Skip to content
Snippets Groups Projects
Commit 53a0abca authored by Lukasz Lopatowski's avatar Lukasz Lopatowski
Browse files

Merge branch 'release/1.7.1' into 'develop'

Release/1.7.1

See merge request !145
parents f2386ee8 0abc6e8d
No related branches found
No related tags found
1 merge request!145Release/1.7.1
Pipeline #93392 passed
...@@ -71,7 +71,7 @@ public class OIDCAuthController { ...@@ -71,7 +71,7 @@ public class OIDCAuthController {
); );
throw new AuthenticationException(ae.getMessage()); throw new AuthenticationException(ae.getMessage());
} }
checkUserApprovals(user); // checkUserApprovals(user);
if (configurationManager.getConfiguration().isMaintenance() if (configurationManager.getConfiguration().isMaintenance()
&& user.getRoles().stream().noneMatch(value -> value.getRole().equals(Role.ROLE_SYSTEM_ADMIN))) { && user.getRoles().stream().noneMatch(value -> value.getRole().equals(Role.ROLE_SYSTEM_ADMIN))) {
......
...@@ -26,12 +26,11 @@ import java.util.stream.Collectors; ...@@ -26,12 +26,11 @@ import java.util.stream.Collectors;
@Slf4j @Slf4j
public class JWTTokenService { public class JWTTokenService {
private JWTSettings jwtSettings;
private static final String SCOPES = "scopes"; private static final String SCOPES = "scopes";
private static final String LANGUAGE = "language"; private static final String LANGUAGE = "language";
private JWTSettings jwtSettings;
@Value("${domain.global:GLOBAL}") @Value("${domain.global:GLOBAL}")
String globalDomain; String globalDomain;
...@@ -47,16 +46,16 @@ public class JWTTokenService { ...@@ -47,16 +46,16 @@ public class JWTTokenService {
if (user == null || StringUtils.isEmpty(user.getUsername())) { if (user == null || StringUtils.isEmpty(user.getUsername())) {
throw new IllegalArgumentException("User or username is not set"); throw new IllegalArgumentException("User or username is not set");
} }
if(user.getFirstname() != null && !user.getFirstname().isEmpty()) { if (user.getFirstname() != null && !user.getFirstname().isEmpty()) {
preferredUsername = user.getFirstname(); preferredUsername = user.getFirstname();
}else{ } else {
preferredUsername = user.getUsername(); preferredUsername = user.getUsername();
} }
log.error("Get request for a token"); log.trace("Get request for a token");
log.error("user = {} {} {}", user.getId(), user.getUsername(), user.getSelectedLanguage()); log.trace("user = {} {} {}", user.getId(), user.getUsername(), user.getSelectedLanguage());
log.error("jwtSigningKey= {}", jwtSettings.getSigningKey()); log.trace("jwtSigningKey= {}", jwtSettings.getSigningKey());
user.getRoles().forEach(role -> { user.getRoles().forEach(role -> {
log.error("Role = {} {} {} {}", role.getRole().toString(), role.getAuthority(), role.getDomain().getCodename(), role.getUser().getId()); log.trace("Role = {} {} {} {}", role.getRole().toString(), role.getAuthority(), role.getDomain().getCodename(), role.getUser().getId());
}); });
String result = Jwts.builder() String result = Jwts.builder()
.setSubject(user.getUsername()) .setSubject(user.getUsername())
...@@ -88,7 +87,7 @@ public class JWTTokenService { ...@@ -88,7 +87,7 @@ public class JWTTokenService {
.claim(LANGUAGE, user.getSelectedLanguage()) .claim(LANGUAGE, user.getSelectedLanguage())
.signWith(getSignInKey(jwtSettings.getSigningKey()), SignatureAlgorithm.HS512) .signWith(getSignInKey(jwtSettings.getSigningKey()), SignatureAlgorithm.HS512)
.compact(); .compact();
log.error(result); log.trace(result);
return result; return result;
} }
......
