[server] Support rejecting users by defaulf if they don't have a DB entry yet

3 files changed, 50 insertions, 30 deletions

diff --git a/dozentenmodulserver/src/main/java/org/openslx/bwlp/sat/RuntimeConfig.java b/dozentenmodulserver/src/main/java/org/openslx/bwlp/sat/RuntimeConfig.java
index 245d2730..05a899b0 100644
--- a/dozentenmodulserver/src/main/java/org/openslx/bwlp/sat/RuntimeConfig.java
+++ b/dozentenmodulserver/src/main/java/org/openslx/bwlp/sat/RuntimeConfig.java
@@ -18,7 +18,8 @@ public class RuntimeConfig {
 		protected SatelliteConfig update() {
 			SatelliteConfig satConfig, readConfig;
 			try {
-				readConfig = satConfig = DbConfiguration.getSatelliteConfig();
+				readConfig = DbConfiguration.getSatelliteConfig();
+				satConfig = readConfig.deepCopy();
 			} catch (SQLException e) {
 				readConfig = satConfig = null;
 			}
@@ -41,9 +42,14 @@ public class RuntimeConfig {
 			} else if (satConfig.maxLectureValidityDays < 7) {
 				satConfig.setMaxLectureValidityDays(7);
 			}
+			if (satConfig.maxTransfers == 0) {
+				satConfig.setMaxTransfers(Constants.MAX_UPLOADS_PER_USER);
+			}
+			if (!satConfig.isSetAllowLoginByDefault()) {
+				satConfig.setAllowLoginByDefault(true);
+			}
 			satConfig.setPageSize(Paginator.PER_PAGE);
 			satConfig.setMaxConnectionsPerTransfer(Constants.MAX_CONNECTIONS_PER_TRANSFER);
-			satConfig.setMaxTransfers(Constants.MAX_UPLOADS_PER_USER);
 			satConfig.setMaxLocationsPerLecture(4);
 			if (!satConfig.equals(readConfig)) {
 				try {
@@ -81,4 +87,8 @@ public class RuntimeConfig {
 		return 8 * 86400;
 	}
 
+	public static boolean allowLoginByDefault() {
+		return cache.get().allowLoginByDefault;
+	}
+	
 }
diff --git a/dozentenmodulserver/src/main/java/org/openslx/bwlp/sat/database/mappers/DbUser.java b/dozentenmodulserver/src/main/java/org/openslx/bwlp/sat/database/mappers/DbUser.java
index e864c727..7e2651cb 100644
--- a/dozentenmodulserver/src/main/java/org/openslx/bwlp/sat/database/mappers/DbUser.java
+++ b/dozentenmodulserver/src/main/java/org/openslx/bwlp/sat/database/mappers/DbUser.java
@@ -8,6 +8,7 @@ import java.util.Map;
 import java.util.concurrent.TimeUnit;
 
