From 1b3e47097f29c0f85ec74e48b2f89c626e5393a3 Mon Sep 17 00:00:00 2001
From: Felix Sidokhine <felix.sidokhine@savoirfairelinux.com>
Date: Wed, 22 Jul 2020 22:30:24 +0300
Subject: [PATCH] fixed problem with partial username accounts being created
Change-Id: Ie19da205112d85e5b7cbe7d25b89010a1e14078c
---
.../net/jami/jams/ad/connector/ADConnector.java | 11 +++++++++--
.../ad/connector/service/UserProfileService.java | 13 +++++++++----
.../java/net/jami/datastore/main/DataStore.java | 11 ++++++++++-
.../net/jami/jams/nameserver/LocalNameServer.java | 7 ++++---
.../common/authentication/AuthenticationSource.java | 3 ++-
.../server/core/workflows/RegisterDeviceFlow.java | 2 +-
.../api/auth/directory/DirectoryEntryServlet.java | 5 ++---
.../api/auth/directory/SearchDirectoryServlet.java | 5 ++---
.../net/jami/jams/ldap/connector/LDAPConnector.java | 13 ++++++++++---
.../ldap/connector/service/UserProfileService.java | 12 +++++++-----
.../src/test/java/tests/GenericLDAPTest.java | 4 ++--
versions.json | 10 +++++-----
12 files changed, 63 insertions(+), 33 deletions(-)
diff --git a/ad-connector/src/main/java/net/jami/jams/ad/connector/ADConnector.java b/ad-connector/src/main/java/net/jami/jams/ad/connector/ADConnector.java
index 28867e97..80d93744 100644
--- a/ad-connector/src/main/java/net/jami/jams/ad/connector/ADConnector.java
+++ b/ad-connector/src/main/java/net/jami/jams/ad/connector/ADConnector.java
@@ -93,8 +93,15 @@ public class ADConnector implements AuthenticationSource {
}
@Override
- public List<UserProfile> getUserProfile(String queryString, String field) {
- return userProfileService.getUserProfile(queryString, field);
+ public List<UserProfile> searchUserProfiles(String queryString, String field) {
+ return userProfileService.getUserProfile(queryString, field,false);
+ }
+
+ @Override
+ public UserProfile getUserProfile(String username) {
+ List<UserProfile> result = userProfileService.getUserProfile(username, "LOGON_NAME",true);
+ if(result == null || result.size() != 1) return null;
+ return result.get(0);
}
@Override
diff --git a/ad-connector/src/main/java/net/jami/jams/ad/connector/service/UserProfileService.java b/ad-connector/src/main/java/net/jami/jams/ad/connector/service/UserProfileService.java
index e3d62c44..4aaef1cf 100644
--- a/ad-connector/src/main/java/net/jami/jams/ad/connector/service/UserProfileService.java
+++ b/ad-connector/src/main/java/net/jami/jams/ad/connector/service/UserProfileService.java
@@ -51,9 +51,8 @@ public class UserProfileService {
private static final HashMap<String, String> fieldMap = ADConnector.settings.getFieldMappings();
- public List<UserProfile> getUserProfile(String queryString, String field) {
+ public List<UserProfile> getUserProfile(String queryString, String field,boolean exactMatch) {
Endpoint endpoint = ADConnector.getConnection();
- UserProfile[] profiles = null;
try {
QueryRequest queryRequest = buildRequest(endpoint);
Sentence sentence = null;
@@ -61,8 +60,14 @@ public class UserProfileService {
sentence = new QueryAssembler().addPhrase(FieldType.OBJECT_CLASS, PhraseOperator.EQUAL, ObjectType.USER.toString()).closeSentence();
} else {
if (field.equals("LOGON_NAME")) {
- sentence = new QueryAssembler().addPhrase(FieldType.LOGON_NAME, PhraseOperator.CONTAINS, queryString)
- .closeSentence();
+ if(exactMatch){
+ sentence = new QueryAssembler().addPhrase(FieldType.LOGON_NAME, PhraseOperator.EQUAL, queryString)
+ .closeSentence();
+ }
+ else {
+ sentence = new QueryAssembler().addPhrase(FieldType.LOGON_NAME, PhraseOperator.CONTAINS, queryString)
+ .closeSentence();
+ }
}
if (field.equals("FULL_TEXT_NAME")) {
sentence = new QueryAssembler().addPhrase(FieldType.FIRST_NAME, PhraseOperator.CONTAINS, queryString)
diff --git a/datastore/src/main/java/net/jami/datastore/main/DataStore.java b/datastore/src/main/java/net/jami/datastore/main/DataStore.java
index 7e83e187..e9b1dc82 100644
--- a/datastore/src/main/java/net/jami/datastore/main/DataStore.java
+++ b/datastore/src/main/java/net/jami/datastore/main/DataStore.java
@@ -80,7 +80,7 @@ public class DataStore implements AuthenticationSource {
