Examples with RemoteUser - org.orcid.pojo.RemoteUser

Example 1 with RemoteUser

use of org.orcid.pojo.RemoteUser in project ORCID-Source by ORCID.

the class ShibbolethController method post2FAVerificationCode.

@RequestMapping(value = { "/2FA/submitCode.json" }, method = RequestMethod.POST)
@ResponseBody
public TwoFactorAuthenticationCodes post2FAVerificationCode(@RequestBody TwoFactorAuthenticationCodes codes, HttpServletRequest request, HttpServletResponse response, @RequestHeader Map<String, String> headers) {
    checkEnabled();
    String shibIdentityProvider = headers.get(InstitutionalSignInManager.SHIB_IDENTITY_PROVIDER_HEADER);
    RemoteUser remoteUser = institutionalSignInManager.retrieveRemoteUser(headers);
    if (remoteUser == null) {
        LOGGER.info("Failed federated log in for {}", shibIdentityProvider);
        identityProviderManager.incrementFailedCount(shibIdentityProvider);
        codes.setRedirectUrl(orcidUrlManager.getBaseUrl() + "/shibboleth/signin");
        return codes;
    }
    UserconnectionEntity userConnectionEntity = userConnectionManager.findByProviderIdAndProviderUserIdAndIdType(remoteUser.getUserId(), shibIdentityProvider, remoteUser.getIdType());
    if (userConnectionEntity != null) {
        LOGGER.info("Found existing user connection: {}", userConnectionEntity);
        HeaderCheckResult checkHeadersResult = institutionalSignInManager.checkHeaders(parseOriginalHeaders(userConnectionEntity.getHeadersJson()), headers);
        if (!checkHeadersResult.isSuccess()) {
            codes.setRedirectUrl(orcidUrlManager.getBaseUrl() + "/shibboleth/signin");
            return codes;
        }
        validate2FACodes(userConnectionEntity.getOrcid(), codes);
        if (!codes.getErrors().isEmpty()) {
            return codes;
        }
        try {
            notifyUser(shibIdentityProvider, userConnectionEntity);
            processAuthentication(remoteUser, userConnectionEntity);
        } catch (AuthenticationException e) {
            // this should never happen
            SecurityContextHolder.getContext().setAuthentication(null);
            LOGGER.warn("User {0} should have been logged-in via Shibboleth, but was unable to due to a problem", remoteUser, e);
        }
        codes.setRedirectUrl(calculateRedirectUrl(request, response));
        return codes;
    } else {
        codes.setRedirectUrl(orcidUrlManager.getBaseUrl() + "/shibboleth/signin");
        return codes;
    }
}

Also used : HeaderCheckResult(org.orcid.pojo.HeaderCheckResult) RemoteUser(org.orcid.pojo.RemoteUser) AuthenticationException(org.springframework.security.core.AuthenticationException) UserconnectionEntity(org.orcid.persistence.jpa.entities.UserconnectionEntity) RequestMapping(org.springframework.web.bind.annotation.RequestMapping) ResponseBody(org.springframework.web.bind.annotation.ResponseBody)

Example 2 with RemoteUser

use of org.orcid.pojo.RemoteUser in project ORCID-Source by ORCID.

the class ShibbolethAjaxAuthenticationSuccessHandler method linkShibbolethAccount.

public void linkShibbolethAccount(HttpServletRequest request, HttpServletResponse response) throws UnsupportedEncodingException {
    Map<String, String> headers = new HashMap<String, String>();
    Enumeration<String> headerNames = request.getHeaderNames();
    while (headerNames.hasMoreElements()) {
        String key = (String) headerNames.nextElement();
        String value = request.getHeader(key);
        headers.put(key, value);
    }
    LOGGER.info("Headers for shibboleth link: {}", headers);
    checkEnabled();
    RemoteUser remoteUser = institutionalSignInManager.retrieveRemoteUser(headers);
    String providerId = headers.get(SHIB_IDENTITY_PROVIDER_HEADER);
    String remoteUserId = remoteUser.getUserId();
    String idType = remoteUser.getIdType();
    String displayName = institutionalSignInManager.retrieveDisplayName(headers);
    String userOrcid = getRealUserOrcid();
    institutionalSignInManager.createUserConnectionAndNotify(idType, remoteUserId, displayName, providerId, userOrcid, headers);
}

Also used : RemoteUser(org.orcid.pojo.RemoteUser) HashMap(java.util.HashMap)

Example 3 with RemoteUser

use of org.orcid.pojo.RemoteUser in project ORCID-Source by ORCID.

the class InstitutionalSignInManagerImpl method retrieveDisplayName.

@Override
public String retrieveDisplayName(Map<String, String> headers) {
    String eppn = extractFirst(headers.get(InstitutionalSignInManager.EPPN_HEADER));
    if (StringUtils.isNotBlank(eppn)) {
        return eppn;
    }
    String displayName = extractFirst(headers.get(InstitutionalSignInManager.DISPLAY_NAME_HEADER));
    if (StringUtils.isNotBlank(displayName)) {
        return displayName;
    }
    String givenName = extractFirst(headers.get(InstitutionalSignInManager.GIVEN_NAME_HEADER));
    String sn = extractFirst(headers.get(InstitutionalSignInManager.SN_HEADER));
    String combinedNames = StringUtils.join(new String[] { givenName, sn }, ' ');
    if (StringUtils.isNotBlank(combinedNames)) {
        return combinedNames;
    }
    RemoteUser remoteUser = retrieveRemoteUser(headers);
    if (remoteUser != null) {
        String remoteUserId = remoteUser.getUserId();
        if (StringUtils.isNotBlank(remoteUserId)) {
            int indexOfBang = remoteUserId.lastIndexOf("!");
            if (indexOfBang != -1) {
                return remoteUserId.substring(indexOfBang);
            } else {
                return remoteUserId;
            }
        }
    }
    return null;
}

Also used : RemoteUser(org.orcid.pojo.RemoteUser)

Example 4 with RemoteUser

use of org.orcid.pojo.RemoteUser in project ORCID-Source by ORCID.

the class ShibbolethController method signinHandler.

@RequestMapping(value = { "/signin" }, method = RequestMethod.GET)
public ModelAndView signinHandler(HttpServletRequest request, HttpServletResponse response, @RequestHeader Map<String, String> headers, ModelAndView mav) {
    LOGGER.info("Headers for shibboleth sign in: {}", headers);
    checkEnabled();
    mav.setViewName("social_link_signin");
    String shibIdentityProvider = headers.get(InstitutionalSignInManager.SHIB_IDENTITY_PROVIDER_HEADER);
    mav.addObject("providerId", shibIdentityProvider);
    String displayName = institutionalSignInManager.retrieveDisplayName(headers);
    mav.addObject("accountId", displayName);
    RemoteUser remoteUser = institutionalSignInManager.retrieveRemoteUser(headers);
    if (remoteUser == null) {
        LOGGER.info("Failed federated log in for {}", shibIdentityProvider);
        identityProviderManager.incrementFailedCount(shibIdentityProvider);
        mav.addObject("unsupportedInstitution", true);
        mav.addObject("institutionContactEmail", identityProviderManager.retrieveContactEmailByProviderid(shibIdentityProvider));
        return mav;
    }
    // Check if the Shibboleth user is already linked to an ORCID account.
    // If so sign them in automatically.
    UserconnectionEntity userConnectionEntity = userConnectionManager.findByProviderIdAndProviderUserIdAndIdType(remoteUser.getUserId(), shibIdentityProvider, remoteUser.getIdType());
    if (userConnectionEntity != null) {
        LOGGER.info("Found existing user connection: {}", userConnectionEntity);
        HeaderCheckResult checkHeadersResult = institutionalSignInManager.checkHeaders(parseOriginalHeaders(userConnectionEntity.getHeadersJson()), headers);
        if (!checkHeadersResult.isSuccess()) {
            mav.addObject("headerCheckFailed", true);
            return mav;
        }
        ProfileEntity profile = profileEntityCacheManager.retrieve(userConnectionEntity.getOrcid());
        if (profile.getUsing2FA()) {
            return new ModelAndView("institutional_2FA");
        }
        try {
            notifyUser(shibIdentityProvider, userConnectionEntity);
            processAuthentication(remoteUser, userConnectionEntity);
        } catch (AuthenticationException e) {
            // this should never happen
            SecurityContextHolder.getContext().setAuthentication(null);
            LOGGER.warn("User {0} should have been logged-in via Shibboleth, but was unable to due to a problem", remoteUser, e);
        }
        return new ModelAndView("redirect:" + calculateRedirectUrl(request, response));
    } else {
        // To avoid confusion, force the user to login to ORCID again
        mav.addObject("linkType", "shibboleth");
        mav.addObject("firstName", (headers.get(InstitutionalSignInManager.GIVEN_NAME_HEADER) == null) ? "" : headers.get(InstitutionalSignInManager.GIVEN_NAME_HEADER));
        mav.addObject("lastName", (headers.get(InstitutionalSignInManager.SN_HEADER) == null) ? "" : headers.get(InstitutionalSignInManager.SN_HEADER));
    }
    return mav;
}

Also used : HeaderCheckResult(org.orcid.pojo.HeaderCheckResult) RemoteUser(org.orcid.pojo.RemoteUser) AuthenticationException(org.springframework.security.core.AuthenticationException) ModelAndView(org.springframework.web.servlet.ModelAndView) UserconnectionEntity(org.orcid.persistence.jpa.entities.UserconnectionEntity) ProfileEntity(org.orcid.persistence.jpa.entities.ProfileEntity) RequestMapping(org.springframework.web.bind.annotation.RequestMapping)

Aggregations

RemoteUser (org.orcid.pojo.RemoteUser)4 UserconnectionEntity (org.orcid.persistence.jpa.entities.UserconnectionEntity)2 HeaderCheckResult (org.orcid.pojo.HeaderCheckResult)2 AuthenticationException (org.springframework.security.core.AuthenticationException)2 RequestMapping (org.springframework.web.bind.annotation.RequestMapping)2 HashMap (java.util.HashMap)1 ProfileEntity (org.orcid.persistence.jpa.entities.ProfileEntity)1 ResponseBody (org.springframework.web.bind.annotation.ResponseBody)1 ModelAndView (org.springframework.web.servlet.ModelAndView)1