 import org.apache.log4j.Logger;
+import org.openslx.bwlp.sat.RuntimeConfig;
 import org.openslx.bwlp.sat.database.Database;
 import org.openslx.bwlp.sat.database.MysqlConnection;
 import org.openslx.bwlp.sat.database.MysqlStatement;
@@ -158,7 +159,7 @@ public class DbUser {
 					insUpStmt = connection.prepareStatement("INSERT INTO user"
 							+ " (userid, firstname, lastname, email, organizationid, lastlogin, canlogin, issuperuser)"
 							+ " VALUES"
-							+ " (:userid, :firstname, :lastname, :email, :organizationid, UNIX_TIMESTAMP(), 1, 0)"
+							+ " (:userid, :firstname, :lastname, :email, :organizationid, UNIX_TIMESTAMP(), :canlogin, 0)"
 							+ " ON DUPLICATE KEY UPDATE lastlogin = UNIX_TIMESTAMP(), email = VALUES(email),"
 							+ " firstname = VALUES(firstname), lastname = VALUES(lastname), organizationid = VALUES(organizationid)");
 				} else {
@@ -174,6 +175,7 @@ public class DbUser {
 				insUpStmt.setString("lastname", ui.lastName);
 				insUpStmt.setString("email", ui.eMail);
 				insUpStmt.setString("organizationid", ui.organizationId);
+				insUpStmt.setBoolean("canlogin", RuntimeConfig.allowLoginByDefault());
 				insUpStmt.executeUpdate();
 				recheckLegacy = false;
 			}
diff --git a/dozentenmodulserver/src/main/java/org/openslx/bwlp/sat/thrift/SessionManager.java b/dozentenmodulserver/src/main/java/org/openslx/bwlp/sat/thrift/SessionManager.java
index 02412f08..45cb1879 100644
--- a/dozentenmodulserver/src/main/java/org/openslx/bwlp/sat/thrift/SessionManager.java
+++ b/dozentenmodulserver/src/main/java/org/openslx/bwlp/sat/thrift/SessionManager.java
@@ -162,33 +162,7 @@ public class SessionManager {
 		}
 		// Valid reply, check if user is allowed to communicate with this satellite server
 		AuthorizationError authError = User.canLogin(ui);
-		if (authError != null) {
-			LOGGER.info("User " + ui.userId + " cannot login: " + authError.toString());
-			switch (authError) {
-			case ACCOUNT_SUSPENDED:
-				throw new TAuthorizationException(authError,
-						"Your account is not allowed to log in to this satellite");
-			case BANNED_NETWORK:
-				throw new TAuthorizationException(authError, "Your IP address is banned from this satellite");
-			case INVALID_CREDENTIALS:
-			case INVALID_KEY:
-			case CHALLENGE_FAILED:
-				throw new TAuthorizationException(authError, "Authentication error");
-			case INVALID_ORGANIZATION:
-				throw new TAuthorizationException(authError,
-						"Your organization is not known to this satellite");
-			case ORGANIZATION_SUSPENDED:
-				throw new TAuthorizationException(authError,
-						"Your organization is not allowed to log in to this satellite");
-			case NOT_AUTHENTICATED:
-			case NO_PERMISSION:
-				throw new TAuthorizationException(authError, "No permission");
-			case GENERIC_ERROR:
-			case INVALID_TOKEN:
-			default:
-				throw new TAuthorizationException(authError, "Internal server error");
-			}
-		}
+		handleAuthorizationError(ui, authError);
 		// Is valid, insert/update db record, but ignore students
 		if (ui.role != Role.STUDENT) {
 			try {
@@ -197,9 +171,43 @@ public class SessionManager {
 				LOGGER.info("User " + ui.userId + " cannot be written to DB - rejecting.");
 				throw new TInvocationException();
 			}
+			// Check again, as it might be a fresh entry to the DB, and we don't allow logins by default
+			authError = User.canLogin(ui);
+			handleAuthorizationError(ui, authError);
 		}
 		tokenManager.put(token, new Entry(ui));
 		return ui;
 	}
+	
+	private static void handleAuthorizationError(UserInfo ui, AuthorizationError authError) throws TAuthorizationException {
+		if (authError == null)
+			return;
+		
+		LOGGER.info("User " + ui.userId + " cannot login: " + authError.toString());
+		switch (authError) {
+		case ACCOUNT_SUSPENDED:
+			throw new TAuthorizationException(authError,
+					"Your account is not allowed to log in to this satellite");
+		case BANNED_NETWORK:
+			throw new TAuthorizationException(authError, "Your IP address is banned from this satellite");
+		case INVALID_CREDENTIALS:
+		case INVALID_KEY:
+		case CHALLENGE_FAILED:
+			throw new TAuthorizationException(authError, "Authentication error");
+		case INVALID_ORGANIZATION:
+			throw new TAuthorizationException(authError,
+					"Your organization is not known to this satellite");
+		case ORGANIZATION_SUSPENDED:
+			throw new TAuthorizationException(authError,
+					"Your organization is not allowed to log in to this satellite");
+		case NOT_AUTHENTICATED:
+		case NO_PERMISSION:
+			throw new TAuthorizationException(authError, "No permission");
+		case GENERIC_ERROR:
+		case INVALID_TOKEN:
+		default:
+			throw new TAuthorizationException(authError, "Internal server error");
+		}
+	}
 
 }