return userDao.storeObject(user);
}
@Override
- public List<UserProfile> getUserProfile(String queryString, String field) {
+ public List<UserProfile> searchUserProfiles(String queryString, String field) {
List<UserProfile> userList;
if (!queryString.equals("*")) {
@@ -100,6 +100,15 @@ public class DataStore implements AuthenticationSource {
return userList;
}
+ @Override
+ public UserProfile getUserProfile(String username) {
+ StatementList statementList = new StatementList();
+ statementList.addStatement(new StatementElement("username","=", username,""));
+ List<UserProfile> userList = userProfileDao.getObjects(statementList);
+ if(userList.size() != 1) return null;
+ else return userList.get(0);
+ }
+
@Override
public boolean setUserProfile(UserProfile userProfile) {
return userProfileDao.storeObject(userProfile);
diff --git a/jami-nameserver/src/main/java/net/jami/jams/nameserver/LocalNameServer.java b/jami-nameserver/src/main/java/net/jami/jams/nameserver/LocalNameServer.java
index 7d6b7964..08acf787 100644
--- a/jami-nameserver/src/main/java/net/jami/jams/nameserver/LocalNameServer.java
+++ b/jami-nameserver/src/main/java/net/jami/jams/nameserver/LocalNameServer.java
@@ -69,9 +69,10 @@ public class LocalNameServer implements NameServer {
//Reattempt resolution via directory lookups.
final User user = new User();
for(AuthModuleKey key : authenticationModule.getAuthSources().keySet()){
- List<UserProfile> profiles = authenticationModule.getAuthSources().get(key).getUserProfile(username,"LOGON_NAME");
- if(profiles != null && profiles.size() == 1){
- user.setUsername(username);
+ UserProfile profile = authenticationModule.getAuthSources().get(key).getUserProfile(username);
+ if(profile != null){
+ //Use the username from the profile, not the one supplied otherwise phantom users will be created.
+ user.setUsername(profile.getUsername());
user.setRealm(key.getRealm());
user.setUserType(key.getType());
user.setAccessLevel(AccessLevel.USER);
diff --git a/jams-common/src/main/java/net/jami/jams/common/authentication/AuthenticationSource.java b/jams-common/src/main/java/net/jami/jams/common/authentication/AuthenticationSource.java
index 170e5bb3..b65fb695 100644
--- a/jams-common/src/main/java/net/jami/jams/common/authentication/AuthenticationSource.java
+++ b/jams-common/src/main/java/net/jami/jams/common/authentication/AuthenticationSource.java
@@ -30,7 +30,8 @@ import java.util.List;
public interface AuthenticationSource {
boolean createUser(User user);
- List<UserProfile> getUserProfile(String queryString, String field);
+ List<UserProfile> searchUserProfiles(String queryString, String field);
+ UserProfile getUserProfile(String username);
boolean setUserProfile(UserProfile userProfile);
boolean authenticate(String username, String password);
AuthenticationSourceInfo getInfo();
diff --git a/jams-server/src/main/java/net/jami/jams/server/core/workflows/RegisterDeviceFlow.java b/jams-server/src/main/java/net/jami/jams/server/core/workflows/RegisterDeviceFlow.java
index 09f67e69..56aaed6a 100644
--- a/jams-server/src/main/java/net/jami/jams/server/core/workflows/RegisterDeviceFlow.java
+++ b/jams-server/src/main/java/net/jami/jams/server/core/workflows/RegisterDeviceFlow.java
@@ -50,7 +50,7 @@ public class RegisterDeviceFlow {
User user = dataStore.getUserDao().getObjects(statementList).get(0);
UserProfile userProfile = userAuthenticationModule.getAuthSources()
.get(new AuthModuleKey(user.getRealm(),user.getUserType()))
- .getUserProfile(username,"LOGON_NAME").get(0);
+ .searchUserProfiles(username,"LOGON_NAME").get(0);
if (user == null) {
log.error("Tried to enroll a device, but could not find a user, this is impossible!");
diff --git a/jams-server/src/main/java/net/jami/jams/server/servlets/api/auth/directory/DirectoryEntryServlet.java b/jams-server/src/main/java/net/jami/jams/server/servlets/api/auth/directory/DirectoryEntryServlet.java
index 3511994c..aa73eaf5 100644
--- a/jams-server/src/main/java/net/jami/jams/server/servlets/api/auth/directory/DirectoryEntryServlet.java
+++ b/jams-server/src/main/java/net/jami/jams/server/servlets/api/auth/directory/DirectoryEntryServlet.java
