Search in sources :

Example 6 with BuiltinUser

use of edu.harvard.iq.dataverse.authorization.providers.builtin.BuiltinUser in project dataverse by IQSS.

the class Admin method builtin2shib.

/**
 * This is used in testing via AdminIT.java but we don't expect sysadmins to
 * use this.
 */
@Path("authenticatedUsers/convert/builtin2shib")
@PUT
public Response builtin2shib(String content) {
    logger.info("entering builtin2shib...");
    try {
        AuthenticatedUser userToRunThisMethod = findAuthenticatedUserOrDie();
        if (!userToRunThisMethod.isSuperuser()) {
            return error(Response.Status.FORBIDDEN, "Superusers only.");
        }
    } catch (WrappedResponse ex) {
        return error(Response.Status.FORBIDDEN, "Superusers only.");
    }
    boolean disabled = false;
    if (disabled) {
        return error(Response.Status.BAD_REQUEST, "API endpoint disabled.");
    }
    AuthenticatedUser builtInUserToConvert = null;
    String emailToFind;
    String password;
    // could let people specify id on authuser table. probably better to let them tell us their
    String authuserId = "0";
    String newEmailAddressToUse;
    try {
        String[] args = content.split(":");
        emailToFind = args[0];
        password = args[1];
        newEmailAddressToUse = args[2];
    // authuserId = args[666];
    } catch (ArrayIndexOutOfBoundsException ex) {
        return error(Response.Status.BAD_REQUEST, "Problem with content <<<" + content + ">>>: " + ex.toString());
    }
    AuthenticatedUser existingAuthUserFoundByEmail = shibService.findAuthUserByEmail(emailToFind);
    String existing = "NOT FOUND";
    if (existingAuthUserFoundByEmail != null) {
        builtInUserToConvert = existingAuthUserFoundByEmail;
        existing = existingAuthUserFoundByEmail.getIdentifier();
    } else {
        long longToLookup = Long.parseLong(authuserId);
        AuthenticatedUser specifiedUserToConvert = authSvc.findByID(longToLookup);
        if (specifiedUserToConvert != null) {
            builtInUserToConvert = specifiedUserToConvert;
        } else {
            return error(Response.Status.BAD_REQUEST, "No user to convert. We couldn't find a *single* existing user account based on " + emailToFind + " and no user was found using specified id " + longToLookup);
        }
    }
    String shibProviderId = ShibAuthenticationProvider.PROVIDER_ID;
    Map<String, String> randomUser = authTestDataService.getRandomUser();
    // String eppn = UUID.randomUUID().toString().substring(0, 8);
    String eppn = randomUser.get("eppn");
    String idPEntityId = randomUser.get("idp");
    String notUsed = null;
    String separator = "|";
    UserIdentifier newUserIdentifierInLookupTable = new UserIdentifier(idPEntityId + separator + eppn, notUsed);
    String overwriteFirstName = randomUser.get("firstName");
    String overwriteLastName = randomUser.get("lastName");
    String overwriteEmail = randomUser.get("email");
    overwriteEmail = newEmailAddressToUse;
    logger.info("overwriteEmail: " + overwriteEmail);
    boolean validEmail = EMailValidator.isEmailValid(overwriteEmail, null);
    if (!validEmail) {
        // See https://github.com/IQSS/dataverse/issues/2998
        return error(Response.Status.BAD_REQUEST, "invalid email: " + overwriteEmail);
    }
    /**
     * @todo If affiliation is not null, put it in RoleAssigneeDisplayInfo
     * constructor.
     */
    /**
     * Here we are exercising (via an API test) shibService.getAffiliation
     * with the TestShib IdP and a non-production DevShibAccountType.
     */
    idPEntityId = ShibUtil.testShibIdpEntityId;
    String overwriteAffiliation = shibService.getAffiliation(idPEntityId, ShibServiceBean.DevShibAccountType.RANDOM);
    logger.info("overwriteAffiliation: " + overwriteAffiliation);
    /**
     * @todo Find a place to put "position" in the authenticateduser table:
     * https://github.com/IQSS/dataverse/issues/1444#issuecomment-74134694
     */
    String overwritePosition = "staff;student";
    AuthenticatedUserDisplayInfo displayInfo = new AuthenticatedUserDisplayInfo(overwriteFirstName, overwriteLastName, overwriteEmail, overwriteAffiliation, overwritePosition);
    JsonObjectBuilder response = Json.createObjectBuilder();
    JsonArrayBuilder problems = Json.createArrayBuilder();
    if (password != null) {
        response.add("password supplied", password);
        boolean knowsExistingPassword = false;
        BuiltinUser oldBuiltInUser = builtinUserService.findByUserName(builtInUserToConvert.getUserIdentifier());
        if (oldBuiltInUser != null) {
            String usernameOfBuiltinAccountToConvert = oldBuiltInUser.getUserName();
            response.add("old username", usernameOfBuiltinAccountToConvert);
            AuthenticatedUser authenticatedUser = authSvc.canLogInAsBuiltinUser(usernameOfBuiltinAccountToConvert, password);
            if (authenticatedUser != null) {
                knowsExistingPassword = true;
                AuthenticatedUser convertedUser = authSvc.convertBuiltInToShib(builtInUserToConvert, shibProviderId, newUserIdentifierInLookupTable);
                if (convertedUser != null) {
                    /**
                     * @todo Display name is not being overwritten. Logic
                     * must be in Shib backing bean
                     */
                    AuthenticatedUser updatedInfoUser = authSvc.updateAuthenticatedUser(convertedUser, displayInfo);
                    if (updatedInfoUser != null) {
                        response.add("display name overwritten with", updatedInfoUser.getName());
                    } else {
                        problems.add("couldn't update display info");
                    }
                } else {
                    problems.add("unable to convert user");
                }
            }
        } else {
            problems.add("couldn't find old username");
        }
        if (!knowsExistingPassword) {
            String message = "User doesn't know password.";
            problems.add(message);
            /**
             * @todo Someday we should make a errorResponse method that
             * takes JSON arrays and objects.
             */
            return error(Status.BAD_REQUEST, problems.build().toString());
        }
    // response.add("knows existing password", knowsExistingPassword);
    }
    response.add("user to convert", builtInUserToConvert.getIdentifier());
    response.add("existing user found by email (prompt to convert)", existing);
    response.add("changing to this provider", shibProviderId);
    response.add("value to overwrite old first name", overwriteFirstName);
    response.add("value to overwrite old last name", overwriteLastName);
    response.add("value to overwrite old email address", overwriteEmail);
    if (overwriteAffiliation != null) {
        response.add("affiliation", overwriteAffiliation);
    }
    response.add("problems", problems);
    return ok(response);
}
Also used : AuthenticatedUserDisplayInfo(edu.harvard.iq.dataverse.authorization.AuthenticatedUserDisplayInfo) BuiltinUser(edu.harvard.iq.dataverse.authorization.providers.builtin.BuiltinUser) AuthenticatedUser(edu.harvard.iq.dataverse.authorization.users.AuthenticatedUser) JsonArrayBuilder(javax.json.JsonArrayBuilder) UserIdentifier(edu.harvard.iq.dataverse.authorization.UserIdentifier) JsonObjectBuilder(javax.json.JsonObjectBuilder) Path(javax.ws.rs.Path) PUT(javax.ws.rs.PUT)

Example 7 with BuiltinUser

use of edu.harvard.iq.dataverse.authorization.providers.builtin.BuiltinUser in project dataverse by IQSS.

the class Admin method builtin2oauth.

/**
 * This is used in testing via AdminIT.java but we don't expect sysadmins to
 * use this.
 */
@Path("authenticatedUsers/convert/builtin2oauth")
@PUT
public Response builtin2oauth(String content) {
    logger.info("entering builtin2oauth...");
    try {
        AuthenticatedUser userToRunThisMethod = findAuthenticatedUserOrDie();
        if (!userToRunThisMethod.isSuperuser()) {
            return error(Response.Status.FORBIDDEN, "Superusers only.");
        }
    } catch (WrappedResponse ex) {
        return error(Response.Status.FORBIDDEN, "Superusers only.");
    }
    boolean disabled = false;
    if (disabled) {
        return error(Response.Status.BAD_REQUEST, "API endpoint disabled.");
    }
    AuthenticatedUser builtInUserToConvert = null;
    String emailToFind;
    String password;
    // could let people specify id on authuser table. probably better to let them tell us their
    String authuserId = "0";
    String newEmailAddressToUse;
    String newProviderId;
    String newPersistentUserIdInLookupTable;
    logger.info("content: " + content);
    try {
        String[] args = content.split(":");
        emailToFind = args[0];
        password = args[1];
        newEmailAddressToUse = args[2];
        newProviderId = args[3];
        newPersistentUserIdInLookupTable = args[4];
    // authuserId = args[666];
    } catch (ArrayIndexOutOfBoundsException ex) {
        return error(Response.Status.BAD_REQUEST, "Problem with content <<<" + content + ">>>: " + ex.toString());
    }
    AuthenticatedUser existingAuthUserFoundByEmail = shibService.findAuthUserByEmail(emailToFind);
    String existing = "NOT FOUND";
    if (existingAuthUserFoundByEmail != null) {
        builtInUserToConvert = existingAuthUserFoundByEmail;
        existing = existingAuthUserFoundByEmail.getIdentifier();
    } else {
        long longToLookup = Long.parseLong(authuserId);
        AuthenticatedUser specifiedUserToConvert = authSvc.findByID(longToLookup);
        if (specifiedUserToConvert != null) {
            builtInUserToConvert = specifiedUserToConvert;
        } else {
            return error(Response.Status.BAD_REQUEST, "No user to convert. We couldn't find a *single* existing user account based on " + emailToFind + " and no user was found using specified id " + longToLookup);
        }
    }
    // String shibProviderId = ShibAuthenticationProvider.PROVIDER_ID;
    Map<String, String> randomUser = authTestDataService.getRandomUser();
    // String eppn = UUID.randomUUID().toString().substring(0, 8);
    String eppn = randomUser.get("eppn");
    String idPEntityId = randomUser.get("idp");
    String notUsed = null;
    String separator = "|";
    // UserIdentifier newUserIdentifierInLookupTable = new UserIdentifier(idPEntityId + separator + eppn, notUsed);
    UserIdentifier newUserIdentifierInLookupTable = new UserIdentifier(newPersistentUserIdInLookupTable, notUsed);
    String overwriteFirstName = randomUser.get("firstName");
    String overwriteLastName = randomUser.get("lastName");
    String overwriteEmail = randomUser.get("email");
    overwriteEmail = newEmailAddressToUse;
    logger.info("overwriteEmail: " + overwriteEmail);
    boolean validEmail = EMailValidator.isEmailValid(overwriteEmail, null);
    if (!validEmail) {
        // See https://github.com/IQSS/dataverse/issues/2998
        return error(Response.Status.BAD_REQUEST, "invalid email: " + overwriteEmail);
    }
    /**
     * @todo If affiliation is not null, put it in RoleAssigneeDisplayInfo
     * constructor.
     */
    /**
     * Here we are exercising (via an API test) shibService.getAffiliation
     * with the TestShib IdP and a non-production DevShibAccountType.
     */
    // idPEntityId = ShibUtil.testShibIdpEntityId;
    // String overwriteAffiliation = shibService.getAffiliation(idPEntityId, ShibServiceBean.DevShibAccountType.RANDOM);
    String overwriteAffiliation = null;
    logger.info("overwriteAffiliation: " + overwriteAffiliation);
    /**
     * @todo Find a place to put "position" in the authenticateduser table:
     * https://github.com/IQSS/dataverse/issues/1444#issuecomment-74134694
     */
    String overwritePosition = "staff;student";
    AuthenticatedUserDisplayInfo displayInfo = new AuthenticatedUserDisplayInfo(overwriteFirstName, overwriteLastName, overwriteEmail, overwriteAffiliation, overwritePosition);
    JsonObjectBuilder response = Json.createObjectBuilder();
    JsonArrayBuilder problems = Json.createArrayBuilder();
    if (password != null) {
        response.add("password supplied", password);
        boolean knowsExistingPassword = false;
        BuiltinUser oldBuiltInUser = builtinUserService.findByUserName(builtInUserToConvert.getUserIdentifier());
        if (oldBuiltInUser != null) {
            String usernameOfBuiltinAccountToConvert = oldBuiltInUser.getUserName();
            response.add("old username", usernameOfBuiltinAccountToConvert);
            AuthenticatedUser authenticatedUser = authSvc.canLogInAsBuiltinUser(usernameOfBuiltinAccountToConvert, password);
            if (authenticatedUser != null) {
                knowsExistingPassword = true;
                AuthenticatedUser convertedUser = authSvc.convertBuiltInUserToRemoteUser(builtInUserToConvert, newProviderId, newUserIdentifierInLookupTable);
                if (convertedUser != null) {
                    /**
                     * @todo Display name is not being overwritten. Logic
                     * must be in Shib backing bean
                     */
                    AuthenticatedUser updatedInfoUser = authSvc.updateAuthenticatedUser(convertedUser, displayInfo);
                    if (updatedInfoUser != null) {
                        response.add("display name overwritten with", updatedInfoUser.getName());
                    } else {
                        problems.add("couldn't update display info");
                    }
                } else {
                    problems.add("unable to convert user");
                }
            }
        } else {
            problems.add("couldn't find old username");
        }
        if (!knowsExistingPassword) {
            String message = "User doesn't know password.";
            problems.add(message);
            /**
             * @todo Someday we should make a errorResponse method that
             * takes JSON arrays and objects.
             */
            return error(Status.BAD_REQUEST, problems.build().toString());
        }
    // response.add("knows existing password", knowsExistingPassword);
    }
    response.add("user to convert", builtInUserToConvert.getIdentifier());
    response.add("existing user found by email (prompt to convert)", existing);
    response.add("changing to this provider", newProviderId);
    response.add("value to overwrite old first name", overwriteFirstName);
    response.add("value to overwrite old last name", overwriteLastName);
    response.add("value to overwrite old email address", overwriteEmail);
    if (overwriteAffiliation != null) {
        response.add("affiliation", overwriteAffiliation);
    }
    response.add("problems", problems);
    return ok(response);
}
Also used : AuthenticatedUserDisplayInfo(edu.harvard.iq.dataverse.authorization.AuthenticatedUserDisplayInfo) BuiltinUser(edu.harvard.iq.dataverse.authorization.providers.builtin.BuiltinUser) AuthenticatedUser(edu.harvard.iq.dataverse.authorization.users.AuthenticatedUser) JsonArrayBuilder(javax.json.JsonArrayBuilder) UserIdentifier(edu.harvard.iq.dataverse.authorization.UserIdentifier) JsonObjectBuilder(javax.json.JsonObjectBuilder) Path(javax.ws.rs.Path) PUT(javax.ws.rs.PUT)

