cuba-platform · sergeev-ms · Sep 11, 2019 · Sep 11, 2019 · Sep 11, 2019 · Sep 11, 2019
diff --git a/README.md b/README.md
@@ -1,5 +1,12 @@
 # LDAP
 
+Friendly fork of https://github.com/cuba-platform/ldap-addon
+
+1. Added ability to avoid syncing of user information from ldap after user login.
+2. Fix login for old-style user names like _domain\user_ 
+
+____________________
+
 <p>
     <a href="http://www.apache.org/licenses/LICENSE-2.0"><img src="https://img.shields.io/badge/license-Apache%20License%202.0-blue.svg?style=flat" alt="license" title=""></a>
     <a href="https://travis-ci.org/cuba-platform/ldap-addon"><img src="https://travis-ci.org/cuba-platform/ldap-addon.svg?branch=master" alt="Build Status" title=""></a>

diff --git a/build.gradle b/build.gradle
@@ -15,7 +15,7 @@
  */
 
 buildscript {
-    ext.cubaVersion = rootProject.hasProperty('cubaVersion') ? rootProject['cubaVersion'] : '7.2-SNAPSHOT'
+    ext.cubaVersion = rootProject.hasProperty('cubaVersion') ? rootProject['cubaVersion'] : '7.2.7'
     repositories {
         mavenLocal()
         if (System.getenv('HAULMONT_REPOSITORY_URL')) {
@@ -59,8 +59,8 @@ apply(plugin: 'addon-gradle-plugin')
 cuba {
     artifact {
         group = 'com.haulmont.addon.ldap'
-        version = '1.5'
-        isSnapshot = true
+        version = '1.5.2f'
+        isSnapshot = false
     }
     tomcat {
         dir = "$project.rootDir/deploy/tomcat"
@@ -82,6 +82,12 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 See the License for the specific language governing permissions and
 limitations under the License.'''
     }
+
+    uploadRepository {
+        url = uri("https://maven.pkg.github.com/sergeev-ms/ldap-addon")
+        user=project.findProperty("github.user") ?: System.getenv("GITHUB_USER")
+        password=project.findProperty("github.key") ?: System.getenv("GITHUB_TOKEN")
+    }
 }
 
 dependencies {

diff --git a/modules/core/src/com/haulmont/addon/ldap/core/dao/LdapUserDao.java b/modules/core/src/com/haulmont/addon/ldap/core/dao/LdapUserDao.java
@@ -313,8 +313,6 @@ static boolean match(String loginString) {
      */
     class ActiveDirectoryDomain {
 
-        private static final String CN_USERS = "CN=Users";
-
         final String nETBIOSName;
         final String nCName;
         final String dnsRoot;
@@ -339,6 +337,7 @@ LdapContextSource getLdapContextSource() {
                 ldapContextSource.setPassword(ldapPropertiesConfig.getContextSourcePassword());
                 ldapContextSource.setUrl(getUrl());
                 ldapContextSource.setBase(nCName);
+                ldapContextSource.setReferral("follow");
                 ldapContextSource.afterPropertiesSet();
             }
             return ldapContextSource;
@@ -362,11 +361,11 @@ List<LdapUser> searchUser(String query, @Nullable SearchControls searchControls)
                 searchControls.setCountLimit(1);
             }
 
-            return getLdapTemplate().search(CN_USERS, query, new LdapUserMapper(ldapConfigDao.getLdapConfig()));
+            return getLdapTemplate().search(LdapUtils.emptyLdapName(), query, new LdapUserMapper(ldapConfigDao.getLdapConfig()));
         }
 
         boolean authenticate(String filter, String password) throws LoginException {
-            return getLdapTemplate().authenticate(CN_USERS, filter, password,
+            return getLdapTemplate().authenticate(LdapUtils.emptyLdapName(), filter, password,
                     (ctx, ldapEntryIdentification) -> {},
                     e -> logger.error(String.format("Could not auth user by query: %s", filter), e));
         }

diff --git a/modules/core/src/com/haulmont/addon/ldap/core/service/UserSynchronizationServiceBean.java b/modules/core/src/com/haulmont/addon/ldap/core/service/UserSynchronizationServiceBean.java
@@ -42,10 +42,7 @@
 import org.springframework.transaction.annotation.Transactional;
 
 import javax.inject.Inject;
-import java.util.ArrayList;
-import java.util.List;
-import java.util.Optional;
-import java.util.Set;
+import java.util.*;
 import java.util.function.Supplier;
 import java.util.stream.Collectors;
 
