use createAuthenticatedUserWithDecoupledIdentifiers from Shib #1151

IQSS · Feb 2, 2015 · 74795ba · 74795ba
1 parent 34a6fcc
commit 74795ba
Showing 1 changed file with 18 additions and 4 deletions.
diff --git a/src/main/java/edu/harvard/iq/dataverse/Shib.java b/src/main/java/edu/harvard/iq/dataverse/Shib.java
@@ -7,6 +7,7 @@
 import com.google.gson.JsonSyntaxException;
 import edu.harvard.iq.dataverse.authorization.AuthenticationServiceBean;
 import edu.harvard.iq.dataverse.authorization.RoleAssigneeDisplayInfo;
+import edu.harvard.iq.dataverse.authorization.UserIdentifier;
 import edu.harvard.iq.dataverse.authorization.groups.impl.shib.ShibGroupServiceBean;
 import edu.harvard.iq.dataverse.authorization.providers.shib.ShibAuthenticationProvider;
 import edu.harvard.iq.dataverse.authorization.users.AuthenticatedUser;
@@ -122,6 +123,8 @@ public class Shib implements java.io.Serializable {
     private final String shibIdpAttribute = "Shib-Identity-Provider";
     private final String uniquePersistentIdentifier = "eppn";
     private String userPersistentId;
+    private String internalUserIdentifer;
+    private final String usernameAttribute = "uid";
     private final String displayNameAttribute = "cn";
     private final String firstNameAttribute = "givenName";
     private final String lastNameAttribute = "sn";
@@ -181,9 +184,14 @@ public void init() {
              */
             return;
         }
-        String userIdentifier;
+        String shibUserIdentifier;
         try {
-            userIdentifier = getRequiredValueFromAttribute(uniquePersistentIdentifier);
+            shibUserIdentifier = getRequiredValueFromAttribute(uniquePersistentIdentifier);
+        } catch (Exception ex) {
+            return;
+        }
+        try {
+            internalUserIdentifer = getRequiredValueFromAttribute(usernameAttribute);
         } catch (Exception ex) {
             return;
         }
@@ -207,7 +215,7 @@ public void init() {
         String emailAddress = getValueFromAttribute(emailAttribute);
         displayInfo = new RoleAssigneeDisplayInfo(displayName, emailAddress);
 
-        userPersistentId = shibIdp + persistentUserIdSeparator + userIdentifier;
+        userPersistentId = shibIdp + persistentUserIdSeparator + shibUserIdentifier;
         ShibAuthenticationProvider shibAuthProvider = new ShibAuthenticationProvider();
         AuthenticatedUser au = authSvc.lookupUser(shibAuthProvider.getId(), userPersistentId);
         if (au != null) {
@@ -231,7 +239,9 @@ public void init() {
 
     public String confirm() {
         ShibAuthenticationProvider shibAuthProvider = new ShibAuthenticationProvider();
-        AuthenticatedUser au = authSvc.createAuthenticatedUser(shibAuthProvider.getId(), userPersistentId, displayInfo);
+        String lookupStringPerAuthProvider = userPersistentId;
+        UserIdentifier userIdentifier = new UserIdentifier(lookupStringPerAuthProvider, internalUserIdentifer);
+        AuthenticatedUser au = authSvc.createAuthenticatedUserWithDecoupledIdentifiers(shibAuthProvider.getId(), userIdentifier, displayInfo);
         if (au != null) {
             logger.info("created user " + au.getIdentifier());
         } else {
@@ -379,6 +389,7 @@ private void mutateRequestForDevRandom() throws JsonSyntaxException, JsonIOExcep
         JsonElement firstResult = results.getAsJsonArray().get(0);
         logger.fine(firstResult.toString());
         JsonElement user = firstResult.getAsJsonObject().get("user");
+        JsonElement username = user.getAsJsonObject().get("username");
         JsonElement email = user.getAsJsonObject().get("email");
         JsonElement password = user.getAsJsonObject().get("password");
         JsonElement name = user.getAsJsonObject().get("name");
@@ -388,20 +399,23 @@ private void mutateRequestForDevRandom() throws JsonSyntaxException, JsonIOExcep
         request.setAttribute(emailAttribute, email.getAsString());
         // random IDP
         request.setAttribute(shibIdpAttribute, "https://idp." + password.getAsString() + ".com/idp/shibboleth");
+        request.setAttribute(usernameAttribute, username.getAsString());
     }
 
     private void mutateRequestForDevConstantTestShib() {
         request.setAttribute(shibIdpAttribute, "https://idp.testshib.org/idp/shibboleth");
         request.setAttribute(uniquePersistentIdentifier, "constantTestShib");
         request.setAttribute(displayNameAttribute, "Sam El");
         request.setAttribute(emailAttribute, "saml@mailinator.com");
+        request.setAttribute(usernameAttribute, "saml");
     }
 
     private void mutateRequestForDevConstantHarvard() {
         request.setAttribute(shibIdpAttribute, "https://fed.huit.harvard.edu/idp/shibboleth");
         request.setAttribute(uniquePersistentIdentifier, "constantHarvard");
         request.setAttribute(displayNameAttribute, "John Harvard");
         request.setAttribute(emailAttribute, "jharvard@mailinator.com");
+        request.setAttribute(usernameAttribute, "jharvard");
     }
 
 }