Example 8 with BuiltinUser

use of edu.harvard.iq.dataverse.authorization.providers.builtin.BuiltinUser in project dataverse by IQSS.

the class Admin method convertShibUserToBuiltin.

/**
 * curl -X PUT -d "shib@mailinator.com"
 * http://localhost:8080/api/admin/authenticatedUsers/id/11/convertShibToBuiltIn
 *
 * @deprecated We have documented this API endpoint so we'll keep in around
 * for a while but we should encourage everyone to switch to the
 * "convertRemoteToBuiltIn" endpoint and then remove this Shib-specfic one.
 */
@PUT
@Path("authenticatedUsers/id/{id}/convertShibToBuiltIn")
@Deprecated
public Response convertShibUserToBuiltin(@PathParam("id") Long id, String newEmailAddress) {
    try {
        AuthenticatedUser user = findAuthenticatedUserOrDie();
        if (!user.isSuperuser()) {
            return error(Response.Status.FORBIDDEN, "Superusers only.");
        }
    } catch (WrappedResponse ex) {
        return error(Response.Status.FORBIDDEN, "Superusers only.");
    }
    try {
        BuiltinUser builtinUser = authSvc.convertRemoteToBuiltIn(id, newEmailAddress);
        if (builtinUser == null) {
            return error(Response.Status.BAD_REQUEST, "User id " + id + " could not be converted from Shibboleth to BuiltIn. An Exception was not thrown.");
        }
        JsonObjectBuilder output = Json.createObjectBuilder();
        output.add("email", builtinUser.getEmail());
        output.add("username", builtinUser.getUserName());
        return ok(output);
    } catch (Throwable ex) {
        StringBuilder sb = new StringBuilder();
        sb.append(ex + " ");
        while (ex.getCause() != null) {
            ex = ex.getCause();
            sb.append(ex + " ");
        }
        String msg = "User id " + id + " could not be converted from Shibboleth to BuiltIn. Details from Exception: " + sb;
        logger.info(msg);
        return error(Response.Status.BAD_REQUEST, msg);
    }
}
Also used : BuiltinUser(edu.harvard.iq.dataverse.authorization.providers.builtin.BuiltinUser) JsonObjectBuilder(javax.json.JsonObjectBuilder) AuthenticatedUser(edu.harvard.iq.dataverse.authorization.users.AuthenticatedUser) Path(javax.ws.rs.Path) PUT(javax.ws.rs.PUT)

