streampark-console/streampark-console-service/src/main/java/org/apache/streampark/console/system/security/impl/AuthenticatorImpl.java - incubator-streampark - Git at Google

 /*
  * Licensed to the Apache Software Foundation (ASF) under one or more
  * contributor license agreements.  See the NOTICE file distributed with
  * this work for additional information regarding copyright ownership.
  * The ASF licenses this file to You under the Apache License, Version 2.0
  * (the "License"); you may not use this file except in compliance with
  * the License.  You may obtain a copy of the License at
  *
  *    http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */

 package org.apache.streampark.console.system.security.impl;

 import org.apache.streampark.console.base.exception.ApiAlertException;
 import org.apache.streampark.console.base.util.ShaHashUtils;
 import org.apache.streampark.console.core.enums.LoginTypeEnum;
 import org.apache.streampark.console.core.enums.UserTypeEnum;
 import org.apache.streampark.console.system.entity.User;
 import org.apache.streampark.console.system.security.Authenticator;
 import org.apache.streampark.console.system.service.UserService;

 import org.apache.commons.lang3.StringUtils;

 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Component;

 import java.util.Date;

 @Component
 public class AuthenticatorImpl implements Authenticator {
   @Autowired private UserService usersService;
   @Autowired private LdapService ldapService;

   @Override
   public User authenticate(String username, String password, String loginType) throws Exception {
     LoginTypeEnum loginTypeEnum = LoginTypeEnum.of(loginType);

     ApiAlertException.throwIfNull(
         loginTypeEnum, String.format("the login type [%s] is not supported.", loginType));

     switch (loginTypeEnum) {
       case PASSWORD:
         return passwordAuthenticate(username, password);
       case LDAP:
         return ldapAuthenticate(username, password);
       case SSO:
         return ssoAuthenticate(username);
       default:
         throw new ApiAlertException(
             String.format("the login type [%s] is not supported.", loginType));
     }
   }

   private User passwordAuthenticate(String username, String password) {
     User user = usersService.getByUsername(username);

     ApiAlertException.throwIfNull(user, String.format("User [%s] does not exist", username));

     ApiAlertException.throwIfTrue(
         user.getLoginType() != LoginTypeEnum.PASSWORD,
         "user [%s] can not login with PASSWORD",
         username);

     String salt = user.getSalt();
     password = ShaHashUtils.encrypt(salt, password);

     ApiAlertException.throwIfFalse(
         StringUtils.equals(user.getPassword(), password), "Incorrect password");

     return user;
   }

   private User ldapAuthenticate(String username, String password) throws Exception {
     boolean ldapLoginStatus = ldapService.ldapLogin(username, password);
     if (!ldapLoginStatus) {
       return null;
     }
     // check if user exist
     User user = usersService.getByUsername(username);

     if (user != null) {
       ApiAlertException.throwIfTrue(
           user.getLoginType() != LoginTypeEnum.LDAP,
           "user [%s] can only sign in with %s",
           username,
           user.getLoginType());

       return user;
     }
     return this.newUserCreate(LoginTypeEnum.LDAP, username);
   }

   private User ssoAuthenticate(String username) throws Exception {
     // check if user exist
     User user = usersService.getByUsername(username);

     if (user != null) {
       ApiAlertException.throwIfTrue(
           user.getLoginType() != LoginTypeEnum.SSO,
           "user [%s] can only sign in with %s",
           username,
           user.getLoginType());
       return user;
     }

     return this.newUserCreate(LoginTypeEnum.SSO, username);
   }

   private User newUserCreate(LoginTypeEnum loginTypeEnum, String username) throws Exception {
     User newUser = new User();
     Date date = new Date();
     newUser.setCreateTime(date);
     newUser.setModifyTime(date);
     newUser.setUsername(username);
     newUser.setNickName(username);
     newUser.setLoginType(loginTypeEnum);
     newUser.setUserType(UserTypeEnum.USER);
     newUser.setStatus(User.STATUS_VALID);
     newUser.setSex(User.SEX_UNKNOWN);
     usersService.createUser(newUser);
     return newUser;
   }
 }
	/*
	* Licensed to the Apache Software Foundation (ASF) under one or more
	* contributor license agreements. See the NOTICE file distributed with
	* this work for additional information regarding copyright ownership.
	* The ASF licenses this file to You under the Apache License, Version 2.0
	* (the "License"); you may not use this file except in compliance with
	* the License. You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing, software
	* distributed under the License is distributed on an "AS IS" BASIS,
	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	* See the License for the specific language governing permissions and
	* limitations under the License.
	*/

