Merge remote-tracking branch 'origin/inetaddress'

yadvr · yadvr · commit 7ff31f1b223f · 2014-11-25T14:32:09.000+05:30
- Tested locally against unit tests - TravisCI build passed: https://travis-ci.org/apache/cloudstack/builds/41990351 - Manual QA passed for basic auth and saml auth using default IDP settings Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com> Conflicts: server/src/com/cloud/api/ApiServlet.java
diff --git a/api/src/org/apache/cloudstack/api/ApiServerService.java b/api/src/org/apache/cloudstack/api/ApiServerService.java
@@ -19,13 +19,14 @@
 import com.cloud.exception.CloudAuthenticationException;
 import javax.servlet.http.HttpSession;
 import java.util.Map;
+import java.net.InetAddress;
 
 public interface ApiServerService {
     public boolean verifyRequest(Map<String, Object[]> requestParameters, Long userId) throws ServerApiException;
 
     public Long fetchDomainId(String domainUUID);
 
-    public ResponseObject loginUser(HttpSession session, String username, String password, Long domainId, String domainPath, String loginIpAddress,
+    public ResponseObject loginUser(HttpSession session, String username, String password, Long domainId, String domainPath, InetAddress loginIpAddress,
                                     Map<String, Object[]> requestParameters) throws CloudAuthenticationException;
 
     public void logoutUser(long userId);
diff --git a/api/src/org/apache/cloudstack/api/auth/APIAuthenticator.java b/api/src/org/apache/cloudstack/api/auth/APIAuthenticator.java
@@ -22,6 +22,7 @@
 import javax.servlet.http.HttpSession;
 import java.util.List;
 import java.util.Map;
+import java.net.InetAddress;
 
 /*
 * APIAuthenticator is an interface that defines method that
@@ -35,7 +36,7 @@
 * */
 public interface APIAuthenticator {
     public String authenticate(String command, Map<String, Object[]> params,
-                               HttpSession session, String remoteAddress, String responseType,
+                               HttpSession session, InetAddress remoteAddress, String responseType,
                                StringBuilder auditTrailSb, final HttpServletResponse resp) throws ServerApiException;
 
     public APIAuthenticationType getAPIType();
diff --git a/plugins/network-elements/juniper-contrail/test/org/apache/cloudstack/network/contrail/management/MockAccountManager.java b/plugins/network-elements/juniper-contrail/test/org/apache/cloudstack/network/contrail/management/MockAccountManager.java
@@ -19,6 +19,7 @@
 
 import java.util.List;
 import java.util.Map;
+import java.net.InetAddress;
 
 import javax.inject.Inject;
 import javax.naming.ConfigurationException;
@@ -231,7 +232,7 @@ public void markUserRegistered(long arg0) {
     }
 
     @Override
-    public UserAccount authenticateUser(String arg0, String arg1, Long arg2, String arg3, Map<String, Object[]> arg4) {
+    public UserAccount authenticateUser(String arg0, String arg1, Long arg2, InetAddress arg3, Map<String, Object[]> arg4) {
         // TODO Auto-generated method stub
         return null;
     }
diff --git a/plugins/user-authenticators/saml2/src/org/apache/cloudstack/api/command/GetServiceProviderMetaDataCmd.java b/plugins/user-authenticators/saml2/src/org/apache/cloudstack/api/command/GetServiceProviderMetaDataCmd.java
@@ -72,6 +72,7 @@
 import java.io.StringWriter;
 import java.util.List;
 import java.util.Map;
+import java.net.InetAddress;
 
 @APICommand(name = "getSPMetadata", description = "Returns SAML2 CloudStack Service Provider MetaData", responseObject = SAMLMetaDataResponse.class, entityType = {})
 public class GetServiceProviderMetaDataCmd extends BaseCmd implements APIAuthenticator {
@@ -103,7 +104,7 @@ public void execute() throws ServerApiException {
     }
 
