Skip to content

Commit

Permalink
fix(config-api): user service conflict with fido2 and script enhancem…
Browse files Browse the repository at this point in the history
…ent (#3767)
  • Loading branch information
pujavs authored Feb 2, 2023
1 parent aeb1fd3 commit 5753d39
Show file tree
Hide file tree
Showing 21 changed files with 257 additions and 91 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -110,6 +110,7 @@ private ApiConstants() {}
public static final String ALL = "all";
public static final String ACTIVE = "active";
public static final String INACTIVE = "inactive";
public static final String ADD_SCRIPT_TEMPLATE = "addScriptTemplate";

// API Protection
public static final String PROTECTION_TYPE_OAUTH2 = "oauth2";
Expand Down
34 changes: 25 additions & 9 deletions jans-config-api/docs/jans-config-api-swagger.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -3853,6 +3853,15 @@ paths:
summary: Adds a new custom script
description: Adds a new custom script
operationId: post-config-scripts
parameters:
- name: addScriptTemplate
in: query
description: Boolean flag to indicate if script template is to be added. If
CustomScript request object has script populated then script template will
not be added.
schema:
type: boolean
default: false
requestBody:
description: CustomScript object
content:
Expand Down Expand Up @@ -7524,19 +7533,19 @@ components:
$ref: '#/components/schemas/AttributeValidation'
tooltip:
type: string
whitePagesCanView:
type: boolean
userCanEdit:
type: boolean
userCanAccess:
userCanView:
type: boolean
adminCanAccess:
type: boolean
userCanView:
adminCanView:
type: boolean
userCanEdit:
type: boolean
adminCanEdit:
type: boolean
adminCanView:
userCanAccess:
type: boolean
whitePagesCanView:
type: boolean
baseDn:
type: string
Expand Down Expand Up @@ -8257,8 +8266,6 @@ components:
type: object
additionalProperties:
type: string
fapi:
type: boolean
allResponseTypesSupported:
uniqueItems: true
type: array
Expand All @@ -8268,6 +8275,8 @@ components:
- code
- token
- id_token
fapi:
type: boolean
AuthenticationFilter:
required:
- baseDn
Expand Down Expand Up @@ -9127,6 +9136,7 @@ components:
type: string
enum:
- ldap
- db
- file
baseDn:
type: string
Expand Down Expand Up @@ -9234,6 +9244,12 @@ components:
type: string
"y":
type: string
key_ops:
type: string
enum:
- "KeyOps{value='connect'} CONNECT"
- "KeyOps{value='ssa'} SSA"
- "KeyOps{value='all'} ALL"
WebKeysConfiguration:
type: object
properties:
Expand Down
57 changes: 54 additions & 3 deletions jans-config-api/plugins/docs/fido2-plugin-swagger.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -130,6 +130,10 @@ components:
type: array
items:
type: string
superGluuEnabled:
type: boolean
oldU2fMigrationEnabled:
type: boolean
fido2Configuration:
$ref: '#/components/schemas/Fido2Configuration'
Fido2Configuration:
Expand Down Expand Up @@ -172,6 +176,30 @@ components:
type: array
items:
type: string
Fido2DeviceData:
type: object
properties:
uuid:
type: string
token:
type: string
writeOnly: true
type:
type: string
platform:
type: string
name:
type: string
os_name:
type: string
os_version:
type: string
custom_data:
type: object
additionalProperties:
type: string
push_token:
type: string
Fido2RegistrationData:
type: object
properties:
Expand Down Expand Up @@ -209,6 +237,7 @@ components:
- pending
- registered
- compromised
- canceled
counter:
type: integer
format: int32
Expand All @@ -228,15 +257,32 @@ components:
type: string
challange:
type: string
challengeHash:
type: string
creationDate:
type: string
format: date-time
userInum:
type: string
publicKeyId:
rpId:
type: string
sessionStateId:
type: string
expirationDate:
type: string
format: date-time
deletable:
type: boolean
ttl:
type: integer
format: int32
displayName:
type: string
publicKeyId:
type: string
publicKeyIdHash:
type: integer
format: int32
registrationData:
$ref: '#/components/schemas/Fido2RegistrationData'
counter:
Expand All @@ -248,10 +294,15 @@ components:
- pending
- registered
- compromised
- canceled
deviceNotificationConf:
type: string
challangeHash:
type: string
deviceData:
$ref: '#/components/schemas/Fido2DeviceData'
expiration:
type: integer
format: int32
writeOnly: true
baseDn:
type: string
securitySchemes:
Expand Down

This file was deleted.

