Search in sources :

Example 1 with ScaleMain

use of com.tremolosecurity.scalejs.ws.ScaleMain in project OpenUnison by TremoloSecurity.

the class ScaleJSOperator method lookupUser.

private void lookupUser(HttpFilterRequest request, HttpFilterResponse response, Gson gson) throws Exception, LDAPException, IOException {
    if (this.scaleMainConfig == null) {
        UrlHolder holder = GlobalEntries.getGlobalEntries().getConfigManager().findURL(this.scaleMainURL);
        for (HttpFilter filter : holder.getFilterChain()) {
            if (filter instanceof ScaleMain) {
                ScaleMain scaleMain = (ScaleMain) filter;
                this.scaleMainConfig = scaleMain.scaleConfig;
            }
        }
    }
    String dn = request.getParameter("dn").getValues().get(0);
    FilterBuilder baseFilter = (FilterBuilder) request.getAttribute("ops.search.filter");
    String filter = "(objectClass=*)";
    if (baseFilter != null) {
        filter = baseFilter.toString();
    }
    LDAPSearchResults res = GlobalEntries.getGlobalEntries().getConfigManager().getMyVD().search(dn, 0, filter, new ArrayList<String>());
    if (!res.hasMore()) {
        throw new Exception("Could not locate user '" + dn + "'");
    }
    LDAPEntry entry = res.next();
    AuthInfo userData = new AuthInfo();
    userData.setUserDN(entry.getDN());
    LDAPAttributeSet attrs = entry.getAttributeSet();
    for (Object obj : attrs) {
        LDAPAttribute attr = (LDAPAttribute) obj;
        Attribute attrib = new Attribute(attr.getName());
        String[] vals = attr.getStringValueArray();
        for (String val : vals) {
            attrib.getValues().add(val);
        }
        userData.getAttribs().put(attrib.getName(), attrib);
    }
    Set<String> allowedAttrs = null;
    if (scaleMainConfig.getUiDecisions() != null) {
        allowedAttrs = this.scaleMainConfig.getUiDecisions().availableAttributes(userData, request.getServletRequest());
    }
    OpsUserData userToSend = new OpsUserData();
    userToSend.setDn(userData.getUserDN());
    for (String attrName : this.scaleMainConfig.getUserAttributeList()) {
        if (allowedAttrs == null || allowedAttrs.contains(attrName)) {
            Attribute attr = new Attribute(attrName);
            Attribute fromUser = userData.getAttribs().get(attrName);
            if (fromUser != null) {
                attr.getValues().addAll(fromUser.getValues());
                if (attrName.equalsIgnoreCase(this.scaleMainConfig.getUidAttributeName())) {
                    userToSend.setUid(fromUser.getValues().get(0));
                }
            }
            userToSend.getAttributes().add(attr);
        }
    }
    if (this.scaleMainConfig.getRoleAttribute() != null && !this.scaleMainConfig.getRoleAttribute().isEmpty()) {
        Attribute fromUser = userData.getAttribs().get(this.scaleMainConfig.getRoleAttribute());
        Attribute attr = new Attribute(this.scaleMainConfig.getRoleAttribute());
        if (fromUser != null) {
            attr.getValues().addAll(fromUser.getValues());
            userToSend.getGroups().clear();
            userToSend.getGroups().addAll(fromUser.getValues());
        }
        userToSend.getAttributes().add(attr);
    }
    ArrayList<String> attrNames = new ArrayList<String>();
    attrNames.add("cn");
    attrNames.add(GlobalEntries.getGlobalEntries().getConfigManager().getCfg().getGroupMemberAttribute());
    res = GlobalEntries.getGlobalEntries().getConfigManager().getMyVD().search(GlobalEntries.getGlobalEntries().getConfigManager().getCfg().getLdapRoot(), 2, equal(GlobalEntries.getGlobalEntries().getConfigManager().getCfg().getGroupMemberAttribute(), dn).toString(), attrNames);
    net.sourceforge.myvd.types.Filter ldapFiltertoCheck = new net.sourceforge.myvd.types.Filter(equal(GlobalEntries.getGlobalEntries().getConfigManager().getCfg().getGroupMemberAttribute(), dn).toString());
    while (res.hasMore()) {
        entry = res.next();
        if (ldapFiltertoCheck.getRoot().checkEntry(entry)) {
            LDAPAttribute la = entry.getAttribute("cn");
            if (la != null) {
                String val = la.getStringValue();
                if (!userToSend.getGroups().contains(val)) {
                    userToSend.getGroups().add(val);
                }
            }
        }
    }
    if (scaleMainConfig.getUiDecisions() != null) {
        Set<String> smAllowedAttrs = this.scaleMainConfig.getUiDecisions().availableAttributes(userData, request.getServletRequest());
        ScaleConfig local = new ScaleConfig(this.scaleMainConfig);
        if (smAllowedAttrs != null) {
            for (String attrName : this.scaleMainConfig.getAttributes().keySet()) {
                if (!smAllowedAttrs.contains(attrName)) {
                    local.getAttributes().remove(attrName);
                }
            }
        }
        userToSend.setMetaData(local.getAttributes());
        userToSend.setCanEditUser(this.scaleMainConfig.getUiDecisions().canEditUser(userData, request.getServletRequest()));
    } else {
        userToSend.setMetaData(scaleMainConfig.getAttributes());
        userToSend.setCanEditUser(scaleMainConfig.isCanEditUser());
    }
    ScaleJSUtils.addCacheHeaders(response);
    response.setContentType("application/json");
    response.getWriter().println(gson.toJson(userToSend).trim());
}
Also used : LDAPAttribute(com.novell.ldap.LDAPAttribute) Attribute(com.tremolosecurity.saml.Attribute) ArrayList(java.util.ArrayList) UrlHolder(com.tremolosecurity.config.util.UrlHolder) LDAPEntry(com.novell.ldap.LDAPEntry) FilterBuilder(org.apache.directory.ldap.client.api.search.FilterBuilder) HttpFilter(com.tremolosecurity.proxy.filter.HttpFilter) LDAPAttribute(com.novell.ldap.LDAPAttribute) AuthInfo(com.tremolosecurity.proxy.auth.AuthInfo) Filter(net.sourceforge.myvd.types.Filter) OpsUserData(com.tremolosecurity.scalejs.operators.data.OpsUserData) LDAPAttributeSet(com.novell.ldap.LDAPAttributeSet) LDAPException(com.novell.ldap.LDAPException) IOException(java.io.IOException) LDAPSearchResults(com.novell.ldap.LDAPSearchResults) Filter(net.sourceforge.myvd.types.Filter) HttpFilter(com.tremolosecurity.proxy.filter.HttpFilter) ScaleMain(com.tremolosecurity.scalejs.ws.ScaleMain) ScaleConfig(com.tremolosecurity.scalejs.cfg.ScaleConfig)

