From a1740d3c9274c3ff389326fc013cdc9057bc02f2 Mon Sep 17 00:00:00 2001 From: pkazimierowski <pkazimierowski@man.poznan.pl> Date: Mon, 7 Apr 2025 10:10:02 +0200 Subject: [PATCH 01/11] changed from array to set for a role --- .../net/geant/nmaas/portal/api/security/JWTTokenService.java | 3 ++- src/main/resources/application.properties | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/src/main/java/net/geant/nmaas/portal/api/security/JWTTokenService.java b/src/main/java/net/geant/nmaas/portal/api/security/JWTTokenService.java index 4397f113c..c63d712c4 100644 --- a/src/main/java/net/geant/nmaas/portal/api/security/JWTTokenService.java +++ b/src/main/java/net/geant/nmaas/portal/api/security/JWTTokenService.java @@ -19,6 +19,7 @@ import java.util.Collections; import java.util.Date; import java.util.List; import java.util.UUID; +import java.util.stream.Collectors; @Service("jwtTokenService") @NoArgsConstructor @@ -82,7 +83,7 @@ public class JWTTokenService { role -> role.getRole().toString() ) - .toArray(String[]::new) + .collect(Collectors.toSet()) ) .claim(LANGUAGE, user.getSelectedLanguage()) .signWith(getSignInKey(jwtSettings.getSigningKey()), SignatureAlgorithm.HS512) diff --git a/src/main/resources/application.properties b/src/main/resources/application.properties index 8c488a36b..4c48a5974 100644 --- a/src/main/resources/application.properties +++ b/src/main/resources/application.properties @@ -143,7 +143,7 @@ kubernetes.deployment.defaultStorageClass=${K8S_DEPLOYMENT_DEFAULT_STORAGE_CLASS # Portal configuration # # -------------------- # portal.config.maintenance=${PORTAL_MAINTENANCE_FLAG:false} -portal.config.ssoLoginAllowed=${PORTAL_SSO_ALLOWED_FLAG:false} +portal.config.ssoLoginAllowed=${PORTAL_SSO_ALLOWED_FLAG:true} portal.config.defaultLanguage=${PORTAL_DEFAULT_LANG:en} portal.config.testInstance=${PORTAL_TEST_INSTANCE_FLAG:false} portal.config.sendAppInstanceFailureEmails=${PORTAL_SEND_FAILURE_NOTIF_FLAG:false} -- GitLab From 78467fe72f663e93b0b8300161a397160649b559 Mon Sep 17 00:00:00 2001 From: Patryk Kazimierowski <pkazimierowski@man.poznan.pl> Date: Mon, 7 Apr 2025 08:11:24 +0000 Subject: [PATCH 02/11] rollback --- src/main/resources/application.properties | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/main/resources/application.properties b/src/main/resources/application.properties index 4c48a5974..8c488a36b 100644 --- a/src/main/resources/application.properties +++ b/src/main/resources/application.properties @@ -143,7 +143,7 @@ kubernetes.deployment.defaultStorageClass=${K8S_DEPLOYMENT_DEFAULT_STORAGE_CLASS # Portal configuration # # -------------------- # portal.config.maintenance=${PORTAL_MAINTENANCE_FLAG:false} -portal.config.ssoLoginAllowed=${PORTAL_SSO_ALLOWED_FLAG:true} +portal.config.ssoLoginAllowed=${PORTAL_SSO_ALLOWED_FLAG:false} portal.config.defaultLanguage=${PORTAL_DEFAULT_LANG:en} portal.config.testInstance=${PORTAL_TEST_INSTANCE_FLAG:false} portal.config.sendAppInstanceFailureEmails=${PORTAL_SEND_FAILURE_NOTIF_FLAG:false} -- GitLab From a7506857fe28cc49d0db40a863fc64f62eb8511e Mon Sep 17 00:00:00 2001 From: kbeyro <121854496+kbeyro@users.noreply.github.com> Date: Mon, 7 Apr 2025 11:46:10 +0200 Subject: [PATCH 03/11] catch IllegalArgument and return DataConflict --- .../nmaas/portal/api/market/DomainController.java | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/src/main/java/net/geant/nmaas/portal/api/market/DomainController.java b/src/main/java/net/geant/nmaas/portal/api/market/DomainController.java index d86dece0d..019da0b7e 100644 --- a/src/main/java/net/geant/nmaas/portal/api/market/DomainController.java +++ b/src/main/java/net/geant/nmaas/portal/api/market/DomainController.java @@ -19,6 +19,7 @@ import net.geant.nmaas.portal.api.domain.KeyValueView; import net.geant.nmaas.portal.api.domain.UserViewMinimal; import net.geant.nmaas.portal.api.exception.MissingElementException; import