package eu.dnetlib.users;import java.security.GeneralSecurityException;imp

1. package eu.dnetlib.users;
2.  
3. import java.security.GeneralSecurityException;
4. import java.security.MessageDigest;
5. import java.util.Random;
6. import java.util.UUID;
7.  
8. import org.apache.log4j.Logger;
9.  
10. import com.unboundid.ldap.sdk.Attribute;
11. import com.unboundid.ldap.sdk.DN;
12. import com.unboundid.ldap.sdk.Entry;
13. import com.unboundid.ldap.sdk.Filter;
14. import com.unboundid.ldap.sdk.LDAPConnection;
15. import com.unboundid.ldap.sdk.Modification;
16. import com.unboundid.ldap.sdk.ModificationType;
17. import com.unboundid.ldap.sdk.SearchRequest;
18. import com.unboundid.ldap.sdk.SearchResult;
19. import com.unboundid.ldap.sdk.SearchResultEntry;
20. import com.unboundid.ldap.sdk.SearchScope;
21. import com.unboundid.util.Base64;
22.  
23. import eu.dnetlib.domain.functionality.UserProfile;
24.  
25. public class UserApiLdapImpl implements UserApi {
26.  
27. transient Logger logger = Logger.getLogger(UserApiLdapImpl.class);
28.  
29. private int ldapPort = 0;
30. private String ldapAddress;
31. private String ldapUsername;
32. private String ldapPassword;
33. private String ldapUsersDN;
34.  
35. @Override
36. public boolean activateUser(String activationId) throws Exception {
37. LDAPConnection connection = null;
38. try {
39. logger.debug("activating user with activationId " + activationId);
40. connection = new LDAPConnection(ldapAddress, ldapPort, ldapUsername, ldapPassword);
41. Filter filter = Filter.createEqualityFilter("employeeNumber", activationId);
42. SearchRequest searchRequest = new SearchRequest(ldapUsersDN, SearchScope.SUB, filter, "uid");
43. SearchResult searchResult = connection.search(searchRequest);
44. String dn = null;
45.  
46. if ( searchResult.getSearchEntries().size() > 0 ) {
47.  
48. for (SearchResultEntry entry : searchResult.getSearchEntries()) {
49. dn = "uid=" + entry.getAttributeValue("uid") + "," + ldapUsersDN;
50. }
51.  
52. Modification mod1 = new Modification(ModificationType.REPLACE, "JoomlaBlockUser", "0");
53. Modification mod2 = new Modification(ModificationType.REPLACE, "employeeNumber");
54. connection.modify(dn, mod1, mod2);
55. return true;
56. } else {
57. return false;
58. }
59. } catch (Exception e) {
60. logger.error("", e);
61. throw e;
62. } finally {
63. if (connection != null)
64. connection.close();
65. }
66. }
67.  
68. @Override
69. public String addUser(String username, String email, String password, String firstName, String lastName, String institution) throws Exception {
70. logger.debug("adding user " + username + " " + email + " to ldap");
71. Attribute cn = new Attribute("cn", username);
72. Attribute displayName = new Attribute("displayName", firstName + " " + lastName);
73. Attribute mail = new Attribute("mail", email);
74. Attribute givenName = new Attribute("givenName", firstName);
75. Attribute joomlaBlockUser = new Attribute("JoomlaBlockUser", "1");
76. Attribute joomlaGroup = new Attribute("JoomlaGroup", "Registered");
77. Attribute objectClass = new Attribute("objectClass", "top", "inetOrgPerson", "JoomlaUser");
78. Attribute userPassword = new Attribute("userPassword", Joomla15PasswordHash.create(password));
79. Attribute sn = new Attribute("sn", lastName);
80. Attribute uid = new Attribute("uid", username);
81.  
82.  
83. // Attribute joomlaUserParams = new Attribute("JoomlaUserParams", "");
84. String activationId = UUID.randomUUID().toString();
85. Attribute x500UniqueIdentifier = new Attribute("employeeNumber", activationId);
86. LDAPConnection connection = null;
87. try {
88. DN dn = new DN("uid=" + username + "," + ldapUsersDN);
89. Entry entry;
90. if ((institution != null) && (institution.length() > 0)) {
91. Attribute o = new Attribute("o", institution);
92. entry = new Entry(dn.toNormalizedString(), cn, displayName, mail, givenName, joomlaBlockUser, joomlaGroup, objectClass, userPassword, sn, uid, x500UniqueIdentifier, o);
93.  
94. } else {
95. entry = new Entry(dn.toNormalizedString(), cn, displayName, mail, givenName, joomlaBlockUser, joomlaGroup, objectClass, userPassword, sn, uid/*
96. * ,
97. * ,
98. * ,
99. * joomlaUserParams
100. */, x500UniqueIdentifier);
101. }
102. connection = new LDAPConnection(ldapAddress, ldapPort, ldapUsername, ldapPassword);
103. connection.add(entry);
104.  
105. return activationId;
106. } catch (Exception e) {
107. logger.error("", e);
108. throw e;
109. } finally {
110. if (connection != null)
111. connection.close();
112. }
113. }
114.  
115. @Override
116. public boolean correctCreds(String email, String password) throws Exception {
117. LDAPConnection connection = null;
118. try {
119. logger.debug("checking if user " + email + " entered a correct password when logging in");
120. connection = new LDAPConnection(ldapAddress, ldapPort, ldapUsername, ldapPassword);
121. Filter filter = Filter.createEqualityFilter("mail", email);
122. SearchRequest searchRequest = new SearchRequest(ldapUsersDN, SearchScope.SUB, filter, "userPassword");
123. SearchResult searchResult = connection.search(searchRequest);
124. for (SearchResultEntry entry : searchResult.getSearchEntries()) {
125. if (Joomla15PasswordHash.check(password, entry.getAttributeValue("userPassword")))
126. return true;
127. }
128. return false;
129. } catch (Exception e) {
130. logger.error("", e);
131. throw e;
132. } finally {
133. if (connection != null)
134. connection.close();
135. }
136. }
137.  
138. @Override
139. public void editUser(UserProfile user) throws Exception {
140. LDAPConnection connection = null;
141. try {
142. logger.debug("editing user " + user.getEmail());
143. connection = new LDAPConnection(ldapAddress, ldapPort, ldapUsername, ldapPassword);
144. Filter filter = Filter.createEqualityFilter("mail", user.getEmail());
145. SearchRequest searchRequest = new SearchRequest(ldapUsersDN, SearchScope.SUB, filter, "uid");
146. SearchResult searchResult = connection.search(searchRequest);
147. String dn = null;
148. for (SearchResultEntry entry : searchResult.getSearchEntries()) {
149. dn = "uid=" + entry.getAttributeValue("uid") + "," + ldapUsersDN;
150. }
151. Modification mod1 = new Modification(ModificationType.REPLACE, "displayName", user.getFirstname() + " " + user.getLastname());
152. Modification mod2 = new Modification(ModificationType.REPLACE, "givenName", user.getFirstname());
153. Modification mod3 = new Modification(ModificationType.REPLACE, "sn", user.getLastname());
154. Modification mod4 = new Modification(ModificationType.REPLACE, "o", user.getInstitution());
155. connection.modify(dn, mod1, mod2, mod3, mod4);
156. } catch (Exception e) {
157. logger.error("", e);
158. throw e;
159. } finally {
160. if (connection != null)
161. connection.close();
162. }
163. }
164.  
165. @Override
166. public UserProfile getUser(String userIdentifier) throws Exception {
167. LDAPConnection connection = null;
168. try {
169. logger.debug("getting user " + userIdentifier + " from ldap");
170. connection = new LDAPConnection(ldapAddress, ldapPort, ldapUsername, ldapPassword);
171. Filter filter = Filter.createEqualityFilter("mail", userIdentifier);
172. SearchRequest searchRequest = new SearchRequest(ldapUsersDN, SearchScope.SUB, filter, "mail", "givenName", "sn", "o", "uid");
173. SearchResult searchResult = connection.search(searchRequest);
174. UserProfile profile = new UserProfile();
175. for (SearchResultEntry entry : searchResult.getSearchEntries()) {
176. profile.setEmail(entry.getAttributeValue("mail"));
177. profile.setFirstname(entry.getAttributeValue("givenName"));
178. profile.setLastname(entry.getAttributeValue("sn"));
179. profile.setInstitution(entry.getAttributeValue("o"));
180. profile.setUsername(entry.getAttributeValue("uid"));
181. }
182. return profile;
183. } catch (Exception e) {
184. logger.error("", e);
185. throw e;
186. } finally {
187. if (connection != null)
188. connection.close();
189. }
190. }
191.  
192. @Override
193. public boolean isAdmin(String email) throws Exception {
194. LDAPConnection connection = null;
195. try {
196. logger.debug("checking if user " + email + " is an administrator");
197. connection = new LDAPConnection(ldapAddress, ldapPort, ldapUsername, ldapPassword);
198. Filter filter = Filter.createEqualityFilter("mail", email);
199. SearchRequest searchRequest = new SearchRequest(ldapUsersDN, SearchScope.SUB, filter, "JoomlaGroup");
200. SearchResult searchResult = connection.search(searchRequest);
201.  
202. for (SearchResultEntry entry : searchResult.getSearchEntries()) {
203. for (String role : entry.getAttributeValues("JoomlaGroup"))
204. if (role.equals("validatorAdmin"))
205. return true;
206. }
207. logger.debug(email + " is not administrator");
208. return false;
209. } catch (Exception e) {
210. logger.error("", e);
211. throw e;
212. } finally {
213. if (connection != null)
214. connection.close();
215. }
216. }
217.  
218. @Override
219. public boolean isUserActivated(String email) throws Exception {
220. LDAPConnection connection = null;
221. try {
222. logger.debug("checking if user " + email + " is activated");
223. connection = new LDAPConnection(ldapAddress, ldapPort, ldapUsername, ldapPassword);
224. Filter filter = Filter.createEqualityFilter("mail", email);
225. SearchRequest searchRequest = new SearchRequest(ldapUsersDN, SearchScope.SUB, filter, "JoomlaBlockUser");
226. SearchResult searchResult = connection.search(searchRequest);
227. for (SearchResultEntry entry : searchResult.getSearchEntries()) {
228. int val = entry.getAttributeValueAsInteger("JoomlaBlockUser");
229. if (val == 0)
230. return true;
231. else
232. return false;
233. }
234. } catch (Exception e) {
235. logger.error("", e);
236. throw e;
237. } finally {
238. if (connection != null)
239. connection.close();
240. }
241. return false;
242. }
243.  
244. @Override
245. public String prepareResetPassword(String email) throws Exception {
246. LDAPConnection connection = null;
247. try {
248. logger.debug("preparing reset password for user " + email);
249. connection = new LDAPConnection(ldapAddress, ldapPort, ldapUsername, ldapPassword);
250. Filter filter = Filter.createEqualityFilter("mail", email);
251. SearchRequest searchRequest = new SearchRequest(ldapUsersDN, SearchScope.SUB, filter, "uid");
252. SearchResult searchResult = connection.search(searchRequest);
253. String dn = null;
254. for (SearchResultEntry entry : searchResult.getSearchEntries()) {
255. dn = "uid=" + entry.getAttributeValue("uid") + "," + ldapUsersDN;
256. }
257. String uuid = UUID.randomUUID().toString();
258. Modification mod = new Modification(ModificationType.REPLACE, "employeeNumber", uuid);
259. connection.modify(dn, mod);
260. return uuid;
261. } catch (Exception e) {
262. logger.error("", e);
263. throw e;
264. } finally {
265. if (connection != null)
266. connection.close();
267. }
268. }
269.  
270. @Override
271. public void resetPassword(String uuid, String password) throws Exception {
272. LDAPConnection connection = null;
273. try {
274. connection = new LDAPConnection(ldapAddress, ldapPort, ldapUsername, ldapPassword);
275. Filter filter = Filter.createEqualityFilter("employeeNumber", uuid);
276. SearchRequest searchRequest = new SearchRequest(ldapUsersDN, SearchScope.SUB, filter, "uid");
277. SearchResult searchResult = connection.search(searchRequest);
278. String dn = null;
279. for (SearchResultEntry entry : searchResult.getSearchEntries()) {
280. dn = "uid=" + entry.getAttributeValue("uid") + "," + ldapUsersDN;
281. }
282. Modification mod1 = new Modification(ModificationType.REPLACE, "userPassword", Joomla15PasswordHash.create(password));
283. Modification mod2 = new Modification(ModificationType.REPLACE, "employeeNumber");
284. connection.modify(dn, mod1, mod2);
285. } catch (Exception e) {
286. logger.error("", e);
287. throw e;
288. } finally {
289. if (connection != null)
290. connection.close();
291. }
292. }
293.  
294. @Override
295. public boolean userExists(String email) throws Exception {
296. LDAPConnection connection = null;
297. try {
298. logger.debug("checking if user " + email + " exists in ldap");
299. connection = new LDAPConnection(ldapAddress, ldapPort, ldapUsername, ldapPassword);
300. Filter filter = Filter.createEqualityFilter("mail", email);
301. SearchRequest searchRequest = new SearchRequest(ldapUsersDN, SearchScope.SUB, filter, "mail");
302.  
303. SearchResult searchResult = connection.search(searchRequest);
304. if (!searchResult.getSearchEntries().isEmpty())
305. return true;
306.  
307. return false;
308. } catch (Exception e) {
309. logger.error("", e);
310. throw e;
311. } finally {
312. if (connection != null)
313. connection.close();
314. }
315. }
316.  
317. @Override
318. public boolean usernameExists(String username) throws Exception {
319. LDAPConnection connection = null;
320. try {
321. logger.debug("checking if user " + username + " exists in ldap");
322. connection = new LDAPConnection(ldapAddress, ldapPort, ldapUsername, ldapPassword);
323. Filter filter = Filter.createEqualityFilter("uid", username);
324. SearchRequest searchRequest = new SearchRequest(ldapUsersDN, SearchScope.SUB, filter, "uid");
325. SearchResult searchResult = connection.search(searchRequest);
326.  
327. if (!searchResult.getSearchEntries().isEmpty()) {
328. return true;
329. }
330.  
331. return false;
332. } catch (Exception e) {
333. logger.error("", e);
334. throw e;
335. } finally {
336. if (connection != null)
337. connection.close();
338. }
339. }
340.  
341. @Override
342. public String getEmailFromUsername(String username) throws Exception {
343. LDAPConnection connection = null;
344. try {
345. logger.debug("getting email for user " + username);
346. connection = new LDAPConnection(ldapAddress, ldapPort, ldapUsername, ldapPassword);
347. Filter filter = Filter.createEqualityFilter("uid", username);
348. SearchRequest searchRequest = new SearchRequest(ldapUsersDN, SearchScope.SUB, filter, "mail");
349. SearchResult searchResult = connection.search(searchRequest);
350. for (SearchResultEntry entry : searchResult.getSearchEntries()) {
351. return entry.getAttributeValue("mail");
352. }
353. return null;
354. } catch (Exception e) {
355. logger.error("", e);
356. throw e;
357. } finally {
358. if (connection != null)
359. connection.close();
360. }
361. }
362.  
363. public void setLdapPort(int ldapPort) {
364. this.ldapPort = ldapPort;
365. }
366.  
367. public void setLdapAddress(String ldapAddress) {
368. this.ldapAddress = ldapAddress;
369. }
370.  
371. public void setLdapUsername(String ldapUsername) {
372. this.ldapUsername = ldapUsername;
373. }
374.  
375. public void setLdapPassword(String ldapPassword) {
376. this.ldapPassword = ldapPassword;
377. }
378.  
379. public void setLdapUsersDN(String ldapUsersDN) {
380. this.ldapUsersDN = ldapUsersDN;
381. }
382. }
383.  
384. class Joomla15PasswordHash
385. {
386. public static boolean check(String passwd,String dbEntry) {
387. String hashed = "{MD5}"+Base64.encode(pack(Joomla15PasswordHash.md5(passwd)));
388. if(dbEntry.equals(hashed))
389. return true;
390. else
391. return false;
392. }
393.  
394. static Random _rnd;
395.  
396. public static String create(String passwd) {
397. return "{MD5}"+Base64.encode(pack(Joomla15PasswordHash.md5(passwd)));
398. }
399.  
400. /** Takes the MD5 hash of a sequence of ASCII or LATIN1 characters,
401. * and returns it as a 32-character lowercase hex string.
402. *
403. * Equivalent to MySQL's MD5() function
404. * and to perl's Digest::MD5::md5_hex(),
405. * and to PHP's md5().
406. *
407. * Does no error-checking of the input, but only uses the low 8 bits
408. * from each input character.
409. */
410. public static String md5(String data) {
411. byte[] bdata = new byte[data.length()]; int i; byte[] hash;
412.  
413. for (i=0;i<data.length();i++) bdata[i]=(byte)(data.charAt(i)&0xff );
414.  
415. try {
416. MessageDigest md5er = MessageDigest.getInstance("MD5");
417. hash = md5er.digest(bdata);
418. } catch (GeneralSecurityException e) { throw new RuntimeException(e); }
419.  
420. StringBuffer r = new StringBuffer(32);
421. for (i=0;i<hash.length;i++) {
422. String x = Integer.toHexString(hash[i]&0xff);
423. if (x.length()<2) r.append("0");
424. r.append(x);
425. }
426. return r.toString();
427. }
428.  
429. public static byte[] pack(String md5) {
430. byte[] bytes = new byte[16];
431. int j = 0;
432. for(int i=0; i < 31; i+=2) {
433. bytes[j] = (byte) Integer.parseInt(md5.charAt(i)+""+md5.charAt(i+1),16);
434. j++;
435. }
436. return bytes;
437. }
438. }