You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@usergrid.apache.org by mr...@apache.org on 2016/08/01 16:54:04 UTC
[29/50] [abbrv] usergrid git commit: Code review changes
Code review changes
Project: http://git-wip-us.apache.org/repos/asf/usergrid/repo
Commit: http://git-wip-us.apache.org/repos/asf/usergrid/commit/f8d5713b
Tree: http://git-wip-us.apache.org/repos/asf/usergrid/tree/f8d5713b
Diff: http://git-wip-us.apache.org/repos/asf/usergrid/diff/f8d5713b
Branch: refs/heads/master
Commit: f8d5713b620a5f2df6379f4e9073fa9edbebdafa
Parents: 6d88bcf
Author: Ayesha Dastagiri <ay...@gmail.com>
Authored: Tue Jul 26 14:09:06 2016 -0700
Committer: Ayesha Dastagiri <ay...@gmail.com>
Committed: Tue Jul 26 14:09:06 2016 -0700
----------------------------------------------------------------------
.../main/resources/usergrid-default.properties | 3 +++
.../rest/management/ManagementResource.java | 10 +++-------
.../organizations/OrganizationsResource.java | 18 ++++++++++--------
.../cassandra/ManagementServiceImpl.java | 11 +++++------
4 files changed, 21 insertions(+), 21 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/usergrid/blob/f8d5713b/stack/config/src/main/resources/usergrid-default.properties
----------------------------------------------------------------------
diff --git a/stack/config/src/main/resources/usergrid-default.properties b/stack/config/src/main/resources/usergrid-default.properties
index 371b251..23da7e9 100644
--- a/stack/config/src/main/resources/usergrid-default.properties
+++ b/stack/config/src/main/resources/usergrid-default.properties
@@ -682,6 +682,9 @@ usergrid.test-account.admin-user.password=test
#
#
+# Set a flag to allow public org registrations
+usergrid.management.allow-public-registrations=true
+
# Set the requirements for activiation and confirmations
usergrid.sysadmin.approve.users=false
usergrid.sysadmin.approve.organizations=false
http://git-wip-us.apache.org/repos/asf/usergrid/blob/f8d5713b/stack/rest/src/main/java/org/apache/usergrid/rest/management/ManagementResource.java
----------------------------------------------------------------------
diff --git a/stack/rest/src/main/java/org/apache/usergrid/rest/management/ManagementResource.java b/stack/rest/src/main/java/org/apache/usergrid/rest/management/ManagementResource.java
index c5d7c77..285a22e 100644
--- a/stack/rest/src/main/java/org/apache/usergrid/rest/management/ManagementResource.java
+++ b/stack/rest/src/main/java/org/apache/usergrid/rest/management/ManagementResource.java
@@ -299,13 +299,9 @@ public class ManagementResource extends AbstractContextResource {
if ( user == null ) {
-
- //if ( !me ) { // if not lightweight-auth, i.e. /management/me then...
-
- // make sure authentication is allowed considering
- // external token validation configuration (UG Central SSO)
- ensureAuthenticationAllowed( username, grant_type );
- // }
+ // make sure authentication is allowed considering
+ // external token validation configuration (UG Central SSO)
+ ensureAuthenticationAllowed( username, grant_type );
if ( authorization != null ) {
http://git-wip-us.apache.org/repos/asf/usergrid/blob/f8d5713b/stack/rest/src/main/java/org/apache/usergrid/rest/management/organizations/OrganizationsResource.java
----------------------------------------------------------------------
diff --git a/stack/rest/src/main/java/org/apache/usergrid/rest/management/organizations/OrganizationsResource.java b/stack/rest/src/main/java/org/apache/usergrid/rest/management/organizations/OrganizationsResource.java
index 823ebcc..b75ca60 100644
--- a/stack/rest/src/main/java/org/apache/usergrid/rest/management/organizations/OrganizationsResource.java
+++ b/stack/rest/src/main/java/org/apache/usergrid/rest/management/organizations/OrganizationsResource.java
@@ -40,8 +40,6 @@ import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.UriInfo;
import java.util.*;
-import static org.apache.usergrid.security.tokens.cassandra.TokenServiceImpl.USERGRID_EXTERNAL_PROVIDER_URL;
-
@Component( "org.apache.usergrid.rest.management.organizations.OrganizationsResource" )
@Scope( "prototype" )
@@ -187,12 +185,16 @@ public class OrganizationsResource extends AbstractContextResource {
String email, String password, Map<String, Object> userProperties,
Map<String, Object> orgProperties, String callback ) throws Exception {
- if ( tokens.isExternalSSOProviderEnabled() ) {
- //let superuser add an org even if external SSO Provider is enabled.
- if(!userServiceAdmin(null) ) { // what should the username be ?
- throw new IllegalArgumentException("Organization / Admin Users must be created via " +
- properties.getProperty(USERGRID_EXTERNAL_PROVIDER_URL));
- }
+ // Providing no password in this request signifies that an existing admin users should be associated to the
+ // newly requested organization.
+
+ // Always let the sysadmin create an org, but otherwise follow the behavior specified with
+ // the property 'usergrid.management.allow-public-registration'
+ if ( ( System.getProperty("usergrid.management.allow-public-registration") != null
+ && !Boolean.valueOf(System.getProperty("usergrid.management.allow-public-registration"))
+ && !userServiceAdmin(null) ) ) {
+
+ throw new IllegalArgumentException("Public organization registration is disabled");
}
Preconditions
http://git-wip-us.apache.org/repos/asf/usergrid/blob/f8d5713b/stack/services/src/main/java/org/apache/usergrid/management/cassandra/ManagementServiceImpl.java
----------------------------------------------------------------------
diff --git a/stack/services/src/main/java/org/apache/usergrid/management/cassandra/ManagementServiceImpl.java b/stack/services/src/main/java/org/apache/usergrid/management/cassandra/ManagementServiceImpl.java
index e8bf0ec..97febdf 100644
--- a/stack/services/src/main/java/org/apache/usergrid/management/cassandra/ManagementServiceImpl.java
+++ b/stack/services/src/main/java/org/apache/usergrid/management/cassandra/ManagementServiceImpl.java
@@ -549,20 +549,19 @@ public class ManagementServiceImpl implements ManagementService {
return null;
}
- // irrespective of it being sso enabled or not , if its a super user request it will try to fetch user if no password is passed.
- if(password == null && SubjectUtils.isServiceAdmin()){
+ // sysadmin can omit password field in the request and that will try to fetch an existing admin user to
+ // associate to the requested organization
+ if((password == null || password.isEmpty()) && SubjectUtils.isServiceAdmin()){
user = getAdminUserByEmail(email);
if(user == null ){
throw new IllegalArgumentException("Password should be sent in the request or should be a valid admin user email.");
}
}
- else if(password == null ){ //for existing workflow.
- throw new IllegalArgumentException("Password should be sent in the request.");
- }
if(user == null) {
- if ((tokens.isExternalSSOProviderEnabled() && SubjectUtils.isServiceAdmin()) || areActivationChecksDisabled()) {
+ // if external SSO is enabled and we're adding a user to an org, auto activate the user
+ if (tokens.isExternalSSOProviderEnabled() || areActivationChecksDisabled()) {
user = createAdminUserInternal(null, username, name, email, password, true, false, userProperties);
} else {
user = createAdminUserInternal(null, username, name, email, password, activated, disabled, userProperties);