catalog: create user on login if user account doesn't exist, #TASK-7589

pfurio · pfurio · commit f3cc6d7d6339 · 2025-05-12T12:27:12.000+02:00
diff --git a/opencga-catalog/src/main/java/org/opencb/opencga/catalog/managers/UserManager.java b/opencga-catalog/src/main/java/org/opencb/opencga/catalog/managers/UserManager.java
@@ -819,11 +819,13 @@ public AuthenticationResponse login(String organizationId, String username, Stri
         }
 
         OpenCGAResult<User> userOpenCGAResult = getUserDBAdaptor(organizationId).get(username, INCLUDE_INTERNAL);
+        User user = null;
         if (userOpenCGAResult.getNumResults() == 1) {
-            User user = userOpenCGAResult.first();
+            user = userOpenCGAResult.first();
+            authId = user.getInternal().getAccount().getAuthentication().getId();
             // Only local OPENCGA users that are not superadmins can be automatically banned or their accounts be expired
             boolean userCanBeBanned = !ParamConstants.ADMIN_ORGANIZATION.equals(organizationId)
-                    && CatalogAuthenticationManager.OPENCGA.equals(user.getInternal().getAccount().getAuthentication().getId());
+                    && CatalogAuthenticationManager.OPENCGA.equals(authId);
             // We check
             if (userCanBeBanned) {
                 // Check user is not banned, suspended or has an expired account
@@ -856,8 +858,6 @@ public AuthenticationResponse login(String organizationId, String username, Stri
                     }
                 }
             }
-            User user1 = userOpenCGAResult.first();
-            authId = user1.getInternal().getAccount().getAuthentication().getId();
             try {
                 response = authenticationFactory.authenticate(organizationId, authId, username, password);
             } catch (CatalogAuthenticationException e) {
@@ -901,6 +901,17 @@ public AuthenticationResponse login(String organizationId, String username, Stri
                     logger.debug("Attempted authentication failed with {} for user '{}'\n{}", entry.getKey(), username, e.getMessage(), e);
                 }
             }
+
+            if (response != null && !CatalogAuthenticationManager.OPENCGA.equals(authId)
+                    && !CatalogAuthenticationManager.INTERNAL.equals(authId)) {
+                // The user does not exist so we register it
+                user = authenticationFactory.getRemoteUserInformation(organizationId, authId, Collections.singletonList(username))
+                        .get(0);
+                user.setOrganization(organizationId);
+                // Generate a root token to be able to create the user even if the installation is private
+                String rootToken = authenticationFactory.createToken(organizationId, CatalogAuthenticationManager.OPENCGA, OPENCGA);
+                create(user, null, rootToken);
+            }
         }
 
         if (response == null) {
@@ -911,29 +922,14 @@ public AuthenticationResponse login(String organizationId, String username, Stri
 
         auditManager.auditUser(organizationId, username, Enums.Action.LOGIN, username,
                 new AuditRecord.Status(AuditRecord.Status.Result.SUCCESS));
-        String userId = authenticationFactory.getUserId(organizationId, authId, response.getToken());
         if (!CatalogAuthenticationManager.OPENCGA.equals(authId) && !CatalogAuthenticationManager.INTERNAL.equals(authId)) {
-            // External authorization
-            try {
-                // If the user is not registered, an exception will be raised
-                getUserDBAdaptor(organizationId).checkId(userId);
-            } catch (CatalogDBException e) {
-                // The user does not exist so we register it
-                User user = authenticationFactory.getRemoteUserInformation(organizationId, authId, Collections.singletonList(userId))
-                        .get(0);
-                user.setOrganization(organizationId);
-                // Generate a root token to be able to create the user even if the installation is private
-                String rootToken = authenticationFactory.createToken(organizationId, CatalogAuthenticationManager.OPENCGA, OPENCGA);
-                create(user, null, rootToken);
-            }
-
             try {
                 List<String> remoteGroups = authenticationFactory.getRemoteGroups(organizationId, authId, response.getToken());
 
                 // Resync synced groups of user in OpenCGA
-                getStudyDBAdaptor(organizationId).resyncUserWithSyncedGroups(userId, remoteGroups, authId);
+                getStudyDBAdaptor(organizationId).resyncUserWithSyncedGroups(user.getId(), remoteGroups, authId);
             } catch (CatalogException e) {
-                logger.error("Could not update synced groups for user '" + userId + "'\n" + e.getMessage(), e);
+                logger.error("Could not update synced groups for user '{}': {}", user.getId(), e.getMessage(), e);
             }
         }
 
