From 0422053daefa696709ce09af767e379ce5ca1fbe Mon Sep 17 00:00:00 2001 From: Andrea Di Cesare Date: Tue, 24 Jan 2017 21:36:21 +0100 Subject: [PATCH] extend configuration of DbIdentityManager to allow specifying prop names for id, passoword and roles https://softinstigate.atlassian.net/browse/RH-224 --- etc/security.yml | 3 + .../metadata/singletons/HashTransformer.java | 4 +- .../security/impl/DbIdentityManager.java | 80 ++++++++++++++----- 3 files changed, 66 insertions(+), 21 deletions(-) diff --git a/etc/security.yml b/etc/security.yml index c6382547e..2165a66f5 100644 --- a/etc/security.yml +++ b/etc/security.yml @@ -24,6 +24,9 @@ users: dbim: - db: userbase coll: accounts + prop-name-id: _id + prop-name-password: password + prop-name-roles: roles bcrypt-hashed-password: false cache-enabled: false cache-size: 1000 diff --git a/src/main/java/org/restheart/hal/metadata/singletons/HashTransformer.java b/src/main/java/org/restheart/hal/metadata/singletons/HashTransformer.java index e412d6f8b..1bb10d221 100644 --- a/src/main/java/org/restheart/hal/metadata/singletons/HashTransformer.java +++ b/src/main/java/org/restheart/hal/metadata/singletons/HashTransformer.java @@ -80,7 +80,7 @@ public void transform( if (_tohash == null || !_tohash.isArray()) { context.addWarning("transformer wrong definition: " - + "args must be an object as {'props': [ 'password'], " + + "args must be an object as {'props': [ 'password' ], " + "'complexity': 12 }"); } @@ -90,7 +90,7 @@ public void transform( if (_complexity != null && !_complexity.isNumber()) { context.addWarning("transformer wrong definition: " - + "args must be an object as {'props': [ 'password'], " + + "args must be an object as {'props': [ 'password' ], " + "'complexity': 12 }"); } diff --git a/src/main/java/org/restheart/security/impl/DbIdentityManager.java b/src/main/java/org/restheart/security/impl/DbIdentityManager.java index 1faaa96d2..3332f6725 100644 --- a/src/main/java/org/restheart/security/impl/DbIdentityManager.java +++ b/src/main/java/org/restheart/security/impl/DbIdentityManager.java @@ -60,6 +60,9 @@ public final class DbIdentityManager private String db; private String coll; + private String propertyNameId = "_id"; + private String propertyNamePassword = "password"; + private String propertyNameRoles = "roles"; private Boolean bcryptHashedPassword = false; private Boolean cacheEnabled = false; private Long cacheSize = 1_000l; // 1000 entries @@ -126,7 +129,11 @@ Consumer> consumeConfiguration() { Object _cacheTTL = ci.get("cache-ttl"); Object _cacheExpirePolicy = ci.get("cache-expire-policy"); Object _bcryptHashedPassword = ci.get("bcrypt-hashed-password"); - + + Object _propertyNameId = ci.get("prop-name-id"); + Object _propertyNamePassword = ci.get("prop-name-password"); + Object _propertyNameRoles = ci.get("prop-name-roles"); + if (_db == null || !(_db instanceof String)) { throw new IllegalArgumentException( "wrong configuration file format. " @@ -175,6 +182,27 @@ Consumer> consumeConfiguration() { "wrong configuration file format. " + "bcrypt-hashed-password must be a boolean"); } + + if (_propertyNameId != null + && !(_propertyNameId instanceof String)) { + throw new IllegalArgumentException( + "wrong configuration file format. " + + "prop-name-id must be a string"); + } + + if (_propertyNamePassword != null + && !(_propertyNamePassword instanceof String)) { + throw new IllegalArgumentException( + "wrong configuration file format. " + + "prop-name-password must be a string"); + } + + if (_propertyNameRoles != null + && !(_propertyNameRoles instanceof String)) { + throw new IllegalArgumentException( + "wrong configuration file format. " + + "prop-name-roles must be a string"); + } this.db = (String) _db; this.coll = (String) _coll; @@ -214,6 +242,18 @@ Consumer> consumeConfiguration() { if (_bcryptHashedPassword != null) { this.bcryptHashedPassword = (Boolean) _bcryptHashedPassword; } + + if (_propertyNameId != null) { + this.propertyNameId = (String) _propertyNameId; + } + + if (_propertyNamePassword != null) { + this.propertyNamePassword = (String) _propertyNamePassword; + } + + if (_propertyNameRoles != null) { + this.propertyNameRoles = (String) _propertyNameRoles; + } }; } @@ -284,50 +324,52 @@ private SimpleAccount getAccount(String id) { } } - private SimpleAccount findAccount(String _id) { - Bson query = eq("_id", _id); + private SimpleAccount findAccount(String id) { + Bson query = eq(this.propertyNameId, id); FindIterable result = mongoColl .find(query) .limit(1); if (result == null || !result.iterator().hasNext()) { - LOGGER.debug("no account found with _id: {}", _id); + LOGGER.debug("no account found with id: {}", id); return null; } BsonDocument _account = result.iterator().next(); - if (!_account.containsKey("password")) { - LOGGER.error("account with _id: {} does not have password property", - _id); + if (!_account.containsKey(this.propertyNamePassword)) { + LOGGER.error("account with id: {} does not have password {}", + id, + this.propertyNamePassword); return null; } - BsonValue _password = _account.get("password"); + BsonValue _password = _account.get(this.propertyNamePassword); if (_password == null || !_password.isString()) { LOGGER.debug( - "account with _id: {} " + "account with id: {} " + "has an invalid password (not string): {}", - _id, _password); + id, _password); return null; } String password = _password.asString().getValue(); - if (!_account.containsKey("roles")) { - LOGGER.error("account with _id: {} does not have roles property", - _id); + if (!_account.containsKey(this.propertyNameRoles)) { + LOGGER.error("account with id: {} does not have {} property", + id, + this.propertyNameRoles); return null; } - BsonValue _roles = _account.get("roles"); + BsonValue _roles = _account.get(this.propertyNameRoles); if (_roles == null || !_roles.isArray()) { LOGGER.debug( - "account with _id: {} has an invalid roles (not array): {}", - _id, _roles); + "account with id: {} has an invalid roles (not array): {}", + id, _roles); return null; } @@ -340,12 +382,12 @@ private SimpleAccount findAccount(String _id) { roles.add(el.asString().getValue()); } else { LOGGER.debug( - "account with _id: {} " + "account with _d: {} " + "has a not string role: {} ; ignoring it", - _id, el); + id, el); } }); - return new SimpleAccount(_id, password.toCharArray(), roles); + return new SimpleAccount(id, password.toCharArray(), roles); } }