Skip to content

Commit

Permalink
More cleanup
Browse files Browse the repository at this point in the history
  • Loading branch information
@ilgrosso
ilgrosso committed Jul 28, 2023
1 parent 2ee8b61 commit 691f7e1
Show file tree
Hide file tree
Showing 26 changed files with 124 additions and 146 deletions.
6 changes: 3 additions & 3 deletions core/persistence-jpa-json/src/test/resources/domains/MasterContent.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -58,14 +58,14 @@ under the License.

<!-- Attr Release Policies -->
<AttrReleasePolicy arporder="0" name="DenyAttrReleasePolicy" id="219935c7-deb3-40b3-8a9a-683037e523a2"
jsonConf='{"_class":"org.apache.syncope.common.lib.policy.DefaultAttrReleasePolicyConf","releaseAttrs":[],"allowedAttrs":[],"excludedAttrs":[],"includeOnlyAttrs":[],"principalIdAttr":null,"principalAttrRepoConf":{"mergingStrategy":"MULTIVALUED","ignoreResolvedAttributes":false,"expiration":0,"timeUnit":"HOURS","attrRepos":[]}}'/>
jsonConf='{"_class":"org.apache.syncope.common.lib.policy.DefaultAttrReleasePolicyConf","releaseAttrs":{},"allowedAttrs":[],"excludedAttrs":[],"includeOnlyAttrs":[],"principalIdAttr":null,"principalAttrRepoConf":{"mergingStrategy":"MULTIVALUED","ignoreResolvedAttributes":false,"expiration":0,"timeUnit":"HOURS","attrRepos":[]}}'/>
<AttrReleasePolicy arporder="0" name="AllowedAttrReleasePolicy" id="319935c7-deb3-40b3-8a9a-683037e523a2"
jsonConf='{"_class":"org.apache.syncope.common.lib.policy.DefaultAttrReleasePolicyConf","releaseAttrs":[],"allowedAttrs":["cn","givenName","uid"],"excludedAttrs":[],"includeOnlyAttrs":[],"principalIdAttr":null,"principalAttrRepoConf":{"mergingStrategy":"MULTIVALUED","ignoreResolvedAttributes":false,"expiration":0,"timeUnit":"HOURS","attrRepos":[]}}'/>
jsonConf='{"_class":"org.apache.syncope.common.lib.policy.DefaultAttrReleasePolicyConf","releaseAttrs":{},"allowedAttrs":["cn","givenName","uid"],"excludedAttrs":[],"includeOnlyAttrs":[],"principalIdAttr":null,"principalAttrRepoConf":{"mergingStrategy":"MULTIVALUED","ignoreResolvedAttributes":false,"expiration":0,"timeUnit":"HOURS","attrRepos":[]}}'/>

