use of com.zimbra.cs.account.GuestAccount in project zm-mailbox by Zimbra.
the class ExternalUserProvServlet method provisionVirtualAccountAndRedirect.
private static void provisionVirtualAccountAndRedirect(HttpServletRequest req, HttpServletResponse resp, String displayName, String password, String grantorId, String extUserEmail) throws ServletException {
Provisioning prov = Provisioning.getInstance();
try {
Account owner = prov.getAccountById(grantorId);
Domain domain = prov.getDomain(owner);
Account grantee = prov.getAccountByName(mapExtEmailToAcctName(extUserEmail, domain));
if (grantee != null) {
throw new ServletException("invalid request: account already exists");
}
// search all shares accessible to the external user
SearchAccountsOptions searchOpts = new SearchAccountsOptions(domain, new String[] { Provisioning.A_zimbraId, Provisioning.A_displayName, Provisioning.A_zimbraSharedItem });
// get all groups extUserEmail belongs to
GuestAccount guestAcct = new GuestAccount(extUserEmail, null);
List<String> groupIds = prov.getGroupMembership(guestAcct, false).groupIds();
List<String> grantees = Lists.newArrayList(extUserEmail);
grantees.addAll(groupIds);
searchOpts.setFilter(ZLdapFilterFactory.getInstance().accountsByGrants(grantees, false, false));
List<NamedEntry> accounts = prov.searchDirectory(searchOpts);
if (accounts.isEmpty()) {
throw new ServletException("no shares discovered");
}
// create external account
Map<String, Object> attrs = new HashMap<String, Object>();
attrs.put(Provisioning.A_zimbraIsExternalVirtualAccount, ProvisioningConstants.TRUE);
attrs.put(Provisioning.A_zimbraExternalUserMailAddress, extUserEmail);
attrs.put(Provisioning.A_zimbraMailHost, prov.getLocalServer().getServiceHostname());
if (!StringUtil.isNullOrEmpty(displayName)) {
attrs.put(Provisioning.A_displayName, displayName);
}
attrs.put(Provisioning.A_zimbraHideInGal, ProvisioningConstants.TRUE);
attrs.put(Provisioning.A_zimbraMailStatus, Provisioning.MailStatus.disabled.toString());
if (!StringUtil.isNullOrEmpty(password)) {
attrs.put(Provisioning.A_zimbraVirtualAccountInitialPasswordSet, ProvisioningConstants.TRUE);
}
grantee = prov.createAccount(mapExtEmailToAcctName(extUserEmail, domain), password, attrs);
// create external account mailbox
Mailbox granteeMbox;
try {
granteeMbox = MailboxManager.getInstance().getMailboxByAccount(grantee);
} catch (ServiceException e) {
// mailbox creation failed; delete the account also so that it is a clean state before
// the next attempt
prov.deleteAccount(grantee.getId());
throw e;
}
// create mountpoints
Set<MailItem.Type> viewTypes = new HashSet<MailItem.Type>();
for (NamedEntry ne : accounts) {
Account account = (Account) ne;
String[] sharedItems = account.getSharedItem();
for (String sharedItem : sharedItems) {
ShareInfoData shareData = AclPushSerializer.deserialize(sharedItem);
if (!granteeMatchesShare(shareData, grantee)) {
continue;
}
String sharedFolderPath = shareData.getPath();
String mountpointName = getMountpointName(account, grantee, sharedFolderPath);
MailItem.Type viewType = shareData.getFolderDefaultViewCode();
Mountpoint mtpt = granteeMbox.createMountpoint(null, getMptParentFolderId(viewType, prov), mountpointName, account.getId(), shareData.getItemId(), shareData.getItemUuid(), viewType, 0, MailItem.DEFAULT_COLOR, false);
if (viewType == MailItem.Type.APPOINTMENT) {
// make sure that the mountpoint is checked in the UI by default
granteeMbox.alterTag(null, mtpt.getId(), mtpt.getType(), Flag.FlagInfo.CHECKED, true, null);
}
viewTypes.add(viewType);
}
}
enableAppFeatures(grantee, viewTypes);
setCookieAndRedirect(req, resp, grantee);
} catch (Exception e) {
throw new ServletException(e);
}
}
use of com.zimbra.cs.account.GuestAccount in project zm-mailbox by Zimbra.
the class UserServletUtil method getAccount.
// public synchronized static void addFormatter(Formatter f) {
// mFormatters.put(f.getType(), f);
// for (String mimeType : f.getDefaultMimeTypes())
// mDefaultFormatters.put(mimeType, f);
// }
//
// public Formatter getFormatter(String type) {
// return mFormatters.get(type);
// }
public static void getAccount(UserServletContext context) throws IOException, ServletException, UserServletException {
try {
boolean isAdminRequest = AuthUtil.isAdminRequest(context.req);
// check cookie or access key
if (context.cookieAuthAllowed() || AuthProvider.allowAccessKeyAuth(context.req, context.getServlet())) {
try {
AuthToken at = AuthProvider.getAuthToken(context.req, isAdminRequest);
if (at != null) {
if (at.isZimbraUser()) {
if (!at.isRegistered()) {
throw new UserServletException(HttpServletResponse.SC_UNAUTHORIZED, L10nUtil.getMessage(MsgKey.errMustAuthenticate, context.req));
}
try {
context.setAuthAccount(AuthProvider.validateAuthToken(Provisioning.getInstance(), at, false));
} catch (ServiceException e) {
throw new UserServletException(HttpServletResponse.SC_UNAUTHORIZED, L10nUtil.getMessage(MsgKey.errMustAuthenticate, context.req));
}
context.cookieAuthHappened = true;
context.authToken = at;
return;
} else {
if (at.isExpired()) {
throw new UserServletException(HttpServletResponse.SC_UNAUTHORIZED, L10nUtil.getMessage(MsgKey.errMustAuthenticate, context.req));
}
context.setAuthAccount(new GuestAccount(at));
// pretend that we basic authed
context.basicAuthHappened = true;
context.authToken = at;
return;
}
}
} catch (AuthTokenException e) {
// bug 35917: malformed auth token means auth failure
throw new UserServletException(HttpServletResponse.SC_UNAUTHORIZED, L10nUtil.getMessage(MsgKey.errMustAuthenticate, context.req));
}
}
// check query string
if (context.queryParamAuthAllowed()) {
String auth = context.params.get(ZimbraServlet.QP_ZAUTHTOKEN);
if (auth == null)
// not sure who uses this parameter; zauthtoken is preferred
auth = context.params.get(UserServlet.QP_AUTHTOKEN);
if (auth != null) {
try {
// Only supported by ZimbraAuthProvider
AuthToken at = AuthProvider.getAuthToken(auth);
try {
context.setAuthAccount(AuthProvider.validateAuthToken(Provisioning.getInstance(), at, false));
context.qpAuthHappened = true;
context.authToken = at;
return;
} catch (ServiceException e) {
throw new UserServletException(HttpServletResponse.SC_UNAUTHORIZED, L10nUtil.getMessage(MsgKey.errMustAuthenticate, context.req));
}
} catch (AuthTokenException e) {
// bug 35917: malformed auth token means auth failure
throw new UserServletException(HttpServletResponse.SC_UNAUTHORIZED, L10nUtil.getMessage(MsgKey.errMustAuthenticate, context.req));
}
}
}
// fallback to basic auth
if (context.basicAuthAllowed()) {
context.setAuthAccount(AuthUtil.basicAuthRequest(context.req, context.resp, context.servlet, false));
if (context.getAuthAccount() != null) {
context.basicAuthHappened = true;
context.authToken = AuthProvider.getAuthToken(context.getAuthAccount(), isAdminRequest);
// send cookie back if need be.
if (context.setCookie()) {
boolean secureCookie = context.req.getScheme().equals("https");
context.authToken.encode(context.resp, isAdminRequest, secureCookie);
}
}
// always return
return;
}
// there is no credential at this point. assume anonymous public access and continue.
} catch (ServiceException e) {
throw new ServletException(e);
}
}
Aggregations