ecomp-portal-BE-os/src/main/java/org/onap/portalapp/controller/LoginController.java

   1 /*-
   2  * ============LICENSE_START==========================================
   3  * ONAP Portal
   4  * ===================================================================
   5  * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
   6  * ===================================================================
   7  *
   8  * Unless otherwise specified, all software contained herein is licensed
   9  * under the Apache License, Version 2.0 (the "License");
  10  * you may not use this software except in compliance with the License.
  11  * You may obtain a copy of the License at
  12  *
  13  *             http://www.apache.org/licenses/LICENSE-2.0
  14  *
  15  * Unless required by applicable law or agreed to in writing, software
  16  * distributed under the License is distributed on an "AS IS" BASIS,
  17  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  18  * See the License for the specific language governing permissions and
  19  * limitations under the License.
  20  *
  21  * Unless otherwise specified, all documentation contained herein is licensed
  22  * under the Creative Commons License, Attribution 4.0 Intl. (the "License");
  23  * you may not use this documentation except in compliance with the License.
  24  * You may obtain a copy of the License at
  25  *
  26  *             https://creativecommons.org/licenses/by/4.0/
  27  *
  28  * Unless required by applicable law or agreed to in writing, documentation
  29  * distributed under the License is distributed on an "AS IS" BASIS,
  30  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  31  * See the License for the specific language governing permissions and
  32  * limitations under the License.
  33  *
  34  * ============LICENSE_END============================================
  35  *
  36  *
  37  */
  38 package org.onap.portalapp.controller;
  39
  40 import static com.att.eelf.configuration.Configuration.MDC_KEY_REQUEST_ID;
  41
  42 import java.io.IOException;
  43 import java.net.MalformedURLException;
  44 import java.net.URL;
  45 import java.net.URLDecoder;
  46 import java.util.Enumeration;
  47 import java.util.HashMap;
  48 import java.util.List;
  49 import java.util.Map;
  50 import java.util.UUID;
  51
  52 import javax.servlet.http.Cookie;
  53 import javax.servlet.http.HttpServletRequest;
  54 import javax.servlet.http.HttpServletResponse;
  55
  56 import org.apache.commons.lang.StringUtils;
  57 import org.json.JSONObject;
  58 import org.onap.portalapp.command.EPLoginBean;
  59 import org.onap.portalapp.portal.domain.SharedContext;
  60 import org.onap.portalapp.portal.service.EPLoginService;
  61 import org.onap.portalapp.portal.service.EPRoleFunctionService;
  62 import org.onap.portalapp.portal.service.SharedContextService;
  63 import org.onap.portalapp.portal.utils.EPCommonSystemProperties;
  64 import org.onap.portalapp.portal.utils.EPSystemProperties;
  65 import org.onap.portalapp.util.EPUserUtils;
  66 import org.onap.portalapp.util.SessionCookieUtil;
  67 import org.onap.portalsdk.core.logging.logic.EELFLoggerDelegate;
  68 import org.onap.portalsdk.core.menu.MenuProperties;
  69 import org.onap.portalsdk.core.util.SystemProperties;
  70 import org.slf4j.MDC;
  71 import org.springframework.beans.factory.annotation.Autowired;
  72 import org.springframework.http.HttpStatus;
  73 import org.springframework.stereotype.Controller;
  74 import org.springframework.util.StopWatch;
  75 import org.springframework.web.bind.annotation.ExceptionHandler;
  76 import org.springframework.web.bind.annotation.RequestMapping;
  77 import org.springframework.web.bind.annotation.RequestMethod;
  78 import org.springframework.web.bind.annotation.ResponseBody;
  79 import org.springframework.web.servlet.ModelAndView;
  80 import org.springframework.web.util.WebUtils;
  81
  82 import com.fasterxml.jackson.databind.DeserializationFeature;
  83 import com.fasterxml.jackson.databind.JsonNode;
  84 import com.fasterxml.jackson.databind.ObjectMapper;
  85
  86 @Controller
  87 @RequestMapping("/")
  88 public class LoginController extends EPUnRestrictedBaseController implements LoginService {
  89
  90         private EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(LoginController.class);
  91
  92         public static final String DEFAULT_SUCCESS_VIEW = "applicationsHome";
  93         public static final String DEFAULT_FAILURE_VIEW = "login";
  94         public static final String ERROR_MESSAGE_KEY = "error";
  95         public static final String REDIRECT_URL = "redirectUrl";
  96         public static final String REDIRECT_COLON = "redirect:";
  97
  98         @Autowired
  99         private EPLoginService loginService;
 100         @Autowired
 101         private SharedContextService sharedContextService;
 102         @Autowired
 103         private EPRoleFunctionService ePRoleFunctionService;
 104
 105         private String viewName = "login";
 106
 107         private String welcomeView;
 108
 109         @RequestMapping(value = { "/login.htm" }, method = RequestMethod.GET)
 110         public ModelAndView login(HttpServletRequest request) {