Example 2 with ScaleMain

use of com.tremolosecurity.scalejs.ws.ScaleMain in project OpenUnison by TremoloSecurity.

the class ScaleJSOperator method doFilter.

@Override
public void doFilter(HttpFilterRequest request, HttpFilterResponse response, HttpFilterChain chain) throws Exception {
    Gson gson = new Gson();
    request.getServletRequest().setAttribute("com.tremolosecurity.unison.proxy.noRedirectOnError", "com.tremolosecurity.unison.proxy.noRedirectOnError");
    try {
        if (request.getRequestURI().endsWith("/ops/config")) {
            ScaleJSUtils.addCacheHeaders(response);
            response.setContentType("application/json");
            response.getWriter().println(gson.toJson(this.config).trim());
        } else if (request.getRequestURI().endsWith("/ops/search")) {
            runSearch(request, response, gson);
        } else if (request.getRequestURI().endsWith("/ops/user") && request.getMethod().equalsIgnoreCase("GET")) {
            lookupUser(request, response, gson);
        } else if (request.getRequestURI().endsWith("/ops/user") && request.getMethod().equalsIgnoreCase("POST")) {
            AuthInfo loggedIn = ((AuthController) request.getSession().getAttribute(ProxyConstants.AUTH_CTL)).getAuthInfo();
            String json = new String((byte[]) request.getAttribute(ProxySys.MSG_BODY));
            OpsUpdate updateInput = gson.fromJson(json, OpsUpdate.class);
            if (this.scaleMainConfig == null) {
                UrlHolder holder = GlobalEntries.getGlobalEntries().getConfigManager().findURL(this.scaleMainURL);
                for (HttpFilter filter : holder.getFilterChain()) {
                    if (filter instanceof ScaleMain) {
                        ScaleMain scaleMain = (ScaleMain) filter;
                        this.scaleMainConfig = scaleMain.scaleConfig;
                    }
                }
            }
            String dn = updateInput.getDn();
            LDAPSearchResults res = GlobalEntries.getGlobalEntries().getConfigManager().getMyVD().search(dn, 0, "(objectClass=*)", new ArrayList<String>());
            if (!res.hasMore()) {
                throw new Exception("Could not locate user '" + dn + "'");
            }
            LDAPEntry entry = res.next();
            AuthInfo userData = new AuthInfo();
            userData.setUserDN(entry.getDN());
            LDAPAttributeSet attrs = entry.getAttributeSet();
            for (Object obj : attrs) {
                LDAPAttribute attr = (LDAPAttribute) obj;
                Attribute attrib = new Attribute(attr.getName());
                String[] vals = attr.getStringValueArray();
                for (String val : vals) {
                    attrib.getValues().add(val);
                }
                userData.getAttribs().put(attrib.getName(), attrib);
            }
            ScaleError errors = new ScaleError();
            Set<String> allowedAttrs = null;
            if (this.scaleMainConfig.getUiDecisions() != null) {
                allowedAttrs = this.scaleMainConfig.getUiDecisions().availableAttributes(userData, request.getServletRequest());
            }
            HashMap<String, String> values = new HashMap<String, String>();
            boolean ok = true;
            for (Attribute attr : updateInput.getAttributes()) {
                String attributeName = attr.getName();
                if (allowedAttrs == null || allowedAttrs.contains(attributeName)) {
                    String value = attr.getValues().get(0);
                    if (this.scaleMainConfig.getAttributes().get(attributeName) == null) {
                        errors.getErrors().add("Invalid attribute : '" + attributeName + "'");
                        ok = false;
                    } else if (this.scaleMainConfig.getAttributes().get(attributeName).isReadOnly()) {
                        errors.getErrors().add("Attribute is read only : '" + this.scaleMainConfig.getAttributes().get(attributeName).getDisplayName() + "'");
                        ok = false;
                    } else if (this.scaleMainConfig.getAttributes().get(attributeName).isRequired() && value.length() == 0) {
                        errors.getErrors().add("Attribute is required : '" + this.scaleMainConfig.getAttributes().get(attributeName).getDisplayName() + "'");
                        ok = false;
                    } else if (this.scaleMainConfig.getAttributes().get(attributeName).getMinChars() > 0 && this.scaleMainConfig.getAttributes().get(attributeName).getMinChars() > value.length()) {
                        errors.getErrors().add(this.scaleMainConfig.getAttributes().get(attributeName).getDisplayName() + " must have at least " + this.scaleMainConfig.getAttributes().get(attributeName).getMinChars() + " characters");
                        ok = false;
                    } else if (this.scaleMainConfig.getAttributes().get(attributeName).getMaxChars() > 0 && this.scaleMainConfig.getAttributes().get(attributeName).getMaxChars() < value.length()) {
                        errors.getErrors().add(this.scaleMainConfig.getAttributes().get(attributeName).getDisplayName() + " must have at most " + this.scaleMainConfig.getAttributes().get(attributeName).getMaxChars() + " characters");