Original file line number Diff line number Diff line change
Expand Up @@ -196,7 +196,7 @@ public Response updateUser(@Valid CustomUser customUser)
logger.debug("Updated user:{}", user);
} catch (Exception ex) {
logger.error("Error while updating user", ex);
thorwInternalServerException(ex);
throwInternalServerException(ex);
}

// excludedAttributes
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@
import com.github.fge.jsonpatch.JsonPatchException;
import io.jans.as.common.model.common.User;
import io.jans.as.common.util.AttributeConstants;
import io.jans.configapi.core.service.ConfigUserService;
import io.jans.as.model.config.StaticConfiguration;
import io.jans.as.model.configuration.AppConfiguration;
import io.jans.configapi.core.util.Jackson;
Expand Down Expand Up @@ -34,7 +35,7 @@

@ApplicationScoped
@Named("userMgmtSrv")
public class UserMgmtService extends io.jans.as.common.service.common.UserService {
public class UserMgmtService {

@Inject
private Logger logger;
Expand All @@ -48,26 +49,29 @@ public class UserMgmtService extends io.jans.as.common.service.common.UserServic
@Inject
ConfigurationService configurationService;

@Inject
PersistenceEntryManager persistenceEntryManager;

@Inject
AuthUtil authUtil;

@Inject
MgtUtil mgtUtil;

private static final String BIRTH_DATE = "birthdate";
@Inject
ConfigUserService userService;

@Override
public List<String> getPersonCustomObjectClassList() {
return appConfiguration.getPersonCustomObjectClassList();
}
private static final String BIRTH_DATE = "birthdate";

@Override
public String getPeopleBaseDn() {
return staticConfiguration.getBaseDn().getPeople();
return userService.getPeopleBaseDn();
}

public PagedResult<User> searchUsers(SearchRequest searchRequest) {
logger.debug("Search Users with searchRequest:{}", escapeLog(searchRequest));
if (logger.isDebugEnabled()) {
logger.debug("Search Users with searchRequest:{}, getPeopleBaseDn():{}", escapeLog(searchRequest),
getPeopleBaseDn());
}
Filter searchFilter = null;
List<Filter> filters = new ArrayList<>();
if (searchRequest.getFilterAssertionValue() != null && !searchRequest.getFilterAssertionValue().isEmpty()) {
Expand All @@ -85,7 +89,7 @@ public PagedResult<User> searchUsers(SearchRequest searchRequest) {
searchFilter = Filter.createORFilter(filters);
}
logger.debug("Users searchFilter:{}", searchFilter);
return persistenceEntryManager.findPagedEntries(getPeopleBaseDn(), User.class, searchFilter, null,
return persistenceEntryManager.findPagedEntries(userService.getPeopleBaseDn(), User.class, searchFilter, null,
searchRequest.getSortBy(), SortOrder.getByValue(searchRequest.getSortOrder()),
searchRequest.getStartIndex(), searchRequest.getCount(), searchRequest.getMaxCount());

Expand All @@ -104,7 +108,7 @@ public User patchUser(String inum, UserPatchRequest userPatchRequest) throws Jso
return null;
}

User user = getUserByInum(inum);
User user = userService.getUserByInum(inum);
if (user == null) {
return null;
}
Expand All @@ -126,7 +130,7 @@ public User patchUser(String inum, UserPatchRequest userPatchRequest) throws Jso

// persist user
ignoreCustomObjectClassesForNonLDAP(user);
user = updateUser(user);
user = userService.updateUser(user);
logger.debug("User after patch user:{}", user);
return user;

Expand All @@ -135,7 +139,7 @@ public User patchUser(String inum, UserPatchRequest userPatchRequest) throws Jso
public User getUserBasedOnInum(String inum) {
User result = null;
try {
result = getUserByInum(inum);
result = userService.getUserByInum(inum);
} catch (Exception ex) {
logger.error("Failed to load user entry", ex);
}
Expand All @@ -150,12 +154,12 @@ private User updateCustomAttributes(User user, List<CustomObjectAttribute> custo
}

for (CustomObjectAttribute attribute : customAttributes) {
CustomObjectAttribute existingAttribute = getCustomAttribute(user, attribute.getName());
CustomObjectAttribute existingAttribute = userService.getCustomAttribute(user, attribute.getName());
logger.debug("Existing CustomAttributes with existingAttribute:{} ", existingAttribute);

// add
if (existingAttribute == null) {
boolean result = addUserAttribute(user, attribute.getName(), attribute.getValues(),
boolean result = userService.addUserAttribute(user, attribute.getName(), attribute.getValues(),
attribute.isMultiValued());
logger.debug("Result of adding CustomAttributes attribute:{} , result:{} ", attribute, result);
}
Expand Down Expand Up @@ -324,4 +328,12 @@ public User ignoreCustomObjectClassesForNonLDAP(User user) {
}
return user;
}

public User addUser(User user, boolean active) {
return userService.addUser(user, active);
}

