Commit dc1448e4 authored by michael.simon's avatar michael.simon
Browse files

add typical oidc attributes

parent 59070c2c
......@@ -48,6 +48,7 @@ import edu.kit.scc.webreg.dao.SamlIdpMetadataDao;
import edu.kit.scc.webreg.dao.SamlSpConfigurationDao;
import edu.kit.scc.webreg.dao.SamlUserDao;
import edu.kit.scc.webreg.dao.ServiceDao;
import edu.kit.scc.webreg.dao.UserDao;
import edu.kit.scc.webreg.dao.UserLoginInfoDao;
import edu.kit.scc.webreg.drools.OverrideAccess;
import edu.kit.scc.webreg.drools.UnauthorizedUser;
......@@ -110,6 +111,9 @@ public class UserLoginServiceImpl implements UserLoginService, Serializable {
@Inject
private SamlUserDao samlUserDao;
@Inject
private UserDao userDao;
@Inject
private UserUpdater userUpdater;
......@@ -272,6 +276,10 @@ public class UserLoginServiceImpl implements UserLoginService, Serializable {
if (match) {
createLoginInfo(user, registry, UserLoginMethod.LOCAL, UserLoginInfoStatus.SUCCESS);
/*
* Update user via AttributeQuery.
* TODO: Add exceptions for service, if AQ is not necessary
*/
updateUser(user, service, "login-with-service-password");
List<Object> objectList = checkRules(user, service, registry);
......
......@@ -102,7 +102,7 @@ public class OidcUserCreateServiceImpl implements OidcUserCreateService {
UserInfo userInfo = tokenHelper.userInfoFromMap(attributeMap);
if (userInfo == null) {
userInfo = (UserInfo) attributeMap.get("userInfo").get(0);
throw new UserUpdateException("User info is missing in session");
}
logger.debug("User {} from {} is being preCreated", claims.getSubject().getValue(), rpConfig.getName());
......
......@@ -312,23 +312,21 @@ public class OidcUserUpdater implements Serializable {
}
if (completeOverrideHook == null) {
changed |= compareAndChangeProperty(user, "email", attributeMap.get("urn:oid:0.9.2342.19200300.100.1.3"), auditor);
changed |= compareAndChangeProperty(user, "eppn", attributeMap.get("urn:oid:1.3.6.1.4.1.5923.1.1.1.6"), auditor);
changed |= compareAndChangeProperty(user, "givenName", attributeMap.get("urn:oid:2.5.4.42"), auditor);
changed |= compareAndChangeProperty(user, "surName", attributeMap.get("urn:oid:2.5.4.4"), auditor);
IDTokenClaimsSet claims = oidcTokenHelper.claimsFromMap(attributeMap);
if (claims == null) {
throw new UserUpdateException("ID claims are missing in session");
}
List<String> emailList = attrHelper.attributeListToStringList(attributeMap, "urn:oid:0.9.2342.19200300.100.1.3");
if (emailList != null && emailList.size() > 1) {
if (user.getEmailAddresses() == null) {
user.setEmailAddresses(new HashSet<String>());
}
for (int i=1; i<emailList.size(); i++) {
user.getEmailAddresses().add(emailList.get(i));
}
UserInfo userInfo = oidcTokenHelper.userInfoFromMap(attributeMap);
if (userInfo == null) {
throw new UserUpdateException("User info is missing in session");
}
changed |= compareAndChangeProperty(user, "email", userInfo.getEmailAddress(), auditor);
changed |= compareAndChangeProperty(user, "eppn", userInfo.getStringClaim("eduPersonPrincipalName"), auditor);
changed |= compareAndChangeProperty(user, "givenName", userInfo.getGivenName(), auditor);
changed |= compareAndChangeProperty(user, "surName", userInfo.getFamilyName(), auditor);
if ((! withoutUidNumber) && (user.getUidNumber() == null)) {
user.setUidNumber(serialService.next("uid-number-serial").intValue());
logger.info("Setting UID Number {} for user {}", user.getUidNumber(), user.getEppn());
......@@ -348,13 +346,10 @@ public class OidcUserUpdater implements Serializable {
}
private boolean compareAndChangeProperty(UserEntity user, String property, List<Object> objectValue, Auditor auditor) {
private boolean compareAndChangeProperty(UserEntity user, String property, String value, Auditor auditor) {
String s = null;
String action = null;
// In case of a List (multiple SAML Values), take the first value
String value = attrHelper.getSingleStringFirst(objectValue);
try {
Object actualValue = PropertyUtils.getProperty(user, property);
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment