You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@usergrid.apache.org by mr...@apache.org on 2016/08/01 16:53:47 UTC
[12/50] [abbrv] usergrid git commit: made changes for PR comments..
made changes for PR comments..
Project: http://git-wip-us.apache.org/repos/asf/usergrid/repo
Commit: http://git-wip-us.apache.org/repos/asf/usergrid/commit/930308d7
Tree: http://git-wip-us.apache.org/repos/asf/usergrid/tree/930308d7
Diff: http://git-wip-us.apache.org/repos/asf/usergrid/diff/930308d7
Branch: refs/heads/master
Commit: 930308d7e30f31f7d9f0f25f0bbb02982c30e86e
Parents: b583207
Author: Ayesha Dastagiri <ay...@gmail.com>
Authored: Fri Jul 8 11:20:36 2016 -0700
Committer: Ayesha Dastagiri <ay...@gmail.com>
Committed: Fri Jul 8 11:20:36 2016 -0700
----------------------------------------------------------------------
.../usergrid/rest/exceptions/AuthErrorInfo.java | 2 +-
.../rest/management/ManagementResource.java | 7 +++--
.../organizations/OrganizationsResource.java | 5 +---
.../rest/management/users/UserResource.java | 31 +++++++-------------
.../rest/management/users/UsersResource.java | 7 ++---
.../OAuth2AccessTokenSecurityFilter.java | 4 +--
...alSSOProviderAdminUserNotFoundException.java | 11 +++++++
.../tokens/cassandra/TokenServiceImpl.java | 13 +++++---
8 files changed, 40 insertions(+), 40 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/usergrid/blob/930308d7/stack/rest/src/main/java/org/apache/usergrid/rest/exceptions/AuthErrorInfo.java
----------------------------------------------------------------------
diff --git a/stack/rest/src/main/java/org/apache/usergrid/rest/exceptions/AuthErrorInfo.java b/stack/rest/src/main/java/org/apache/usergrid/rest/exceptions/AuthErrorInfo.java
index 8b7b969..c9149e5 100644
--- a/stack/rest/src/main/java/org/apache/usergrid/rest/exceptions/AuthErrorInfo.java
+++ b/stack/rest/src/main/java/org/apache/usergrid/rest/exceptions/AuthErrorInfo.java
@@ -43,7 +43,7 @@ public enum AuthErrorInfo {
INVALID_USERNAME_OR_PASSWORD_ERROR( "auth_invalid_username_or_password",
"Unable to authenticate due to username or password being incorrect" ), //
UNVERIFIED_OAUTH_ERROR( "auth_unverified_oath", "Unable to authenticate OAuth credentials" ), //
- EXTERNALSSOPROVIDER_UNACTIVATED_ADMINUSER("externalssoprovider_unactivated_adminuser","Admin user needs to be activated via the external provider"),
+ EXTERNALSSOPROVIDER_UNACTIVATED_ADMINUSER("externalssoprovider_unactivated_adminuser","Admin user not found or does not have access to any organizations."),
NO_DOMAIN_ERROR( "auth_no_application", "Unable to authenticate due to application not found" ), //
NOT_DOMAIN_OWNER_ERROR( "auth_not_application_owner", "" ), //
EXPIRED_ACCESS_TOKEN_ERROR( "expired_token", "Unable to authenticate due to expired access token" ), //
http://git-wip-us.apache.org/repos/asf/usergrid/blob/930308d7/stack/rest/src/main/java/org/apache/usergrid/rest/management/ManagementResource.java
----------------------------------------------------------------------
diff --git a/stack/rest/src/main/java/org/apache/usergrid/rest/management/ManagementResource.java b/stack/rest/src/main/java/org/apache/usergrid/rest/management/ManagementResource.java
index 3d794d6..056303a 100644
--- a/stack/rest/src/main/java/org/apache/usergrid/rest/management/ManagementResource.java
+++ b/stack/rest/src/main/java/org/apache/usergrid/rest/management/ManagementResource.java
@@ -531,10 +531,11 @@ public class ManagementResource extends AbstractContextResource {
return; // we only care about username/password auth
}
- final boolean externalTokensEnabled =
- !StringUtils.isEmpty( properties.getProperty( USERGRID_EXTERNAL_SSO_ENABLED ) );
+ //why !isexternal_sso_enabled ?
+// final boolean externalTokensEnabled =
+// !StringUtils.isEmpty( properties.getProperty( USERGRID_EXTERNAL_SSO_ENABLED ) );
- if ( externalTokensEnabled ) {
+ if ( tokens.isExternalSSOProviderEnabled() ) {
// when external tokens enabled then only superuser can obtain an access token
http://git-wip-us.apache.org/repos/asf/usergrid/blob/930308d7/stack/rest/src/main/java/org/apache/usergrid/rest/management/organizations/OrganizationsResource.java
----------------------------------------------------------------------
diff --git a/stack/rest/src/main/java/org/apache/usergrid/rest/management/organizations/OrganizationsResource.java b/stack/rest/src/main/java/org/apache/usergrid/rest/management/organizations/OrganizationsResource.java
index 0e77d97..476e315 100644
--- a/stack/rest/src/main/java/org/apache/usergrid/rest/management/organizations/OrganizationsResource.java
+++ b/stack/rest/src/main/java/org/apache/usergrid/rest/management/organizations/OrganizationsResource.java
@@ -185,10 +185,7 @@ public class OrganizationsResource extends AbstractContextResource {
String email, String password, Map<String, Object> userProperties,
Map<String, Object> orgProperties, String callback ) throws Exception {
- final boolean externalTokensEnabled =
- !StringUtils.isEmpty( properties.getProperty( USERGRID_EXTERNAL_PROVIDER_URL ) );
-
- if ( externalTokensEnabled ) {
+ if ( tokens.isExternalSSOProviderEnabled() ) {
throw new IllegalArgumentException( "Organization / Admin Users must be created via " +
properties.getProperty( USERGRID_EXTERNAL_PROVIDER_URL ) );
}
http://git-wip-us.apache.org/repos/asf/usergrid/blob/930308d7/stack/rest/src/main/java/org/apache/usergrid/rest/management/users/UserResource.java
----------------------------------------------------------------------
diff --git a/stack/rest/src/main/java/org/apache/usergrid/rest/management/users/UserResource.java b/stack/rest/src/main/java/org/apache/usergrid/rest/management/users/UserResource.java
index b16e85c..739ef28 100644
--- a/stack/rest/src/main/java/org/apache/usergrid/rest/management/users/UserResource.java
+++ b/stack/rest/src/main/java/org/apache/usergrid/rest/management/users/UserResource.java
@@ -47,7 +47,6 @@ import java.util.UUID;
import static org.apache.usergrid.security.shiro.utils.SubjectUtils.isServiceAdmin;
import static org.apache.usergrid.security.tokens.cassandra.TokenServiceImpl.USERGRID_EXTERNAL_PROVIDER_URL;
-import static org.apache.usergrid.security.tokens.cassandra.TokenServiceImpl.USERGRID_EXTERNAL_SSO_ENABLED;
import static org.apache.usergrid.utils.ConversionUtils.string;
@@ -216,10 +215,7 @@ public class UserResource extends AbstractContextResource {
@Produces( MediaType.TEXT_HTML )
public Viewable showPasswordResetForm( @Context UriInfo ui, @QueryParam( "token" ) String token ) {
- final boolean externalTokensEnabled =
- Boolean.valueOf( properties.getProperty( USERGRID_EXTERNAL_SSO_ENABLED ) );
-
- if ( externalTokensEnabled ) {
+ if ( tokens.isExternalSSOProviderEnabled() ) {
throw new IllegalArgumentException( "Admin Users must reset passwords via " +
properties.getProperty( USERGRID_EXTERNAL_PROVIDER_URL ) );
}
@@ -263,10 +259,7 @@ public class UserResource extends AbstractContextResource {
logger.trace("handlePasswordResetForm");
}
- final boolean externalTokensEnabled =
- Boolean.valueOf( properties.getProperty( USERGRID_EXTERNAL_SSO_ENABLED ) );
-
- if ( externalTokensEnabled ) {
+ if ( tokens.isExternalSSOProviderEnabled() ) {
throw new IllegalArgumentException( "Admin Users must reset passwords via " +
properties.getProperty( USERGRID_EXTERNAL_PROVIDER_URL ) );
}
@@ -352,10 +345,7 @@ public class UserResource extends AbstractContextResource {
@Produces( MediaType.TEXT_HTML )
public Viewable activate( @Context UriInfo ui, @QueryParam( "token" ) String token ) {
- final boolean externalTokensEnabled =
- Boolean.valueOf( properties.getProperty( USERGRID_EXTERNAL_SSO_ENABLED ) );
-
- if ( externalTokensEnabled ) {