public User updateUser(User user) {
return userService.updateUser(user);
}
}
8 changes: 4 additions & 4 deletions jans-config-api/profiles/local/test.properties
Original file line number Diff line number Diff line change
Expand Up @@ -2,8 +2,8 @@
test.scopes=https://jans.io/oauth/config/acrs.readonly https://jans.io/oauth/config/acrs.write https://jans.io/oauth/config/attributes.readonly https://jans.io/oauth/config/attributes.write https://jans.io/oauth/config/attributes.delete https://jans.io/oauth/config/cache.readonly https://jans.io/oauth/config/cache.write https://jans.io/oauth/config/openid/clients.readonly https://jans.io/oauth/config/openid/clients.write https://jans.io/oauth/config/openid/clients.delete https://jans.io/oauth/jans-auth-server/config/properties.readonly https://jans.io/oauth/jans-auth-server/config/properties.write https://jans.io/oauth/config/smtp.readonly https://jans.io/oauth/config/smtp.write https://jans.io/oauth/config/smtp.delete https://jans.io/oauth/config/scripts.readonly https://jans.io/oauth/config/scripts.write https://jans.io/oauth/config/scripts.delete https://jans.io/oauth/config/fido2.readonly https://jans.io/oauth/config/fido2.write https://jans.io/oauth/config/jwks.readonly https://jans.io/oauth/config/jwks.write https://jans.io/oauth/config/jwks.delete https://jans.io/oauth/config/database/ldap.readonly https://jans.io/oauth/config/database/ldap.write https://jans.io/oauth/config/database/ldap.delete https://jans.io/oauth/config/logging.readonly https://jans.io/oauth/config/logging.write https://jans.io/oauth/config/scopes.readonly https://jans.io/oauth/config/scopes.write https://jans.io/oauth/config/scopes.delete https://jans.io/oauth/config/uma/resources.readonly https://jans.io/oauth/config/uma/resources.write https://jans.io/oauth/config/uma/resources.delete https://jans.io/oauth/config/database/sql.readonly https://jans.io/oauth/config/database/sql.write https://jans.io/oauth/config/database/sql.delete https://jans.io/oauth/config/stats.readonly jans_stat https://jans.io/scim/users.read https://jans.io/scim/users.write https://jans.io/oauth/config/scim/users.read https://jans.io/oauth/config/scim/users.write https://jans.io/scim/config.readonly https://jans.io/scim/config.write https://jans.io/oauth/config/organization.readonly https://jans.io/oauth/config/organization.write https://jans.io/oauth/config/user.readonly https://jans.io/oauth/config/user.write https://jans.io/oauth/config/user.delete https://jans.io/oauth/config/agama.readonly https://jans.io/oauth/config/agama.write https://jans.io/oauth/config/agama.delete https://jans.io/oauth/jans-auth-server/session.readonly https://jans.io/oauth/jans-auth-server/session.delete revoke_session https://jans.io/oauth/config/read-all https://jans.io/oauth/config/write-all https://jans.io/oauth/config/delete-all https://jans.io/oauth/config/openid-read https://jans.io/oauth/config/openid-write https://jans.io/oauth/config/openid-delete https://jans.io/oauth/config/uma-read https://jans.io/oauth/config/uma-write https://jans.io/oauth/config/uma-delete https://jans.io/oauth/jans-auth-server/config/adminui/user/role.readonly https://jans.io/oauth/jans-auth-server/config/adminui/user/role.write https://jans.io/oauth/jans-auth-server/config/adminui/read-all https://jans.io/oauth/jans-auth-server/config/adminui/write-all https://jans.io/oauth/jans-auth-server/config/adminui/user/role.delete https://jans.io/oauth/jans-auth-server/config/adminui/delete-all https://jans.io/oauth/jans-auth-server/config/adminui/user/permission.readonly https://jans.io/oauth/jans-auth-server/config/adminui/user/permission.write https://jans.io/oauth/jans-auth-server/config/adminui/user/permission.write https://jans.io/oauth/jans-auth-server/config/adminui/user/permission.delete https://jans.io/oauth/jans-auth-server/config/adminui/user/rolePermissionMapping.readonly https://jans.io/oauth/jans-auth-server/config/adminui/user/rolePermissionMapping.write https://jans.io/oauth/jans-auth-server/config/adminui/user/rolePermissionMapping.delete https://jans.io/oauth/jans-auth-server/config/adminui/license.readonly https://jans.io/oauth/jans-auth-server/config/adminui/license.write https://jans.io/oauth/config/plugin.readonly

# jans.server
token.endpoint=https://jans.server2/jans-auth/restv1/token
token.endpoint=https://jans.server1/jans-auth/restv1/token
token.grant.type=client_credentials
test.client.id=1800.c9c0b756-a1fc-4013-9feb-64d531ac2dc1
test.client.secret=ONfjpemnGAFU
test.issuer=https://jans.server2/
test.client.id=1800.53043ff9-102c-4b52-8456-c7c5cde2dfd3
test.client.secret=tYRVpvtI4S3U
test.issuer=https://jans.server1/
Original file line number Diff line number Diff line change
Expand Up @@ -81,7 +81,7 @@ public Response updateDefaultAuthenticationMethod(@NotNull AuthenticationMethod
log.debug("ACRS details to update - authenticationMethod:{}", authenticationMethod);

if (authenticationMethod == null || StringUtils.isBlank(authenticationMethod.getDefaultAcr())) {
thorwBadRequestException("Default authentication method should not be null or empty !");
throwBadRequestException("Default authentication method should not be null or empty !");
}

if (authenticationMethod != null) {
Expand Down
Loading

0 comments on commit 5753d39

Please sign in to comment.