fix #2760 add aad.use.ds

2023-07-23 17:54:40 +09:00 · 2023-07-23 17:54:40 +09:00 · 81e294324f
commit 81e294324f
parent 49f7cd03d8
3 changed files with 74 additions and 3 deletions
--- a/src/main/java/org/codelibs/fess/mylasta/direction/FessProp.java
+++ b/src/main/java/org/codelibs/fess/mylasta/direction/FessProp.java
@ -719,6 +719,10 @@ public interface FessProp {
                .get(stream -> stream.filter(StringUtil::isNotBlank).map(String::trim).toArray(n -> new String[n]));
    }

+    default boolean isAzureAdUseDomainServices() {
+        return Constants.TRUE.equalsIgnoreCase(getSystemProperty("aad.use.ds", "true"));
+    }
+
    //
    // fess_*.properties
    //
--- a/src/main/java/org/codelibs/fess/sso/aad/AzureAdAuthenticator.java
+++ b/src/main/java/org/codelibs/fess/sso/aad/AzureAdAuthenticator.java
@ -404,18 +404,19 @@ public class AzureAdAuthenticator implements SsoAuthenticator {
                        logger.warn("id is empty: {}", memberOf);
                    }
                    final String[] names = fessConfig.getAzureAdPermissionFields();
+                    final boolean useDomainServices = fessConfig.isAzureAdUseDomainServices();
                    for (final String name : names) {
                        final String value = (String) memberOf.get(name);
                        if (StringUtil.isNotBlank(value)) {
                            if (memberType.contains("group")) {
-                                groupList.add(value);
+                                addGroupOrRoleName(groupList, value, useDomainServices);
                            } else if (memberType.contains("role")) {
-                                roleList.add(value);
+                                addGroupOrRoleName(roleList, value, useDomainServices);
                            } else {
                                if (logger.isDebugEnabled()) {
                                    logger.debug("unknown @odata.type: {}", memberOf);
                                }
-                                groupList.add(value);
+                                addGroupOrRoleName(groupList, value, useDomainServices);
                            }
                        } else if (logger.isDebugEnabled()) {
                            logger.debug("{} is empty: {}", name, memberOf);
@ -434,6 +435,16 @@ public class AzureAdAuthenticator implements SsoAuthenticator {
        }
    }

+    protected void addGroupOrRoleName(List<String> list, String value, boolean useDomainServices) {
+        list.add(value);
+        if (useDomainServices && value.indexOf('@') >= 0) {
+            String[] values = value.split("@");
+            if (values.length > 1) {
+                list.add(values[0]);
+            }
+        }
+    }
+
    protected void processParentGroup(final AzureAdUser user, final List<String> groupList, final List<String> roleList, final String id) {
        final Pair<String[], String[]> groupsAndRoles = getParentGroup(user, id);
        StreamUtil.stream(groupsAndRoles.getFirst()).of(stream -> stream.forEach(groupList::add));
--- a/src/test/java/org/codelibs/fess/sso/aad/AzureAdAuthenticatorTest.java
+++ b/src/test/java/org/codelibs/fess/sso/aad/AzureAdAuthenticatorTest.java
@ -0,0 +1,56 @@
+/*
+ * Copyright 2012-2023 CodeLibs Project and the Others.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
+ * either express or implied. See the License for the specific language
+ * governing permissions and limitations under the License.
+ */
+package org.codelibs.fess.sso.aad;
+
+import java.util.ArrayList;
+import java.util.List;
+
+import org.codelibs.fess.unit.UnitFessTestCase;
+
+public class AzureAdAuthenticatorTest extends UnitFessTestCase {
+    public void test_addGroupOrRoleName() {
+        AzureAdAuthenticator authenticator = new AzureAdAuthenticator();
+        List<String> list = new ArrayList<>();
+
+        list.clear();
+        authenticator.addGroupOrRoleName(list, "test", true);
+        assertEquals(1, list.size());
+        assertEquals("test", list.get(0));
+
+        list.clear();
+        authenticator.addGroupOrRoleName(list, "test", false);
+        assertEquals(1, list.size());
+        assertEquals("test", list.get(0));
+
+        list.clear();
+        authenticator.addGroupOrRoleName(list, "test@codelibs.org", true);
+        assertEquals(2, list.size());
+        assertEquals("test@codelibs.org", list.get(0));
+        assertEquals("test", list.get(1));
+
+        list.clear();
+        authenticator.addGroupOrRoleName(list, "test@codelibs.org", false);
+        assertEquals(1, list.size());
+        assertEquals("test@codelibs.org", list.get(0));
+
+        list.clear();
+        authenticator.addGroupOrRoleName(list, "test@codelibs.org@hoge.com", true);
+        assertEquals(2, list.size());
+        assertEquals("test@codelibs.org@hoge.com", list.get(0));
+        assertEquals("test", list.get(1));
+
+    }
+}