yujunjun/OpenMetadata
1
0
Fork 0
mirror of https://github.com/open-metadata/OpenMetadata.git synced 2025-09-16 12:33:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix lookup issue in case the provided username with email does not ex… (#12283)

Browse Source 
* fix lookup issue in case the provided username with email does not exist in the system

* typo
This commit is contained in:
Mohit Yadav 2023-07-05 10:41:23 +05:30 committed by GitHub
parent 4f2831f3bb
commit 0ae716a791
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
6 changed files with 44 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
openmetadata-service/src/main/java/org/openmetadata/service/jdbi3/CollectionDAO.java
View File

@ -2775,6 +2775,9 @@ public interface CollectionDAO {
@ConnectionAwareSqlQuery(value = "SELECT count(*) FROM user_entity WHERE email = :email", connectionType = MYSQL) @ConnectionAwareSqlQuery(value = "SELECT count(*) FROM user_entity WHERE email = :email", connectionType = MYSQL)
@ConnectionAwareSqlQuery(value = "SELECT count(*) FROM user_entity WHERE email = :email", connectionType = POSTGRES) @ConnectionAwareSqlQuery(value = "SELECT count(*) FROM user_entity WHERE email = :email", connectionType = POSTGRES)
int checkEmailExists(@Bind("email") String email); int checkEmailExists(@Bind("email") String email);
@SqlQuery("SELECT json FROM user_entity WHERE email = :email")
String findUserByEmail(@Bind("email") String email);
} }
interface ChangeEventDAO { interface ChangeEventDAO {

9
openmetadata-service/src/main/java/org/openmetadata/service/jdbi3/UserRepository.java
View File

@ -49,6 +49,7 @@ import org.openmetadata.schema.utils.EntityInterfaceUtil;
import org.openmetadata.service.Entity; import org.openmetadata.service.Entity;
import org.openmetadata.service.OpenMetadataApplicationConfig; import org.openmetadata.service.OpenMetadataApplicationConfig;
import org.openmetadata.service.exception.CatalogExceptionMessage; import org.openmetadata.service.exception.CatalogExceptionMessage;
import org.openmetadata.service.exception.EntityNotFoundException;
import org.openmetadata.service.jdbi3.CollectionDAO.EntityRelationshipRecord; import org.openmetadata.service.jdbi3.CollectionDAO.EntityRelationshipRecord;
import org.openmetadata.service.resources.teams.UserResource; import org.openmetadata.service.resources.teams.UserResource;
import org.openmetadata.service.secrets.SecretsManager; import org.openmetadata.service.secrets.SecretsManager;
@ -87,6 +88,14 @@ public class UserRepository extends EntityRepository<User> {
return super.getByName(uriInfo, EntityInterfaceUtil.quoteName(name), fields); return super.getByName(uriInfo, EntityInterfaceUtil.quoteName(name), fields);
} }
public User getByEmail(UriInfo uriInfo, String email, Fields fields) throws IOException {
String userString = ((CollectionDAO.UserDAO) dao).findUserByEmail(email);
if (userString == null) {
throw EntityNotFoundException.byMessage(CatalogExceptionMessage.entityNotFound(USER, email));
}
return withHref(uriInfo, setFieldsInternal(JsonUtils.readValue(userString, User.class), fields));
}
/** Ensures that the default roles are added for POST, PUT and PATCH operations. */ /** Ensures that the default roles are added for POST, PUT and PATCH operations. */
@Override @Override
public void prepare(User user) throws IOException { public void prepare(User user) throws IOException {

5
openmetadata-service/src/main/java/org/openmetadata/service/security/auth/AuthenticatorHandler.java
View File

@ -31,9 +31,10 @@ public interface AuthenticatorHandler {
void checkIfLoginBlocked(String userName); void checkIfLoginBlocked(String userName);
void recordFailedLoginAttempt(User user) throws TemplateException, IOException; void recordFailedLoginAttempt(String providedIdentity, User user) throws TemplateException, IOException;
void validatePassword(User storedUser, String reqPassword) throws TemplateException, IOException; void validatePassword(String providedIdentity, User storedUser, String reqPassword)
throws TemplateException, IOException;
User lookUserInProvider(String userName); User lookUserInProvider(String userName);

32
openmetadata-service/src/main/java/org/openmetadata/service/security/auth/BasicAuthenticator.java
View File

