Search in sources :

Example 11 with GuestAccount

use of com.zimbra.cs.account.GuestAccount in project zm-mailbox by Zimbra.

the class ExternalUserProvServlet method provisionVirtualAccountAndRedirect.

private static void provisionVirtualAccountAndRedirect(HttpServletRequest req, HttpServletResponse resp, String displayName, String password, String grantorId, String extUserEmail) throws ServletException {
    Provisioning prov = Provisioning.getInstance();
    try {
        Account owner = prov.getAccountById(grantorId);
        Domain domain = prov.getDomain(owner);
        Account grantee = prov.getAccountByName(mapExtEmailToAcctName(extUserEmail, domain));
        if (grantee != null) {
            throw new ServletException("invalid request: account already exists");
        }
        // search all shares accessible to the external user
        SearchAccountsOptions searchOpts = new SearchAccountsOptions(domain, new String[] { Provisioning.A_zimbraId, Provisioning.A_displayName, Provisioning.A_zimbraSharedItem });
        // get all groups extUserEmail belongs to
        GuestAccount guestAcct = new GuestAccount(extUserEmail, null);
        List<String> groupIds = prov.getGroupMembership(guestAcct, false).groupIds();
        List<String> grantees = Lists.newArrayList(extUserEmail);
        grantees.addAll(groupIds);
        searchOpts.setFilter(ZLdapFilterFactory.getInstance().accountsByGrants(grantees, false, false));
        List<NamedEntry> accounts = prov.searchDirectory(searchOpts);
        if (accounts.isEmpty()) {
            throw new ServletException("no shares discovered");
        }
        // create external account
        Map<String, Object> attrs = new HashMap<String, Object>();
        attrs.put(Provisioning.A_zimbraIsExternalVirtualAccount, ProvisioningConstants.TRUE);
        attrs.put(Provisioning.A_zimbraExternalUserMailAddress, extUserEmail);
        attrs.put(Provisioning.A_zimbraMailHost, prov.getLocalServer().getServiceHostname());
        if (!StringUtil.isNullOrEmpty(displayName)) {
            attrs.put(Provisioning.A_displayName, displayName);
        }
        attrs.put(Provisioning.A_zimbraHideInGal, ProvisioningConstants.TRUE);
        attrs.put(Provisioning.A_zimbraMailStatus, Provisioning.MailStatus.disabled.toString());
        if (!StringUtil.isNullOrEmpty(password)) {
            attrs.put(Provisioning.A_zimbraVirtualAccountInitialPasswordSet, ProvisioningConstants.TRUE);
        }
        grantee = prov.createAccount(mapExtEmailToAcctName(extUserEmail, domain), password, attrs);
        // create external account mailbox
        Mailbox granteeMbox;
        try {
            granteeMbox = MailboxManager.getInstance().getMailboxByAccount(grantee);
        } catch (ServiceException e) {
            // mailbox creation failed; delete the account also so that it is a clean state before
            // the next attempt
            prov.deleteAccount(grantee.getId());
            throw e;
        }
        // create mountpoints
        Set<MailItem.Type> viewTypes = new HashSet<MailItem.Type>();
        for (NamedEntry ne : accounts) {
            Account account = (Account) ne;
            String[] sharedItems = account.getSharedItem();
            for (String sharedItem : sharedItems) {
                ShareInfoData shareData = AclPushSerializer.deserialize(sharedItem);
                if (!granteeMatchesShare(shareData, grantee)) {
                    continue;
                }
                String sharedFolderPath = shareData.getPath();
                String mountpointName = getMountpointName(account, grantee, sharedFolderPath);
                MailItem.Type viewType = shareData.getFolderDefaultViewCode();
                Mountpoint mtpt = granteeMbox.createMountpoint(null, getMptParentFolderId(viewType, prov), mountpointName, account.getId(), shareData.getItemId(), shareData.getItemUuid(), viewType, 0, MailItem.DEFAULT_COLOR, false);
                if (viewType == MailItem.Type.APPOINTMENT) {
                    // make sure that the mountpoint is checked in the UI by default
                    granteeMbox.alterTag(null, mtpt.getId(), mtpt.getType(), Flag.FlagInfo.CHECKED, true, null);
                }
                viewTypes.add(viewType);
            }
        }
        enableAppFeatures(grantee, viewTypes);
        setCookieAndRedirect(req, resp, grantee);
    } catch (Exception e) {
        throw new ServletException(e);
    }
}
Also used : GuestAccount(com.zimbra.cs.account.GuestAccount) Account(com.zimbra.cs.account.Account) SearchAccountsOptions(com.zimbra.cs.account.SearchAccountsOptions) GuestAccount(com.zimbra.cs.account.GuestAccount) HashMap(java.util.HashMap) ShareInfoData(com.zimbra.cs.account.ShareInfoData) Provisioning(com.zimbra.cs.account.Provisioning) ServletException(javax.servlet.ServletException) ServiceException(com.zimbra.common.service.ServiceException) IOException(java.io.IOException) AuthTokenException(com.zimbra.cs.account.AuthTokenException) ServletException(javax.servlet.ServletException) NamedEntry(com.zimbra.cs.account.NamedEntry) MailItem(com.zimbra.cs.mailbox.MailItem) Mailbox(com.zimbra.cs.mailbox.Mailbox) ZMailbox(com.zimbra.client.ZMailbox) ServiceException(com.zimbra.common.service.ServiceException) Domain(com.zimbra.cs.account.Domain) ZMountpoint(com.zimbra.client.ZMountpoint) Mountpoint(com.zimbra.cs.mailbox.Mountpoint) HashSet(java.util.HashSet)

