Skip to content

Commit

Permalink
feat: documentation for ssa and remove softwareRoles query param of g…
Browse files Browse the repository at this point in the history
…et ssa (#3031)
  • Loading branch information
Milton-Ch authored Nov 18, 2022
1 parent 21dd6e5 commit d8e14eb
Show file tree
Hide file tree
Showing 13 changed files with 432 additions and 59 deletions.
406 changes: 399 additions & 7 deletions docs/admin/auth-server/endpoints/ssa.md

Large diffs are not rendered by default.

Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,6 @@
import jakarta.ws.rs.HttpMethod;
import jakarta.ws.rs.client.Invocation.Builder;
import org.apache.commons.lang.StringUtils;
import org.apache.http.client.utils.URIBuilder;
import org.apache.log4j.Logger;

public class SsaGetClient extends BaseClient<SsaGetRequest, SsaGetResponse> {
Expand All @@ -27,12 +26,11 @@ public String getHttpMethod() {
return HttpMethod.GET;
}

public SsaGetResponse execSsaGet(String accessToken, String jti, Long orgId, Boolean softwareRoles) {
public SsaGetResponse execSsaGet(String accessToken, String jti, Long orgId) {
SsaGetRequest ssaGetRequest = new SsaGetRequest();
ssaGetRequest.setAccessToken(accessToken);
ssaGetRequest.setJti(jti);
ssaGetRequest.setOrgId(orgId);
ssaGetRequest.setSoftwareRoles(softwareRoles);
setRequest(ssaGetRequest);
return exec();
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -20,8 +20,6 @@ public class SsaGetRequest extends BaseRequest {

private Long orgId;

private Boolean softwareRoles;

public SsaGetRequest() {
setContentType(MediaType.APPLICATION_JSON);
setMediaType(MediaType.APPLICATION_JSON);
Expand Down Expand Up @@ -52,20 +50,11 @@ public void setOrgId(Long orgId) {
this.orgId = orgId;
}

public Boolean getSoftwareRoles() {
return softwareRoles;
}

public void setSoftwareRoles(Boolean softwareRoles) {
this.softwareRoles = softwareRoles;
}

@Override
public String getQueryString() {
QueryBuilder builder = QueryBuilder.instance();
builder.append(SsaRequestParam.JTI.getName(), jti);
builder.append(SsaRequestParam.ORG_ID.getName(), orgId != null ? orgId.toString() : "");
builder.append(SsaRequestParam.SOFTWARE_ROLES.getName(), softwareRoles != null ? softwareRoles.toString() : "");
return builder.toString();
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -51,7 +51,7 @@ public void getSsaSearchByOrgId(final String redirectUris, final String sectorId

// Ssa get
SsaGetClient ssaGetClient = new SsaGetClient(ssaEndpoint);
SsaGetResponse ssaGetResponse = ssaGetClient.execSsaGet(accessToken, null, orgId1, false);
SsaGetResponse ssaGetResponse = ssaGetClient.execSsaGet(accessToken, null, orgId1);
AssertBuilder.ssaGet(ssaGetResponse)
.ssaListSize(2)
.jtiList(jtiList)
Expand Down Expand Up @@ -82,7 +82,7 @@ public void getSsaSearchByJti(final String redirectUris, final String sectorIden

// Ssa get
SsaGetClient ssaGetClient = new SsaGetClient(ssaEndpoint);
SsaGetResponse ssaGetResponse = ssaGetClient.execSsaGet(accessToken, jti, null, false);
SsaGetResponse ssaGetResponse = ssaGetClient.execSsaGet(accessToken, jti, null);
AssertBuilder.ssaGet(ssaGetResponse)
.ssaListSize(1)
.jtiList(jtiList)
Expand Down Expand Up @@ -114,7 +114,7 @@ public void getSsaSearchByOrgIdAndJti(final String redirectUris, final String se

// Ssa get
SsaGetClient ssaGetClient = new SsaGetClient(ssaEndpoint);
SsaGetResponse ssaGetResponse = ssaGetClient.execSsaGet(accessToken, jti, orgId1, false);
SsaGetResponse ssaGetResponse = ssaGetClient.execSsaGet(accessToken, jti, orgId1);
AssertBuilder.ssaGet(ssaGetResponse)
.ssaListSize(1)
.jtiList(jtiList)
Expand Down Expand Up @@ -145,7 +145,7 @@ public void getSsaSearchByJtiNotExits(final String redirectUris, final String se

// Ssa get
SsaGetClient ssaGetClient = new SsaGetClient(ssaEndpoint);
SsaGetResponse ssaGetResponse = ssaGetClient.execSsaGet(accessToken, jti, null, false);
SsaGetResponse ssaGetResponse = ssaGetClient.execSsaGet(accessToken, jti, null);
AssertBuilder.ssaGet(ssaGetResponse)
.ssaListSize(0)
.jtiList(jtiList)
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -64,7 +64,7 @@ public void revokeWithJtiResponseOK(final String redirectUris, final String sect

// Ssa get
SsaGetClient ssaGetClient = new SsaGetClient(ssaEndpoint);
SsaGetResponse ssaGetResponse = ssaGetClient.execSsaGet(accessToken, jti, orgId, false);
SsaGetResponse ssaGetResponse = ssaGetClient.execSsaGet(accessToken, jti, orgId);
showClient(ssaGetClient);
assertNotNull(ssaGetResponse, "Ssa get response is null");
assertTrue(ssaGetResponse.getSsaList().isEmpty());
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,6 @@ public enum SsaScopeType {
SSA_DEVELOPER("https://jans.io/auth/ssa.developer"),
;


private static final Map<String, SsaScopeType> lookup = new HashMap<>();

static {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -37,9 +37,9 @@ Response create(
/**
* Get list of SSA based on "jti" or "org_id" filter.
*
* @param jti Unique identifier
* @param orgId Organization ID
* @param httpRequest Http request
* @param jti Unique identifier
* @param orgId Organization ID
* @param httpRequest Http request
* @return the {@link Response} with status {@code 200 (Ok)} and with body the ssa list,
* or with status {@code 401 (Unauthorized)} if unauthorized access request,
* or with status {@code 500 (Internal Server Error)} if internal error occurred.
Expand All @@ -48,7 +48,6 @@ Response create(
@Path("/ssa")
@Produces({MediaType.APPLICATION_JSON})
Response get(
@QueryParam("software_roles") Boolean softwareRoles,
@QueryParam("jti") String jti,
@QueryParam("org_id") Long orgId,
@Context HttpServletRequest httpRequest
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -60,8 +60,8 @@ public Response create(String requestParams, HttpServletRequest httpRequest) {
* @return {@link Response} with status {@code 200 (Ok)} and with body List of SSA.
*/
@Override
public Response get(Boolean softwareRoles, String jti, Long orgId, HttpServletRequest httpRequest) {
return ssaGetAction.get(softwareRoles, jti, orgId, httpRequest);
public Response get(String jti, Long orgId, HttpServletRequest httpRequest) {
return ssaGetAction.get(jti, orgId, httpRequest);
}

/**
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -104,7 +104,7 @@ public Ssa findSsaByJti(String jti) {
*/
public List<Ssa> getSsaList(String jti, Long orgId, SsaState status, String clientId, String[] scopes) {
List<Filter> filters = new ArrayList<>();
if (hasPortalScope(Arrays.asList(scopes))) {
if (hasDeveloperScope(Arrays.asList(scopes))) {
filters.add(Filter.createEqualityFilter("creatorId", clientId));
}
if (jti != null) {
Expand Down Expand Up @@ -183,19 +183,19 @@ public Response.ResponseBuilder createNotAcceptableResponse() {
}

