UY-1175 remote reg allow using authenticator with regular input profile.

Fix DryRun step component, Fix Account Association

Author: ppiernik

engine-api/src/main/java/pl/edu/icm/unity/engine/api/authn/remote/AuthenticationTriggeringContext.java

@@ -5,6 +5,7 @@
 package pl.edu.icm.unity.engine.api.authn.remote;
 
 import pl.edu.icm.unity.engine.api.authn.PartialAuthnState;
+import pl.edu.icm.unity.engine.api.authn.sandbox.SandboxAuthnEvent;
 import pl.edu.icm.unity.engine.api.authn.sandbox.SandboxAuthnRouter;
 import pl.edu.icm.unity.types.authn.AuthenticationOptionKey;
 import pl.edu.icm.unity.types.registration.RegistrationForm;
@@ -32,13 +33,13 @@ private AuthenticationTriggeringContext(boolean rememberMeSet,
 		this.authenticationOptionKey = authenticationOptionKey;
 	}
 
-	public static AuthenticationTriggeringContext registrationTriggeredAuthn(RegistrationForm form, 
-			String invitationCode,
-			AuthenticationOptionKey authenticationOptionKey)
+	public static AuthenticationTriggeringContext registrationTriggeredAuthn(RegistrationForm form,
+			String invitationCode, AuthenticationOptionKey authenticationOptionKey)
 	{
 		if (form == null)
 			throw new IllegalArgumentException("Form must be set in registration triggered remote authn");
-		return new AuthenticationTriggeringContext(false, null, form, invitationCode, null, authenticationOptionKey);
+		return new AuthenticationTriggeringContext(false, null, form, invitationCode, new MockSandboxAuthnRouter(),
+				authenticationOptionKey);
 	}
 
 
@@ -90,4 +91,22 @@ public String toString()
 				"AuthenticationTriggeringContext [rememberMeSet=%s, firstFactorAuthnState=%s, form=%s, invitationCode=%s]",
 				rememberMeSet, firstFactorAuthnState, form, invitationCode);
 	}
+	
+	private static final class MockSandboxAuthnRouter implements SandboxAuthnRouter
+	{
+		@Override
+		public void addListener(AuthnResultListener listener)
+		{
+		}
+
+		@Override
+		public void removeListener(AuthnResultListener listener)
+		{
+		}
+
+		@Override
+		public void fireEvent(SandboxAuthnEvent event)
+		{
+		}
+	}
 }

engine-api/src/main/java/pl/edu/icm/unity/engine/api/authn/sandbox/SandboxAuthenticationResult.java

@@ -5,6 +5,7 @@
 package pl.edu.icm.unity.engine.api.authn.sandbox;
 
 import pl.edu.icm.unity.engine.api.authn.AuthenticationResult;
+import pl.edu.icm.unity.engine.api.authn.RemoteAuthenticationResult;
 
 public class SandboxAuthenticationResult implements AuthenticationResult
 {
@@ -66,5 +67,11 @@ public String toString()
 		return baseResult.toString();
 	}
 
+	@Override
+	public RemoteAuthenticationResult asRemote()
+	{
+		return baseResult.asRemote();
+	}
+	
 
 }

engine-api/src/main/java/pl/edu/icm/unity/engine/api/translation/in/InputTranslationEngine.java

@@ -38,4 +38,6 @@ public interface InputTranslationEngine
 
 	MappedIdentity getExistingIdentity(MappingResult result);
 
+	void preprocess(MappingResult result) throws EngineException;
+
 }

engine/src/main/java/pl/edu/icm/unity/engine/authn/InteractiveAuthneticationProcessorImpl.java

@@ -231,16 +231,21 @@ public PostAuthenticationStepDecision processFirstFactorSandboxAuthnResult(Sandb
 		{
 			authnState = basicAuthnProcessor.processPrimaryAuthnResult(result, stepContext.selectedAuthnFlow, null);
 			assertNotFailed(authnState.getPrimaryResult());
-		} catch (AuthenticationException e)
+		} catch (UnknownRemoteUserException e)
+		{
+			sandboxRouter.fireEvent(new SandboxAuthnEvent(result.sandboxAuthnInfo, null,
+					httpRequest.getSession() != null ? httpRequest.getSession().getId() : null));
+			return PostAuthenticationStepDecision.completed();
+		}
+
+		catch (AuthenticationException e)
 		{
 			sandboxRouter.fireEvent(new SandboxAuthnEvent(
-					RemoteSandboxAuthnContext.failedAuthn(
-							result.sandboxAuthnInfo.getAuthnException().orElse(e), 
-							result.sandboxAuthnInfo.getLogs(), 
+					RemoteSandboxAuthnContext.failedAuthn(result.sandboxAuthnInfo.getAuthnException().orElse(e),
+							result.sandboxAuthnInfo.getLogs(),
 							result.sandboxAuthnInfo.getRemotePrincipal()
-								.map(RemotelyAuthenticatedPrincipal::getAuthnInput).orElse(null)), 
-					null, 
-					httpRequest.getSession().getId()));
+									.map(RemotelyAuthenticatedPrincipal::getAuthnInput).orElse(null)),
+					null, httpRequest.getSession().getId()));
 			return interpretAuthnException(e, httpRequest, machineDetails.getIp());
 		}
 

engine/src/main/java/pl/edu/icm/unity/engine/authn/remote/RemoteAuthnResponseProcessorImpl.java

@@ -77,8 +77,17 @@ private PostAuthenticationStepDecision processResponseInSandboxMode(RedirectedAu
 			HttpServletRequest httpRequest,
 			AuthenticationTriggeringContext triggeringContext)
 	{
+		
 		SandboxAuthenticationResult authnResult = executeVerificatorInSandboxMode(
 				authnContext::processAnswer, triggeringContext);
+		if (triggeringContext.isRegistrationTriggered())
+		{
+			return authnProcessor.processRemoteRegistrationResult(authnResult, 
+					authnContext.getAuthenticationStepContext(), 
+					authnContext.getInitialLoginMachine(), 
+					httpRequest);
+		} 
+		
 		return processSandboxAuthenticationResult(authnContext, httpRequest, authnResult);
 	}
 

engine/src/main/java/pl/edu/icm/unity/engine/authn/remote/RemoteAuthnResultTranslatorImpl.java

@@ -113,11 +113,12 @@ public RemoteAuthenticationResult getTranslatedResult(RemotelyAuthenticatedInput
 			throw new RemoteAuthenticationException("The mapping of the remotely authenticated " +
 					"principal to a local representation failed", e);
 		}
-		return dryRun ? assembleDryRunAuthenticationResult(remotePrincipal) : 
+		return dryRun ? assembleDryRunAuthenticationResult(remotePrincipal, registrationForm, allowAssociation) : 
 			assembleAuthenticationResult(remotePrincipal, registrationForm, allowAssociation);
 	}
 
-	private RemoteAuthenticationResult assembleDryRunAuthenticationResult(RemotelyAuthenticatedPrincipal remotePrincipal)
+	private RemoteAuthenticationResult assembleDryRunAuthenticationResult(RemotelyAuthenticatedPrincipal remotePrincipal,
+			String registrationForm, boolean allowAssociation)
 	{
 		AuthenticatedEntity authenticatedEntity = null;
 		if (remotePrincipal.getLocalMappedPrincipal() != null)
@@ -129,6 +130,9 @@ private RemoteAuthenticationResult assembleDryRunAuthenticationResult(RemotelyAu
 			{
 				log.debug("Exception resolving remote principal", e);
 			}
+		} else
+		{
+				return handleUnknownUser(remotePrincipal, registrationForm, allowAssociation);
 		}
 		return RemoteAuthenticationResult.successfulPartial(remotePrincipal, authenticatedEntity);
 	}
@@ -217,6 +221,7 @@ public final RemotelyAuthenticatedPrincipal translateRemoteInput(RemotelyAuthent
 			result.addIdentity(new MappedIdentity(IdentityEffectMode.REQUIRE_MATCH, 
 					presetIdParam, null));
 		}
+		trEngine.preprocess(result);
 		if (!dryRun)
 			trEngine.process(result);
 

engine/src/main/java/pl/edu/icm/unity/engine/translation/in/InputTranslationEngineImpl.java

