You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@james.apache.org by rc...@apache.org on 2023/03/09 02:38:27 UTC
[james-project] branch master updated: JAMES-3885 Delegation should be supported when using LDAP (#1473)
This is an automated email from the ASF dual-hosted git repository.
rcordier pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/james-project.git
The following commit(s) were added to refs/heads/master by this push:
new 03155b2fc2 JAMES-3885 Delegation should be supported when using LDAP (#1473)
03155b2fc2 is described below
commit 03155b2fc20553dce4518c598b8fa303e873ab7c
Author: Trần Hồng Quân <55...@users.noreply.github.com>
AuthorDate: Thu Mar 9 09:38:20 2023 +0700
JAMES-3885 Delegation should be supported when using LDAP (#1473)
---
.../data/CassandraDelegationStoreModule.java | 3 ++
.../data/CassandraUsersRepositoryModule.java | 3 --
.../james/data/LdapUsersRepositoryModule.java | 3 --
.../modules/data/MemoryDelegationStoreModule.java | 3 ++
.../james/user/api/DelegationStoreContract.java | 48 ++++++++++++++++++++++
.../james/user/cassandra/CassandraUsersDAO.java | 8 +---
6 files changed, 55 insertions(+), 13 deletions(-)
diff --git a/server/container/guice/data-cassandra/src/main/java/org/apache/james/modules/data/CassandraDelegationStoreModule.java b/server/container/guice/data-cassandra/src/main/java/org/apache/james/modules/data/CassandraDelegationStoreModule.java
index ebb811c0cf..1776ddaa2a 100644
--- a/server/container/guice/data-cassandra/src/main/java/org/apache/james/modules/data/CassandraDelegationStoreModule.java
+++ b/server/container/guice/data-cassandra/src/main/java/org/apache/james/modules/data/CassandraDelegationStoreModule.java
@@ -20,7 +20,9 @@
package org.apache.james.modules.data;
import org.apache.commons.configuration2.ex.ConfigurationException;
+import org.apache.james.adapter.mailbox.DelegationStoreAuthorizator;
import org.apache.james.backends.cassandra.components.CassandraModule;
+import org.apache.james.mailbox.Authorizator;
import org.apache.james.server.core.configuration.ConfigurationProvider;
import org.apache.james.user.api.DelegationStore;
import org.apache.james.user.api.DelegationUsernameChangeTaskStep;
@@ -39,6 +41,7 @@ public class CassandraDelegationStoreModule extends AbstractModule {
@Override
public void configure() {
bind(DelegationStore.class).to(CassandraDelegationStore.class);
+ bind(Authorizator.class).to(DelegationStoreAuthorizator.class);
Multibinder<CassandraModule> cassandraDataDefinitions = Multibinder.newSetBinder(binder(), CassandraModule.class);
cassandraDataDefinitions.addBinding().toInstance(org.apache.james.user.cassandra.CassandraUsersRepositoryModule.MODULE);
diff --git a/server/container/guice/data-cassandra/src/main/java/org/apache/james/modules/data/CassandraUsersRepositoryModule.java b/server/container/guice/data-cassandra/src/main/java/org/apache/james/modules/data/CassandraUsersRepositoryModule.java
index 009d6c6aa6..fd1b20d310 100644
--- a/server/container/guice/data-cassandra/src/main/java/org/apache/james/modules/data/CassandraUsersRepositoryModule.java
+++ b/server/container/guice/data-cassandra/src/main/java/org/apache/james/modules/data/CassandraUsersRepositoryModule.java
@@ -19,8 +19,6 @@
package org.apache.james.modules.data;
-import org.apache.james.adapter.mailbox.DelegationStoreAuthorizator;
-import org.apache.james.mailbox.Authorizator;
import org.apache.james.server.core.configuration.ConfigurationProvider;
import org.apache.james.user.api.UsersRepository;
import org.apache.james.user.cassandra.CassandraUsersDAO;
@@ -40,7 +38,6 @@ public class CassandraUsersRepositoryModule extends AbstractModule {
