Merge pull request #125 from Linfar/request_97

Add "Map VCS Username From" field to the settings

README.md

@@ -64,7 +64,7 @@ The SAML authentication sequence is a following:
 
 You have an option to create users automatically upon first successful login and provision their data basing on SAML assertion attributes.
 
-In this case you must explicitly specify the source for user full name, e-mail and groups. Valid options are:
+In this case you must explicitly specify the source for user full name, VCS username, e-mail and groups. Valid options are:
 
 * None - no value
 * Name ID - value is taken from the NameId attribute

saml-authentication-server/pom.xml

@@ -31,6 +31,13 @@
             </exclusions>
         </dependency>
 
+        <dependency>
+            <groupId>org.jetbrains.teamcity.internal</groupId>
+            <artifactId>server</artifactId>
+            <version>${teamcity-version-lib}</version>
+            <scope>provided</scope>
+        </dependency>
+
         <dependency>
             <groupId>org.jetbrains.teamcity</groupId>
             <artifactId>server-web-api</artifactId>
@@ -62,7 +69,17 @@
         <dependency>
             <groupId>com.fasterxml.jackson.core</groupId>
             <artifactId>jackson-databind</artifactId>
-            <version>[2.9.9,)</version>
+            <version>2.15.2</version>
+        </dependency>
+        <dependency>
+            <groupId>com.fasterxml.jackson.core</groupId>
+            <artifactId>jackson-core</artifactId>
+            <version>2.15.2</version>
+        </dependency>
+        <dependency>
+            <groupId>com.fasterxml.jackson.core</groupId>
+            <artifactId>jackson-annotations</artifactId>
+            <version>2.15.2</version>
         </dependency>
         <dependency>
             <groupId>org.mockito</groupId>

saml-authentication-server/src/main/java/jetbrains/buildServer/auth/saml/plugin/SamlAuthenticationScheme.java

@@ -23,6 +23,7 @@
 import jetbrains.buildServer.serverSide.auth.ServerPrincipal;
 import jetbrains.buildServer.users.SUser;
 import jetbrains.buildServer.users.UserModel;
+import jetbrains.buildServer.users.impl.UserEx;
 import jetbrains.buildServer.util.StringUtil;
 import jetbrains.buildServer.web.util.WebUtil;
 import lombok.var;
@@ -157,10 +158,14 @@ public HttpAuthenticationResult processAuthenticationRequest(@NotNull HttpServle
                             } else {
                                 String email = getAttribute(auth, settings.getEmailAttributeMapping());
                                 String fullname = getAttribute(auth, settings.getNameAttributeMapping());
+                                String vcsUsername = getAttribute(auth, settings.getVcsUsernameAttributeMapping());
 
                                 LOG.info(String.format("Setting data for new user: username=%s, full name=%s, email=%s", username, fullname, email));
 
                                 user.updateUserAccount(username, fullname, email);
+                                if (StringUtil.isNotEmpty(vcsUsername)) {
+                                    ((UserEx)user).setDefaultVcsUsernames(Collections.singletonList(vcsUsername));
+                                }
                             }
                         }
                     } catch (Exception e) {

saml-authentication-server/src/main/java/jetbrains/buildServer/auth/saml/plugin/SamlPluginSettingsStorageImpl.java

@@ -2,8 +2,10 @@
 
 import com.fasterxml.jackson.databind.ObjectMapper;
 import jetbrains.buildServer.auth.saml.plugin.pojo.SamlPluginSettings;
+import jetbrains.buildServer.log.Loggers;
 import jetbrains.buildServer.serverSide.IOGuard;
 import lombok.Getter;
+import org.codehaus.jackson.map.JsonMappingException;
 import org.springframework.util.StringUtils;
 
 import java.io.IOException;
@@ -31,14 +33,19 @@ public SamlPluginSettings load() throws IOException {
             save(new SamlPluginSettings());
         }
 
-        SamlPluginSettings result = this.objectMapper.readValue(this.configPath.toFile(), SamlPluginSettings.class);
+        try {
+            SamlPluginSettings result = this.objectMapper.readValue(this.configPath.toFile(), SamlPluginSettings.class);
 
-        // some clean-up of additional certs
-        if (result.getAdditionalCerts().stream().allMatch(StringUtils::isEmpty)) {
-            result.getAdditionalCerts().clear();
-        }
+            // some clean-up of additional certs
+            if (result.getAdditionalCerts().stream().allMatch(StringUtils::isEmpty)) {
+                result.getAdditionalCerts().clear();
+            }
 
-        return result;
+            return result;
+        } catch (RuntimeException ex) {
+            Loggers.SERVER.error("Cannot load SAML plugin settings", ex);
+            throw ex;
+        }
     }
 
     @Override

saml-authentication-server/src/main/java/jetbrains/buildServer/auth/saml/plugin/pojo/SamlPluginSettings.java

@@ -1,12 +1,14 @@
 package jetbrains.buildServer.auth.saml.plugin.pojo;
 
+import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
 import lombok.Data;
 
 import javax.validation.constraints.NotEmpty;
 import java.util.ArrayList;
 import java.util.List;
 
 @Data
+@JsonIgnoreProperties(ignoreUnknown = true)
 public class SamlPluginSettings {
 
     @NotEmpty(message = "Issuer URL is mandatory")
@@ -42,5 +44,6 @@ public class SamlPluginSettings {
     SamlAttributeMappingSettings emailAttributeMapping = new SamlAttributeMappingSettings();
     SamlAttributeMappingSettings nameAttributeMapping = new SamlAttributeMappingSettings();
     SamlAttributeMappingSettings groupsAttributeMapping = new SamlAttributeMappingSettings();
+    SamlAttributeMappingSettings vcsUsernameAttributeMapping = new SamlAttributeMappingSettings();
 
 }

saml-authentication-server/src/main/vue/admin-ui/src/services/ISettingsApiService.ts

@@ -46,6 +46,7 @@ export interface SamlSettings {
 
     emailAttributeMapping?: SamlAttributeMapping;
     nameAttributeMapping?: SamlAttributeMapping;
+    vcsUsernameAttributeMapping?: SamlAttributeMapping;
 }
 
 export interface ISettingsApiService {

saml-authentication-server/src/main/vue/admin-ui/src/views/SamlPluginSettings.vue

@@ -109,6 +109,12 @@
           <SamlAttributeSelect v-model="settings.nameAttributeMapping"/>
         </template>
       </RunnerFormRow>
+      <RunnerFormRow v-if="settings.createUsersAutomatically">
+        <template v-slot:label>Map VCS Username From</template>
+        <template v-slot:content>
+          <SamlAttributeSelect v-model="settings.vcsUsernameAttributeMapping"/>
+        </template>
+      </RunnerFormRow>
       <RunnerFormRow v-if="settings.createUsersAutomatically">
         <template v-slot:label>Map Groups From</template>
         <template v-slot:content>

