Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

105-be/user-is-not-registered-after-shibboleth-login #281

Merged
merged 2 commits into from
May 17, 2023
Merged

105-be/user-is-not-registered-after-shibboleth-login #281

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
60209b9
firstname and lastname is not required for proper Shibboleth login.
milanmajchrak May 17, 2023
692f57e
Fixed IT to be failed if code is wrong
milanmajchrak May 17, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
19 changes: 5 additions & 14 deletions dspace-api/src/main/java/org/dspace/authenticate/clarin/ClarinShibAuthentication.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -706,7 +706,7 @@ protected EPerson registerNewEPerson(Context context, HttpServletRequest request
lname = shibheaders.get_single(lnameHeader);
}

if (email == null || (fnameHeader != null && fname == null) || (lnameHeader != null && lname == null)) {
if ( email == null && netid == null) {
// We require that there be an email, first name, and last name. If we
// don't have at least these three pieces of information then we fail.
String message = "Unable to register new eperson because we are unable to find an email address along " +
Expand All @@ -715,22 +715,13 @@ protected EPerson registerNewEPerson(Context context, HttpServletRequest request
message += " Email Header: '" + emailHeader + "'='" + email + "' \n";
message += " First Name Header: '" + fnameHeader + "'='" + fname + "' \n";
message += " Last Name Header: '" + lnameHeader + "'='" + lname + "'";
log.error(message);

log.error( String.format(
"Could not identify a user from [%s] - we have not received enough information " +
"(email, netid, eppn, ...). \n\nDetails:\n%s\n\nHeaders received:\n%s",
org, message, request.getHeaderNames().toString()) );
return null; // TODO should this throw an exception?
}

// Truncate values of parameters that are too big.
if (fname != null && fname.length() > NAME_MAX_SIZE) {
log.warn(
"Truncating eperson's first name because it is longer than " + NAME_MAX_SIZE + ": '" + fname + "'");
fname = fname.substring(0, NAME_MAX_SIZE);
}
if (lname != null && lname.length() > NAME_MAX_SIZE) {
log.warn("Truncating eperson's last name because it is longer than " + NAME_MAX_SIZE + ": '" + lname + "'");
lname = lname.substring(0, NAME_MAX_SIZE);
}

// Turn off authorizations to create a new user
context.turnOffAuthorisationSystem();
EPerson eperson = ePersonService.create(context);
Expand Down
14 changes: 2 additions & 12 deletions ...rver-webapp/src/test/java/org/dspace/app/rest/security/ClarinShibbolethLoginFilterIT.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -167,17 +167,13 @@ public void shouldReturnUserWithoutEmailException() throws Exception {
public void userFillInEmailAndShouldBeRegisteredByVerificationToken() throws Exception {
String netId = "123456";
String email = "test@mail.epic";
String firstname = "Test";
String lastname = "Buddy";
String idp = "Test Idp";

// Try to authenticate but the Shibboleth doesn't send the email in the header, so the user won't be registered
// but the user will be redirected to the page where he will fill in the user email.
getClient().perform(get("/api/authn/shibboleth")
.header("Shib-Identity-Provider", idp)
.header("SHIB-NETID", netId)
.header("SHIB-GIVENNAME", firstname)
.header("SHIB-SURNAME", lastname))
.header("SHIB-NETID", netId))
.andExpect(status().isFound())
.andExpect(redirectedUrl("http://localhost:4000/login/auth-failed?netid=" + netId));

Expand All @@ -201,8 +197,6 @@ public void userFillInEmailAndShouldBeRegisteredByVerificationToken() throws Exc
EPerson ePerson = ePersonService.findByNetid(context, netId);
assertTrue(Objects.nonNull(ePerson));
assertEquals(ePerson.getEmail(), email);
assertEquals(ePerson.getFirstName(), firstname);
assertEquals(ePerson.getLastName(), lastname);

// The user is registered now log him
getClient().perform(get("/api/authn/shibboleth")
Expand All @@ -215,17 +209,13 @@ public void userFillInEmailAndShouldBeRegisteredByVerificationToken() throws Exc
getClient().perform(get("/api/authn/shibboleth")
.header("Shib-Identity-Provider", idp)
.header("SHIB-NETID", netId)
.header("SHIB-GIVENNAME", firstname)
.header("SHIB-SURNAME", lastname)
.header("SHIB-MAIL", email))
.andExpect(status().isFound());

// Try to sign in the user by the netid if the eperson exist
getClient().perform(get("/api/authn/shibboleth")
.header("Shib-Identity-Provider", idp)
.header("SHIB-NETID", netId)
.header("SHIB-GIVENNAME", firstname)
.header("SHIB-SURNAME", lastname))
.header("SHIB-NETID", netId))
.andExpect(status().isFound());

// Delete created eperson - clean after the test
Expand Down