Conflict resolving during importing from LDAP

Author: nkonev

aaa/src/main/java/name/nkonev/aaa/Constants.java

@@ -64,12 +64,15 @@ public static class QueryVariables {
         public static final String BEHALF_USER_ID = "behalfUserId";
     }
 
+    public static final String LDAP_CONFLICT_PREFIX = "conflicts_with_ldap_";
+
     public static final String DELETED = "deleted";
     public static final long DELETED_ID = -1;
 
     public static final Long NonExistentUser = -65000L;
 
     public static final Set<String> FORBIDDEN_USERNAMES = Set.of(DELETED, "all", "here");
+    public static final Set<String> FORBIDDEN_USERNAME_PREFIXES = Set.of(LDAP_CONFLICT_PREFIX);
 
     public static final int MIN_PASSWORD_LENGTH = 6;
     public static final int MAX_PASSWORD_LENGTH = 30;

aaa/src/main/java/name/nkonev/aaa/config/properties/ConflictBy.java

@@ -0,0 +1,6 @@
+package name.nkonev.aaa.config.properties;
+
+public enum ConflictBy {
+    USERNAME,
+    EMAIL
+}

aaa/src/main/java/name/nkonev/aaa/config/properties/ConflictResolveStrategy.java

@@ -0,0 +1,7 @@
+package name.nkonev.aaa.config.properties;
+
+public enum ConflictResolveStrategy {
+    IGNORE,
+    WRITE_NEW_AND_REMOVE_OLD,
+    WRITE_NEW_AND_RENAME_OLD
+}

aaa/src/main/java/name/nkonev/aaa/config/properties/LdapProperties.java

@@ -3,6 +3,7 @@
 public record LdapProperties(
     LdapAuthProperties auth,
     LdapAttributes attributeNames,
-    LdapPasswordEncodingProperties password
+    LdapPasswordEncodingProperties password,
+    ConflictResolveStrategy resolveConflictsStrategy
 ) {
 }

aaa/src/main/java/name/nkonev/aaa/converter/UserAccountConverter.java

@@ -21,6 +21,7 @@
 import java.util.stream.Collectors;
 
 import static name.nkonev.aaa.Constants.FORBIDDEN_USERNAMES;
+import static name.nkonev.aaa.Constants.FORBIDDEN_USERNAME_PREFIXES;
 import static name.nkonev.aaa.utils.RoleUtils.DEFAULT_ROLE;
 
 @Component
@@ -211,7 +212,8 @@ public static UserAccount buildUserAccountEntityForInsert(name.nkonev.aaa.dto.Ed
                 null,
                 null,
                 null,
-                userAccountDTO.loginColor()
+                userAccountDTO.loginColor(),
+                null
         );
     }
 
@@ -234,14 +236,19 @@ public static void validateLengthEmail(String email) {
     private static String checkAndTrimLogin(String login, boolean isForOauth2) {
         login = login != null ? login.trim() : null;
         login = trimToNull(login);
+        login = NullEncode.forHtml(login);
 
         if (login != null) {
             if (FORBIDDEN_USERNAMES.contains(login)) {
                 throw new BadRequestException("forbidden login");
             }
-        }
 
-        login = NullEncode.forHtml(login);
+            for (var fp : FORBIDDEN_USERNAME_PREFIXES) {
+                if (login.startsWith(fp)) {
+                    throw new BadRequestException("forbidden login");
+                }
+            }
+        }
 
         if (login != null && !isForOauth2) {
             Assert.isTrue(!login.startsWith(FacebookOAuth2UserService.LOGIN_PREFIX), "not allowed prefix");
@@ -280,6 +287,7 @@ public static UserAccount buildUserAccountEntityForFacebookInsert(String faceboo
                 null,
                 null,
                 null,
+                null,
                 null
         );
     }
@@ -310,6 +318,7 @@ public static UserAccount buildUserAccountEntityForVkontakteInsert(String vkonta
                 null,
                 null,
                 null,
+                null,
                 null
         );
     }
@@ -340,6 +349,7 @@ public static UserAccount buildUserAccountEntityForGoogleInsert(String googleId,
                 googleId,
                 null,
                 null,
+                null,
                 null
         );
     }
@@ -370,14 +380,13 @@ public static UserAccount buildUserAccountEntityForKeycloakInsert(String keycloa
                 null,
                 keycloakId,
                 null,
+                null,
                 null
         );
     }
 
