Skip to content

Commit

Permalink
Merge pull request wso2#5301 from Thisara-Welmilla/improve-jit-prov
Browse files Browse the repository at this point in the history 
Improve JIT provisioning
  • Loading branch information
@Thisara-Welmilla
Thisara-Welmilla authored Dec 15, 2023
2 parents f561621 + 852ff2b commit 6f67f98
Show file tree
Hide file tree
Showing 2 changed files with 39 additions and 21 deletions.
58 changes: 37 additions & 21 deletions ...thentication/framework/handler/request/impl/JITProvisioningPostAuthenticationHandler.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -207,28 +207,8 @@ private PostAuthnHandlerFlowStatus handleResponseFlow(HttpServletRequest request
externalIdPConfigName, context, localClaimValues, externalIdPConfig);
if (context.getProperty(FrameworkConstants.CHANGING_USERNAME_ALLOWED) != null) {
username = request.getParameter(FrameworkConstants.USERNAME);
try {
/*
Checks whether the provided user is already existing in the system. If so an exception
will be thrown.
*/
UserRealm realm = getUserRealm(context.getTenantDomain());
UserStoreManager userStoreManager = getUserStoreManager(context.getExternalIdP()
.getProvisioningUserStoreId(), realm, username);
String sanitizedUserName = UserCoreUtil.removeDomainFromName(
MultitenantUtils.getTenantAwareUsername(username));
if (userStoreManager.isExistingUser(sanitizedUserName)) {
// Logging the error because the thrown exception is handled in the UI.
log.error(ErrorMessages.USER_ALREADY_EXISTS_ERROR.getCode() + " - "
+ ErrorMessages.USER_ALREADY_EXISTS_ERROR.getMessage());
handleExceptions(ErrorMessages.USER_ALREADY_EXISTS_ERROR.getMessage(),
"provided.username.already.exists", null);
}
} catch (UserStoreException e) {
handleExceptions(ErrorMessages.ERROR_WHILE_CHECKING_USERNAME_EXISTENCE.getMessage(),
"error.user.existence", e);
}
}
isUsernameExists(context, username);
callDefaultProvisioningHandler(username, context, externalIdPConfig, combinedLocalClaims,
stepConfig);
handleConsents(request, stepConfig, context.getTenantDomain());
Expand Down Expand Up @@ -353,6 +333,9 @@ private PostAuthnHandlerFlowStatus handleRequestFlow(HttpServletRequest request,
username, request);
// Set the property to make sure the request is a returning one.
context.setProperty(FrameworkConstants.PASSWORD_PROVISION_REDIRECTION_TRIGGERED, true);
if (!externalIdPConfig.isModifyUserNameAllowed()) {
isUsernameExists(context, username);
}
return PostAuthnHandlerFlowStatus.INCOMPLETE;
}
if (StringUtils.isEmpty(associatedLocalUser) && externalIdPConfig.isAssociateLocalUserEnabled()) {
Expand Down Expand Up @@ -428,6 +411,9 @@ private PostAuthnHandlerFlowStatus handleRequestFlow(HttpServletRequest request,
localClaimValues.get(EMAIL_ADDRESS_CLAIM))) {
username = UserCoreUtil.addTenantDomainToEntry(username, context.getTenantDomain());
}
if (StringUtils.isEmpty(associatedLocalUser)) {
isUsernameExists(context, username);
}
callDefaultProvisioningHandler(username, context, externalIdPConfig, localClaimValues,
stepConfig);
}
Expand Down Expand Up @@ -1159,4 +1145,34 @@ private String getUserStoreDomain(String provisioningUserStoreId, UserRealm real
}
return userStoreDomain;
}

/**
* This method throws a PostAuthenticationFailedException if the provided username is already existing in the
* system.
*
* @param context AuthenticationContext.
* @param username Username of the federated user.
* @throws PostAuthenticationFailedException if the provided username already exists.
*/
private void isUsernameExists(AuthenticationContext context, String username)
throws PostAuthenticationFailedException {

try {
UserRealm realm = getUserRealm(context.getTenantDomain());
UserStoreManager userStoreManager = getUserStoreManager(context.getExternalIdP()
.getProvisioningUserStoreId(), realm, username);
String sanitizedUserName = UserCoreUtil.removeDomainFromName(
MultitenantUtils.getTenantAwareUsername(username));
if (userStoreManager.isExistingUser(sanitizedUserName)) {
// Logging the error because the thrown exception is handled in the UI.
log.error(ErrorMessages.USER_ALREADY_EXISTS_ERROR.getCode() + " - "
+ ErrorMessages.USER_ALREADY_EXISTS_ERROR.getMessage());
handleExceptions(ErrorMessages.USER_ALREADY_EXISTS_ERROR.getMessage(),
ErrorMessages.USER_ALREADY_EXISTS_ERROR.getCode(), null);
}
} catch (UserStoreException e) {
handleExceptions(ErrorMessages.ERROR_WHILE_CHECKING_USERNAME_EXISTENCE.getMessage(),
"error.user.existence", e);
}
}
}
2 changes: 2 additions & 0 deletions ...tication/framework/handler/request/impl/JITProvisioningPostAuthenticationHandlerTest.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -172,6 +172,8 @@ public void testHandleWithAuthenticatedUserWithFederatedIdp() throws FrameworkEx
when(mockUserStoreManager.getUserClaimValues(anyString(),
eq(new String[]{FrameworkConstants.ACCOUNT_LOCKED_CLAIM_URI}),
eq(UserCoreConstants.DEFAULT_PROFILE))).thenReturn(mockClaimValues);
when(mockUserStoreManager.getSecondaryUserStoreManager(anyString())).thenReturn(mockUserStoreManager);
when(mockUserStoreManager.isExistingUser(anyString())).thenReturn(false);
when(mockClaimValues.get(FrameworkConstants.ACCOUNT_LOCKED_CLAIM_URI)).thenReturn("false");

// Need to mock getIdPConfigByName with a null parameter.
Expand Down

0 comments on commit 6f67f98

Please sign in to comment.