IDEMPIERE-5354 Manage use case for microsoft OAuth2 preferred_username (FHCA-3757) (#1464)
This commit is contained in:
parent
0e71fa9884
commit
8748f11ddf
|
@ -24,6 +24,8 @@
|
|||
**********************************************************************/
|
||||
package org.compiere.model;
|
||||
|
||||
import static org.compiere.model.SystemIDs.OAUTH2_AUTHORIZATION_PROVIDER_MICROSOFT;
|
||||
|
||||
import java.math.BigDecimal;
|
||||
import java.sql.ResultSet;
|
||||
import java.sql.Timestamp;
|
||||
|
@ -35,6 +37,7 @@ import org.adempiere.exceptions.AdempiereException;
|
|||
import org.apache.http.NameValuePair;
|
||||
import org.apache.http.client.utils.URLEncodedUtils;
|
||||
import org.apache.http.message.BasicNameValuePair;
|
||||
import org.compiere.util.EMail;
|
||||
import org.compiere.util.Env;
|
||||
import org.compiere.util.Msg;
|
||||
|
||||
|
@ -150,6 +153,27 @@ public class MAuthorizationCredential extends X_AD_AuthorizationCredential {
|
|||
return msg;
|
||||
}
|
||||
|
||||
if ( ap.getAD_AuthorizationProvider_ID() == OAUTH2_AUTHORIZATION_PROVIDER_MICROSOFT
|
||||
&& MSysConfig.getBooleanValue("OAUTH2_USE_ACCESS_TOKEN_UPN_ON_MICROSOFT_PROVIDER", true)) {
|
||||
/* IDEMPIERE-5354
|
||||
* Microsoft send the user email information in the access_token in upn field in some cases when the login doesn't correspond with the email
|
||||
* for this the upn must take precedence when the email is different than the user for login
|
||||
*/
|
||||
Object access_token = tokenResponse.get("access_token");
|
||||
String upn_access = null;
|
||||
if (access_token != null && access_token instanceof String) {
|
||||
try {
|
||||
IdToken accesstoken = IdToken.parse(tokenResponse.getFactory(), (String) tokenResponse.get("access_token"));
|
||||
upn_access = (String) accesstoken.getPayload().get("upn");
|
||||
} catch (Exception ex) {
|
||||
// accesstoken not valid ... simply ignore
|
||||
}
|
||||
}
|
||||
if (upn_access != null && ! email.toLowerCase().equals(upn_access.toLowerCase()) && EMail.validate(upn_access)) {
|
||||
email = upn_access;
|
||||
}
|
||||
}
|
||||
|
||||
boolean newAccount = false;
|
||||
MAuthorizationAccount account = null;
|
||||
Query query = new Query(ctx, MAuthorizationAccount.Table_Name, "AD_Client_ID=? AND AD_User_ID=? AND EMail=? AND AD_AuthorizationCredential_ID=?", get_TrxName());
|
||||
|
|
|
@ -229,4 +229,6 @@ public class SystemIDs
|
|||
|
||||
public final static int TOOLBAR_BTN_ID_WINDOW_NEW = 200031;
|
||||
|
||||
public final static int OAUTH2_AUTHORIZATION_PROVIDER_MICROSOFT = 200001;
|
||||
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue