Story 1869. Added code to ensure that the email address for a user to be added is not being used. (96dc25dd) · Commits · OATS-CADC / ac

cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapUserDAO.java

+47 −37

Original line number	Diff line number	Diff line
		@@ -271,35 +271,65 @@ public class LdapUserDAO<T extends Principal> extends LdapDAO
		addUser(userRequest, config.getUsersDN());
		}

		/**
		*Add the specified user to the pending user tree.
		*
		* @param userRequest The user to add.
		* @throws TransientException If an temporary, unexpected problem occurred.
		* @throws UserAlreadyExistsException If the user already exists.
		*/
		public void addPendingUser(final UserRequest<T> userRequest)
		private String getEmailAddress(final UserRequest<T> userRequest)
		{
		Set<PersonalDetails> personalDetails = userRequest.getUser().getDetails(PersonalDetails.class);
		if (personalDetails.isEmpty())
		{
		String error = userRequest.getUser().getUserID().getName() + " missing required PersonalDetails";
		throw new IllegalArgumentException(error);
		}

		PersonalDetails pd = personalDetails.iterator().next();
		if (!StringUtil.hasText(pd.email))
		{
		String error = userRequest.getUser().getUserID().getName() + " missing required email address";
		throw new IllegalArgumentException(error);
		}

		return pd.email;
		}

		private void checkUsers(final UserRequest<T> userRequest,
		final String usersDN)
		throws TransientException, UserAlreadyExistsException
		{
		// check current users
		try
		{
		getUser(userRequest.getUser().getUserID(), config.getUsersDN(), false);
		final String error = userRequest.getUser().getUserID().getName() +
		" found in " + config.getUsersDN();
		getUser(userRequest.getUser().getUserID(), usersDN);
		final String error = "user " + userRequest.getUser().getUserID().getName() +
		" found in " + usersDN;
		throw new UserAlreadyExistsException(error);
		}
		catch (UserNotFoundException ok) { }

		// check pending users
		try
		{
		getUser(userRequest.getUser().getUserID(), config.getUserRequestsDN(), false);
		final String error = userRequest.getUser().getUserID().getName() +
		" found in " + config.getUserRequestsDN();
		String emailAddress = getEmailAddress(userRequest);
		getUserByEmailAddress(emailAddress, usersDN);
		final String error = "email address " + emailAddress +
		" found in " + usersDN;
		throw new UserAlreadyExistsException(error);
		}
		catch (UserNotFoundException ok) { }
		}

		/**
		*Add the specified user to the pending user tree.
		*
		* @param userRequest The user to add.
		* @throws TransientException If an temporary, unexpected problem occurred.
		* @throws UserAlreadyExistsException If the user already exists.
		*/
		public void addPendingUser(final UserRequest<T> userRequest)
		throws TransientException, UserAlreadyExistsException
		{
		// check current users
		checkUsers(userRequest, config.getUsersDN());

		// check pending users
		checkUsers(userRequest, config.getUserRequestsDN());

		addUser(userRequest, config.getUserRequestsDN());
		}
		@@ -396,7 +426,7 @@ public class LdapUserDAO<T extends Principal> extends LdapDAO
		throws UserNotFoundException, TransientException,
		AccessControlException
		{
		return getUserByEmailAddress(emailAddress, config.getUsersDN(), true);
		return getUserByEmailAddress(emailAddress, config.getUsersDN());
		}

		/**
		@@ -430,25 +460,6 @@ public class LdapUserDAO<T extends Principal> extends LdapDAO
		throws UserNotFoundException, TransientException,
		AccessControlException
		{

