catalog: extract new user validator, #TASK-7192

Author: pfurio

opencga-catalog/src/main/java/org/opencb/opencga/catalog/managers/UserManager.java

@@ -128,9 +128,46 @@ public OpenCGAResult<User> create(User user, String password, String token) thro
 
         Organization organization = getOrganizationDBAdaptor(organizationId).get(OrganizationManager.INCLUDE_ORGANIZATION_CONFIGURATION)
                 .first();
-
+        validateNewUser(user, password, organization.getConfiguration().getDefaultUserExpirationDate(), organizationId);
         ObjectMap auditParams = new ObjectMap("user", user);
 
+        if (!ParamConstants.ADMIN_ORGANIZATION.equals(organizationId) || !OPENCGA.equals(user.getId())) {
+            JwtPayload jwtPayload = validateToken(token);
+            // If it's not one of the SUPERADMIN users or the owner or one of the admins of the organisation, we should not allow it
+            if (!authorizationManager.isAtLeastOrganizationOwnerOrAdmin(organizationId, jwtPayload.getUserId(organizationId))) {
+                String errorMsg = "Please ask your administrator to create your account.";
+                auditManager.auditCreate(organizationId, user.getId(), Enums.Resource.USER, user.getId(), "", "", "", auditParams,
+                        new AuditRecord.Status(AuditRecord.Status.Result.ERROR, new Error(0, "", errorMsg)));
+                throw new CatalogException(errorMsg);
+            }
+        }
+
+        checkUserExists(organizationId, user.getId());
+
+        try {
+            if (StringUtils.isNotEmpty(password) && !PasswordUtils.isStrongPassword(password)) {
+                throw new CatalogException("Invalid password. " + PasswordUtils.PASSWORD_REQUIREMENT);
+            }
+            if (user.getProjects() != null && !user.getProjects().isEmpty()) {
+                throw new CatalogException("Creating user and projects in a single transaction is forbidden");
+            }
+
+            getUserDBAdaptor(organizationId).insert(user, password, QueryOptions.empty());
+
+            auditManager.auditCreate(organizationId, user.getId(), Enums.Resource.USER, user.getId(), "", "", "", auditParams,
+                    new AuditRecord.Status(AuditRecord.Status.Result.SUCCESS));
+
+            return getUserDBAdaptor(organizationId).get(user.getId(), QueryOptions.empty());
+        } catch (CatalogIOException | CatalogDBException e) {
+            auditManager.auditCreate(organizationId, user.getId(), Enums.Resource.USER, user.getId(), "", "", "", auditParams,
+                    new AuditRecord.Status(AuditRecord.Status.Result.ERROR, e.getError()));
+
+            throw e;
+        }
+    }
+
+    public void validateNewUser(User user, String password, String defaultUserExpirationDate, String organizationId)
+            throws CatalogException {
         // Initialise fields
         ParamUtils.checkObj(user, "User");
         ParamUtils.checkValidUserId(user.getId());
@@ -157,7 +194,7 @@ public OpenCGAResult<User> create(User user, String password, String token) thro
         Account account = user.getInternal().getAccount();
         account.setPassword(ParamUtils.defaultObject(account.getPassword(), Password::new));
         if (StringUtils.isEmpty(account.getExpirationDate())) {
-            account.setExpirationDate(organization.getConfiguration().getDefaultUserExpirationDate());
+            account.setExpirationDate(defaultUserExpirationDate);
         } else {
             // Validate expiration date is not over
             ParamUtils.checkDateIsNotExpired(account.getExpirationDate(), UserDBAdaptor.QueryParams.INTERNAL_ACCOUNT_EXPIRATION_DATE.key());
@@ -188,40 +225,6 @@ public OpenCGAResult<User> create(User user, String password, String token) thro
             Date date = TimeUtils.addDaysToCurrentDate(configuration.getAccount().getPasswordExpirationDays());
             account.getPassword().setExpirationDate(TimeUtils.getTime(date));
         }
-
-        if (!ParamConstants.ADMIN_ORGANIZATION.equals(organizationId) || !OPENCGA.equals(user.getId())) {
-            JwtPayload jwtPayload = validateToken(token);
-            // If it's not one of the SUPERADMIN users or the owner or one of the admins of the organisation, we should not allow it
-            if (!authorizationManager.isAtLeastOrganizationOwnerOrAdmin(organizationId, jwtPayload.getUserId(organizationId))) {
-                String errorMsg = "Please ask your administrator to create your account.";
-                auditManager.auditCreate(organizationId, user.getId(), Enums.Resource.USER, user.getId(), "", "", "", auditParams,
-                        new AuditRecord.Status(AuditRecord.Status.Result.ERROR, new Error(0, "", errorMsg)));
-                throw new CatalogException(errorMsg);
-            }
-        }
-
-        checkUserExists(organizationId, user.getId());
-
-        try {
-            if (StringUtils.isNotEmpty(password) && !PasswordUtils.isStrongPassword(password)) {
-                throw new CatalogException("Invalid password. " + PasswordUtils.PASSWORD_REQUIREMENT);
-            }
-            if (user.getProjects() != null && !user.getProjects().isEmpty()) {
-                throw new CatalogException("Creating user and projects in a single transaction is forbidden");
-            }
-
-            getUserDBAdaptor(organizationId).insert(user, password, QueryOptions.empty());
-
-            auditManager.auditCreate(organizationId, user.getId(), Enums.Resource.USER, user.getId(), "", "", "", auditParams,
-                    new AuditRecord.Status(AuditRecord.Status.Result.SUCCESS));
-
-            return getUserDBAdaptor(organizationId).get(user.getId(), QueryOptions.empty());
-        } catch (CatalogIOException | CatalogDBException e) {
-            auditManager.auditCreate(organizationId, user.getId(), Enums.Resource.USER, user.getId(), "", "", "", auditParams,
-                    new AuditRecord.Status(AuditRecord.Status.Result.ERROR, e.getError()));
-
-            throw e;
-        }
     }
 
     /**