fixed issues with user lookup when active directory or ldap

95f32c52 · Felix Sidokhine · 72430a86 · 95f32c52 · 95f32c52 · 95f32c52
Commit 95f32c52 authored 4 years ago by Felix Sidokhine
--- a/authentication-module/src/main/java/net/jami/jams/authmodule/UserAuthenticationModule.java
+++ b/authentication-module/src/main/java/net/jami/jams/authmodule/UserAuthenticationModule.java
@@ -24,6 +24,7 @@ import java.security.PublicKey;
 import java.security.cert.X509Certificate;
 import java.security.interfaces.RSAPublicKey;
 import java.util.HashMap;
+import java.util.concurrent.ConcurrentHashMap;


 @Slf4j
@@ -39,7 +40,7 @@ public class UserAuthenticationModule implements AuthenticationModule {
    private PublicKey publicKey = null;


-    private final HashMap<AuthModuleKey, AuthenticationSource> authenticationSources = new HashMap<>();
+    private final ConcurrentHashMap<AuthModuleKey, AuthenticationSource> authenticationSources = new ConcurrentHashMap<>();

    public UserAuthenticationModule(DataStore dataStore, CertificateAuthority certificateAuthority) throws Exception{
        UserAuthenticationModule.datastore = dataStore;
@@ -138,7 +139,7 @@ public class UserAuthenticationModule implements AuthenticationModule {
    }

    @Override
-    public HashMap<AuthModuleKey, AuthenticationSource> getAuthSources(){
+    public ConcurrentHashMap<AuthModuleKey, AuthenticationSource> getAuthSources(){
        return authenticationSources;
    }


--- a/integration-test/install-server.py
+++ b/integration-test/install-server.py
@@ -114,6 +114,7 @@ response = requests.post('http://localhost:8080/api/auth/device',headers=header,
 print(response.status_code)
 print(response.text)

+print(token)

 response = requests.get("http://localhost:8080/api/nameservice/name/aberaud",headers=header)
 print(response.status_code)

--- a/jami-nameserver/src/main/java/net/jami/jams/nameserver/LocalNameServer.java
+++ b/jami-nameserver/src/main/java/net/jami/jams/nameserver/LocalNameServer.java
@@ -2,6 +2,7 @@ package net.jami.jams.nameserver;

 import lombok.extern.slf4j.Slf4j;
 import net.jami.datastore.main.DataStore;
+import net.jami.jams.common.authmodule.AuthModuleKey;
 import net.jami.jams.common.authmodule.AuthenticationModule;
 import net.jami.jams.common.dao.StatementElement;
 import net.jami.jams.common.dao.StatementList;
@@ -43,15 +44,17 @@ public class LocalNameServer implements NameServer {
        if(results.size() == 0){
            //Reattempt resolution via directory lookups.
            final User user = new User();
-            authenticationModule.getAuthSources().forEach( (k,v) ->{
-                UserProfile[] profiles = v.getUserProfile(username,"LOGON_NAME");
+            for(AuthModuleKey key : authenticationModule.getAuthSources().keySet()){
+                UserProfile[] profiles = authenticationModule.getAuthSources().get(key).getUserProfile(username,"LOGON_NAME");
                if(profiles != null && profiles.length == 1){
-                    user.setRealm(k.getRealm());
-                    user.setUserType(k.getType());
+                    user.setUsername(username);
+                    user.setRealm(key.getRealm());
+                    user.setUserType(key.getType());
                    user.setAccessLevel(AccessLevel.USER);
                    authenticationModule.createUser(user.getUserType(),user.getRealm(),this,user);
+                    break;
                }
-            });
+            }
            if(user.getUsername() == null) return null;
            //resolve again in the database to be sure.
            results = dataStore.getUserDao().getObjects(statementList);

--- a/jams-common/src/main/java/net/jami/jams/common/authmodule/AuthenticationModule.java
+++ b/jams-common/src/main/java/net/jami/jams/common/authmodule/AuthenticationModule.java
@@ -8,13 +8,14 @@ import net.jami.jams.common.objects.user.User;
 import java.security.cert.X509Certificate;
 import java.security.interfaces.RSAPublicKey;
 import java.util.HashMap;
+import java.util.concurrent.ConcurrentHashMap;

 public interface AuthenticationModule {

    void attachAuthSource(AuthenticationSourceType type, String settings);
    AuthTokenResponse authenticateUser(String username, String password);
    AuthTokenResponse authenticateUser(X509Certificate[] certificates);
-    HashMap<AuthModuleKey, AuthenticationSource> getAuthSources();
+    ConcurrentHashMap<AuthModuleKey, AuthenticationSource> getAuthSources();
    boolean testModuleConfiguration(AuthenticationSourceType type, String configuration);
    boolean createUser(AuthenticationSourceType type, String realm, NameServer nameServer, User user);
    RSAPublicKey getAuthModulePubKey();

--- a/jams-server/src/main/java/net/jami/jams/server/core/workflows/InstallationFinalizer.java
+++ b/jams-server/src/main/java/net/jami/jams/server/core/workflows/InstallationFinalizer.java
@@ -22,6 +22,8 @@ import static net.jami.jams.server.Server.*;
 @Slf4j
 public class InstallationFinalizer {

+    private boolean useLocalNS = true;
+
    public boolean finalizeInstallation() {
        //Basically here we build the config and flush it.
        try {
@@ -32,21 +34,19 @@ public class InstallationFinalizer {
            serverSettings.setServerPublicURI(CachedObjects.certificateAuthorityConfig.getServerDomain());
            if (CachedObjects.activeDirectorySettings != null) {
                serverSettings.setActiveDirectoryConfiguration(JsonStream.serialize(CachedObjects.activeDirectorySettings));
-                nameServer = new LocalNameServer(dataStore,userAuthenticationModule,serverSettings.getServerPublicURI());
                log.info("Server configured to use Active Directory as the authentication backend!");
            }
            if (CachedObjects.ldapSettings != null) {
                serverSettings.setLdapConfiguration(JsonStream.serialize(CachedObjects.ldapSettings));
-                nameServer = new LocalNameServer(dataStore,userAuthenticationModule,serverSettings.getServerPublicURI());
                log.info("Server configured to use LDAP as the authentication backend!");
            }
            if (CachedObjects.localAuthSettings != null) {
                serverSettings.setLocalDirectoryConfiguration(JsonStream.serialize(CachedObjects.localAuthSettings));
                if(CachedObjects.localAuthSettings.getPublicNames()){
+                    useLocalNS = false;
                    nameServer = new PublicNameServer(CachedObjects.localAuthSettings.getPublicNameServer());
                    log.warn("Server configured to use {} as the nameserver for Jami clients !",CachedObjects.localAuthSettings.getPublicNameServer());
                }
-                else nameServer = new LocalNameServer(dataStore,userAuthenticationModule,serverSettings.getServerPublicURI());
                log.info("Server is configured to use local authentication engine");
            }
            //Now flush the server settings.
@@ -81,6 +81,7 @@ public class InstallationFinalizer {
                userAuthenticationModule.attachAuthSource(AuthenticationSourceType.AD,serverSettings.getActiveDirectoryConfiguration());
            if(serverSettings.getLdapConfiguration() != null)
                userAuthenticationModule.attachAuthSource(AuthenticationSourceType.LDAP,serverSettings.getLdapConfiguration());
+            if(useLocalNS) nameServer = new LocalNameServer(dataStore,userAuthenticationModule,serverSettings.getServerPublicURI());
            Server.isInstalled.set(true);
            log.info("The installation has completed successfully, you can now use JAMS!");
        } catch (Exception e) {