Merge branch 'integration/master' of github.com:zanata/zanata into in…

…tegration/master

zanata-war/src/etc/zanata.properties

@@ -4,7 +4,11 @@
 # (A good place is JBOSS_HOME/server/<profile>/conf)
 # If not, an Zanata won't be able to start
 
-# Zanata Authentication type
-# Valid values:
-# INTERNAL, KERBEROS, FEDORA_OPENID, JAAS
-zanata.security.auth.type = INTERNAL
+# Zanata Authentication Policy names
+# The property key indicates the authentication type and the value
+# is the name of the security policy in login-config.xml
+# (Only one can be selected, excepted for internal and openid which
+# can be active simultaneously)
+# Valid key values: zanata.security.auth.policy.internal, .kerberos, .openid, .jaas
+zanata.security.auth.policy.internal = zanata.internal
+zanata.security.auth.policy.openid = zanata.openid

zanata-war/src/main/java/org/zanata/ApplicationConfiguration.java

@@ -41,8 +41,6 @@
 
 import javax.servlet.http.HttpServletRequest;
 import java.io.Serializable;
-import java.net.InetAddress;
-import java.net.UnknownHostException;
 import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.HashMap;
@@ -65,7 +63,7 @@ public class ApplicationConfiguration implements Serializable
    private static final String EMAIL_APPENDER_NAME = "zanata.log.appender.email";
    public static final String EVENT_CONFIGURATION_CHANGED = "zanata.configuration.changed";
 
-   private static final String KEY_EXT_AUTH_TYPE = "zanata.security.auth.type";
+   private static final String KEY_AUTH_POLICY = "zanata.security.auth.policy";
 
    private static final String[] allConfigKeys = new String[]
       {
@@ -94,7 +92,7 @@ public class ApplicationConfiguration implements Serializable
    private String version;
    private String buildTimestamp;
    private boolean enableCopyTrans = true;
-   private AuthenticationType authType;
+   private Map<AuthenticationType, String> loginModuleNames = new HashMap<AuthenticationType, String>();
 
    @Observer( { EVENT_CONFIGURATION_CHANGED })
    @Create
@@ -114,19 +112,44 @@ public void load()
       this.configValues = configValues;
 
       this.loadExternalConfig();
+      this.validateConfiguration();
       this.applyLoggingConfiguration();
    }
 
    private void loadExternalConfig()
    {
       ResourceBundle config = getExternalConfig();
-      if( !config.containsKey(KEY_EXT_AUTH_TYPE) )
+      for( AuthenticationType authType : AuthenticationType.values() )
       {
-         throw new RuntimeException("Authentication type not present in zanata.properties.");
+         String key = KEY_AUTH_POLICY + "." + authType.name().toLowerCase();
+         if( config.containsKey( key ) )
+         {
+            loginModuleNames.put( authType, config.getString(key) );
+         }
       }
-      else
+   }
+
+   /**
+    * Validates that there are no invalid values set on the zanata configuration
+    */
+   private void validateConfiguration()
+   {
+      // Validate that only internal / openid authentication is enabled at once
+      if( loginModuleNames.size() > 2 )
       {
-         authType = AuthenticationType.valueOf( config.getString(KEY_EXT_AUTH_TYPE) );
+         throw new RuntimeException("Multiple invalid authentication types present in zanata.properties");
+      }
+      else if( loginModuleNames.size() == 2 )
+      {
+         // Internal and Open id are the only allowed combined authentication types
+         if( !(loginModuleNames.containsKey(AuthenticationType.INTERNAL) && loginModuleNames.containsKey(AuthenticationType.INTERNAL) ) )
+         {
+            throw new RuntimeException("Multiple invalid authentication types present in zanata.properties");
+         }
+      }
+      else if( loginModuleNames.size() < 1)
+      {
+         throw new RuntimeException("At least one authentication type must be configured in zanata.properties");
       }
    }
 
@@ -268,28 +291,27 @@ public String getHelpContent()
 
    public boolean isInternalAuth()
    {
-      return this.authType != null && this.authType == AuthenticationType.INTERNAL;
+      return this.loginModuleNames.containsKey( AuthenticationType.INTERNAL );
    }
 
-   public boolean isFedoraOpenIdAuth() 
+   public boolean isOpenIdAuth()
    {
-      return this.authType != null && this.authType == AuthenticationType.FEDORA_OPENID;
+      return this.loginModuleNames.containsKey( AuthenticationType.OPENID );
    }
 
    public boolean isKerberosAuth()
    {
-      return this.authType != null && this.authType == AuthenticationType.KERBEROS;
+      return this.loginModuleNames.containsKey( AuthenticationType.KERBEROS );
+   }
+
+   public boolean isJaasAuth()
+   {
+      return this.loginModuleNames.containsKey( AuthenticationType.JAAS );
    }
 
-   public String getAuthenticationType()
+   public String getLoginModuleName( AuthenticationType authType )
    {
-      String authTypeStr = AuthenticationType.JAAS.toString();
-
-      if( this.authType != null )
-      {
-         authTypeStr = this.authType.toString();
-      }
-      return authTypeStr;
+      return this.loginModuleNames.get( authType );
    }
 
    public boolean isDebug()

zanata-war/src/main/java/org/zanata/ZanataInit.java

@@ -120,9 +120,9 @@ public void initZanata() throws Exception
          log.info("Internal authentication: enabled");
          authlogged = true;
       }
-      if ( applicationConfiguration.isFedoraOpenIdAuth() )
+      if ( applicationConfiguration.isOpenIdAuth() )
       {
-         log.info("Fedora OpenID authentication: enabled");
+         log.info("OpenID authentication: enabled");
          authlogged = true;
       }
       if ( applicationConfiguration.isKerberosAuth() )