Example 9 with BuiltinUser

use of edu.harvard.iq.dataverse.authorization.providers.builtin.BuiltinUser in project dataverse by IQSS.

the class BriefJsonPrinterTest method testJson_BuiltinUser.

/**
 * Test of json method, of class BriefJsonPrinter.
 */
@Test
public void testJson_BuiltinUser() {
    BuiltinUser laurenIpsum = new BuiltinUser();
    laurenIpsum.setFirstName("Lauren");
    laurenIpsum.setLastName("Ipsum");
    laurenIpsum.setAffiliation("IQSS");
    BriefJsonPrinter sut = new BriefJsonPrinter();
    JsonObject res = sut.json(laurenIpsum).build();
    assertEquals("Lauren", res.getString("firstName"));
    assertEquals("Ipsum", res.getString("lastName"));
    assertEquals("IQSS", res.getString("affiliation"));
    assertEquals(3, res.keySet().size());
}
Also used : BuiltinUser(edu.harvard.iq.dataverse.authorization.providers.builtin.BuiltinUser) JsonObject(javax.json.JsonObject) Test(org.junit.Test)

Example 10 with BuiltinUser

use of edu.harvard.iq.dataverse.authorization.providers.builtin.BuiltinUser in project dataverse by IQSS.

the class Shib method init.

