From fa53b6d9815fe77d071f812e6790e3ffecbd36d6 Mon Sep 17 00:00:00 2001 From: pujavs <43700552+pujavs@users.noreply.github.com> Date: Thu, 7 Mar 2024 20:11:36 +0530 Subject: [PATCH] fix(config-api): SAML TR fix for filename and user mgmt enhancement for search and custom attribute validation (#7979) * fix(config-api): user attribute validation and SAML TR update file name fix Signed-off-by: pujavs * fix(config-api): user mgmt added search filter for givenName, middleName, nickName and sn Signed-off-by: pujavs * fix(config-api): user mgmt validation for custom attributes Signed-off-by: pujavs * fix(config-api): sysnc with main Signed-off-by: pujavs * fix(config-api): sysnc with main Signed-off-by: pujavs --------- Signed-off-by: pujavs Former-commit-id: 264532cb5b19a84b8b2e7215bdbf2008982a860f --- .../docs/jans-config-api-swagger.yaml | 20 ++++-- .../saml/rest/TrustRelationshipResource.java | 8 +-- .../configapi/plugin/saml/util/Constants.java | 1 + .../plugin/mgt/rest/UserResource.java | 64 ++++++++++--------- .../plugin/mgt/service/UserMgmtService.java | 42 ++++++++---- 5 files changed, 82 insertions(+), 53 deletions(-) diff --git a/jans-config-api/docs/jans-config-api-swagger.yaml b/jans-config-api/docs/jans-config-api-swagger.yaml index b6ca6fa568f..29c5f5c73d0 100644 --- a/jans-config-api/docs/jans-config-api-swagger.yaml +++ b/jans-config-api/docs/jans-config-api-swagger.yaml @@ -7896,20 +7896,20 @@ components: type: string selected: type: boolean - whitePagesCanView: + adminCanEdit: type: boolean - adminCanView: + userCanView: type: boolean - adminCanEdit: + adminCanView: type: boolean userCanEdit: type: boolean - userCanView: - type: boolean adminCanAccess: type: boolean userCanAccess: type: boolean + whitePagesCanView: + type: boolean baseDn: type: string PatchRequest: @@ -8232,6 +8232,12 @@ components: type: string opTosUri: type: string + cleanUpInactiveClientAfterHoursOfInactivity: + type: integer + format: int32 + clientPeriodicUpdateTimerInterval: + type: integer + format: int32 authorizationCodeLifetime: type: integer format: int32 @@ -8722,6 +8728,8 @@ components: type: boolean lockMessageConfig: $ref: '#/components/schemas/LockMessageConfig' + fapi: + type: boolean allResponseTypesSupported: uniqueItems: true type: array @@ -8731,8 +8739,6 @@ components: - code - token - id_token - fapi: - type: boolean AuthenticationFilter: required: - baseDn diff --git a/jans-config-api/plugins/kc-saml-plugin/src/main/java/io/jans/configapi/plugin/saml/rest/TrustRelationshipResource.java b/jans-config-api/plugins/kc-saml-plugin/src/main/java/io/jans/configapi/plugin/saml/rest/TrustRelationshipResource.java index 844cd7c764e..1d7ef8a397f 100644 --- a/jans-config-api/plugins/kc-saml-plugin/src/main/java/io/jans/configapi/plugin/saml/rest/TrustRelationshipResource.java +++ b/jans-config-api/plugins/kc-saml-plugin/src/main/java/io/jans/configapi/plugin/saml/rest/TrustRelationshipResource.java @@ -201,14 +201,14 @@ public Response updateTrustRelationship(@MultipartForm TrustRelationshipForm tru } InputStream metaDataFile = trustRelationshipForm.getMetaDataFile(); - logger.debug(" Create metaDataFile:{} ", metaDataFile); - if (metaDataFile != null) { - logger.debug(" Create metaDataFile.available():{}", metaDataFile.available()); + logger.debug("metaDataFile for update is:{} ", metaDataFile); + if (metaDataFile != null && metaDataFile.available() > 0) { + logger.debug("For update metaDataFile.available():{}", metaDataFile.available()); } validateSpMetaDataSourceType(trustRelationship, metaDataFile); // Update - trustRelationship = samlService.updateTrustRelationship(trustRelationship); + trustRelationship = samlService.updateTrustRelationship(trustRelationship, metaDataFile); logger.info("Post update trustRelationship:{}", trustRelationship); diff --git a/jans-config-api/plugins/kc-saml-plugin/src/main/java/io/jans/configapi/plugin/saml/util/Constants.java b/jans-config-api/plugins/kc-saml-plugin/src/main/java/io/jans/configapi/plugin/saml/util/Constants.java index 1095db372f8..bb2908a51ae 100644 --- a/jans-config-api/plugins/kc-saml-plugin/src/main/java/io/jans/configapi/plugin/saml/util/Constants.java +++ b/jans-config-api/plugins/kc-saml-plugin/src/main/java/io/jans/configapi/plugin/saml/util/Constants.java @@ -70,6 +70,7 @@ private Constants() { // Scopes public static final String SAML_READ_ACCESS = "https://jans.io/oauth/config/saml.readonly"; public static final String SAML_WRITE_ACCESS = "https://jans.io/oauth/config/saml.write"; + public static final String SAML_DELETE_ACCESS = "https://jans.io/oauth/config/saml.delete"; public static final String SAML_CONFIG_READ_ACCESS = "https://jans.io/oauth/config/saml-config.readonly"; public static final String SAML_CONFIG_WRITE_ACCESS = "https://jans.io/oauth/config/saml-config.write"; diff --git a/jans-config-api/plugins/user-mgt-plugin/src/main/java/io/jans/configapi/plugin/mgt/rest/UserResource.java b/jans-config-api/plugins/user-mgt-plugin/src/main/java/io/jans/configapi/plugin/mgt/rest/UserResource.java index ddc546c3163..01c50e06c6d 100644 --- a/jans-config-api/plugins/user-mgt-plugin/src/main/java/io/jans/configapi/plugin/mgt/rest/UserResource.java +++ b/jans-config-api/plugins/user-mgt-plugin/src/main/java/io/jans/configapi/plugin/mgt/rest/UserResource.java @@ -163,8 +163,9 @@ public Response createUser(@Valid CustomUser customUser, ignoreCustomAttributes(user, removeNonLDAPAttributes); validateAttributes(user); + logger.info("Service call to create user:{}", user); user = userMgmtSrv.addUser(user, true); - logger.debug("User created {}", user); + logger.info("User created {}", user); // excludedAttributes user = excludeUserAttributes(user); @@ -172,9 +173,12 @@ public Response createUser(@Valid CustomUser customUser, // get custom user customUser = getCustomUser(user, removeNonLDAPAttributes); logger.info("newly created customUser:{}", customUser); - }catch(WebApplicationException waex) { - logger.error("ApplicationException while creating user is:", waex); - throwInternalServerException("USER_CREATION", waex.getMessage()); + }catch(WebApplicationException wex) { + logger.error("ApplicationException while creating user is:{}, cause:{}", wex, wex.getCause()); + throwInternalServerException("USER_CREATION_ERROR", wex.getMessage()); + }catch(Exception ex) { + logger.error("Exception while creating user is:{}, cause:{}", ex, ex.getCause()); + throwInternalServerException(ex); } return Response.status(Response.Status.CREATED).entity(customUser).build(); @@ -201,34 +205,38 @@ public Response updateUser(@Valid CustomUser customUser, removeNonLDAPAttributes); } - // get User object - User user = setUserAttributes(customUser); + try { + // get User object + User user = setUserAttributes(customUser); - // parse birthdate if present - userMgmtSrv.parseBirthDateAttribute(user); - logger.debug("Create user:{}", user); + // parse birthdate if present + userMgmtSrv.parseBirthDateAttribute(user); + logger.debug("Create user:{}", user); - // checking mandatory attributes - List excludeAttributes = List.of(USER_PWD); - checkMissingAttributes(user, excludeAttributes); - ignoreCustomAttributes(user, removeNonLDAPAttributes); - validateAttributes(user); + // checking mandatory attributes + List excludeAttributes = List.of(USER_PWD); + checkMissingAttributes(user, excludeAttributes); + ignoreCustomAttributes(user, removeNonLDAPAttributes); + validateAttributes(user); - try { + logger.info("Call update user:{}", user); user = userMgmtSrv.updateUser(user); logger.info("Updated user:{}", user); - } catch (Exception ex) { - logger.error("Error while updating user", ex); + + // excludedAttributes + user = excludeUserAttributes(user); + + // get custom user + customUser = getCustomUser(user, removeNonLDAPAttributes); + logger.info("updated customUser:{}", customUser); + } catch (WebApplicationException wex) { + logger.error("ApplicationException while updating user is:{}, cause:{}", wex, wex.getCause()); + throwInternalServerException("USER_UPDATE_ERROR", wex.getMessage()); + } + catch (Exception ex) { + logger.error("Exception while updating user is:{}, cause:{}", ex, ex.getCause()); throwInternalServerException(ex); } - - // excludedAttributes - user = excludeUserAttributes(user); - - // get custom user - customUser = getCustomUser(user, removeNonLDAPAttributes); - logger.info("updated customUser:{}", customUser); - return Response.ok(customUser).build(); } @@ -352,11 +360,7 @@ private void checkMissingAttributes(User user, List excludeAttributes) } private void validateAttributes(User user) { - try { - userMgmtSrv.validateAttributes(user.getCustomAttributes()); - } catch (WebApplicationException wexp) { - throwBadRequestException("VALIDATE_ATTRIBUTE", wexp.getMessage()); - } + userMgmtSrv.validateAttributes(user.getCustomAttributes()); } private List getCustomUserList(List users, boolean removeNonLDAPAttributes) { diff --git a/jans-config-api/plugins/user-mgt-plugin/src/main/java/io/jans/configapi/plugin/mgt/service/UserMgmtService.java b/jans-config-api/plugins/user-mgt-plugin/src/main/java/io/jans/configapi/plugin/mgt/service/UserMgmtService.java index acf78905620..45668ba524b 100644 --- a/jans-config-api/plugins/user-mgt-plugin/src/main/java/io/jans/configapi/plugin/mgt/service/UserMgmtService.java +++ b/jans-config-api/plugins/user-mgt-plugin/src/main/java/io/jans/configapi/plugin/mgt/service/UserMgmtService.java @@ -88,7 +88,7 @@ public PagedResult searchUsers(SearchRequest searchRequest) { boolean useLowercaseFilter = configurationService.isLowercaseFilter(userService.getPeopleBaseDn()); logger.info("For searching user user useLowercaseFilter?:{}", useLowercaseFilter); - Filter displayNameFilter, descriptionFilter, mailFilter, uidFilter, inumFilter, searchFilter = null; + Filter displayNameFilter, descriptionFilter, mailFilter, uidFilter, inumFilter, givenNameFilter, middleNameFilter, nicknameFilter, snFilter, searchFilter = null; List filters = new ArrayList<>(); if (searchRequest.getFilterAssertionValue() != null && !searchRequest.getFilterAssertionValue().isEmpty()) { @@ -105,6 +105,10 @@ public PagedResult searchUsers(SearchRequest searchRequest) { Filter.createLowercaseFilter(AttributeConstants.DESCRIPTION), null, targetArray, null); mailFilter = Filter.createSubstringFilter(Filter.createLowercaseFilter(AttributeConstants.MAIL), null, targetArray, null); + givenNameFilter = Filter.createSubstringFilter(Filter.createLowercaseFilter("givenName"), null, targetArray, null); + middleNameFilter = Filter.createSubstringFilter(Filter.createLowercaseFilter("middleName"), null, targetArray, null); + nicknameFilter = Filter.createSubstringFilter(Filter.createLowercaseFilter("nickname"), null, targetArray, null); + snFilter = Filter.createSubstringFilter(Filter.createLowercaseFilter("sn"), null, targetArray, null); uidFilter = Filter.createSubstringFilter(Filter.createLowercaseFilter("uid"), null, targetArray, null); } else { @@ -113,12 +117,16 @@ public PagedResult searchUsers(SearchRequest searchRequest) { descriptionFilter = Filter.createSubstringFilter(AttributeConstants.DESCRIPTION, null, targetArray, null); mailFilter = Filter.createSubstringFilter(AttributeConstants.MAIL, null, targetArray, null); + givenNameFilter = Filter.createSubstringFilter("givenName", null, targetArray, null); + middleNameFilter = Filter.createSubstringFilter("middleName", null, targetArray, null); + nicknameFilter = Filter.createSubstringFilter("nickname", null, targetArray, null); + snFilter = Filter.createSubstringFilter("sn", null, targetArray, null); uidFilter = Filter.createSubstringFilter("uid", null, targetArray, null); } inumFilter = Filter.createSubstringFilter(AttributeConstants.INUM, null, targetArray, null); filters.add( - Filter.createORFilter(displayNameFilter, descriptionFilter, mailFilter, uidFilter, inumFilter)); + Filter.createORFilter(displayNameFilter, descriptionFilter, mailFilter, uidFilter, givenNameFilter, middleNameFilter, nicknameFilter, snFilter, inumFilter)); } searchFilter = Filter.createORFilter(filters); } @@ -405,25 +413,33 @@ public String getPersistenceType() { } public User addUser(User user, boolean active) { + logger.info("Creating user:{}, active:{}", user, active); user = userService.addUser(user, active); + logger.info("New user:{}", user); // remove inactive claims if (user != null) { List users = new ArrayList<>(); users.add(user); users = this.verifyCustomAttributes(users); - user = users.get(0); + if (users != null && !users.isEmpty()) { + user = users.get(0); + } } return user; } public User updateUser(User user) { + logger.info("Updating user:{}", user); user = userService.updateUser(user); + logger.info("Updated user:{}", user); // remove inactive claims if (user != null) { List users = new ArrayList<>(); users.add(user); users = this.verifyCustomAttributes(users); - user = users.get(0); + if (users != null && !users.isEmpty()) { + user = users.get(0); + } } return user; } @@ -479,7 +495,7 @@ private String getDnForAttribute(String inum) { } public void validateAttributes(List customAttributes) { - logger.info("**** Validate customAttributes: {}", customAttributes); + logger.info("\n **** Validate customAttributes: {}", customAttributes); if (customAttributes == null || customAttributes.isEmpty()) { return; } @@ -491,16 +507,17 @@ public void validateAttributes(List customAttributes) { if(attribute!=null) { validation = attribute.getAttributeValidation(); } - logger.info("validation:{}", validation); + logger.info("customObjectAttribute.getName():{}, validation:{}", customObjectAttribute.getName(), validation); String errorMsg = validateCustomAttributes(customObjectAttribute, validation); - + logger.info("customObjectAttribute.getName():{}, errorMsg:{}", customObjectAttribute.getName(), errorMsg); if (StringUtils.isNotBlank(errorMsg)) { sb.append(errorMsg); } } if (StringUtils.isNotBlank(sb.toString())) { + logger.error("Attribute validation failed with error msg:{} \n",sb); throw new WebApplicationException(sb.toString()); } @@ -534,12 +551,12 @@ private String validateCustomAttributes(CustomObjectAttribute customObjectAttrib // minvalue Validation if (minvalue != null && attributeValue.length() < minvalue) { - sb.append(",must be at least " + minvalue + " characters."); + sb.append(",must be at least " + minvalue + " characters"); } // maxValue Validation if (maxValue != null && attributeValue.length() > maxValue) { - sb.append(",must be less than " + maxValue + " characters."); + sb.append(",must be less than " + maxValue + " characters"); } // regexpValue @@ -547,16 +564,17 @@ private String validateCustomAttributes(CustomObjectAttribute customObjectAttrib Pattern pattern = Pattern.compile(regexpValue); Matcher matcher = pattern.matcher(attributeValue); if (!matcher.matches()) { - sb.append(",must match (" + regexpValue + ") pattern."); + sb.append(",must match (" + regexpValue + ") pattern"); } } } catch (Exception ex) { logger.error("Error while validating attributeName:{}", attributeName); } - logger.info("Validate reuslt - sb :{} ", sb); + logger.info("Validate reuslt for attributeName:{} is sb :{} ", attributeName, sb); if (StringUtils.isNotBlank(sb.toString())) { - sb.insert(0, attributeName+" "); + sb.insert(0, "'"+attributeName+"' -> "); + sb.append(" "); } return sb.toString(); }