Example 1 with DOMAIN
use of io.gravitee.am.model.ReferenceType.DOMAIN in project gravitee-access-management by gravitee-io.
the class UserServiceImpl method create.
@Override
public Single<User> create(Domain domain, NewUser newUser, io.gravitee.am.identityprovider.api.User principal) {
// user must have a password in no pre registration mode
if (newUser.getPassword() == null) {
if (!newUser.isPreRegistration()) {
return Single.error(new UserInvalidException("Field [password] is required"));
}
}
// set user idp source
if (newUser.getSource() == null) {
newUser.setSource(DEFAULT_IDP_PREFIX + domain.getId());
}
// check user
return userService.findByDomainAndUsernameAndSource(domain.getId(), newUser.getUsername(), newUser.getSource()).isEmpty().flatMap(isEmpty -> {
if (!isEmpty) {
return Single.error(new UserAlreadyExistsException(newUser.getUsername()));
} else {
// check user provider
return identityProviderManager.getUserProvider(newUser.getSource()).switchIfEmpty(Maybe.error(new UserProviderNotFoundException(newUser.getSource()))).flatMapSingle(userProvider -> {
// check client
return checkClientFunction().apply(domain.getId(), newUser.getClient()).map(Optional::of).defaultIfEmpty(Optional.empty()).flatMapSingle(optClient -> {
Application client = optClient.orElse(null);
newUser.setDomain(domain.getId());
newUser.setClient(client != null ? client.getId() : null);
// user is flagged as internal user
newUser.setInternal(true);
if (newUser.isPreRegistration()) {
newUser.setPassword(null);
newUser.setRegistrationCompleted(false);
newUser.setEnabled(false);
} else {
newUser.setRegistrationCompleted(true);
newUser.setEnabled(true);
newUser.setDomain(domain.getId());
}
final User transform = transform(newUser);
String password = newUser.getPassword();
if (password != null && isInvalidUserPassword(password, client, domain, transform)) {
return Single.error(InvalidPasswordException.of("Field [password] is invalid", "invalid_password_value"));
}
// - in case of error, trace the event otherwise continue the creation process
return userValidator.validate(transform).doOnError(throwable -> auditService.report(AuditBuilder.builder(UserAuditBuilder.class).principal(principal).type(EventType.USER_CREATED).throwable(throwable))).andThen(userProvider.create(convert(newUser))).map(idpUser -> {
// AM 'users' collection is not made for authentication (but only management stuff)
// clear password
newUser.setPassword(null);
// set external id
newUser.setExternalId(idpUser.getId());
return newUser;
}).onErrorResumeNext(ex -> {
if (ex instanceof UserAlreadyExistsException) {
return userProvider.findByUsername(newUser.getUsername()).flatMapSingle(idpUser -> userService.findByDomainAndUsernameAndSource(domain.getId(), idpUser.getUsername(), newUser.getSource()).isEmpty().map(empty -> {
if (!empty) {
throw new UserAlreadyExistsException(newUser.getUsername());
} else {
// AM 'users' collection is not made for authentication (but only management stuff)
// clear password
newUser.setPassword(null);
// set external id
newUser.setExternalId(idpUser.getId());
// set username
newUser.setUsername(idpUser.getUsername());
return newUser;
}
}));
} else {
return Single.error(ex);
}
}).flatMap(newUser1 -> {
return Single.fromCallable(() -> {
User user = transform(newUser1);
AccountSettings accountSettings = AccountSettings.getInstance(domain, client);
if (newUser.isPreRegistration() && accountSettings != null && accountSettings.isDynamicUserRegistration()) {
user.setRegistrationUserUri(domainService.buildUrl(domain, "/confirmRegistration"));
user.setRegistrationAccessToken(getUserRegistrationToken(user));
}
return user;
}).flatMap(user -> userService.create(user).doOnSuccess(user1 -> auditService.report(AuditBuilder.builder(UserAuditBuilder.class).principal(principal).type(EventType.USER_CREATED).user(user1))).doOnError(throwable -> auditService.report(AuditBuilder.builder(UserAuditBuilder.class).principal(principal).type(EventType.USER_CREATED).throwable(throwable))));