public void init() {
    state = State.INIT;
    ExternalContext context = FacesContext.getCurrentInstance().getExternalContext();
    request = (HttpServletRequest) context.getRequest();
    ShibUtil.printAttributes(request);
    /**
     * @todo Investigate why JkEnvVar is null since it may be useful for
     * debugging per https://github.com/IQSS/dataverse/issues/2916 . See
     * also
     * http://stackoverflow.com/questions/30193117/iterate-through-all-servletrequest-attributes#comment49933342_30193117
     * and
     * http://shibboleth.1660669.n2.nabble.com/Why-doesn-t-Java-s-request-getAttributeNames-show-Shibboleth-attributes-tp7616427p7616591.html
     */
    logger.fine("JkEnvVar: " + System.getenv("JkEnvVar"));
    shibService.possiblyMutateRequestInDev(request);
    try {
        shibIdp = getRequiredValueFromAssertion(ShibUtil.shibIdpAttribute);
    } catch (Exception ex) {
        /**
         * @todo is in an antipattern to throw exceptions to control flow?
         * http://c2.com/cgi/wiki?DontUseExceptionsForFlowControl
         *
         * All this exception handling should be handled in the new
         * ShibServiceBean so it's consistently handled by the API as well.
         */
        return;
    }
    String shibUserIdentifier;
    try {
        shibUserIdentifier = getRequiredValueFromAssertion(ShibUtil.uniquePersistentIdentifier);
    } catch (Exception ex) {
        return;
    }
    String firstName;
    try {
        firstName = getRequiredValueFromAssertion(ShibUtil.firstNameAttribute);
    } catch (Exception ex) {
        return;
    }
    String lastName;
    try {
        lastName = getRequiredValueFromAssertion(ShibUtil.lastNameAttribute);
    } catch (Exception ex) {
        return;
    }
    ShibUserNameFields shibUserNameFields = ShibUtil.findBestFirstAndLastName(firstName, lastName, null);
    if (shibUserNameFields != null) {
        String betterFirstName = shibUserNameFields.getFirstName();
        if (betterFirstName != null) {
            firstName = betterFirstName;
        }
        String betterLastName = shibUserNameFields.getLastName();
        if (betterLastName != null) {
            lastName = betterLastName;
        }
    }
    String emailAddressInAssertion = null;
    try {
        emailAddressInAssertion = getRequiredValueFromAssertion(ShibUtil.emailAttribute);
    } catch (Exception ex) {
        if (shibIdp.equals(ShibUtil.testShibIdpEntityId)) {
            logger.info("For " + shibIdp + " (which as of this writing doesn't provide the " + ShibUtil.emailAttribute + " attribute) setting email address to value of eppn: " + shibUserIdentifier);
            emailAddressInAssertion = shibUserIdentifier;
        } else {
            // forcing all other IdPs to send us an an email
            return;
        }
    }
    if (!EMailValidator.isEmailValid(emailAddressInAssertion, null)) {
        String msg = "The SAML assertion contained an invalid email address: \"" + emailAddressInAssertion + "\".";
        logger.info(msg);
        String singleEmailAddress = ShibUtil.findSingleValue(emailAddressInAssertion);
        if (EMailValidator.isEmailValid(singleEmailAddress, null)) {
            msg = "Multiple email addresses were asserted by the Identity Provider (" + emailAddressInAssertion + " ). These were sorted and the first was chosen: " + singleEmailAddress;
            logger.info(msg);
            emailAddress = singleEmailAddress;
        } else {
            msg += " A single valid address could not be found.";
            FacesContext.getCurrentInstance().addMessage(null, new FacesMessage(FacesMessage.SEVERITY_ERROR, identityProviderProblem, msg));
            return;
        }
    } else {
        emailAddress = emailAddressInAssertion;
    }
    String usernameAssertion = getValueFromAssertion(ShibUtil.usernameAttribute);
    internalUserIdentifer = ShibUtil.generateFriendlyLookingUserIdentifer(usernameAssertion, emailAddress);
    logger.fine("friendly looking identifer (backend will enforce uniqueness):" + internalUserIdentifer);
    String affiliation = shibService.getAffiliation(shibIdp, shibService.getDevShibAccountType());
    if (affiliation != null) {
        affiliationToDisplayAtConfirmation = affiliation;
        friendlyNameForInstitution = affiliation;
    }
    // emailAddress = "willFailBeanValidation"; // for testing createAuthenticatedUser exceptions