Example 12 with GuestAccount

use of com.zimbra.cs.account.GuestAccount in project zm-mailbox by Zimbra.

the class UserServletUtil method getAccount.

//    public synchronized static void addFormatter(Formatter f) {
//        mFormatters.put(f.getType(), f);
//        for (String mimeType : f.getDefaultMimeTypes())
//            mDefaultFormatters.put(mimeType, f);
//    }
//
//    public Formatter getFormatter(String type) {
//        return mFormatters.get(type);
//    }
public static void getAccount(UserServletContext context) throws IOException, ServletException, UserServletException {
    try {
        boolean isAdminRequest = AuthUtil.isAdminRequest(context.req);
        // check cookie or access key
        if (context.cookieAuthAllowed() || AuthProvider.allowAccessKeyAuth(context.req, context.getServlet())) {
            try {
                AuthToken at = AuthProvider.getAuthToken(context.req, isAdminRequest);
                if (at != null) {
                    if (at.isZimbraUser()) {
                        if (!at.isRegistered()) {
                            throw new UserServletException(HttpServletResponse.SC_UNAUTHORIZED, L10nUtil.getMessage(MsgKey.errMustAuthenticate, context.req));
                        }
                        try {
                            context.setAuthAccount(AuthProvider.validateAuthToken(Provisioning.getInstance(), at, false));
                        } catch (ServiceException e) {
                            throw new UserServletException(HttpServletResponse.SC_UNAUTHORIZED, L10nUtil.getMessage(MsgKey.errMustAuthenticate, context.req));
                        }
                        context.cookieAuthHappened = true;
                        context.authToken = at;
                        return;
                    } else {
                        if (at.isExpired()) {
                            throw new UserServletException(HttpServletResponse.SC_UNAUTHORIZED, L10nUtil.getMessage(MsgKey.errMustAuthenticate, context.req));
                        }
                        context.setAuthAccount(new GuestAccount(at));
                        // pretend that we basic authed
                        context.basicAuthHappened = true;
                        context.authToken = at;
                        return;
                    }
                }
            } catch (AuthTokenException e) {
                // bug 35917: malformed auth token means auth failure
                throw new UserServletException(HttpServletResponse.SC_UNAUTHORIZED, L10nUtil.getMessage(MsgKey.errMustAuthenticate, context.req));
            }
        }
        // check query string
        if (context.queryParamAuthAllowed()) {
            String auth = context.params.get(ZimbraServlet.QP_ZAUTHTOKEN);
            if (auth == null)
                // not sure who uses this parameter; zauthtoken is preferred
                auth = context.params.get(UserServlet.QP_AUTHTOKEN);
            if (auth != null) {
                try {
                    // Only supported by ZimbraAuthProvider
                    AuthToken at = AuthProvider.getAuthToken(auth);
                    try {