saml-authentication-server/src/test/resources/case 1/saml-plugin.config.json

@@ -1 +1 @@
-{"issuerUrl":"http://sapphirefs.sapphirepri.com/adfs/services/trust","entityId":"https://1057teamcity.sapphirepri.com","ssoEndpoint":"https://sapphirefs.sapphirepri.com/adfs/ls/","publicCertificate":"-----BEGIN CERTIFICATE-----\nMIIC9jCCAd6gAwIBAgIQJmeGLclucKtCk9cr3/S31DANBgkqhkiG9w0BAQsFADA3\nMTUwMwYDVQQDEyxBREZTIEVuY3J5cHRpb24gLSBzYXBwaGlyZWZzLnNhcHBoaXJl\ncHJpLmNvbTAeFw0xOTA5MDExOTM3NTNaFw0yMDA4MzExOTM3NTNaMDcxNTAzBgNV\nBAMTLEFERlMgRW5jcnlwdGlvbiAtIHNhcHBoaXJlZnMuc2FwcGhpcmVwcmkuY29t\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAspmjUBE4OQ1rcs9p3cg3\nZZGSHFe2Z+HEfMWNfyTyIoF0L27VVzZDpTwrfw9goY19dz6M7qH0OOewtX/cMf91\nGxxsaHLnEwgq2H8LO7rpkpXvD4d3nj+bXG5rjJu4sGKF0R1Q1mCHQaDzkFMgB8Rd\ntnCIo7oeTOjU16au8jusuYl4S/gQNcIHcqWk2VtPbXzwn+BUKFIFJH6hqdDN8i73\nrv8aIkwgaEyPgb0imSMOsEPJlHj4pVkvP6jlIIwNXOaIZr9/20t98hOTJJOSGPPB\nUM2gZM4di0Fi2s4gS6PmIPtGbTOJY/ICkUSroZtbkdwRoIzVX5pH2hpYRU3Ylf6D\nXwIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQBExoh26rU8IaolyD2bzYVzvNPQTMmr\n0Pb20715apFag53Mx+XDY+5RhBZr3O9Fi/J28cQ6BT9Z4JDZF/8xz7VSfUOCKctS\nBbXY8RKolHDZ15d4g1TI5pWX1S7qvgRuh1xgaU7xuRyZHX0V/Yn+5kU7+Hv29f7F\nKQzfN1aadylZMEOT4QDXQWFHfIuyIsL6YwgU/bjCig8be9oieFGZaVBq9TXg4Zmy\nKbvoPeYS2w7or5o9w1hv+uVEYDWcmyRooPclqBseX5J5SMqhtXr90JDGj+DsNHWP\ntSwYXPdYLeUBlZJ/hK/6qnCdj/krRanbAMCYdsrzDRB7LPx7MnXF/nEp\n-----END CERTIFICATE-----\n","additionalCerts":["-----BEGIN CERTIFICATE-----\nMIIC8DCCAdigAwIBAgIQF1ekEYWe2YVEW4fG2LZyUjANBgkqhkiG9w0BAQsFADA0\nMTIwMAYDVQQDEylBREZTIFNpZ25pbmcgLSBzYXBwaGlyZWZzLnNhcHBoaXJlcHJp\nLmNvbTAeFw0xOTA5MDExOTM3NTJaFw0yMDA4MzExOTM3NTJaMDQxMjAwBgNVBAMT\nKUFERlMgU2lnbmluZyAtIHNhcHBoaXJlZnMuc2FwcGhpcmVwcmkuY29tMIIBIjAN\nBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvr1bffr2yNlYM0+BxgIv3SE3iAH0\nq8Qgf1LlQYshvZ0B7E+isOnZh8J+7/miKnPRU6FO2Zh5zneVpGJGBzfhI8yE5KZe\nTwv9+UgqoYzNjB4qzC3E2Zud5SZEp/FvnROvWOHmUJIZndFrcP+MsAhucegFYU2G\ndmeJWh/Vxx/0WQZNga0jnGu0pogPOmgxI1WgBh02BHThxUa4aKsYei8w1Q5Y+Rax\n39l5VO4PoL3+amw1wRUeKjb+NnC5h3W2Z5OYKK5caczRZjY/ji7cCWU97BhMZSC/\neTx0vA1FnR4Lnkstb63f7KnCfqcU0Bh2klCSnVgzmGBA67DK58AT6d30BwIDAQAB\nMA0GCSqGSIb3DQEBCwUAA4IBAQA8Z0aMTvOMJJ/A6jgpBRMi2GaBE1HrQI6UGuJ/\nUi7dl6Ka/EHM907OeO+RoEo4zsrJCaJG8PuTpkMR3v5T6m8hhwOhn41oAL4rIs/3\n/7EgUcRdoOALuv+9T/rsaaF29aCeDkXVAuLLwk2Hxa9H/MHl/F/7bms3xEbQfnHP\nGvaen35nFDmLnmHI40XK9RTeXtTcPkH2A3fbZ8sJLPa7/u5z6XVb3yV6TyZOGfij\n3mnK4ijhM/d8gEqLXFsV0813sJQYyl9MPpwkBWkHm4rmYKhn+7e76F/NT5P9xUoK\n3Tqc4kzJXaZwnmlJywjdZM3r3fod75hN4RjUFZYPnIeCGV5x\n-----END CERTIFICATE-----\n"],"ssoCallbackUrl":"https://1057teamcity.sapphirepri.com/app/saml/callback/","hideLoginForm":false,"ssoLoginButtonName":"PRIOS ADFS SSO Login","createUsersAutomatically":false,"assignGroups":false,"removeUnassignedGroups":true,"limitToPostfixes":false,"allowedPostfixes":null,"compressRequest":true,"strict":true,"samlCorsFilter":true,"emailAttributeMapping":{"mappingType":"none","customAttributeName":null},"nameAttributeMapping":{"mappingType":"none","customAttributeName":null},"groupsAttributeMapping":{"mappingType":"none","customAttributeName":null}}
