From 8748f11ddf668c89fbc4f676e1762dc79166c922 Mon Sep 17 00:00:00 2001 From: Carlos Ruiz Date: Tue, 6 Sep 2022 13:58:17 +0200 Subject: [PATCH] IDEMPIERE-5354 Manage use case for microsoft OAuth2 preferred_username (FHCA-3757) (#1464) --- .../model/MAuthorizationCredential.java | 24 +++++++++++++++++++ .../src/org/compiere/model/SystemIDs.java | 2 ++ 2 files changed, 26 insertions(+) diff --git a/org.adempiere.base/src/org/compiere/model/MAuthorizationCredential.java b/org.adempiere.base/src/org/compiere/model/MAuthorizationCredential.java index b3aaf7df33..9a82dd0a41 100644 --- a/org.adempiere.base/src/org/compiere/model/MAuthorizationCredential.java +++ b/org.adempiere.base/src/org/compiere/model/MAuthorizationCredential.java @@ -24,6 +24,8 @@ **********************************************************************/ package org.compiere.model; +import static org.compiere.model.SystemIDs.OAUTH2_AUTHORIZATION_PROVIDER_MICROSOFT; + import java.math.BigDecimal; import java.sql.ResultSet; import java.sql.Timestamp; @@ -35,6 +37,7 @@ import org.adempiere.exceptions.AdempiereException; import org.apache.http.NameValuePair; import org.apache.http.client.utils.URLEncodedUtils; import org.apache.http.message.BasicNameValuePair; +import org.compiere.util.EMail; import org.compiere.util.Env; import org.compiere.util.Msg; @@ -150,6 +153,27 @@ public class MAuthorizationCredential extends X_AD_AuthorizationCredential { return msg; } + if ( ap.getAD_AuthorizationProvider_ID() == OAUTH2_AUTHORIZATION_PROVIDER_MICROSOFT + && MSysConfig.getBooleanValue("OAUTH2_USE_ACCESS_TOKEN_UPN_ON_MICROSOFT_PROVIDER", true)) { + /* IDEMPIERE-5354 + * Microsoft send the user email information in the access_token in upn field in some cases when the login doesn't correspond with the email + * for this the upn must take precedence when the email is different than the user for login + */ + Object access_token = tokenResponse.get("access_token"); + String upn_access = null; + if (access_token != null && access_token instanceof String) { + try { + IdToken accesstoken = IdToken.parse(tokenResponse.getFactory(), (String) tokenResponse.get("access_token")); + upn_access = (String) accesstoken.getPayload().get("upn"); + } catch (Exception ex) { + // accesstoken not valid ... simply ignore + } + } + if (upn_access != null && ! email.toLowerCase().equals(upn_access.toLowerCase()) && EMail.validate(upn_access)) { + email = upn_access; + } + } + boolean newAccount = false; MAuthorizationAccount account = null; Query query = new Query(ctx, MAuthorizationAccount.Table_Name, "AD_Client_ID=? AND AD_User_ID=? AND EMail=? AND AD_AuthorizationCredential_ID=?", get_TrxName()); diff --git a/org.adempiere.base/src/org/compiere/model/SystemIDs.java b/org.adempiere.base/src/org/compiere/model/SystemIDs.java index 783f45bd82..ae2046d844 100644 --- a/org.adempiere.base/src/org/compiere/model/SystemIDs.java +++ b/org.adempiere.base/src/org/compiere/model/SystemIDs.java @@ -229,4 +229,6 @@ public class SystemIDs public final static int TOOLBAR_BTN_ID_WINDOW_NEW = 200031; + public final static int OAUTH2_AUTHORIZATION_PROVIDER_MICROSOFT = 200001; + }