From b4a3ca2d75c0b6f9f61d4fb255133fbfbc7b37ee Mon Sep 17 00:00:00 2001 From: mpmadhavig Date: Sun, 8 Oct 2023 22:21:54 +0530 Subject: [PATCH 1/3] Resolve possible users from all user stores. --- .../login/resolver/regex/RegexResolver.java | 103 ++++++++++++++++++ ...MultiAttributeLoginServiceServiceImpl.java | 21 ++++ 2 files changed, 124 insertions(+) diff --git a/components/org.wso2.carbon.identity.multi.attribute.login/org.wso2.carbon.identity.multi.attribute.login.resolver.regex/src/main/java/org/wso2/carbon/identity/multi/attribute/login/resolver/regex/RegexResolver.java b/components/org.wso2.carbon.identity.multi.attribute.login/org.wso2.carbon.identity.multi.attribute.login.resolver.regex/src/main/java/org/wso2/carbon/identity/multi/attribute/login/resolver/regex/RegexResolver.java index 0653183922..6a7f472787 100644 --- a/components/org.wso2.carbon.identity.multi.attribute.login/org.wso2.carbon.identity.multi.attribute.login.resolver.regex/src/main/java/org/wso2/carbon/identity/multi/attribute/login/resolver/regex/RegexResolver.java +++ b/components/org.wso2.carbon.identity.multi.attribute.login/org.wso2.carbon.identity.multi.attribute.login.resolver.regex/src/main/java/org/wso2/carbon/identity/multi/attribute/login/resolver/regex/RegexResolver.java @@ -34,6 +34,7 @@ import org.wso2.carbon.user.core.constants.UserCoreClaimConstants; import org.wso2.carbon.user.core.util.UserCoreUtil; +import java.util.ArrayList; import java.util.HashMap; import java.util.HashSet; import java.util.List; @@ -71,6 +72,42 @@ public ResolvedUserResult resolveUser(String loginAttribute, List allowe return resolvedUserResult; } + /** + * {@inheritDoc} + */ + @Override + public List resolvePossibleUsers(String loginAttribute, List allowedAttributes, + String tenantDomain) { + + List resolvedUserResults = new ArrayList(); + try { + if (allowedAttributes == null) { + return resolvedUserResults; + } + UserRealm userRealm = UserResolverUtil.getUserRealm(tenantDomain); + UniqueIDUserStoreManager userStoreManager = UserResolverUtil.getUserStoreManager(tenantDomain); + ClaimManager claimManager = userRealm.getClaimManager(); + + resolveUniqueUsersForUserStoreByClaims(loginAttribute, allowedAttributes, claimManager, userStoreManager, + resolvedUserResults); + + /* + resolve user if allowed attributes has only username claim, + but username claim has no configured regex pattern. + */ + if (allowedAttributes.size() == 1 && resolvedUserResults.isEmpty() && + allowedAttributes.contains(UserCoreClaimConstants.USERNAME_CLAIM_URI)) { + List userList = userStoreManager.getUserListWithID(UserCoreClaimConstants.USERNAME_CLAIM_URI, + loginAttribute, null); + setPossibleUserResult(userList, UserCoreClaimConstants.USERNAME_CLAIM_URI, loginAttribute, + resolvedUserResults); + } + } catch (UserStoreException e) { + log.error("Error occurred while resolving user names.", e); + } + return resolvedUserResults; + } + private void resolveDistinctUsersForClaims(String loginAttribute, List allowedAttributes, ClaimManager claimManager, UniqueIDUserStoreManager userStoreManager, @@ -231,4 +268,70 @@ public AuthenticationResult authenticateWithIdentifier(String loginAttributeValu } return authenticationResult; } + + /** + * This method is used to resolve unique users for user store by claims. + * + * @param loginAttribute Login attribute. + * @param allowedAttributes Allowed attributes. + * @param claimManager Claim manager. + * @param userStoreManager User store manager. + * @param resolvedUserResults List of resolved user results. + * @throws UserStoreException Throws when error occurred while getting the user list. + */ + private void resolveUniqueUsersForUserStoreByClaims(String loginAttribute, List allowedAttributes, + ClaimManager claimManager, + UniqueIDUserStoreManager userStoreManager, + List resolvedUserResults) + throws UserStoreException { + + Set uniqueUserIds = new HashSet<>(); + + for (String claimURI : allowedAttributes) { + Claim claim = claimManager.getClaim(claimURI); + if (claim == null || StringUtils.isBlank(claim.getRegEx())) { + continue; + } + + Pattern pattern = Pattern.compile(claim.getRegEx()); + String domainSeparateAttribute = UserCoreUtil.removeDomainFromName(loginAttribute); + + if (pattern.matcher(domainSeparateAttribute).matches()) { + List userList = userStoreManager.getUserListWithID(claimURI, loginAttribute, null); + if (userList.isEmpty()) { + continue; + } + // This is to make sure that the same user is not added to the list multiple times from different claims. + List allowedDistinctUsersForClaim = userList.stream() + .filter(user -> uniqueUserIds.add(user.getUserID())) + .collect(Collectors.toList()); + + setPossibleUserResult(allowedDistinctUsersForClaim, claimURI, loginAttribute, resolvedUserResults); + } + } + } + + /** + * This method is used to set the possible user result. + * + * @param userList List of users. + * @param claimURI Claim URI. + * @param loginAttribute Login attribute. + * @param possibleUserResult List of possible user results. + * @throws org.wso2.carbon.user.core.UserStoreException Throws when error occurred while getting the user list. + */ + private void setPossibleUserResult(List userList, String claimURI, + String loginAttribute, List possibleUserResult) + throws org.wso2.carbon.user.core.UserStoreException { + + for (User user : userList) { + ResolvedUserResult resolvedUserResult = new ResolvedUserResult(ResolvedUserResult.UserResolvedStatus.FAIL); + resolvedUserResult.setResolvedStatus(ResolvedUserResult.UserResolvedStatus.SUCCESS); + resolvedUserResult.setResolvedClaim(claimURI); + resolvedUserResult.setResolvedValue(loginAttribute); + user.setUsername(user.getDomainQualifiedUsername()); + resolvedUserResult.setUser(user); + possibleUserResult.add(resolvedUserResult); + } + } } diff --git a/components/org.wso2.carbon.identity.multi.attribute.login/org.wso2.carbon.identity.multi.attribute.login.service/src/main/java/org/wso2/carbon/identity/multi/attribute/login/service/MultiAttributeLoginServiceServiceImpl.java b/components/org.wso2.carbon.identity.multi.attribute.login/org.wso2.carbon.identity.multi.attribute.login.service/src/main/java/org/wso2/carbon/identity/multi/attribute/login/service/MultiAttributeLoginServiceServiceImpl.java index 0dc0545853..f006505d2f 100644 --- a/components/org.wso2.carbon.identity.multi.attribute.login/org.wso2.carbon.identity.multi.attribute.login.service/src/main/java/org/wso2/carbon/identity/multi/attribute/login/service/MultiAttributeLoginServiceServiceImpl.java +++ b/components/org.wso2.carbon.identity.multi.attribute.login/org.wso2.carbon.identity.multi.attribute.login.service/src/main/java/org/wso2/carbon/identity/multi/attribute/login/service/MultiAttributeLoginServiceServiceImpl.java @@ -149,4 +149,25 @@ public ResolvedUserResult resolveUser(String loginIdentifierValue, String tenant } return resolvedUserResult; } + + /** + * This method is used to resolve possible users from given login identifier. + * + * @param loginIdentifierValue User entered login identifier value. + * @param tenantDomain User tenant domain. + * @return List of ResolvedUserResult objects with possible users with their resolved login identifier claim. + */ + @Override + public List resolvePossibleUsers(String loginIdentifierValue, String tenantDomain) { + + List resolvedUserResults = null; + if (StringUtils.isNotBlank(loginIdentifierValue) && StringUtils.isNotBlank(tenantDomain)) { + List allowedAttributes = getAllowedClaimsForTenant(tenantDomain); + resolvedUserResults = MultiAttributeLoginDataHolder.getInstance().getMultiAttributeLoginResolver(). + resolvePossibleUsers(loginIdentifierValue, allowedAttributes, tenantDomain); + } + return resolvedUserResults; + } + + } From fbdab4d62097b1dbcc59a962c2429b3bc20692b0 Mon Sep 17 00:00:00 2001 From: Madhavi Gayathri <47152272+mpmadhavig@users.noreply.github.com> Date: Mon, 9 Oct 2023 04:53:40 +0000 Subject: [PATCH 2/3] Update components/org.wso2.carbon.identity.multi.attribute.login/org.wso2.carbon.identity.multi.attribute.login.resolver.regex/src/main/java/org/wso2/carbon/identity/multi/attribute/login/resolver/regex/RegexResolver.java Co-authored-by: Sahan Dilshan <32576163+sahandilshan@users.noreply.github.com> --- .../multi/attribute/login/resolver/regex/RegexResolver.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/components/org.wso2.carbon.identity.multi.attribute.login/org.wso2.carbon.identity.multi.attribute.login.resolver.regex/src/main/java/org/wso2/carbon/identity/multi/attribute/login/resolver/regex/RegexResolver.java b/components/org.wso2.carbon.identity.multi.attribute.login/org.wso2.carbon.identity.multi.attribute.login.resolver.regex/src/main/java/org/wso2/carbon/identity/multi/attribute/login/resolver/regex/RegexResolver.java index 6a7f472787..3d8939abfa 100644 --- a/components/org.wso2.carbon.identity.multi.attribute.login/org.wso2.carbon.identity.multi.attribute.login.resolver.regex/src/main/java/org/wso2/carbon/identity/multi/attribute/login/resolver/regex/RegexResolver.java +++ b/components/org.wso2.carbon.identity.multi.attribute.login/org.wso2.carbon.identity.multi.attribute.login.resolver.regex/src/main/java/org/wso2/carbon/identity/multi/attribute/login/resolver/regex/RegexResolver.java @@ -92,7 +92,7 @@ public List resolvePossibleUsers(String loginAttribute, List resolvedUserResults); /* - resolve user if allowed attributes has only username claim, + Resolve user if allowed attributes has only username claim, but username claim has no configured regex pattern. */ if (allowedAttributes.size() == 1 && resolvedUserResults.isEmpty() && From fa69f8d542337b56f2fde44f53c7875226c8cc96 Mon Sep 17 00:00:00 2001 From: Madhavi Gayathri <47152272+mpmadhavig@users.noreply.github.com> Date: Mon, 9 Oct 2023 04:53:50 +0000 Subject: [PATCH 3/3] Update components/org.wso2.carbon.identity.multi.attribute.login/org.wso2.carbon.identity.multi.attribute.login.service/src/main/java/org/wso2/carbon/identity/multi/attribute/login/service/MultiAttributeLoginServiceServiceImpl.java Co-authored-by: Sahan Dilshan <32576163+sahandilshan@users.noreply.github.com> --- .../login/service/MultiAttributeLoginServiceServiceImpl.java | 2 -- 1 file changed, 2 deletions(-) diff --git a/components/org.wso2.carbon.identity.multi.attribute.login/org.wso2.carbon.identity.multi.attribute.login.service/src/main/java/org/wso2/carbon/identity/multi/attribute/login/service/MultiAttributeLoginServiceServiceImpl.java b/components/org.wso2.carbon.identity.multi.attribute.login/org.wso2.carbon.identity.multi.attribute.login.service/src/main/java/org/wso2/carbon/identity/multi/attribute/login/service/MultiAttributeLoginServiceServiceImpl.java index f006505d2f..aeae0ceb15 100644 --- a/components/org.wso2.carbon.identity.multi.attribute.login/org.wso2.carbon.identity.multi.attribute.login.service/src/main/java/org/wso2/carbon/identity/multi/attribute/login/service/MultiAttributeLoginServiceServiceImpl.java +++ b/components/org.wso2.carbon.identity.multi.attribute.login/org.wso2.carbon.identity.multi.attribute.login.service/src/main/java/org/wso2/carbon/identity/multi/attribute/login/service/MultiAttributeLoginServiceServiceImpl.java @@ -168,6 +168,4 @@ public List resolvePossibleUsers(String loginIdentifierValue } return resolvedUserResults; } - - }