     @Override
-    public String authenticate(String command, Map<String, Object[]> params, HttpSession session, String remoteAddress, String responseType, StringBuilder auditTrailSb, HttpServletResponse resp) throws ServerApiException {
+    public String authenticate(String command, Map<String, Object[]> params, HttpSession session, InetAddress remoteAddress, String responseType, StringBuilder auditTrailSb, HttpServletResponse resp) throws ServerApiException {
         SAMLMetaDataResponse response = new SAMLMetaDataResponse();
         response.setResponseName(getCommandName());
 
diff --git a/plugins/user-authenticators/saml2/src/org/apache/cloudstack/api/command/SAML2LoginAPIAuthenticatorCmd.java b/plugins/user-authenticators/saml2/src/org/apache/cloudstack/api/command/SAML2LoginAPIAuthenticatorCmd.java
@@ -67,6 +67,7 @@
 import javax.xml.stream.FactoryConfigurationError;
 import java.io.IOException;
 import java.net.URLEncoder;
+import java.net.InetAddress;
 import java.security.InvalidKeyException;
 import java.security.NoSuchAlgorithmException;
 import java.security.PrivateKey;
@@ -160,7 +161,7 @@ public Response processSAMLResponse(String responseMessage) {
     }
 
     @Override
-    public String authenticate(final String command, final Map<String, Object[]> params, final HttpSession session, final String remoteAddress, final String responseType, final StringBuilder auditTrailSb, final HttpServletResponse resp) throws ServerApiException {
+    public String authenticate(final String command, final Map<String, Object[]> params, final HttpSession session, final InetAddress remoteAddress, final String responseType, final StringBuilder auditTrailSb, final HttpServletResponse resp) throws ServerApiException {
         try {
             if (!params.containsKey("SAMLResponse") && !params.containsKey("SAMLart")) {
                 String idpUrl = null;
diff --git a/plugins/user-authenticators/saml2/src/org/apache/cloudstack/api/command/SAML2LogoutAPIAuthenticatorCmd.java b/plugins/user-authenticators/saml2/src/org/apache/cloudstack/api/command/SAML2LogoutAPIAuthenticatorCmd.java
@@ -50,6 +50,7 @@
 import java.io.IOException;
 import java.util.List;
 import java.util.Map;
+import java.net.InetAddress;
 
 @APICommand(name = "samlSlo", description = "SAML Global Log Out API", responseObject = LogoutCmdResponse.class, entityType = {})
 public class SAML2LogoutAPIAuthenticatorCmd extends BaseCmd implements APIAuthenticator {
@@ -83,7 +84,7 @@ public void execute() throws ServerApiException {
     }
 
     @Override
-    public String authenticate(String command, Map<String, Object[]> params, HttpSession session, String remoteAddress, String responseType, StringBuilder auditTrailSb, final HttpServletResponse resp) throws ServerApiException {
+    public String authenticate(String command, Map<String, Object[]> params, HttpSession session, InetAddress remoteAddress, String responseType, StringBuilder auditTrailSb, final HttpServletResponse resp) throws ServerApiException {
         auditTrailSb.append("=== SAML SLO Logging out ===");
         LogoutCmdResponse response = new LogoutCmdResponse();
         response.setDescription("success");
diff --git a/plugins/user-authenticators/saml2/test/org/apache/cloudstack/api/command/GetServiceProviderMetaDataCmdTest.java b/plugins/user-authenticators/saml2/test/org/apache/cloudstack/api/command/GetServiceProviderMetaDataCmdTest.java
@@ -41,6 +41,8 @@
 import java.security.cert.CertificateEncodingException;
 import java.security.cert.CertificateParsingException;
 import java.security.cert.X509Certificate;
+import java.net.InetAddress;
+import java.net.UnknownHostException;
 
 @RunWith(MockitoJUnitRunner.class)
 public class GetServiceProviderMetaDataCmdTest {
@@ -58,7 +60,7 @@ public class GetServiceProviderMetaDataCmdTest {
     HttpServletResponse resp;
 
