implement group metadata

vshn · Jan 8, 2025 · b076dd1 · b076dd1
1 parent 718b4f2
commit b076dd1
Show file tree

Hide file tree

Showing 8 changed files with 22 additions and 85 deletions.
diff --git a/app/entities/OpenIdUser.java b/app/entities/OpenIdUser.java
@@ -47,6 +47,7 @@ private OpenIdUser(String idToken, IdToken.Payload idTokenPayload) {
             }
             groupsMetadata = Collections.unmodifiableList(groupsMetadata);
         } catch (Exception e) {
+            e.printStackTrace();
             // too bad
         }
     }

diff --git a/app/entities/ScopedGroup.java b/app/entities/ScopedGroup.java
diff --git a/app/entities/mongodb/MongoDbGroup.java b/app/entities/mongodb/MongoDbGroup.java
@@ -8,7 +8,7 @@
 import org.bson.types.ObjectId;
 
 @Entity(value = "groups", useDiscriminator = false)
-public class MongoDbGroup implements MongoDbEntity, Group {
+public class MongoDbGroup implements MongoDbEntity, Group, Comparable<MongoDbGroup> {
     @Id
     private ObjectId _id;
 
@@ -57,4 +57,9 @@ public void setEmail(String email) {
     public String getPath() {
         return path;
     }
+
+    @Override
+    public int compareTo(MongoDbGroup mongoDbGroup) {
+        return getPath().compareTo(mongoDbGroup.getPath());
+    }
 }
diff --git a/app/services/MongoDb.java b/app/services/MongoDb.java
@@ -6,6 +6,7 @@
 import dev.morphia.mapping.MapperOptions;
 import dev.morphia.Datastore;
 import dev.morphia.Morphia;
+import entities.mongodb.MongoDbGroup;
 import entities.mongodb.MongoDbUser;
 import org.bouncycastle.util.encoders.Hex;
 import play.inject.ApplicationLifecycle;
@@ -33,7 +34,7 @@ public MongoDb(ApplicationLifecycle appLifecycle) {
         String password = Config.get(Config.Option.MONGODB_PASSWORD);
         String hostname = Config.get(Config.Option.MONGODB_HOSTNAME);
         String database = Config.get(Config.Option.MONGODB_DATABASE);
-        // Don't use TLS by default for local development environments and for MongoDBs in OpenShift containers
+        // Use TLS by default except for local development
         Boolean tls = !(Config.getBoolean(Config.Option.MONGODB_DISABLE_TLS) || "localhost".equals(hostname));
         String mongoUrl;
         if (username != null && password != null) {
@@ -49,6 +50,7 @@ public MongoDb(ApplicationLifecycle appLifecycle) {
         MapperOptions mapperOptions = MapperOptions.builder().storeEmpties(false).storeNulls(false).build();
         ds = Morphia.createDatastore(mongoClient, database, mapperOptions);
         ds.getMapper().map(MongoDbUser.class);
+        ds.getMapper().map(MongoDbGroup.class);
         ds.ensureIndexes();
         ds.ensureCaps();
 

diff --git a/app/services/ldap/OpenIdPartition.java b/app/services/ldap/OpenIdPartition.java
@@ -17,7 +17,6 @@
 import store.GroupsStore;
 import store.UsersStore;
 import store.ServicesStore;
-import util.Config;
 import util.CustomLogger;
 
 import javax.inject.Inject;
@@ -30,8 +29,6 @@ public class OpenIdPartition extends AbstractPartition {
 
     private final CustomLogger logger = new CustomLogger(this.getClass());
 
-    private final String groupsScope;
-
     private DnFactory dnFactory;
 
     private final Dn peopleDn;
@@ -56,7 +53,6 @@ public static OpenIdPartition createPartition(SchemaManager schemaManager, DnFac
 
     public OpenIdPartition(SchemaManager schemaManager, DnFactory dnFactory, Dn suffixDn) {
         try {
-            this.groupsScope = normalizeScope(Config.Option.LDAP_GROUPS_SCOPE.get());
             this.dnFactory = dnFactory;
             this.suffixDn = suffixDn;
             this.peopleDn = suffixDn.add("ou=People");
@@ -74,17 +70,6 @@ public OpenIdPartition(SchemaManager schemaManager, DnFactory dnFactory, Dn suff
         }
     }
 
-    private static String normalizeScope(String scope) {
-        scope = scope.trim();
-        if (!scope.startsWith("/")) {
-            scope = "/" + scope;
-        }
-        if (scope.endsWith("/")) {
-            scope = scope.substring(0, scope.length() - 1);
-        }
-        return scope;
-    }
-
     @Override
     protected void doDestroy(PartitionTxn partitionTxn) throws LdapException {
 
@@ -152,8 +137,6 @@ public EntryFilteringCursor search(SearchOperationContext searchContext) throws
             if (service != null && groupsDn.equals(searchContext.getDn().getParent())) { // need to go one level up to remove the ou=SERVICE
                 Evaluator evaluator = evaluatorBuilder.build(null, searchContext.getFilter());
                 List<Entry> entries = groupsStore.getAll()
-                        .map(g -> ScopedGroup.scoped(g, groupsScope))
-                        .filter(Objects::nonNull)
                         .map(g -> groupsEntryFromGroup(g, service))
                         .filter(e -> evaluate(evaluator, e))
                         .collect(Collectors.toList());
@@ -183,7 +166,7 @@ private Entry lookupInternal(LookupOperationContext lookupContext) {
             return peopleEntryFromUser(user, service);
         }
 
-        ScopedGroup group = ScopedGroup.scoped(getGroupByDn(lookupContext.getDn()), groupsScope);
+        Group group = getGroupByDn(lookupContext.getDn());
         if (group != null) {
             return groupsEntryFromGroup(group, service);
         }
@@ -253,7 +236,6 @@ private Entry peopleEntryFromUser(User user, Service service) {
         entry.put("objectClass", "inetOrgPerson", "inetUser", "mailRecipient", "organizationalPerson", "person", "top", "groupMember");
         String[] groups = user.getGroupPaths().stream()
                 .map(groupsStore::getByPath)
-                .map(g -> ScopedGroup.scoped(g, groupsScope))
                 .filter(Objects::nonNull)
                 .map(g -> groupDn(g, service))
                 .map(Dn::toString)
@@ -270,19 +252,25 @@ private Dn userDn(User user, Service service) {
         }
     }
 
-    private Dn groupDn(ScopedGroup group, Service service) {
+    private Dn groupDn(Group group, Service service) {
         try {
             return dnFactory.create("cn=" + group.getCn(), "ou=" + service.getId(), "ou=Groups", getSuffixDn().toString());
         } catch (LdapInvalidDnException e) {
             throw new RuntimeException(e);
         }
     }
 
-    private Entry groupsEntryFromGroup(ScopedGroup group, Service service) {
+    private Entry groupsEntryFromGroup(Group group, Service service) {
         Entry entry = new DefaultEntry(schemaManager, groupDn(group, service));
         entry.put("cn", group.getCn());
         entry.put("objectClass", "groupofuniquenames", "top");
-        entry.put("uniqueMember", usersStore.getByGroupPath(group.getRealGroup().getPath()).map(u -> userDn(u, service)).map(Dn::toString).toArray(String[]::new));
+        entry.put("uniqueMember", usersStore.getByGroupPath(group.getPath()).map(u -> userDn(u, service)).map(Dn::toString).toArray(String[]::new));
+        if (group.getDescription() != null) {
+            entry.put("description", group.getDescription());
+        }
+        if (group.getEmail() != null) {
+            entry.put("mail", group.getEmail());
+        }
         return entry;
     }
 

diff --git a/app/store/UsersStore.java b/app/store/UsersStore.java
@@ -21,8 +21,6 @@ public interface UsersStore {
 
     Stream<? extends User> getByGroupPath(String groupPath);
 
-    Stream<? extends User> getAll();
-
     UserSession createSession(User user, String sessionId, String openIdIdentityToken, String openIdAccessToken, String openIdRefreshToken, Long openIdTokenExpiry);
 
     byte[] getEncryptionKey();

diff --git a/app/store/memory/MemoryUsersStore.java b/app/store/memory/MemoryUsersStore.java
@@ -4,17 +4,13 @@
 import com.google.api.client.auth.oauth2.CredentialRefreshListener;
 import com.google.api.client.auth.oauth2.TokenErrorResponse;
 import com.google.api.client.auth.oauth2.TokenResponse;
-import dev.morphia.UpdateOptions;
-import dev.morphia.query.updates.UpdateOperators;
 import entities.OpenIdUser;
 import entities.Service;
 import entities.User;
 import entities.UserSession;
 import entities.memory.MemoryServicePasswords;
 import entities.memory.MemoryUser;
 import entities.memory.MemoryUserSession;
-import entities.mongodb.MongoDbServicePasswords;
-import entities.mongodb.MongoDbUser;
 import org.apache.directory.api.ldap.model.constants.LdapSecurityConstants;
 import org.apache.directory.api.ldap.model.password.PasswordUtil;
 import play.mvc.Http;
@@ -137,13 +133,6 @@ public Stream<MemoryUser> getByGroupPath(String groupPath) {
         return users.stream().filter(u -> u.getGroupPaths().contains(groupPath));
     }
 
-    @Override
-    public List<User> getAll() {
-        List<User> usersList = new ArrayList<>(users);
-        Collections.sort(usersList, Comparator.comparing(User::getUid));
-        return usersList;
-    }
-
     @Override
     public UserSession createSession(User user, String id, String openIdIdentityToken, String openIdAccessToken, String openIdRefreshToken, Long openIdTokenExpiry) {
         MemoryUser memoryUser = (MemoryUser)user;

diff --git a/app/store/mongodb/MongoDbGroupsStore.java b/app/store/mongodb/MongoDbGroupsStore.java
@@ -42,8 +42,8 @@ public void updateMetadata(Collection<GroupsMetadata> metadata) {
                     continue;
                 }
                 if (!Objects.equals(g.getDescription(), m.getDescription()) || !Objects.equals(g.getEmail(), m.getEmail())) {
-                    g.setDescription(g.getDescription());
-                    g.setEmail(g.getEmail());
+                    g.setDescription(m.getDescription());
+                    g.setEmail(m.getEmail());
                     query(g).update(new UpdateOptions(), UpdateOperators.set("description", g.getDescription()), UpdateOperators.set("email", g.getEmail()));
                 }
             }