Reimplement ldap

Signed-off-by: Andrew DeMaria <lostonamountain@gmail.com>
9 years ago · 488a7d720b
parent e15eec7fdd
commit 488a7d720b
9 changed files with 209 additions and 17 deletions
--- a/libresonic-main/pom.xml
+++ b/libresonic-main/pom.xml
@ -69,6 +69,11 @@
            <groupId>org.springframework.security</groupId>
            <artifactId>spring-security-ldap</artifactId>
        </dependency>
        <dependency>
            <groupId>org.springframework.ldap</groupId>
            <artifactId>spring-ldap-core</artifactId>
            <version>2.0.2.RELEASE</version>
        </dependency>
        <dependency>
            <groupId>org.springframework.security</groupId>
            <artifactId>spring-security-taglibs</artifactId>
--- a/libresonic-main/src/main/java/org/libresonic/player/controller/AdvancedSettingsController.java
+++ b/libresonic-main/src/main/java/org/libresonic/player/controller/AdvancedSettingsController.java
@ -98,6 +98,8 @@ public class AdvancedSettingsController {
            settingsService.setSmtpPassword(command.getSmtpPassword());
        }
        settingsService.save();
        return "redirect:advancedSettings.view";
    }
--- a/libresonic-main/src/main/java/org/libresonic/player/dao/UserDao.java
+++ b/libresonic-main/src/main/java/org/libresonic/player/dao/UserDao.java
@ -69,11 +69,23 @@ public class UserDao extends AbstractDao {
     * Returns the user with the given username.
     *
     * @param username The username used when logging in.
     * @param caseSensitive
     * @return The user, or <code>null</code> if not found.
     */
-    public User getUserByName(String username) {
+    public User getUserByName(String username, boolean caseSensitive) {
-        String sql = "select " + USER_COLUMNS + " from " + getUserTable() + " where username=?";
+        String sql;
-        User user = queryOne(sql, userRowMapper, username);
+        if(caseSensitive) {
            sql = "select " + USER_COLUMNS + " from " + getUserTable() + " where username=?";
        } else {
            sql = "select " + USER_COLUMNS + " from " + getUserTable() + " where UPPER(username)=UPPER(?)";
        }
        List<User> users = query(sql, userRowMapper, username);
        User user = null;
        if(users.size() == 1) {
            user = users.iterator().next();
        } else if (users.size() > 1) {
            throw new RuntimeException("Too many matching users");
        }
        if(user != null) {
            readRoles(user);
        }
--- a/libresonic-main/src/main/java/org/libresonic/player/security/LibresonicUserDetailsContextMapper.java
+++ b/libresonic-main/src/main/java/org/libresonic/player/security/LibresonicUserDetailsContextMapper.java
@ -0,0 +1,133 @@
 /*
 * Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *      http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
 package org.libresonic.player.security;
 import org.libresonic.player.Logger;
 import org.libresonic.player.domain.User;
 import org.libresonic.player.service.SecurityService;
 import org.libresonic.player.service.SettingsService;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.ldap.core.DirContextAdapter;
 import org.springframework.ldap.core.DirContextOperations;
 import org.springframework.security.authentication.BadCredentialsException;
 import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.security.ldap.ppolicy.PasswordPolicyControl;
 import org.springframework.security.ldap.ppolicy.PasswordPolicyResponseControl;
 import org.springframework.security.ldap.userdetails.LdapUserDetailsImpl;
 import org.springframework.security.ldap.userdetails.UserDetailsContextMapper;
 import org.springframework.stereotype.Component;
 import java.util.Collection;
@Component
 public class LibresonicUserDetailsContextMapper implements UserDetailsContextMapper {
    // ~ Instance fields
    // ================================================================================================
    private final Logger logger = Logger.getLogger(LibresonicUserDetailsContextMapper.class);
    private String passwordAttributeName = "userPassword";
    @Autowired
    SecurityService securityService;
    @Autowired
    SettingsService settingsService;
    // ~ Methods
    // ========================================================================================================
    public UserDetails mapUserFromContext(DirContextOperations ctx, String username,
                                          Collection<? extends GrantedAuthority> authorities) {
        String dn = ctx.getNameInNamespace();
        logger.debug("Mapping user details from context with DN: " + dn);
        // User must be defined in Libresonic, unless auto-shadowing is enabled.
