Code review changes
Project: http://git-wip-us.apache.org/repos/asf/usergrid/repo Commit: http://git-wip-us.apache.org/repos/asf/usergrid/commit/f8d5713b Tree: http://git-wip-us.apache.org/repos/asf/usergrid/tree/f8d5713b Diff: http://git-wip-us.apache.org/repos/asf/usergrid/diff/f8d5713b Branch: refs/heads/apigee-sso-provider Commit: f8d5713b620a5f2df6379f4e9073fa9edbebdafa Parents: 6d88bcf Author: Ayesha Dastagiri <ayesha.am...@gmail.com> Authored: Tue Jul 26 14:09:06 2016 -0700 Committer: Ayesha Dastagiri <ayesha.am...@gmail.com> Committed: Tue Jul 26 14:09:06 2016 -0700 ---------------------------------------------------------------------- .../main/resources/usergrid-default.properties | 3 +++ .../rest/management/ManagementResource.java | 10 +++------- .../organizations/OrganizationsResource.java | 18 ++++++++++-------- .../cassandra/ManagementServiceImpl.java | 11 +++++------ 4 files changed, 21 insertions(+), 21 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/usergrid/blob/f8d5713b/stack/config/src/main/resources/usergrid-default.properties ---------------------------------------------------------------------- diff --git a/stack/config/src/main/resources/usergrid-default.properties b/stack/config/src/main/resources/usergrid-default.properties index 371b251..23da7e9 100644 --- a/stack/config/src/main/resources/usergrid-default.properties +++ b/stack/config/src/main/resources/usergrid-default.properties @@ -682,6 +682,9 @@ usergrid.test-account.admin-user.password=test # # +# Set a flag to allow public org registrations +usergrid.management.allow-public-registrations=true + # Set the requirements for activiation and confirmations usergrid.sysadmin.approve.users=false usergrid.sysadmin.approve.organizations=false http://git-wip-us.apache.org/repos/asf/usergrid/blob/f8d5713b/stack/rest/src/main/java/org/apache/usergrid/rest/management/ManagementResource.java ---------------------------------------------------------------------- diff --git a/stack/rest/src/main/java/org/apache/usergrid/rest/management/ManagementResource.java b/stack/rest/src/main/java/org/apache/usergrid/rest/management/ManagementResource.java index c5d7c77..285a22e 100644 --- a/stack/rest/src/main/java/org/apache/usergrid/rest/management/ManagementResource.java +++ b/stack/rest/src/main/java/org/apache/usergrid/rest/management/ManagementResource.java @@ -299,13 +299,9 @@ public class ManagementResource extends AbstractContextResource { if ( user == null ) { - - //if ( !me ) { // if not lightweight-auth, i.e. /management/me then... - - // make sure authentication is allowed considering - // external token validation configuration (UG Central SSO) - ensureAuthenticationAllowed( username, grant_type ); - // } + // make sure authentication is allowed considering + // external token validation configuration (UG Central SSO) + ensureAuthenticationAllowed( username, grant_type ); if ( authorization != null ) { http://git-wip-us.apache.org/repos/asf/usergrid/blob/f8d5713b/stack/rest/src/main/java/org/apache/usergrid/rest/management/organizations/OrganizationsResource.java ---------------------------------------------------------------------- diff --git a/stack/rest/src/main/java/org/apache/usergrid/rest/management/organizations/OrganizationsResource.java b/stack/rest/src/main/java/org/apache/usergrid/rest/management/organizations/OrganizationsResource.java index 823ebcc..b75ca60 100644 --- a/stack/rest/src/main/java/org/apache/usergrid/rest/management/organizations/OrganizationsResource.java +++ b/stack/rest/src/main/java/org/apache/usergrid/rest/management/organizations/OrganizationsResource.java @@ -40,8 +40,6 @@ import javax.ws.rs.core.MediaType; import javax.ws.rs.core.UriInfo; import java.util.*; -import static org.apache.usergrid.security.tokens.cassandra.TokenServiceImpl.USERGRID_EXTERNAL_PROVIDER_URL; - @Component( "org.apache.usergrid.rest.management.organizations.OrganizationsResource" ) @Scope( "prototype" ) @@ -187,12 +185,16 @@ public class OrganizationsResource extends AbstractContextResource { String email, String password, Map<String, Object> userProperties, Map<String, Object> orgProperties, String callback ) throws Exception { - if ( tokens.isExternalSSOProviderEnabled() ) { - //let superuser add an org even if external SSO Provider is enabled. - if(!userServiceAdmin(null) ) { // what should the username be ? - throw new IllegalArgumentException("Organization / Admin Users must be created via " + - properties.getProperty(USERGRID_EXTERNAL_PROVIDER_URL)); - } + // Providing no password in this request signifies that an existing admin users should be associated to the + // newly requested organization. + + // Always let the sysadmin create an org, but otherwise follow the behavior specified with + // the property 'usergrid.management.allow-public-registration' + if ( ( System.getProperty("usergrid.management.allow-public-registration") != null + && !Boolean.valueOf(System.getProperty("usergrid.management.allow-public-registration")) + && !userServiceAdmin(null) ) ) { + + throw new IllegalArgumentException("Public organization registration is disabled"); } Preconditions http://git-wip-us.apache.org/repos/asf/usergrid/blob/f8d5713b/stack/services/src/main/java/org/apache/usergrid/management/cassandra/ManagementServiceImpl.java ---------------------------------------------------------------------- diff --git a/stack/services/src/main/java/org/apache/usergrid/management/cassandra/ManagementServiceImpl.java b/stack/services/src/main/java/org/apache/usergrid/management/cassandra/ManagementServiceImpl.java index e8bf0ec..97febdf 100644 --- a/stack/services/src/main/java/org/apache/usergrid/management/cassandra/ManagementServiceImpl.java +++ b/stack/services/src/main/java/org/apache/usergrid/management/cassandra/ManagementServiceImpl.java @@ -549,20 +549,19 @@ public class ManagementServiceImpl implements ManagementService { return null; } - // irrespective of it being sso enabled or not , if its a super user request it will try to fetch user if no password is passed. - if(password == null && SubjectUtils.isServiceAdmin()){ + // sysadmin can omit password field in the request and that will try to fetch an existing admin user to + // associate to the requested organization + if((password == null || password.isEmpty()) && SubjectUtils.isServiceAdmin()){ user = getAdminUserByEmail(email); if(user == null ){ throw new IllegalArgumentException("Password should be sent in the request or should be a valid admin user email."); } } - else if(password == null ){ //for existing workflow. - throw new IllegalArgumentException("Password should be sent in the request."); - } if(user == null) { - if ((tokens.isExternalSSOProviderEnabled() && SubjectUtils.isServiceAdmin()) || areActivationChecksDisabled()) { + // if external SSO is enabled and we're adding a user to an org, auto activate the user + if (tokens.isExternalSSOProviderEnabled() || areActivationChecksDisabled()) { user = createAdminUserInternal(null, username, name, email, password, true, false, userProperties); } else { user = createAdminUserInternal(null, username, name, email, password, activated, disabled, userProperties);