     @Test
-    public void testAuthenticate() throws NoSuchFieldException, SecurityException, IllegalArgumentException, IllegalAccessException, CertificateParsingException, CertificateEncodingException, NoSuchAlgorithmException, InvalidKeyException, NoSuchProviderException, SignatureException {
+    public void testAuthenticate() throws NoSuchFieldException, SecurityException, IllegalArgumentException, IllegalAccessException, CertificateParsingException, CertificateEncodingException, NoSuchAlgorithmException, InvalidKeyException, NoSuchProviderException, SignatureException, UnknownHostException {
         GetServiceProviderMetaDataCmd cmd = new GetServiceProviderMetaDataCmd();
 
         Field apiServerField = GetServiceProviderMetaDataCmd.class.getDeclaredField("_apiServer");
@@ -77,7 +79,7 @@ public void testAuthenticate() throws NoSuchFieldException, SecurityException, I
         Mockito.when(samlAuthManager.getIdpSingleLogOutUrl()).thenReturn(url);
         Mockito.when(samlAuthManager.getSpSingleLogOutUrl()).thenReturn(url);
 
-        String result = cmd.authenticate("command", null, session, "random", HttpUtils.RESPONSE_TYPE_JSON, new StringBuilder(), resp);
+        String result = cmd.authenticate("command", null, session, InetAddress.getByName("127.0.0.1"), HttpUtils.RESPONSE_TYPE_JSON, new StringBuilder(), resp);
         Assert.assertTrue(result.contains("md:EntityDescriptor"));
 
         Mockito.verify(samlAuthManager, Mockito.atLeast(1)).getServiceProviderId();
diff --git a/plugins/user-authenticators/saml2/test/org/apache/cloudstack/api/command/SAML2LoginAPIAuthenticatorCmdTest.java b/plugins/user-authenticators/saml2/test/org/apache/cloudstack/api/command/SAML2LoginAPIAuthenticatorCmdTest.java
@@ -65,6 +65,7 @@
 import java.security.cert.X509Certificate;
 import java.util.HashMap;
 import java.util.Map;
+import java.net.InetAddress;
 
 @RunWith(MockitoJUnitRunner.class)
 public class SAML2LoginAPIAuthenticatorCmdTest {
@@ -171,14 +172,14 @@ public void testAuthenticate() throws Exception {
         Map<String, Object[]> params = new HashMap<String, Object[]>();
 
         // SSO redirection test
-        cmd.authenticate("command", params, session, "random", HttpUtils.RESPONSE_TYPE_JSON, new StringBuilder(), resp);
+        cmd.authenticate("command", params, session, InetAddress.getByName("127.0.0.1"), HttpUtils.RESPONSE_TYPE_JSON, new StringBuilder(), resp);
         Mockito.verify(resp, Mockito.times(1)).sendRedirect(Mockito.anyString());
 
         // SSO SAMLResponse verification test, this should throw ServerApiException for auth failure
         params.put(SAMLUtils.SAML_RESPONSE, new String[]{"Some String"});
         Mockito.stub(cmd.processSAMLResponse(Mockito.anyString())).toReturn(buildMockResponse());
         try {
-            cmd.authenticate("command", params, session, "random", HttpUtils.RESPONSE_TYPE_JSON, new StringBuilder(), resp);
+            cmd.authenticate("command", params, session, InetAddress.getByName("127.0.0.1"), HttpUtils.RESPONSE_TYPE_JSON, new StringBuilder(), resp);
         } catch (ServerApiException ignored) {
         }
         Mockito.verify(configDao, Mockito.atLeastOnce()).getValue(Mockito.anyString());
diff --git a/plugins/user-authenticators/saml2/test/org/apache/cloudstack/api/command/SAML2LogoutAPIAuthenticatorCmdTest.java b/plugins/user-authenticators/saml2/test/org/apache/cloudstack/api/command/SAML2LogoutAPIAuthenticatorCmdTest.java
@@ -36,6 +36,7 @@
 import javax.servlet.http.HttpSession;
 import java.lang.reflect.Field;
 import java.security.cert.X509Certificate;
+import java.net.InetAddress;
 
