Search in sources :

Example 1 with IWindowsAccount

use of waffle.windows.auth.IWindowsAccount in project gitblit by gitblit.

the class WindowsAuthProvider method authenticate.

@Override
public UserModel authenticate(String username, char[] password) {
    String defaultDomain = settings.getString(Keys.realm.windows.defaultDomain, null);
    if (StringUtils.isEmpty(defaultDomain)) {
        // ensure that default domain is null
        defaultDomain = null;
    }
    if (defaultDomain != null) {
        // sanitize username
        if (username.startsWith(defaultDomain + "\\")) {
            // strip default domain from domain\ username
            username = username.substring(defaultDomain.length() + 1);
        } else if (username.endsWith("@" + defaultDomain)) {
            // strip default domain from username@domain
            username = username.substring(0, username.lastIndexOf('@'));
        }
    }
    IWindowsIdentity identity = null;
    try {
        if (username.indexOf('@') > -1 || username.indexOf('\\') > -1) {
            // manually specified domain
            identity = waffle.logonUser(username, new String(password));
        } else {
            // no domain specified, use default domain
            identity = waffle.logonDomainUser(username, defaultDomain, new String(password));
        }
    } catch (Win32Exception e) {
        logger.error(e.getMessage());
        return null;
    }
    if (identity.isGuest() && !settings.getBoolean(Keys.realm.windows.allowGuests, false)) {
        logger.warn("Guest account access is disabled");
        identity.dispose();
        return null;
    }
    UserModel user = userManager.getUserModel(username);
    if (user == null) {
        // create user object for new authenticated user
        user = new UserModel(username.toLowerCase());
    }
    // create a user cookie
    setCookie(user);
    // update user attributes from Windows identity
    user.accountType = getAccountType();
    String fqn = identity.getFqn();
    if (fqn.indexOf('\\') > -1) {
        user.displayName = fqn.substring(fqn.lastIndexOf('\\') + 1);
    } else {
        user.displayName = fqn;
    }
    user.password = Constants.EXTERNAL_ACCOUNT;
    Set<String> groupNames = new TreeSet<String>();
    for (IWindowsAccount group : identity.getGroups()) {
        groupNames.add(group.getFqn());
    }
    if (settings.getBoolean(Keys.realm.windows.permitBuiltInAdministrators, true)) {
        if (groupNames.contains("BUILTIN\\Administrators")) {
            // local administrator
            user.canAdmin = true;
        }
    }
    // TODO consider mapping Windows groups to teams
    // push the changes to the backing user service
    updateUser(user);
    // cleanup resources
    identity.dispose();
    return user;
}
Also used : UserModel(com.gitblit.models.UserModel) TreeSet(java.util.TreeSet) IWindowsAccount(waffle.windows.auth.IWindowsAccount) IWindowsIdentity(waffle.windows.auth.IWindowsIdentity) Win32Exception(com.sun.jna.platform.win32.Win32Exception)

Aggregations

UserModel (com.gitblit.models.UserModel)1 Win32Exception (com.sun.jna.platform.win32.Win32Exception)1 TreeSet (java.util.TreeSet)1 IWindowsAccount (waffle.windows.auth.IWindowsAccount)1 IWindowsIdentity (waffle.windows.auth.IWindowsIdentity)1