        User user = securityService.getUserByName(username, false);
        if (user == null && !settingsService.isLdapAutoShadowing()) {
            throw new BadCredentialsException("User does not exist.");
        }
        if (user == null) {
            User newUser = new User(username, "", null, true, 0L, 0L, 0L);
            newUser.setStreamRole(true);
            newUser.setSettingsRole(true);
            securityService.createUser(newUser);
            logger.info("Created local user '" + username + "' for DN " + dn);
            user = securityService.getUserByName(username, false);
        }
        // LDAP authentication must be enabled for the given user.
        if (!user.isLdapAuthenticated()) {
            throw new BadCredentialsException("LDAP authentication disabled for user.");
        }
        LdapUserDetailsImpl.Essence essence = new LdapUserDetailsImpl.Essence();
        essence.setDn(dn);
        Object passwordValue = ctx.getObjectAttribute(passwordAttributeName);
        if (passwordValue != null) {
            essence.setPassword(mapPassword(passwordValue));
        }
        essence.setUsername(user.getUsername());
        // Add the supplied authorities
        for (GrantedAuthority authority : securityService.getGrantedAuthorities(user.getUsername())) {
            essence.addAuthority(authority);
        }
        // Check for PPolicy data
        PasswordPolicyResponseControl ppolicy = (PasswordPolicyResponseControl) ctx
                .getObjectAttribute(PasswordPolicyControl.OID);
        if (ppolicy != null) {
            essence.setTimeBeforeExpiration(ppolicy.getTimeBeforeExpiration());
            essence.setGraceLoginsRemaining(ppolicy.getGraceLoginsRemaining());
        }
        return essence.createUserDetails();
    }
    public void mapUserToContext(UserDetails user, DirContextAdapter ctx) {
        throw new UnsupportedOperationException(
                "LdapUserDetailsMapper only supports reading from a context. Please"
                        + "use a subclass if mapUserToContext() is required.");
    }
    /**
     * Extension point to allow customized creation of the user's password from the
     * attribute stored in the directory.
     *
     * @param passwordValue the value of the password attribute
     * @return a String representation of the password.
     */
    protected String mapPassword(Object passwordValue) {
        if (!(passwordValue instanceof String)) {
            // Assume it's binary
            passwordValue = new String((byte[]) passwordValue);
        }
        return (String) passwordValue;
    }
 }
--- a/libresonic-main/src/main/java/org/libresonic/player/security/WebSecurityConfig.java
+++ b/libresonic-main/src/main/java/org/libresonic/player/security/WebSecurityConfig.java
@ -1,6 +1,7 @@
 package org.libresonic.player.security;
 import org.libresonic.player.service.SecurityService;
 import org.libresonic.player.service.SettingsService;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
@ -18,20 +19,37 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
    @Autowired
    private SecurityService securityService;
    @Autowired
    private CsrfSecurityRequestMatcher csrfSecurityRequestMatcher;
    @Autowired
    LoginFailureLogger loginFailureLogger;
    @Autowired
    SettingsService settingsService;
    @Autowired
    LibresonicUserDetailsContextMapper libresonicUserDetailsContextMapper;
    @Override
    @Bean(name = "authenticationManager")
    public AuthenticationManager authenticationManagerBean() throws Exception {
        return super.authenticationManagerBean();
    }
    @Autowired
    public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
        if (settingsService.isLdapEnabled()) {
            auth.ldapAuthentication()
                    .contextSource()
                        .managerDn(settingsService.getLdapManagerDn())
                        .managerPassword(settingsService.getLdapManagerPassword())
                        .url(settingsService.getLdapUrl())
                    .and()
                    .userSearchFilter(settingsService.getLdapSearchFilter())
                    .userDetailsContextMapper(libresonicUserDetailsContextMapper);
        }
        auth.userDetailsService(securityService);
    }
@ -89,7 +107,6 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
                    .passwordParameter("j_password")
            // see http://docs.spring.io/spring-security/site/docs/3.2.4.RELEASE/reference/htmlsingle/#csrf-logout
            .and().logout().logoutRequestMatcher(new AntPathRequestMatcher("/logout", "GET")).logoutSuccessUrl("/login?logout")
-            .and().rememberMe().userDetailsService(securityService).key("libresonic");
+            .and().rememberMe().key("libresonic");
    }
 }
--- a/libresonic-main/src/main/java/org/libresonic/player/service/SecurityService.java
+++ b/libresonic-main/src/main/java/org/libresonic/player/service/SecurityService.java
@ -62,11 +62,22 @@ public class SecurityService implements UserDetailsService {
     * @throws DataAccessException       If user could not be found for a repository-specific reason.