 @RunWith(MockitoJUnitRunner.class)
 public class SAML2LogoutAPIAuthenticatorCmdTest {
@@ -81,7 +82,7 @@ public void testAuthenticate() throws Exception {
         Mockito.when(session.getAttribute(Mockito.anyString())).thenReturn(null);
         Mockito.when(configDao.getValue(Mockito.anyString())).thenReturn("someString");
 
-        cmd.authenticate("command", null, session, "random", HttpUtils.RESPONSE_TYPE_JSON, new StringBuilder(), resp);
+        cmd.authenticate("command", null, session, InetAddress.getByName("127.0.0.1"), HttpUtils.RESPONSE_TYPE_JSON, new StringBuilder(), resp);
         Mockito.verify(resp, Mockito.times(1)).sendRedirect(Mockito.anyString());
         Mockito.verify(session, Mockito.atLeastOnce()).getAttribute(Mockito.anyString());
     }
diff --git a/pom.xml b/pom.xml
@@ -82,6 +82,7 @@
     <cs.aws.sdk.version>1.3.22</cs.aws.sdk.version>
     <cs.lang.version>2.6</cs.lang.version>
     <cs.commons-io.version>1.4</cs.commons-io.version>
+    <cs.commons-validator.version>1.4.0</cs.commons-validator.version>
     <cs.reflections.version>0.9.8</cs.reflections.version>
     <cs.java-ipv6.version>0.10</cs.java-ipv6.version>
     <cs.replace.properties>build/replace.properties</cs.replace.properties>
@@ -233,6 +234,11 @@
         <artifactId>commons-codec</artifactId>
         <version>${cs.codec.version}</version>
       </dependency>
+      <dependency>
+        <groupId>commons-validator</groupId>
+        <artifactId>commons-validator</artifactId>
+        <version>${cs.commons-validator.version}</version>
+      </dependency>
       <dependency>
         <groupId>org.bouncycastle</groupId>
         <artifactId>bcprov-jdk16</artifactId>
diff --git a/server/src/com/cloud/api/ApiServer.java b/server/src/com/cloud/api/ApiServer.java
@@ -982,7 +982,7 @@ private ResponseObject createLoginResponse(HttpSession session) {
     }
 
     @Override
-    public ResponseObject loginUser(final HttpSession session, final String username, final String password, Long domainId, final String domainPath, final String loginIpAddress,
+    public ResponseObject loginUser(final HttpSession session, final String username, final String password, Long domainId, final String domainPath, final InetAddress loginIpAddress,
             final Map<String, Object[]> requestParameters) throws CloudAuthenticationException {
         // We will always use domainId first. If that does not exist, we will use domain name. If THAT doesn't exist
         // we will default to ROOT
diff --git a/server/src/com/cloud/api/ApiServlet.java b/server/src/com/cloud/api/ApiServlet.java
@@ -20,6 +20,7 @@
 import java.net.URLDecoder;
 import java.util.Arrays;
 import java.util.Collections;
+import java.net.InetAddress;
 import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
@@ -188,7 +189,7 @@ void processRequestInContext(final HttpServletRequest req, final HttpServletResp
                     }
 