...@@ -74,7 +74,7 @@ public class ApplicationBaseServiceImpl implements ApplicationBaseService { ...@@ -74,7 +74,7 @@ public class ApplicationBaseServiceImpl implements ApplicationBaseService {
private void handleTags(ApplicationBase base) { private void handleTags(ApplicationBase base) {
List<Tag> tags = base.getTags().stream() List<Tag> tags = base.getTags().stream()
.map(tag -> tagRepository.findByName(tag.getName()).orElse(new Tag(tag.getName()))) .map(tag -> tagRepository.findByName(tag.getName()).orElse(new Tag(tag.getName())))
.collect(Collectors.toList()); .toList();
base.setTags(new HashSet<>(tags)); base.setTags(new HashSet<>(tags));
} }
...@@ -139,16 +139,16 @@ public class ApplicationBaseServiceImpl implements ApplicationBaseService { ...@@ -139,16 +139,16 @@ public class ApplicationBaseServiceImpl implements ApplicationBaseService {
@Override @Override
public List<ApplicationBaseViewS> findAllActiveAppsSmall() { public List<ApplicationBaseViewS> findAllActiveAppsSmall() {
log.debug("Loading information about all applications"); log.trace("Loading information about all applications");
LocalDateTime beginning = LocalDateTime.now(); LocalDateTime beginning = LocalDateTime.now();
List<ApplicationBaseS> allSmall = appBaseRepository.findAllSmall(); List<ApplicationBaseS> allSmall = appBaseRepository.findAllSmall();
LocalDateTime end = LocalDateTime.now(); LocalDateTime end = LocalDateTime.now();
log.debug("Loaded base data from db in {}ms", end.toInstant(ZoneOffset.UTC).toEpochMilli() - beginning.toInstant(ZoneOffset.UTC).toEpochMilli()); log.trace("Loaded base data from db in {}ms", end.toInstant(ZoneOffset.UTC).toEpochMilli() - beginning.toInstant(ZoneOffset.UTC).toEpochMilli());
List<ApplicationBaseViewS> result = allSmall.stream() List<ApplicationBaseViewS> result = allSmall.stream()
.map(app -> modelMapper.map(app, ApplicationBaseViewS.class)) .map(app -> modelMapper.map(app, ApplicationBaseViewS.class))
.collect(Collectors.toList()); .collect(Collectors.toList());
LocalDateTime finish = LocalDateTime.now(); LocalDateTime finish = LocalDateTime.now();
log.debug("Complete data is ready after next {}ms", finish.toInstant(ZoneOffset.UTC).toEpochMilli() - end.toInstant(ZoneOffset.UTC).toEpochMilli()); log.trace("Complete data is ready after next {}ms", finish.toInstant(ZoneOffset.UTC).toEpochMilli() - end.toInstant(ZoneOffset.UTC).toEpochMilli());
return result; return result;
} }
......
...@@ -52,6 +52,8 @@ import java.util.Set; ...@@ -52,6 +52,8 @@ import java.util.Set;
import java.util.stream.Collectors; import java.util.stream.Collectors;
import static com.google.common.base.Preconditions.checkArgument; import static com.google.common.base.Preconditions.checkArgument;
import static net.geant.nmaas.portal.persistent.entity.Role.ROLE_GROUP_DOMAIN_ADMIN;
import static net.geant.nmaas.portal.persistent.entity.Role.ROLE_GROUP_MANAGER;
import static net.geant.nmaas.portal.persistent.entity.Role.ROLE_GUEST; import static net.geant.nmaas.portal.persistent.entity.Role.ROLE_GUEST;
@Service @Service
...@@ -369,6 +371,19 @@ public class DomainServiceImpl implements DomainService { ...@@ -369,6 +371,19 @@ public class DomainServiceImpl implements DomainService {
public void removeMemberRole(Long domainId, Long userId, Role role) { public void removeMemberRole(Long domainId, Long userId, Role role) {
checkParams(domainId, userId); checkParams(domainId, userId);
checkParams(role); checkParams(role);
//if deleting group_manager role delete also group_domain_admin
if(role.equals(ROLE_GROUP_MANAGER)) {
Optional<User> user = userService.findById(userId);
if(user.isPresent()) {
List<UserRole> roles = user.get().getRoles().stream().filter(r -> r.getRole().equals(ROLE_GROUP_DOMAIN_ADMIN)).toList();
roles.forEach(r -> {
userRoleRepository.deleteBy(userId, r.getDomain().getId(), r.getRole());
log.info("Deleting role {} from domain {} for user {} as part of ROLE_GROUP_MANAGER removal", r.getRole(), r.getDomain().getCodename(), userId);
});
domainGroupService.deleteUserFromAllDomainsGroups(user.get());
log.info("Delete user {} from all domain groups", user.get().getId());
}
}
userRoleRepository.deleteBy(userId, domainId, role); userRoleRepository.deleteBy(userId, domainId, role);
} }
......
...@@ -2,6 +2,7 @@ package net.geant.nmaas.portal.service.impl; ...@@ -2,6 +2,7 @@ package net.geant.nmaas.portal.service.impl;
import lombok.RequiredArgsConstructor; import lombok.RequiredArgsConstructor;
import lombok.extern.slf4j.Slf4j; import lombok.extern.slf4j.Slf4j;
import net.geant.nmaas.portal.api.exception.ExternalUserMatchException;
import net.geant.nmaas.portal.api.exception.MissingElementException; import net.geant.nmaas.portal.api.exception.MissingElementException;
import net.geant.nmaas.portal.api.exception.SignupException; import net.geant.nmaas.portal.api.exception.SignupException;
import net.geant.nmaas.portal.exceptions.ObjectAlreadyExistsException; import net.geant.nmaas.portal.exceptions.ObjectAlreadyExistsException;
...@@ -43,18 +44,25 @@ public class OidcUserServiceImpl implements OidcUserService { ...@@ -43,18 +44,25 @@ public class OidcUserServiceImpl implements OidcUserService {
boolean existUserBySamlToken = userService boolean existUserBySamlToken = userService
.existsBySamlToken(oidcUserSub); .existsBySamlToken(oidcUserSub);
if (existUserBySamlToken) { if (existUserBySamlToken) { //exist by saml_token and everything is correct
return userService return userService
.findBySamlToken(oidcUserSub) .findBySamlToken(oidcUserSub)
.orElseThrow(); .orElseThrow();
} }
if (userService.existsByEmail(oidcUserEmail)) {
if (userService.existsByEmail(oidcUserEmail)) {//exist by email needs work with this account
User user = userService.findByEmail(oidcUserEmail); User user = userService.findByEmail(oidcUserEmail);
//check if user with given email have older SamlToken as Email or Username
if (user.getSamlToken().equals(oidcUserEmail) if (user.getSamlToken().equals(oidcUserEmail)
|| user.getSamlToken().equals(oidcUserPreferredUsername)) { || user.getSamlToken().equals(oidcUserPreferredUsername)) {
user.setSamlToken(oidcUserSub); user.setSamlToken(oidcUserSub);
userService.update(user); userService.update(user);
return user; return user;
}else{
throw new ExternalUserMatchException("External user "
+ oidcUserSub
+ " does not match internal user with SamlToken " +
user.getSamlToken());
} }
} }
return registerNewUser(oidcUser); return registerNewUser(oidcUser);
......
...@@ -2,12 +2,17 @@ ...@@ -2,12 +2,17 @@
"versions" : [ "versions" : [
{ {
"verNo" : "1.7.1", "verNo" : "1.7.1",
"date" : "(2025/04/10)", "date" : "(2025/04/15)",
"topic" : [ "topic" : [
{ {
"title" : "Authentication and user access improvements", "title" : "Authentication and user access enhancements",
"tags" : "[Enhancement]", "tags" : "[Enhancement]",
"description" : "JWT size reduction and account linking mechanism" "description" : "JWT size reduction and improved account linking mechanism"
},
{
"title" : "User role management improvements",
"tags" : "[Enhancement]",
"description" : "Properly handing role removal action and removed obsolete calls to the backend API"
} }
] ]
}, },
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment