diff --git a/jams-ca/pom.xml b/jams-ca/pom.xml
index 66e9aa03f5051e4c07a047565b601ac2c5c97e78..4d698d14f781d65b4c419ed669b9faec2497b1d8 100644
--- a/jams-ca/pom.xml
+++ b/jams-ca/pom.xml
@@ -24,7 +24,6 @@
<scope>compile</scope>
</dependency>
</dependencies>
-
<build>
<plugins>
<plugin>
diff --git a/jams-server/src/main/java/net/jami/jams/server/servlets/api/admin/devices/DevicesServlet.java b/jams-server/src/main/java/net/jami/jams/server/servlets/api/admin/devices/DevicesServlet.java
index 161a9e75178d64246ad45819910bb4b78050f4b8..0979e7c616866f84dd7beee7c4731ce895a867d8 100644
--- a/jams-server/src/main/java/net/jami/jams/server/servlets/api/admin/devices/DevicesServlet.java
+++ b/jams-server/src/main/java/net/jami/jams/server/servlets/api/admin/devices/DevicesServlet.java
@@ -31,10 +31,13 @@ import jakarta.servlet.http.HttpServletResponse;
import net.jami.jams.common.annotations.ScopedServletMethod;
import net.jami.jams.common.dao.StatementElement;
import net.jami.jams.common.dao.StatementList;
+import net.jami.jams.common.objects.devices.Device;
import net.jami.jams.common.objects.user.AccessLevel;
import java.io.IOException;
+import java.util.List;
+import static net.jami.jams.server.Server.certificateAuthority;
import static net.jami.jams.server.Server.dataStore;
@WebServlet("/api/admin/devices")
@@ -46,8 +49,16 @@ public class DevicesServlet extends HttpServlet {
protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
String username = req.getParameter("username");
StatementList statementList = new StatementList();
- StatementElement st1 = new StatementElement("owner","=",username,"");
- statementList.addStatement(st1);
- resp.getOutputStream().write(JsonStream.serialize(dataStore.getDeviceDao().getObjects(statementList)).getBytes());
+ statementList.addStatement(new StatementElement("owner","=",username,""));
+ List<Device> devices = dataStore.getDeviceDao().getObjects(statementList);
+ if(certificateAuthority.getLatestCRL() != null) {
+ devices.forEach(device -> {
+ device.setRevoked(certificateAuthority.getLatestCRL().get().getRevokedCertificate(device.getCertificate().getSerialNumber()) != null);
+ });
+ }
+ else
+ devices.forEach(device -> device.setRevoked(false));
+
+ resp.getOutputStream().write(JsonStream.serialize(devices).getBytes());
}
}
diff --git a/jams-server/src/main/java/net/jami/jams/server/servlets/api/admin/users/UserServlet.java b/jams-server/src/main/java/net/jami/jams/server/servlets/api/admin/users/UserServlet.java
index d8ad89d7f254839e35247f4a2c29d3865a84e137..6e6f1fb38c345b5c2d9e2bfeafc454a07ee0c9de 100644
--- a/jams-server/src/main/java/net/jami/jams/server/servlets/api/admin/users/UserServlet.java
+++ b/jams-server/src/main/java/net/jami/jams/server/servlets/api/admin/users/UserServlet.java
@@ -41,6 +41,7 @@ import net.jami.jams.server.core.workflows.RevokeUserFlow;
import java.io.IOException;
import java.util.HashMap;
+import static net.jami.jams.server.Server.certificateAuthority;
import static net.jami.jams.server.Server.dataStore;
import static net.jami.jams.server.Server.nameServer;
import static net.jami.jams.server.Server.userAuthenticationModule;
@@ -55,7 +56,12 @@ public class UserServlet extends HttpServlet {
StatementList statementList = new StatementList();
StatementElement st1 = new StatementElement("username","=",req.getParameter("username"),"");
statementList.addStatement(st1);
- resp.getOutputStream().write(JsonStream.serialize(dataStore.getUserDao().getObjects(statementList)).getBytes());
+ User user = dataStore.getUserDao().getObjects(statementList).get(0);
+ if(certificateAuthority.getLatestCRL().get() != null) {
+ user.setRevoked(certificateAuthority.getLatestCRL().get().getRevokedCertificate(user.getCertificate().getSerialNumber()) == null);
+ }
+ else user.setRevoked(false);
+ resp.getOutputStream().write(JsonStream.serialize(user).getBytes());
}
//Create an internal user - this is always technically available, because internal users have the right to exist.
diff --git a/jams-server/src/main/java/net/jami/jams/server/servlets/api/auth/device/DeviceServlet.java b/jams-server/src/main/java/net/jami/jams/server/servlets/api/auth/device/DeviceServlet.java
index c80845ad4e595c92223e57128063d187bece9582..02c4bf65f0d5a32761ae245a45bcdbfe5edb0d43 100644
--- a/jams-server/src/main/java/net/jami/jams/server/servlets/api/auth/device/DeviceServlet.java
+++ b/jams-server/src/main/java/net/jami/jams/server/servlets/api/auth/device/DeviceServlet.java
@@ -163,7 +163,6 @@ public class DeviceServlet extends HttpServlet {
@Override
@ScopedServletMethod(securityGroups = {AccessLevel.USER})
protected void doDelete(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
- super.doDelete(req,resp);
String deviceId = req.getPathInfo().replace("/","");
//If the device does not belong to the user throw a 403
StatementList statementList = new StatementList();
@@ -176,6 +175,7 @@ public class DeviceServlet extends HttpServlet {
}
DeviceRevocationResponse devResponse = RevokeDeviceFlow.revokeDevice(req.getAttribute("username").toString(),deviceId);
if(devResponse != null) resp.getOutputStream().write(JsonStream.serialize(devResponse).getBytes());
- TomcatCustomErrorHandler.sendCustomError(resp,500,"could not revoke device due to server-side error");
+ else
+ TomcatCustomErrorHandler.sendCustomError(resp,500,"could not revoke device due to server-side error");
}
}
diff --git a/jams-server/src/main/java/net/jami/jams/server/servlets/api/auth/directory/DirectoryEntryServlet.java b/jams-server/src/main/java/net/jami/jams/server/servlets/api/auth/directory/DirectoryEntryServlet.java
index 881a7aa085fad1750fa0e9333f7208321d8f9902..8a7c87fe99d61cc34b622f8d00458592e3f73197 100644
--- a/jams-server/src/main/java/net/jami/jams/server/servlets/api/auth/directory/DirectoryEntryServlet.java
+++ b/jams-server/src/main/java/net/jami/jams/server/servlets/api/auth/directory/DirectoryEntryServlet.java
@@ -196,7 +196,7 @@ public class DirectoryEntryServlet extends HttpServlet {
UserProfile[] profiles = userAuthenticationModule.getAuthSources()
.get(new AuthModuleKey(req.getParameter("directory"), AuthenticationSourceType.fromString(req.getParameter("directoryType"))))
.getUserProfile(req.getParameter("username"), "LOGON_NAME");
- if(req.getParameter("format").equals("vcard")){
+ if(req.getParameter("format") != null && req.getParameter("format").equals("vcard")){
resp.getOutputStream().write(profiles[0].getAsVCard().getBytes());
}
else resp.getOutputStream().write(JsonStream.serialize(profiles[0]).getBytes());
@@ -207,7 +207,7 @@ public class DirectoryEntryServlet extends HttpServlet {
UserProfile[] profiles = v.getUserProfile(req.getParameter("username"), "LOGON_NAME");
if (profiles != null && profiles.length != 0) userProfiles.addAll(Arrays.asList(profiles));
});
- if(req.getParameter("format").equals("vcard")){
+ if(req.getParameter("format") != null && req.getParameter("format").equals("vcard")){
resp.getOutputStream().write(userProfiles.get(0).getAsVCard().getBytes());
}
else resp.getOutputStream().write(JsonStream.serialize(userProfiles.get(0)).getBytes());