/**
* Check if there is only one "ssa.portal" scope
* Check if there is only one "ssa.developer" scope
*
* @param scopes List of scope
* @return true if is only one "ssa.portal", or false otherwise
* @return true if is only one "ssa.developer", or false otherwise
*/
private boolean hasPortalScope(List<String> scopes) {
private boolean hasDeveloperScope(List<String> scopes) {
Iterator<String> scopesIterator = scopes.iterator();
boolean result = false;
while (scopesIterator.hasNext()) {
String scope = scopesIterator.next();
if (scope.equals(SsaScopeType.SSA_ADMIN.getValue())) {
if (scope.equals(SsaScopeType.SSA_ADMIN.getValue()) || scope.equals(SsaScopeType.SSA_PORTAL.getValue())) {
return false;
} else if (scope.equals(SsaScopeType.SSA_PORTAL.getValue())) {
} else if (scope.equals(SsaScopeType.SSA_DEVELOPER.getValue())) {
result = true;
}
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -93,14 +93,14 @@ public class SsaGetAction {
* @param httpRequest Http request
* @return {@link Response} with status {@code 200 (Ok)} and the body containing the list of SSAs.
*/
public Response get(Boolean softwareRoles, String jti, Long orgId, HttpServletRequest httpRequest) {
log.debug("Attempting to read ssa: softwareRoles = {}, jti = '{}', orgId = {}", softwareRoles, jti, orgId);
public Response get(String jti, Long orgId, HttpServletRequest httpRequest) {
log.debug("Attempting to read ssa: softwareRoles = {}, orgId = {}", jti, orgId);

errorResponseFactory.validateFeatureEnabled(FeatureFlagType.SSA);
Response.ResponseBuilder builder = Response.ok();
try {
final Client client = ssaRestWebServiceValidator.getClientFromSession();
ssaRestWebServiceValidator.checkScopesPolicy(client, Arrays.asList(SsaScopeType.SSA_ADMIN.getValue(), SsaScopeType.SSA_PORTAL.getValue()));
ssaRestWebServiceValidator.checkScopesPolicy(client, Arrays.asList(SsaScopeType.SSA_ADMIN.getValue(), SsaScopeType.SSA_PORTAL.getValue(), SsaScopeType.SSA_DEVELOPER.getValue()));

final List<Ssa> ssaList = ssaService.getSsaList(jti, orgId, SsaState.ACTIVE, client.getClientId(), client.getScopes());

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -47,11 +47,11 @@ public void create_validParams_validResponse() {

@Test
public void get_validParams_validResponse() {
when(ssaGetAction.get(anyBoolean(), anyString(), any(), any())).thenReturn(mock(Response.class));
when(ssaGetAction.get(anyString(), any(), any())).thenReturn(mock(Response.class));

Response response = ssaRestWebServiceImpl.get(false, "testJti", 1000L, mock(HttpServletRequest.class));
Response response = ssaRestWebServiceImpl.get("testJti", 1000L, mock(HttpServletRequest.class));
assertNotNull(response, "response is null");
verify(ssaGetAction).get(anyBoolean(), anyString(), any(), any());
verify(ssaGetAction).get(anyString(), any(), any());
verifyNoMoreInteractions(ssaGetAction);
}

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -198,7 +198,7 @@ public void findSsaByJti_jtiNotFound_ssaNull() {
}

@Test
public void getSsaList_withPortalScope_valid() {
public void getSsaList_withDeveloperScope_valid() {
BaseDnConfiguration baseDnConfiguration = new BaseDnConfiguration();
baseDnConfiguration.setSsa("ou=ssa,o=jans");
when(staticConfiguration.getBaseDn()).thenReturn(baseDnConfiguration);
Expand All @@ -207,7 +207,7 @@ public void getSsaList_withPortalScope_valid() {
Long orgId = null;
SsaState status = null;
String clientId = "test-client";
String[] scopes = new String[]{SsaScopeType.SSA_PORTAL.getValue()};
String[] scopes = new String[]{SsaScopeType.SSA_DEVELOPER.getValue()};
List<Ssa> ssaList = ssaService.getSsaList(jti, orgId, status, clientId, scopes);
assertNotNull(ssaList);
verify(log).trace(eq("Filter with AND created: " + String.format("[(creatorId=%s)]", clientId)));
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -55,14 +55,13 @@ public void get_withAllParam_valid() {
client.setDn("inum=0000,ou=clients,o=jans");
when(ssaRestWebServiceValidator.getClientFromSession()).thenReturn(client);

boolean softwareRoles = false;
String jti = "my-jti";
Long orgId = 1000L;
Response response = ssaGetAction.get(softwareRoles, jti, orgId, mock(HttpServletRequest.class));
Response response = ssaGetAction.get(jti, orgId, mock(HttpServletRequest.class));
assertNotNull(response, "response is null");
assertNotNull(response.getEntity(), "response entity is null");
assertEquals(response.getStatus(), Response.Status.OK.getStatusCode());
verify(log).debug(anyString(), any(), any(), any());
verify(log).debug(anyString(), any(), any());
verify(errorResponseFactory).validateFeatureEnabled(any());
verify(ssaContextBuilder).buildModifySsaResponseContext(any(), any(), any(), any(), any());
verify(ssaJsonService).jsonArrayToString(any());
Expand All @@ -79,11 +78,10 @@ public void get_invalidClientAndIsErrorEnabledFalse_badRequestResponse() {
doThrow(error).when(ssaRestWebServiceValidator).getClientFromSession();
when(log.isErrorEnabled()).thenReturn(Boolean.FALSE);

boolean softwareRoles = false;
String jti = "my-jti";
Long orgId = 1000L;
assertThrows(WebApplicationException.class, () -> ssaGetAction.get(softwareRoles, jti, orgId, mock(HttpServletRequest.class)));
verify(log).debug(anyString(), any(), any(), any());
assertThrows(WebApplicationException.class, () -> ssaGetAction.get(jti, orgId, mock(HttpServletRequest.class)));
verify(log).debug(anyString(), any(), any());
verify(ssaRestWebServiceValidator).getClientFromSession();
verify(log).isErrorEnabled();
verify(log, never()).error(anyString(), any(WebApplicationException.class));
Expand All @@ -100,11 +98,10 @@ public void get_invalidClientAndIsErrorEnabledTrue_badRequestResponse() {
doThrow(error).when(ssaRestWebServiceValidator).getClientFromSession();
when(log.isErrorEnabled()).thenReturn(Boolean.TRUE);

boolean softwareRoles = false;
String jti = "my-jti";
Long orgId = 1000L;
assertThrows(WebApplicationException.class, () -> ssaGetAction.get(softwareRoles, jti, orgId, mock(HttpServletRequest.class)));
verify(log).debug(anyString(), any(), any(), any());
assertThrows(WebApplicationException.class, () -> ssaGetAction.get(jti, orgId, mock(HttpServletRequest.class)));
verify(log).debug(anyString(), any(), any());
verify(ssaRestWebServiceValidator).getClientFromSession();
verify(log).isErrorEnabled();
verify(log).error(anyString(), any(WebApplicationException.class));
Expand All @@ -120,11 +117,10 @@ public void get_invalidClientInternalServer_badRequestResponse() {
.build());
when(errorResponseFactory.createWebApplicationException(any(Response.Status.class), any(SsaErrorResponseType.class), anyString())).thenThrow(error);

boolean softwareRoles = false;
String jti = "my-jti";
Long orgId = 1000L;
assertThrows(WebApplicationException.class, () -> ssaGetAction.get(softwareRoles, jti, orgId, mock(HttpServletRequest.class)));
verify(log).debug(anyString(), any(), any(), any());
assertThrows(WebApplicationException.class, () -> ssaGetAction.get(jti, orgId, mock(HttpServletRequest.class)));
verify(log).debug(anyString(), any(), any());
verify(ssaRestWebServiceValidator).getClientFromSession();
verify(log, never()).isErrorEnabled();
verify(log).error(any(), any(Exception.class));
Expand Down

0 comments on commit d8e14eb

Please sign in to comment.