OPSMN-7000: Allowed super admins to disallow logins from users of a specific auth domain.

Author: vinayakapawar

WEB-INF/resources/com/krishagni/catissueplus/core/repository/hbm/AuthDomain.hbm.xml

@@ -17,6 +17,8 @@
 
     <many-to-one name="authProvider" column="PROVIDER_ID" cascade="all"/>
 
+    <property name="allowLogins" column="ALLOW_LOGINS" not-null="true" />
+
     <query name="getDomainByName">
       select
         d

WEB-INF/resources/db/12.1/schema.xml

@@ -25,4 +25,12 @@
       </column>
     </addColumn>
   </changeSet>
-</databaseChangeLog>
+
+  <changeSet author="vpawar" id="Auth domain property to specify whether logins are allowed from a specified domain">
+    <addColumn tableName="OS_AUTH_DOMAINS">
+      <column name="ALLOW_LOGINS" type="${boolean.type}" defaultValueBoolean="true">
+        <constraints nullable="false" />
+      </column>
+    </addColumn>
+  </changeSet>
+</databaseChangeLog>

WEB-INF/resources/errors/messages.properties

@@ -1468,6 +1468,7 @@ auth_imp_token_exp=Impersonated user token has expired.
 
 auth_otp_expired=User login OTP has expired.
 
+auth_domain_login_disabled=Login using the authentication domain {0} is disabled.
 
 ####################
 # DE forms Module

WEB-INF/src/com/krishagni/catissueplus/core/administrative/services/impl/UserServiceImpl.java

@@ -203,7 +203,12 @@ public UserDetails loadUserByUsername(String username)
 		int slashIdx = username.indexOf('/');
 		String loginName = slashIdx != -1 ? username.substring(0, slashIdx) : username;
 		String domain    = slashIdx != -1 ? username.substring(slashIdx + 1) : DEFAULT_AUTH_DOMAIN;
-		return daoFactory.getUserDao().getUser(loginName, domain);
+		User user = daoFactory.getUserDao().getUser(loginName, domain);
+		if (user != null && user.getAuthDomain() != null && !user.getAuthDomain().isAllowLogins()) {
+			throw OpenSpecimenException.userError(AuthErrorCode.DOMAIN_LOGIN_DISABLED, user.getAuthDomain().getName());
+		}
+
+		return user;
 	}
 
 	@Override
@@ -223,6 +228,9 @@ public Object loadUserBySAML(SAMLCredential credential)
 		// We should perhaps use SAML local entity ID
 		//
 		AuthDomain domain = daoFactory.getAuthDao().getAuthDomainByType("saml");
+		if (domain != null && !domain.isAllowLogins()) {
+			throw OpenSpecimenException.userError(AuthErrorCode.DOMAIN_LOGIN_DISABLED, domain.getName());
+		}
 
 		Map<String, String> props = domain.getAuthProvider().getProps();
 		String loginNameAttr = props.get("loginNameAttr");

WEB-INF/src/com/krishagni/catissueplus/core/auth/domain/AuthDomain.java

@@ -25,6 +25,9 @@ public class AuthDomain {
 
 	private AuthProvider authProvider;
 
+
+	private boolean allowLogins = true;
+
 	private String activityStatus;
 
 	public Long getId() {
@@ -55,6 +58,13 @@ public AuthenticationService getAuthProviderInstance() {
 		return getAuthProviderInstance(getAuthProvider());
 	}
 
+	public boolean isAllowLogins() {
+		return allowLogins;
+	}
+
+	public void setAllowLogins(boolean allowLogins) {
+		this.allowLogins = allowLogins;
+	}
 	public String getActivityStatus() {
 		return activityStatus;
 	}
@@ -65,6 +75,7 @@ public void setActivityStatus(String activityStatus) {
 
 	public void update(AuthDomain domain) {
 		setName(domain.getName());
+		setAllowLogins(domain.isAllowLogins());
 
 		Map<String, String> newProps = domain.getAuthProvider().getProps();
 		Map<String, String> oldProps = authProvider.getProps();

WEB-INF/src/com/krishagni/catissueplus/core/auth/domain/AuthErrorCode.java

@@ -23,7 +23,9 @@ public enum AuthErrorCode implements ErrorCode {
 
 	IMP_TOKEN_EXP,
 
-	OTP_EXPIRED;
+	OTP_EXPIRED,
+
+	DOMAIN_LOGIN_DISABLED;
 