zanata-war/src/main/java/org/zanata/action/AccountMergeAction.java

@@ -28,10 +28,11 @@
 import org.jboss.seam.annotations.Scope;
 import org.jboss.seam.contexts.Contexts;
 import org.jboss.seam.faces.FacesMessages;
+import org.jboss.seam.international.StatusMessage;
 import org.jboss.seam.security.management.JpaIdentityStore;
 import org.zanata.dao.AccountDAO;
 import org.zanata.model.HAccount;
-import org.zanata.security.FedoraOpenId;
+import org.zanata.security.ZanataOpenId;
 import org.zanata.security.openid.OpenIdAuthCallback;
 import org.zanata.security.openid.OpenIdAuthenticationResult;
 import org.zanata.security.openid.OpenIdProviderType;
@@ -40,6 +41,8 @@
 import lombok.Getter;
 import lombok.Setter;
 
+import static org.jboss.seam.international.StatusMessage.Severity.ERROR;
+
 /**
  * @author Carlos Munoz <a href="mailto:camunoz@redhat.com">camunoz@redhat.com</a>
  */
@@ -51,7 +54,7 @@ public class AccountMergeAction
    private HAccount authenticatedAccount;
 
    @In
-   private FedoraOpenId fedoraOpenId;
+   private ZanataOpenId zanataOpenId;
 
    @In
    private RegisterService registerServiceImpl;
@@ -67,6 +70,8 @@ public class AccountMergeAction
 
    private OpenIdProviderType providerType;
 
+   private boolean accountsValid;
+
 
    public String getProviderType()
    {
@@ -85,17 +90,44 @@ public void setProviderType(String providerType)
       }
    }
 
+   public boolean getAccountsValid()
+   {
+      return accountsValid;
+   }
+
    public void loginToMergingAccount()
    {
-      fedoraOpenId.setProvider( providerType );
-      fedoraOpenId.login( username, new AccountMergeAuthCallback() );
+      zanataOpenId.setProvider( providerType );
+      zanataOpenId.login( username, new AccountMergeAuthCallback() );
    }
 
    public boolean isAccountSelected()
    {
       return obsoleteAccount != null;
    }
 
+   public void validateAccounts()
+   {
+      boolean valid = true;
+
+      // The account to merge in has been authenticated
+      if( obsoleteAccount != null )
+      {
+         if( obsoleteAccount.getId() == null )
+         {
+            FacesMessages.instance().add(ERROR, "Could not find an account for that user.");
+            valid = false;
+         }
+         else if( authenticatedAccount.getId().equals( obsoleteAccount.getId() ) )
+         {
+            FacesMessages.instance().add(ERROR, "You are attempting to merge the same account.");
+            valid = false;
+         }
+      }
+
+      this.accountsValid = valid;
+   }
+
    public void mergeAccounts()
    {
       registerServiceImpl.mergeAccounts(authenticatedAccount, obsoleteAccount);
@@ -118,16 +150,11 @@ public void afterOpenIdAuth(OpenIdAuthenticationResult result)
          {
             AccountDAO accountDAO = (AccountDAO)Component.getInstance(AccountDAO.class);
             HAccount account = accountDAO.getByCredentialsId( result.getAuthenticatedId() );
-            Contexts.getSessionContext().set("obsoleteAccount", account); // Outject the account
-
-            if( obsoleteAccount == null )
+            if( account == null )
             {
-               FacesMessages.instance().add("Could not find an account for that user.");
+               account = new HAccount(); // In case an account is not found
             }
-         }
-         else
-         {
-            FacesMessages.instance().add("Unable to authenticate that account.");
+            Contexts.getSessionContext().set("obsoleteAccount", account); // Outject the account
          }
       }
 

zanata-war/src/main/java/org/zanata/action/CredentialsAction.java

@@ -35,13 +35,12 @@
 import org.jboss.seam.annotations.datamodel.DataModelSelection;
 import org.jboss.seam.core.Conversation;
 import org.jboss.seam.faces.FacesMessages;
-import org.jboss.seam.international.StatusMessage;
 import org.jboss.seam.security.management.JpaIdentityStore;
 import org.zanata.dao.AccountDAO;
 import org.zanata.model.HAccount;
 import org.zanata.model.security.HCredentials;
 import org.zanata.model.security.HOpenIdCredentials;
-import org.zanata.security.FedoraOpenId;
+import org.zanata.security.ZanataOpenId;
 import org.zanata.security.openid.FedoraOpenIdProvider;
 import org.zanata.security.openid.GoogleOpenIdProvider;
 import org.zanata.security.openid.MyOpenIdProvider;
@@ -67,7 +66,7 @@ public class CredentialsAction implements Serializable
    private AccountDAO accountDAO;
 
    @In
-   private FedoraOpenId fedoraOpenId;
+   private ZanataOpenId zanataOpenId;
 
    @DataModel
    private List<HCredentials> userCredentials;
@@ -146,14 +145,14 @@ public void verifyCredentials()
    {
       HOpenIdCredentials newCreds = new HOpenIdCredentials();
       newCreds.setAccount( authenticatedAccount );
-      fedoraOpenId.setProvider( providerType );
+      zanataOpenId.setProvider( providerType );
 
       if( providerType == OpenIdProviderType.Google )
       {
          credentialsUsername = "google";
       }
 
-      fedoraOpenId.login(credentialsUsername, new CredentialsCreationCallback(newCreds));
+      zanataOpenId.login(credentialsUsername, new CredentialsCreationCallback(newCreds));
    }
 
    public boolean isGoogleOpenId( String openId )