From 6b61556b49cca96622c2e59b1e99244a7eaae3ab Mon Sep 17 00:00:00 2001 From: pujavs <43700552+pujavs@users.noreply.github.com> Date: Tue, 8 Nov 2022 23:46:55 +0530 Subject: [PATCH] fix(config-api): swagger update for enum and error handling (#2934) * fix(config-api): client creation exception * fix(config-api): client creations exception * fix(config-api): issues fixed 2743, 2755 and 2689 * fix(config-api): change to use fido2 app config model * fix(config-api): change to use fido2 app config model * docs(config-api): swagger fix for script enum * fix: avoid NPE when configuration is missing #2857 (#2863) * Initial commit IDM, IAG, 2FA Portal (#2873) initial commit * fix(image): multiple dynamic scopes created when using 2 replicas (#2871) * feat: for file based scripts check both script revision and file (#2878) modification time #2877 Co-authored-by: Yuriy Movchan * feat(jans-auth-server): added token exchange support to client #2518 (#2855) And added native sso http test. * feat: ssa revoke endpoint (#2865) * docs: update ubuntu.md (#2870) * docs: Helm install on GKE, AKS, and EKS (#2777) * docs: Helm install on GKE * docs: fix to yaml * docs: remove unnecessary sudo, kubeconfig flag and create namespace Creating namespace initially makes more sense. Since it can be used during the database installation. Also removing sudo makes kubeconfig flag unnecessary too * docs: fix file name * docs: fix * docs: fix indentation fix indentation so that copying is simpler * docs: rephrase * docs: Helm install on EKS docs: Helm install on EKS * fix: typo * docs: EKS fix * docs: fix mistake in GKE too * docs: Helm install on AKS * docs: fix * fix(jans-auth-server): fix language metadata format (#2883) * fix(jans-auth-server): fix language metadata format * fix(jans-auth-server): fix language metadata format * Initial checkin: RBAC, central authz (#2884) Starting point for these topics * fix(config-api): swagger update for enum and error handling Co-authored-by: Jose Co-authored-by: Mike Schwartz Co-authored-by: Isman Firmansyah Co-authored-by: Yuriy M <95305560+yuremm@users.noreply.github.com> Co-authored-by: Yuriy Movchan Co-authored-by: YuriyZ Co-authored-by: Milton Ch <86965029+Milton-Ch@users.noreply.github.com> Co-authored-by: mzico Co-authored-by: misba7 Co-authored-by: Javier Rojas --- .../docs/jans-config-api-swagger-auto.yaml | 34 +++++++---- .../docs/jans-config-api-swagger.yaml | 59 +++++++++---------- .../plugin/mgt/rest/UserResource.java | 18 +++--- .../configapi/core/rest/BaseResource.java | 26 ++++++-- 4 files changed, 83 insertions(+), 54 deletions(-) diff --git a/jans-config-api/docs/jans-config-api-swagger-auto.yaml b/jans-config-api/docs/jans-config-api-swagger-auto.yaml index d2a2972f1c2..e5ed6d6964d 100644 --- a/jans-config-api/docs/jans-config-api-swagger-auto.yaml +++ b/jans-config-api/docs/jans-config-api-swagger-auto.yaml @@ -7178,18 +7178,18 @@ components: $ref: '#/components/schemas/AttributeValidation' tooltip: type: string + adminCanAccess: + type: boolean + userCanAccess: + type: boolean adminCanEdit: type: boolean userCanView: type: boolean - adminCanAccess: - type: boolean userCanEdit: type: boolean adminCanView: type: boolean - userCanAccess: - type: boolean whitePagesCanView: type: boolean baseDn: @@ -7370,14 +7370,24 @@ components: idTokenTokenBindingCnf: type: string clientName: - $ref: '#/components/schemas/LocalizedString' + type: string logoUri: - $ref: '#/components/schemas/LocalizedString' + type: string clientUri: - $ref: '#/components/schemas/LocalizedString' + type: string policyUri: - $ref: '#/components/schemas/LocalizedString' + type: string tosUri: + type: string + clientNameLocalized: + $ref: '#/components/schemas/LocalizedString' + logoUriLocalized: + $ref: '#/components/schemas/LocalizedString' + clientUriLocalized: + $ref: '#/components/schemas/LocalizedString' + policyUriLocalized: + $ref: '#/components/schemas/LocalizedString' + tosUriLocalized: $ref: '#/components/schemas/LocalizedString' jwksUri: type: string @@ -7518,6 +7528,8 @@ components: format: int32 displayName: type: string + tokenBindingSupported: + type: boolean authenticationMethod: type: string enum: @@ -7529,8 +7541,6 @@ components: - tls_client_auth - self_signed_tls_client_auth - none - tokenBindingSupported: - type: boolean baseDn: type: string inum: @@ -8333,8 +8343,6 @@ components: $ref: '#/components/schemas/EngineConfig' ssaConfiguration: $ref: '#/components/schemas/SsaConfiguration' - fapi: - type: boolean enabledFeatureFlags: uniqueItems: true type: array @@ -8371,6 +8379,8 @@ components: - code - token - id_token + fapi: + type: boolean AuthenticationFilter: required: - baseDn diff --git a/jans-config-api/docs/jans-config-api-swagger.yaml b/jans-config-api/docs/jans-config-api-swagger.yaml index f55c45f8857..591a3ec979f 100644 --- a/jans-config-api/docs/jans-config-api-swagger.yaml +++ b/jans-config-api/docs/jans-config-api-swagger.yaml @@ -4441,9 +4441,6 @@ components: description: LDAP custom object class list for dynamic person enrolment. items: type: string - enum: - - gluuCustomPerson - - gluuPerson persistIdTokenInLdap: type: boolean description: Specifies whether to persist id_token into LDAP (otherwise saves into cache). @@ -5020,42 +5017,42 @@ components: type: string description: Data Type of attribute. enum: - - STRING - - NUMERIC - - BOOLEAN - - BINARY - - CERTIFICATE - - DATE - - JSON + - string + - numeric + - boolean + - binary + - certificate + - date + - json editType: type: array description: GluuUserRole items: type: string enum: - - ADMIN - - OWNER - - MANAGER - - USER - - WHITEPAGES + - admin + - owner + - manager + - user + - whitepages viewType: type: array description: GluuUserRole items: type: string enum: - - ADMIN - - OWNER - - MANAGER - - USER - - WHITEPAGES + - admin + - owner + - manager + - user + - whitepages usageType: type: array description: GluuAttributeUsageType items: type: string enum: - - OPENID + - openid claimName: type: string seeAlso: @@ -5064,10 +5061,10 @@ components: type: string description: Attrubute status enum: - - ACTIVE - - INACTIVE - - EXPIRED - - REGISTER + - active + - inactive + - expired + - register saml1Uri: type: string saml2Uri: @@ -5224,10 +5221,10 @@ components: description: Scope creator type type: string enum: - - NONE - - CLIENT - - USER - - AUTO + - none + - client + - user + - auto creationDate: description: Scope creation date time. type: string @@ -7434,8 +7431,8 @@ components: description: Session status type: string enum: - - AUTHENTICATED - - UNAUTHENTICATED + - authenticated + - unauthenticated sessionState: description: state of session. type: string diff --git a/jans-config-api/plugins/user-mgt-plugin/src/main/java/io/jans/configapi/plugin/mgt/rest/UserResource.java b/jans-config-api/plugins/user-mgt-plugin/src/main/java/io/jans/configapi/plugin/mgt/rest/UserResource.java index 14f7d55f0d9..edea2d0c6a4 100644 --- a/jans-config-api/plugins/user-mgt-plugin/src/main/java/io/jans/configapi/plugin/mgt/rest/UserResource.java +++ b/jans-config-api/plugins/user-mgt-plugin/src/main/java/io/jans/configapi/plugin/mgt/rest/UserResource.java @@ -74,7 +74,7 @@ private class UserPagedResult extends PagedResult{}; "Configuration – User Management" }, security = @SecurityRequirement(name = "oauth2", scopes = { ApiAccessConstants.USER_READ_ACCESS })) @ApiResponses(value = { - @ApiResponse(responseCode = "200", description = "Ok", content = @Content(mediaType = MediaType.APPLICATION_JSON, schema = @Schema(implementation = UserPagedResult.class) , examples = @ExampleObject(name = "Response json example", value = "example/user/user-all.json"))), + @ApiResponse(responseCode = "200", description = "Ok", content = @Content(mediaType = MediaType.APPLICATION_JSON, schema = @Schema(implementation = UserPagedResult.class), examples = @ExampleObject(name = "Response json example", value = "example/user/user-all.json"))), @ApiResponse(responseCode = "401", description = "Unauthorized"), @ApiResponse(responseCode = "500", description = "InternalServerError") }) @GET @@ -101,7 +101,7 @@ public Response getUsers( "Configuration – User Management" }, security = @SecurityRequirement(name = "oauth2", scopes = { ApiAccessConstants.USER_READ_ACCESS })) @ApiResponses(value = { - @ApiResponse(responseCode = "200", description = "Ok", content = @Content(mediaType = MediaType.APPLICATION_JSON, schema = @Schema(implementation = CustomUser.class, description = "CustomUser identified by inum") , examples = @ExampleObject(name = "Response json example", value = "example/user/user.json"))), + @ApiResponse(responseCode = "200", description = "Ok", content = @Content(mediaType = MediaType.APPLICATION_JSON, schema = @Schema(implementation = CustomUser.class, description = "CustomUser identified by inum"), examples = @ExampleObject(name = "Response json example", value = "example/user/user.json"))), @ApiResponse(responseCode = "401", description = "Unauthorized"), @ApiResponse(responseCode = "404", description = "Not Found"), @ApiResponse(responseCode = "500", description = "InternalServerError") }) @@ -196,9 +196,13 @@ public Response updateUser(@Valid CustomUser customUser) List excludeAttributes = List.of(USER_PWD); checkMissingAttributes(user, excludeAttributes); ignoreCustomObjectClassesForNonLDAP(user); - - user = userMgmtSrv.updateUser(user); - logger.debug("Updated user:{}", user); + try { + user = userMgmtSrv.updateUser(user); + logger.debug("Updated user:{}", user); + } catch (Exception ex) { + logger.error("Error while updating user", ex); + thorwInternalServerException(ex); + } // excludedAttributes user = excludeUserAttributes(user); @@ -208,6 +212,7 @@ public Response updateUser(@Valid CustomUser customUser) logger.debug("updated customUser:{}", customUser); return Response.ok(customUser).build(); + } @Operation(summary = "Patch user properties by Inum", description = "Patch user properties by Inum", operationId = "patch-user-by-inum", tags = { @@ -270,8 +275,7 @@ public Response deleteUser(@PathParam(ApiConstants.INUM) @NotNull String inum) { return Response.noContent().build(); } - private UserPagedResult doSearch(SearchRequest searchReq) - throws IllegalAccessException, InvocationTargetException { + private UserPagedResult doSearch(SearchRequest searchReq) throws IllegalAccessException, InvocationTargetException { if (logger.isDebugEnabled()) { logger.debug("User search params - searchReq:{} ", escapeLog(searchReq)); } diff --git a/jans-config-api/shared/src/main/java/io/jans/configapi/core/rest/BaseResource.java b/jans-config-api/shared/src/main/java/io/jans/configapi/core/rest/BaseResource.java index 5d109d827e5..c33b14d40b6 100644 --- a/jans-config-api/shared/src/main/java/io/jans/configapi/core/rest/BaseResource.java +++ b/jans-config-api/shared/src/main/java/io/jans/configapi/core/rest/BaseResource.java @@ -28,7 +28,7 @@ import org.slf4j.LoggerFactory; public class BaseResource { - + @Inject Util util; @@ -37,7 +37,7 @@ public class BaseResource { public static final String MISSING_ATTRIBUTE_CODE = "OCA001"; public static final String MISSING_ATTRIBUTE_MESSAGE = "A required attribute is missing."; public static final String TOKEN_DELIMITER = ","; - + public static void checkResourceNotNull(T resource, String objectName) { if (resource == null) { throw new NotFoundException(getNotFoundError(objectName)); @@ -101,6 +101,13 @@ public static void thorwInternalServerException(String msg) { throw new InternalServerErrorException(getInternalServerException(msg)); } + public static void thorwInternalServerException(Throwable throwable) { + throwable = findRootError(throwable); + if (throwable != null) { + throw new InternalServerErrorException(getInternalServerException(throwable.getMessage())); + } + } + /** * @param attributeName * @return @@ -173,7 +180,7 @@ protected SearchRequest createSearchRequest(String schemas, String filter, Strin if (StringUtils.isEmpty(sortOrder) || !sortOrder.equals(SortOrder.DESCENDING.getValue())) { sortOrder = SortOrder.ASCENDING.getValue(); } - log.debug(" util.getTokens(filter,TOKEN_DELIMITER):{} ", util.getTokens(filter,TOKEN_DELIMITER)); + log.debug(" util.getTokens(filter,TOKEN_DELIMITER):{} ", util.getTokens(filter, TOKEN_DELIMITER)); searchRequest.setSchemas(schemas); searchRequest.setAttributes(attrsList); searchRequest.setExcludedAttributes(excludedAttrsList); @@ -183,9 +190,20 @@ protected SearchRequest createSearchRequest(String schemas, String filter, Strin searchRequest.setStartIndex(startIndex); searchRequest.setCount(count); searchRequest.setMaxCount(maximumRecCount); - searchRequest.setFilterAssertionValue(util.getTokens(filter,TOKEN_DELIMITER)); + searchRequest.setFilterAssertionValue(util.getTokens(filter, TOKEN_DELIMITER)); return searchRequest; } + public static Throwable findRootError(Throwable throwable) { + if (throwable == null) { + return throwable; + } + Throwable rootCause = throwable; + while (rootCause.getCause() != null && rootCause.getCause() != rootCause) { + rootCause = rootCause.getCause(); + } + return rootCause; + } + }