Merge pull request #3981 from sarkapalkovicova/lsaai_login_policy

sarkapalkovicova · web-flow · commit b056cd448094 · 2023-06-23T14:21:49.000+02:00
feat(core): lsaai login policy
diff --git a/perun-core/src/main/java/cz/metacentrum/perun/core/impl/modules/attributes/urn_perun_user_attribute_def_def_login_namespace_lifescienceid_username.java b/perun-core/src/main/java/cz/metacentrum/perun/core/impl/modules/attributes/urn_perun_user_attribute_def_def_login_namespace_lifescienceid_username.java
@@ -4,24 +4,80 @@
 import cz.metacentrum.perun.core.api.AttributeDefinition;
 import cz.metacentrum.perun.core.api.AttributesManager;
 import cz.metacentrum.perun.core.api.User;
+import cz.metacentrum.perun.core.api.exceptions.AlreadyReservedLoginException;
 import cz.metacentrum.perun.core.api.exceptions.AttributeNotExistsException;
+import cz.metacentrum.perun.core.api.exceptions.ConsistencyErrorException;
 import cz.metacentrum.perun.core.api.exceptions.InternalErrorException;
+import cz.metacentrum.perun.core.api.exceptions.LoginIsAlreadyBlockedException;
 import cz.metacentrum.perun.core.api.exceptions.WrongAttributeAssignmentException;
 import cz.metacentrum.perun.core.api.exceptions.WrongAttributeValueException;
 import cz.metacentrum.perun.core.api.exceptions.WrongReferenceAttributeValueException;
-import cz.metacentrum.perun.core.blImpl.ModulesUtilsBlImpl;
 import cz.metacentrum.perun.core.impl.PerunSessionImpl;
 
+import java.util.List;
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
+
 public class urn_perun_user_attribute_def_def_login_namespace_lifescienceid_username extends urn_perun_user_attribute_def_def_login_namespace{
 	private final static String elixirUsername = "urn:perun:user:attribute-def:def:login-namespace:elixir";
 	private final static String bbmriUsername = "urn:perun:user:attribute-def:def:login-namespace:bbmri";
 
+	private static final Pattern startWithLetterPattern = Pattern.compile("^[A-Za-z].*$");
+	private static final Pattern onlyNumbersPattern = Pattern.compile("^[0-9]+$");
+
+
 	@Override
 	public void changedAttributeHook(PerunSessionImpl sess, User user, Attribute attribute) {
 		trySetAttribute(sess, user, attribute, elixirUsername);
 		trySetAttribute(sess, user, attribute, bbmriUsername);
 	}
 