@@ -34,7 +34,6 @@ import net.jami.jams.common.objects.user.UserProfile;
import java.io.IOException;
import java.util.ArrayList;
-import java.util.Arrays;
import java.util.List;
import static net.jami.jams.server.Server.userAuthenticationModule;
@@ -195,7 +194,7 @@ public class DirectoryEntryServlet extends HttpServlet {
if (req.getParameter("directory") != null && req.getParameter("directoryType") != null) {
List<UserProfile> profiles = userAuthenticationModule.getAuthSources()
.get(new AuthModuleKey(req.getParameter("directory"), AuthenticationSourceType.fromString(req.getParameter("directoryType"))))
- .getUserProfile(req.getParameter("username"), "LOGON_NAME");
+ .searchUserProfiles(req.getParameter("username"), "LOGON_NAME");
if(req.getParameter("format") != null && req.getParameter("format").equals("vcard")){
resp.getOutputStream().write(profiles.get(0).getAsVCard().getBytes());
}
@@ -204,7 +203,7 @@ public class DirectoryEntryServlet extends HttpServlet {
}
List<UserProfile> userProfiles = new ArrayList<>();
userAuthenticationModule.getAuthSources().forEach((k, v) -> {
- userProfiles.addAll(v.getUserProfile(req.getParameter("username"), "LOGON_NAME"));
+ userProfiles.addAll(v.searchUserProfiles(req.getParameter("username"), "LOGON_NAME"));
});
if(req.getParameter("format") != null && req.getParameter("format").equals("vcard")){
resp.getOutputStream().write(userProfiles.get(0).getAsVCard().getBytes());
diff --git a/jams-server/src/main/java/net/jami/jams/server/servlets/api/auth/directory/SearchDirectoryServlet.java b/jams-server/src/main/java/net/jami/jams/server/servlets/api/auth/directory/SearchDirectoryServlet.java
index de295eac..ce2c5381 100644
--- a/jams-server/src/main/java/net/jami/jams/server/servlets/api/auth/directory/SearchDirectoryServlet.java
+++ b/jams-server/src/main/java/net/jami/jams/server/servlets/api/auth/directory/SearchDirectoryServlet.java
@@ -36,7 +36,6 @@ import net.jami.jams.common.objects.user.UserProfile;
import java.io.IOException;
import java.util.ArrayList;
-import java.util.Arrays;
import java.util.List;
import static net.jami.jams.server.Server.dataStore;
@@ -57,10 +56,10 @@ public class SearchDirectoryServlet extends HttpServlet {
protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException {
List<UserProfile> userProfiles = new ArrayList<>();
userAuthenticationModule.getAuthSources().forEach((k, v) -> {
- List<UserProfile> profiles = v.getUserProfile(req.getParameter("queryString"), "FULL_TEXT_NAME");
+ List<UserProfile> profiles = v.searchUserProfiles(req.getParameter("queryString"), "FULL_TEXT_NAME");
if(profiles == null || profiles.size() == 0){
// check logon names if nothing was found
- profiles = v.getUserProfile(req.getParameter("queryString"), "LOGON_NAME");
+ profiles = v.searchUserProfiles(req.getParameter("queryString"), "LOGON_NAME");
}
profiles.parallelStream().forEach(profile -> {
StatementList statementList = new StatementList();
diff --git a/ldap-connector/src/main/java/net/jami/jams/ldap/connector/LDAPConnector.java b/ldap-connector/src/main/java/net/jami/jams/ldap/connector/LDAPConnector.java
index bd6f4495..8179ed21 100644
--- a/ldap-connector/src/main/java/net/jami/jams/ldap/connector/LDAPConnector.java
+++ b/ldap-connector/src/main/java/net/jami/jams/ldap/connector/LDAPConnector.java
@@ -69,8 +69,15 @@ public class LDAPConnector implements AuthenticationSource {
}
@Override
- public List<UserProfile> getUserProfile(String queryString, String field) {
- return userProfileService.getUserProfile(queryString,field);
+ public List<UserProfile> searchUserProfiles(String queryString, String field) {
+ return userProfileService.getUserProfile(queryString,field,false);
+ }
+
+ @Override
+ public UserProfile getUserProfile(String username) {
+ List<UserProfile> results = userProfileService.getUserProfile(username,"LOGON_NAME",true);
+ if(results == null || results.size() != 1) return null;
+ return results.get(0);
}
@Override
@@ -91,7 +98,7 @@ public class LDAPConnector implements AuthenticationSource {
@Override
public boolean test() {