bind(UsersDAO.class).to(CassandraUsersDAO.class);
bind(new TypeLiteral<UsersRepositoryImpl<CassandraUsersDAO>>() {}).in(Scopes.SINGLETON);
bind(UsersRepository.class).to(new TypeLiteral<UsersRepositoryImpl<CassandraUsersDAO>>() {});
- bind(Authorizator.class).to(DelegationStoreAuthorizator.class);
}
@ProvidesIntoSet
diff --git a/server/container/guice/data-ldap/src/main/java/org/apache/james/data/LdapUsersRepositoryModule.java b/server/container/guice/data-ldap/src/main/java/org/apache/james/data/LdapUsersRepositoryModule.java
index 006d9ce49f..815a525f2e 100644
--- a/server/container/guice/data-ldap/src/main/java/org/apache/james/data/LdapUsersRepositoryModule.java
+++ b/server/container/guice/data-ldap/src/main/java/org/apache/james/data/LdapUsersRepositoryModule.java
@@ -19,9 +19,7 @@
package org.apache.james.data;
import org.apache.commons.configuration2.ex.ConfigurationException;
-import org.apache.james.adapter.mailbox.UserRepositoryAuthorizator;
import org.apache.james.core.healthcheck.HealthCheck;
-import org.apache.james.mailbox.Authorizator;
import org.apache.james.server.core.configuration.ConfigurationProvider;
import org.apache.james.user.api.UsersRepository;
import org.apache.james.user.ldap.LdapHealthCheck;
@@ -42,7 +40,6 @@ public class LdapUsersRepositoryModule extends AbstractModule {
public void configure() {
bind(ReadOnlyUsersLDAPRepository.class).in(Scopes.SINGLETON);
bind(UsersRepository.class).to(ReadOnlyUsersLDAPRepository.class);
- bind(Authorizator.class).to(UserRepositoryAuthorizator.class);
Multibinder.newSetBinder(binder(), HealthCheck.class).addBinding().to(LdapHealthCheck.class);
}
diff --git a/server/container/guice/memory/src/main/java/org/apache/james/modules/data/MemoryDelegationStoreModule.java b/server/container/guice/memory/src/main/java/org/apache/james/modules/data/MemoryDelegationStoreModule.java
index ec272b6675..031a4e3279 100644
--- a/server/container/guice/memory/src/main/java/org/apache/james/modules/data/MemoryDelegationStoreModule.java
+++ b/server/container/guice/memory/src/main/java/org/apache/james/modules/data/MemoryDelegationStoreModule.java
@@ -19,6 +19,8 @@
package org.apache.james.modules.data;
+import org.apache.james.adapter.mailbox.DelegationStoreAuthorizator;
+import org.apache.james.mailbox.Authorizator;
import org.apache.james.user.api.DelegationStore;
import org.apache.james.user.api.DelegationUsernameChangeTaskStep;
import org.apache.james.user.api.UsernameChangeTaskStep;
@@ -33,6 +35,7 @@ public class MemoryDelegationStoreModule extends AbstractModule {
public void configure() {
bind(MemoryDelegationStore.class).in(Scopes.SINGLETON);
bind(DelegationStore.class).to(MemoryDelegationStore.class);
+ bind(Authorizator.class).to(DelegationStoreAuthorizator.class);
Multibinder.newSetBinder(binder(), UsernameChangeTaskStep.class)
.addBinding().to(DelegationUsernameChangeTaskStep.class);
diff --git a/server/data/data-api/src/test/java/org/apache/james/user/api/DelegationStoreContract.java b/server/data/data-api/src/test/java/org/apache/james/user/api/DelegationStoreContract.java
index 7a398ab49f..97d454fcab 100644
--- a/server/data/data-api/src/test/java/org/apache/james/user/api/DelegationStoreContract.java
+++ b/server/data/data-api/src/test/java/org/apache/james/user/api/DelegationStoreContract.java
@@ -150,6 +150,54 @@ public interface DelegationStoreContract {
.containsOnly(CEDRIC, ALICE);
}
+ @Test
+ default void delegateesSourceAndDelegatorsSourceShouldBeAlignedWhenBothUsersDoNotExist() {
+ // LDAP case where there are no user entries in user table
+
+ // ALICE delegates BOB
+ Mono.from(testee().addAuthorizedUser(ALICE, BOB)).block();
+
+ // Delegatees source of ALICE should be aligned with Delegators source of BOB
+ assertThat(Flux.from(testee().authorizedUsers(ALICE)).collectList().block())
+ .containsOnly(BOB);
+ assertThat(Flux.from(testee().delegatedUsers(BOB)).collectList().block())
+ .containsOnly(ALICE);
+ }
+
+ @Test
+ default void removeDelegateeLDAPCaseShouldSucceed() {
+ // LDAP case where there are no user entries in user table
+
+ // ALICE delegates BOB
+ Mono.from(testee().addAuthorizedUser(ALICE, BOB)).block();
+
+ // ALICE remove BOB's access
+ Mono.from(testee().removeAuthorizedUser(ALICE, BOB)).block();
+
+ // Delegatees source of ALICE and Delegators source of BOB should both return empty
+ assertThat(Flux.from(testee().authorizedUsers(ALICE)).collectList().block())
+ .isEmpty();
+ assertThat(Flux.from(testee().delegatedUsers(BOB)).collectList().block())
+ .isEmpty();
+ }
+
+ @Test
+ default void removeDelegatorLDAPCaseShouldSucceed() {
+ // LDAP case where there are no user entries in user table
+
+ // ALICE delegates BOB
+ Mono.from(testee().addAuthorizedUser(ALICE, BOB)).block();
+
+ // BOB withdraws access to ALICE account
+ Mono.from(testee().removeDelegatedUser(BOB, ALICE)).block();
+
+ // Delegatees source of ALICE and Delegators source of BOB should both return empty
+ assertThat(Flux.from(testee().authorizedUsers(ALICE)).collectList().block())
+ .isEmpty();
+ assertThat(Flux.from(testee().delegatedUsers(BOB)).collectList().block())
+ .isEmpty();
+ }
+
@Test
default void delegatedUsersShouldReturnUpdateEntryAfterClearDelegatedBaseUser() {
addUser(BOB);
diff --git a/server/data/data-cassandra/src/main/java/org/apache/james/user/cassandra/CassandraUsersDAO.java b/server/data/data-cassandra/src/main/java/org/apache/james/user/cassandra/CassandraUsersDAO.java
index 2732a87e08..fd6083f15c 100644
--- a/server/data/data-cassandra/src/main/java/org/apache/james/user/cassandra/CassandraUsersDAO.java
+++ b/server/data/data-cassandra/src/main/java/org/apache/james/user/cassandra/CassandraUsersDAO.java
@@ -47,7 +47,6 @@ import org.apache.james.user.lib.UsersDAO;
import org.apache.james.user.lib.model.Algorithm;
import org.apache.james.user.lib.model.Algorithm.HashingMode;
import org.apache.james.user.lib.model.DefaultUser;
-import org.apache.james.util.FunctionalUtils;
import org.reactivestreams.Publisher;
import com.datastax.oss.driver.api.core.CqlSession;
@@ -55,7 +54,6 @@ import com.datastax.oss.driver.api.core.cql.BatchStatementBuilder;
import com.datastax.oss.driver.api.core.cql.BatchType;
import com.datastax.oss.driver.api.core.cql.BoundStatement;
import com.datastax.oss.driver.api.core.cql.PreparedStatement;
-import com.datastax.oss.driver.api.core.cql.Statement;
import com.google.common.annotations.VisibleForTesting;
import com.google.common.base.Preconditions;
import com.google.common.collect.ImmutableSet;
@@ -212,11 +210,7 @@ public class CassandraUsersDAO implements UsersDAO {
.setString(NAME, userWithAccess.asString())
.setSet(DELEGATED_USERS, ImmutableSet.of(baseUser.asString()), String.class));
- return getUserByNameReactive(userWithAccess).hasElement()
- .filter(FunctionalUtils.identityPredicate())
- .map(existAuthorizedUser -> (Statement) batchBuilder.build())
- .switchIfEmpty(Mono.just(addAuthorizedStatement))
- .flatMap(executor::executeVoid);
+ return executor.executeVoid(batchBuilder.build());
}
public Mono<Void> removeAuthorizedUser(Username baseUser, Username userWithAccess) {
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@james.apache.org
For additional commands, e-mail: notifications-help@james.apache.org