-    public static UserAccount buildUserAccountEntityForLdapInsert(String login, String ldapId, Set<UserRole> mappedRoles, String email) {
+    public static UserAccount buildUserAccountEntityForLdapInsert(String login, String ldapId, Set<UserRole> mappedRoles, String email, boolean locked, boolean enabled, LocalDateTime syncLdapTime) {
         final boolean expired = false;
-        final boolean locked = false;
-        final boolean enabled = true;
         final boolean confirmed = true;
 
         return new UserAccount(
@@ -400,7 +409,8 @@ public static UserAccount buildUserAccountEntityForLdapInsert(String login, Stri
                 null,
                 null,
                 ldapId,
-                null
+                null,
+                syncLdapTime
         );
     }
 

aaa/src/main/java/name/nkonev/aaa/entity/jdbc/UserAccount.java

@@ -30,7 +30,8 @@ public record UserAccount(
     String googleId,
     String keycloakId,
     String ldapId,
-    String loginColor
+    String loginColor,
+    LocalDateTime syncLdapTime
 ) {
 
     public UserAccount withPassword(String newPassword) {
@@ -54,7 +55,8 @@ public UserAccount withPassword(String newPassword) {
                 googleId,
                 keycloakId,
                 ldapId,
-                loginColor
+                loginColor,
+                syncLdapTime
         );
     }
 
@@ -79,7 +81,8 @@ public UserAccount withUsername(String newUsername) {
                 googleId,
                 keycloakId,
                 ldapId,
-                loginColor
+                loginColor,
+                syncLdapTime
         );
     }
 
@@ -104,7 +107,8 @@ public UserAccount withAvatar(String newAvatar) {
                 googleId,
                 keycloakId,
                 ldapId,
-                loginColor
+                loginColor,
+                syncLdapTime
         );
     }
 
@@ -129,7 +133,8 @@ public UserAccount withAvatarBig(String newAvatarBig) {
                 googleId,
                 keycloakId,
                 ldapId,
-                loginColor
+                loginColor,
+                syncLdapTime
         );
     }
 
@@ -154,7 +159,8 @@ public UserAccount withEmail(String newEmailToSet) {
                 googleId,
                 keycloakId,
                 ldapId,
-                loginColor
+                loginColor,
+                syncLdapTime
         );
     }
 
@@ -179,7 +185,8 @@ public UserAccount withShortInfo(String newShortInfo) {
                 googleId,
                 keycloakId,
                 ldapId,
-                loginColor
+                loginColor,
+                syncLdapTime
         );
     }
 
@@ -204,7 +211,8 @@ public UserAccount withLocked(boolean newLocked) {
                 googleId,
                 keycloakId,
                 ldapId,
-                loginColor
+                loginColor,
+                syncLdapTime
         );
     }
 
@@ -229,7 +237,8 @@ public UserAccount withEnabled(boolean newEnabled) {
                 googleId,
                 keycloakId,
                 ldapId,
-                loginColor
+                loginColor,
+                syncLdapTime
         );
     }
 
@@ -254,7 +263,8 @@ public UserAccount withConfirmed(boolean newConfirmed) {
             googleId,
             keycloakId,
             ldapId,
-            loginColor
+            loginColor,
+            syncLdapTime
         );
     }
 
@@ -279,7 +289,8 @@ public UserAccount withRoles(UserRole[] newRoles) {
                 googleId,
                 keycloakId,
                 ldapId,
-                loginColor
+                loginColor,
+                syncLdapTime
         );
     }
 
@@ -304,7 +315,34 @@ public UserAccount withLoginColor(String newLoginColor) {
             googleId,
             keycloakId,
             ldapId,
-            newLoginColor
+            newLoginColor,
+            syncLdapTime
+        );
+    }
+
+    public UserAccount withSyncLdapTime(LocalDateTime newSyncLdapDateTime) {
+        return new UserAccount(
+            id,
+            creationType,
+            username,
+            password,
+            avatar,
+            avatarBig,
+            shortInfo,
+            expired,
+            locked,
+            enabled,
+            confirmed,
+            roles,
+            email,
+            lastLoginDateTime,
+            facebookId,
+            vkontakteId,
+            googleId,
+            keycloakId,
+            ldapId,
+            loginColor,
+            newSyncLdapDateTime
         );
     }
 
@@ -329,7 +367,8 @@ public UserAccount withOauthIdentifiers(OAuth2Identifiers newOauthIdentifiers) {
                 newOauthIdentifiers.googleId,
                 newOauthIdentifiers.keycloakId,
                 ldapId,
-                loginColor
+                loginColor,
+                syncLdapTime
         );
     }
 

aaa/src/main/java/name/nkonev/aaa/repository/jdbc/UserAccountRepository.java

@@ -41,4 +41,12 @@ public interface UserAccountRepository extends ListCrudRepository<UserAccount, L
     Set<Long> findUserIds(List<Long> userIds);
 
     List<UserAccount> findByLdapIdInOrderById(Collection<String> strings);
+
+    @Modifying
+    @Query("update user_account set sync_ldap_time = :newSyncLdapDateTime where ldap_id in (:ldapUserIds)")
+    void updateSyncLdapTime(Set<String> ldapUserIds, LocalDateTime newSyncLdapDateTime);
+
+    @Modifying
+    @Query("delete from user_account where ldap_id is not null and sync_ldap_time < :currTime")
+    long deleteWithLdapIdElderThan(LocalDateTime currTime);
 }