    displayInfo = new AuthenticatedUserDisplayInfo(firstName, lastName, emailAddress, affiliation, null);
    userPersistentId = shibIdp + persistentUserIdSeparator + shibUserIdentifier;
    ShibAuthenticationProvider shibAuthProvider = new ShibAuthenticationProvider();
    AuthenticatedUser au = authSvc.lookupUser(shibAuthProvider.getId(), userPersistentId);
    if (au != null) {
        state = State.REGULAR_LOGIN_INTO_EXISTING_SHIB_ACCOUNT;
        logger.fine("Found user based on " + userPersistentId + ". Logging in.");
        logger.fine("Updating display info for " + au.getName());
        authSvc.updateAuthenticatedUser(au, displayInfo);
        logInUserAndSetShibAttributes(au);
        String prettyFacesHomePageString = getPrettyFacesHomePageString(false);
        try {
            FacesContext.getCurrentInstance().getExternalContext().redirect(prettyFacesHomePageString);
        } catch (IOException ex) {
            logger.info("Unable to redirect user to homepage at " + prettyFacesHomePageString);
        }
    } else {
        state = State.PROMPT_TO_CREATE_NEW_ACCOUNT;
        displayNameToPersist = displayInfo.getTitle();
        emailToPersist = emailAddress;
        /**
         * @todo for Harvard we plan to use the value(s) from
         * eduPersonScopedAffiliation which
         * http://iam.harvard.edu/resources/saml-shibboleth-attributes says
         * can be One or more of the following values: faculty, staff,
         * student, affiliate, and member.
         *
         * http://dataverse.nl plans to use
         * urn:mace:dir:attribute-def:eduPersonAffiliation per
         * http://irclog.iq.harvard.edu/dataverse/2015-02-13#i_16265 . Can
         * they configure shibd to map eduPersonAffiliation to
         * eduPersonScopedAffiliation?
         */
        // positionToPersist = "FIXME";
        logger.fine("Couldn't find authenticated user based on " + userPersistentId);
        visibleTermsOfUse = true;
        /**
         * Using the email address from the IdP, try to find an existing
         * user. For TestShib we convert the "eppn" to an email address.
         *
         * If found, prompt for password and offer to convert.
         *
         * If not found, create a new account. It must be a new user.
         */
        String emailAddressToLookUp = emailAddress;
        if (existingEmail != null) {
            emailAddressToLookUp = existingEmail;
        }
        AuthenticatedUser existingAuthUserFoundByEmail = shibService.findAuthUserByEmail(emailAddressToLookUp);
        BuiltinUser existingBuiltInUserFoundByEmail = null;
        if (existingAuthUserFoundByEmail != null) {
            existingDisplayName = existingAuthUserFoundByEmail.getName();
            existingBuiltInUserFoundByEmail = shibService.findBuiltInUserByAuthUserIdentifier(existingAuthUserFoundByEmail.getUserIdentifier());
            if (existingBuiltInUserFoundByEmail != null) {
                state = State.PROMPT_TO_CONVERT_EXISTING_ACCOUNT;
                existingDisplayName = existingBuiltInUserFoundByEmail.getDisplayName();
                debugSummary = "getting username from the builtin user we looked up via email";
                builtinUsername = existingBuiltInUserFoundByEmail.getUserName();
            } else {
                debugSummary = "Could not find a builtin account based on the username. Here we should simply create a new Shibboleth user";
            }
        } else {
            debugSummary = "Could not find an auth user based on email address";
        }
    }
    logger.fine("Debug summary: " + debugSummary + " (state: " + state + ").");
    logger.fine("redirectPage: " + redirectPage);
}
Also used : ShibUserNameFields(edu.harvard.iq.dataverse.authorization.providers.shib.ShibUserNameFields) AuthenticatedUserDisplayInfo(edu.harvard.iq.dataverse.authorization.AuthenticatedUserDisplayInfo) ShibAuthenticationProvider(edu.harvard.iq.dataverse.authorization.providers.shib.ShibAuthenticationProvider) BuiltinUser(edu.harvard.iq.dataverse.authorization.providers.builtin.BuiltinUser) ExternalContext(javax.faces.context.ExternalContext) IOException(java.io.IOException) FacesMessage(javax.faces.application.FacesMessage) AuthenticatedUser(edu.harvard.iq.dataverse.authorization.users.AuthenticatedUser) IOException(java.io.IOException) EJBException(javax.ejb.EJBException)