}).flatMap(user -> {
// end pre-registration user if required
AccountSettings accountSettings = AccountSettings.getInstance(domain, client);
if (newUser.isPreRegistration() && (accountSettings == null || !accountSettings.isDynamicUserRegistration())) {
return sendRegistrationConfirmation(user.getReferenceId(), user.getId(), principal).toSingleDefault(user);
} else {
return Single.just(user);
}
});
});
});
}
});
}
Also used :
DOMAIN(io.gravitee.am.model.ReferenceType.DOMAIN)
ApplicationService(io.gravitee.am.service.ApplicationService)
UserService(io.gravitee.am.management.service.UserService)
java.util(java.util)
FilterCriteria(io.gravitee.am.repository.management.api.search.FilterCriteria)
Client(io.gravitee.am.model.oidc.Client)
Completable(io.reactivex.Completable)
BiFunction(java.util.function.BiFunction)
Maybe(io.reactivex.Maybe)
DomainService(io.gravitee.am.service.DomainService)
Autowired(org.springframework.beans.factory.annotation.Autowired)
Single(io.reactivex.Single)
DefaultUser(io.gravitee.am.identityprovider.api.DefaultUser)
io.gravitee.am.service.exception(io.gravitee.am.service.exception)
Value(org.springframework.beans.factory.annotation.Value)
EnrolledFactor(io.gravitee.am.model.factor.EnrolledFactor)
AuditBuilder(io.gravitee.am.service.reporter.builder.AuditBuilder)
Qualifier(org.springframework.beans.factory.annotation.Qualifier)
LoginAttemptService(io.gravitee.am.service.LoginAttemptService)
RoleService(io.gravitee.am.service.RoleService)
Page(io.gravitee.am.model.common.Page)
JWT(io.gravitee.am.common.jwt.JWT)
JWTBuilder(io.gravitee.am.jwt.JWTBuilder)
EventType(io.gravitee.am.common.audit.EventType)
NewUser(io.gravitee.am.service.model.NewUser)
Instant(java.time.Instant)
Collectors(java.util.stream.Collectors)
io.gravitee.am.model(io.gravitee.am.model)
EmailService(io.gravitee.am.management.service.EmailService)
LoginAttemptCriteria(io.gravitee.am.repository.management.api.search.LoginAttemptCriteria)
Component(org.springframework.stereotype.Component)
UpdateUser(io.gravitee.am.service.model.UpdateUser)
UserAuditBuilder(io.gravitee.am.service.reporter.builder.management.UserAuditBuilder)
Claims(io.gravitee.am.common.jwt.Claims)
AccountSettings(io.gravitee.am.model.account.AccountSettings)
AccountSettings(io.gravitee.am.model.account.AccountSettings)
DefaultUser(io.gravitee.am.identityprovider.api.DefaultUser)
NewUser(io.gravitee.am.service.model.NewUser)
UpdateUser(io.gravitee.am.service.model.UpdateUser)
UserAuditBuilder(io.gravitee.am.service.reporter.builder.management.UserAuditBuilder)
Aggregations
EventType (io.gravitee.am.common.audit.EventType)1
Claims (io.gravitee.am.common.jwt.Claims)1
JWT (io.gravitee.am.common.jwt.JWT)1
DefaultUser (io.gravitee.am.identityprovider.api.DefaultUser)1
JWTBuilder (io.gravitee.am.jwt.JWTBuilder)1
EmailService (io.gravitee.am.management.service.EmailService)1
UserService (io.gravitee.am.management.service.UserService)1
io.gravitee.am.model (io.gravitee.am.model)1
DOMAIN (io.gravitee.am.model.ReferenceType.DOMAIN)1
AccountSettings (io.gravitee.am.model.account.AccountSettings)1
Page (io.gravitee.am.model.common.Page)1
EnrolledFactor (io.gravitee.am.model.factor.EnrolledFactor)1
Client (io.gravitee.am.model.oidc.Client)1
FilterCriteria (io.gravitee.am.repository.management.api.search.FilterCriteria)1
LoginAttemptCriteria (io.gravitee.am.repository.management.api.search.LoginAttemptCriteria)1
ApplicationService (io.gravitee.am.service.ApplicationService)1
DomainService (io.gravitee.am.service.DomainService)1
LoginAttemptService (io.gravitee.am.service.LoginAttemptService)1
RoleService (io.gravitee.am.service.RoleService)1
io.gravitee.am.service.exception (io.gravitee.am.service.exception)1
