[server] Support rejecting users by defaulf if they don't have a DB entry yet

1 files changed, 35 insertions, 27 deletions

diff --git a/dozentenmodulserver/src/main/java/org/openslx/bwlp/sat/thrift/SessionManager.java b/dozentenmodulserver/src/main/java/org/openslx/bwlp/sat/thrift/SessionManager.java
index 02412f08..45cb1879 100644
--- a/dozentenmodulserver/src/main/java/org/openslx/bwlp/sat/thrift/SessionManager.java
+++ b/dozentenmodulserver/src/main/java/org/openslx/bwlp/sat/thrift/SessionManager.java
@@ -162,33 +162,7 @@ public class SessionManager {
 		}
 		// Valid reply, check if user is allowed to communicate with this satellite server
 		AuthorizationError authError = User.canLogin(ui);
-		if (authError != null) {
-			LOGGER.info("User " + ui.userId + " cannot login: " + authError.toString());
-			switch (authError) {
-			case ACCOUNT_SUSPENDED:
-				throw new TAuthorizationException(authError,
-						"Your account is not allowed to log in to this satellite");
-			case BANNED_NETWORK:
-				throw new TAuthorizationException(authError, "Your IP address is banned from this satellite");
-			case INVALID_CREDENTIALS:
-			case INVALID_KEY:
-			case CHALLENGE_FAILED:
-				throw new TAuthorizationException(authError, "Authentication error");
-			case INVALID_ORGANIZATION:
-				throw new TAuthorizationException(authError,
-						"Your organization is not known to this satellite");
-			case ORGANIZATION_SUSPENDED:
-				throw new TAuthorizationException(authError,
-						"Your organization is not allowed to log in to this satellite");
-			case NOT_AUTHENTICATED:
-			case NO_PERMISSION:
-				throw new TAuthorizationException(authError, "No permission");
-			case GENERIC_ERROR:
-			case INVALID_TOKEN:
-			default:
-				throw new TAuthorizationException(authError, "Internal server error");
-			}
-		}
+		handleAuthorizationError(ui, authError);
 		// Is valid, insert/update db record, but ignore students
 		if (ui.role != Role.STUDENT) {
 			try {
@@ -197,9 +171,43 @@ public class SessionManager {
 				LOGGER.info("User " + ui.userId + " cannot be written to DB - rejecting.");
 				throw new TInvocationException();
 			}
+			// Check again, as it might be a fresh entry to the DB, and we don't allow logins by default
+			authError = User.canLogin(ui);
+			handleAuthorizationError(ui, authError);
 		}
 		tokenManager.put(token, new Entry(ui));
 		return ui;
 	}
+	
+	private static void handleAuthorizationError(UserInfo ui, AuthorizationError authError) throws TAuthorizationException {
+		if (authError == null)
+			return;
+		
+		LOGGER.info("User " + ui.userId + " cannot login: " + authError.toString());
+		switch (authError) {
+		case ACCOUNT_SUSPENDED:
+			throw new TAuthorizationException(authError,
+					"Your account is not allowed to log in to this satellite");
+		case BANNED_NETWORK:
+			throw new TAuthorizationException(authError, "Your IP address is banned from this satellite");
+		case INVALID_CREDENTIALS:
+		case INVALID_KEY:
+		case CHALLENGE_FAILED:
+			throw new TAuthorizationException(authError, "Authentication error");
+		case INVALID_ORGANIZATION:
+			throw new TAuthorizationException(authError,
+					"Your organization is not known to this satellite");
+		case ORGANIZATION_SUSPENDED:
+			throw new TAuthorizationException(authError,
+					"Your organization is not allowed to log in to this satellite");
+		case NOT_AUTHENTICATED:
+		case NO_PERMISSION:
+			throw new TAuthorizationException(authError, "No permission");
+		case GENERIC_ERROR:
+		case INVALID_TOKEN:
+		default:
+			throw new TAuthorizationException(authError, "Internal server error");
+		}
+	}
 
 }