 	@Override
 	public String code() {

WEB-INF/src/com/krishagni/catissueplus/core/auth/domain/factory/impl/DomainRegistrationFactoryImpl.java

@@ -13,10 +13,13 @@
 import com.krishagni.catissueplus.core.common.errors.ActivityStatusErrorCode;
 import com.krishagni.catissueplus.core.common.errors.ErrorType;
 import com.krishagni.catissueplus.core.common.errors.OpenSpecimenException;
+import com.krishagni.catissueplus.core.common.util.LogUtil;
 import com.krishagni.catissueplus.core.common.util.Status;
 
 public class DomainRegistrationFactoryImpl implements DomainRegistrationFactory {
 
+	private static final LogUtil logger = LogUtil.getLogger(DomainRegistrationFactoryImpl.class);
+
 	@Autowired
 	private DaoFactory daoFactory;
 
@@ -30,6 +33,7 @@ public AuthDomain createDomain(AuthDomainDetail input) {
 
 		AuthDomain domain = new AuthDomain();
 		setDomainName(input, domain, ose);
+		setAllowLogins(input, domain, ose);
 		setAuthProvider(input, domain, ose);
 		setActivityStatus(input, domain, ose);
 
@@ -45,6 +49,10 @@ private void setDomainName(AuthDomainDetail input, AuthDomain domain, OpenSpecim
 
 		domain.setName(domainName);
 	}
+
+	private void setAllowLogins(AuthDomainDetail input, AuthDomain domain, OpenSpecimenException ose) {
+		domain.setAllowLogins(input.isAllowLogins());
+	}
 
 	private void setAuthProvider(AuthDomainDetail detail, AuthDomain authDomain, OpenSpecimenException ose) {
 		String authType = detail.getAuthType();
@@ -79,6 +87,7 @@ private boolean isValidImplClass(String implClass) {
 			Class.forName(implClass).getDeclaredConstructor().newInstance();
 			return true;
 		} catch (Exception e) {
+			logger.error("Error validating the  authentication provider: " + implClass, e);
 			return false;
 		}
 	}

WEB-INF/src/com/krishagni/catissueplus/core/auth/events/AuthDomainDetail.java

@@ -51,6 +51,7 @@ public static AuthDomainDetail from(AuthDomain authDomain) {
 		AuthDomainDetail detail = new AuthDomainDetail();
 		detail.setId(authDomain.getId());
 		detail.setName(authDomain.getName());
+		detail.setAllowLogins(authDomain.isAllowLogins());
 		detail.setAuthType(authDomain.getAuthProvider().getAuthType());
 		detail.setImplClass(authDomain.getAuthProvider().getImplClass());
 		detail.setAuthProviderProps(authDomain.getAuthProvider().getProps());

WEB-INF/src/com/krishagni/catissueplus/core/auth/events/AuthDomainSummary.java

@@ -12,6 +12,8 @@ public class AuthDomainSummary {
 
 	private String type;
 
+	private boolean allowLogins = true;
+
 	public Long getId() {
 		return id;
 	}
@@ -36,11 +38,20 @@ public void setType(String type) {
 		this.type = type;
 	}
 
+	public boolean isAllowLogins() {
+		return allowLogins;
+	}
+
+	public void setAllowLogins(boolean allowLogins) {
+		this.allowLogins = allowLogins;
+	}
+
 	public static AuthDomainSummary from(AuthDomain domain) {
 		AuthDomainSummary summary = new AuthDomainSummary();
 		summary.setId(domain.getId());
 		summary.setName(domain.getName());
 		summary.setType(domain.getAuthProvider().getAuthType());
+		summary.setAllowLogins(domain.isAllowLogins());
 		return summary;
 	}
 

WEB-INF/src/com/krishagni/catissueplus/core/auth/services/impl/OpenSpecimenAuthServiceImpl.java

@@ -19,7 +19,11 @@ public class OpenSpecimenAuthServiceImpl implements AuthenticationService {
 
 	@Autowired
 	private AuthenticationManager authManager;
-	
+
+	public OpenSpecimenAuthServiceImpl() {
+
+	}
+
 	public OpenSpecimenAuthServiceImpl(Map<String, String> props) {
 
 	}