From f8c7f17ffe6a7a9be6968da0246440234bd149c8 Mon Sep 17 00:00:00 2001 From: hongwei Date: Wed, 25 Jan 2023 15:04:29 +0100 Subject: [PATCH] refactor/Username is not unique in OBP -- added provider to all getUserByName methods --- obp-api/src/main/scala/code/api/OAuth2.scala | 11 +-- .../main/scala/code/api/OBPRestHelper.scala | 2 +- obp-api/src/main/scala/code/api/dauth.scala | 4 +- .../main/scala/code/api/openidconnect.scala | 2 +- .../scala/code/api/util/AfterApiAuth.scala | 2 +- .../scala/code/api/util/ErrorMessages.scala | 4 +- .../main/scala/code/api/util/NewStyle.scala | 4 +- .../scala/code/api/v3_0_0/APIMethods300.scala | 4 +- .../scala/code/api/v3_1_0/APIMethods310.scala | 14 ++-- .../scala/code/api/v4_0_0/APIMethods400.scala | 20 +++--- .../code/api/v4_0_0/JSONFactory4.0.0.scala | 2 +- .../scala/code/api/v5_1_0/APIMethods510.scala | 6 +- .../scala/code/bankconnectors/Connector.scala | 3 +- .../bankconnectors/LocalMappedConnector.scala | 4 +- .../KafkaMappedConnector_vSept2018.scala | 2 +- .../code/loginattempts/LoginAttempts.scala | 30 +++++--- .../loginattempts/MappedBadLoginAttempt.scala | 2 +- .../main/scala/code/model/BankingData.scala | 2 +- obp-api/src/main/scala/code/model/User.scala | 8 +-- .../code/model/dataAccess/AuthUser.scala | 69 ++++++++++--------- .../code/remotedata/RemotedataUsers.scala | 6 +- .../remotedata/RemotedataUsersActor.scala | 12 ++-- .../scala/code/sandbox/OBPDataImport.scala | 5 +- .../scala/code/snippet/UserInvitation.scala | 4 +- .../code/userlocks/UserLocksProvider.scala | 12 ++-- .../src/main/scala/code/users/LiftUsers.scala | 9 ++- obp-api/src/main/scala/code/users/Users.scala | 6 +- .../test/scala/code/api/DirectLoginTest.scala | 5 +- .../src/test/scala/code/api/oauthTest.scala | 2 +- .../scala/code/api/v4_0_0/LockUserTest.scala | 4 +- 30 files changed, 140 insertions(+), 120 deletions(-) diff --git a/obp-api/src/main/scala/code/api/OAuth2.scala b/obp-api/src/main/scala/code/api/OAuth2.scala index 0ba2be2a7..fb281bec5 100644 --- a/obp-api/src/main/scala/code/api/OAuth2.scala +++ b/obp-api/src/main/scala/code/api/OAuth2.scala @@ -155,11 +155,12 @@ object OAuth2Login extends RestHelper with MdcLoggable { } } - - val user = Users.users.vend.getUserByUserName(introspectOAuth2Token.getSub) + //check the method, code.api.OAuth2Login.OAuth2Util.getOrCreateResourceUserFuture, we create user there. + val provider = JwtUtil.getIssuer(value).getOrElse("") + val user = Users.users.vend.getUserByUserName(provider, introspectOAuth2Token.getSub) user match { case Full(u) => - LoginAttempt.userIsLocked(u.name) match { + LoginAttempt.userIsLocked(u.provider, u.name) match { case true => (Failure(UsernameHasBeenLocked), Some(cc.copy(consumer = consumer))) case false => (Full(u), Some(cc.copy(consumer = consumer))) } @@ -338,7 +339,7 @@ object OAuth2Login extends RestHelper with MdcLoggable { case Full(_) => val user = IdentityProviderCommon.getOrCreateResourceUser(value) val consumer = IdentityProviderCommon.getOrCreateConsumer(value, user.map(_.userId)) - LoginAttempt.userIsLocked(user.map(_.name).getOrElse("")) match { + LoginAttempt.userIsLocked(user.map(_.provider).getOrElse(""), user.map(_.name).getOrElse("")) match { case true => ((Failure(UsernameHasBeenLocked), Some(cc.copy(consumer = consumer)))) case false => (user, Some(cc.copy(consumer = consumer))) } @@ -357,7 +358,7 @@ object OAuth2Login extends RestHelper with MdcLoggable { user <- IdentityProviderCommon.getOrCreateResourceUserFuture(value) consumer <- Future{IdentityProviderCommon.getOrCreateConsumer(value, user.map(_.userId))} } yield { - LoginAttempt.userIsLocked(user.map(_.name).getOrElse("")) match { + LoginAttempt.userIsLocked(user.map(_.provider).getOrElse(""), user.map(_.name).getOrElse("")) match { case true => ((Failure(UsernameHasBeenLocked), Some(cc.copy(consumer = consumer)))) case false => (user, Some(cc.copy(consumer = consumer))) } diff --git a/obp-api/src/main/scala/code/api/OBPRestHelper.scala b/obp-api/src/main/scala/code/api/OBPRestHelper.scala index 226d544bd..317b5573b 100644 --- a/obp-api/src/main/scala/code/api/OBPRestHelper.scala +++ b/obp-api/src/main/scala/code/api/OBPRestHelper.scala @@ -352,7 +352,7 @@ trait OBPRestHelper extends RestHelper with MdcLoggable { if(u.isDeleted.getOrElse(false)) { Failure(UserIsDeleted) // The user is DELETED. } else { - LoginAttempt.userIsLocked(u.name) match { + LoginAttempt.userIsLocked(u.provider, u.name) match { case true => Failure(UsernameHasBeenLocked) // The user is LOCKED. case false => function(callContext) // All good } diff --git a/obp-api/src/main/scala/code/api/dauth.scala b/obp-api/src/main/scala/code/api/dauth.scala index e23240428..4b30dde93 100755 --- a/obp-api/src/main/scala/code/api/dauth.scala +++ b/obp-api/src/main/scala/code/api/dauth.scala @@ -139,7 +139,7 @@ object DAuth extends RestHelper with MdcLoggable { logger.debug("login_user_name: " + userName) for { tuple <- - UserX.getOrCreateDauthResourceUser(userName, provider) match { + UserX.getOrCreateDauthResourceUser(provider, userName) match { case Full(u) => Full((u,callContext)) // Return user case Empty => @@ -159,7 +159,7 @@ object DAuth extends RestHelper with MdcLoggable { logger.debug("login_user_name: " + username) for { - tuple <- Future { UserX.getOrCreateDauthResourceUser(username, provider)} map { + tuple <- Future { UserX.getOrCreateDauthResourceUser(provider, username)} map { case (Full(u)) => Full(u, callContext) // Return user case (Empty) => diff --git a/obp-api/src/main/scala/code/api/openidconnect.scala b/obp-api/src/main/scala/code/api/openidconnect.scala index 09aa4534d..9b6475448 100644 --- a/obp-api/src/main/scala/code/api/openidconnect.scala +++ b/obp-api/src/main/scala/code/api/openidconnect.scala @@ -123,7 +123,7 @@ object OpenIdConnect extends OBPRestHelper with MdcLoggable { JwtUtil.validateIdToken(idToken, OpenIdConnectConfig.get(identityProvider).jwks_uri) match { case Full(_) => getOrCreateResourceUser(idToken) match { - case Full(user) if LoginAttempt.userIsLocked(user.name) => // User is locked + case Full(user) if LoginAttempt.userIsLocked(user.provider, user.name) => // User is locked (401, ErrorMessages.UsernameHasBeenLocked, None) case Full(user) => // All good getOrCreateAuthUser(user) match { diff --git a/obp-api/src/main/scala/code/api/util/AfterApiAuth.scala b/obp-api/src/main/scala/code/api/util/AfterApiAuth.scala index 43b31ef96..06934a848 100644 --- a/obp-api/src/main/scala/code/api/util/AfterApiAuth.scala +++ b/obp-api/src/main/scala/code/api/util/AfterApiAuth.scala @@ -68,7 +68,7 @@ object AfterApiAuth extends MdcLoggable{ if (u.isDeleted.getOrElse(false)) { (Failure(UserIsDeleted), cc) // The user is DELETED. } else { - LoginAttempt.userIsLocked(u.name) match { + LoginAttempt.userIsLocked(u.provider, u.name) match { case true => (Failure(UsernameHasBeenLocked), cc) // The user is LOCKED. case false => (user, cc) // All good } diff --git a/obp-api/src/main/scala/code/api/util/ErrorMessages.scala b/obp-api/src/main/scala/code/api/util/ErrorMessages.scala index 4bf14d5f3..25d6a9624 100644 --- a/obp-api/src/main/scala/code/api/util/ErrorMessages.scala +++ b/obp-api/src/main/scala/code/api/util/ErrorMessages.scala @@ -151,7 +151,7 @@ object ErrorMessages { val ScopeNotFound = "OBP-20025: Scope not found. Please specify a valid value for SCOPE_ID." val ConsumerDoesNotHaveScope = "OBP-20026: CONSUMER_ID does not have the SCOPE_ID " - val UserNotFoundByUsername = "OBP-20027: User not found by username." + val UserNotFoundByProviderAndUsername = "OBP-20027: User not found by provider and username." val GatewayLoginMissingParameters = "OBP-20028: These GatewayLogin parameters are missing:" val GatewayLoginUnknownError = "OBP-20029: Unknown Gateway login error." val GatewayLoginHostPropertyMissing = "OBP-20030: Property gateway.host is not defined." @@ -721,7 +721,7 @@ object ErrorMessages { UserNoPermissionAccessView -> 403, UserNotSuperAdminOrMissRole -> 403, ConsumerHasMissingRoles -> 403, - UserNotFoundByUsername -> 404, + UserNotFoundByProviderAndUsername -> 404, ApplicationNotIdentified -> 401, CouldNotExchangeAuthorizationCodeForTokens -> 401, CouldNotSaveOpenIDConnectUser -> 401, diff --git a/obp-api/src/main/scala/code/api/util/NewStyle.scala b/obp-api/src/main/scala/code/api/util/NewStyle.scala index 7cca51207..fbe1b865b 100644 --- a/obp-api/src/main/scala/code/api/util/NewStyle.scala +++ b/obp-api/src/main/scala/code/api/util/NewStyle.scala @@ -1134,8 +1134,8 @@ object NewStyle extends MdcLoggable{ } } - def getOrCreateResourceUser(username: String, provider: String, callContext: Option[CallContext]): OBPReturnType[User] = { - Future { UserX.getOrCreateDauthResourceUser(username, provider).map(user =>(user, callContext))} map { + def getOrCreateResourceUser(provider: String, username: String, callContext: Option[CallContext]): OBPReturnType[User] = { + Future { UserX.getOrCreateDauthResourceUser(provider, username).map(user =>(user, callContext))} map { unboxFullOrFail(_, callContext, s"$CannotGetOrCreateUser Current USERName($username) PROVIDER ($provider)", 404) } } diff --git a/obp-api/src/main/scala/code/api/v3_0_0/APIMethods300.scala b/obp-api/src/main/scala/code/api/v3_0_0/APIMethods300.scala index a55908f45..7c2dbe2c0 100644 --- a/obp-api/src/main/scala/code/api/v3_0_0/APIMethods300.scala +++ b/obp-api/src/main/scala/code/api/v3_0_0/APIMethods300.scala @@ -975,7 +975,7 @@ trait APIMethods300 { """.stripMargin, EmptyBody, usersJsonV200, - List(UserNotLoggedIn, UserHasMissingRoles, UserNotFoundByUsername, UnknownError), + List(UserNotLoggedIn, UserHasMissingRoles, UserNotFoundByProviderAndUsername, UnknownError), List(apiTagUser, apiTagNewStyle), Some(List(canGetAnyUser))) @@ -987,7 +987,7 @@ trait APIMethods300 { (Full(u), callContext) <- authenticatedAccess(cc) _ <- NewStyle.function.hasEntitlement("", u.userId, ApiRole.canGetAnyUser, callContext) user <- Users.users.vend.getUserByProviderAndUsernameFuture(Constant.localIdentityProvider, username) map { - x => unboxFullOrFail(x, callContext, UserNotFoundByUsername, 404) + x => unboxFullOrFail(x, callContext, UserNotFoundByProviderAndUsername, 404) } entitlements <- NewStyle.function.getEntitlementsByUserId(user.userId, callContext) } yield { diff --git a/obp-api/src/main/scala/code/api/v3_1_0/APIMethods310.scala b/obp-api/src/main/scala/code/api/v3_1_0/APIMethods310.scala index 2601cffde..e3e374577 100644 --- a/obp-api/src/main/scala/code/api/v3_1_0/APIMethods310.scala +++ b/obp-api/src/main/scala/code/api/v3_1_0/APIMethods310.scala @@ -1,5 +1,7 @@ package code.api.v3_1_0 +import code.api.Constant.localIdentityProvider + import java.text.SimpleDateFormat import java.util.UUID import java.util.regex.Pattern @@ -499,7 +501,7 @@ trait APIMethods310 { |""".stripMargin, EmptyBody, badLoginStatusJson, - List(UserNotLoggedIn, UserNotFoundByUsername, UserHasMissingRoles, UnknownError), + List(UserNotLoggedIn, UserNotFoundByProviderAndUsername, UserHasMissingRoles, UnknownError), List(apiTagUser, apiTagNewStyle), Some(List(canReadUserLockedStatus)) ) @@ -511,7 +513,7 @@ trait APIMethods310 { for { (Full(u), callContext) <- authenticatedAccess(cc) _ <- NewStyle.function.hasEntitlement("", u.userId, ApiRole.canReadUserLockedStatus, callContext) - badLoginStatus <- Future { LoginAttempt.getBadLoginStatus(username) } map { unboxFullOrFail(_, callContext, s"$UserNotFoundByUsername($username)", 404) } + badLoginStatus <- Future { LoginAttempt.getBadLoginStatus(localIdentityProvider, username) } map { unboxFullOrFail(_, callContext, s"$UserNotFoundByProviderAndUsername($username)", 404) } } yield { (createBadLoginStatusJson(badLoginStatus), HttpCode.`200`(callContext)) } @@ -535,7 +537,7 @@ trait APIMethods310 { |""".stripMargin, EmptyBody, badLoginStatusJson, - List(UserNotLoggedIn, UserNotFoundByUsername, UserHasMissingRoles, UnknownError), + List(UserNotLoggedIn, UserNotFoundByProviderAndUsername, UserHasMissingRoles, UnknownError), List(apiTagUser, apiTagNewStyle), Some(List(canUnlockUser))) @@ -546,9 +548,9 @@ trait APIMethods310 { for { (Full(u), callContext) <- authenticatedAccess(cc) _ <- NewStyle.function.hasEntitlement("", u.userId, ApiRole.canUnlockUser, callContext) - _ <- Future { LoginAttempt.resetBadLoginAttempts(username) } - _ <- Future { UserLocksProvider.unlockUser(username) } - badLoginStatus <- Future { LoginAttempt.getBadLoginStatus(username) } map { unboxFullOrFail(_, callContext, s"$UserNotFoundByUsername($username)", 404) } + _ <- Future { LoginAttempt.resetBadLoginAttempts(localIdentityProvider,username) } + _ <- Future { UserLocksProvider.unlockUser(localIdentityProvider,username) } + badLoginStatus <- Future { LoginAttempt.getBadLoginStatus(localIdentityProvider, username) } map { unboxFullOrFail(_, callContext, s"$UserNotFoundByProviderAndUsername($username)", 404) } } yield { (createBadLoginStatusJson(badLoginStatus), HttpCode.