Changeset 37694


Ignore:
Timestamp:
2023-04-21T15:59:29+12:00 (12 months ago)
Author:
davidb
Message:

GoogleSignin Code now upgraded so a new Google user is auto-registered -- but with no groups assigned, so essentially a user account with no capabilities within the DL

File:
1 edited

Legend:

Unmodified
Added
Removed

  • main/trunk/greenstone3/src/java/org/greenstone/gsdl3/GoogleSigninJDBCRealm.java

    r37692 r37694  
    2424import java.sql.PreparedStatement;
    2525import java.sql.ResultSet;
     26import java.sql.Statement;
    2627import java.sql.SQLException;
    2728import java.util.Collections;
     
    316317        return null;
    317318    }
    318    
     319
     320
     321    /* Based on method addUser() in DerbyWrapper.java */
     322
     323    public boolean registerGoogleUser(String google_verified_email)
     324    {
     325    // Takes the details of a email-verified Google User who is signed in,
     326    // and creates a username in the Greenstone3 User database with minimal permissions
     327
     328    String USERS = org.greenstone.gsdl3.util.DerbyWrapper.USERS;
     329       
     330    String greenstone_username = google_verified_email;
     331    String greenstone_password = "";
     332    String accountstatus = "enabled";
     333    String comment = "Google verified-email Registered User Account";
     334   
     335    try {
     336            Connection dbConnection = open();
     337            if (dbConnection == null) {
     338        System.err.println("googleSigninJDBCRealm::registerGoogleUser(): failed to open connection to database");
     339        return false;
     340            }
     341       
     342        Statement state = dbConnection.createStatement();
     343        String sql_insert_user = "insert into " + USERS + " values ('" + greenstone_username + "', '" + greenstone_password + "', '" + accountstatus + "', '" + comment + "', '" + google_verified_email + "')";
     344       
     345        state.execute(sql_insert_user);
     346       
     347        dbConnection.commit();
     348        state.close();
     349    }
     350    catch (Throwable e) {
     351        System.out.println("exception thrown:");
     352        if (e instanceof SQLException) {
     353        SQLException sql_e =(SQLException)e;
     354
     355        // Inline version of printSQLError from DerbyWrapper
     356        while (sql_e != null) {
     357            System.out.println(sql_e.toString());
     358            sql_e = sql_e.getNextException();
     359        }
     360        }
     361        else {
     362        e.printStackTrace();
     363        }
     364       
     365        System.out.println("Error:" + e.getMessage());
     366        return false;
     367    }
     368   
     369    return true;
     370    }
     371
     372    /* Is the following needed anymore??? */
     373    /* XXXX */
    319374    protected String mapFromGoogleEmailToGreenstoneUser(String google_email)   
    320375    {
     
    324379    }
    325380       
    326     public String getGreenstoneUsernameFromGoogleTokenId(String googlesignin_id_token)
    327     {   
     381    public String[] getGreenstoneUsernameFromGoogleTokenId(String googlesignin_id_token)
     382    {
     383   
    328384    //System.err.println("**** GoogleSigninJDBCRealm::getGreenstoneUsernameFromGoogleTokenId():" + googlesignin_id_token);
    329385   
    330     String greenstone_username = null;
     386    String greenstone_username     = null;
     387    String google_verified_email   = null;
     388    String google_user_subject     = null;
    331389   
    332390    if (googlesignin_id_token != null) {
     
    349407           
    350408
     409            google_user_subject = google_user; // google user id??
     410           
    351411            if (verified) {
     412            google_verified_email = google_user_email;
    352413            greenstone_username = getUsernameFromEmail(google_user_email);
    353             if (greenstone_username == null) {
     414            if (greenstone_username == null) {             
    354415                System.err.println("Google login successful with verified email address '"+google_user_email+"' HOWEVER no matching email entry fround in Greenstone JDBC UserTable");
    355416            }
     
    375436   
    376437    //System.err.println("***** End of getGoogleSinginInfo()");
    377    
    378     return greenstone_username;
     438
     439    String[] return_info = new String[] { greenstone_username, google_verified_email, google_user_subject };
     440
     441    return return_info;
    379442    }
    380443
     
    398461       
    399462        // Google Client Token ID has been passed in as 'credentials'
    400         String greenstone_username = getGreenstoneUsernameFromGoogleTokenId(credentials);
    401 
     463        String[] google_to_greenstone_info = getGreenstoneUsernameFromGoogleTokenId(credentials);
     464        String greenstone_username   = google_to_greenstone_info[0];
     465        String google_verified_email = google_to_greenstone_info[1];
     466        String google_user_subject   = google_to_greenstone_info[2];
     467       
    402468        if (greenstone_username != null) {
    403469        System.err.println("**** Using the following username derived from verified Google email address as Greenstone3 username = '" + greenstone_username + "'");
     
    406472        }
    407473        else {
    408         System.err.println("GoogleSigninJDBCRealm::authenticate(): failed to match 'google_id_token' to valid Greenstone user account");
     474        System.err.println("GoogleSigninJDBCRealm::authenticate(): no existing match for 'google_id_token' to valid Greenstone user account");
     475        // Auto-register the Google user
     476        if (google_verified_email != null) {
     477            System.err.println("GoogleSigninJDBCRealm::authenticate(): auto registering Google verified-email account for " + google_verified_email);
     478            boolean register_status_ok = registerGoogleUser(google_verified_email);
     479
     480            if (register_status_ok) {
     481            // The google_verified_email is used as the greenstone username, to ensure it is unique
     482            principal = super.getPrincipal(google_verified_email);
     483            }
     484            else {
     485            System.err.println("GoogleSigninJDBCRealm::authenticate(): auto-registration failed");
     486            }
     487        }
     488        else {
     489            System.err.println("GoogleSigninJDBCRealm::authenticate(): Rejecting login attempt, account has a non-verified Google email address");
     490        }
    409491        }
    410492    }
    411493    else {
    412         // Regular Greenstone3 User Login case
    413         System.out.println("***> beginning normal authentication");
     494        // Regular Greenstone3 User Login case
     495        System.out.println("***> beginning normal authentication");
    414496        principal = super.authenticate(username,credentials);
    415497    }
Note: See TracChangeset for help on using the changeset viewer.