diff --git a/jams-server/src/main/java/net/jami/jams/server/servlets/api/auth/user/UserServlet.java b/jams-server/src/main/java/net/jami/jams/server/servlets/api/auth/user/UserServlet.java
index 80c5aee1c2bb205ddd673039e338daefa42f90a7..56806c52c16b1451790473e51f37c68b8e1e49ab 100644
--- a/jams-server/src/main/java/net/jami/jams/server/servlets/api/auth/user/UserServlet.java
+++ b/jams-server/src/main/java/net/jami/jams/server/servlets/api/auth/user/UserServlet.java
@@ -22,6 +22,7 @@
*/
package net.jami.jams.server.servlets.api.auth.user;
+import com.jsoniter.output.JsonStream;
import jakarta.servlet.ServletException;
import jakarta.servlet.annotation.WebServlet;
import jakarta.servlet.http.HttpServlet;
@@ -69,35 +70,17 @@ public class UserServlet extends HttpServlet {
* @apiError (500) {null} null could not fetch user information
*/
@Override
+ @ScopedServletMethod(securityGroups = {AccessLevel.USER})
protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
StatementList statementList = new StatementList();
- StatementElement st = new StatementElement("username","=",req.getParameter("username").toString(),"");
+ StatementElement st = new StatementElement("username","=",req.getAttribute("username").toString(),"");
statementList.addStatement(st);
User user = dataStore.getUserDao().getObjects(statementList).get(0);
- String password = user.getPassword();
- if (!user.getNeedsPasswordReset()) {
- password = PasswordGenerator.generatePassword();
- StatementList update = new StatementList();
- StatementElement st0 = new StatementElement("password","=",password,"");
- update.addStatement(st0);
- StatementList constraint = new StatementList();
- StatementElement st1 = new StatementElement("username","=",req.getParameter("username"),"");
- update.addStatement(st1);
- StatementElement st2 = new StatementElement("needsPasswordReset","=","true","");
- update.addStatement(st2);
- // refresh variable
- user = dataStore.getUserDao().getObjects(statementList).get(0);
- dataStore.getUserDao().updateObject(update,constraint);
+ if(certificateAuthority.getLatestCRL().get() != null) {
+ user.setRevoked(certificateAuthority.getLatestCRL().get().getRevokedCertificate(user.getCertificate().getSerialNumber()) == null);
}
-
- resp.setHeader("needspasswordreset", (user.getNeedsPasswordReset()).toString());
- resp.setHeader("password", password);
-
- if (certificateAuthority.getLatestCRL().get()
- .getRevokedCertificate(user.getCertificate().getSerialNumber()) == null)
- resp.setHeader("revoked", "false");
- else
- resp.setHeader("revoked", "true");
+ else user.setRevoked(false);
+ resp.getOutputStream().write(JsonStream.serialize(user).getBytes());
}
//The user can update 3 fields: password,privatekey,publickey
@@ -116,12 +99,12 @@ public class UserServlet extends HttpServlet {
@ScopedServletMethod(securityGroups = AccessLevel.USER)
protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
String username = req.getAttribute("username").toString();
- //Check if he is AD/LDAP - then return a 401, because we can't set such password.
+ //Check if he is AD/LDAP - then return a 403, because we can't set such password.