+{"issuerUrl":"http://sapphirefs.sapphirepri.com/adfs/services/trust","entityId":"https://1057teamcity.sapphirepri.com","ssoEndpoint":"https://sapphirefs.sapphirepri.com/adfs/ls/","publicCertificate":"-----BEGIN CERTIFICATE-----\nMIIC9jCCAd6gAwIBAgIQJmeGLclucKtCk9cr3/S31DANBgkqhkiG9w0BAQsFADA3\nMTUwMwYDVQQDEyxBREZTIEVuY3J5cHRpb24gLSBzYXBwaGlyZWZzLnNhcHBoaXJl\ncHJpLmNvbTAeFw0xOTA5MDExOTM3NTNaFw0yMDA4MzExOTM3NTNaMDcxNTAzBgNV\nBAMTLEFERlMgRW5jcnlwdGlvbiAtIHNhcHBoaXJlZnMuc2FwcGhpcmVwcmkuY29t\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAspmjUBE4OQ1rcs9p3cg3\nZZGSHFe2Z+HEfMWNfyTyIoF0L27VVzZDpTwrfw9goY19dz6M7qH0OOewtX/cMf91\nGxxsaHLnEwgq2H8LO7rpkpXvD4d3nj+bXG5rjJu4sGKF0R1Q1mCHQaDzkFMgB8Rd\ntnCIo7oeTOjU16au8jusuYl4S/gQNcIHcqWk2VtPbXzwn+BUKFIFJH6hqdDN8i73\nrv8aIkwgaEyPgb0imSMOsEPJlHj4pVkvP6jlIIwNXOaIZr9/20t98hOTJJOSGPPB\nUM2gZM4di0Fi2s4gS6PmIPtGbTOJY/ICkUSroZtbkdwRoIzVX5pH2hpYRU3Ylf6D\nXwIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQBExoh26rU8IaolyD2bzYVzvNPQTMmr\n0Pb20715apFag53Mx+XDY+5RhBZr3O9Fi/J28cQ6BT9Z4JDZF/8xz7VSfUOCKctS\nBbXY8RKolHDZ15d4g1TI5pWX1S7qvgRuh1xgaU7xuRyZHX0V/Yn+5kU7+Hv29f7F\nKQzfN1aadylZMEOT4QDXQWFHfIuyIsL6YwgU/bjCig8be9oieFGZaVBq9TXg4Zmy\nKbvoPeYS2w7or5o9w1hv+uVEYDWcmyRooPclqBseX5J5SMqhtXr90JDGj+DsNHWP\ntSwYXPdYLeUBlZJ/hK/6qnCdj/krRanbAMCYdsrzDRB7LPx7MnXF/nEp\n-----END CERTIFICATE-----\n","additionalCerts":["-----BEGIN CERTIFICATE-----\nMIIC8DCCAdigAwIBAgIQF1ekEYWe2YVEW4fG2LZyUjANBgkqhkiG9w0BAQsFADA0\nMTIwMAYDVQQDEylBREZTIFNpZ25pbmcgLSBzYXBwaGlyZWZzLnNhcHBoaXJlcHJp\nLmNvbTAeFw0xOTA5MDExOTM3NTJaFw0yMDA4MzExOTM3NTJaMDQxMjAwBgNVBAMT\nKUFERlMgU2lnbmluZyAtIHNhcHBoaXJlZnMuc2FwcGhpcmVwcmkuY29tMIIBIjAN\nBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvr1bffr2yNlYM0+BxgIv3SE3iAH0\nq8Qgf1LlQYshvZ0B7E+isOnZh8J+7/miKnPRU6FO2Zh5zneVpGJGBzfhI8yE5KZe\nTwv9+UgqoYzNjB4qzC3E2Zud5SZEp/FvnROvWOHmUJIZndFrcP+MsAhucegFYU2G\ndmeJWh/Vxx/0WQZNga0jnGu0pogPOmgxI1WgBh02BHThxUa4aKsYei8w1Q5Y+Rax\n39l5VO4PoL3+amw1wRUeKjb+NnC5h3W2Z5OYKK5caczRZjY/ji7cCWU97BhMZSC/\neTx0vA1FnR4Lnkstb63f7KnCfqcU0Bh2klCSnVgzmGBA67DK58AT6d30BwIDAQAB\nMA0GCSqGSIb3DQEBCwUAA4IBAQA8Z0aMTvOMJJ/A6jgpBRMi2GaBE1HrQI6UGuJ/\nUi7dl6Ka/EHM907OeO+RoEo4zsrJCaJG8PuTpkMR3v5T6m8hhwOhn41oAL4rIs/3\n/7EgUcRdoOALuv+9T/rsaaF29aCeDkXVAuLLwk2Hxa9H/MHl/F/7bms3xEbQfnHP\nGvaen35nFDmLnmHI40XK9RTeXtTcPkH2A3fbZ8sJLPa7/u5z6XVb3yV6TyZOGfij\n3mnK4ijhM/d8gEqLXFsV0813sJQYyl9MPpwkBWkHm4rmYKhn+7e76F/NT5P9xUoK\n3Tqc4kzJXaZwnmlJywjdZM3r3fod75hN4RjUFZYPnIeCGV5x\n-----END CERTIFICATE-----\n"],"ssoCallbackUrl":"https://1057teamcity.sapphirepri.com/app/saml/callback/","hideLoginForm":false,"ssoLoginButtonName":"PRIOS ADFS SSO Login","createUsersAutomatically":false,"assignGroups":false,"removeUnassignedGroups":true,"limitToPostfixes":false,"allowedPostfixes":null,"compressRequest":true,"strict":true,"samlCorsFilter":true,"emailAttributeMapping":{"mappingType":"none","customAttributeName":null},"nameAttributeMapping":{"mappingType":"none","customAttributeName":null},"groupsAttributeMapping":{"mappingType":"none","customAttributeName":null},"vcsUsernameAttributeMapping":{"mappingType":"none","customAttributeName":null}}