From fb04e6d2c89ca65ea38ea600f344bc31d1010b7b Mon Sep 17 00:00:00 2001 From: Thisara-Welmilla Date: Tue, 12 Dec 2023 15:16:10 +0530 Subject: [PATCH] Improve JIT provisioning --- ...ProvisioningPostAuthenticationHandler.java | 58 +++++++++++-------- 1 file changed, 34 insertions(+), 24 deletions(-) diff --git a/components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/main/java/org/wso2/carbon/identity/application/authentication/framework/handler/request/impl/JITProvisioningPostAuthenticationHandler.java b/components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/main/java/org/wso2/carbon/identity/application/authentication/framework/handler/request/impl/JITProvisioningPostAuthenticationHandler.java index c34c25a0c511..9c07c730b138 100644 --- a/components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/main/java/org/wso2/carbon/identity/application/authentication/framework/handler/request/impl/JITProvisioningPostAuthenticationHandler.java +++ b/components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/main/java/org/wso2/carbon/identity/application/authentication/framework/handler/request/impl/JITProvisioningPostAuthenticationHandler.java @@ -205,30 +205,7 @@ private PostAuthnHandlerFlowStatus handleResponseFlow(HttpServletRequest request } String username = getUsernameFederatedUser(stepConfig, sequenceConfig, externalIdPConfigName, context, localClaimValues, externalIdPConfig); - if (context.getProperty(FrameworkConstants.CHANGING_USERNAME_ALLOWED) != null) { - username = request.getParameter(FrameworkConstants.USERNAME); - try { - /* - Checks whether the provided user is already existing in the system. If so an exception - will be thrown. - */ - UserRealm realm = getUserRealm(context.getTenantDomain()); - UserStoreManager userStoreManager = getUserStoreManager(context.getExternalIdP() - .getProvisioningUserStoreId(), realm, username); - String sanitizedUserName = UserCoreUtil.removeDomainFromName( - MultitenantUtils.getTenantAwareUsername(username)); - if (userStoreManager.isExistingUser(sanitizedUserName)) { - // Logging the error because the thrown exception is handled in the UI. - log.error(ErrorMessages.USER_ALREADY_EXISTS_ERROR.getCode() + " - " - + ErrorMessages.USER_ALREADY_EXISTS_ERROR.getMessage()); - handleExceptions(ErrorMessages.USER_ALREADY_EXISTS_ERROR.getMessage(), - "provided.username.already.exists", null); - } - } catch (UserStoreException e) { - handleExceptions(ErrorMessages.ERROR_WHILE_CHECKING_USERNAME_EXISTENCE.getMessage(), - "error.user.existence", e); - } - } + validateUsername(context, username); callDefaultProvisioningHandler(username, context, externalIdPConfig, combinedLocalClaims, stepConfig); handleConsents(request, stepConfig, context.getTenantDomain()); @@ -353,6 +330,9 @@ private PostAuthnHandlerFlowStatus handleRequestFlow(HttpServletRequest request, username, request); // Set the property to make sure the request is a returning one. context.setProperty(FrameworkConstants.PASSWORD_PROVISION_REDIRECTION_TRIGGERED, true); + if (!externalIdPConfig.isModifyUserNameAllowed()) { + validateUsername(context, username); + } return PostAuthnHandlerFlowStatus.INCOMPLETE; } if (StringUtils.isEmpty(associatedLocalUser) && externalIdPConfig.isAssociateLocalUserEnabled()) { @@ -428,6 +408,9 @@ private PostAuthnHandlerFlowStatus handleRequestFlow(HttpServletRequest request, localClaimValues.get(EMAIL_ADDRESS_CLAIM))) { username = UserCoreUtil.addTenantDomainToEntry(username, context.getTenantDomain()); } + if (StringUtils.isEmpty(associatedLocalUser)) { + validateUsername(context, username); + } callDefaultProvisioningHandler(username, context, externalIdPConfig, localClaimValues, stepConfig); } @@ -1159,4 +1142,31 @@ private String getUserStoreDomain(String provisioningUserStoreId, UserRealm real } return userStoreDomain; } + + + private void validateUsername(AuthenticationContext context, String username) + throws PostAuthenticationFailedException { + + try { + /* + Checks whether the provided user is already existing in the system. If so an exception + will be thrown. + */ + UserRealm realm = getUserRealm(context.getTenantDomain()); + UserStoreManager userStoreManager = getUserStoreManager(context.getExternalIdP() + .getProvisioningUserStoreId(), realm, username); + String sanitizedUserName = UserCoreUtil.removeDomainFromName( + MultitenantUtils.getTenantAwareUsername(username)); + if (userStoreManager.isExistingUser(sanitizedUserName)) { + // Logging the error because the thrown exception is handled in the UI. + log.error(ErrorMessages.USER_ALREADY_EXISTS_ERROR.getCode() + " - " + + ErrorMessages.USER_ALREADY_EXISTS_ERROR.getMessage()); + handleExceptions(ErrorMessages.USER_ALREADY_EXISTS_ERROR.getMessage(), + ErrorMessages.USER_ALREADY_EXISTS_ERROR.getCode(), null); + } + } catch (UserStoreException e) { + handleExceptions(ErrorMessages.ERROR_WHILE_CHECKING_USERNAME_EXISTENCE.getMessage(), + "error.user.existence", e); + } + } }