From 0048997b91e3fb4502c8c754b1c9ddd9fc8c4700 Mon Sep 17 00:00:00 2001 From: Nils Schwabe Date: Mon, 5 May 2014 16:26:07 +0200 Subject: Add user auth when ldap server is down --- .../org/openslx/imagemaster/db/DbSatellite.java | 9 ++++++ .../java/org/openslx/imagemaster/db/LdapUser.java | 33 +++++++++++++++++++--- .../openslx/imagemaster/session/Authenticator.java | 10 +++++-- 3 files changed, 45 insertions(+), 7 deletions(-) (limited to 'src/main/java/org/openslx') diff --git a/src/main/java/org/openslx/imagemaster/db/DbSatellite.java b/src/main/java/org/openslx/imagemaster/db/DbSatellite.java index e6c8e03..2b155cf 100644 --- a/src/main/java/org/openslx/imagemaster/db/DbSatellite.java +++ b/src/main/java/org/openslx/imagemaster/db/DbSatellite.java @@ -41,4 +41,13 @@ public class DbSatellite public String getPrefix() { return this.prefix; } + + public static DbSatellite fromPrefix( String prefix ) + { + return MySQL + .findUniqueOrNull( + DbSatellite.class, + "SELECT satellite.organization, satellite.address, satellite.name, satellite.prefix FROM satellite WHERE satellite.prefix = ? LIMIT 1", + prefix ); + } } diff --git a/src/main/java/org/openslx/imagemaster/db/LdapUser.java b/src/main/java/org/openslx/imagemaster/db/LdapUser.java index f9554c0..ae6aae2 100644 --- a/src/main/java/org/openslx/imagemaster/db/LdapUser.java +++ b/src/main/java/org/openslx/imagemaster/db/LdapUser.java @@ -52,9 +52,10 @@ public class LdapUser extends User */ public static LdapUser forLogin( final String login, final String password ) throws AuthenticationException { - String username, organization, firstName, lastName, eMail, satelliteAddress; + String username, organization, firstName, lastName, eMail, satelliteAddress = ""; - if (login.split( "_" ).length != 2) + final String[] split = login.split( "_" ); + if (split.length != 2) throw new AuthenticationException(AuthenticationError.GENERIC_ERROR, "Login must be in form: prefix_username"); LdapConnection connection = null; @@ -117,6 +118,13 @@ public class LdapUser extends User // everything went fine return new LdapUser( 0, username, Sha512Crypt.Sha512_crypt( password, null, 0 ), organization, firstName, lastName, eMail, satelliteAddress ); } catch ( LdapException e) { + if ( e.getMessage().contains( "Cannot connect on the server" ) ) { + DbSatellite dbSatellite = DbSatellite.fromPrefix(split[0]); + if (dbSatellite == null) throw new AuthenticationException(AuthenticationError.INVALID_CREDENTIALS, "Credentials invalid."); + String lo = split[1] + "@" + dbSatellite.getOrganization(); + log.info( "LDAP server could not be reached. Trying to connect locally with: " + lo ); + return LdapUser.localLogin(lo, password); + } e.printStackTrace(); throw new AuthenticationException( AuthenticationError.GENERIC_ERROR, "Something went wrong." ); } catch ( CursorException e ) { @@ -137,10 +145,27 @@ public class LdapUser extends User connection.unBind(); connection.close(); } catch ( IOException | LdapException e ) { - e.printStackTrace(); - throw new AuthenticationException( AuthenticationError.GENERIC_ERROR, "Something went very wrong." ); + // was not connected so don't do anything... } } return null; } + + /** + * Login user locally if external Ldap server is not available + * @param username Must be in form "userid@organization" + * @param password The user's password + */ + private static LdapUser localLogin( String login, String password ) + { + DbUser user = DbUser.forLogin( login ); + if (user == null) return null; // no user found + + // check users password + if (!Sha512Crypt.verifyPassword( password, user.password )) return null; + + // return ldapuser if valid + return new LdapUser( user.userId, user.username, Sha512Crypt.Sha512_crypt( password, null, 0 ), user.organization, user.firstName, + user.lastName, user.eMail, user.satelliteAddress ); + } } diff --git a/src/main/java/org/openslx/imagemaster/session/Authenticator.java b/src/main/java/org/openslx/imagemaster/session/Authenticator.java index 85f56b2..0796188 100644 --- a/src/main/java/org/openslx/imagemaster/session/Authenticator.java +++ b/src/main/java/org/openslx/imagemaster/session/Authenticator.java @@ -30,20 +30,24 @@ public class Authenticator String login = username; if (username.split( "@" ).length == 2) { + log.info( "username is in username@organization format" ); // we are in userid@organization format // --> get prefix DbSatellite satellite = DbSatellite.fromOrganization( username.split( "@" )[1] ); if (satellite == null) - throw new AuthenticationException( AuthenticationError.INVALID_CREDENTIALS, "Unkown Organization" ); + throw new AuthenticationException( AuthenticationError.INVALID_CREDENTIALS, "Unkown Organization." ); login = satellite.getPrefix() + "_" + username.split( "@" )[0]; + } else if (username.split( "_" ).length != 2) { + log.info( "username is not in a valid format." ); + throw new AuthenticationException(AuthenticationError.INVALID_CREDENTIALS, "Credentials must be in (username@organization) or (prefix@username)"); } - log.info( "Loggin in with: " + login ); + log.info( "Logging in with: " + login ); LdapUser user = LdapUser.forLogin( login, password ); // throws exception if credentials are invalid if ( user == null ) { log.debug( "Login failed: " + username ); - throw new AuthenticationException( AuthenticationError.GENERIC_ERROR, "Could not login because of a weird error." ); + throw new AuthenticationException( AuthenticationError.GENERIC_ERROR, "Something went wrong." ); } log.debug( "Login succesful: " + username ); -- cgit v1.2.3-55-g7522