	package org.apache.streampark.console.system.security.impl;

	import org.apache.streampark.console.base.exception.ApiAlertException;
	import org.apache.streampark.console.base.util.ShaHashUtils;
	import org.apache.streampark.console.core.enums.LoginTypeEnum;
	import org.apache.streampark.console.core.enums.UserTypeEnum;
	import org.apache.streampark.console.system.entity.User;
	import org.apache.streampark.console.system.security.Authenticator;
	import org.apache.streampark.console.system.service.UserService;

	import org.apache.commons.lang3.StringUtils;

	import org.springframework.beans.factory.annotation.Autowired;
	import org.springframework.stereotype.Component;

	import java.util.Date;

	@Component
	public class AuthenticatorImpl implements Authenticator {
	@Autowired private UserService usersService;
	@Autowired private LdapService ldapService;

	@Override
	public User authenticate(String username, String password, String loginType) throws Exception {
	LoginTypeEnum loginTypeEnum = LoginTypeEnum.of(loginType);

	ApiAlertException.throwIfNull(
	loginTypeEnum, String.format("the login type [%s] is not supported.", loginType));

	switch (loginTypeEnum) {
	case PASSWORD:
	return passwordAuthenticate(username, password);
	case LDAP:
	return ldapAuthenticate(username, password);
	case SSO:
	return ssoAuthenticate(username);
	default:
	throw new ApiAlertException(
	String.format("the login type [%s] is not supported.", loginType));
	}
	}

	private User passwordAuthenticate(String username, String password) {
	User user = usersService.getByUsername(username);

	ApiAlertException.throwIfNull(user, String.format("User [%s] does not exist", username));

	ApiAlertException.throwIfTrue(
	user.getLoginType() != LoginTypeEnum.PASSWORD,
	"user [%s] can not login with PASSWORD",
	username);

	String salt = user.getSalt();
	password = ShaHashUtils.encrypt(salt, password);

	ApiAlertException.throwIfFalse(
	StringUtils.equals(user.getPassword(), password), "Incorrect password");

	return user;
	}

	private User ldapAuthenticate(String username, String password) throws Exception {
	boolean ldapLoginStatus = ldapService.ldapLogin(username, password);
	if (!ldapLoginStatus) {
	return null;
	}
	// check if user exist
	User user = usersService.getByUsername(username);

	if (user != null) {
	ApiAlertException.throwIfTrue(
	user.getLoginType() != LoginTypeEnum.LDAP,
	"user [%s] can only sign in with %s",
	username,
	user.getLoginType());

	return user;
	}
	return this.newUserCreate(LoginTypeEnum.LDAP, username);
	}

	private User ssoAuthenticate(String username) throws Exception {
	// check if user exist
	User user = usersService.getByUsername(username);

	if (user != null) {
	ApiAlertException.throwIfTrue(
	user.getLoginType() != LoginTypeEnum.SSO,
	"user [%s] can only sign in with %s",
	username,
	user.getLoginType());
	return user;
	}

	return this.newUserCreate(LoginTypeEnum.SSO, username);
	}

	private User newUserCreate(LoginTypeEnum loginTypeEnum, String username) throws Exception {
	User newUser = new User();
	Date date = new Date();
	newUser.setCreateTime(date);
	newUser.setModifyTime(date);
	newUser.setUsername(username);
	newUser.setNickName(username);
	newUser.setLoginType(loginTypeEnum);
	newUser.setUserType(UserTypeEnum.USER);
	newUser.setStatus(User.STATUS_VALID);
	newUser.setSex(User.SEX_UNKNOWN);
	usersService.createUser(newUser);
	return newUser;
	}
	}