@ -422,11 +422,10 @@ public class BasicAuthenticator implements AuthenticatorHandler {
@Override @Override
public JwtResponse loginUser(LoginRequest loginRequest) throws IOException, TemplateException { public JwtResponse loginUser(LoginRequest loginRequest) throws IOException, TemplateException {
String userName = String userName = loginRequest.getEmail();
loginRequest.getEmail().contains("@") ? loginRequest.getEmail().split("@")[0] : loginRequest.getEmail();
checkIfLoginBlocked(userName); checkIfLoginBlocked(userName);
User storedUser = lookUserInProvider(userName); User storedUser = lookUserInProvider(userName);
validatePassword(storedUser, loginRequest.getPassword()); validatePassword(userName, storedUser, loginRequest.getPassword());
return getJwtResponse(storedUser, loginConfiguration.getJwtTokenExpiryTime()); return getJwtResponse(storedUser, loginConfiguration.getJwtTokenExpiryTime());
} }
@ -438,9 +437,9 @@ public class BasicAuthenticator implements AuthenticatorHandler {
} }
@Override @Override
public void recordFailedLoginAttempt(User storedUser) throws TemplateException, IOException { public void recordFailedLoginAttempt(String providedIdentity, User storedUser) throws TemplateException, IOException {
loginAttemptCache.recordFailedLogin(storedUser.getName()); loginAttemptCache.recordFailedLogin(providedIdentity);
int failedLoginAttempt = loginAttemptCache.getUserFailedLoginCount(storedUser.getName()); int failedLoginAttempt = loginAttemptCache.getUserFailedLoginCount(providedIdentity);
if (failedLoginAttempt == loginConfiguration.getMaxLoginFailAttempts()) { if (failedLoginAttempt == loginConfiguration.getMaxLoginFailAttempts()) {
EmailUtil.getInstance() EmailUtil.getInstance()
.sendAccountStatus( .sendAccountStatus(
@ -452,7 +451,8 @@ public class BasicAuthenticator implements AuthenticatorHandler {
} }
} }
public void validatePassword(User storedUser, String reqPassword) throws TemplateException, IOException { public void validatePassword(String providedIdentity, User storedUser, String reqPassword)
throws TemplateException, IOException {
// when basic auth is enabled and the user is created through the API without password, the stored auth mechanism // when basic auth is enabled and the user is created through the API without password, the stored auth mechanism
// for the user is null // for the user is null
if (storedUser.getAuthenticationMechanism() == null) { if (storedUser.getAuthenticationMechanism() == null) {
@ -464,18 +464,26 @@ public class BasicAuthenticator implements AuthenticatorHandler {
String storedHashPassword = storedData.get("password"); String storedHashPassword = storedData.get("password");
if (!BCrypt.verifyer().verify(reqPassword.toCharArray(), storedHashPassword).verified) { if (!BCrypt.verifyer().verify(reqPassword.toCharArray(), storedHashPassword).verified) {
// record Failed Login Attempts // record Failed Login Attempts
recordFailedLoginAttempt(storedUser); recordFailedLoginAttempt(providedIdentity, storedUser);
throw new AuthenticationException(INVALID_USERNAME_PASSWORD); throw new AuthenticationException(INVALID_USERNAME_PASSWORD);
} }
} }
@Override @Override
public User lookUserInProvider(String userName) { public User lookUserInProvider(String userName) {
User storedUser; User storedUser = null;
try { try {
storedUser = if (userName.contains("@")) {
userRepository.getByName( // lookup by User Email
null, userName, new EntityUtil.Fields(List.of(USER_PROTECTED_FIELDS), USER_PROTECTED_FIELDS)); storedUser =
userRepository.getByEmail(
null, userName, new EntityUtil.Fields(List.of(USER_PROTECTED_FIELDS), USER_PROTECTED_FIELDS));
} else {
storedUser =
userRepository.getByName(
null, userName, new EntityUtil.Fields(List.of(USER_PROTECTED_FIELDS), USER_PROTECTED_FIELDS));
}
if (storedUser != null && Boolean.TRUE.equals(storedUser.getIsBot())) { if (storedUser != null && Boolean.TRUE.equals(storedUser.getIsBot())) {
throw new CustomExceptionMessage(BAD_REQUEST, INVALID_USERNAME_PASSWORD); throw new CustomExceptionMessage(BAD_REQUEST, INVALID_USERNAME_PASSWORD);
} }

13
openmetadata-service/src/main/java/org/openmetadata/service/security/auth/LdapAuthenticator.java
View File