`200`(callContext)) } diff --git a/obp-api/src/main/scala/code/api/v4_0_0/APIMethods400.scala b/obp-api/src/main/scala/code/api/v4_0_0/APIMethods400.scala index 5a11870ec..fc0c7a165 100644 --- a/obp-api/src/main/scala/code/api/v4_0_0/APIMethods400.scala +++ b/obp-api/src/main/scala/code/api/v4_0_0/APIMethods400.scala @@ -7,7 +7,7 @@ import java.util.{Calendar, Date} import code.DynamicData.{DynamicData, DynamicDataProvider} import code.DynamicEndpoint.DynamicEndpointSwagger import code.accountattribute.AccountAttributeX -import code.api.Constant.{PARAM_LOCALE, PARAM_TIMESTAMP} +import code.api.Constant.{PARAM_LOCALE, PARAM_TIMESTAMP, localIdentityProvider} import code.api.ResourceDocs1_4_0.SwaggerDefinitionsJSON import code.api.ResourceDocs1_4_0.SwaggerDefinitionsJSON.{jsonDynamicResourceDoc, _} import code.api.UKOpenBanking.v2_0_0.OBP_UKOpenBanking_200 @@ -2799,7 +2799,7 @@ trait APIMethods400 { |""".stripMargin, EmptyBody, userLockStatusJson, - List($UserNotLoggedIn, UserNotFoundByUsername, UserHasMissingRoles, UnknownError), + List($UserNotLoggedIn, UserNotFoundByProviderAndUsername, UserHasMissingRoles, UnknownError), List(apiTagUser, apiTagNewStyle), Some(List(canLockUser))) @@ -2808,8 +2808,8 @@ trait APIMethods400 { cc => for { (Full(u), callContext) <- SS.user - userLocks <- Future { UserLocksProvider.lockUser(username) } map { - unboxFullOrFail(_, callContext, s"$UserNotFoundByUsername($username)", 404) + userLocks <- Future { UserLocksProvider.lockUser(localIdentityProvider,username) } map { + unboxFullOrFail(_, callContext, s"$UserNotFoundByProviderAndUsername($username)", 404) } } yield { (JSONFactory400.createUserLockStatusJson(userLocks), HttpCode.`200`(callContext)) @@ -2889,7 +2889,7 @@ trait APIMethods400 { canCreateEntitlementAtAnyBankRole = Entitlement.entitlement.vend.getEntitlement("", loggedInUser.userId, canCreateEntitlementAtAnyBank.toString()) - (targetUser, callContext) <- NewStyle.function.getOrCreateResourceUser(postedData.username, postedData.provider, callContext) + (targetUser, callContext) <- NewStyle.function.getOrCreateResourceUser(postedData.provider, postedData.username, callContext) _ <- if (canCreateEntitlementAtAnyBankRole.isDefined) { //If the loggedIn User has `CanCreateEntitlementAtAnyBankRole` role, then we can grant all the requestRoles to the requestUser. @@ -3633,7 +3633,7 @@ trait APIMethods400 { acceptMarketingInfo <- NewStyle.function.getAgreementByUserId(user.userId, "accept_marketing_info", cc.callContext) termsAndConditions <- NewStyle.function.getAgreementByUserId(user.userId, "terms_and_conditions", cc.callContext) privacyConditions <- NewStyle.function.getAgreementByUserId(user.userId, "privacy_conditions", cc.callContext) - isLocked = LoginAttempt.userIsLocked(user.name) + isLocked = LoginAttempt.userIsLocked(user.provider, user.name) } yield { val agreements = acceptMarketingInfo.toList ::: termsAndConditions.toList ::: privacyConditions.toList (JSONFactory400.createUserInfoJSON(user, entitlements, Some(agreements), isLocked), HttpCode.`200`(cc.callContext)) @@ -3657,7 +3657,7 @@ trait APIMethods400 { """.stripMargin, EmptyBody, userJsonV400, - List($UserNotLoggedIn, UserHasMissingRoles, UserNotFoundByUsername, UnknownError), + List($UserNotLoggedIn, UserHasMissingRoles, UserNotFoundByProviderAndUsername, UnknownError), List(apiTagUser, apiTagNewStyle), Some(List(canGetAnyUser))) @@ -3667,10 +3667,10 @@ trait APIMethods400 { cc => for { user <- Users.users.vend.getUserByProviderAndUsernameFuture(Constant.localIdentityProvider, username) map { - x => unboxFullOrFail(x, cc.callContext, UserNotFoundByUsername, 404) + x => unboxFullOrFail(x, cc.callContext, UserNotFoundByProviderAndUsername, 404) } entitlements <- NewStyle.function.getEntitlementsByUserId(user.userId, cc.callContext) - isLocked = LoginAttempt.userIsLocked(user.name) + isLocked = LoginAttempt.userIsLocked(user.provider, user.name) } yield { (JSONFactory400.createUserInfoJSON(user, entitlements, None, isLocked), HttpCode.`200`(cc.callContext)) } @@ -4405,7 +4405,7 @@ trait APIMethods400 { } _ <- NewStyle.function.canGrantAccessToView(bankId, accountId, cc.loggedInUser, cc.callContext) - (targetUser, callContext) <- NewStyle.function.getOrCreateResourceUser(postJson.username, postJson.provider, cc.callContext) + (targetUser, callContext) <- NewStyle.function.getOrCreateResourceUser(postJson.provider, postJson.username, cc.callContext) views <- getViews(bankId, accountId, postJson, callContext) addedView <- grantMultpleAccountAccessToUser(bankId, accountId, targetUser, views, callContext) } yield { diff --git a/obp-api/src/main/scala/code/api/v4_0_0/JSONFactory4.0.0.scala b/obp-api/src/main/scala/code/api/v4_0_0/JSONFactory4.0.0.scala index 5a99a7df8..634430445 100644 --- a/obp-api/src/main/scala/code/api/v4_0_0/JSONFactory4.0.0.scala +++ b/obp-api/src/main/scala/code/api/v4_0_0/JSONFactory4.0.0.scala @@ -1125,7 +1125,7 @@ object JSONFactory400 { t._1, t._2.getOrElse(Nil), t._3, - LoginAttempt.userIsLocked(t._1.name) + LoginAttempt.userIsLocked(t._1.provider, t._1.name) ) ) ) diff --git a/obp-api/src/main/scala/code/api/v5_1_0/APIMethods510.scala b/obp-api/src/main/scala/code/api/v5_1_0/APIMethods510.scala index 79bccf9cd..15040301c 100644 --- a/obp-api/src/main/scala/code/api/v5_1_0/APIMethods510.scala +++ b/obp-api/src/main/scala/code/api/v5_1_0/APIMethods510.scala @@ -189,7 +189,7 @@ trait APIMethods510 { """.stripMargin, EmptyBody, userJsonV400, - List($UserNotLoggedIn, UserHasMissingRoles, UserNotFoundByUsername, UnknownError), + List($UserNotLoggedIn, UserHasMissingRoles, UserNotFoundByProviderAndUsername, UnknownError), List(apiTagUser, apiTagNewStyle), Some(List(canGetAnyUser)) ) @@ -199,10 +199,10 @@ trait APIMethods510 { cc => for { user <- Users.users.vend.getUserByProviderAndUsernameFuture(provider, username) map { - x => unboxFullOrFail(x, cc.callContext, UserNotFoundByUsername, 404) + x => unboxFullOrFail(x, cc.callContext, UserNotFoundByProviderAndUsername, 404) } entitlements <- NewStyle.function.getEntitlementsByUserId(user.userId, cc.callContext) - isLocked = LoginAttempt.userIsLocked(user.name) + isLocked = LoginAttempt.userIsLocked(user.provider, user.name) } yield { (JSONFactory400.createUserInfoJSON(user, entitlements, None, isLocked), HttpCode.`200`(cc.callContext)) } diff --git a/obp-api/src/main/scala/code/bankconnectors/Connector.scala b/obp-api/src/main/scala/code/bankconnectors/Connector.scala index c2888f192..24efa913d 100644 --- a/obp-api/src/main/scala/code/bankconnectors/Connector.scala +++ b/obp-api/src/main/scala/code/bankconnectors/Connector.scala @@ -4,6 +4,7 @@ import java.util.Date import java.util.UUID.randomUUID import _root_.akka.http.scaladsl.model.HttpMethod import code.accountholders.{AccountHolders, MapperAccountHolders} +import code.api.Constant.localIdentityProvider import code.api.attributedefinition.AttributeDefinition import code.api.cache.Caching import code.api.util.APIUtil.{OBPReturnType, _} @@ -1559,7 +1560,7 @@ trait Connector extends MdcLoggable { @deprecated("we create new code.model.dataAccess.AuthUser.updateUserAccountViews for June2017 connector, try to use new instead of this","11 September 2018") def setAccountHolder(owner : String, bankId: BankId, accountId: AccountId, account_owners: List[String]) : Unit = { // if (account_owners.contains(owner)) { // No need for now, fix it later - val resourceUserOwner = Users.users.vend.getUserByUserName(owner) + val resourceUserOwner = Users.users.vend.getUserByUserName(localIdentityProvider, owner) resourceUserOwner match { case Full(owner) => { if ( ! accountOwnerExists(owner, bankId, accountId).openOrThrowException(attemptedToOpenAnEmptyBox)) { diff --git a/obp-api/src/main/scala/code/bankconnectors/LocalMappedConnector.scala b/obp-api/src/main/scala/code/bankconnectors/LocalMappedConnector.scala index a691822b6..8aa529671 100644 --- a/obp-api/src/main/scala/code/bankconnectors/LocalMappedConnector.scala +++ b/obp-api/src/main/scala/code/bankconnectors/LocalMappedConnector.scala @@ -10,7 +10,7 @@ import code.accountattribute.AccountAttributeX import code.accountholders.{AccountHolders, MapperAccountHolders} import code.api.BerlinGroup.{AuthenticationType, ScaStatus} import code.api.Constant -import code.api.Constant.{INCOMING_SETTLEMENT_ACCOUNT_ID, OUTGOING_SETTLEMENT_ACCOUNT_ID} +import code.api.Constant.{INCOMING_SETTLEMENT_ACCOUNT_ID, OUTGOING_SETTLEMENT_ACCOUNT_ID, localIdentityProvider} import code.api.ResourceDocs1_4_0.SwaggerDefinitionsJSON import code.api.attributedefinition.{AttributeDefinition, AttributeDefinitionDI} import code.api.cache.Caching @@ -5513,7 +5513,7 @@ object LocalMappedConnector extends Connector with MdcLoggable { @deprecated("we create new code.model.dataAccess.AuthUser.updateUserAccountViews for June2017 connector, try to use new instead of this", "11 September 2018") override def setAccountHolder(owner: String, bankId: BankId, accountId: AccountId, account_owners: List[String]): Unit = { // if (account_owners.contains(owner)) { // No need for now, fix it later - val resourceUserOwner = Users.users.vend.getUserByUserName(owner) + val resourceUserOwner = Users.users.vend.getUserByUserName(localIdentityProvider, owner) resourceUserOwner match { case Full(owner) => { if (!accountOwnerExists(owner, bankId, accountId).openOrThrowException(attemptedToOpenAnEmptyBox)) { diff --git a/obp-api/src/main/scala/code/bankconnectors/vSept2018/KafkaMappedConnector_vSept2018.scala b/obp-api/src/main/scala/code/bankconnectors/vSept2018/KafkaMappedConnector_vSept2018.scala index 67855c15f..bcc8d8b7d 100644 --- a/obp-api/src/main/scala/code/bankconnectors/vSept2018/KafkaMappedConnector_vSept2018.scala +++ b/obp-api/src/main/scala/code/bankconnectors/vSept2018/KafkaMappedConnector_vSept2018.scala @@ -102,7 +102,7 @@ trait KafkaMappedConnector_vSept2018 extends Connector with KafkaHelper with Mdc basicUserAuthContexts <- cc.gatewayLoginRequestPayload match { case None => for{ - user <- Users.users.vend.getUserByUserName(username) ?~! "getAuthInfoFirstCbsCall: can not get user object here." + user <- Users.users.vend.getUserByUserName(provider,username) ?~! "getAuthInfoFirstCbsCall: can not get user object here." userAuthContexts<- UserAuthContextProvider.userAuthContextProvider.vend.getUserAuthContextsBox(user.userId)?~! "getAuthInfoFirstCbsCall: can not get userAuthContexts object here." basicUserAuthContexts = JsonFactory_vSept2018.createBasicUserAuthContextJson(userAuthContexts) } yield diff --git a/obp-api/src/main/scala/code/loginattempts/LoginAttempts.scala b/obp-api/src/main/scala/code/loginattempts/LoginAttempts.scala index c03ed712a..377933876 100644 --- a/obp-api/src/main/scala/code/loginattempts/LoginAttempts.scala +++ b/obp-api/src/main/scala/code/loginattempts/LoginAttempts.scala @@ -12,7 +12,7 @@ object LoginAttempt extends MdcLoggable { val maxBadLoginAttempts = APIUtil.getPropsValue("max.bad.login.attempts") openOr "5" - def incrementBadLoginAttempts(username: String, provider: String): Unit = { + def incrementBadLoginAttempts(provider: String, username: String): Unit = { username.isEmpty() match { case true => // Not a valid case. GitLab issue 389 logger.warn(s"Username is empty: incrementBadLoginAttempts(username=$username, provider=$provider") @@ -20,7 +20,10 @@ object LoginAttempt extends MdcLoggable { logger.debug(s"Hello from incrementBadLoginAttempts with $username") // Find badLoginAttempt record if one exists for a user - MappedBadLoginAttempt.find(By(MappedBadLoginAttempt.mUsername, username)) match { + MappedBadLoginAttempt.find( + By(MappedBadLoginAttempt.Provider, provider), + By(MappedBadLoginAttempt.mUsername, username) + ) match { // If it exits update the date and increment case Full(loginAttempt) => @@ -44,17 +47,23 @@ object LoginAttempt extends MdcLoggable { } } - def getBadLoginStatus(username: String): Box[BadLoginAttempt] = { - MappedBadLoginAttempt.find(By(MappedBadLoginAttempt.mUsername, username)) + def getBadLoginStatus(provider: String, username: String): Box[BadLoginAttempt] = { + MappedBadLoginAttempt.find( + By(MappedBadLoginAttempt.Provider, provider), + By(MappedBadLoginAttempt.mUsername, username) + ) } /** * check the bad login attempts, if it exceed the "max.bad.login.attempts"(in default.props), it return false. */ - def userIsLocked(username: String): Boolean = { + def userIsLocked(provider: String, username: String): Boolean = { - val result : Boolean = MappedBadLoginAttempt.find(By(MappedBadLoginAttempt.mUsername, username)) match { - case Empty => UserLocksProvider.isLocked(username) + val result : Boolean = MappedBadLoginAttempt.find( + By(MappedBadLoginAttempt.Provider, provider), + By(MappedBadLoginAttempt.mUsername, username) + ) match { + case