                        context.setAuthAccount(AuthProvider.validateAuthToken(Provisioning.getInstance(), at, false));
                        context.qpAuthHappened = true;
                        context.authToken = at;
                        return;
                    } catch (ServiceException e) {
                        throw new UserServletException(HttpServletResponse.SC_UNAUTHORIZED, L10nUtil.getMessage(MsgKey.errMustAuthenticate, context.req));
                    }
                } catch (AuthTokenException e) {
                    // bug 35917: malformed auth token means auth failure
                    throw new UserServletException(HttpServletResponse.SC_UNAUTHORIZED, L10nUtil.getMessage(MsgKey.errMustAuthenticate, context.req));
                }
            }
        }
        // fallback to basic auth
        if (context.basicAuthAllowed()) {
            context.setAuthAccount(AuthUtil.basicAuthRequest(context.req, context.resp, context.servlet, false));
            if (context.getAuthAccount() != null) {
                context.basicAuthHappened = true;
                context.authToken = AuthProvider.getAuthToken(context.getAuthAccount(), isAdminRequest);
                // send cookie back if need be.
                if (context.setCookie()) {
                    boolean secureCookie = context.req.getScheme().equals("https");
                    context.authToken.encode(context.resp, isAdminRequest, secureCookie);
                }
            }
            // always return
            return;
        }
    // there is no credential at this point.  assume anonymous public access and continue.
    } catch (ServiceException e) {
        throw new ServletException(e);
    }
}
Also used : ServletException(javax.servlet.ServletException) UserServletException(com.zimbra.cs.service.UserServletException) GuestAccount(com.zimbra.cs.account.GuestAccount) ServiceException(com.zimbra.common.service.ServiceException) MailServiceException(com.zimbra.cs.mailbox.MailServiceException) UserServletException(com.zimbra.cs.service.UserServletException) AuthTokenException(com.zimbra.cs.account.AuthTokenException) AuthToken(com.zimbra.cs.account.AuthToken)

Aggregations

GuestAccount (com.zimbra.cs.account.GuestAccount)12 Account (com.zimbra.cs.account.Account)9 ServiceException (com.zimbra.common.service.ServiceException)5 Provisioning (com.zimbra.cs.account.Provisioning)4 ViaGrant (com.zimbra.cs.account.AccessManager.ViaGrant)3 AuthToken (com.zimbra.cs.account.AuthToken)3 AuthTokenException (com.zimbra.cs.account.AuthTokenException)3 UserServletException (com.zimbra.cs.service.UserServletException)3 ServletException (javax.servlet.ServletException)3 AccessManager (com.zimbra.cs.account.AccessManager)2 Domain (com.zimbra.cs.account.Domain)2 NamedEntry (com.zimbra.cs.account.NamedEntry)2 ShareInfoData (com.zimbra.cs.account.ShareInfoData)2 MailItem (com.zimbra.cs.mailbox.MailItem)2 Mountpoint (com.zimbra.cs.mailbox.Mountpoint)2 IOException (java.io.IOException)2 HashMap (java.util.HashMap)2 ZMailbox (com.zimbra.client.ZMailbox)1 ZMountpoint (com.zimbra.client.ZMountpoint)1 Element (com.zimbra.common.soap.Element)1