- return (getUserProfile("*","LOGON_NAME").size() != 0);
+ return (searchUserProfiles("*","LOGON_NAME").size() != 0);
}
diff --git a/ldap-connector/src/main/java/net/jami/jams/ldap/connector/service/UserProfileService.java b/ldap-connector/src/main/java/net/jami/jams/ldap/connector/service/UserProfileService.java
index 71139228..854944b0 100644
--- a/ldap-connector/src/main/java/net/jami/jams/ldap/connector/service/UserProfileService.java
+++ b/ldap-connector/src/main/java/net/jami/jams/ldap/connector/service/UserProfileService.java
@@ -50,7 +50,7 @@ public class UserProfileService {
this.connectionFactory = connectionFactory;
}
- public List<UserProfile> getUserProfile(String queryString, String field){
+ public List<UserProfile> getUserProfile(String queryString, String field, boolean exactMatch){
Connection connection = null;
try {
queryString = queryString.replaceAll("[^\\x00-\\x7F]","*");
@@ -58,7 +58,7 @@ public class UserProfileService {
try {
connection.open();
SearchOperation search = new SearchOperation(connectionFactory);
- SearchResponse res = search.execute(buildRequest(queryString,field));
+ SearchResponse res = search.execute(buildRequest(queryString,field, exactMatch));
if (res.getEntries().size() == 0) return null;
return res.getEntries().stream().map(UserProfileService::profileFromResponse).collect(Collectors.toList());
} catch (Exception e) {
@@ -76,10 +76,12 @@ public class UserProfileService {
}
- public static SearchRequest buildRequest(String queryString, String field) {
+ public static SearchRequest buildRequest(String queryString, String field, boolean exactMatch) {
- if (!queryString.startsWith("*"))
- queryString = "*".concat(queryString).concat("*");
+ if(!exactMatch) {
+ if (!queryString.startsWith("*"))
+ queryString = "*".concat(queryString).concat("*");
+ }
if(field.equals("LOGON_NAME")) {
return SearchRequest.builder()
diff --git a/ldap-connector/src/test/java/tests/GenericLDAPTest.java b/ldap-connector/src/test/java/tests/GenericLDAPTest.java
index 1525e1bb..82cb05e5 100644
--- a/ldap-connector/src/test/java/tests/GenericLDAPTest.java
+++ b/ldap-connector/src/test/java/tests/GenericLDAPTest.java
@@ -34,7 +34,7 @@ public class GenericLDAPTest {
@Test
public void testLookUp() throws Exception{
initLdapConnector();
- List<UserProfile> profiles = ldapConnector.getUserProfile("*","FULL_TEXT_NAME");
+ List<UserProfile> profiles = ldapConnector.searchUserProfiles("*","FULL_TEXT_NAME");
Assertions.assertEquals(2,profiles.size());
Assertions.assertNotNull(profiles.get(0).getFirstName());
Assertions.assertNotNull(profiles.get(1).getFirstName());
@@ -53,7 +53,7 @@ public class GenericLDAPTest {
@Test
public void getVcard() throws Exception{
initLdapConnector();
- List<UserProfile> profiles = ldapConnector.getUserProfile("Felix","FULL_TEXT_NAME");
+ List<UserProfile> profiles = ldapConnector.searchUserProfiles("Felix","FULL_TEXT_NAME");
Assert.assertEquals(1,profiles.size());
Assert.assertNotNull(profiles.get(0).getUsername());
String vcard = profiles.get(0).getAsVCard();
diff --git a/versions.json b/versions.json
index 9916d141..d798f296 100644
--- a/versions.json
+++ b/versions.json
@@ -2,26 +2,26 @@
"net.jami.jams.ad.connector.ADConnector": {
"version": "2.0",
"filename": "ad-connector.jar",
- "md5": "bd362666285da485a316e93f934b66a7"
+ "md5": "9ae70d75d615ee650a6f930c9700de96"
},
"net.jami.jams.authmodule.UserAuthenticationModule": {
"version": "2.0",
"filename": "authentication-module.jar",
- "md5": "da9f724c4162593cf80f6c6e7260c1b2"
+ "md5": "d69348e9c6bd62678880fea25ed03605"
},
"net.jami.jams.server.Server": {
"version": "2.0",
- "md5": "ae811d245d4e10b45f4530a08fce3c8e",
+ "md5": "bd2af8ffbd4c41ea5f86cc508d1ea5c8",
"filename": "jams-server.jar"
},
"net.jami.jams.ca.JamsCA": {
"version": "2.0",
- "md5": "fbcb88fbe485c2803cc388b4a33da752",
+ "md5": "4bbfb901bb528ff77fec1c9d0a2d8b45",
"filename": "cryptoengine.jar"
},
"net.jami.jams.ldap.connector.LDAPConnector": {
"version": "2.0",
- "md5": "366361cb125966f86ea7b2192ee9c10c",
+ "md5": "1094b1742b016e39824693a511978916",
"filename": "ldap-connector.jar"
}
}
\ No newline at end of file
--
GitLab