/* * ============LICENSE_START========================================== * ONAP Portal * =================================================================== * Copyright (C) 2019 AT&T Intellectual Property. All rights reserved. * =================================================================== * Modifications Copyright (c) 2019 Samsung * =================================================================== * * Unless otherwise specified, all software contained herein is licensed * under the Apache License, Version 2.0 (the "License"); * you may not use this software except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. * * Unless otherwise specified, all documentation contained herein is licensed * under the Creative Commons License, Attribution 4.0 Intl. (the "License"); * you may not use this documentation except in compliance with the License. * You may obtain a copy of the License at * * https://creativecommons.org/licenses/by/4.0/ * * Unless required by applicable law or agreed to in writing, documentation * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. * * ============LICENSE_END============================================ * * */ package org.onap.portal.utils; import java.util.ArrayList; import java.util.Enumeration; import java.util.HashMap; import java.util.HashSet; import java.util.List; import java.util.Map; import java.util.Set; import java.util.UUID; import java.util.regex.Matcher; import java.util.regex.Pattern; import java.util.stream.Collectors; import javax.servlet.ServletContext; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpSession; import lombok.NoArgsConstructor; import org.apache.commons.codec.DecoderException; import org.apache.commons.codec.binary.Hex; import org.onap.portal.domain.db.fn.FnRole; import org.onap.portal.domain.db.fn.FnUser; import org.onap.portal.domain.db.fn.FnUserRole; import org.onap.portal.exception.RoleFunctionException; import org.onap.portal.service.fn.old.EPRoleFunctionService; import org.onap.portalsdk.core.domain.RoleFunction; import org.onap.portalsdk.core.exception.SessionExpiredException; import org.onap.portalsdk.core.logging.logic.EELFLoggerDelegate; import org.onap.portalsdk.core.menu.MenuBuilder; import org.onap.portalsdk.core.service.DataAccessService; import org.onap.portalsdk.core.util.SystemProperties; import org.onap.portalsdk.core.web.support.AppUtils; import org.springframework.beans.factory.annotation.Autowired; @NoArgsConstructor public class EPUserUtils { public static final String ALL_ROLE_FUNCTIONS = "allRoleFunctions"; private static final String decodeValueOfForwardSlash = "2f"; private static final String decodeValueOfHyphen = "2d"; private static final String decodeValueOfAsterisk = "2a"; private static final Long ACCOUNT_ADMIN_ROLE_ID = 999L; private static final EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(EPUserUtils.class); private static DataAccessService dataAccessService; /** * Gets the EPUser object from the session. * * @param request HttpServletRequest * @return EPUser object that was created upon login * @throws SessionExpiredException if no session exists. */ public static FnUser getUserSession(HttpServletRequest request) { HttpSession session = AppUtils.getSession(request); if (session == null) { throw new SessionExpiredException(); } return (FnUser) session.getAttribute(SystemProperties.getProperty(SystemProperties.USER_ATTRIBUTE_NAME)); } /** * Establishes the user's portal session * * @param request HttpServletRequest * @param user EPUser * @param applicationMenuData Menu data * @param businessDirectMenuData Menu data * @param ePRoleFunctionService role function service */ @SuppressWarnings("rawtypes") public static void setUserSession(HttpServletRequest request, FnUser user, Set applicationMenuData, Set businessDirectMenuData, EPRoleFunctionService ePRoleFunctionService) throws RoleFunctionException { HttpSession session = request.getSession(true); // clear the current user session to avoid any conflicts EPUserUtils.clearUserSession(request); session.setAttribute(SystemProperties.getProperty(SystemProperties.USER_ATTRIBUTE_NAME), user); setAllRoleFunctions(ePRoleFunctionService.getRoleFunctions(), session); ePRoleFunctionService.getRoleFunctions(request, user); // truncate