Skip to content

Commit

Permalink
fix(config-api): SAML TR fix for filename and user mgmt enhancement f…
Browse files Browse the repository at this point in the history 
…or search and custom attribute validation (#7979)

* fix(config-api): user attribute validation and SAML TR update file name fix

Signed-off-by: pujavs <pujas.works@gmail.com>

* fix(config-api): user mgmt added search filter for givenName, middleName, nickName and sn

Signed-off-by: pujavs <pujas.works@gmail.com>

* fix(config-api): user mgmt validation for custom attributes

Signed-off-by: pujavs <pujas.works@gmail.com>

* fix(config-api): sysnc with main

Signed-off-by: pujavs <pujas.works@gmail.com>

* fix(config-api): sysnc with main

Signed-off-by: pujavs <pujas.works@gmail.com>

---------

Signed-off-by: pujavs <pujas.works@gmail.com>
Former-commit-id: 264532c
  • Loading branch information
@pujavs
pujavs authored Mar 7, 2024
1 parent d85d849 commit fa53b6d
Show file tree
Hide file tree
Showing 5 changed files with 82 additions and 53 deletions.
20 changes: 13 additions & 7 deletions jans-config-api/docs/jans-config-api-swagger.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7896,20 +7896,20 @@ components:
type: string
selected:
type: boolean
whitePagesCanView:
adminCanEdit:
type: boolean
adminCanView:
userCanView:
type: boolean
adminCanEdit:
adminCanView:
type: boolean
userCanEdit:
type: boolean
userCanView:
type: boolean
adminCanAccess:
type: boolean
userCanAccess:
type: boolean
whitePagesCanView:
type: boolean
baseDn:
type: string
PatchRequest:
Expand Down Expand Up @@ -8232,6 +8232,12 @@ components:
type: string
opTosUri:
type: string
cleanUpInactiveClientAfterHoursOfInactivity:
type: integer
format: int32
clientPeriodicUpdateTimerInterval:
type: integer
format: int32
authorizationCodeLifetime:
type: integer
format: int32
Expand Down Expand Up @@ -8722,6 +8728,8 @@ components:
type: boolean
lockMessageConfig:
$ref: '#/components/schemas/LockMessageConfig'
fapi:
type: boolean
allResponseTypesSupported:
uniqueItems: true
type: array
Expand All @@ -8731,8 +8739,6 @@ components:
- code
- token
- id_token
fapi:
type: boolean
AuthenticationFilter:
required:
- baseDn
Expand Down
8 changes: 4 additions & 4 deletions ...ml-plugin/src/main/java/io/jans/configapi/plugin/saml/rest/TrustRelationshipResource.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -201,14 +201,14 @@ public Response updateTrustRelationship(@MultipartForm TrustRelationshipForm tru
}

InputStream metaDataFile = trustRelationshipForm.getMetaDataFile();
logger.debug(" Create metaDataFile:{} ", metaDataFile);
if (metaDataFile != null) {
logger.debug(" Create metaDataFile.available():{}", metaDataFile.available());
logger.debug("metaDataFile for update is:{} ", metaDataFile);
if (metaDataFile != null && metaDataFile.available() > 0) {
logger.debug("For update metaDataFile.available():{}", metaDataFile.available());
}

validateSpMetaDataSourceType(trustRelationship, metaDataFile);
// Update
trustRelationship = samlService.updateTrustRelationship(trustRelationship);
trustRelationship = samlService.updateTrustRelationship(trustRelationship, metaDataFile);

logger.info("Post update trustRelationship:{}", trustRelationship);

Expand Down
1 change: 1 addition & 0 deletions ...pi/plugins/kc-saml-plugin/src/main/java/io/jans/configapi/plugin/saml/util/Constants.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -70,6 +70,7 @@ private Constants() {
// Scopes
public static final String SAML_READ_ACCESS = "https://jans.io/oauth/config/saml.readonly";
public static final String SAML_WRITE_ACCESS = "https://jans.io/oauth/config/saml.write";
public static final String SAML_DELETE_ACCESS = "https://jans.io/oauth/config/saml.delete";

public static final String SAML_CONFIG_READ_ACCESS = "https://jans.io/oauth/config/saml-config.readonly";
public static final String SAML_CONFIG_WRITE_ACCESS = "https://jans.io/oauth/config/saml-config.write";
Expand Down
64 changes: 34 additions & 30 deletions ...plugins/user-mgt-plugin/src/main/java/io/jans/configapi/plugin/mgt/rest/UserResource.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -163,18 +163,22 @@ public Response createUser(@Valid CustomUser customUser,
ignoreCustomAttributes(user, removeNonLDAPAttributes);
validateAttributes(user);

logger.info("Service call to create user:{}", user);
user = userMgmtSrv.addUser(user, true);
logger.debug("User created {}", user);
logger.info("User created {}", user);

// excludedAttributes
user = excludeUserAttributes(user);

// get custom user
customUser = getCustomUser(user, removeNonLDAPAttributes);
logger.info("newly created customUser:{}", customUser);
}catch(WebApplicationException waex) {
logger.error("ApplicationException while creating user is:", waex);
throwInternalServerException("USER_CREATION", waex.getMessage());
}catch(WebApplicationException wex) {
logger.error("ApplicationException while creating user is:{}, cause:{}", wex, wex.getCause());
throwInternalServerException("USER_CREATION_ERROR", wex.getMessage());
}catch(Exception ex) {
logger.error("Exception while creating user is:{}, cause:{}", ex, ex.getCause());
throwInternalServerException(ex);
}

return Response.status(Response.Status.CREATED).entity(customUser).build();
Expand All @@ -201,34 +205,38 @@ public Response updateUser(@Valid CustomUser customUser,
removeNonLDAPAttributes);
}

// get User object
User user = setUserAttributes(customUser);
try {
// get User object
User user = setUserAttributes(customUser);

// parse birthdate if present
userMgmtSrv.parseBirthDateAttribute(user);
logger.debug("Create user:{}", user);
// parse birthdate if present
userMgmtSrv.parseBirthDateAttribute(user);
logger.debug("Create user:{}", user);

// checking mandatory attributes
List<String> excludeAttributes = List.of(USER_PWD);
checkMissingAttributes(user, excludeAttributes);
ignoreCustomAttributes(user, removeNonLDAPAttributes);
validateAttributes(user);
// checking mandatory attributes
List<String> excludeAttributes = List.of(USER_PWD);
checkMissingAttributes(user, excludeAttributes);
ignoreCustomAttributes(user, removeNonLDAPAttributes);
validateAttributes(user);

try {
logger.info("Call update user:{}", user);
user = userMgmtSrv.updateUser(user);
logger.info("Updated user:{}", user);
} catch (Exception ex) {
logger.error("Error while updating user", ex);

// excludedAttributes
user = excludeUserAttributes(user);

// get custom user
customUser = getCustomUser(user, removeNonLDAPAttributes);
logger.info("updated customUser:{}", customUser);
} catch (WebApplicationException wex) {
logger.error("ApplicationException while updating user is:{}, cause:{}", wex, wex.getCause());
throwInternalServerException("USER_UPDATE_ERROR", wex.getMessage());
}
catch (Exception ex) {
logger.error("Exception while updating user is:{}, cause:{}", ex, ex.getCause());
throwInternalServerException(ex);
}

// excludedAttributes
user = excludeUserAttributes(user);

// get custom user
customUser = getCustomUser(user, removeNonLDAPAttributes);
logger.info("updated customUser:{}", customUser);

return Response.ok(customUser).build();

}
Expand Down Expand Up @@ -352,11 +360,7 @@ private void checkMissingAttributes(User user, List<String> excludeAttributes)
}

private void validateAttributes(User user) {
try {
userMgmtSrv.validateAttributes(user.getCustomAttributes());
} catch (WebApplicationException wexp) {
throwBadRequestException("VALIDATE_ATTRIBUTE", wexp.getMessage());
}
userMgmtSrv.validateAttributes(user.getCustomAttributes());
}

private List<CustomUser> getCustomUserList(List<User> users, boolean removeNonLDAPAttributes) {
Expand Down
42 changes: 30 additions & 12 deletions ...s/user-mgt-plugin/src/main/java/io/jans/configapi/plugin/mgt/service/UserMgmtService.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -88,7 +88,7 @@ public PagedResult<User> searchUsers(SearchRequest searchRequest) {
boolean useLowercaseFilter = configurationService.isLowercaseFilter(userService.getPeopleBaseDn());
logger.info("For searching user user useLowercaseFilter?:{}", useLowercaseFilter);

Filter displayNameFilter, descriptionFilter, mailFilter, uidFilter, inumFilter, searchFilter = null;
Filter displayNameFilter, descriptionFilter, mailFilter, uidFilter, inumFilter, givenNameFilter, middleNameFilter, nicknameFilter, snFilter, searchFilter = null;
List<Filter> filters = new ArrayList<>();
if (searchRequest.getFilterAssertionValue() != null && !searchRequest.getFilterAssertionValue().isEmpty()) {

