Commit 5fa6de16 authored by wannes's avatar wannes
Browse files

improve User handling

parent 2cf6d549
......@@ -58,6 +58,45 @@ public class LDAP {
return instance.connection;
}
public static String escapeDN(String name) {
StringBuilder sb = new StringBuilder();
if ((name.length() > 0) && ((name.charAt(0) == ' ') || (name.charAt(0) == '#'))) {
sb.append('\\'); // add the leading backslash if needed
}
for (int i = 0; i < name.length(); i++) {
char curChar = name.charAt(i);
switch (curChar) {
case '\\':
sb.append("\\\\");
break;
case ',':
sb.append("\\,");
break;
case '+':
sb.append("\\+");
break;
case '"':
sb.append("\\\"");
break;
case '<':
sb.append("\\<");
break;
case '>':
sb.append("\\>");
break;
case ';':
sb.append("\\;");
break;
default:
sb.append(curChar);
}
}
if ((name.length() > 1) && (name.charAt(name.length() - 1) == ' ')) {
sb.insert(sb.length() - 1, '\\'); // add the trailing backslash if needed
}
return sb.toString();
}
public void boot() {
host = Config.get("ldap/host");
if (host.isPresent()) {
......
......@@ -17,6 +17,7 @@
*/
package be.neutrinet.ispng.vpn;
import be.neutrinet.ispng.external.LDAP;
import be.neutrinet.ispng.security.OwnedEntity;
import com.unboundid.ldap.sdk.persist.LDAPField;
import com.unboundid.ldap.sdk.persist.LDAPGetter;
......@@ -24,7 +25,6 @@ import com.unboundid.ldap.sdk.persist.LDAPObject;
import org.apache.log4j.Logger;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import javax.naming.ldap.Rdn;
import java.io.ByteArrayOutputStream;
import java.security.MessageDigest;
import java.security.Security;
......@@ -76,7 +76,7 @@ public class User implements OwnedEntity {
}
public String getDN() {
return "mail=" + Rdn.escapeValue(email) + "," + Users.usersDN();
return "mail=" + LDAP.escapeDN(email) + "," + Users.usersDN();
}
public void setPassword(String password) {
......
......@@ -26,7 +26,6 @@ import com.unboundid.ldap.sdk.persist.ObjectSearchListener;
import com.unboundid.ldap.sdk.persist.PersistedObjects;
import org.apache.log4j.Logger;
import javax.naming.ldap.Rdn;
import java.util.ArrayList;
import java.util.List;
import java.util.Optional;
......@@ -57,18 +56,19 @@ public class Users {
assert email != null;
assert password != null;
if (LDAP.get().auth("mail=" + email + "," + usersDN(), password)) {
if (LDAP.get().auth("mail=" + LDAP.escapeDN(email) + "," + usersDN(), password)) {
return get(email);
}
return null;
}
public static void add(User user) {
public static void add(User user) throws LDAPPersistException {
try {
persister.add(user, LDAP.connection(), usersDN());
} catch (LDAPException ex) {
Logger.getLogger(Users.class).error("Failed to add user", ex);
throw ex;
}
}
......@@ -100,7 +100,7 @@ public class Users {
public static User get(String email) {
try {
return persister.get("mail=" + Rdn.escapeValue(email) + "," + usersDN().toString(), LDAP.connection());
return persister.get("mail=" + LDAP.escapeDN(email) + "," + usersDN(), LDAP.connection());
} catch (LDAPException ex) {
Logger.getLogger(Users.class).error("Failed to get user", ex);
}
......@@ -218,4 +218,5 @@ public class Users {
throw new IllegalArgumentException("No LDAP users DN set");
} else return dn.get();
}
}
......@@ -11,6 +11,7 @@ import be.neutrinet.ispng.vpn.User;
import be.neutrinet.ispng.vpn.Users;
import be.neutrinet.ispng.vpn.admin.Registration;
import be.neutrinet.ispng.vpn.admin.Registrations;
import com.unboundid.ldap.sdk.persist.LDAPPersistException;
import org.apache.log4j.Logger;
import javax.servlet.ServletException;
......@@ -63,11 +64,15 @@ public class FlowServlet extends HttpServlet {
user.municipality = address.getMunicipality();
user.certId = identity.chipNumber;
Users.add(user);
try {
Users.add(user);
reg.createInitialClient();
Registrations.dao.update(reg);
resp.sendRedirect("/?id=" + id + "&flow=eIdDone");
reg.createInitialClient();
Registrations.dao.update(reg);
resp.sendRedirect("/?id=" + id + "&flow=eIdDone");
} catch (LDAPPersistException ex) {
Logger.getLogger(getClass()).error("Failed to add user", ex);
}
}
} catch (SQLException ex) {
Logger.getLogger(getClass()).warn("Failed to create user", ex);
......
......@@ -15,6 +15,7 @@ import be.neutrinet.ispng.vpn.admin.Registration;
import be.neutrinet.ispng.vpn.admin.Registrations;
import be.neutrinet.ispng.vpn.admin.UnlockKey;
import be.neutrinet.ispng.vpn.admin.UnlockKeys;
import com.unboundid.ldap.sdk.persist.LDAPPersistException;
import org.apache.log4j.Logger;
import org.restlet.data.Status;
import org.restlet.ext.jackson.JacksonRepresentation;
......@@ -159,7 +160,14 @@ public class UserRegistration extends ResourceBase {
user.birthPlace = (String) data.get("birthplace");
user.country = (String) data.get("country");
if (user.validate()) Users.add(user);
try {
if (user.validate()) Users.add(user);
} catch (LDAPPersistException ex) {
if (ex.getMessage().contains("already exists")) {
setStatus(Status.REDIRECTION_SEE_OTHER);
return new JacksonRepresentation<>(Users.get(user.email));
}
}
// Auto-login newly created user
getResponse().getCookieSettings().add("Session",
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment