Bug/Vas-#12843 : fix bug on patch saml provider (#1866)

Co-authored-by: Benaissa BENARBIA <benaissa.benarbia.ext@culture.gouv.fr>
ProgrammeVitam · May 21, 2024 · 0a1146b · 0a1146b
1 parent 85986f0
commit 0a1146b
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 3 deletions.
diff --git a/...ain/java/fr/gouv/vitamui/iam/external/server/rest/IdentityProviderExternalController.java b/...ain/java/fr/gouv/vitamui/iam/external/server/rest/IdentityProviderExternalController.java
@@ -124,6 +124,9 @@ public ResponseEntity<Void> checkExist(final String criteria) {
         throw new UnsupportedOperationException("checkExist not implemented");
     }
 
+    /**
+     * In this method, exceptionally, we disable content sanitization because we are dealing with SAML-type providers whose XML configuration file might contain HTML content.
+     */
     @Override
     @PostMapping
     @Secured(ServicesData.ROLE_CREATE_PROVIDERS)
@@ -139,6 +142,9 @@ public IdentityProviderDto update(final @PathVariable("id") String id, final @Va
         throw new UnsupportedOperationException("update not implemented");
     }
 
+    /**
+     * In this method, exceptionally, we disable content sanitization because we are dealing with SAML-type providers whose XML configuration file might contain HTML content.
+     */
     @Override
     @PatchMapping(CommonConstants.PATH_ID)
     @Secured(ServicesData.ROLE_UPDATE_PROVIDERS)

diff --git a/...ain/java/fr/gouv/vitamui/iam/internal/server/rest/IdentityProviderInternalController.java b/...ain/java/fr/gouv/vitamui/iam/internal/server/rest/IdentityProviderInternalController.java
@@ -134,7 +134,7 @@ public ResponseEntity<Void> checkExist(final String criteria) {
     }
 
     /**
-     * {@inheritDoc}
+     * In this method, exceptionally, we disable content sanitization because we are dealing with SAML-type providers whose XML configuration file might contain HTML content.
      */
     @Override
     @PostMapping
@@ -154,7 +154,7 @@ public IdentityProviderDto update(final @PathVariable("id") String id,
     }
 
     /**
-     * {@inheritDoc}
+     * In this method, exceptionally, we disable content sanitization because we are dealing with SAML-type providers whose XML configuration file might contain HTML content.
      */
     @Override
     @PatchMapping(CommonConstants.PATH_ID)
@@ -164,7 +164,6 @@ public IdentityProviderDto patch(final @PathVariable("id") String id,
         LOGGER.debug("Patch {}", id, partialDto);
         ParameterChecker.checkParameter("The Identifier is a mandatory parameter: ", id);
         SanityChecker.checkSecureParameter(id);
-        SanityChecker.sanitizeCriteria(partialDto);
         Assert.isTrue(StringUtils.equals(id, (String) partialDto.get("id")),
             "The DTO identifier must match the path identifier for update.");
         return internalIdentityProviderService.patch(partialDto);