+	@Override
+	public void checkAttributeSyntax(PerunSessionImpl sess, User user, Attribute attribute) throws WrongAttributeValueException {
+		super.checkAttributeSyntax(sess, user, attribute);
+
+		if (attribute.getValue() == null) return;
+
+		String value = attribute.valueAsString();
+
+		Matcher onlyNumbersMatcher = onlyNumbersPattern.matcher(value);
+		if (onlyNumbersMatcher.matches()) {
+			throw new WrongAttributeValueException(attribute, user, "Login can not consist of only numbers.");
+		}
+
+		Matcher startWithLetterMatcher = startWithLetterPattern.matcher(value);
+		if (!startWithLetterMatcher.matches()) {
+			throw new WrongAttributeValueException(attribute, user, "Login must start with a letter.");
+		}
+	}
+
+	@Override
+	public void checkAttributeSemantics(PerunSessionImpl sess, User user, Attribute attribute) throws WrongReferenceAttributeValueException, WrongAttributeAssignmentException {
+		String userLogin = attribute.valueAsString();
+		if (userLogin == null) {
+			throw new WrongReferenceAttributeValueException(attribute, null, user, null, "Value can't be null");
+		}
+		List<User> usersWithSameLogin = sess.getPerunBl().getUsersManagerBl().getUsersByAttribute(sess, attribute, true);
+		usersWithSameLogin.remove(user);
+
+		if (!usersWithSameLogin.isEmpty()) {
+			if(usersWithSameLogin.size() > 1) {
+				throw new ConsistencyErrorException("FATAL ERROR: Duplicated Login detected." +  attribute + " " + usersWithSameLogin);
+			}
+			throw new WrongReferenceAttributeValueException(attribute, attribute, user, null, usersWithSameLogin.get(0), null, "This login " + attribute.getValue() + " is already occupied.");
+		}
+
+		try {
+			String namespace = attribute.getFriendlyNameParameter();
+			sess.getPerunBl().getUsersManagerBl().checkReservedLogins(sess, namespace, userLogin, true);
+			sess.getPerunBl().getUsersManagerBl().checkBlockedLogins(sess, namespace, userLogin, true);
+		} catch (AlreadyReservedLoginException ex) {
+			throw new WrongReferenceAttributeValueException(attribute, null, user, null, null, null, "Login in specific namespace already reserved.", ex);
+		} catch (LoginIsAlreadyBlockedException ex) {
+			throw new WrongReferenceAttributeValueException(attribute, null, "Login is blocked.", ex);
+		}
+	}
+
 	/**
 	 * Set attribute if it is not filled yet
 	 */
diff --git a/perun-core/src/test/java/cz/metacentrum/perun/core/impl/modules/attributes/urn_perun_user_attribute_def_def_login_namespace_lifescienceid_usernameTest.java b/perun-core/src/test/java/cz/metacentrum/perun/core/impl/modules/attributes/urn_perun_user_attribute_def_def_login_namespace_lifescienceid_usernameTest.java
@@ -0,0 +1,113 @@
+package cz.metacentrum.perun.core.impl.modules.attributes;
+
+import cz.metacentrum.perun.core.api.Attribute;
+import cz.metacentrum.perun.core.api.AttributesManager;
+import cz.metacentrum.perun.core.api.BeansUtils;
+import cz.metacentrum.perun.core.api.CoreConfig;
+import cz.metacentrum.perun.core.api.User;
+import cz.metacentrum.perun.core.api.exceptions.WrongAttributeValueException;
+import cz.metacentrum.perun.core.api.exceptions.WrongReferenceAttributeValueException;
+import cz.metacentrum.perun.core.bl.PerunBl;
+import cz.metacentrum.perun.core.bl.UsersManagerBl;
+import cz.metacentrum.perun.core.impl.PerunSessionImpl;
+import cz.metacentrum.perun.core.impl.modules.pwdmgr.LifescienceidusernamePasswordManagerModule;
+import cz.metacentrum.perun.core.implApi.modules.pwdmgr.PasswordManagerModule;
+import org.junit.AfterClass;
+import org.junit.Before;
+import org.junit.BeforeClass;
+import org.junit.Test;
+
+import java.util.ArrayList;
+import java.util.List;
+
+import static java.util.Collections.emptyList;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.when;
+
+public class urn_perun_user_attribute_def_def_login_namespace_lifescienceid_usernameTest {
+	private static urn_perun_user_attribute_def_def_login_namespace_lifescienceid_username classInstance;
+	private static PerunSessionImpl session;
+	private static final User user = new User(1, "User", "1", "", "", "");
+	private static final User user2 = new User(2, "User", "2", "", "", "");
+	private static Attribute attributeToCheck;
+	private static CoreConfig originalCoreConfig;
+	private static final CoreConfig mockedCoreConfig = mock(CoreConfig.class);
+
+	@BeforeClass
+	public static void setUpCoreConfig() {
+		originalCoreConfig = BeansUtils.getCoreConfig();
+		BeansUtils.setConfig(mockedCoreConfig);
+		when(mockedCoreConfig.getGeneratedLoginNamespaces())
+			.thenReturn(emptyList());
+	}
+
+	@AfterClass
+	public static void resetCoreConfig() {
+		BeansUtils.setConfig(originalCoreConfig);
+	}
+
+	@Before
+	public void setUp() {
+		classInstance = new urn_perun_user_attribute_def_def_login_namespace_lifescienceid_username();
+		session = mock(PerunSessionImpl.class);
+		attributeToCheck = new Attribute();
+		attributeToCheck.setNamespace(AttributesManager.NS_USER_ATTR_DEF);
+		attributeToCheck.setFriendlyName("login-namespace:lifescienceid-username");
+		attributeToCheck.setValue("test");
+
+		PerunBl perunBl = mock(PerunBl.class);
+		when(session.getPerunBl()).thenReturn(perunBl);
+		UsersManagerBl usersManagerBl = mock(UsersManagerBl.class);
+		when(session.getPerunBl().getUsersManagerBl()).thenReturn(usersManagerBl);
+		PasswordManagerModule module = mock(LifescienceidusernamePasswordManagerModule.class);
+		when(session.getPerunBl().getUsersManagerBl().getPasswordManagerModule(session, "lifescienceid-username")).thenReturn(module);
+	}
+
+	@Test(expected = WrongAttributeValueException.class)
+	public void testSyntaxOnlyNumbers() throws Exception {
+		System.out.println("testSyntaxOnlyNumbers()");
+		attributeToCheck.setValue("1234");
+
+		classInstance.checkAttributeSyntax(session, user, attributeToCheck);
+	}
+
+	@Test(expected = WrongAttributeValueException.class)
+	public void testSyntaxStartWithNumber() throws Exception {
+		System.out.println("testSyntaxStartWithNumber()");
+		attributeToCheck.setValue("1aaa");
+
+		classInstance.checkAttributeSyntax(session, user, attributeToCheck);
+	}
+
+	@Test
+	public void testSyntaxStartWithLetter() throws Exception {
+		System.out.println("testSyntaxStartWithLetter()");
+		attributeToCheck.setValue("a111");
+
+		classInstance.checkAttributeSyntax(session, user, attributeToCheck);
+	}
+
+	@Test(expected = WrongReferenceAttributeValueException.class)
+	public void testCheckAttributeSemanticsWithNullAttribute() throws Exception {
+		System.out.println("testCheckAttributeSemanticsWithNullAttribute()");
+		attributeToCheck.setValue(null);
+
+		classInstance.checkAttributeSemantics(session, user, attributeToCheck);
+	}
+
+	@Test(expected = WrongReferenceAttributeValueException.class)
+	public void testCheckAttributeSemanticsDuplicateDetected() throws Exception {
+		System.out.println("testCheckAttributeSemanticsDuplicateDetected()");
+		when(session.getPerunBl().getUsersManagerBl().getUsersByAttribute(session, attributeToCheck, true)).thenReturn(new ArrayList<>(List.of(user, user2)));
+
+		classInstance.checkAttributeSemantics(session, user, attributeToCheck);
+	}
+
+	@Test
+	public void testCheckAttributeSemanticsCorrectValue() throws Exception {
+		System.out.println("testCheckAttributeSemanticsCorrectValue()");
+		when(session.getPerunBl().getUsersManagerBl().getUsersByAttribute(session, attributeToCheck, true)).thenReturn(new ArrayList<>(List.of(user)));
+
+		classInstance.checkAttributeSemantics(session, user, attributeToCheck);
+	}
+}