<!-- Authentication modules -->
<AuthModule id="DefaultLDAPAuthModule" authModuleState="ACTIVE"
description="LDAP auth module" jsonConf='{"_class":"org.apache.syncope.common.lib.auth.LDAPAuthModuleConf","principalAttributeId":"cn","bindDn": "${testds.bindDn}", "bindCredential":"${testds.password}","ldapUrl":"ldap://localhost:${testds.port}","searchFilter":"cn={user}","baseDn":"ou=People,${testds.rootDn}","subtreeSearch":true}'
items='[{"intAttrName":"mail","extAttrName":"email","connObjectKey":false,"password":false,"mandatoryCondition":"false","purpose":"NONE","propagationJEXLTransformer":null,"pullJEXLTransformer":null,"transformers":[]},{"intAttrName":"givenName","extAttrName":"firstname","connObjectKey":false,"password":false,"mandatoryCondition":"false","purpose":"NONE","propagationJEXLTransformer":null,"pullJEXLTransformer":null,"transformers":[]},{"intAttrName":"sn","extAttrName":"surname","connObjectKey":false,"password":false,"mandatoryCondition":"false","purpose":"NONE","propagationJEXLTransformer":null,"pullJEXLTransformer":null,"transformers":[]},{"intAttrName":"cn","extAttrName":"fullname","connObjectKey":false,"password":false,"mandatoryCondition":"false","purpose":"NONE","propagationJEXLTransformer":null,"pullJEXLTransformer":null,"transformers":[]}]'/>
items='[{"intAttrName":"mail","extAttrName":"email","connObjectKey":false,"password":false,"mandatoryCondition":"false","purpose":"NONE","propagationJEXLTransformer":null,"pullJEXLTransformer":null,"transformers":[]},{"intAttrName":"givenName","extAttrName":"given_name","connObjectKey":false,"password":false,"mandatoryCondition":"false","purpose":"NONE","propagationJEXLTransformer":null,"pullJEXLTransformer":null,"transformers":[]},{"intAttrName":"sn","extAttrName":"family_name","connObjectKey":false,"password":false,"mandatoryCondition":"false","purpose":"NONE","propagationJEXLTransformer":null,"pullJEXLTransformer":null,"transformers":[]},{"intAttrName":"cn","extAttrName":"name","connObjectKey":false,"password":false,"mandatoryCondition":"false","purpose":"NONE","propagationJEXLTransformer":null,"pullJEXLTransformer":null,"transformers":[]}]'/>
<AuthModule id="DefaultJDBCAuthModule" authModuleState="ACTIVE"
description="JDBC auth module" jsonConf='{"_class":"org.apache.syncope.common.lib.auth.JDBCAuthModuleConf","sql":"SELECT * FROM users_table WHERE name=?", "fieldPassword": "password"}'/>
<AuthModule id="DefaultGoogleMfaAuthModule" authModuleState="ACTIVE"
Expand Down
6 changes: 3 additions & 3 deletions core/persistence-jpa/src/test/resources/domains/MasterContent.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -58,14 +58,14 @@ under the License.

<!-- Attr Release Policies -->
<AttrReleasePolicy arporder="0" name="DenyAttrReleasePolicy" id="219935c7-deb3-40b3-8a9a-683037e523a2"
jsonConf='{"_class":"org.apache.syncope.common.lib.policy.DefaultAttrReleasePolicyConf","releaseAttrs":[],"allowedAttrs":[],"excludedAttrs":[],"includeOnlyAttrs":[],"principalIdAttr":null,"principalAttrRepoConf":{"mergingStrategy":"MULTIVALUED","ignoreResolvedAttributes":false,"expiration":0,"timeUnit":"HOURS","attrRepos":[]}}'/>
jsonConf='{"_class":"org.apache.syncope.common.lib.policy.DefaultAttrReleasePolicyConf","releaseAttrs":{},"allowedAttrs":[],"excludedAttrs":[],"includeOnlyAttrs":[],"principalIdAttr":null,"principalAttrRepoConf":{"mergingStrategy":"MULTIVALUED","ignoreResolvedAttributes":false,"expiration":0,"timeUnit":"HOURS","attrRepos":[]}}'/>
<AttrReleasePolicy arporder="0" name="AllowedAttrReleasePolicy" id="319935c7-deb3-40b3-8a9a-683037e523a2"
jsonConf='{"_class":"org.apache.syncope.common.lib.policy.DefaultAttrReleasePolicyConf","releaseAttrs":[],"allowedAttrs":["cn","givenName","uid"],"excludedAttrs":[],"includeOnlyAttrs":[],"principalIdAttr":null,"principalAttrRepoConf":{"mergingStrategy":"MULTIVALUED","ignoreResolvedAttributes":false,"expiration":0,"timeUnit":"HOURS","attrRepos":[]}}'/>
jsonConf='{"_class":"org.apache.syncope.common.lib.policy.DefaultAttrReleasePolicyConf","releaseAttrs":{},"allowedAttrs":["cn","givenName","uid"],"excludedAttrs":[],"includeOnlyAttrs":[],"principalIdAttr":null,"principalAttrRepoConf":{"mergingStrategy":"MULTIVALUED","ignoreResolvedAttributes":false,"expiration":0,"timeUnit":"HOURS","attrRepos":[]}}'/>