     */
    public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException, DataAccessException {
-        User user = getUserByName(username);
+        return loadUserByUsername(username, true);
    }
    public UserDetails loadUserByUsername(String username, boolean caseSensitive)
            throws UsernameNotFoundException, DataAccessException {
        User user = getUserByName(username, caseSensitive);
        if (user == null) {
            throw new UsernameNotFoundException("User \"" + username + "\" was not found.");
        }
        List<GrantedAuthority> authorities = getGrantedAuthorities(username);
        return new org.springframework.security.core.userdetails.User(username, user.getPassword(), authorities);
    }
    public List<GrantedAuthority> getGrantedAuthorities(String username) {
        String[] roles = userDao.getRolesForUser(username);
        List<GrantedAuthority> authorities = new ArrayList<>();
        authorities.add(new SimpleGrantedAuthority("IS_AUTHENTICATED_ANONYMOUSLY"));
@ -74,8 +85,7 @@ public class SecurityService implements UserDetailsService {
        for (int i = 0; i < roles.length; i++) {
            authorities.add(new SimpleGrantedAuthority("ROLE_" + roles[i].toUpperCase()));
        }
-
+        return authorities;
        return new org.springframework.security.core.userdetails.User(username, user.getPassword(), authorities);
    }
    /**
@ -86,7 +96,7 @@ public class SecurityService implements UserDetailsService {
     */
    public User getCurrentUser(HttpServletRequest request) {
        String username = getCurrentUsername(request);
-        return username == null ? null : userDao.getUserByName(username);
+        return username == null ? null : getUserByName(username);
    }
    /**
@ -106,7 +116,17 @@ public class SecurityService implements UserDetailsService {
     * @return The user, or <code>null</code> if not found.
     */
    public User getUserByName(String username) {
-        return userDao.getUserByName(username);
+        return getUserByName(username, true);
    }
    /**
     * Returns the user with the given username
     * @param username
     * @param caseSensitive If false, will do a case insensitive search
     * @return
     */
    public User getUserByName(String username, boolean caseSensitive) {
        return userDao.getUserByName(username, caseSensitive);
    }
    /**
--- a/libresonic-main/src/main/resources/org/libresonic/player/i18n/ResourceBundle_en.properties
+++ b/libresonic-main/src/main/resources/org/libresonic/player/i18n/ResourceBundle_en.properties
@ -371,6 +371,7 @@ advancedsettings.ldapsearchfilter = LDAP search filter
 advancedsettings.ldapmanagerdn = LDAP manager DN<br><div class="detail">(Optional)</div>
 advancedsettings.ldapmanagerpassword = Password
 advancedsettings.ldapautoshadowing = Automatically create users in {0}
 advancedsettings.ldapRequiresRestart = LDAP settings require a restart to take effect
 advancedsettings.smtpPort = SMTP port
 advancedsettings.smtpServer = SMTP server
 advancedsettings.smtpEncryption = SMTP encryption
--- a/libresonic-main/src/main/webapp/WEB-INF/jsp/advancedSettings.jsp
+++ b/libresonic-main/src/main/webapp/WEB-INF/jsp/advancedSettings.jsp
@ -138,6 +138,8 @@
        </tr>
    </table>
    <p class="warning"><fmt:message key="advancedsettings.ldapRequiresRestart"/></p>
    <input type="submit" value="<fmt:message key="common.save"/>" style="margin-right:0.3em">
    <input type="button" value="<fmt:message key="common.cancel"/>" onclick="location.href='nowPlaying.view'">
--- a/libresonic-main/src/test/java/org/libresonic/player/dao/UserDaoTestCase.java
+++ b/libresonic-main/src/test/java/org/libresonic/player/dao/UserDaoTestCase.java
@ -115,15 +115,15 @@ public class UserDaoTestCase extends DaoTestCaseBean2 {
        User user = new User("sindre", "secret", null);
        userDao.createUser(user);
-        User newUser = userDao.getUserByName("sindre");
+        User newUser = userDao.getUserByName("sindre", true);
        assertNotNull("Error in getUserByName().", newUser);
        assertUserEquals(user, newUser);
-        assertNull("Error in getUserByName().", userDao.getUserByName("sindre2"));
+        assertNull("Error in getUserByName().", userDao.getUserByName("sindre2", true));
-        assertNull("Error in getUserByName().", userDao.getUserByName("sindre "));
+        assertNull("Error in getUserByName().", userDao.getUserByName("sindre ", true));
-        assertNull("Error in getUserByName().", userDao.getUserByName("bente"));
+        assertNull("Error in getUserByName().", userDao.getUserByName("bente", true));
-        assertNull("Error in getUserByName().", userDao.getUserByName(""));
+        assertNull("Error in getUserByName().", userDao.getUserByName("", true));
-        assertNull("Error in getUserByName().", userDao.getUserByName(null));
+        assertNull("Error in getUserByName().", userDao.getUserByName(null, true));
    }
    @Test