@@ -77,6 +77,35 @@ public InputTranslationEngineImpl(@Qualifier("insecure") EntityManagement idsMan
 		this.attrTypeHelper = attrTypeHelper;
 	}
 
+
+	@Override
+	public void preprocess(MappingResult result) throws EngineException
+	{
+		Entity existing = null;
+		for (MappedIdentity checked : result.getIdentities())
+		{
+			try
+			{
+				Entity found = idsMan.getEntity(new EntityParam(checked.getIdentity()));
+				if (existing != null && !existing.getId().equals(found.getId()))
+				{
+					log.warn("Identity was mapped to two different entities: " + existing + " and "
+							+ found);
+					throw new ExecutionBreakException();
+				}
+				existing = found;
+				result.addAuthenticatedWith(checked.getIdentity().getValue());
+			} catch (IllegalArgumentException e)
+			{
+				log.trace("Identity " + checked + " not found in DB, details of exception follows", e);
+			}
+		}
+		if (existing != null)
+		{
+			result.setMappedToExistingEntity(new EntityParam(existing.getId()));
+		}
+	}
+	
 	@Override
 	public void process(MappingResult result) throws EngineException
 	{
@@ -180,7 +209,7 @@ private EntityParam processIdentities(MappingResult result, Set<Attribute> proce
 					throw new ExecutionBreakException();
 				}
 				existing = found;
-				result.addAuthenticatedWith(checked.getIdentity().getValue());
+				//result.addAuthenticatedWith(checked.getIdentity().getValue());
 			} catch (IllegalArgumentException e)
 			{
 				log.trace("Identity " + checked + " not found in DB, details of exception follows", e);

web-common/src/main/java/pl/edu/icm/unity/webui/association/atlogin/MergeUnknownWithExistingConfirmationStep.java

@@ -37,16 +37,26 @@ class MergeUnknownWithExistingConfirmationStep extends AbstractConfirmationStep
 	void setAuthenticatedUser(AuthenticatedEntity ae)
 	{
 		locallyAuthenticatedEntity = ae;
-		introLabel.setHtmlValue("MergeUnknownWithExistingConfirmationStep.info", 
-				unknownUser.getRemoteIdPName(), 
-				locallyAuthenticatedEntity.getAuthenticatedWith().get(0));
+		if (ae != null)
+		{
+			introLabel.setHtmlValue("MergeUnknownWithExistingConfirmationStep.info", unknownUser.getRemoteIdPName(),
+					locallyAuthenticatedEntity.getAuthenticatedWith().get(0));
+		} else
+		{
+			introLabel.setHtmlValue("MergeUnknownWithExistingConfirmationStep.errorNotExistingIdentity");
+			//block finish button
+			errorComponent.setVisible(true);
+		}
 	}
 
 	@Override
 	protected void merge()
 	{
 		if (locallyAuthenticatedEntity == null)
+		{
+			NotificationPopup.showError(msg.getMessage("ConnectId.ConfirmStep.mergeFailed"), "");
 			return;
+		}
 		EntityParam existing = new EntityParam(locallyAuthenticatedEntity.getEntityId());
 		try
 		{

web-console/src/main/java/io/imunity/webconsole/translationProfile/dryrun/DryRunStepComponent.java

@@ -93,7 +93,7 @@ class DryRunStepComponent extends CustomComponent
 	void handle(SandboxAuthnEvent event) 
 	{
 		RemoteSandboxAuthnContext ctx = (RemoteSandboxAuthnContext) event.ctx;
-		if (ctx.getAuthnException() == null)
+		if (!ctx.getAuthnException().isPresent())
 		{
 			authnResultLabel.setValue(msg.getMessage("DryRun.DryRunStepComponent.authnResultLabel.success"));
 			authnResultLabel.setStyleName(Styles.success.toString());