fix #2760 add aad.use.ds

codelibs · Jul 23, 2023 · 81e2943 · 81e2943
1 parent 49f7cd0
commit 81e2943
Show file tree

Hide file tree

Showing 3 changed files with 74 additions and 3 deletions.
diff --git a/src/main/java/org/codelibs/fess/mylasta/direction/FessProp.java b/src/main/java/org/codelibs/fess/mylasta/direction/FessProp.java
@@ -719,6 +719,10 @@ default String[] getAzureAdPermissionFields() {
  .get(stream -> stream.filter(StringUtil::isNotBlank).map(String::trim).toArray(n -> new String[n]));
  }
 
+ default boolean isAzureAdUseDomainServices() {
+ return Constants.TRUE.equalsIgnoreCase(getSystemProperty("aad.use.ds", "true"));
+ }
+
  //
  // fess_*.properties
  //

diff --git a/src/main/java/org/codelibs/fess/sso/aad/AzureAdAuthenticator.java b/src/main/java/org/codelibs/fess/sso/aad/AzureAdAuthenticator.java
@@ -404,18 +404,19 @@ protected void processMemberOf(final AzureAdUser user, final List<String> groupL
  logger.warn("id is empty: {}", memberOf);
  }
  final String[] names = fessConfig.getAzureAdPermissionFields();
+ final boolean useDomainServices = fessConfig.isAzureAdUseDomainServices();
  for (final String name : names) {
  final String value = (String) memberOf.get(name);
  if (StringUtil.isNotBlank(value)) {
  if (memberType.contains("group")) {
- groupList.add(value);
+ addGroupOrRoleName(groupList, value, useDomainServices);
  } else if (memberType.contains("role")) {
- roleList.add(value);
+ addGroupOrRoleName(roleList, value, useDomainServices);
  } else {
  if (logger.isDebugEnabled()) {
  logger.debug("unknown @odata.type: {}", memberOf);
  }
- groupList.add(value);
+ addGroupOrRoleName(groupList, value, useDomainServices);
  }
  } else if (logger.isDebugEnabled()) {
  logger.debug("{} is empty: {}", name, memberOf);
@@ -434,6 +435,16 @@ protected void processMemberOf(final AzureAdUser user, final List<String> groupL
  }
  }
 
+ protected void addGroupOrRoleName(List<String> list, String value, boolean useDomainServices) {
+ list.add(value);
+ if (useDomainServices && value.indexOf('@') >= 0) {
+ String[] values = value.split("@");
+ if (values.length > 1) {
+ list.add(values[0]);
+ }
+ }
+ }
+
  protected void processParentGroup(final AzureAdUser user, final List<String> groupList, final List<String> roleList, final String id) {
  final Pair<String[], String[]> groupsAndRoles = getParentGroup(user, id);
  StreamUtil.stream(groupsAndRoles.getFirst()).of(stream -> stream.forEach(groupList::add));

diff --git a/src/test/java/org/codelibs/fess/sso/aad/AzureAdAuthenticatorTest.java b/src/test/java/org/codelibs/fess/sso/aad/AzureAdAuthenticatorTest.java
@@ -0,0 +1,56 @@
+/*
+ * Copyright 2012-2023 CodeLibs Project and the Others.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
+ * either express or implied. See the License for the specific language
+ * governing permissions and limitations under the License.
+ */
+package org.codelibs.fess.sso.aad;
+
+import java.util.ArrayList;
+import java.util.List;
+
+import org.codelibs.fess.unit.UnitFessTestCase;
+
+public class AzureAdAuthenticatorTest extends UnitFessTestCase {
+ public void test_addGroupOrRoleName() {
+ AzureAdAuthenticator authenticator = new AzureAdAuthenticator();
+ List<String> list = new ArrayList<>();
+
+ list.clear();
+ authenticator.addGroupOrRoleName(list, "test", true);
+ assertEquals(1, list.size());
+ assertEquals("test", list.get(0));
+
+ list.clear();
+ authenticator.addGroupOrRoleName(list, "test", false);
+ assertEquals(1, list.size());
+ assertEquals("test", list.get(0));
+
+ list.clear();
+ authenticator.addGroupOrRoleName(list, "test@codelibs.org", true);
+ assertEquals(2, list.size());
+ assertEquals("test@codelibs.org", list.get(0));
+ assertEquals("test", list.get(1));
+
+ list.clear();
+ authenticator.addGroupOrRoleName(list, "test@codelibs.org", false);
+ assertEquals(1, list.size());
+ assertEquals("test@codelibs.org", list.get(0));
+
+ list.clear();
+ authenticator.addGroupOrRoleName(list, "test@codelibs.org@hoge.com", true);
+ assertEquals(2, list.size());
+ assertEquals("test@codelibs.org@hoge.com", list.get(0));
+ assertEquals("test", list.get(1));
+
+ }
+}