use of waffle.windows.auth.IWindowsAccount in project gitblit by gitblit.
the class WindowsAuthProvider method authenticate.
@Override
public UserModel authenticate(String username, char[] password) {
String defaultDomain = settings.getString(Keys.realm.windows.defaultDomain, null);
if (StringUtils.isEmpty(defaultDomain)) {
// ensure that default domain is null
defaultDomain = null;
}
if (defaultDomain != null) {
// sanitize username
if (username.startsWith(defaultDomain + "\\")) {
// strip default domain from domain\ username
username = username.substring(defaultDomain.length() + 1);
} else if (username.endsWith("@" + defaultDomain)) {
// strip default domain from username@domain
username = username.substring(0, username.lastIndexOf('@'));
}
}
IWindowsIdentity identity = null;
try {
if (username.indexOf('@') > -1 || username.indexOf('\\') > -1) {
// manually specified domain
identity = waffle.logonUser(username, new String(password));
} else {
// no domain specified, use default domain
identity = waffle.logonDomainUser(username, defaultDomain, new String(password));
}
} catch (Win32Exception e) {
logger.error(e.getMessage());
return null;
}
if (identity.isGuest() && !settings.getBoolean(Keys.realm.windows.allowGuests, false)) {
logger.warn("Guest account access is disabled");
identity.dispose();
return null;
}
UserModel user = userManager.getUserModel(username);
if (user == null) {
// create user object for new authenticated user
user = new UserModel(username.toLowerCase());
}
// create a user cookie
setCookie(user);
// update user attributes from Windows identity
user.accountType = getAccountType();
String fqn = identity.getFqn();
if (fqn.indexOf('\\') > -1) {
user.displayName = fqn.substring(fqn.lastIndexOf('\\') + 1);
} else {
user.displayName = fqn;
}
user.password = Constants.EXTERNAL_ACCOUNT;
Set<String> groupNames = new TreeSet<String>();
for (IWindowsAccount group : identity.getGroups()) {
groupNames.add(group.getFqn());
}
if (settings.getBoolean(Keys.realm.windows.permitBuiltInAdministrators, true)) {
if (groupNames.contains("BUILTIN\\Administrators")) {
// local administrator
user.canAdmin = true;
}
}
// TODO consider mapping Windows groups to teams
// push the changes to the backing user service
updateUser(user);
// cleanup resources
identity.dispose();
return user;
}
Aggregations