Shib: add explicit check for duplicate email #2915

IQSS · May 16, 2016 · cd2b9cc · cd2b9cc
1 parent 9014443
commit cd2b9cc
Show file tree

Hide file tree

Showing 2 changed files with 18 additions and 19 deletions.
diff --git a/src/main/java/edu/harvard/iq/dataverse/api/Admin.java b/src/main/java/edu/harvard/iq/dataverse/api/Admin.java
@@ -286,8 +286,14 @@ public Response convertShibUserToBuiltin(@PathParam("id") Long id, String newEma
             output.add("email", builtinUser.getEmail());
             output.add("username", builtinUser.getUserName());
             return okResponse(output);
-        } catch (Exception ex) {
-            String msg = "User id " + id + " could not be converted from Shibboleth to BuiltIn. Details from Exception: " + ex;
+        } catch (Throwable ex) {
+            StringBuilder sb = new StringBuilder();
+            sb.append(ex + " ");
+            while (ex.getCause() != null) {
+                ex = ex.getCause();
+                sb.append(ex + " ");
+            }
+            String msg = "User id " + id + " could not be converted from Shibboleth to BuiltIn. Details from Exception: " + sb;
             logger.info(msg);
             return errorResponse(Response.Status.BAD_REQUEST, msg);
         }

diff --git a/src/main/java/edu/harvard/iq/dataverse/authorization/AuthenticationServiceBean.java b/src/main/java/edu/harvard/iq/dataverse/authorization/AuthenticationServiceBean.java
@@ -518,6 +518,10 @@ public BuiltinUser convertShibToBuiltIn(Long idOfAuthUserToConvert, String newEm
         if (authenticatedUser == null) {
             throw new Exception("User id " + idOfAuthUserToConvert + " not found.");
         }
+        AuthenticatedUser existingUserWithSameEmail = getAuthenticatedUserByEmail(newEmailAddress);
+        if (existingUserWithSameEmail != null) {
+            throw new Exception("User id " + idOfAuthUserToConvert + " (" + authenticatedUser.getIdentifier() + ") cannot be converted from Shibboleth to BuiltIn because the email address " + newEmailAddress + " is already in use by user id " + existingUserWithSameEmail.getId() + " (" + existingUserWithSameEmail.getIdentifier() + ").");
+        }
         BuiltinUser builtinUser = new BuiltinUser();
         builtinUser.setUserName(authenticatedUser.getUserIdentifier());
         builtinUser.setFirstName(authenticatedUser.getFirstName());
@@ -552,23 +556,12 @@ public BuiltinUser convertShibToBuiltIn(Long idOfAuthUserToConvert, String newEm
         if (!providerId.equals(shibProviderId)) {
             throw new Exception("User id " + idOfAuthUserToConvert + " cannot be converted from Shibboleth to BuiltIn because current provider id is '" + providerId + "' rather than '" + shibProviderId + "'.");
         }
-        try {
-            lookup.setAuthenticationProviderId(BuiltinAuthenticationProvider.PROVIDER_ID);
-            lookup.setPersistentUserId(authenticatedUser.getUserIdentifier());
-            em.persist(lookup);
-            authenticatedUser.setEmail(newEmailAddress);
-            em.persist(authenticatedUser);
-            em.flush();
-        } catch (Throwable ex) {
-            while (ex.getCause() != null) {
-                ex = ex.getCause();
-            }
-            if (ex instanceof SQLException) {
-                throw new Exception("User id " + idOfAuthUserToConvert + " could not be converted from Shibboleth to BuiltIn due to SQLException. Duplicate email? Details of the SQLException: " + ex);
-            } else {
-                throw new Exception("User id " + idOfAuthUserToConvert + " could not be converted from Shibboleth to BuiltIn due to unexpected exception: " + ex);
-            }
-        }
+        lookup.setAuthenticationProviderId(BuiltinAuthenticationProvider.PROVIDER_ID);
+        lookup.setPersistentUserId(authenticatedUser.getUserIdentifier());
+        em.persist(lookup);
+        authenticatedUser.setEmail(newEmailAddress);
+        em.persist(authenticatedUser);
+        em.flush();
         return builtinUser;
     }