StatementList select = new StatementList();
StatementElement st = new StatementElement("username","=",username,"");
select.addStatement(st);
if(dataStore.getUserDao().getObjects(select).get(0).getUserType() != AuthenticationSourceType.LOCAL){
- resp.sendError(500,"The user is not a local user, therefore we cannot change his data!");
+ resp.sendError(403,"The user is not a local user, therefore we cannot change his data!");
return;
}
StatementList update = new StatementList();
@@ -129,7 +112,7 @@ public class UserServlet extends HttpServlet {
update.addStatement(st0);
StatementList constraint = new StatementList();
StatementElement st1 = new StatementElement("username","=",username,"");
- update.addStatement(st1);
+ constraint.addStatement(st1);
if(dataStore.getUserDao().updateObject(update,constraint)) resp.setStatus(200);
else resp.sendError(500,"could not update the users's data field!");
}
diff --git a/jams-server/src/main/resources/webapp/js/api.js b/jams-server/src/main/resources/webapp/js/api.js
index 9e1f297fc2338404ac37b11dec368a09a8769dc0..b1adf1cee1411510b2bdf17724887aeeb70175de 100644
--- a/jams-server/src/main/resources/webapp/js/api.js
+++ b/jams-server/src/main/resources/webapp/js/api.js
@@ -32,6 +32,7 @@ var api_path_post_install_auth = '/api/install/auth';
var api_path_post_install_server = '/api/install/settings';
var api_path_get_install_lastKnownStep = '/api/install/lastStep';
var api_path_get_auth_user_search = '/api/auth/users';
+var api_path_get_admin_devices = '/api/admin/devices';
var api_path_get_auth_devices = '/api/auth/devices';
var api_path_delete_admin_user_revoke = '/api/admin/user';
var api_path_delete_auth_user_revoke = '/api/auth/user';
@@ -48,7 +49,8 @@ var api_path_get_directories = '/api/auth/directories';
var api_path_get_needs_update = '/api/admin/update';
var api_path_get_start_update = '/api/admin/update';
var api_path_post_create_user = '/api/admin/user';
-var api_path_get_user = '/api/auth/user';
+var api_path_get_auth_user = '/api/auth/user';
+var api_path_get_admin_user = '/api/admin/user';
var api_path_post_update_user = '/api/auth/user';
var api_path_get_exists_user = '/api/admin/user';
var api_path_get_user_directory_search ='/api/auth/directory/search';
@@ -97,7 +99,7 @@ function ajaxApiCall(api_path, request_type, data, credentials, callBackFunction
if (data) {
if (api_path == api_path_get_user_directory_search || api_path == api_path_get_auth_user_search || api_path == api_path_get_user_search ||
(api_path == api_path_post_create_user && request_type == 'POST') || api_path == api_path_post_update_user
- || api_path == api_path_get_auth_devices || api_path == api_path_post_configuration_change_password)
+ || api_path == api_path_get_auth_devices || api_path == api_path_post_configuration_change_password || api_path == api_path_get_admin_devices)
isSearch = true;
// search dataType
diff --git a/jams-server/src/main/resources/webapp/js/identity-management.js b/jams-server/src/main/resources/webapp/js/identity-management.js
index de5c61ee2070913ed4f0970bfd48db0cbbadbca5..c16fccae6cbe510ce3976b23d9af40a1bcbe54e5 100644
--- a/jams-server/src/main/resources/webapp/js/identity-management.js
+++ b/jams-server/src/main/resources/webapp/js/identity-management.js
@@ -62,6 +62,7 @@ function setLDAPParametersData(form) {
settings[field.name] = field.value;
});
settings['fieldMappings'] = {};
+ settings['fieldMappings']['uid'] = "Username"
settings['fieldMappings']['givenName'] = "FirstName";
settings['fieldMappings']['sn'] = "LastName";
settings['fieldMappings']['jpegPhoto'] = "ProfilePicture";
@@ -93,6 +94,7 @@ function setADParametersData(form) {
});
settings['fieldMappings'] = {};
+ settings['fieldMappings']['sAMAccountName'] = "Username"
settings['fieldMappings']['givenName'] = "FirstName";
settings['fieldMappings']['sn'] = "LastName";
settings['fieldMappings']['jpegPhoto'] = "ProfilePicture";