+ if ( tokens.isExternalSSOProviderEnabled() ) {
throw new IllegalArgumentException( "Admin Users must activate via " +
properties.getProperty( USERGRID_EXTERNAL_PROVIDER_URL ) );
}
@@ -385,10 +375,7 @@ public class UserResource extends AbstractContextResource {
@Produces( MediaType.TEXT_HTML )
public Viewable confirm( @Context UriInfo ui, @QueryParam( "token" ) String token ) {
- final boolean externalTokensEnabled =
- Boolean.valueOf( properties.getProperty( USERGRID_EXTERNAL_SSO_ENABLED ) );
-
- if ( externalTokensEnabled ) {
+ if ( tokens.isExternalSSOProviderEnabled() ) {
throw new IllegalArgumentException( "Admin Users must confirm via " +
properties.getProperty( USERGRID_EXTERNAL_PROVIDER_URL ) );
}
@@ -424,10 +411,7 @@ public class UserResource extends AbstractContextResource {
@QueryParam( "callback" ) @DefaultValue( "callback" ) String callback )
throws Exception {
- final boolean externalTokensEnabled =
- Boolean.valueOf( properties.getProperty( USERGRID_EXTERNAL_SSO_ENABLED ) );
-
- if ( externalTokensEnabled ) {
+ if ( tokens.isExternalSSOProviderEnabled() ) {
throw new IllegalArgumentException( "Admin Users must reactivate via " +
properties.getProperty( USERGRID_EXTERNAL_PROVIDER_URL ) );
}
@@ -451,6 +435,11 @@ public class UserResource extends AbstractContextResource {
@QueryParam( "callback" ) @DefaultValue( "callback" ) String callback )
throws Exception {
+ if ( tokens.isExternalSSOProviderEnabled() ) {
+ throw new IllegalArgumentException( "Admin Users must tokens must be revoked via " +
+ properties.getProperty( USERGRID_EXTERNAL_PROVIDER_URL ) );
+ }
+
UUID adminId = user.getUuid();
logger.info( "Revoking user tokens for {}", adminId );
http://git-wip-us.apache.org/repos/asf/usergrid/blob/930308d7/stack/rest/src/main/java/org/apache/usergrid/rest/management/users/UsersResource.java
----------------------------------------------------------------------
diff --git a/stack/rest/src/main/java/org/apache/usergrid/rest/management/users/UsersResource.java b/stack/rest/src/main/java/org/apache/usergrid/rest/management/users/UsersResource.java
index 9730e06..64281b6 100644
--- a/stack/rest/src/main/java/org/apache/usergrid/rest/management/users/UsersResource.java
+++ b/stack/rest/src/main/java/org/apache/usergrid/rest/management/users/UsersResource.java
@@ -44,7 +44,6 @@ import java.util.UUID;
import static org.apache.commons.lang.StringUtils.isBlank;
import static org.apache.usergrid.rest.exceptions.SecurityException.mappableSecurityException;
-import static org.apache.usergrid.security.tokens.cassandra.TokenServiceImpl.USERGRID_EXTERNAL_SSO_ENABLED;
import static org.apache.usergrid.security.tokens.cassandra.TokenServiceImpl.USERGRID_EXTERNAL_PROVIDER_URL;
@@ -115,10 +114,7 @@ public class UsersResource extends AbstractContextResource {
@QueryParam( "callback" ) @DefaultValue( "callback" ) String callback )
throws Exception {
- final boolean externalTokensEnabled =
- Boolean.valueOf( properties.getProperty( USERGRID_EXTERNAL_SSO_ENABLED ) );
-
- if ( externalTokensEnabled ) {
+ if ( tokens.isExternalSSOProviderEnabled() ) {
throw new IllegalArgumentException( "Admin Users must signup via " +
properties.getProperty( USERGRID_EXTERNAL_PROVIDER_URL ) );
}
@@ -141,6 +137,7 @@ public class UsersResource extends AbstractContextResource {
UserInfo user = null;
if ( tokens.isExternalSSOProviderEnabled() ){
+ //autoactivating user, since the activation
user = management.createAdminUser(null,username,name,email,password,true,false);
}
else {
http://git-wip-us.apache.org/repos/asf/usergrid/blob/930308d7/stack/rest/src/main/java/org/apache/usergrid/rest/security/shiro/filters/OAuth2AccessTokenSecurityFilter.java
----------------------------------------------------------------------
diff --git a/stack/rest/src/main/java/org/apache/usergrid/rest/security/shiro/filters/OAuth2AccessTokenSecurityFilter.java b/stack/rest/src/main/java/org/apache/usergrid/rest/security/shiro/filters/OAuth2AccessTokenSecurityFilter.java