@@ -232,6 +229,13 @@ public void synchronizeUsersFromLdap(List<User> cubaUsers, List<LdapUser> ldapUs
 
     }
 
+    @Override
+    public User getExistingCubaUser(String login){
+        return cubaUserDao.getCubaUsersByLogin(Collections.singletonList(login)).stream()
+                .filter(User::getActive)
+                .findFirst().orElse(null);
+    }
+
     private void copyLdapAttributesToCubaUser(LdapMatchingRuleContext ldapMatchingRuleContext,
                                               User syncUser,
                                               String login,

diff --git a/modules/global/src/com/haulmont/addon/ldap/config/LdapPropertiesConfig.java b/modules/global/src/com/haulmont/addon/ldap/config/LdapPropertiesConfig.java
@@ -83,6 +83,10 @@ public interface LdapPropertiesConfig extends Config {
     @Property("ldap.synchronizeCommonInfoFromLdap")
     Boolean getSynchronizeCommonInfoFromLdap();
 
+    @Source(type = SourceType.APP)
+    @Property("ldap.synchronizeInfoAfterLogin")
+    Boolean getSynchronizeInfoAfterLogin();
+
     void setContextSourceUrl(String contextSourceUrl);
 
     void setContextSourceBase(String contextSourceBase);
@@ -109,4 +113,6 @@ public interface LdapPropertiesConfig extends Config {
 
     void setSynchronizeCommonInfoFromLdap(Boolean synchronizeCommonInfoFromLdap);
 
+    void setSynchronizeInfoAfterLogin(Boolean synchronizeInfoAfterLogin);
+
 }
diff --git a/modules/global/src/com/haulmont/addon/ldap/service/UserSynchronizationService.java b/modules/global/src/com/haulmont/addon/ldap/service/UserSynchronizationService.java
@@ -68,4 +68,5 @@ UserSynchronizationResultDto synchronizeUser(String login, boolean saveSynchroni
      */
     void synchronizeUsersFromLdap(List<User> cubaUsers, List<LdapUser> ldapUsers, List<CommonMatchingRule> matchingRules);
 
+    User getExistingCubaUser(String login);
 }
diff --git a/modules/web/src/com/haulmont/addon/ldap/web-app.properties b/modules/web/src/com/haulmont/addon/ldap/web-app.properties
@@ -61,6 +61,7 @@ cuba.web.standardAuthenticationUsers = admin,anonymous
 ldap.expiringSessionNotificationCron = */30 * * * * *
 ldap.addonEnabled = true
 ldap.expiringSessionsEnable = false
+ldap.synchronizeInfoAfterLogin = true
 cuba.web.theme = halo
 cuba.web.loginScreenId=loginWindow
 cuba.web.mainScreenId=mainWindow

diff --git a/modules/web/src/com/haulmont/addon/ldap/web/messages.properties b/modules/web/src/com/haulmont/addon/ldap/web/messages.properties
@@ -30,3 +30,4 @@ menu-config.ldap$UserSynchronizationLog.browse=LDAP Log
 menu-config.ldap$LdapPropertiesConfig.edit=LDAP Config
 expiringSessionMessage=Your session is about to be closed
 LoginException.InactiveUserLoginAttempt=Authentication error. Please contact your system administrator.
+LoginException.UserNotRegistered=User is not registered in system. Please contact your system administrator.
diff --git a/...es/web/src/com/haulmont/addon/ldap/web/security/ldapcomponent/LdapAddonLoginProvider.java b/...es/web/src/com/haulmont/addon/ldap/web/security/ldapcomponent/LdapAddonLoginProvider.java
@@ -25,6 +25,7 @@
 import com.haulmont.cuba.core.global.Messages;
 import com.haulmont.cuba.core.sys.ConditionalOnAppProperty;
 import com.haulmont.cuba.security.auth.*;
+import com.haulmont.cuba.security.entity.User;
 import com.haulmont.cuba.security.global.LoginException;
 import com.haulmont.cuba.web.auth.WebAuthConfig;
 import com.haulmont.cuba.web.security.LoginProvider;
@@ -38,6 +39,7 @@
 import java.io.Serializable;
 import java.util.HashMap;
 import java.util.Map;
+import java.util.Objects;
 
 import static com.haulmont.cuba.web.security.ExternalUserCredentials.EXTERNAL_AUTH_USER_SESSION_ATTRIBUTE;
 
@@ -77,14 +79,16 @@ public AuthenticationDetails login(Credentials credentials) throws LoginExceptio
             return null;
         }
 
-        if (RememberMeCredentials.class.isAssignableFrom(credentials.getClass())) {
-            UserSynchronizationResultDto userSynchronizationResult =
-                    userSynchronizationService.synchronizeUser(((RememberMeCredentials) credentials).getLogin(), true, null, null, null);
-            if (userSynchronizationResult.isInactiveUser()) {
-                throw new LoginException(messages.formatMessage(LdapAddonLoginProvider.class,
-                        "LoginException.InactiveUserLoginAttempt", ((RememberMeCredentials) credentials).getLocale()));
+        if (ldapPropertiesConfig.getSynchronizeInfoAfterLogin()) {
+            if (RememberMeCredentials.class.isAssignableFrom(credentials.getClass())) {
+                UserSynchronizationResultDto userSynchronizationResult =
+                        userSynchronizationService.synchronizeUser(((RememberMeCredentials) credentials).getLogin(), true, null, null, null);
+                if (userSynchronizationResult.isInactiveUser()) {
+                    throw new LoginException(messages.formatMessage(LdapAddonLoginProvider.class,
+                            "LoginException.InactiveUserLoginAttempt", ((RememberMeCredentials) credentials).getLocale()));
+                }
+                return null;
             }
-            return null;
         }
 
         LoginPasswordCredentials loginPasswordCredentials = (LoginPasswordCredentials) credentials;
@@ -93,11 +97,18 @@ public AuthenticationDetails login(Credentials credentials) throws LoginExceptio
                 loginPasswordCredentials.getLogin(),
                 loginPasswordCredentials.getPassword(),
                 loginPasswordCredentials.getLocale());
-        UserSynchronizationResultDto userSynchronizationResult
-                = userSynchronizationService.synchronizeUser(loginPasswordCredentials.getLogin(), true, null, null, null);
-        if (userSynchronizationResult.isInactiveUser()) {
-            throw new LoginException(messages.formatMessage(LdapAddonLoginProvider.class,
-                    "LoginException.InactiveUserLoginAttempt", loginPasswordCredentials.getLocale()));
+
+        if (ldapPropertiesConfig.getSynchronizeInfoAfterLogin()) {
+            UserSynchronizationResultDto userSynchronizationResult = userSynchronizationService.synchronizeUser(loginPasswordCredentials.getLogin(), true, null, null, null);
+            if (userSynchronizationResult.isInactiveUser()) {
+                throw new LoginException(messages.formatMessage(LdapAddonLoginProvider.class,
+                        "LoginException.InactiveUserLoginAttempt", loginPasswordCredentials.getLocale()));
+            }
+        } else {
+            final User cubaUser = userSynchronizationService.getExistingCubaUser(loginPasswordCredentials.getLogin());
+            if (cubaUser == null)
+                throw new LoginException(messages.formatMessage(LdapAddonLoginProvider.class,
+                        "LoginException.UserNotRegistered", loginPasswordCredentials.getLocale()));
         }
 
         TrustedClientCredentials tcCredentials = new TrustedClientCredentials(
-Original file line number
+Diff line change
@@ Expand Up @@
          */
         void synchronizeUsersFromLdap(List<User> cubaUsers, List<LdapUser> ldapUsers, List<CommonMatchingRule> matchingRules);
+        User getExistingCubaUser(String login);
     }