<!-- Authentication modules -->
<AuthModule id="DefaultLDAPAuthModule" authModuleState="ACTIVE"
description="LDAP auth module" jsonConf='{"_class":"org.apache.syncope.common.lib.auth.LDAPAuthModuleConf","principalAttributeId":"cn","bindDn": "${testds.bindDn}", "bindCredential":"${testds.password}","ldapUrl":"ldap://localhost:${testds.port}","searchFilter":"cn={user}","baseDn":"ou=People,${testds.rootDn}","subtreeSearch":true}'
items='[{"intAttrName":"mail","extAttrName":"email","connObjectKey":false,"password":false,"mandatoryCondition":"false","purpose":"NONE","propagationJEXLTransformer":null,"pullJEXLTransformer":null,"transformers":[]},{"intAttrName":"givenName","extAttrName":"firstname","connObjectKey":false,"password":false,"mandatoryCondition":"false","purpose":"NONE","propagationJEXLTransformer":null,"pullJEXLTransformer":null,"transformers":[]},{"intAttrName":"sn","extAttrName":"surname","connObjectKey":false,"password":false,"mandatoryCondition":"false","purpose":"NONE","propagationJEXLTransformer":null,"pullJEXLTransformer":null,"transformers":[]},{"intAttrName":"cn","extAttrName":"fullname","connObjectKey":false,"password":false,"mandatoryCondition":"false","purpose":"NONE","propagationJEXLTransformer":null,"pullJEXLTransformer":null,"transformers":[]}]'/>
items='[{"intAttrName":"mail","extAttrName":"email","connObjectKey":false,"password":false,"mandatoryCondition":"false","purpose":"NONE","propagationJEXLTransformer":null,"pullJEXLTransformer":null,"transformers":[]},{"intAttrName":"givenName","extAttrName":"given_name","connObjectKey":false,"password":false,"mandatoryCondition":"false","purpose":"NONE","propagationJEXLTransformer":null,"pullJEXLTransformer":null,"transformers":[]},{"intAttrName":"sn","extAttrName":"family_name","connObjectKey":false,"password":false,"mandatoryCondition":"false","purpose":"NONE","propagationJEXLTransformer":null,"pullJEXLTransformer":null,"transformers":[]},{"intAttrName":"cn","extAttrName":"name","connObjectKey":false,"password":false,"mandatoryCondition":"false","purpose":"NONE","propagationJEXLTransformer":null,"pullJEXLTransformer":null,"transformers":[]}]'/>
<AuthModule id="DefaultJDBCAuthModule" authModuleState="ACTIVE"
description="JDBC auth module" jsonConf='{"_class":"org.apache.syncope.common.lib.auth.JDBCAuthModuleConf","sql":"SELECT * FROM users_table WHERE name=?", "fieldPassword": "password"}'/>
<AuthModule id="DefaultGoogleMfaAuthModule" authModuleState="ACTIVE"
Expand Down
4 changes: 2 additions & 2 deletions ...dcc4ui/client-console/src/main/java/org/apache/syncope/client/console/pages/OIDCC4UI.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@
import org.apache.syncope.client.console.panels.OIDCProvidersDirectoryPanel;
import org.apache.syncope.client.console.rest.OIDCProviderRestClient;
import org.apache.syncope.client.ui.commons.annotations.ExtPage;
import org.apache.syncope.common.lib.types.OIDC4UIEntitlement;
import org.apache.syncope.common.lib.types.OIDCC4UIEntitlement;
import org.apache.wicket.extensions.markup.html.tabs.AbstractTab;
import org.apache.wicket.extensions.markup.html.tabs.ITab;
import org.apache.wicket.markup.html.WebMarkupContainer;
Expand All @@ -35,7 +35,7 @@
import org.apache.wicket.spring.injection.annot.SpringBean;

