feat(core): default blocked login checker

Added check that none of the default blocked logins is already used.

Author: sarkapalkovicova

perun-core/src/main/java/cz/metacentrum/perun/core/impl/DefaultBlockedLoginChecker.java

@@ -0,0 +1,53 @@
+package cz.metacentrum.perun.core.impl;
+
+import cz.metacentrum.perun.core.api.BeansUtils;
+import cz.metacentrum.perun.core.api.ExtSourcesManager;
+import cz.metacentrum.perun.core.api.PerunClient;
+import cz.metacentrum.perun.core.api.PerunPrincipal;
+import cz.metacentrum.perun.core.api.PerunSession;
+import cz.metacentrum.perun.core.api.exceptions.InternalErrorException;
+import cz.metacentrum.perun.core.bl.PerunBl;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import java.util.Set;
+
+/**
+ * This component checks that none of the default blocked logins is already used.
+ *
+ * @author Sarka Palkovicova
+ */
+public class DefaultBlockedLoginChecker {
+	private static final Logger log = LoggerFactory.getLogger(DefaultBlockedLoginChecker.class);
+	private final PerunSession sess;
+	private PerunBl perunBl;
+
+	public DefaultBlockedLoginChecker(PerunBl perunBl) {
+		String synchronizerPrincipal = "perunDefaultBlockedLoginChecker";
+		this.sess = perunBl.getPerunSession(
+			new PerunPrincipal(synchronizerPrincipal, ExtSourcesManager.EXTSOURCE_NAME_INTERNAL, ExtSourcesManager.EXTSOURCE_INTERNAL),
+			new PerunClient());
+		this.perunBl = perunBl;
+	}
+
+	public PerunBl getPerunBl() {
+		return perunBl;
+	}
+
+	public void setPerunBl(PerunBl perunBl) {
+		this.perunBl = perunBl;
+	}
+
+	public void checkDefaultBlockedLogins() {
+		log.debug("DefaultBlockedLoginChecker starts checking default blocked logins.");
+
+		Set<String> logins = BeansUtils.getCoreConfig().getBlockedLogins();
+		for (String login : logins) {
+			if (perunBl.getAttributesManagerBl().isLoginAlreadyUsed(sess, login, null)) {
+				log.error("Login {} can not be blocked by default because it is already used.", login);
+				throw new InternalErrorException("Login " + login + " can not be blocked by default because it is already used. Please edit the core config!");
+			}
+		}
+	}
+
+}

perun-core/src/main/resources/perun-core.xml

@@ -466,6 +466,11 @@ http://www.springframework.org/schema/task http://www.springframework.org/schema
 	<bean id="resourceAssignmentChecker" class="cz.metacentrum.perun.core.impl.ResourceAssignmentChecker" scope="singleton" depends-on="databaseManagerBl">
 		<constructor-arg ref="perun" />
 	</bean>
+
+	<bean id="defaultBlockedLoginChecker" class="cz.metacentrum.perun.core.impl.DefaultBlockedLoginChecker" scope="singleton" init-method="checkDefaultBlockedLogins" depends-on="attributesManagerBl">
+		<constructor-arg ref="perun" />
+	</bean>
+
 	<!-- merged from perun-core-transaction-manager.xml -->
 	<bean id="perunTransactionManager" class="cz.metacentrum.perun.core.impl.PerunTransactionManager">
 		<property name="dataSource" ref="dataSource"/>

perun-core/src/test/java/cz/metacentrum/perun/core/impl/DefaultBlockedLoginCheckerTest.java

@@ -0,0 +1,101 @@
+package cz.metacentrum.perun.core.impl;
+
+import cz.metacentrum.perun.core.AbstractPerunIntegrationTest;
+import cz.metacentrum.perun.core.api.Attribute;
+import cz.metacentrum.perun.core.api.BeansUtils;
+import cz.metacentrum.perun.core.api.CoreConfig;
+import cz.metacentrum.perun.core.api.User;
+import cz.metacentrum.perun.core.api.exceptions.AttributeDefinitionExistsException;
+import cz.metacentrum.perun.core.api.exceptions.InternalErrorException;
+import cz.metacentrum.perun.core.api.exceptions.WrongAttributeAssignmentException;
+import cz.metacentrum.perun.core.api.exceptions.WrongAttributeValueException;
+import cz.metacentrum.perun.core.api.exceptions.WrongReferenceAttributeValueException;
+import org.junit.Before;
+import org.junit.Test;
+
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.HashSet;
+import java.util.List;
+
+import static org.junit.Assert.assertNotNull;
+import static org.junit.Assert.assertThrows;
+
+public class DefaultBlockedLoginCheckerTest extends AbstractPerunIntegrationTest {
+	private final static String CLASS_NAME = "DefaultBlockedLoginChecker.";
+	private final static String LOGIN = "testLogin";
+
+	private User user;
+	private Attribute attr;
+
+	DefaultBlockedLoginChecker defaultBlockedLoginChecker;
+
+	@Before
+	public void setUp() throws Exception {
+		defaultBlockedLoginChecker = new DefaultBlockedLoginChecker(perun);
+
+		setUser();
+		setLoginNamespaceAttribute();
+	}
+
+	@Test
+	public void defaultBlockedLoginAlreadyUsed() {
+		System.out.println(CLASS_NAME + "defaultBlockedLoginIsAlreadyUsed");
+
+		List<String> originalAdmins = BeansUtils.getCoreConfig().getAdmins();
+		try {
+			// configure admins to contain one login - testLogin
+			BeansUtils.getCoreConfig().setAdmins(Collections.singletonList(LOGIN));
+			assertThrows(InternalErrorException.class, () -> defaultBlockedLoginChecker.checkDefaultBlockedLogins());
+		} finally {
+			// set admins back to the original admins
+			BeansUtils.getCoreConfig().setAdmins(originalAdmins);
+		}
+	}
+
+	@Test
+	public void defaultBlockedLoginAreNotUsed() {
+		System.out.println(CLASS_NAME + "defaultBlockedLoginAreNotUsed");
+
+		CoreConfig originalConfig = BeansUtils.getCoreConfig();
+		try {
+			// set new core config
+			CoreConfig cfNew = new CoreConfig();
+
+			cfNew.setAdmins(new ArrayList<>());
+			cfNew.setEnginePrincipals(new ArrayList<>());
+			cfNew.setNotificationPrincipals(new ArrayList<>());
+			cfNew.setDontLookupUsers(new HashSet<>());
+			cfNew.setRegistrarPrincipals(new ArrayList<>());
+			cfNew.setRpcPrincipal(null);
+			cfNew.setInstanceId("test");
+
+			BeansUtils.setConfig(cfNew);
+
+			defaultBlockedLoginChecker.checkDefaultBlockedLogins();
+		} finally {
+			// set core config back to original
+			BeansUtils.setConfig(originalConfig);
+		}
+	}
+
+	private void setUser() {
+		user = new User();
+		user.setFirstName("Joe");
+		user.setLastName("Doe");
+		user = perun.getUsersManagerBl().createUser(sess, user);
+		assertNotNull(user);
+	}
+
+	private void setLoginNamespaceAttribute() throws AttributeDefinitionExistsException, WrongAttributeAssignmentException, WrongReferenceAttributeValueException, WrongAttributeValueException {
+		attr = new Attribute();
+		attr.setNamespace("urn:perun:user:attribute-def:def");
+		attr.setFriendlyName("login-namespace:META-login");
+		attr.setType(String.class.getName());
+		attr.setValue(LOGIN);
+
+		assertNotNull("unable to create login namespace attribute", perun.getAttributesManagerBl().createAttribute(sess, attr));
+
+		perun.getAttributesManagerBl().setAttribute(sess, user, attr);
+	}
+}