Aggregations

BuiltinUser (edu.harvard.iq.dataverse.authorization.providers.builtin.BuiltinUser)15 AuthenticatedUser (edu.harvard.iq.dataverse.authorization.users.AuthenticatedUser)10 Path (javax.ws.rs.Path)6 JsonObjectBuilder (javax.json.JsonObjectBuilder)4 PUT (javax.ws.rs.PUT)4 AuthenticatedUserDisplayInfo (edu.harvard.iq.dataverse.authorization.AuthenticatedUserDisplayInfo)3 EJBException (javax.ejb.EJBException)3 NoResultException (javax.persistence.NoResultException)3 NonUniqueResultException (javax.persistence.NonUniqueResultException)3 UserIdentifier (edu.harvard.iq.dataverse.authorization.UserIdentifier)2 AuthenticationFailedException (edu.harvard.iq.dataverse.authorization.exceptions.AuthenticationFailedException)2 PasswordResetData (edu.harvard.iq.dataverse.passwordreset.PasswordResetData)2 FacesMessage (javax.faces.application.FacesMessage)2 JsonArrayBuilder (javax.json.JsonArrayBuilder)2 JsonObject (javax.json.JsonObject)2 ActionLogRecord (edu.harvard.iq.dataverse.actionlogging.ActionLogRecord)1 AuthenticationProviderFactoryNotFoundException (edu.harvard.iq.dataverse.authorization.exceptions.AuthenticationProviderFactoryNotFoundException)1 AuthorizationSetupException (edu.harvard.iq.dataverse.authorization.exceptions.AuthorizationSetupException)1 ShibAuthenticationProvider (edu.harvard.iq.dataverse.authorization.providers.shib.ShibAuthenticationProvider)1 ShibUserNameFields (edu.harvard.iq.dataverse.authorization.providers.shib.ShibUserNameFields)1