		return getUser(userID, usersDN, true);
		}

		/**
		* Get the user specified by userID.
		*
		* @param userID The userID.
		* @param usersDN The LDAP tree to search.
		* @param proxy Whether to proxy the search as the calling Subject.
		* @return User instance.
		* @throws UserNotFoundException when the user is not found.
		* @throws TransientException If an temporary, unexpected problem occurred.
		* @throws AccessControlException If the operation is not permitted.
		*/
		private User<T> getUser(final T userID, final String usersDN, final boolean proxy)
		throws UserNotFoundException, TransientException,
		AccessControlException
		{
		String searchField = userLdapAttrib.get(userID.getClass());
		if (searchField == null)
		{
		@@ -543,14 +554,13 @@ public class LdapUserDAO<T extends Principal> extends LdapDAO
		*
		* @param emailAddress The user's email address.
		* @param usersDN The LDAP tree to search.
		* @param proxy Whether to proxy the search as the calling Subject.
		* @return User ID
		* @throws UserNotFoundException when the user is not found.
		* @throws TransientException If an temporary, unexpected problem occurred.
		* @throws AccessControlException If the operation is not permitted.
		*/
		private User<Principal> getUserByEmailAddress(final String emailAddress,
		final String usersDN, final boolean proxy)
		final String usersDN)
		throws UserNotFoundException, TransientException,
		AccessControlException
		{

cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/web/users/AbstractUserAction.java

+1 −3

Original line number	Diff line number	Diff line
		@@ -77,7 +77,6 @@ import ca.nrc.cadc.ac.json.JsonUserListWriter;
		import ca.nrc.cadc.ac.json.JsonUserReader;
		import ca.nrc.cadc.ac.json.JsonUserRequestReader;
		import ca.nrc.cadc.ac.json.JsonUserWriter;
		import ca.nrc.cadc.ac.server.PluginFactory;
		import ca.nrc.cadc.ac.server.UserPersistence;
		import ca.nrc.cadc.ac.server.web.SyncOutput;
		import ca.nrc.cadc.ac.xml.UserListWriter;
		@@ -89,7 +88,6 @@ import ca.nrc.cadc.profiler.Profiler;

		import org.apache.log4j.Logger;

		import com.unboundid.ldap.sdk.LDAPException;

		import java.io.IOException;
		import java.io.InputStream;
		@@ -183,7 +181,7 @@ public abstract class AbstractUserAction<T extends Principal> implements Privile
		catch (UserAlreadyExistsException e)
		{
		log.debug(e.getMessage(), e);
		String message = "User not found: " + e.getMessage();
		String message = e.getMessage();
		this.logInfo.setMessage(message);
		sendError(409, message);
		}

cadcAccessControl-Server/test/src/ca/nrc/cadc/ac/server/ldap/LdapUserDAOTest.java

+9 −3

Original line number	Diff line number	Diff line
		@@ -247,7 +247,9 @@ public class LdapUserDAOTest extends AbstractLdapDAOTest
		expected.getIdentities().add(x500Principal);
		expected.getIdentities().add(numericPrincipal);

		expected.details.add(new PersonalDetails("foo", "bar"));
		PersonalDetails pd = new PersonalDetails("foo", "bar");
		pd.email = username + "@canada.ca";
		expected.details.add(pd);

		final UserRequest<Principal> userRequest =
		new UserRequest<Principal>(expected, "123456".toCharArray());
		@@ -486,7 +488,9 @@ public class LdapUserDAOTest extends AbstractLdapDAOTest
		expected.getIdentities().add(x500Principal);
		expected.getIdentities().add(numericPrincipal);

		expected.details.add(new PersonalDetails("foo", "bar"));
		PersonalDetails pd = new PersonalDetails("foo", "bar");
		pd.email = username + "@canada.ca";
		expected.details.add(pd);

		final UserRequest<Principal> userRequest =
		new UserRequest<Principal>(expected, "123456".toCharArray());
		@@ -677,7 +681,9 @@ public class LdapUserDAOTest extends AbstractLdapDAOTest
		final User<HttpPrincipal> expected = new User<HttpPrincipal>(httpPrincipal);
		expected.getIdentities().add(httpPrincipal);
		expected.getIdentities().add(x500Principal);
		expected.details.add(new PersonalDetails("foo", "bar"));
		PersonalDetails pd = new PersonalDetails("foo", "bar");
		pd.email = userID + "@canada.ca";
		expected.details.add(pd);

		final UserRequest<HttpPrincipal> userRequest =
		new UserRequest<HttpPrincipal>(expected, "123456".toCharArray());