[ADH-4990] Handle case when LDAP custom search query returns several …

…user entries
arenadata · Oct 11, 2024 · da60416 · da60416
1 parent 27ce3a0
commit da60416
Show file tree

Hide file tree

Showing 2 changed files with 20 additions and 1 deletion.
diff --git a/smart-integration/src/test/java/org/smartdata/integration/auth/TestWebServerLdapAuth.java b/smart-integration/src/test/java/org/smartdata/integration/auth/TestWebServerLdapAuth.java
@@ -103,7 +103,11 @@ public static TestParams[] parameters() {
         new TestParams("july", "kitty_cat",
             searchWithAdditionalSearch(BIND)),
         new TestParams("ben", "bens_password",
-            searchWithAdditionalSearch(BIND), FAIL)
+            searchWithAdditionalSearch(BIND), FAIL),
+        new TestParams("july", "kitty_cat",
+            searchByCustomSearchSeveralUsers(BIND), FAIL),
+        new TestParams("july", "kitty_cat",
+            searchByCustomSearchSeveralUsers(PASSWORD_COMPARE), FAIL)
     };
   }
 
@@ -126,6 +130,16 @@ private static SmartConf searchByCustomSearch(AuthType authType) {
     return conf;
   }
 
+  private static SmartConf searchByCustomSearchSeveralUsers(AuthType authType) {
+    SmartConf conf = baseConf();
+    conf.set(SMART_REST_SERVER_LDAP_AUTH_TYPE, authType.toString());
+    conf.set(SMART_REST_SERVER_LDAP_USER_SEARCH_BASE, "ou=people");
+    conf.set(SMART_REST_SERVER_LDAP_CUSTOM_SEARCH, "(objectClass=person)");
+
+    conf.set(TEST_PARAM_NAME_OPTION, "searchByCustomSearch");
+    return conf;
+  }
+
   private static SmartConf searchByGroupMemberAttr(AuthType authType, String groupName) {
     SmartConf conf = baseConf();
     conf.set(SMART_REST_SERVER_LDAP_AUTH_TYPE, authType.toString());

diff --git a/...b-server/src/main/java/org/smartdata/server/config/ldap/search/user/UserSearchRunner.java b/...b-server/src/main/java/org/smartdata/server/config/ldap/search/user/UserSearchRunner.java
@@ -26,6 +26,7 @@
 import org.springframework.dao.IncorrectResultSizeDataAccessException;
 import org.springframework.ldap.core.DirContextOperations;
 import org.springframework.ldap.core.support.BaseLdapPathContextSource;
+import org.springframework.security.authentication.BadCredentialsException;
 import org.springframework.security.core.userdetails.UsernameNotFoundException;
 import org.springframework.security.ldap.SpringSecurityLdapTemplate;
 import org.springframework.security.ldap.search.LdapUserSearch;
@@ -94,6 +95,10 @@ public DirContextOperations searchForUser(String username) throws UsernameNotFou
       if (ex.getActualSize() == 0) {
         throw new UsernameNotFoundException("User " + username + " not found in directory.");
       }
+      if (ex.getActualSize() > 1) {
+        throw new BadCredentialsException(
+            "Search query returns several user entries for provided username: " + username);
+      }
       throw ex;
     }
   }