                     try {
-                        responseString = apiAuthenticator.authenticate(command, params, session, remoteAddress, responseType, auditTrailSb, resp);
+                        responseString = apiAuthenticator.authenticate(command, params, session, InetAddress.getByName(remoteAddress), responseType, auditTrailSb, resp);
                     } catch (ServerApiException e) {
                         httpResponseCode = e.getErrorCode().getHttpCode();
                         responseString = e.getMessage();
@@ -330,14 +331,14 @@ private static String getCorrectIPAddress(String ip) {
         if(ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) {
             return null;
         }
-        if(NetUtils.isValidIp(ip)) {
+        if(NetUtils.isValidIp(ip) || NetUtils.isValidIpv6(ip)) {
             return ip;
         }
         //it could be possible to have multiple IPs in HTTP header, this happens if there are multiple proxy in between
         //the client and the servlet, so parse the client IP
         String[] ips = ip.split(",");
         for(String i : ips) {
-            if(NetUtils.isValidIp(i.trim())) {
+            if(NetUtils.isValidIp(i.trim()) || NetUtils.isValidIpv6(i.trim())) {
                 return i.trim();
             }
         }
diff --git a/server/src/com/cloud/api/auth/DefaultLoginAPIAuthenticatorCmd.java b/server/src/com/cloud/api/auth/DefaultLoginAPIAuthenticatorCmd.java
@@ -37,6 +37,7 @@
 import javax.servlet.http.HttpSession;
 import java.util.List;
 import java.util.Map;
+import java.net.InetAddress;
 
 @APICommand(name = "login", description = "Logs a user into the CloudStack. A successful login attempt will generate a JSESSIONID cookie value that can be passed in subsequent Query command calls until the \"logout\" command has been issued or the session has expired.", requestHasSensitiveInfo = true, responseObject = LoginCmdResponse.class, entityType = {})
 public class DefaultLoginAPIAuthenticatorCmd extends BaseCmd implements APIAuthenticator {
@@ -103,7 +104,7 @@ public void execute() throws ServerApiException {
     }
 
     @Override
-    public String authenticate(String command, Map<String, Object[]> params, HttpSession session, String remoteAddress, String responseType, StringBuilder auditTrailSb, final HttpServletResponse resp) throws ServerApiException {
+    public String authenticate(String command, Map<String, Object[]> params, HttpSession session, InetAddress remoteAddress, String responseType, StringBuilder auditTrailSb, final HttpServletResponse resp) throws ServerApiException {
 
         // FIXME: ported from ApiServlet, refactor and cleanup
         final String[] username = (String[])params.get(ApiConstants.USERNAME);
diff --git a/server/src/com/cloud/api/auth/DefaultLogoutAPIAuthenticatorCmd.java b/server/src/com/cloud/api/auth/DefaultLogoutAPIAuthenticatorCmd.java
@@ -32,6 +32,7 @@
 import javax.servlet.http.HttpSession;
 import java.util.List;
 import java.util.Map;
+import java.net.InetAddress;
 
 @APICommand(name = "logout", description = "Logs out the user", responseObject = LogoutCmdResponse.class, entityType = {})
 public class DefaultLogoutAPIAuthenticatorCmd extends BaseCmd implements APIAuthenticator {
@@ -60,7 +61,7 @@ public void execute() throws ServerApiException {
     }
 
     @Override
-    public String authenticate(String command, Map<String, Object[]> params, HttpSession session, String remoteAddress, String responseType, StringBuilder auditTrailSb, final HttpServletResponse resp) throws ServerApiException {
+    public String authenticate(String command, Map<String, Object[]> params, HttpSession session, InetAddress remoteAddress, String responseType, StringBuilder auditTrailSb, final HttpServletResponse resp) throws ServerApiException {
         auditTrailSb.append("=== Logging out ===");
         LogoutCmdResponse response = new LogoutCmdResponse();
         response.setDescription("success");
diff --git a/server/src/com/cloud/user/AccountManager.java b/server/src/com/cloud/user/AccountManager.java
@@ -18,6 +18,7 @@
 
 import java.util.List;
 import java.util.Map;
+import java.net.InetAddress;
 
 import org.apache.cloudstack.acl.ControlledEntity;
 import org.apache.cloudstack.api.command.admin.account.UpdateAccountCmd;
@@ -71,7 +72,7 @@ public interface AccountManager extends AccountService {
       *            made, and the signature itself in the single sign-on case
       * @return a user object, null if the user failed to authenticate
       */
-    UserAccount authenticateUser(String username, String password, Long domainId, String loginIpAddress, Map<String, Object[]> requestParameters);
+    UserAccount authenticateUser(String username, String password, Long domainId, InetAddress loginIpAddress, Map<String, Object[]> requestParameters);
 