@ -116,7 +116,7 @@ public class LdapAuthenticator implements AuthenticatorHandler {
public JwtResponse loginUser(LoginRequest loginRequest) throws IOException, TemplateException { public JwtResponse loginUser(LoginRequest loginRequest) throws IOException, TemplateException {
checkIfLoginBlocked(loginRequest.getEmail()); checkIfLoginBlocked(loginRequest.getEmail());
User storedUser = lookUserInProvider(loginRequest.getEmail()); User storedUser = lookUserInProvider(loginRequest.getEmail());
validatePassword(storedUser, loginRequest.getPassword()); validatePassword(loginRequest.getEmail(), storedUser, loginRequest.getPassword());
User omUser = checkAndCreateUser(loginRequest.getEmail()); User omUser = checkAndCreateUser(loginRequest.getEmail());
return getJwtResponse(omUser, loginConfiguration.getJwtTokenExpiryTime()); return getJwtResponse(omUser, loginConfiguration.getJwtTokenExpiryTime());
} }
@ -139,9 +139,9 @@ public class LdapAuthenticator implements AuthenticatorHandler {
} }
@Override @Override
public void recordFailedLoginAttempt(User storedUser) throws TemplateException, IOException { public void recordFailedLoginAttempt(String providedIdentity, User storedUser) throws TemplateException, IOException {
loginAttemptCache.recordFailedLogin(storedUser.getName()); loginAttemptCache.recordFailedLogin(providedIdentity);
int failedLoginAttempt = loginAttemptCache.getUserFailedLoginCount(storedUser.getName()); int failedLoginAttempt = loginAttemptCache.getUserFailedLoginCount(providedIdentity);
if (failedLoginAttempt == loginConfiguration.getMaxLoginFailAttempts()) { if (failedLoginAttempt == loginConfiguration.getMaxLoginFailAttempts()) {
EmailUtil.getInstance() EmailUtil.getInstance()
.sendAccountStatus( .sendAccountStatus(
@ -154,7 +154,8 @@ public class LdapAuthenticator implements AuthenticatorHandler {
} }
@Override @Override
public void validatePassword(User storedUser, String reqPassword) throws TemplateException, IOException { public void validatePassword(String providedIdentity, User storedUser, String reqPassword)
throws TemplateException, IOException {
// performed in LDAP , the storedUser's name set as DN of the User in Ldap // performed in LDAP , the storedUser's name set as DN of the User in Ldap
BindResult bindingResult = null; BindResult bindingResult = null;
try { try {
@ -165,7 +166,7 @@ public class LdapAuthenticator implements AuthenticatorHandler {
} catch (Exception ex) { } catch (Exception ex) {
if (bindingResult != null if (bindingResult != null
&& Objects.equals(bindingResult.getResultCode().getName(), ResultCode.INVALID_CREDENTIALS.getName())) { && Objects.equals(bindingResult.getResultCode().getName(), ResultCode.INVALID_CREDENTIALS.getName())) {
recordFailedLoginAttempt(storedUser); recordFailedLoginAttempt(providedIdentity, storedUser);
throw new CustomExceptionMessage(UNAUTHORIZED, INVALID_EMAIL_PASSWORD); throw new CustomExceptionMessage(UNAUTHORIZED, INVALID_EMAIL_PASSWORD);
} }
} }

4
openmetadata-service/src/main/java/org/openmetadata/service/security/auth/NoopAuthenticator.java
View File

@ -27,12 +27,12 @@ public class NoopAuthenticator implements AuthenticatorHandler {
} }
@Override @Override
public void recordFailedLoginAttempt(User user) { public void recordFailedLoginAttempt(String providedIdentity, User user) {
throw new CustomExceptionMessage(Response.Status.FORBIDDEN, FORBIDDEN_AUTHENTICATOR_OP); throw new CustomExceptionMessage(Response.Status.FORBIDDEN, FORBIDDEN_AUTHENTICATOR_OP);
} }
@Override @Override
public void validatePassword(User storedUser, String reqPassword) { public void validatePassword(String providedIdentity, User storedUser, String reqPassword) {
throw new CustomExceptionMessage(Response.Status.FORBIDDEN, FORBIDDEN_AUTHENTICATOR_OP); throw new CustomExceptionMessage(Response.Status.FORBIDDEN, FORBIDDEN_AUTHENTICATOR_OP);
} }