                        ok = false;
                    } else if (this.scaleMainConfig.getAttributes().get(attributeName).getPattern() != null) {
                        try {
                            Matcher m = this.scaleMainConfig.getAttributes().get(attributeName).getPattern().matcher(value);
                            if (m == null || !m.matches()) {
                                ok = false;
                            }
                        } catch (Exception e) {
                            ok = false;
                        }
                        if (!ok) {
                            errors.getErrors().add("Attribute value not valid : '" + this.scaleMainConfig.getAttributes().get(attributeName).getDisplayName() + "' - " + this.scaleMainConfig.getAttributes().get(attributeName).getRegExFailedMsg());
                        }
                    }
                    values.put(attributeName, value);
                }
            }
            for (String attrName : this.scaleMainConfig.getAttributes().keySet()) {
                if (this.scaleMainConfig.getAttributes().get(attrName).isRequired() && !values.containsKey(attrName) && (allowedAttrs == null || allowedAttrs.contains(attrName))) {
                    errors.getErrors().add("Attribute is required : '" + this.scaleMainConfig.getAttributes().get(attrName).getDisplayName() + "'");
                    ok = false;
                }
            }
            if (updateInput.getReason() == null || updateInput.getReason().trim().isEmpty()) {
                errors.getErrors().add("Reason For Updates Required");
                ok = false;
            }
            if (ok) {
                ConfigManager cfgMgr = GlobalEntries.getGlobalEntries().getConfigManager();
                WFCall wfCall = new WFCall();
                wfCall.setName(this.scaleMainConfig.getWorkflowName());
                wfCall.setReason(updateInput.getReason());
                wfCall.setUidAttributeName(this.scaleMainConfig.getUidAttributeName());
                wfCall.setRequestor(loggedIn.getAttribs().get(this.scaleMainConfig.getUidAttributeName()).getValues().get(0));
                TremoloUser tu = new TremoloUser();
                tu.setUid(userData.getAttribs().get(this.scaleMainConfig.getUidAttributeName()).getValues().get(0));
                for (String name : values.keySet()) {
                    tu.getAttributes().add(new Attribute(name, values.get(name)));
                }
                tu.getAttributes().add(new Attribute(this.scaleMainConfig.getUidAttributeName(), userData.getAttribs().get(this.scaleMainConfig.getUidAttributeName()).getValues().get(0)));
                wfCall.setUser(tu);
                try {
                    com.tremolosecurity.provisioning.workflow.ExecuteWorkflow exec = new com.tremolosecurity.provisioning.workflow.ExecuteWorkflow();
                    exec.execute(wfCall, GlobalEntries.getGlobalEntries().getConfigManager());
                } catch (Exception e) {
                    logger.error("Could not update user", e);
                    response.setStatus(500);
                    ScaleError error = new ScaleError();
                    error.getErrors().add("Please contact your system administrator");
                    ScaleJSUtils.addCacheHeaders(response);
                    response.getWriter().print(gson.toJson(error).trim());
                    response.getWriter().flush();
                }
            } else {
                response.setStatus(500);
                ScaleJSUtils.addCacheHeaders(response);
                response.getWriter().print(gson.toJson(errors).trim());
                response.getWriter().flush();
            }
        }
    } catch (Throwable t) {
        logger.error("Could not execute request", t);
        response.setStatus(500);
        ScaleError error = new ScaleError();
        error.getErrors().add("Operation not supported");
        ScaleJSUtils.addCacheHeaders(response);
        response.getWriter().print(gson.toJson(error).trim());
        response.getWriter().flush();
    }
}
Also used : LDAPAttributeSet(com.novell.ldap.LDAPAttributeSet) Set(java.util.Set) LDAPAttribute(com.novell.ldap.LDAPAttribute) Attribute(com.tremolosecurity.saml.Attribute) HashMap(java.util.HashMap) Matcher(java.util.regex.Matcher) OpsUpdate(com.tremolosecurity.scalejs.operators.data.OpsUpdate) ArrayList(java.util.ArrayList) Gson(com.google.gson.Gson) UrlHolder(com.tremolosecurity.config.util.UrlHolder) LDAPEntry(com.novell.ldap.LDAPEntry) TremoloUser(com.tremolosecurity.provisioning.service.util.TremoloUser) HttpFilter(com.tremolosecurity.proxy.filter.HttpFilter) LDAPAttribute(com.novell.ldap.LDAPAttribute) AuthInfo(com.tremolosecurity.proxy.auth.AuthInfo) WFCall(com.tremolosecurity.provisioning.service.util.WFCall) LDAPAttributeSet(com.novell.ldap.LDAPAttributeSet) ScaleError(com.tremolosecurity.scalejs.data.ScaleError) LDAPException(com.novell.ldap.LDAPException) IOException(java.io.IOException) ConfigManager(com.tremolosecurity.config.util.ConfigManager) LDAPSearchResults(com.novell.ldap.LDAPSearchResults) ScaleMain(com.tremolosecurity.scalejs.ws.ScaleMain)