diff --git a/jams-server/src/main/resources/webapp/js/user.js b/jams-server/src/main/resources/webapp/js/user.js
index 917c3e26f93014ee7b368e5d5f99bcb5bc1af92a..bed9af7bf48645a5bdf104b93d633e220b0c21cd 100644
--- a/jams-server/src/main/resources/webapp/js/user.js
+++ b/jams-server/src/main/resources/webapp/js/user.js
@@ -54,19 +54,33 @@ $(document).ready(function() {
ajaxApiCall(api_path_get_directories, 'GET', null, null, isLocalDB).then(function() {
setTimeout(function() {
- ajaxApiCall(api_path_get_user, 'GET', userData, null, setStatus).then(function() {
- ajaxApiCall(api_path_get_user_directory_search, 'GET', searchData, null, setUserInfoDataSource).then(function() {
- setTimeout(function() {
- ajaxApiCall(api_path_get_user_directory_search, 'GET', searchData, null, setUserExtendedData);
- }, 300);
+ if (getAdminStatus()) {
+ ajaxApiCall(api_path_get_admin_user, 'GET', userData, null, setStatus).then(function() {
+ ajaxApiCall(api_path_get_user_directory_search, 'GET', searchData, null, setUserInfoDataSource).then(function() {
+ setTimeout(function() {
+ ajaxApiCall(api_path_get_user_directory_search, 'GET', searchData, null, setUserExtendedData);
+ }, 700);
+ });
+ });
+ } else {
+ ajaxApiCall(api_path_get_auth_user, 'GET', null, null, setStatus).then(function() {
+ ajaxApiCall(api_path_get_user_directory_search, 'GET', searchData, null, setUserInfoDataSource).then(function() {
+ setTimeout(function() {
+ ajaxApiCall(api_path_get_user_directory_search, 'GET', searchData, null, setUserExtendedData);
+ }, 700);
+
+ });
});
- });
- }, 300)
+ }
+ }, 700)
});
// set User devices information
- ajaxApiCall(api_path_get_auth_devices, 'GET', userData, null, setUserDevices);
+ if (getAdminStatus())
+ ajaxApiCall(api_path_get_admin_devices, 'GET', userData, null, setUserDevices);
+ else
+ ajaxApiCall(api_path_get_auth_devices, 'GET', null, null, setUserDevices);
// revoke user
$( '.user-information' ).on( 'click', '.de-authorize-user', function () {
@@ -114,7 +128,10 @@ $(document).ready(function() {
});
$( '.user-information' ).on( 'click', '.reset-password', function (e) {
- ajaxApiCall(api_path_get_user, 'GET', userData, null, handleNewOTP);
+ if (getAdminStatus())
+ ajaxApiCall(api_path_get_admin_user, 'GET', userData, null, handleNewOTP);
+ else
+ ajaxApiCall(api_path_get_auth_user, 'GET', null, null, handleNewOTP);
});
// change device name
@@ -150,9 +167,9 @@ $(document).ready(function() {
isSearch = false;
$('.loading').show();
if (getAdminStatus())
- ajaxApiCall(api_path_delete_admin_device_revoke + "?deviceId=" + deviceId, 'DELETE', null, null, revokeDeviceHandler);
+ ajaxApiCall(api_path_delete_admin_device_revoke + "?username=" + username + "&deviceId=" + deviceId, 'DELETE', null, null, revokeDeviceHandler);
else
- ajaxApiCall(api_path_delete_auth_device_revoke + "?deviceId=" + deviceId, 'DELETE', null, null, revokeDeviceHandler);
+ ajaxApiCall(api_path_delete_auth_device_revoke + "/" + deviceId, 'DELETE', null, null, revokeDeviceHandler);
});
$('.dismiss-device').on('click', function(){
diff --git a/ldap-connector/pom.xml b/ldap-connector/pom.xml
index f0a74061eb034e326b0d7338d945dc5371f228cb..8fa16a8f32d097e6a55cc314f63b9698b69dab49 100644
--- a/ldap-connector/pom.xml
+++ b/ldap-connector/pom.xml
@@ -26,7 +26,7 @@
<dependency>
<groupId>org.zapodot</groupId>
<artifactId>embedded-ldap-junit</artifactId>
- <version>0.8.1</version>
+ <version>${embedded.ldap.unit}</version>
<scope>test</scope>
</dependency>
</dependencies>
diff --git a/pom.xml b/pom.xml
index 65f67bb7af33e03370ffc3a1c9f5713cd3180f81..ceba8d1dab08b3b33827125648150b6e731a7f64 100644
--- a/pom.xml
+++ b/pom.xml
@@ -56,6 +56,7 @@
<apache.httpclient.version>4.5.10</apache.httpclient.version>
<ez.vcard.version>0.10.6</ez.vcard.version>
<maven.resources.version>3.1.0</maven.resources.version>
+ <embedded.ldap.unit>0.8.1</embedded.ldap.unit>
</properties>
<dependencies>