 111                 Map<String, Object> model = new HashMap<String, Object>();
 112                 String authentication = SystemProperties.getProperty(SystemProperties.AUTHENTICATION_MECHANISM);
 113                 String loginPage;
 114                 if (authentication == null || "".equals(authentication) || "OICD".equals(authentication.trim()))
 115                         loginPage = "openIdLogin";
 116                 else
 117                         loginPage = getViewName();
 118                 return new ModelAndView(loginPage, "model", model);
 119         }
 120
 121         @SuppressWarnings("rawtypes")
 122         @RequestMapping(value = { "/open_source/login" }, method = RequestMethod.POST)
 123         @ResponseBody
 124         public String loginValidate(HttpServletRequest request, HttpServletResponse response) throws Exception {
 125
 126                 ObjectMapper mapper = new ObjectMapper();
 127                 mapper.configure(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES, false);
 128                 JsonNode root = mapper.readTree(request.getReader());
 129
 130                 EPLoginBean commandBean = new EPLoginBean();
 131                 String loginId = root.get("loginId").textValue();
 132                 String password = root.get("password").textValue();
 133                 commandBean.setLoginId(loginId);
 134                 commandBean.setLoginPwd(password);
 135
 136                 HashMap additionalParamsMap = new HashMap();
 137                 StringBuilder sbAdditionalInfo = new StringBuilder();
 138
 139                 commandBean = getLoginService().findUser(commandBean,
 140                                 (String) request.getAttribute(MenuProperties.MENU_PROPERTIES_FILENAME_KEY), additionalParamsMap);
 141                 String fullURL = getFullURL(request);
 142                 if (commandBean.getUser() == null) {
 143                         String loginErrorMessage = (commandBean.getLoginErrorMessage() != null) ? commandBean.getLoginErrorMessage()
 144                                         : "login.error.external.invalid";
 145                         logger.info(EELFLoggerDelegate.debugLogger, "loginId {} does not exist in the the DB.", loginId);
 146                         sbAdditionalInfo.append(String.format("But the Login-Id: %s doesn't exist in the Database. Request-URL: %s",
 147                                         loginId, fullURL));
 148                         return loginErrorMessage;
 149                 } else {
 150                         // store the currently logged in user's information in the session
 151                         EPUserUtils.setUserSession(request, commandBean.getUser(), commandBean.getMenu(),
 152                                         commandBean.getBusinessDirectMenu(), ePRoleFunctionService);
 153
 154                         try {
 155                                 logger.info(EELFLoggerDelegate.debugLogger, "loginValidate: store user info into share context begins");
 156                                 String sessionId = request.getSession().getId();
 157                                 List<SharedContext> existingSC = getSharedContextService().getSharedContexts(sessionId);
 158                                 if (existingSC == null || existingSC.isEmpty()) {
 159                                         getSharedContextService().addSharedContext(sessionId, EPSystemProperties.USER_FIRST_NAME,
 160                                                         commandBean.getUser().getFirstName());
 161                                         getSharedContextService().addSharedContext(sessionId, EPSystemProperties.USER_LAST_NAME,
 162                                                         commandBean.getUser().getLastName());
 163                                         getSharedContextService().addSharedContext(sessionId, EPSystemProperties.USER_EMAIL,
 164                                                         commandBean.getUser().getEmail());
 165                                         getSharedContextService().addSharedContext(sessionId, EPSystemProperties.USER_ORG_USERID,
 166                                                         commandBean.getLoginId());
 167                                 }
 168
 169                         } catch (Exception e) {
 170                                 logger.info(EELFLoggerDelegate.errorLogger, "loginValidate: failed the shared context adding process ",
 171                                                 e);
 172                         }
 173                         logger.info(EELFLoggerDelegate.debugLogger,
 174                                         "loginValidate: PresetUp the EP service cookie and intial sessionManagement");
 175
 176                         SessionCookieUtil.preSetUp(request, response);
 177                         SessionCookieUtil.setUpUserIdCookie(request, response, loginId);
 178
 179                         JSONObject j = new JSONObject("{success: success}");
 180
 181                         return j.toString();
 182                 }
 183         }
 184
 185         /*
 186          * Work around a bug in ecompsdkos version 1.1.0 which hard-codes this endpoint.
