()));
}
for (String attrName : newUser.getAttributes().keySet()) {
user.getAttributes().add(new Attribute(attrName, newUser.getAttributes().get(attrName)));
}
if (this.scaleConfig.isPreSetPassword()) {
user.setUserPassword(newUser.getPassword());
}
wfcall = new WFCall();
wfcall.setUidAttributeName(this.scaleConfig.getUidAttributeName());
wfcall.setReason(newUser.getReason());
wfcall.setName(wfName);
wfcall.setUser(user);
HashMap<String, Object> params = new HashMap<String, Object>();
wfcall.setRequestParams(params);
if (userData.getAuthLevel() != 0 && !this.scaleConfig.isSubmitLoggedInUser()) {
wfcall.setRequestor(userData.getAttribs().get(GlobalEntries.getGlobalEntries().getConfigManager().getCfg().getProvisioning().getApprovalDB().getUserIdAttribute()).getValues().get(0));
wfcall.getRequestParams().put(Approval.SEND_NOTIFICATION, "false");
wfcall.getRequestParams().put(Approval.REASON, newUser.getReason());
wfcall.getRequestParams().put(Approval.IMMEDIATE_ACTION, "true");
}
if (scaleConfig.isUseCustomSubmission()) {
cru.setWorkflowParameters(params, newUser, userData);
}
ExecuteWorkflow exec = new ExecuteWorkflow();
try {
exec.execute(wfcall, GlobalEntries.getGlobalEntries().getConfigManager());
} catch (Exception e) {
throw new ProvisioningException("Could not complete registration", e);
}
SubmitResponse res = new SubmitResponse();
res.setAddNewUsers(userData.getAuthLevel() != 0);
ScaleJSUtils.addCacheHeaders(response);
response.getWriter().print(gson.toJson(res));
response.getWriter().flush();
} else {
response.setStatus(500);
ScaleJSUtils.addCacheHeaders(response);
response.getWriter().print(gson.toJson(errors).trim());
response.getWriter().flush();
}
} else {
response.setStatus(500);
ScaleJSUtils.addCacheHeaders(response);
ScaleError error = new ScaleError();
error.getErrors().add("Operation not supported");
response.getWriter().print(gson.toJson(error).trim());
response.getWriter().flush();
}
}
Also used :
ScaleAttribute(com.tremolosecurity.scalejs.cfg.ScaleAttribute)
HttpPost(org.apache.http.client.methods.HttpPost)
Matcher(java.util.regex.Matcher)
Attribute(com.tremolosecurity.saml.Attribute)
ScaleAttribute(com.tremolosecurity.scalejs.cfg.ScaleAttribute)
HashMap(java.util.HashMap)
ScaleJSRegisterConfig(com.tremolosecurity.scalejs.register.cfg.ScaleJSRegisterConfig)
SubmitResponse(com.tremolosecurity.scalejs.register.data.SubmitResponse)
ArrayList(java.util.ArrayList)
Gson(com.google.gson.Gson)
NVP(com.tremolosecurity.util.NVP)
ReCaptchaResponse(com.tremolosecurity.scalejs.register.data.ReCaptchaResponse)
TremoloUser(com.tremolosecurity.provisioning.service.util.TremoloUser)
BasicNameValuePair(org.apache.http.message.BasicNameValuePair)
ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException)
CloseableHttpResponse(org.apache.http.client.methods.CloseableHttpResponse)
ArrayList(java.util.ArrayList)
SourceList(com.tremolosecurity.scalejs.sdk.SourceList)
List(java.util.List)
BasicHttpClientConnectionManager(org.apache.http.impl.conn.BasicHttpClientConnectionManager)
RequestConfig(org.apache.http.client.config.RequestConfig)
CloseableHttpClient(org.apache.http.impl.client.CloseableHttpClient)
BasicNameValuePair(org.apache.http.message.BasicNameValuePair)
NameValuePair(org.apache.http.NameValuePair)
WFCall(com.tremolosecurity.provisioning.service.util.WFCall)
AuthInfo(com.tremolosecurity.proxy.auth.AuthInfo)
ScaleError(com.tremolosecurity.scalejs.data.ScaleError)
UrlEncodedFormEntity(org.apache.http.client.entity.UrlEncodedFormEntity)
AuthController(com.tremolosecurity.proxy.auth.AuthController)
ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException)
LDAPSearchResults(com.novell.ldap.LDAPSearchResults)
ExecuteWorkflow(com.tremolosecurity.provisioning.workflow.ExecuteWorkflow)
NewUserRequest(com.tremolosecurity.scalejs.register.data.NewUserRequest)
Aggregations
Gson (com.google.gson.Gson)1
LDAPSearchResults (com.novell.ldap.LDAPSearchResults)1
ProvisioningException (com.tremolosecurity.provisioning.core.ProvisioningException)1
TremoloUser (com.tremolosecurity.provisioning.service.util.TremoloUser)1
WFCall (com.tremolosecurity.provisioning.service.util.WFCall)1
ExecuteWorkflow (com.tremolosecurity.provisioning.workflow.ExecuteWorkflow)1
AuthController (com.tremolosecurity.proxy.auth.AuthController)1
AuthInfo (com.tremolosecurity.proxy.auth.AuthInfo)1
Attribute (com.tremolosecurity.saml.Attribute)1
ScaleAttribute (com.tremolosecurity.scalejs.cfg.ScaleAttribute)1
ScaleError (com.tremolosecurity.scalejs.data.ScaleError)1
ScaleJSRegisterConfig (com.tremolosecurity.scalejs.register.cfg.ScaleJSRegisterConfig)1
NewUserRequest (com.tremolosecurity.scalejs.register.data.NewUserRequest)1
ReCaptchaResponse (com.tremolosecurity.scalejs.register.data.ReCaptchaResponse)1
SubmitResponse (com.tremolosecurity.scalejs.register.data.SubmitResponse)1
SourceList (com.tremolosecurity.scalejs.sdk.SourceList)1
NVP (com.tremolosecurity.util.NVP)1
ArrayList (java.util.ArrayList)1
HashMap (java.util.HashMap)1
List (java.util.List)1