the role (and therefore the role function) data to save // memory in the session user.setFnRoles(null); session.setAttribute(SystemProperties.getProperty(SystemProperties.USER_NAME), user.getFullName()); ServletContext context = session.getServletContext(); try { context.getAttribute("licenseVerification"); } catch (Exception e) { logger.error(EELFLoggerDelegate.errorLogger, "setUserSession failed to get licenseVerification attribute", e); } session.setAttribute(SystemProperties.getProperty(SystemProperties.APP_DISPLAY_NAME), "My Portal"); session.setAttribute(SystemProperties.getProperty(SystemProperties.APPLICATION_MENU_ATTRIBUTE_NAME), MenuBuilder.filterMenu(applicationMenuData, request)); session.setAttribute(SystemProperties.getProperty(SystemProperties.BUSINESS_DIRECT_MENU_ATTRIBUTE_NAME), MenuBuilder.filterMenu(businessDirectMenuData, request)); } /** * Creates a set of role function names and stores the set as a session attribute. * * @param allRoleFunctions List of role functions. * @param session HttpSession */ private static void setAllRoleFunctions(List allRoleFunctions, HttpSession session) throws RoleFunctionException { if (allRoleFunctions == null) { return; } Set roleFnSet = new HashSet<>(); for (RoleFunction roleFn : allRoleFunctions) { roleFnSet.add(decodeFunctionCode(roleFn.getCode())); } session.setAttribute(ALL_ROLE_FUNCTIONS, roleFnSet); } public static String decodeFunctionCode(String str) throws RoleFunctionException { String decodedString = str; List decodingList = new ArrayList<>(); decodingList.add(Pattern.compile(decodeValueOfForwardSlash)); decodingList.add(Pattern.compile(decodeValueOfHyphen)); decodingList.add(Pattern.compile(decodeValueOfAsterisk)); for (Pattern xssInputPattern : decodingList) { try { decodedString = decodedString.replaceAll("%" + xssInputPattern, new String(Hex.decodeHex(xssInputPattern.toString().toCharArray()))); } catch (DecoderException e) { logger.error(EELFLoggerDelegate.errorLogger, "Failed to decode the Rolefunction: " + str, e); throw new RoleFunctionException("decode failed", e); } } return decodedString; } /** * Removes all stored attributes from the user's session * * @param request HttpServletRequest * @throws SessionExpiredException if no session exists */ private static void clearUserSession(HttpServletRequest request) { HttpSession session = AppUtils.getSession(request); if (session == null) { throw new SessionExpiredException(); } // removes all stored attributes from the current user's session session.removeAttribute(SystemProperties.getProperty(SystemProperties.USER_ATTRIBUTE_NAME)); session.removeAttribute(SystemProperties.getProperty(SystemProperties.APPLICATION_MENU_ATTRIBUTE_NAME)); session.removeAttribute( SystemProperties.getProperty(SystemProperties.BUSINESS_DIRECT_MENU_ATTRIBUTE_NAME)); session.removeAttribute(SystemProperties.getProperty(SystemProperties.ROLES_ATTRIBUTE_NAME)); session.removeAttribute(SystemProperties.getProperty(SystemProperties.ROLE_FUNCTIONS_ATTRIBUTE_NAME)); } /** * Gets role information from the user session, in the cached user object. As a side effect sets a session * variable with the roles. * * @param request HttpServletRequest * @return Map of role ID to role object */ @SuppressWarnings("rawtypes") public static Map getRoles(HttpServletRequest request) { HashMap roles; HttpSession session = AppUtils.getSession(request); roles = (HashMap) session .getAttribute(SystemProperties.getProperty(SystemProperties.ROLES_ATTRIBUTE_NAME)); // if roles are not already cached, let's grab them from the user // session if (roles == null) { FnUser user = getUserSession(request); // get all user roles (including the tree of child roles) roles = getAllUserRoles(user); session.setAttribute(SystemProperties.getProperty(SystemProperties.ROLES_ATTRIBUTE_NAME), roles); } return roles; } /** * Builds a map of role ID to role object. * * @param user EPUser * @return Map of role ID to role object */ @SuppressWarnings({"rawtypes", "unchecked"}) private static HashMap getAllUserRoles(FnUser user) { HashMap roles = new HashMap(); for (FnRole role : user.getFnRoles()) { if (role.getActiveYn()) { roles.put(role.getId(), role); addChildRoles(role, roles); } } // Additionally; the account admin role is overloaded between onap // portal and partners; lets also include that for (FnUserRole epUserApp : user.getFnUserRoles()) { FnRole role = epUserApp.getRoleId(); if (role.getActiveYn() && role.getRoleId().equals(ACCOUNT_ADMIN_ROLE_ID)) { roles.put(role.getId(), role); // let's take a recursive trip down the tree to add all child // roles addChildRoles(role, roles); } } return roles; } /** * Adds all child roles of the specified role to the map of roles. * * @param role EPRole * @param roles Maps role id to role object */ @SuppressWarnings({"rawtypes", "unchecked"}) private static void addChildRoles(FnRole role, HashMap roles) { Set childRoles = role.getFnRoles(); if (childRoles != null && !childRoles.isEmpty()) { for (Object o : childRoles) { FnRole childRole = (FnRole) o; if (childRole.getActiveYn()) { roles.put(childRole.getId(), childRole); addChildRoles(childRole, roles); } } } } public static boolean hasRole(FnUser user, String roleKey) { return getAllUserRoles(user).keySet().contains(new Long(roleKey)); } public static DataAccessService getDataAccessService() { return dataAccessService; } @Autowired public static void setDataAccessService(DataAccessService dataAccessService) { EPUserUtils.dataAccessService = dataAccessService; } /** * Gets the user's ID from the user object in the session * * @param request HttpServletRequest * @return Integer ID of current user */ public static int getUserId(HttpServletRequest request) { return getUserIdAsLong(request).intValue(); } /** * Gets the user's ID from the user object in the session * * @param request HttpServletREquest * @return Long ID of current user */ static Long getUserIdAsLong(HttpServletRequest request) { Long userId = new Long(SystemProperties.getProperty(SystemProperties.APPLICATION_USER_ID)); if (request != null && getUserSession(request) != null) { userId = getUserSession(request).getId(); } return userId; } /** * Gets the request ID from the request. * * @param request HttpServletRequest * @return Request ID */ public static String getRequestId(HttpServletRequest request) { Enumeration headerNames = request.getHeaderNames(); String requestId = ""; try { while (headerNames.hasMoreElements()) { String headerName = headerNames.nextElement(); logger.debug(EELFLoggerDelegate.debugLogger, "One header is " + headerName + " : " + request.getHeader(headerName)); if (headerName.equalsIgnoreCase(SystemProperties.ECOMP_REQUEST_ID)) { requestId = request.getHeader(headerName); break; } } } catch (Exception e) { logger.error(EELFLoggerDelegate.errorLogger, "getRequestId failed", e); } return (requestId.isEmpty() ? UUID.randomUUID().toString() : requestId); } /** * Gets the full URL from the request. * * @param request HttpServletRequest * @return Full URL */ static String getFullURL(HttpServletRequest request) { if (request != null) { StringBuffer requestURL = request.getRequestURL(); String queryString = request.getQueryString(); if (queryString == null) { return requestURL.toString(); } else { return requestURL.append('?').append(queryString).toString(); } } return ""; } public static Boolean matchRoleFunctions(String portalApiPath, Set roleFunctions) { String[] path = portalApiPath.split("/"); List roleFunList; if (path.length > 1) { roleFunList = roleFunctions.stream().filter(item -> item.startsWith(path[0])) .collect(Collectors.toList()); if (roleFunList.size() >= 1) { for (String roleFunction : roleFunList) { String[] roleFunctionArray = roleFunction.split("/"); boolean b = true; if (roleFunctionArray.length == path.length) { for (int i = 0; i < roleFunctionArray.length; i++) { if (!roleFunctionArray[i].equals("*")) { Pattern p = Pattern.compile(Pattern.quote(path[i]), Pattern.CASE_INSENSITIVE); Matcher m = p.matcher(roleFunctionArray[i]); b = m.matches(); } } if (b) { return true; } } } } } else { for (String roleFunction : roleFunctions) { if (roleFunction.equals(("*"))) { return true; } else if (portalApiPath.matches(roleFunction)) { return true; } } } return false; } }