 187          */
 188         @RequestMapping(value = { "/process_csp" }, method = RequestMethod.GET)
 189         public ModelAndView processCsp(HttpServletRequest request, HttpServletResponse response) throws Exception {
 190                 return processSingleSignOn(request, response);
 191         }
 192         /*
 193          * Remove this method after epsdk-app-common/.../SingleSignOnController.java is
 194          * repaired.
 195          */
 196
 197         @RequestMapping(value = { "/processSingleSignOn" }, method = RequestMethod.GET)
 198         public ModelAndView processSingleSignOn(HttpServletRequest request, HttpServletResponse response) throws Exception {
 199
 200                 Map<Object, Object> model = new HashMap<Object, Object>();
 201                 HashMap<Object, Object> additionalParamsMap = new HashMap<Object, Object>();
 202                 EPLoginBean commandBean = new EPLoginBean();
 203                 MDC.put(MDC_KEY_REQUEST_ID, (getRequestId(request)==null || getRequestId(request).isEmpty()) ? UUID.randomUUID().toString():getRequestId(request));
 204                 // get userId from cookie
 205                 String orgUserId = SessionCookieUtil.getUserIdFromCookie(request, response);
 206                 logger.info(EELFLoggerDelegate.debugLogger, "processSingleSignOn: begins with orgUserId {}", orgUserId);
 207
 208                 StringBuilder sbAdditionalInfo = new StringBuilder();
 209                 validateDomain(request);
 210                 if (orgUserId == null || orgUserId.length() == 0) {
 211                         model.put(ERROR_MESSAGE_KEY, SystemProperties.MESSAGE_KEY_LOGIN_ERROR_COOKIE_EMPTY);
 212                         if (request.getParameter(REDIRECT_URL) != null && request.getParameter(REDIRECT_URL).length() != 0) {
 213                                 return new ModelAndView(REDIRECT_COLON + DEFAULT_FAILURE_VIEW + ".htm" + "?redirectUrl="
 214                                                 + request.getParameter(REDIRECT_URL));
 215                         } else {
 216                                 return new ModelAndView(REDIRECT_COLON + DEFAULT_FAILURE_VIEW + ".htm");
 217                         }
 218                 } else {
 219
 220                         StopWatch stopWatch = new StopWatch("LoginController.Login");
 221                         stopWatch.start();
 222
 223                         try {
 224                                 logger.info(EELFLoggerDelegate.debugLogger,
 225                                                 "Operation findUser is started to locate user {}  in the database.", orgUserId);
 226                                 commandBean.setLoginId(orgUserId);
 227                                 commandBean.setOrgUserId(orgUserId);
 228                                 commandBean = getLoginService().findUser(commandBean,
 229                                                 (String) request.getAttribute(MenuProperties.MENU_PROPERTIES_FILENAME_KEY),
 230                                                 additionalParamsMap);
 231
 232                                 stopWatch.stop();
 233                                 MDC.put(EPSystemProperties.MDC_TIMER, String.valueOf(stopWatch.getTotalTimeMillis()));
 234                                 logger.info(EELFLoggerDelegate.debugLogger, "Operation findUser is completed.");
 235                         } catch (Exception e) {
 236                                 stopWatch.stop();
 237                                 MDC.put(EPSystemProperties.MDC_TIMER, String.valueOf(stopWatch.getTotalTimeMillis()));
 238                                 logger.info(EELFLoggerDelegate.errorLogger, "processSingleSignOn failed on user " + orgUserId, e);
 239                         } finally {
 240                                 MDC.remove(EPSystemProperties.MDC_TIMER);
 241                         }
 242
 243                         sbAdditionalInfo.append("Login attempt is succeeded. ");
 244                         String fullURL = getFullURL(request);
 245                         if (commandBean.getUser() == null) {
 246                                 logger.info(EELFLoggerDelegate.debugLogger,
 247                                                 "processSingleSignOn: loginId {} does not exist in the the DB.", orgUserId);
 248
 249                                 sbAdditionalInfo.append(String.format(
 250                                                 "But the Login-Id: %s doesn't exist in the Database. Created a Guest Session. Request-URL: %s",
 251                                                 orgUserId, fullURL));
 252                                 validateDomain(request);
 253                                 if (request.getParameter(REDIRECT_URL) != null && request.getParameter(REDIRECT_URL).length() != 0) {
 254                                         return new ModelAndView(REDIRECT_COLON + DEFAULT_FAILURE_VIEW + ".htm" + "?redirectUrl="
 255                                                         + request.getParameter(REDIRECT_URL));
 256                                 } else {
 257                                         return new ModelAndView(REDIRECT_COLON + DEFAULT_FAILURE_VIEW + ".htm");
 258                                 }
 259                         } else {
 260
 261                                 sbAdditionalInfo.append(
 262                                                 String.format("Login-Id: %s, Login-Method: %s, Request-URL: %s", orgUserId, "", fullURL));
 263                                 logger.info(EELFLoggerDelegate.debugLogger, "processSingleSignOn: now set up user session for {}",
 264                                                 orgUserId);
 265
 266                                 EPUserUtils.setUserSession(request, commandBean.getUser(), commandBean.getMenu(),
 267                                                 commandBean.getBusinessDirectMenu(), ePRoleFunctionService);
 268                                 logger.info(EELFLoggerDelegate.debugLogger,
 269                                                 "processSingleSignOn: now set up user session for {} finished", orgUserId);
 270
 271                                 // Store user's information into share context
 272                                 try {
 273                                         logger.info(EELFLoggerDelegate.debugLogger,
 274                                                         "processSingleSignOn: store user info into share context begins");
 275                                         String sessionId = request.getSession().getId();
 276                                         List<SharedContext> existingSC = getSharedContextService().getSharedContexts(sessionId);
 277                                         if (existingSC == null || existingSC.isEmpty()) {
 278                                                 getSharedContextService().addSharedContext(sessionId, EPSystemProperties.USER_FIRST_NAME,
 279                                                                 commandBean.getUser().getFirstName());
 280                                                 getSharedContextService().addSharedContext(sessionId, EPSystemProperties.USER_LAST_NAME,
 281                                                                 commandBean.getUser().getLastName());
 282                                                 getSharedContextService().addSharedContext(sessionId, EPSystemProperties.USER_EMAIL,
 283                                                                 commandBean.getUser().getEmail());
 284                                                 getSharedContextService().addSharedContext(sessionId, EPSystemProperties.USER_ORG_USERID,
 285                                                                 commandBean.getLoginId());
 286                                         }
 287                                 } catch (Exception e) {
 288                                         logger.info(EELFLoggerDelegate.errorLogger,
 289                                                         "processSingleSignOn: failed the shared context adding process", e);
 290                                 }
 291
 292                                 logger.info(EELFLoggerDelegate.debugLogger,
 293                                                 "processSingleSignOn: PresetUp the EP service cookie and intial sessionManagement");
 294                                 SessionCookieUtil.preSetUp(request, response);
 295                                 SessionCookieUtil.setUpUserIdCookie(request, response, orgUserId);
 296                                 logger.info(EELFLoggerDelegate.debugLogger,
 297                                                 "processSingleSignOn: PresetUp the EP service cookie and intial sessionManagement completed");
 298                                 logger.info(EELFLoggerDelegate.debugLogger,
 299                                                 commandBean.getUser().getOrgUserId() + " exists in the the system.");
 300
 301                                 // get redirectUrl from URL parameter
 302                                 validateDomain(request);
 303                                 if (request.getParameter(REDIRECT_URL) != null && request.getParameter(REDIRECT_URL).length() != 0) {
 304                                         String forwardUrl = URLDecoder.decode(request.getParameter(REDIRECT_URL), "UTF-8");
 305                                         // clean cookie
 306                                         Cookie cookie2 = new Cookie(REDIRECT_URL, "");
 307                                         // ONAP does not use https
 308                                         cookie2.setSecure(false);
 309                                         cookie2.setMaxAge(0);
 310                                         cookie2.setDomain(EPSystemProperties.getProperty(EPSystemProperties.COOKIE_DOMAIN));
 311                                         cookie2.setPath("/");
 312                                         response.addCookie(cookie2);
 313                                         return new ModelAndView(REDIRECT_COLON + forwardUrl);
 314                                 }
 315
 316                                 // first check if redirectUrl exists or not
 317                                 if (WebUtils.getCookie(request, REDIRECT_URL) != null) {
 318                                         String forwardUrl = WebUtils.getCookie(request, REDIRECT_URL).getValue();
 319                                         // clean cookie
 320                                         Cookie cookie2 = new Cookie(REDIRECT_URL, "");
 321                                         // ONAP does not use https
 322                                         cookie2.setSecure(false);
 323                                         cookie2.setMaxAge(0);
 324                                         cookie2.setDomain(EPSystemProperties.getProperty(EPSystemProperties.COOKIE_DOMAIN));
 325                                         cookie2.setPath("/");
 326                                         response.addCookie(cookie2);
 327
 328                                         return new ModelAndView(REDIRECT_COLON + forwardUrl);
 329                                 }
 330                         }
 331                 }
 332
 333                 // if user has been authenticated, now take them to the welcome page.
