Browse code

BM-12685 Fix: set Auth-User to real login if POP and mail alias are used

Anthony Prades authored on 07/01/2018 15:53:38
Showing 2 changed files
... ...
@@ -14,4 +14,6 @@ Require-Bundle: net.bluemind.lib.vertx;bundle-version="1.0.0",
14 14
  net.bluemind.server.api,
15 15
  net.bluemind.config,
16 16
  net.bluemind.core.container.persistance,
17
- net.bluemind.core.rest.http.vertx;bundle-version="1.0.0"
17
+ net.bluemind.core.rest.http.vertx;bundle-version="1.0.0",
18
+ net.bluemind.domain.api,
19
+ net.bluemind.user.api
... ...
@@ -31,9 +31,14 @@ import io.netty.handler.codec.base64.Base64;
31 31
 import io.netty.handler.codec.base64.Base64Dialect;
32 32
 import net.bluemind.authentication.api.IAuthentication;
33 33
 import net.bluemind.authentication.api.ValidationKind;
34
+import net.bluemind.core.container.model.ItemValue;
34 35
 import net.bluemind.core.context.SecurityContext;
35 36
 import net.bluemind.core.rest.ServerSideServiceProvider;
37
+import net.bluemind.domain.api.Domain;
38
+import net.bluemind.domain.api.IDomains;
36 39
 import net.bluemind.locator.client.LocatorClient;
40
+import net.bluemind.user.api.IUser;
41
+import net.bluemind.user.api.User;
37 42
 
38 43
 public final class Nginx implements Handler<HttpServerRequest> {
39 44
 
... ...
@@ -47,7 +52,6 @@ public final class Nginx implements Handler<HttpServerRequest> {
47 47
 	@Override
48 48
 	public void handle(final HttpServerRequest req) {
49 49
 		req.endHandler(new Handler<Void>() {
50
-
51 50
 			@Override
52 51
 			public void handle(Void v) {
53 52
 				String latd = null;
... ...
@@ -55,8 +59,11 @@ public final class Nginx implements Handler<HttpServerRequest> {
55 55
 					long time = System.currentTimeMillis();
56 56
 					MultiMap headers = req.headers();
57 57
 					latd = decode(headers.get("Auth-User"));
58
+					String backendLatd = latd;
59
+
58 60
 					String clientIp = headers.get("Client-IP");
59 61
 					String dstPort = headers.get("X-Auth-Port");
62
+					String protocol = headers.get("Auth-Protocol");
60 63
 					String codedPass = headers.get("Auth-Pass");
61 64
 					final String pass = decode(codedPass);
62 65
 
... ...
@@ -70,9 +77,13 @@ public final class Nginx implements Handler<HttpServerRequest> {
70 70
 						respHeaders.add("Auth-Status", "OK");
71 71
 						respHeaders.add("Auth-Server", srv);
72 72
 						respHeaders.add("Auth-Port", dstPort);
73
+
74
+						backendLatd = setBackendPop3Latd(respHeaders, backendLatd, latd, protocol);
75
+
73 76
 						req.response().end();
74 77
 						time = System.currentTimeMillis() - time;
75
-						logger.info("[{}][{}] will use cyrus backend {}, done in {}ms.", clientIp, latd, srv, time);
78
+						logger.info("[{}][{}][{}] will use cyrus backend {} using login [{}], done in {}ms.", clientIp,
79
+								protocol, latd, srv, backendLatd, time);
76 80
 					} else {
77 81
 						fail(latd, clientIp, resp);
78 82
 					}
... ...
@@ -81,6 +92,27 @@ public final class Nginx implements Handler<HttpServerRequest> {
81 81
 					fail(latd, "unknown", req.response());
82 82
 				}
83 83
 			}
84
+
85
+			private String setBackendPop3Latd(MultiMap respHeaders, String backendLatd, String latd, String protocol) {
86
+				if ("pop3".equals(protocol) && latd.contains("@")) {
87
+					String userDomain = latd.split("@")[1];
88
+					IDomains domainApi = ServerSideServiceProvider.getProvider(SecurityContext.SYSTEM)
89
+							.instance(IDomains.class);
90
+					ItemValue<Domain> domain = domainApi.findByNameOrAliases(userDomain);
91
+
92
+					if (domain != null && !domain.value.name.equals(userDomain)) {
93
+						IUser userApi = ServerSideServiceProvider.getProvider(SecurityContext.SYSTEM)
94
+								.instance(IUser.class, domain.uid);
95
+						ItemValue<User> user = userApi.byEmail(latd);
96
+						if (user != null) {
97
+							backendLatd = user.value.login + "@" + domain.value.name;
98
+							respHeaders.add("Auth-User", backendLatd);
99
+						}
100
+					}
101
+				}
102
+
103
+				return backendLatd;
104
+			}
84 105
 		});
85 106
 	}
86 107