From f037a08da0ef51d67a6597e9cb90b42cf8539e64 Mon Sep 17 00:00:00 2001
From: Philippe Larose <philippe.larose@savoirfairelinux.com>
Date: Fri, 16 Aug 2024 16:25:53 -0400
Subject: [PATCH] ad/ldap-connector: prevent revocation if AD/LDAP is down

Ticket: https://redmine.savoirfairelinux.com/issues/7656
Change-Id: Ibd79d6db688ec4662aa756d82051cd03a3493127
---
 .../connector/service/UserProfileService.java | 28 +++++++++++--------
 .../connector/service/UserProfileService.java | 25 ++++++++++-------
 2 files changed, 31 insertions(+), 22 deletions(-)

diff --git a/ad-connector/src/main/java/net/jami/jams/ad/connector/service/UserProfileService.java b/ad-connector/src/main/java/net/jami/jams/ad/connector/service/UserProfileService.java
index c38cd92a..39685be4 100644
--- a/ad-connector/src/main/java/net/jami/jams/ad/connector/service/UserProfileService.java
+++ b/ad-connector/src/main/java/net/jami/jams/ad/connector/service/UserProfileService.java
@@ -200,19 +200,23 @@ public class UserProfileService {
     public void synchronizeUsersWithAD() {
         log.info("Synchronizing Active Directory user profiles");
         // Fetch all users from the Active Directory
-        List<UserProfile> profilesFromResponse =
+        List<UserProfile> profilesFromAD =
                 getUserProfile("*", "LOGON_NAME", false, Optional.empty());
-        // There is a use case where a user is not in the LDAP directory but is in the database.
-        // When this happens, we need to revoke the user from the database.
-        List<UserProfile> profilesFromDatabase = dataStore.getUserProfileDao().getAllUserProfile();
-        for (UserProfile p : profilesFromDatabase) {
-            if (profilesFromResponse.stream()
-                    .noneMatch(r -> r.getUsername().equals(p.getUsername()))) {
-                log.info("Revoking user " + p.getUsername() + " from the database.");
-                RevokeUserFlow.revokeUser(p.getUsername());
-                // We also remove the user from the local_directory table to avoid duplicate
-                // revocations
-                dataStore.getUserProfileDao().deleteUserProfile(p.getUsername());
+        // Do not revoke users if there is an error, the AD server could be down.
+        if (profilesFromAD != null) {
+            // There is a use case where a user is not in the AD server but is in the database.
+            // When this happens, we need to revoke the user from the database.
+            List<UserProfile> profilesFromDatabase =
+                    dataStore.getUserProfileDao().getAllUserProfile();
+            for (UserProfile p : profilesFromDatabase) {
+                if (profilesFromAD.stream()
+                        .noneMatch(r -> r.getUsername().equals(p.getUsername()))) {
+                    log.info("Revoking user " + p.getUsername() + " from the database.");
+                    RevokeUserFlow.revokeUser(p.getUsername());
+                    // We also remove the user from the local_directory table to avoid duplicate
+                    // revocations
+                    dataStore.getUserProfileDao().deleteUserProfile(p.getUsername());
+                }
             }
         }
     }
diff --git a/ldap-connector/src/main/java/net/jami/jams/ldap/connector/service/UserProfileService.java b/ldap-connector/src/main/java/net/jami/jams/ldap/connector/service/UserProfileService.java
index c4c9917c..47c16bc2 100644
--- a/ldap-connector/src/main/java/net/jami/jams/ldap/connector/service/UserProfileService.java
+++ b/ldap-connector/src/main/java/net/jami/jams/ldap/connector/service/UserProfileService.java
@@ -152,16 +152,21 @@ public class UserProfileService {
         // Fetcg all users from the LDAP
         List<UserProfile> profilesFromLDAP =
                 getUserProfile("*", "LOGON_NAME", false, Optional.empty());
-        // There is a use case where a user is not in the LDAP directory but is in the database.
-        // When this happens, we need to revoke the user from the database.
-        List<UserProfile> profilesFromDatabase = dataStore.getUserProfileDao().getAllUserProfile();
-        for (UserProfile p : profilesFromDatabase) {
-            if (profilesFromLDAP.stream().noneMatch(r -> r.getUsername().equals(p.getUsername()))) {
-                log.info("Revoking user " + p.getUsername() + " from the database.");
-                RevokeUserFlow.revokeUser(p.getUsername());
-                // We also remove the user from the local_directory table to avoid duplicate
-                // revocations
-                dataStore.getUserProfileDao().deleteUserProfile(p.getUsername());
+        // Do not revoke users if there is an error, the LDAP server could be down.
+        if (profilesFromLDAP != null) {
+            // There is a use case where a user is not in the LDAP server but is in the database.
+            // When this happens, we need to revoke the user from the database.
+            List<UserProfile> profilesFromDatabase =
+                    dataStore.getUserProfileDao().getAllUserProfile();
+            for (UserProfile p : profilesFromDatabase) {
+                if (profilesFromLDAP.stream()
+                        .noneMatch(r -> r.getUsername().equals(p.getUsername()))) {
+                    log.info("Revoking user " + p.getUsername() + " from the database.");
+                    RevokeUserFlow.revokeUser(p.getUsername());
+                    // We also remove the user from the local_directory table to avoid duplicate
+                    // revocations
+                    dataStore.getUserProfileDao().deleteUserProfile(p.getUsername());
+                }
             }
         }
     }
-- 
GitLab