index 4132dd3..7b35df6 100644
--- a/stack/rest/src/main/java/org/apache/usergrid/rest/security/shiro/filters/OAuth2AccessTokenSecurityFilter.java
+++ b/stack/rest/src/main/java/org/apache/usergrid/rest/security/shiro/filters/OAuth2AccessTokenSecurityFilter.java
@@ -27,7 +27,7 @@ import org.apache.shiro.subject.Subject;
import org.apache.usergrid.management.ApplicationInfo;
import org.apache.usergrid.management.OrganizationInfo;
import org.apache.usergrid.management.UserInfo;
-import org.apache.usergrid.management.exceptions.ExternalSSOProviderAdminUserNotFoundExceptions;
+import org.apache.usergrid.management.exceptions.ExternalSSOProviderAdminUserNotFoundException;
import org.apache.usergrid.management.exceptions.ManagementException;
import org.apache.usergrid.security.AuthPrincipalInfo;
import org.apache.usergrid.security.AuthPrincipalType;
@@ -110,7 +110,7 @@ public class OAuth2AccessTokenSecurityFilter extends SecurityFilter implements C
} catch (InvalidTokenException ite) {
throw mappableSecurityException( INVALID_AUTH_ERROR );
}
- catch (ExternalSSOProviderAdminUserNotFoundExceptions eAdminUserNotFound){
+ catch (ExternalSSOProviderAdminUserNotFoundException eAdminUserNotFound){
throw mappableSecurityException(EXTERNALSSOPROVIDER_UNACTIVATED_ADMINUSER);
} catch(IndexOutOfBoundsException ioobe) {
// token is just some rubbish string
http://git-wip-us.apache.org/repos/asf/usergrid/blob/930308d7/stack/services/src/main/java/org/apache/usergrid/management/exceptions/ExternalSSOProviderAdminUserNotFoundException.java
----------------------------------------------------------------------
diff --git a/stack/services/src/main/java/org/apache/usergrid/management/exceptions/ExternalSSOProviderAdminUserNotFoundException.java b/stack/services/src/main/java/org/apache/usergrid/management/exceptions/ExternalSSOProviderAdminUserNotFoundException.java
new file mode 100644
index 0000000..67f1b1e
--- /dev/null
+++ b/stack/services/src/main/java/org/apache/usergrid/management/exceptions/ExternalSSOProviderAdminUserNotFoundException.java
@@ -0,0 +1,11 @@
+package org.apache.usergrid.management.exceptions;
+
+/**
+ * Created by ayeshadastagiri on 7/8/16.
+ */
+public class ExternalSSOProviderAdminUserNotFoundException extends ManagementException {
+
+ public ExternalSSOProviderAdminUserNotFoundException(){super();}
+ public ExternalSSOProviderAdminUserNotFoundException(String arg0){super(arg0);}
+
+}
http://git-wip-us.apache.org/repos/asf/usergrid/blob/930308d7/stack/services/src/main/java/org/apache/usergrid/security/tokens/cassandra/TokenServiceImpl.java
----------------------------------------------------------------------
diff --git a/stack/services/src/main/java/org/apache/usergrid/security/tokens/cassandra/TokenServiceImpl.java b/stack/services/src/main/java/org/apache/usergrid/security/tokens/cassandra/TokenServiceImpl.java
index dc61b7f..2234257 100644
--- a/stack/services/src/main/java/org/apache/usergrid/security/tokens/cassandra/TokenServiceImpl.java
+++ b/stack/services/src/main/java/org/apache/usergrid/security/tokens/cassandra/TokenServiceImpl.java
@@ -332,10 +332,15 @@ public class TokenServiceImpl implements TokenService {
// If the token doesn't parse as a Usergrid token, see if an external provider other than Usergrid is
// enabled. If so, just validate the external token.
- if( isExternalSSOProviderEnabled() && !getExternalSSOProvider().equalsIgnoreCase("usergrid")) {
- return validateExternalToken(token, 1, getExternalSSOProvider());
- }else{
- throw e; // re-throw the error
+ try{
+ if( isExternalSSOProviderEnabled() && !getExternalSSOProvider().equalsIgnoreCase("usergrid")) {
+ return validateExternalToken(token, 1, getExternalSSOProvider());
+ }else{
+ throw new IllegalArgumentException("invalid external provider : " + getExternalSSOProvider()); // re-throw the error
+ }
+ }
+ catch (NullPointerException npe){
+ throw new IllegalArgumentException("The SSO provider in the config is empty.");
}
}