     /**
      * Locate a user by their apiKey
diff --git a/server/src/com/cloud/user/AccountManagerImpl.java b/server/src/com/cloud/user/AccountManagerImpl.java
@@ -17,6 +17,7 @@
 package com.cloud.user;
 
 import java.net.URLEncoder;
+import java.net.InetAddress;
 import java.security.NoSuchAlgorithmException;
 import java.util.ArrayList;
 import java.util.Collections;
@@ -1972,7 +1973,7 @@ public void logoutUser(long userId) {
     }
 
     @Override
-    public UserAccount authenticateUser(String username, String password, Long domainId, String loginIpAddress, Map<String, Object[]> requestParameters) {
+    public UserAccount authenticateUser(String username, String password, Long domainId, InetAddress loginIpAddress, Map<String, Object[]> requestParameters) {
         UserAccount user = null;
         if (password != null) {
             user = getUserAccount(username, password, domainId, requestParameters);
@@ -2080,13 +2081,10 @@ public UserAccount authenticateUser(String username, String password, Long domai
             if (s_logger.isDebugEnabled()) {
                 s_logger.debug("User: " + username + " in domain " + domainId + " has successfully logged in");
             }
-            if (NetUtils.isValidIp(loginIpAddress)) {
-                ActionEventUtils.onActionEvent(user.getId(), user.getAccountId(), user.getDomainId(), EventTypes.EVENT_USER_LOGIN, "user has logged in from IP Address " +
+
+            ActionEventUtils.onActionEvent(user.getId(), user.getAccountId(), user.getDomainId(), EventTypes.EVENT_USER_LOGIN, "user has logged in from IP Address " +
                     loginIpAddress);
-            } else {
-                ActionEventUtils.onActionEvent(user.getId(), user.getAccountId(), user.getDomainId(), EventTypes.EVENT_USER_LOGIN,
-                        "user has logged in. The IP Address cannot be determined");
-            }
+
             return user;
         } else {
             if (s_logger.isDebugEnabled()) {
diff --git a/server/test/com/cloud/api/ApiServletTest.java b/server/test/com/cloud/api/ApiServletTest.java
diff --git a/server/test/com/cloud/user/MockAccountManagerImpl.java b/server/test/com/cloud/user/MockAccountManagerImpl.java
diff --git a/utils/pom.xml b/utils/pom.xml
diff --git a/utils/src/com/cloud/utils/net/NetUtils.java b/utils/src/com/cloud/utils/net/NetUtils.java

Original file line number	Diff line number	Diff line change
`@@ -19,6 +19,7 @@`
`19`	`19`
`20`	`20`	`import java.util.List;`
`21`	`21`	`import java.util.Map;`
	`22`	`+import java.net.InetAddress;`
`22`	`23`
`23`	`24`	`import javax.inject.Inject;`
`24`	`25`	`import javax.naming.ConfigurationException;`
`@@ -231,7 +232,7 @@ public void markUserRegistered(long arg0) {`
`231`	`232`	`}`
`232`	`233`
`233`	`234`	`@Override`
`234`		`- public UserAccount authenticateUser(String arg0, String arg1, Long arg2, String arg3, Map<String, Object[]> arg4) {`
	`235`	`+ public UserAccount authenticateUser(String arg0, String arg1, Long arg2, InetAddress arg3, Map<String, Object[]> arg4) {`
`235`	`236`	`// TODO Auto-generated method stub`
`236`	`237`	`return null;`
`237`	`238`	`}`