Remove the function IAccessStorage::getIDOfLoggedUser() and move its functionality to login(AlwaysAllowCredentials).

2024-11-29 19:12:03 +00:00 · 2021-11-23 00:15:37 +03:00 · 2021-11-23 00:15:37 +03:00 · c01d0f95c3
commit c01d0f95c3
parent 2e44c37462
6 changed files with 10 additions and 72 deletions
--- a/src/Access/IAccessStorage.cpp
+++ b/src/Access/IAccessStorage.cpp
@ -504,18 +504,6 @@ bool IAccessStorage::isAddressAllowedImpl(const User & user, const Poco::Net::IP
 }


-UUID IAccessStorage::getIDOfLoggedUser(const String & user_name) const
-{
-    return getIDOfLoggedUserImpl(user_name);
-}
-
-
-UUID IAccessStorage::getIDOfLoggedUserImpl(const String & user_name) const
-{
-    return getID<User>(user_name);
-}
-
-
 UUID IAccessStorage::generateRandomID()
 {
    static Poco::UUIDGenerator generator;
--- a/src/Access/IAccessStorage.h
+++ b/src/Access/IAccessStorage.h
@ -146,10 +146,6 @@ public:
    /// Throws an exception if no such user or credentials are invalid.
    UUID login(const Credentials & credentials, const Poco::Net::IPAddress & address, const ExternalAuthenticators & external_authenticators, bool replace_exception_with_cannot_authenticate = true) const;

-    /// Returns the ID of a user who has logged in (maybe on another node).
-    /// The function assumes that the password has been already checked somehow, so we can skip checking it now.
-    UUID getIDOfLoggedUser(const String & user_name) const;
-
 protected:
    virtual std::optional<UUID> findImpl(AccessEntityType type, const String & name) const = 0;
    virtual std::vector<UUID> findAllImpl(AccessEntityType type) const = 0;
@ -167,7 +163,6 @@ protected:
    virtual UUID loginImpl(const Credentials & credentials, const Poco::Net::IPAddress & address, const ExternalAuthenticators & external_authenticators) const;
    virtual bool areCredentialsValidImpl(const User & user, const Credentials & credentials, const ExternalAuthenticators & external_authenticators) const;
    virtual bool isAddressAllowedImpl(const User & user, const Poco::Net::IPAddress & address) const;
-    virtual UUID getIDOfLoggedUserImpl(const String & user_name) const;

    static UUID generateRandomID();
    Poco::Logger * getLogger() const;
--- a/src/Access/LDAPAccessStorage.cpp
+++ b/src/Access/LDAPAccessStorage.cpp
@ -514,6 +514,9 @@ UUID LDAPAccessStorage::loginImpl(const Credentials & credentials, const Poco::N
        if (!isAddressAllowedImpl(*user, address))
            throwAddressNotAllowed(address);

+        if (typeid_cast<const AlwaysAllowCredentials *>(&credentials))
+            return *id;
+
        if (!areLDAPCredentialsValidNoLock(*user, credentials, external_authenticators, external_roles))
            throwInvalidCredentials();

@ -533,6 +536,13 @@ UUID LDAPAccessStorage::loginImpl(const Credentials & credentials, const Poco::N
        if (!isAddressAllowedImpl(*user, address))
            throwAddressNotAllowed(address);

+        if (typeid_cast<const AlwaysAllowCredentials *>(&credentials))
+        {
+            // TODO: mapped external roles are not available here. Without a password we can't authenticate and retrieve roles from LDAP server.
+            assignRolesNoLock(*user, external_roles);
+            return memory_storage.insert(user);
+        }
+
        if (!areLDAPCredentialsValidNoLock(*user, credentials, external_authenticators, external_roles))
            throwInvalidCredentials();

@ -542,30 +552,4 @@ UUID LDAPAccessStorage::loginImpl(const Credentials & credentials, const Poco::N
    }
 }

-UUID LDAPAccessStorage::getIDOfLoggedUserImpl(const String & user_name) const
-{
-    std::scoped_lock lock(mutex);
-    auto id = memory_storage.find<User>(user_name);
-    if (id)
-    {
-        return *id;
-    }
-    else
-    {
-        // User does not exist, so we create one, and add it pretending that the authentication is successful.
-        auto user = std::make_shared<User>();
-        user->setName(user_name);
-        user->auth_data = AuthenticationData(AuthenticationType::LDAP);
-        user->auth_data.setLDAPServerName(ldap_server_name);
-
-        LDAPClient::SearchResultsList external_roles;
-
-        // TODO: mapped external roles are not available here. Without a password we can't authenticate and retrieve roles from LDAP server.
-
-        assignRolesNoLock(*user, external_roles);
-
-        return memory_storage.insert(user);
-    }
-}
-
 }
--- a/src/Access/LDAPAccessStorage.h
+++ b/src/Access/LDAPAccessStorage.h
@ -56,7 +56,6 @@ private: // IAccessStorage implementations.
    virtual bool hasSubscriptionImpl(const UUID & id) const override;
    virtual bool hasSubscriptionImpl(AccessEntityType type) const override;
    virtual UUID loginImpl(const Credentials & credentials, const Poco::Net::IPAddress & address, const ExternalAuthenticators & external_authenticators) const override;
-    virtual UUID getIDOfLoggedUserImpl(const String & user_name) const override;

 private:
    void setConfiguration(AccessControl * access_control_, const Poco::Util::AbstractConfiguration & config, const String & prefix);
--- a/src/Access/MultipleAccessStorage.cpp
+++ b/src/Access/MultipleAccessStorage.cpp
@ -431,31 +431,4 @@ UUID MultipleAccessStorage::loginImpl(const Credentials & credentials, const Poc
    throwNotFound(AccessEntityType::USER, credentials.getUserName());
 }

-
-UUID MultipleAccessStorage::getIDOfLoggedUserImpl(const String & user_name) const
-{
-    auto storages = getStoragesInternal();
-    for (const auto & storage : *storages)
-    {
-        try
-        {
-            auto id = storage->getIDOfLoggedUser(user_name);
-            std::lock_guard lock{mutex};
-            ids_cache.set(id, storage);
-            return id;
-        }
-        catch (...)
-        {
-            if (!storage->find(AccessEntityType::USER, user_name))
-            {
-                /// The authentication failed because there no users with such name in the `storage`
-                /// thus we can try to search in other nested storages.
-                continue;
-            }
-            throw;
-        }
-    }
-    throwNotFound(AccessEntityType::USER, user_name);
-}
-
 }
--- a/src/Access/MultipleAccessStorage.h
+++ b/src/Access/MultipleAccessStorage.h
@ -49,7 +49,6 @@ protected:
    bool hasSubscriptionImpl(const UUID & id) const override;
    bool hasSubscriptionImpl(AccessEntityType type) const override;
    UUID loginImpl(const Credentials & credentials, const Poco::Net::IPAddress & address, const ExternalAuthenticators & external_authenticators) const override;
-    UUID getIDOfLoggedUserImpl(const String & user_name) const override;

 private:
    using Storages = std::vector<StoragePtr>;