Aggregations

LDAPAttribute (com.novell.ldap.LDAPAttribute)2 LDAPAttributeSet (com.novell.ldap.LDAPAttributeSet)2 LDAPEntry (com.novell.ldap.LDAPEntry)2 LDAPException (com.novell.ldap.LDAPException)2 LDAPSearchResults (com.novell.ldap.LDAPSearchResults)2 UrlHolder (com.tremolosecurity.config.util.UrlHolder)2 AuthInfo (com.tremolosecurity.proxy.auth.AuthInfo)2 HttpFilter (com.tremolosecurity.proxy.filter.HttpFilter)2 Attribute (com.tremolosecurity.saml.Attribute)2 ScaleMain (com.tremolosecurity.scalejs.ws.ScaleMain)2 IOException (java.io.IOException)2 ArrayList (java.util.ArrayList)2 Gson (com.google.gson.Gson)1 ConfigManager (com.tremolosecurity.config.util.ConfigManager)1 TremoloUser (com.tremolosecurity.provisioning.service.util.TremoloUser)1 WFCall (com.tremolosecurity.provisioning.service.util.WFCall)1 ScaleConfig (com.tremolosecurity.scalejs.cfg.ScaleConfig)1 ScaleError (com.tremolosecurity.scalejs.data.ScaleError)1 OpsUpdate (com.tremolosecurity.scalejs.operators.data.OpsUpdate)1 OpsUserData (com.tremolosecurity.scalejs.operators.data.OpsUserData)1