midsuit
/
core-jgi
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

IDEMPIERE-5354 Manage use case for microsoft OAuth2 preferred_username (FHCA-3757) (#1464)

This commit is contained in:
Carlos Ruiz 2022-09-06 13:58:17 +02:00 committed by GitHub
parent 0e71fa9884
commit 8748f11ddf
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 26 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
org.adempiere.base/src/org/compiere/model/MAuthorizationCredential.java
View File

@ -24,6 +24,8 @@
**********************************************************************/
package org.compiere.model;
import static org.compiere.model.SystemIDs.OAUTH2_AUTHORIZATION_PROVIDER_MICROSOFT;
import java.math.BigDecimal;
import java.sql.ResultSet;
import java.sql.Timestamp;
@ -35,6 +37,7 @@ import org.adempiere.exceptions.AdempiereException;
import org.apache.http.NameValuePair;
import org.apache.http.client.utils.URLEncodedUtils;
import org.apache.http.message.BasicNameValuePair;
import org.compiere.util.EMail;
import org.compiere.util.Env;
import org.compiere.util.Msg;
@ -150,6 +153,27 @@ public class MAuthorizationCredential extends X_AD_AuthorizationCredential {
return msg;
}
if ( ap.getAD_AuthorizationProvider_ID() == OAUTH2_AUTHORIZATION_PROVIDER_MICROSOFT
&& MSysConfig.getBooleanValue("OAUTH2_USE_ACCESS_TOKEN_UPN_ON_MICROSOFT_PROVIDER", true)) {
/* IDEMPIERE-5354
* Microsoft send the user email information in the access_token in upn field in some cases when the login doesn't correspond with the email
* for this the upn must take precedence when the email is different than the user for login
*/
Object access_token = tokenResponse.get("access_token");
String upn_access = null;
if (access_token != null && access_token instanceof String) {
try {
IdToken accesstoken = IdToken.parse(tokenResponse.getFactory(), (String) tokenResponse.get("access_token"));
upn_access = (String) accesstoken.getPayload().get("upn");
} catch (Exception ex) {
// accesstoken not valid ... simply ignore
}
}
if (upn_access != null && ! email.toLowerCase().equals(upn_access.toLowerCase()) && EMail.validate(upn_access)) {
email = upn_access;
}
}
boolean newAccount = false;
MAuthorizationAccount account = null;
Query query = new Query(ctx, MAuthorizationAccount.Table_Name, "AD_Client_ID=? AND AD_User_ID=? AND EMail=? AND AD_AuthorizationCredential_ID=?", get_TrxName());

2
org.adempiere.base/src/org/compiere/model/SystemIDs.java
View File

@ -229,4 +229,6 @@ public class SystemIDs
public final static int TOOLBAR_BTN_ID_WINDOW_NEW = 200031;
public final static int OAUTH2_AUTHORIZATION_PROVIDER_MICROSOFT = 200001;
}