diff options
author | Simon Rettberg | 2017-02-10 13:32:49 +0100 |
---|---|---|
committer | Simon Rettberg | 2017-02-10 13:32:49 +0100 |
commit | 6a3934c171f03e65a39d339434121949c8004247 (patch) | |
tree | eaedc21f8bd7fbbe3795adc9d93e3af7778b5d47 /dozentenmodulserver/src/main/java/org/openslx/bwlp/sat/thrift/SessionManager.java | |
parent | [server] Fix wrong mail template parameter names (currently unused code path ... (diff) | |
download | tutor-module-6a3934c171f03e65a39d339434121949c8004247.tar.gz tutor-module-6a3934c171f03e65a39d339434121949c8004247.tar.xz tutor-module-6a3934c171f03e65a39d339434121949c8004247.zip |
[server] Support rejecting users by defaulf if they don't have a DB entry yet
Diffstat (limited to 'dozentenmodulserver/src/main/java/org/openslx/bwlp/sat/thrift/SessionManager.java')
-rw-r--r-- | dozentenmodulserver/src/main/java/org/openslx/bwlp/sat/thrift/SessionManager.java | 62 |
1 files changed, 35 insertions, 27 deletions
diff --git a/dozentenmodulserver/src/main/java/org/openslx/bwlp/sat/thrift/SessionManager.java b/dozentenmodulserver/src/main/java/org/openslx/bwlp/sat/thrift/SessionManager.java index 02412f08..45cb1879 100644 --- a/dozentenmodulserver/src/main/java/org/openslx/bwlp/sat/thrift/SessionManager.java +++ b/dozentenmodulserver/src/main/java/org/openslx/bwlp/sat/thrift/SessionManager.java @@ -162,33 +162,7 @@ public class SessionManager { } // Valid reply, check if user is allowed to communicate with this satellite server AuthorizationError authError = User.canLogin(ui); - if (authError != null) { - LOGGER.info("User " + ui.userId + " cannot login: " + authError.toString()); - switch (authError) { - case ACCOUNT_SUSPENDED: - throw new TAuthorizationException(authError, - "Your account is not allowed to log in to this satellite"); - case BANNED_NETWORK: - throw new TAuthorizationException(authError, "Your IP address is banned from this satellite"); - case INVALID_CREDENTIALS: - case INVALID_KEY: - case CHALLENGE_FAILED: - throw new TAuthorizationException(authError, "Authentication error"); - case INVALID_ORGANIZATION: - throw new TAuthorizationException(authError, - "Your organization is not known to this satellite"); - case ORGANIZATION_SUSPENDED: - throw new TAuthorizationException(authError, - "Your organization is not allowed to log in to this satellite"); - case NOT_AUTHENTICATED: - case NO_PERMISSION: - throw new TAuthorizationException(authError, "No permission"); - case GENERIC_ERROR: - case INVALID_TOKEN: - default: - throw new TAuthorizationException(authError, "Internal server error"); - } - } + handleAuthorizationError(ui, authError); // Is valid, insert/update db record, but ignore students if (ui.role != Role.STUDENT) { try { @@ -197,9 +171,43 @@ public class SessionManager { LOGGER.info("User " + ui.userId + " cannot be written to DB - rejecting."); throw new TInvocationException(); } + // Check again, as it might be a fresh entry to the DB, and we don't allow logins by default + authError = User.canLogin(ui); + handleAuthorizationError(ui, authError); } tokenManager.put(token, new Entry(ui)); return ui; } + + private static void handleAuthorizationError(UserInfo ui, AuthorizationError authError) throws TAuthorizationException { + if (authError == null) + return; + + LOGGER.info("User " + ui.userId + " cannot login: " + authError.toString()); + switch (authError) { + case ACCOUNT_SUSPENDED: + throw new TAuthorizationException(authError, + "Your account is not allowed to log in to this satellite"); + case BANNED_NETWORK: + throw new TAuthorizationException(authError, "Your IP address is banned from this satellite"); + case INVALID_CREDENTIALS: + case INVALID_KEY: + case CHALLENGE_FAILED: + throw new TAuthorizationException(authError, "Authentication error"); + case INVALID_ORGANIZATION: + throw new TAuthorizationException(authError, + "Your organization is not known to this satellite"); + case ORGANIZATION_SUSPENDED: + throw new TAuthorizationException(authError, + "Your organization is not allowed to log in to this satellite"); + case NOT_AUTHENTICATED: + case NO_PERMISSION: + throw new TAuthorizationException(authError, "No permission"); + case GENERIC_ERROR: + case INVALID_TOKEN: + default: + throw new TAuthorizationException(authError, "Internal server error"); + } + } } |