 334                 logger.info(EELFLoggerDelegate.debugLogger, "processSingleSignOn: Now return to application home page");
 335                 return new ModelAndView(REDIRECT_COLON + SystemProperties.getProperty(EPSystemProperties.FE_URL));
 336         }
 337
 338         private void validateDomain(HttpServletRequest request) throws MalformedURLException {
 339                 final String returnToAppUrl = request.getParameter(REDIRECT_URL);
 340                 if (StringUtils.isNotBlank(returnToAppUrl)) {
 341                         String hostName = new URL(returnToAppUrl).getHost();
 342                         if (StringUtils.isNotBlank(hostName)
 343                                         && !hostName.endsWith(EPSystemProperties.getProperty(EPCommonSystemProperties.COOKIE_DOMAIN))) {
 344                                 logger.debug(EELFLoggerDelegate.debugLogger,
 345                                                 "processSingleSignOn ()  accessing Unauthorized url  :" + hostName);
 346                                 throw new SecurityException("accessing Unauthorized url : " + hostName);
 347                         }
 348                 }
 349         }
 350
 351         private String getFullURL(HttpServletRequest request) {
 352                 if (request != null) {
 353                         String requestURL = request.getRequestURL().toString();
 354                         String queryString = request.getQueryString();
 355                         if (queryString == null) {
 356                                 return requestURL;
 357                         } else {
 358                                 return requestURL + "?" + queryString;
 359                         }
 360                 }
 361                 return "";
 362         }
 363
 364         private String getRequestId(HttpServletRequest request) {
 365                 Enumeration<String> headerNames = request.getHeaderNames();
 366                 String requestId = "";
 367                 while (headerNames.hasMoreElements()) {
 368                         String headerName = headerNames.nextElement();
 369                         logger.debug(EELFLoggerDelegate.debugLogger, "getRequestId: header {} has value {}", headerName,
 370                                         request.getHeader(headerName));
 371                         if (headerName.equalsIgnoreCase(SystemProperties.ECOMP_REQUEST_ID)) {
 372                                 requestId = request.getHeader(headerName);
 373                                 break;
 374                         }
 375                 }
 376                 return requestId.isEmpty() ? UUID.randomUUID().toString() : requestId;
 377         }
 378
 379         public String getWelcomeView() {
 380                 return welcomeView;
 381         }
 382
 383         public void setWelcomeView(String welcomeView) {
 384                 this.welcomeView = welcomeView;
 385         }
 386
 387         @Override
 388         public String getViewName() {
 389                 return viewName;
 390         }
 391
 392         @Override
 393         public void setViewName(String viewName) {
 394                 this.viewName = viewName;
 395         }
 396
 397         public EPLoginService getLoginService() {
 398                 return loginService;
 399         }
 400
 401         public void setLoginService(EPLoginService loginService) {
 402                 this.loginService = loginService;
 403         }
 404
 405         public SharedContextService getSharedContextService() {
 406                 return sharedContextService;
 407         }
 408
 409         public void setSharedContextService(SharedContextService sharedContextService) {
 410                 this.sharedContextService = sharedContextService;
 411         }
 412
 413         @ExceptionHandler(Exception.class)
 414         protected void handleBadRequests(Exception e, HttpServletResponse response) throws IOException {
 415                 logger.warn(EELFLoggerDelegate.errorLogger, "Handling bad request", e);
 416                 response.sendError(HttpStatus.BAD_REQUEST.value());
 417         }
 418 }