Empty => UserLocksProvider.isLocked(provider, username) case Full(loginAttempt) => loginAttempt.badAttemptsSinceLastSuccessOrReset > maxBadLoginAttempts.toInt match { case true => true case false => false @@ -67,9 +76,12 @@ object LoginAttempt extends MdcLoggable { } - def resetBadLoginAttempts(username: String): Unit = { + def resetBadLoginAttempts(provider: String, username: String): Unit = { - MappedBadLoginAttempt.find(By(MappedBadLoginAttempt.mUsername, username)) match { + MappedBadLoginAttempt.find( + By(MappedBadLoginAttempt.Provider, provider), + By(MappedBadLoginAttempt.mUsername, username) + ) match { case Full(loginAttempt) => loginAttempt.mLastFailureDate(now).mBadAttemptsSinceLastSuccessOrReset(0).save case _ => diff --git a/obp-api/src/main/scala/code/loginattempts/MappedBadLoginAttempt.scala b/obp-api/src/main/scala/code/loginattempts/MappedBadLoginAttempt.scala index 356df7d54..757c5cb6b 100644 --- a/obp-api/src/main/scala/code/loginattempts/MappedBadLoginAttempt.scala +++ b/obp-api/src/main/scala/code/loginattempts/MappedBadLoginAttempt.scala @@ -21,7 +21,7 @@ class MappedBadLoginAttempt extends BadLoginAttempt with LongKeyedMapper[MappedB } object MappedBadLoginAttempt extends MappedBadLoginAttempt with LongKeyedMetaMapper[MappedBadLoginAttempt] { - override def dbIndexes = UniqueIndex(mUsername) :: super.dbIndexes + override def dbIndexes = UniqueIndex(Provider,mUsername) :: super.dbIndexes } trait BadLoginAttempt { diff --git a/obp-api/src/main/scala/code/model/BankingData.scala b/obp-api/src/main/scala/code/model/BankingData.scala index d57dad634..0325086ce 100644 --- a/obp-api/src/main/scala/code/model/BankingData.scala +++ b/obp-api/src/main/scala/code/model/BankingData.scala @@ -338,7 +338,7 @@ case class BankAccountExtended(val bankAccount: BankAccount) extends MdcLoggable final def revokeAllAccountAccess(user : User, otherUserProvider : String, otherUserIdGivenByProvider: String) : Box[Boolean] = { if(canRevokeAccessToViewCommon(bankId, accountId, user)) for{ - otherUser <- UserX.findByProviderId(otherUserProvider, otherUserIdGivenByProvider) ?~ UserNotFoundByUsername + otherUser <- UserX.findByProviderId(otherUserProvider, otherUserIdGivenByProvider) ?~ UserNotFoundByProviderAndUsername isRevoked <- Views.views.vend.revokeAllAccountAccess(bankId, accountId, otherUser) } yield isRevoked else diff --git a/obp-api/src/main/scala/code/model/User.scala b/obp-api/src/main/scala/code/model/User.scala index c788989f8..7f8f5b0aa 100644 --- a/obp-api/src/main/scala/code/model/User.scala +++ b/obp-api/src/main/scala/code/model/User.scala @@ -142,8 +142,8 @@ object UserX { usr } - def findByUserName(userName: String) = { - Users.users.vend.getUserByUserName(userName) + def findByUserName(provider: String, userName: String) = { + Users.users.vend.getUserByUserName(provider, userName) } def findByEmail(email: String) = { @@ -165,8 +165,8 @@ object UserX { Users.users.vend.saveResourceUser(ru) } - def getOrCreateDauthResourceUser(username: String, provider: String) = { - findByUserName(username).or( //first try to find the user by userId + def getOrCreateDauthResourceUser(provider: String, username: String) = { + findByUserName(provider, username).or( //first try to find the user by userId Users.users.vend.createResourceUser( // Otherwise create a new user provider = provider, providerId = Some(username), diff --git a/obp-api/src/main/scala/code/model/dataAccess/AuthUser.scala b/obp-api/src/main/scala/code/model/dataAccess/AuthUser.scala index 947828bd4..a946e73d1 100644 --- a/obp-api/src/main/scala/code/model/dataAccess/AuthUser.scala +++ b/obp-api/src/main/scala/code/model/dataAccess/AuthUser.scala @@ -348,8 +348,8 @@ class AuthUser extends MegaProtoUser[AuthUser] with CreatedUpdated with MdcLogga } } - def getResourceUserByUsername(username: String) : Box[User] = { - Users.users.vend.getUserByUserName(username) + def getResourceUserByUsername(provider: String, username: String) : Box[User] = { + Users.users.vend.getUserByUserName(provider, username) } override def save(): Boolean = { @@ -469,10 +469,11 @@ import net.liftweb.util.Helpers._ val authorization: Box[String] = S.request.map(_.header("Authorization")).flatten val directLogin: Box[String] = S.request.map(_.header("DirectLogin")).flatten for { - resourceUser <- if (AuthUser.currentUser.isDefined) - //AuthUser.currentUser.get.user.foreign // this will be issue when the resource user is in remote side - Users.users.vend.getUserByUserName(AuthUser.currentUser.openOrThrowException(ErrorMessages.attemptedToOpenAnEmptyBox).username.get) - else if (directLogin.isDefined) // Direct Login + resourceUser <- if (AuthUser.currentUser.isDefined){ + //AuthUser.currentUser.get.user.foreign // this will be issue when the resource user is in remote side { + val user = AuthUser.currentUser.openOrThrowException(ErrorMessages.attemptedToOpenAnEmptyBox) + Users.users.vend.getUserByUserName(user.provider.get, user.username.get) + }else if (directLogin.isDefined) // Direct Login DirectLogin.getUser else if (hasDirectLoginHeader(authorization)) // Direct Login Deprecated DirectLogin.getUser @@ -619,7 +620,7 @@ import net.liftweb.util.Helpers._ } def grantDefaultEntitlementsToAuthUser(user: TheUserType) = { - tryo{getResourceUserByUsername(user.username.get).head.userId} match { + tryo{getResourceUserByUsername(user.getProvider(), user.username.get).head.userId} match { case Full(userId)=>APIUtil.grantDefaultEntitlementsToNewUser(userId) case _ => logger.error("Can not getResourceUserByUsername here, so it breaks the grantDefaultEntitlementsToNewUser process.") } @@ -810,39 +811,39 @@ import net.liftweb.util.Helpers._ if ( user.validated_? && // User is NOT locked AND the password is good - ! LoginAttempt.userIsLocked(username) && + ! LoginAttempt.userIsLocked(user.getProvider(), username) && user.testPassword(Full(password))) { // We logged in correctly, so reset badLoginAttempts counter (if it exists) - LoginAttempt.resetBadLoginAttempts(username) + LoginAttempt.resetBadLoginAttempts(user.getProvider(), username) Full(user.user.get) // Return the user. } // User is unlocked AND password is bad else if ( user.validated_? && - ! LoginAttempt.userIsLocked(username) && + ! LoginAttempt.userIsLocked(user.getProvider(), username) && ! user.testPassword(Full(password)) ) { - LoginAttempt.incrementBadLoginAttempts(username, user.getProvider()) + LoginAttempt.incrementBadLoginAttempts(user.getProvider(), username) Empty } // User is locked - else if (LoginAttempt.userIsLocked(username)) + else if (LoginAttempt.userIsLocked(user.getProvider(), username)) { - LoginAttempt.incrementBadLoginAttempts(username, user.getProvider()) + LoginAttempt.incrementBadLoginAttempts(user.getProvider(), username) logger.info(ErrorMessages.UsernameHasBeenLocked) //TODO need to fix, use Failure instead, it is used to show the error message to the GUI Full(usernameLockedStateCode) } else { // Nothing worked, so just increment bad login attempts - LoginAttempt.incrementBadLoginAttempts(username, user.getProvider()) + LoginAttempt.incrementBadLoginAttempts(user.getProvider(), username) Empty } // We have a user from an external provider. case Full(user) if (user.getProvider() != Constant.localIdentityProvider) => APIUtil.getPropsAsBoolValue("connector.user.authentication", false) match { - case true if !LoginAttempt.userIsLocked(username) => + case true if !LoginAttempt.userIsLocked(user.getProvider(), username) => val userId = for { authUser <- checkExternalUserViaConnector(username, password) @@ -850,22 +851,22 @@ import net.liftweb.util.Helpers._ authUser.user } } yield { - LoginAttempt.resetBadLoginAttempts(username) + LoginAttempt.resetBadLoginAttempts(user.getProvider(), username) resourceUser.get } userId match { case Full(l: Long) => Full(l) case _ => - LoginAttempt.incrementBadLoginAttempts(username, user.getProvider()) + LoginAttempt.incrementBadLoginAttempts(user.getProvider(), username) Empty } case false => - LoginAttempt.incrementBadLoginAttempts(username, user.getProvider()) + LoginAttempt.incrementBadLoginAttempts(user.getProvider(), username) Empty } // Everything else. case _ => - LoginAttempt.incrementBadLoginAttempts(username, user.foreign.map(_.provider).getOrElse(Constant.HostName)) + LoginAttempt.incrementBadLoginAttempts(user.foreign.map(_.provider).getOrElse(Constant.HostName), username) Empty } } @@ -1059,12 +1060,12 @@ def restoreSomeSessions(): Unit = { } def obpUserIsValidatedAndNotLocked(usernameFromGui: String, user: AuthUser) = { - user.validated_? && !LoginAttempt.userIsLocked(usernameFromGui) && + user.validated_? && !LoginAttempt.userIsLocked(user.getProvider(), usernameFromGui) && isObpProvider(user) } def externalUserIsValidatedAndNotLocked(usernameFromGui: String, user: AuthUser) = { - user.validated_? && !LoginAttempt.userIsLocked(usernameFromGui) && + user.validated_? && !LoginAttempt.userIsLocked(user.getProvider(), usernameFromGui) && !isObpProvider(user) } @@ -1090,7 +1091,7 @@ def restoreSomeSessions(): Unit = { case Full(user) if obpUserIsValidatedAndNotLocked(usernameFromGui, user) => if(user.testPassword(Full(passwordFromGui))) { // if User is NOT locked and password is good // Reset any bad attempt - LoginAttempt.resetBadLoginAttempts(usernameFromGui) + LoginAttempt.resetBadLoginAttempts(user.getProvider(), usernameFromGui) val preLoginState = capturePreLoginState() // User init actions AfterApiAuth.innerLoginUserInitAction(Full(user)) @@ -1098,13 +1099,13 @@ def restoreSomeSessions(): Unit = { val redirect = redirectUri() checkInternalRedirectAndLogUserIn(preLoginState, redirect, user) } else { // If user is NOT locked AND password is wrong => increment bad login attempt counter. - LoginAttempt.incrementBadLoginAttempts(usernameFromGui, user.getProvider()) + LoginAttempt.incrementBadLoginAttempts(user.getProvider(),usernameFromGui) S.error(Helper.i18n("invalid.login.credentials")) } // If user is locked, send the error to GUI - case Full(user) if LoginAttempt.userIsLocked(usernameFromGui) => - LoginAttempt.incrementBadLoginAttempts(usernameFromGui, user.getProvider()) + case Full(user) if LoginAttempt.userIsLocked(user.getProvider(), usernameFromGui) => + LoginAttempt.incrementBadLoginAttempts(user.getProvider(),usernameFromGui) S.error(S.?(ErrorMessages.UsernameHasBeenLocked)) // Check if user came from kafka/obpjvm/stored_procedure and @@ -1112,13 +1113,13 @@ def restoreSomeSessions(): Unit = { // from connector in case they changed on the south-side case Full(user) if externalUserIsValidatedAndNotLocked(usernameFromGui, user) && testExternalPassword(usernameFromGui, passwordFromGui) => // Reset any bad attempts - LoginAttempt.resetBadLoginAttempts(usernameFromGui) + LoginAttempt.resetBadLoginAttempts(user.getProvider(), usernameFromGui) val preLoginState = capturePreLoginState() logger.info("login redirect: " + loginRedirect.get) val redirect = redirectUri() //This method is used for connector = kafka* || obpjvm* //It will update the views and createAccountHolder .... - registeredUserHelper(user.username.get) + registeredUserHelper(user.getProvider(),user.username.get) // User init actions AfterApiAuth.innerLoginUserInitAction(Full(user)) checkInternalRedirectAndLogUserIn(preLoginState, redirect, user) @@ -1132,12 +1133,12 @@ def restoreSomeSessions(): Unit = { val redirect = redirectUri() externalUserHelper(usernameFromGui, passwordFromGui) match { case Full(user: AuthUser) => - LoginAttempt.resetBadLoginAttempts(usernameFromGui) + LoginAttempt.resetBadLoginAttempts(user.getProvider(), usernameFromGui) // User init actions AfterApiAuth.innerLoginUserInitAction(Full(user)) checkInternalRedirectAndLogUserIn(preLoginState, redirect, user) case _ => - LoginAttempt.incrementBadLoginAttempts(username.get, user.foreign.map(_.provider).getOrElse(Constant.HostName)) + LoginAttempt.incrementBadLoginAttempts(user.foreign.map(_.provider).getOrElse(Constant.HostName), username.get) Empty S.error(Helper.i18n("invalid.login.credentials")) } @@ -1146,7 +1147,7 @@ def restoreSomeSessions(): Unit = { case Empty => S.error(Helper.i18n("invalid.login.credentials")) case _ => - LoginAttempt.incrementBadLoginAttempts(usernameFromGui, user.foreign.map(_.provider).getOrElse(Constant.HostName)) + LoginAttempt.incrementBadLoginAttempts(user.foreign.map(_.provider).getOrElse(Constant.HostName), usernameFromGui) S.error(S.?