use of io.gravitee.am.model.ReferenceType.DOMAIN in project gravitee-access-management by gravitee-io.
the class UserServiceImpl method create.
@Override
public Single<User> create(Domain domain, NewUser newUser, io.gravitee.am.identityprovider.api.User principal) {
// user must have a password in no pre registration mode
if (newUser.getPassword() == null) {
if (!newUser.isPreRegistration()) {
return Single.error(new UserInvalidException("Field [password] is required"));
}
}
// set user idp source
if (newUser.getSource() == null) {
newUser.setSource(DEFAULT_IDP_PREFIX + domain.getId());
}
// check user
return userService.findByDomainAndUsernameAndSource(domain.getId(), newUser.getUsername(), newUser.getSource()).isEmpty().flatMap(isEmpty -> {
if (!isEmpty) {
return Single.error(new UserAlreadyExistsException(newUser.getUsername()));
} else {
// check user provider
return identityProviderManager.getUserProvider(newUser.getSource()).switchIfEmpty(Maybe.error(new UserProviderNotFoundException(newUser.getSource()))).flatMapSingle(userProvider -> {
// check client
return checkClientFunction().apply(domain.getId(), newUser.getClient()).map(Optional::of).defaultIfEmpty(Optional.empty()).flatMapSingle(optClient -> {
Application client = optClient.orElse(null);
newUser.setDomain(domain.getId());
newUser.setClient(client != null ? client.getId() : null);
// user is flagged as internal user
newUser.setInternal(true);
if (newUser.isPreRegistration()) {
newUser.setPassword(null);
newUser.setRegistrationCompleted(false);
newUser.setEnabled(false);
} else {
newUser.setRegistrationCompleted(true);
newUser.setEnabled(true);
newUser.setDomain(domain.getId());
}
final User transform = transform(newUser);
String password = newUser.getPassword();
if (password != null && isInvalidUserPassword(password, client, domain, transform)) {
return Single.error(InvalidPasswordException.of("Field [password] is invalid", "invalid_password_value"));
}
// - in case of error, trace the event otherwise continue the creation process
return userValidator.validate(transform).doOnError(throwable -> auditService.report(AuditBuilder.builder(UserAuditBuilder.class).principal(principal).type(EventType.USER_CREATED).throwable(throwable))).andThen(userProvider.create(convert(newUser))).map(idpUser -> {
// AM 'users' collection is not made for authentication (but only management stuff)
// clear password
newUser.setPassword(null);
// set external id
newUser.setExternalId(idpUser.getId());
return newUser;
}).onErrorResumeNext(ex -> {
if (ex instanceof UserAlreadyExistsException) {
return userProvider.findByUsername(newUser.getUsername()).flatMapSingle(idpUser -> userService.findByDomainAndUsernameAndSource(domain.getId(), idpUser.getUsername(), newUser.getSource()).isEmpty().map(empty -> {
if (!empty) {
throw new UserAlreadyExistsException(newUser.getUsername());
} else {
// AM 'users' collection is not made for authentication (but only management stuff)
// clear password
newUser.setPassword(null);
// set external id
newUser.setExternalId(idpUser.getId());
// set username
newUser.setUsername(idpUser.getUsername());
return newUser;
}
}));
} else {
return Single.error(ex);
}
}).flatMap(newUser1 -> {
return Single.fromCallable(() -> {
User user = transform(newUser1);
AccountSettings accountSettings = AccountSettings.getInstance(domain, client);
if (newUser.isPreRegistration() && accountSettings != null && accountSettings.isDynamicUserRegistration()) {
user.setRegistrationUserUri(domainService.buildUrl(domain, "/confirmRegistration"));
user.setRegistrationAccessToken(getUserRegistrationToken(user));
}
return user;
}).flatMap(user -> userService.create(user).doOnSuccess(user1 -> auditService.report(AuditBuilder.builder(UserAuditBuilder.class).principal(principal).type(EventType.USER_CREATED).user(user1))).doOnError(throwable -> auditService.report(AuditBuilder.builder(UserAuditBuilder.class).principal(principal).type(EventType.USER_CREATED).throwable(throwable))));
}).flatMap(user -> {
// end pre-registration user if required
AccountSettings accountSettings = AccountSettings.getInstance(domain, client);
if (newUser.isPreRegistration() && (accountSettings == null || !accountSettings.isDynamicUserRegistration())) {
return sendRegistrationConfirmation(user.getReferenceId(), user.getId(), principal).toSingleDefault(user);
} else {
return Single.just(user);
}
});
});
});
}
});
}
Aggregations