@ExtPage(label = "OIDC 1.0 C4UI", icon = "fab fa-openid",
listEntitlement = OIDC4UIEntitlement.OP_READ, priority = 300)
listEntitlement = OIDCC4UIEntitlement.OP_READ, priority = 300)
public class OIDCC4UI extends BaseExtPage {

private static final long serialVersionUID = -599601954212606001L;
Expand Down
10 changes: 5 additions & 5 deletions ...e/src/main/java/org/apache/syncope/client/console/panels/OIDCProvidersDirectoryPanel.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -51,7 +51,7 @@
import org.apache.syncope.common.lib.to.OIDCC4UIProviderTO;
import org.apache.syncope.common.lib.to.UserTO;
import org.apache.syncope.common.lib.types.AnyTypeKind;
import org.apache.syncope.common.lib.types.OIDC4UIEntitlement;
import org.apache.syncope.common.lib.types.OIDCC4UIEntitlement;
import org.apache.wicket.PageReference;
import org.apache.wicket.ajax.AjaxRequestTarget;
import org.apache.wicket.authroles.authorization.strategies.role.metadata.MetaDataRoleAuthorizationStrategy;
Expand Down Expand Up @@ -103,7 +103,7 @@ protected WizardMgtPanel<OIDCC4UIProviderTO> newInstance(final String id,

this.addNewItemPanelBuilder(new OIDCProviderWizardBuilder(
this, new OIDCC4UIProviderTO(), implementationRestClient, restClient, pageRef), true);
MetaDataRoleAuthorizationStrategy.authorize(addAjaxLink, RENDER, OIDC4UIEntitlement.OP_CREATE);
MetaDataRoleAuthorizationStrategy.authorize(addAjaxLink, RENDER, OIDCC4UIEntitlement.OP_CREATE);

modal.size(Modal.Size.Large);

Expand Down Expand Up @@ -183,7 +183,7 @@ public void onClick(final AjaxRequestTarget target, final OIDCC4UIProviderTO ign
new AjaxWizard.EditItemActionEvent<>(object, target));
modal.header(Model.of(StringUtils.capitalize(("Edit " + object.getName()))));
}
}, ActionLink.ActionType.EDIT, OIDC4UIEntitlement.OP_UPDATE);
}, ActionLink.ActionType.EDIT, OIDCC4UIEntitlement.OP_UPDATE);

panel.add(new ActionLink<>() {

Expand Down Expand Up @@ -217,7 +217,7 @@ protected Serializable onApplyInternal(final AnyWrapper<UserTO> modelObject) {
target.add(templateModal);

}
}, ActionLink.ActionType.TEMPLATE, OIDC4UIEntitlement.OP_UPDATE);
}, ActionLink.ActionType.TEMPLATE, OIDCC4UIEntitlement.OP_UPDATE);

panel.add(new ActionLink<>() {

Expand All @@ -235,7 +235,7 @@ public void onClick(final AjaxRequestTarget target, final OIDCC4UIProviderTO ign
}
((BasePage) pageRef.getPage()).getNotificationPanel().refresh(target);
}
}, ActionLink.ActionType.DELETE, OIDC4UIEntitlement.OP_DELETE, true);
}, ActionLink.ActionType.DELETE, OIDCC4UIEntitlement.OP_DELETE, true);
return panel;
}

Expand Down
6 changes: 3 additions & 3 deletions .../common/lib/types/OIDC4UIEntitlement.java → ...common/lib/types/OIDCC4UIEntitlement.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@
import java.util.Set;
import java.util.TreeSet;

public final class OIDC4UIEntitlement {
public final class OIDCC4UIEntitlement {

public static final String OP_READ = "OP_READ";

Expand All @@ -38,7 +38,7 @@ public final class OIDC4UIEntitlement {

static {
Set<String> values = new TreeSet<>();
for (Field field : OIDC4UIEntitlement.class.getDeclaredFields()) {
for (Field field : OIDCC4UIEntitlement.class.getDeclaredFields()) {
if (Modifier.isStatic(field.getModifiers()) && String.class.equals(field.getType())) {
values.add(field.getName());
}
Expand All @@ -50,7 +50,7 @@ public static Set<String> values() {
return VALUES;
}

private OIDC4UIEntitlement() {
private OIDCC4UIEntitlement() {
// private constructor for static utility class
}
}
53 changes: 26 additions & 27 deletions ext/oidcc4ui/logic/src/main/java/org/apache/syncope/core/logic/OIDCC4UILogic.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -41,7 +41,7 @@
import org.apache.syncope.common.lib.types.ClientExceptionType;
import org.apache.syncope.common.lib.types.IdRepoEntitlement;
import org.apache.syncope.core.logic.oidc.NoOpSessionStore;
import org.apache.syncope.core.logic.oidc.OIDC4UIContext;
import org.apache.syncope.core.logic.oidc.OIDCC4UIContext;
import org.apache.syncope.core.logic.oidc.OIDCClientCache;
import org.apache.syncope.core.logic.oidc.OIDCUserManager;
import org.apache.syncope.core.persistence.api.dao.NotFoundException;
Expand Down Expand Up @@ -114,7 +114,7 @@ public OIDCRequest createLoginRequest(final String redirectURI, final String opN

// 2. create OIDCRequest
WithLocationAction action = oidcClient.getRedirectionAction(
new CallContext(new OIDC4UIContext(), NoOpSessionStore.INSTANCE)).
new CallContext(new OIDCC4UIContext(), NoOpSessionStore.INSTANCE)).
map(WithLocationAction.class::cast).
orElseThrow(() -> {
SyncopeClientException sce = SyncopeClientException.build(ClientExceptionType.Unknown);
Expand Down Expand Up @@ -143,9 +143,8 @@ public OIDCLoginResponse login(final String redirectURI, final String authorizat
OidcCredentials credentials = new OidcCredentials();
credentials.setCode(new AuthorizationCode(authorizationCode));

OIDC4UIContext ctx = new OIDC4UIContext();

oidcClient.getAuthenticator().validate(new CallContext(ctx, NoOpSessionStore.INSTANCE), credentials);
oidcClient.getAuthenticator().validate(
new CallContext(new OIDCC4UIContext(), NoOpSessionStore.INSTANCE), credentials);

idToken = credentials.getIdToken().getJWTClaimsSet();
idTokenHint = credentials.getIdToken().serialize();
Expand All @@ -157,8 +156,8 @@ public OIDCLoginResponse login(final String redirectURI, final String authorizat
}

// 3. prepare the result
OIDCLoginResponse loginResponse = new OIDCLoginResponse();
loginResponse.setLogoutSupported(StringUtils.isNotBlank(op.getEndSessionEndpoint()));
OIDCLoginResponse loginResp = new OIDCLoginResponse();
loginResp.setLogoutSupported(StringUtils.isNotBlank(op.getEndSessionEndpoint()));

// 3a. find matching user (if any) and return the received attributes
String keyValue = idToken.getSubject();
Expand All @@ -171,16 +170,16 @@ public OIDCLoginResponse login(final String redirectURI, final String authorizat
orElse(null);
if (value != null) {
attrTO.getValues().add(value);
loginResponse.getAttrs().add(attrTO);
loginResp.getAttrs().add(attrTO);
if (item.isConnObjectKey()) {
keyValue = value;
}
}
}

List<String> matchingUsers = keyValue == null
? List.of()
: userManager.findMatchingUser(keyValue, op.getConnObjectKeyItem().get());
List<String> matchingUsers = Optional.ofNullable(keyValue).
map(k -> userManager.findMatchingUser(k, op.getConnObjectKeyItem().get())).
orElse(List.of());
LOG.debug("Found {} matching users for {}", matchingUsers.size(), keyValue);

