diff options
author | Simon Rettberg | 2017-02-10 13:32:49 +0100 |
---|---|---|
committer | Simon Rettberg | 2017-02-10 13:32:49 +0100 |
commit | 6a3934c171f03e65a39d339434121949c8004247 (patch) | |
tree | eaedc21f8bd7fbbe3795adc9d93e3af7778b5d47 | |
parent | [server] Fix wrong mail template parameter names (currently unused code path ... (diff) | |
download | tutor-module-6a3934c171f03e65a39d339434121949c8004247.tar.gz tutor-module-6a3934c171f03e65a39d339434121949c8004247.tar.xz tutor-module-6a3934c171f03e65a39d339434121949c8004247.zip |
[server] Support rejecting users by defaulf if they don't have a DB entry yet
3 files changed, 50 insertions, 30 deletions
diff --git a/dozentenmodulserver/src/main/java/org/openslx/bwlp/sat/RuntimeConfig.java b/dozentenmodulserver/src/main/java/org/openslx/bwlp/sat/RuntimeConfig.java index 245d2730..05a899b0 100644 --- a/dozentenmodulserver/src/main/java/org/openslx/bwlp/sat/RuntimeConfig.java +++ b/dozentenmodulserver/src/main/java/org/openslx/bwlp/sat/RuntimeConfig.java @@ -18,7 +18,8 @@ public class RuntimeConfig { protected SatelliteConfig update() { SatelliteConfig satConfig, readConfig; try { - readConfig = satConfig = DbConfiguration.getSatelliteConfig(); + readConfig = DbConfiguration.getSatelliteConfig(); + satConfig = readConfig.deepCopy(); } catch (SQLException e) { readConfig = satConfig = null; } @@ -41,9 +42,14 @@ public class RuntimeConfig { } else if (satConfig.maxLectureValidityDays < 7) { satConfig.setMaxLectureValidityDays(7); } + if (satConfig.maxTransfers == 0) { + satConfig.setMaxTransfers(Constants.MAX_UPLOADS_PER_USER); + } + if (!satConfig.isSetAllowLoginByDefault()) { + satConfig.setAllowLoginByDefault(true); + } satConfig.setPageSize(Paginator.PER_PAGE); satConfig.setMaxConnectionsPerTransfer(Constants.MAX_CONNECTIONS_PER_TRANSFER); - satConfig.setMaxTransfers(Constants.MAX_UPLOADS_PER_USER); satConfig.setMaxLocationsPerLecture(4); if (!satConfig.equals(readConfig)) { try { @@ -81,4 +87,8 @@ public class RuntimeConfig { return 8 * 86400; } + public static boolean allowLoginByDefault() { + return cache.get().allowLoginByDefault; + } + } diff --git a/dozentenmodulserver/src/main/java/org/openslx/bwlp/sat/database/mappers/DbUser.java b/dozentenmodulserver/src/main/java/org/openslx/bwlp/sat/database/mappers/DbUser.java index e864c727..7e2651cb 100644 --- a/dozentenmodulserver/src/main/java/org/openslx/bwlp/sat/database/mappers/DbUser.java +++ b/dozentenmodulserver/src/main/java/org/openslx/bwlp/sat/database/mappers/DbUser.java @@ -8,6 +8,7 @@ import java.util.Map; import java.util.concurrent.TimeUnit; import org.apache.log4j.Logger; +import org.openslx.bwlp.sat.RuntimeConfig; import org.openslx.bwlp.sat.database.Database; import org.openslx.bwlp.sat.database.MysqlConnection; import org.openslx.bwlp.sat.database.MysqlStatement; @@ -158,7 +159,7 @@ public class DbUser { insUpStmt = connection.prepareStatement("INSERT INTO user" + " (userid, firstname, lastname, email, organizationid, lastlogin, canlogin, issuperuser)" + " VALUES" - + " (:userid, :firstname, :lastname, :email, :organizationid, UNIX_TIMESTAMP(), 1, 0)" + + " (:userid, :firstname, :lastname, :email, :organizationid, UNIX_TIMESTAMP(), :canlogin, 0)" + " ON DUPLICATE KEY UPDATE lastlogin = UNIX_TIMESTAMP(), email = VALUES(email)," + " firstname = VALUES(firstname), lastname = VALUES(lastname), organizationid = VALUES(organizationid)"); } else { @@ -174,6 +175,7 @@ public class DbUser { insUpStmt.setString("lastname", ui.lastName); insUpStmt.setString("email", ui.eMail); insUpStmt.setString("organizationid", ui.organizationId); + insUpStmt.setBoolean("canlogin", RuntimeConfig.allowLoginByDefault()); insUpStmt.executeUpdate(); recheckLegacy = false; } diff --git a/dozentenmodulserver/src/main/java/org/openslx/bwlp/sat/thrift/SessionManager.java b/dozentenmodulserver/src/main/java/org/openslx/bwlp/sat/thrift/SessionManager.java index 02412f08..45cb1879 100644 --- a/dozentenmodulserver/src/main/java/org/openslx/bwlp/sat/thrift/SessionManager.java +++ b/dozentenmodulserver/src/main/java/org/openslx/bwlp/sat/thrift/SessionManager.java @@ -162,33 +162,7 @@ public class SessionManager { } // Valid reply, check if user is allowed to communicate with this satellite server AuthorizationError authError = User.canLogin(ui); - if (authError != null) { - LOGGER.info("User " + ui.userId + " cannot login: " + authError.toString()); - switch (authError) { - case ACCOUNT_SUSPENDED: - throw new TAuthorizationException(authError, - "Your account is not allowed to log in to this satellite"); - case BANNED_NETWORK: - throw new TAuthorizationException(authError, "Your IP address is banned from this satellite"); - case INVALID_CREDENTIALS: - case INVALID_KEY: - case CHALLENGE_FAILED: - throw new TAuthorizationException(authError, "Authentication error"); - case INVALID_ORGANIZATION: - throw new TAuthorizationException(authError, - "Your organization is not known to this satellite"); - case ORGANIZATION_SUSPENDED: - throw new TAuthorizationException(authError, - "Your organization is not allowed to log in to this satellite"); - case NOT_AUTHENTICATED: - case NO_PERMISSION: - throw new TAuthorizationException(authError, "No permission"); - case GENERIC_ERROR: - case INVALID_TOKEN: - default: - throw new TAuthorizationException(authError, "Internal server error"); - } - } + handleAuthorizationError(ui, authError); // Is valid, insert/update db record, but ignore students if (ui.role != Role.STUDENT) { try { @@ -197,9 +171,43 @@ public class SessionManager { LOGGER.info("User " + ui.userId + " cannot be written to DB - rejecting."); throw new TInvocationException(); } + // Check again, as it might be a fresh entry to the DB, and we don't allow logins by default + authError = User.canLogin(ui); + handleAuthorizationError(ui, authError); } tokenManager.put(token, new Entry(ui)); return ui; } + + private static void handleAuthorizationError(UserInfo ui, AuthorizationError authError) throws TAuthorizationException { + if (authError == null) + return; + + LOGGER.info("User " + ui.userId + " cannot login: " + authError.toString()); + switch (authError) { + case ACCOUNT_SUSPENDED: + throw new TAuthorizationException(authError, + "Your account is not allowed to log in to this satellite"); + case BANNED_NETWORK: + throw new TAuthorizationException(authError, "Your IP address is banned from this satellite"); + case INVALID_CREDENTIALS: + case INVALID_KEY: + case CHALLENGE_FAILED: + throw new TAuthorizationException(authError, "Authentication error"); + case INVALID_ORGANIZATION: + throw new TAuthorizationException(authError, + "Your organization is not known to this satellite"); + case ORGANIZATION_SUSPENDED: + throw new TAuthorizationException(authError, + "Your organization is not allowed to log in to this satellite"); + case NOT_AUTHENTICATED: + case NO_PERMISSION: + throw new TAuthorizationException(authError, "No permission"); + case GENERIC_ERROR: + case INVALID_TOKEN: + default: + throw new TAuthorizationException(authError, "Internal server error"); + } + } } |