Expand All @@ -105,6 +105,10 @@ public PagedResult<User> searchUsers(SearchRequest searchRequest) {
Filter.createLowercaseFilter(AttributeConstants.DESCRIPTION), null, targetArray, null);
mailFilter = Filter.createSubstringFilter(Filter.createLowercaseFilter(AttributeConstants.MAIL),
null, targetArray, null);
givenNameFilter = Filter.createSubstringFilter(Filter.createLowercaseFilter("givenName"), null, targetArray, null);
middleNameFilter = Filter.createSubstringFilter(Filter.createLowercaseFilter("middleName"), null, targetArray, null);
nicknameFilter = Filter.createSubstringFilter(Filter.createLowercaseFilter("nickname"), null, targetArray, null);
snFilter = Filter.createSubstringFilter(Filter.createLowercaseFilter("sn"), null, targetArray, null);
uidFilter = Filter.createSubstringFilter(Filter.createLowercaseFilter("uid"), null, targetArray,
null);
} else {
Expand All @@ -113,12 +117,16 @@ public PagedResult<User> searchUsers(SearchRequest searchRequest) {
descriptionFilter = Filter.createSubstringFilter(AttributeConstants.DESCRIPTION, null, targetArray,
null);
mailFilter = Filter.createSubstringFilter(AttributeConstants.MAIL, null, targetArray, null);
givenNameFilter = Filter.createSubstringFilter("givenName", null, targetArray, null);
middleNameFilter = Filter.createSubstringFilter("middleName", null, targetArray, null);
nicknameFilter = Filter.createSubstringFilter("nickname", null, targetArray, null);
snFilter = Filter.createSubstringFilter("sn", null, targetArray, null);
uidFilter = Filter.createSubstringFilter("uid", null, targetArray, null);
}

inumFilter = Filter.createSubstringFilter(AttributeConstants.INUM, null, targetArray, null);
filters.add(
Filter.createORFilter(displayNameFilter, descriptionFilter, mailFilter, uidFilter, inumFilter));
Filter.createORFilter(displayNameFilter, descriptionFilter, mailFilter, uidFilter, givenNameFilter, middleNameFilter, nicknameFilter, snFilter, inumFilter));
}
searchFilter = Filter.createORFilter(filters);
}
Expand Down Expand Up @@ -405,25 +413,33 @@ public String getPersistenceType() {
}

public User addUser(User user, boolean active) {
logger.info("Creating user:{}, active:{}", user, active);
user = userService.addUser(user, active);
logger.info("New user:{}", user);
// remove inactive claims
if (user != null) {
List<User> users = new ArrayList<>();
users.add(user);
users = this.verifyCustomAttributes(users);
user = users.get(0);
if (users != null && !users.isEmpty()) {
user = users.get(0);
}
}
return user;
}

public User updateUser(User user) {
logger.info("Updating user:{}", user);
user = userService.updateUser(user);
logger.info("Updated user:{}", user);
// remove inactive claims
if (user != null) {
List<User> users = new ArrayList<>();
users.add(user);
users = this.verifyCustomAttributes(users);
user = users.get(0);
if (users != null && !users.isEmpty()) {
user = users.get(0);
}
}
return user;
}
Expand Down Expand Up @@ -479,7 +495,7 @@ private String getDnForAttribute(String inum) {
}

public void validateAttributes(List<CustomObjectAttribute> customAttributes) {
logger.info("**** Validate customAttributes: {}", customAttributes);
logger.info("\n **** Validate customAttributes: {}", customAttributes);
if (customAttributes == null || customAttributes.isEmpty()) {
return;
}
Expand All @@ -491,16 +507,17 @@ public void validateAttributes(List<CustomObjectAttribute> customAttributes) {
if(attribute!=null) {
validation = attribute.getAttributeValidation();
}
logger.info("validation:{}", validation);
logger.info("customObjectAttribute.getName():{}, validation:{}", customObjectAttribute.getName(), validation);

String errorMsg = validateCustomAttributes(customObjectAttribute, validation);

logger.info("customObjectAttribute.getName():{}, errorMsg:{}", customObjectAttribute.getName(), errorMsg);
if (StringUtils.isNotBlank(errorMsg)) {
sb.append(errorMsg);
}
}

if (StringUtils.isNotBlank(sb.toString())) {
logger.error("Attribute validation failed with error msg:{} \n",sb);
throw new WebApplicationException(sb.toString());
}

Expand Down Expand Up @@ -534,29 +551,30 @@ private String validateCustomAttributes(CustomObjectAttribute customObjectAttrib

// minvalue Validation
if (minvalue != null && attributeValue.length() < minvalue) {
sb.append(",must be at least " + minvalue + " characters.");
sb.append(",must be at least " + minvalue + " characters");
}

// maxValue Validation
if (maxValue != null && attributeValue.length() > maxValue) {
sb.append(",must be less than " + maxValue + " characters.");
sb.append(",must be less than " + maxValue + " characters");
}

// regexpValue
if (StringUtils.isNotBlank(regexpValue)) {
Pattern pattern = Pattern.compile(regexpValue);
Matcher matcher = pattern.matcher(attributeValue);
if (!matcher.matches()) {
sb.append(",must match (" + regexpValue + ") pattern.");
sb.append(",must match (" + regexpValue + ") pattern");
}
}
} catch (Exception ex) {
logger.error("Error while validating attributeName:{}", attributeName);
}
logger.info("Validate reuslt - sb :{} ", sb);
logger.info("Validate reuslt for attributeName:{} is sb :{} ", attributeName, sb);

if (StringUtils.isNotBlank(sb.toString())) {
sb.insert(0, attributeName+" ");
sb.insert(0, "'"+attributeName+"' -> ");
sb.append(" ");
}
return sb.toString();
}
Expand Down

0 comments on commit fa53b6d

Please sign in to comment.