// 3b. not found: create or selfreg if configured
Expand All @@ -191,23 +190,23 @@ public OIDCLoginResponse login(final String redirectURI, final String authorizat

String defaultUsername = keyValue;
username = AuthContextUtils.callAsAdmin(AuthContextUtils.getDomain(),
() -> userManager.create(op, loginResponse, defaultUsername));
() -> userManager.create(op, loginResp, defaultUsername));
} else if (op.isSelfRegUnmatching()) {
UserTO userTO = new UserTO();

userManager.fill(op, loginResponse, userTO);
userManager.fill(op, loginResp, userTO);

loginResponse.getAttrs().clear();
loginResponse.getAttrs().addAll(userTO.getPlainAttrs());
loginResp.getAttrs().clear();
loginResp.getAttrs().addAll(userTO.getPlainAttrs());
if (StringUtils.isNotBlank(userTO.getUsername())) {
loginResponse.setUsername(userTO.getUsername());
loginResp.setUsername(userTO.getUsername());
} else {
loginResponse.setUsername(keyValue);
loginResp.setUsername(keyValue);
}

loginResponse.setSelfReg(true);
loginResp.setSelfReg(true);

return loginResponse;
return loginResp;
} else {
throw new NotFoundException(Optional.ofNullable(keyValue).
map(value -> "User matching the provided value " + value).
Expand All @@ -220,13 +219,13 @@ public OIDCLoginResponse login(final String redirectURI, final String authorizat
LOG.debug("About to update {} for {}", matchingUsers.get(0), keyValue);

username = AuthContextUtils.callAsAdmin(AuthContextUtils.getDomain(),
() -> userManager.update(matchingUsers.get(0), op, loginResponse));
() -> userManager.update(matchingUsers.get(0), op, loginResp));
} else {
username = matchingUsers.get(0);
}
}

loginResponse.setUsername(username);
loginResp.setUsername(username);

// 4. generate JWT for further access
Map<String, Object> claims = new HashMap<>();
Expand All @@ -236,18 +235,18 @@ public OIDCLoginResponse login(final String redirectURI, final String authorizat
byte[] authorities = null;
try {
authorities = ENCRYPTOR.encode(POJOHelper.serialize(
authDataAccessor.getAuthorities(loginResponse.getUsername(), null)), CipherAlgorithm.AES).
authDataAccessor.getAuthorities(loginResp.getUsername(), null)), CipherAlgorithm.AES).
getBytes();
} catch (Exception e) {
LOG.error("Could not fetch authorities", e);
}

Pair<String, OffsetDateTime> accessTokenInfo =
accessTokenDataBinder.create(loginResponse.getUsername(), claims, authorities, true);
loginResponse.setAccessToken(accessTokenInfo.getLeft());
loginResponse.setAccessTokenExpiryTime(accessTokenInfo.getRight());
accessTokenDataBinder.create(loginResp.getUsername(), claims, authorities, true);
loginResp.setAccessToken(accessTokenInfo.getLeft());
loginResp.setAccessTokenExpiryTime(accessTokenInfo.getRight());

return loginResponse;
return loginResp;
}

@PreAuthorize("isAuthenticated() and not(hasRole('" + IdRepoEntitlement.ANONYMOUS + "'))")
Expand All @@ -274,7 +273,7 @@ public OIDCRequest createLogoutRequest(final String accessToken, final String re
profile.setIdTokenString((String) claimsSet.getClaim(JWT_CLAIM_ID_TOKEN));

WithLocationAction action = oidcClient.getLogoutAction(
new CallContext(new OIDC4UIContext(), NoOpSessionStore.INSTANCE),
new CallContext(new OIDCC4UIContext(), NoOpSessionStore.INSTANCE),
profile,
redirectURI).
map(WithLocationAction.class::cast).
Expand Down
Loading

0 comments on commit 691f7e1

Please sign in to comment.