Fix sign-up of an previosly unknown user

2fbf203a · Timm Fitschen · fab8d881 · 2fbf203a · 2fbf203a · 2fbf203a
Verified Commit 2fbf203a authored 3 years ago by Timm Fitschen
--- a/src/main/java/org/caosdb/server/accessControl/UserSources.java
+++ b/src/main/java/org/caosdb/server/accessControl/UserSources.java
@@ -33,6 +33,7 @@ import java.util.Set;
 import org.apache.shiro.authc.AuthenticationException;
 import org.apache.shiro.authz.AuthorizationException;
 import org.apache.shiro.config.Ini;
+import org.apache.shiro.subject.Subject;
 import org.caosdb.server.CaosDBServer;
 import org.caosdb.server.ServerProperties;
 import org.caosdb.server.entity.Message;
@@ -72,6 +73,7 @@ import org.slf4j.LoggerFactory;
 public class UserSources extends HashMap<String, UserSource> {

  public static final String USERNAME_PASSWORD_AUTHENTICATION = "USERNAME_PASSWORD_AUTHENTICATION";
+  private static final Subject transactor = new SinglePermissionSubject("ACM:*:RETRIEVE:*");
  private static final Logger logger = LoggerFactory.getLogger(UserSources.class);
  public static final String KEY_DEFAULT_REALM = "defaultRealm";
  public static final String KEY_REALMS = "realms";
@@ -183,7 +185,7 @@ public class UserSources extends HashMap<String, UserSource> {
      realm = guessRealm(username);
    }

-    RetrieveUserTransaction t = new RetrieveUserTransaction(realm, username);
+    RetrieveUserTransaction t = new RetrieveUserTransaction(realm, username, transactor);
    try {
      t.execute();
      if (t.getUser() != null) return t.getRoles();
@@ -191,14 +193,7 @@ public class UserSources extends HashMap<String, UserSource> {
      throw new AuthorizationException("Could not resolve roles for " + username + "@" + realm);
    }

-    UserSource userSource = instance.get(realm);
-    if (userSource == null) {
-      return null;
-    }
-    // find all roles that are associated with this principal in this realm
-    final Set<String> ret = userSource.resolveRolesForUsername(username);
-
-    return ret;
+    return null;
  }

  public static String guessRealm(final String username) {
@@ -250,8 +245,7 @@ public class UserSources extends HashMap<String, UserSource> {
  }

  public static boolean isRoleExisting(final String role) {
-    final RetrieveRoleTransaction t =
-        new RetrieveRoleTransaction(role, new SinglePermissionSubject("ACM:*:RETRIEVE:*"));
+    final RetrieveRoleTransaction t = new RetrieveRoleTransaction(role, transactor);
    try {
      t.execute();
      return true;
@@ -311,7 +305,7 @@ public class UserSources extends HashMap<String, UserSource> {
  }

  private static boolean isActive(final String realm, final String username) {
-    final RetrieveUserTransaction t = new RetrieveUserTransaction(realm, username);
+    final RetrieveUserTransaction t = new RetrieveUserTransaction(realm, username, transactor);
    try {
      t.execute();
      if (t.getUser() != null) {
@@ -336,4 +330,15 @@ public class UserSources extends HashMap<String, UserSource> {
    }
    return isActive(principal.getRealm(), principal.getUsername());
  }
+
+  public static Set<String> getDefaultRoles(String realm, String username) {
+    UserSource userSource = instance.get(realm);
+    if (userSource == null) {
+      return null;
+    }
+    // find all roles that are associated with this principal in this realm
+    final Set<String> ret = userSource.resolveRolesForUsername(username);
+
+    return ret;
+  }
 }
--- a/src/main/java/org/caosdb/server/database/backend/transaction/LogUserVisit.java
+++ b/src/main/java/org/caosdb/server/database/backend/transaction/LogUserVisit.java
@@ -54,7 +54,7 @@ public class LogUserVisit extends BackendTransaction {
      user.name = username;
      user.email = UserSources.getDefaultUserEmail(realm, username);
      user.status = UserSources.getDefaultUserStatus(realm, username);
-      user.roles = new HashSet<>(UserSources.resolveRoles(realm, username));
+      user.roles = new HashSet<>(UserSources.getDefaultRoles(realm, username));

      UpdateUserImpl insertUser = getImplementation(UpdateUserImpl.class);
      insertUser.execute(user);

--- a/src/main/java/org/caosdb/server/transaction/RetrieveUserTransaction.java
+++ b/src/main/java/org/caosdb/server/transaction/RetrieveUserTransaction.java
@@ -38,14 +38,19 @@ public class RetrieveUserTransaction extends AccessControlTransaction {

  private final Principal principal;
  private ProtoUser user;
+  private final Subject currentUser;

  public RetrieveUserTransaction(final String realm, final String name) {
-    this.principal = new Principal(realm, name);
+    this(realm, name, SecurityUtils.getSubject());
+  }
+
+  public RetrieveUserTransaction(String realm, String username, Subject transactor) {
+    currentUser = transactor;
+    this.principal = new Principal(realm, username);
  }

  @Override
  protected void transaction() throws Exception {
-    Subject currentUser = SecurityUtils.getSubject();
    if (!UserSources.isUserExisting(this.principal)
        || !currentUser.isPermitted(
            ACMPermissions.PERMISSION_RETRIEVE_USER_INFO(
@@ -54,7 +59,7 @@ public class RetrieveUserTransaction extends AccessControlTransaction {
    }
    this.user = execute(new RetrieveUser(this.principal), getAccess()).getUser();

-    if (user.roles != null) {
+    if (user != null && user.roles != null) {
      if (!currentUser.isPermitted(
          ACMPermissions.PERMISSION_RETRIEVE_USER_ROLES(user.realm, user.name))) {
        user.roles = null;