(ErrorMessages.UnexpectedErrorDuringLogin)) // Note we hit this if user has not clicked email validation link } } @@ -1203,14 +1204,14 @@ def restoreSomeSessions(): Unit = { if (connector.startsWith("kafka") ) { for { user <- getUserFromConnector(name, password) - u <- Users.users.vend.getUserByUserName(name) + u <- Users.users.vend.getUserByUserName(user.getProvider(), name) } yield { user } } else { for { user <- checkExternalUserViaConnector(name, password) - u <- Users.users.vend.getUserByUserName(name) + u <- Users.users.vend.getUserByUserName(user.getProvider(), name) } yield { user } @@ -1221,10 +1222,10 @@ def restoreSomeSessions(): Unit = { /** * This method will update the views and createAccountHolder .... */ - def registeredUserHelper(username: String) = { + def registeredUserHelper(provider: String, username: String) = { if (connector.startsWith("kafka")) { for { - u <- Users.users.vend.getUserByUserName(username) + u <- Users.users.vend.getUserByUserName(provider, username) } yield { refreshUser(u, None) } diff --git a/obp-api/src/main/scala/code/remotedata/RemotedataUsers.scala b/obp-api/src/main/scala/code/remotedata/RemotedataUsers.scala index 45a8cf358..0979fa52b 100644 --- a/obp-api/src/main/scala/code/remotedata/RemotedataUsers.scala +++ b/obp-api/src/main/scala/code/remotedata/RemotedataUsers.scala @@ -50,12 +50,12 @@ object RemotedataUsers extends ObpActorInit with Users { def getUsersByUserIdsFuture(userIds : List[String]) : Future[List[User]] = (actor ? cc.getUsersByUserIdsFuture(userIds)).mapTo[List[User]] - def getUserByUserName(userName : String) : Box[ResourceUser] = getValueFromFuture( - (actor ? cc.getUserByUserName(userName)).mapTo[Box[ResourceUser]] + def getUserByUserName(provider : String, userName : String) : Box[ResourceUser] = getValueFromFuture( + (actor ? cc.getUserByUserName(provider, userName)).mapTo[Box[ResourceUser]] ) def getUserByProviderAndUsernameFuture(provider: String, username: String): Future[Box[User]] = - (actor ? cc.getUserByUserNameFuture(username)).mapTo[Box[User]] + (actor ? cc.getUserByUserNameFuture(provider, username)).mapTo[Box[User]] def getUserByEmail(email : String) : Box[List[ResourceUser]] = getValueFromFuture( (actor ? cc.getUserByEmail(email)).mapTo[Box[List[ResourceUser]]] diff --git a/obp-api/src/main/scala/code/remotedata/RemotedataUsersActor.scala b/obp-api/src/main/scala/code/remotedata/RemotedataUsersActor.scala index 5ed768852..537df1dda 100644 --- a/obp-api/src/main/scala/code/remotedata/RemotedataUsersActor.scala +++ b/obp-api/src/main/scala/code/remotedata/RemotedataUsersActor.scala @@ -57,13 +57,13 @@ class RemotedataUsersActor extends Actor with ObpActorHelper with MdcLoggable { logger.debug("getUsersByUserIdsFuture(" + userIds +")") sender ! (mapper.getUsersByUserIds(userIds)) - case cc.getUserByUserName(userName: String) => - logger.debug("getUserByUserName(" + userName +")") - sender ! (mapper.getUserByUserName(userName)) + case cc.getUserByUserName(provider: String, userName: String) => + logger.debug("getUserByUserName("+provider + userName +")") + sender ! (mapper.getUserByUserName(provider, userName)) - case cc.getUserByUserNameFuture(userName: String) => - logger.debug("getUserByUserNameFuture(" + userName +")") - sender ! (mapper.getUserByUserName(userName)) + case cc.getUserByUserNameFuture(provider: String, userName: String) => + logger.debug("getUserByUserNameFuture("+provider + userName +")") + sender ! (mapper.getUserByUserName(provider, userName)) case cc.getUserByEmail(email: String) => logger.debug("getUserByEmail(" + email +")") diff --git a/obp-api/src/main/scala/code/sandbox/OBPDataImport.scala b/obp-api/src/main/scala/code/sandbox/OBPDataImport.scala index 4f0b0e92e..a9f243300 100644 --- a/obp-api/src/main/scala/code/sandbox/OBPDataImport.scala +++ b/obp-api/src/main/scala/code/sandbox/OBPDataImport.scala @@ -2,9 +2,8 @@ package code.sandbox import java.text.SimpleDateFormat import java.util.UUID - import code.accountholders.AccountHolders -import code.api.Constant.{SYSTEM_ACCOUNTANT_VIEW_ID, SYSTEM_AUDITOR_VIEW_ID, SYSTEM_FIREHOSE_VIEW_ID, SYSTEM_OWNER_VIEW_ID} +import code.api.Constant.{SYSTEM_ACCOUNTANT_VIEW_ID, SYSTEM_AUDITOR_VIEW_ID, SYSTEM_FIREHOSE_VIEW_ID, SYSTEM_OWNER_VIEW_ID, localIdentityProvider} import code.api.util.APIUtil._ import code.api.util.{APIUtil, ApiPropsWithAlias, ErrorMessages} import code.bankconnectors.Connector @@ -124,7 +123,7 @@ trait OBPDataImport extends MdcLoggable { protected def createSaveableUser(u : SandboxUserImport) : Box[Saveable[ResourceUser]] protected def createUsers(toImport : List[SandboxUserImport]) : Box[List[Saveable[ResourceUser]]] = { - val existingResourceUsers = toImport.flatMap(u => Users.users.vend.getUserByUserName(u.user_name)) + val existingResourceUsers = toImport.flatMap(u => Users.users.vend.getUserByUserName(localIdentityProvider, u.user_name)) val allUsernames = toImport.map(_.user_name) val duplicateUsernames = allUsernames diff allUsernames.distinct diff --git a/obp-api/src/main/scala/code/snippet/UserInvitation.scala b/obp-api/src/main/scala/code/snippet/UserInvitation.scala index 99c354248..ad99efb68 100644 --- a/obp-api/src/main/scala/code/snippet/UserInvitation.scala +++ b/obp-api/src/main/scala/code/snippet/UserInvitation.scala @@ -28,8 +28,8 @@ package code.snippet import java.time.{Duration, ZoneId, ZoneOffset, ZonedDateTime} import java.util.Date - import code.api.Constant +import code.api.Constant.localIdentityProvider import code.api.util.{APIUtil, SecureRandomUtil} import code.model.dataAccess.{AuthUser, ResourceUser} import code.users @@ -99,7 +99,7 @@ class UserInvitation extends MdcLoggable { else if(userInvitation.map(_.status != "CREATED").getOrElse(false)) showErrorsForStatus() else if(timeDifference.abs.getSeconds > ttl) showErrorsForTtl() else if(AuthUser.currentUser.isDefined) showErrorYouMustBeLoggedOff() - else if(Users.users.vend.getUserByUserName(usernameVar.is).isDefined) showErrorsForUsername() + else if(Users.users.vend.getUserByUserName(localIdentityProvider, usernameVar.is).isDefined) showErrorsForUsername() else if(privacyCheckboxVar.is == false) showErrorsForPrivacyConditions() else if(termsCheckboxVar.is == false) showErrorsForTermsAndConditions() else if(personalDataCollectionConsentCountryWaiverList.exists(_.toLowerCase == countryVar.is.toLowerCase) == false && consentForCollectingCheckboxVar.is == false) showErrorsForConsentForCollectingPersonalData() diff --git a/obp-api/src/main/scala/code/userlocks/UserLocksProvider.scala b/obp-api/src/main/scala/code/userlocks/UserLocksProvider.scala index b01c4c78b..79148196f 100644 --- a/obp-api/src/main/scala/code/userlocks/UserLocksProvider.scala +++ b/obp-api/src/main/scala/code/userlocks/UserLocksProvider.scala @@ -7,8 +7,8 @@ import net.liftweb.mapper.By import net.liftweb.util.Helpers._ object UserLocksProvider extends MdcLoggable { - def isLocked(username: String): Boolean = { - Users.users.vend.getUserByUserName(username) match { + def isLocked(provider: String, username: String): Boolean = { + Users.users.vend.getUserByUserName(provider, username) match { case Full(user) => UserLocks.find(By(UserLocks.UserId, user.userId)) match { case Full(_) => true @@ -17,8 +17,8 @@ object UserLocksProvider extends MdcLoggable { case _ => false } } - def lockUser(username: String): Box[UserLocks] = { - Users.users.vend.getUserByUserName(username) match { + def lockUser(provider: String, username: String): Box[UserLocks] = { + Users.users.vend.getUserByUserName(provider, username) match { case Full(user) => UserLocks.find(By(UserLocks.UserId, user.userId)) match { case Full(userLocks) => @@ -40,8 +40,8 @@ object UserLocksProvider extends MdcLoggable { Empty } } - def unlockUser(username: String): Box[Boolean] = { - Users.users.vend.getUserByUserName(username) match { + def unlockUser(provider: String, username: String): Box[Boolean] = { + Users.users.vend.getUserByUserName(provider, username) match { case Full(user) => UserLocks.find(By(UserLocks.UserId, user.userId)) match { case Full(userLocks) => Some(userLocks.delete_!) diff --git a/obp-api/src/main/scala/code/users/LiftUsers.scala b/obp-api/src/main/scala/code/users/LiftUsers.scala index ce1916215..d87798f24 100644 --- a/obp-api/src/main/scala/code/users/LiftUsers.scala +++ b/obp-api/src/main/scala/code/users/LiftUsers.scala @@ -92,13 +92,16 @@ object LiftUsers extends Users with MdcLoggable{ Future(getUsersByUserIds(userIds)) } - override def getUserByUserName(userName: String): Box[User] = { - ResourceUser.find(By(ResourceUser.name_, userName)) + override def getUserByUserName(provider : String, userName: String): Box[User] = { + ResourceUser.find( + By(ResourceUser.provider_, provider), + By(ResourceUser.name_, userName) + ) } override def getUserByProviderAndUsernameFuture(provider: String, username: String): Future[Box[User]] = { Future { - getUserByUserName(username) + getUserByUserName(provider, username) } } diff --git a/obp-api/src/main/scala/code/users/Users.scala b/obp-api/src/main/scala/code/users/Users.scala index f025b29e3..c9ce68ee6 100644 --- a/obp-api/src/main/scala/code/users/Users.scala +++ b/obp-api/src/main/scala/code/users/Users.scala @@ -43,7 +43,7 @@ trait Users { def getUsersByUserIdsFuture(userIds : List[String]) : Future[List[User]] // find ResourceUser by Resourceuser user name - def getUserByUserName(userName: String) : Box[User] + def getUserByUserName(provider: String, userName: String) : Box[User] def getUserByProviderAndUsernameFuture(provider: String, username: String): Future[Box[User]] def getUserByEmail(email: String) : Box[List[ResourceUser]] @@ -87,8 +87,8 @@ class RemotedataUsersCaseClasses { case class getUserByUserId(userId : String) case class getUserByUserIdFuture(userId : String) case class getUsersByUserIdsFuture(userId : List[String]) - case class getUserByUserName(userName : String) - case class getUserByUserNameFuture(userName : String) + case class getUserByUserName(provider : String, userName : String) + case class getUserByUserNameFuture(provider : String, userName : String) case class getUserByEmail(email : String) case class getUserByEmailFuture(email : String) case class getUsersByEmail(email : String) diff --git a/obp-api/src/test/scala/code/api/DirectLoginTest.scala b/obp-api/src/test/scala/code/api/DirectLoginTest.scala index ffbef54db..f49cf2cfa 100644 --- a/obp-api/src/test/scala/code/api/DirectLoginTest.scala +++ b/obp-api/src/test/scala/code/api/DirectLoginTest.scala @@ -1,5 +1,6 @@ package code.api +import code.api.Constant.localIdentityProvider import code.api.util.ErrorMessages import code.api.util.ErrorMessages._ import code.api.v2_0_0.OBPAPI2_0_0.Implementations2_0_0 @@ -184,7 +185,7 @@ class DirectLoginTest extends ServerSetup with BeforeAndAfter { assertResponse(response, ErrorMessages.UsernameHasBeenLocked) Then("We unlock the username") - LoginAttempt.resetBadLoginAttempts(USERNAME) + LoginAttempt.resetBadLoginAttempts(localIdentityProvider, USERNAME) } scenario("Consumer API key is disabled") { @@ -431,7 +432,7 @@ class DirectLoginTest extends ServerSetup with BeforeAndAfter { lazy val validHeadersWithToken = List(accessControlOriginHeader, headerWithToken) // Lock the user in order to test functionality - UserLocksProvider.lockUser(username) + UserLocksProvider.lockUser(localIdentityProvider, username) When("when we use the token to get current user and it should NOT work due to locked user - New Style") lazy val requestCurrentUserNewStyle = baseRequest / "obp" / "v3.0.0" / "users" / "current" diff --git a/obp-api/src/test/scala/code/api/oauthTest.scala b/obp-api/src/test/scala/code/api/oauthTest.scala index 683b35437..9f736907d 100644 --- a/obp-api/src/test/scala/code/api/oauthTest.scala +++ b/obp-api/src/test/scala/code/api/oauthTest.scala @@ -349,7 +349,7 @@ class OAuthTest extends ServerSetup { verifier.asInstanceOf[Failure].msg.contains(ErrorMessages.UsernameHasBeenLocked) Then("We unlock the username") - LoginAttempt.resetBadLoginAttempts(user1.username.get) + LoginAttempt.resetBadLoginAttempts(user1.getProvider(), user1.username.get) } } diff --git a/obp-api/src/test/scala/code/api/v4_0_0/LockUserTest.scala b/obp-api/src/test/scala/code/api/v4_0_0/LockUserTest.scala index d4085f7ab..7f0001faa 100644 --- a/obp-api/src/test/scala/code/api/v4_0_0/LockUserTest.scala +++ b/obp-api/src/test/scala/code/api/v4_0_0/LockUserTest.scala @@ -2,7 +2,7 @@ package code.api.v4_0_0 import code.api.util.APIUtil.OAuth._ import code.api.util.ApiRole.CanLockUser -import code.api.util.ErrorMessages.{UserHasMissingRoles, UserNotFoundByUsername, UserNotLoggedIn} +import code.api.util.ErrorMessages.{UserHasMissingRoles, UserNotFoundByProviderAndUsername, UserNotLoggedIn} import code.api.v4_0_0.OBPAPI4_0_0.Implementations4_0_0 import code.entitlement.Entitlement import com.github.dwickern.macros.NameOf.nameOf @@ -51,7 +51,7 @@ class LockUserTest extends V400ServerSetup { val response400 = makePostRequest(request400, "") Then("We should get a 404") response400.code should equal(404) - response400.body.extract[ErrorMessage].message should be (s"$UserNotFoundByUsername($username)") + response400.body.extract[ErrorMessage].message should be (s"$UserNotFoundByProviderAndUsername($username)") } }