master to 6a8f831

bhaisaab Mon, 18 Aug 2014 02:42:07 -0700

Repository: cloudstack
Updated Branches:
  refs/heads/master a1d0925f9 -> 6a8f8317f



CLOUDSTACK-7361: Fix SAML2UserAuthenticator to not let every login credential

Signed-off-by: Rohit Yadav <rohit.ya...@shapeblue.com>


Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/6a8f8317
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/6a8f8317
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/6a8f8317

Branch: refs/heads/master
Commit: 6a8f8317fd88279b12a8fccc4bbdb313c53d720e
Parents: a1d0925
Author: Rohit Yadav <rohit.ya...@shapeblue.com>
Authored: Mon Aug 18 11:40:09 2014 +0200
Committer: Rohit Yadav <rohit.ya...@shapeblue.com>
Committed: Mon Aug 18 11:41:32 2014 +0200

----------------------------------------------------------------------
 .../cloudstack/SAML2UserAuthenticator.java      | 27 +++++++++++++++++---
 1 file changed, 23 insertions(+), 4 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cloudstack/blob/6a8f8317/plugins/user-authenticators/saml2/src/org/apache/cloudstack/SAML2UserAuthenticator.java
----------------------------------------------------------------------
diff --git 
a/plugins/user-authenticators/saml2/src/org/apache/cloudstack/SAML2UserAuthenticator.java
 
b/plugins/user-authenticators/saml2/src/org/apache/cloudstack/SAML2UserAuthenticator.java
index 4e1e795..4d4f1d3 100644
--- 
a/plugins/user-authenticators/saml2/src/org/apache/cloudstack/SAML2UserAuthenticator.java
+++ 
b/plugins/user-authenticators/saml2/src/org/apache/cloudstack/SAML2UserAuthenticator.java
@@ -16,25 +16,44 @@ package org.apache.cloudstack;
 
 import com.cloud.server.auth.DefaultUserAuthenticator;
 import com.cloud.server.auth.UserAuthenticator;
+import com.cloud.user.User;
+import com.cloud.user.UserAccount;
+import com.cloud.user.dao.UserAccountDao;
+import com.cloud.user.dao.UserDao;
 import com.cloud.utils.Pair;
 import org.apache.log4j.Logger;
 
 import javax.ejb.Local;
+import javax.inject.Inject;
 import java.util.Map;
 
 @Local(value = {UserAuthenticator.class})
 public class SAML2UserAuthenticator extends DefaultUserAuthenticator {
     public static final Logger s_logger = 
Logger.getLogger(SAML2UserAuthenticator.class);
 
+    @Inject
+    private UserAccountDao _userAccountDao;
+    @Inject
+    private UserDao _userDao;
+
     @Override
     public Pair<Boolean, ActionOnFailedAuthentication> authenticate(String 
username, String password, Long domainId, Map<String, Object[]> 
requestParameters) {
         if (s_logger.isDebugEnabled()) {
             s_logger.debug("Trying SAML2 auth for user: " + username);
         }
-
-        // TODO: implement core logic, HTTP GET redirections etc.
-
-        return new Pair<Boolean, ActionOnFailedAuthentication>(true, null);
+        final UserAccount userAccount = 
_userAccountDao.getUserAccount(username, domainId);
+        if (userAccount == null) {
+            s_logger.debug("Unable to find user with " + username + " in 
domain " + domainId);
+            return new Pair<Boolean, ActionOnFailedAuthentication>(false, 
null);
+        } else {
+            User user = _userDao.getUser(userAccount.getId());
+            // TODO: check SAMLRequest, signature etc. from requestParameters
+            if (user != null && user.getUuid().startsWith("saml")) {
+                return new Pair<Boolean, ActionOnFailedAuthentication>(true, 
null);
+            }
+        }
+        // Deny all by default
+        return new Pair<Boolean, ActionOnFailedAuthentication>(false, 
ActionOnFailedAuthentication.INCREMENT_INCORRECT_LOGIN_ATTEMPT_COUNT);
     }
 
     @Override

git commit: updated refs/heads/master to 6a8f831

Reply via email to