net.geant.nmaas.portal.api.exception.ProcessingException; +import net.geant.nmaas.portal.exceptions.DataConflictException; import net.geant.nmaas.portal.exceptions.ObjectNotFoundException; import net.geant.nmaas.portal.persistent.entity.ApplicationStatePerDomain; import net.geant.nmaas.portal.persistent.entity.Domain; @@ -36,9 +37,11 @@ import org.apache.commons.lang3.StringUtils; import org.modelmapper.ModelMapper; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.ApplicationEventPublisher; +import org.springframework.http.HttpStatus; import org.springframework.security.access.prepost.PreAuthorize; import org.springframework.transaction.annotation.Transactional; import org.springframework.web.bind.annotation.DeleteMapping; +import org.springframework.web.bind.annotation.ExceptionHandler; import org.springframework.web.bind.annotation.GetMapping; import org.springframework.web.bind.annotation.PatchMapping; import org.springframework.web.bind.annotation.PathVariable; @@ -47,6 +50,7 @@ import org.springframework.web.bind.annotation.PutMapping; import org.springframework.web.bind.annotation.RequestBody; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestParam; +import org.springframework.web.bind.annotation.ResponseStatus; import org.springframework.web.bind.annotation.RestController; import java.nio.file.AccessDeniedException; @@ -142,7 +146,11 @@ public class DomainController extends AppBaseController { } return new Id(domain.getId()); - } catch (InvalidDomainException e) { + + } catch (IllegalArgumentException e) { + throw new DataConflictException(e.getMessage()); + } + catch (InvalidDomainException e) { throw new ProcessingException(e.getMessage()); } } @@ -365,4 +373,9 @@ public class DomainController extends AppBaseController { this.domainService.updateAnnotation(id, annotation); } + @ExceptionHandler(DataConflictException.class) + @ResponseStatus(code = HttpStatus.CONFLICT) + public String handleDataConfigException(DataConflictException e){ + return e.getMessage(); + } } \ No newline at end of file -- GitLab From 5ab75c9b7a8404071c39bab63259a9d4d95b88b1 Mon Sep 17 00:00:00 2001 From: pkazimierowski <pkazimierowski@man.poznan.pl> Date: Wed, 9 Apr 2025 09:01:21 +0200 Subject: [PATCH 04/11] extended conditions for saml token --- .../service/impl/OidcUserServiceImpl.java | 26 +++++++------------ 1 file changed, 10 insertions(+), 16 deletions(-) diff --git a/src/main/java/net/geant/nmaas/portal/service/impl/OidcUserServiceImpl.java b/src/main/java/net/geant/nmaas/portal/service/impl/OidcUserServiceImpl.java index a9eebe460..6b6b264f5 100644 --- a/src/main/java/net/geant/nmaas/portal/service/impl/OidcUserServiceImpl.java +++ b/src/main/java/net/geant/nmaas/portal/service/impl/OidcUserServiceImpl.java @@ -51,14 +51,15 @@ public class OidcUserServiceImpl implements OidcUserService { .existsBySamlToken(oidcUserSub); boolean existUserByUsernameAsSamlToken = userService .existsBySamlToken(oidcUserPreferredUsername); - boolean existUserByEmail = userService - .existsByEmail(oidcUserEmail); + boolean existsUserBySamlTokenAsEmail = userService + .existsBySamlToken(oidcUserEmail); if (existUserBySamlToken) { return userService .findBySamlToken(oidcUserSub) .orElseThrow(); - } else if (existUserByUsernameAsSamlToken) { + } else if (existUserByUsernameAsSamlToken + || existsUserBySamlTokenAsEmail) { User user = userService .findBySamlToken(oidcUserPreferredUsername) .orElseThrow(); @@ -71,7 +72,7 @@ public class OidcUserServiceImpl implements OidcUserService { + oidcUserPreferredUsername + " does not match internal user "); } - } else { + } else { return registerNewUser(oidcUser); } } @@ -116,20 +117,13 @@ public class OidcUserServiceImpl implements OidcUserService { @Override public boolean externalUserRequiredLinking(OidcUser oidcUser) { - String oidcUserSub = oidcUser.getAttribute("sub"); String oidcUserEmail = oidcUser.getAttribute("email"); - String oidcUserPreferredUsername = oidcUser.getAttribute("preferred_username"); - - boolean existUserBySamlToken = userService - .existsBySamlToken(oidcUserSub); - boolean existUserByUsernameAsSamlToken = userService - .existsBySamlToken(oidcUserPreferredUsername); - boolean existUserByEmail = userService - .existsByEmail(oidcUserEmail); - if(existUserBySamlToken || existUserByUsernameAsSamlToken) { - return false; - }else return existUserByEmail; + if(userService.existsByEmail(oidcUserEmail)){ + User user = userService.findByEmail(oidcUserEmail); + return user.getSamlToken().isEmpty(); + } + return false; } @Override -- GitLab From e8bb7c9aab720cdb5aa93c7fa32914349473d4cf Mon Sep 17 00:00:00 2001 From: pkazimierowski <pkazimierowski@man.poznan.pl> Date: Wed, 9 Apr 2025 09:13:31 +0200 Subject: [PATCH 05/11] fixed condition --- .../geant/nmaas/portal/service/impl/OidcUserServiceImpl.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/main/java/net/geant/nmaas/portal/service/impl/OidcUserServiceImpl.java b/src/main/java/net/geant/nmaas/portal/service/impl/OidcUserServiceImpl.java index 6b6b264f5..3303cbfa6 100644 --- a/src/main/java/net/geant/nmaas/portal/service/impl/OidcUserServiceImpl.java +++ b/src/main/java/net/geant/nmaas/portal/service/impl/OidcUserServiceImpl.java @@ -121,7 +121,7 @@ public class OidcUserServiceImpl implements OidcUserService { if(userService.existsByEmail(oidcUserEmail)){ User user = userService.findByEmail(oidcUserEmail); - return user.getSamlToken().isEmpty(); + return user.getSamlToken() == null || user.getSamlToken().isEmpty(); } return false; } -- GitLab From 47a2760d52709a1ef8af1a324b7d5d814f7a4b4b Mon Sep 17 00:00:00 2001 From: Lukasz Lopatowski <llopat@man.poznan.pl> Date: Wed, 9 Apr 2025 09:25:09 +0200 Subject: [PATCH 06/11] Refactor --- .../portal/api/auth/OIDCAuthController.java | 28 ++++--------------- .../nmaas/portal/service/OidcUserService.java | 4 +++ .../service/impl/OidcUserServiceImpl.java | 14 ++++------ 3 files changed, 14 insertions(+), 32 deletions(-) diff --git a/src/main/java/net/geant/nmaas/portal/api/auth/OIDCAuthController.java b/src/main/java/net/geant/nmaas/portal/api/auth/OIDCAuthController.java index 16512e829..60775d661 100644 --- a/src/main/java/net/geant/nmaas/portal/api/auth/OIDCAuthController.java +++ b/src/main/java/net/geant/nmaas/portal/api/auth/OIDCAuthController.java @@ -41,29 +41,20 @@ import static java.lang.String.format; public class OIDCAuthController { private final OidcUserService oidcUserService; - private final JWTTokenService jwtTokenService; - private final UserLoginRegisterService loginRegisterService; - private final UserService userService; - private final PasswordEncoder passwordEncoder; - private final DomainService domains; - private final ConfigurationManager configurationManager; - @Value("${portal.address}") private String portalAddress; @Value("${spring.security.oauth2.client.provider.my-oidc.issuer-uri:http://localhost:8080/realms/geant}") private String oidcAddress; - @PostMapping("api/oidc/link") public UserOidcToken oidcLinkedSuccess(@RequestBody final OidcLogin oidcLogin, HttpServletRequest request) { - User user = userService.findByEmail(oidcLogin.email()); try { validate( @@ -81,14 +72,12 @@ public class OIDCAuthController { throw new AuthenticationException(ae.getMessage()); } checkUserApprovals(user); - if ( - configurationManager.getConfiguration().isMaintenance() - && user.getRoles().stream().noneMatch( - value -> value.getRole().equals(Role.ROLE_SYSTEM_ADMIN) - ) - ) { + + if (configurationManager.getConfiguration().isMaintenance() + && user.getRoles().stream().noneMatch(value -> value.getRole().equals(Role.ROLE_SYSTEM_ADMIN))) { throw new UndergoingMaintenanceException("Application is undergoing maintenance right now"); } + this.loginRegisterService.registerNewSuccessfulLogin( user, request.getHeader(HttpHeaders.HOST), @@ -108,13 +97,10 @@ public class OIDCAuthController { jwtTokenService.getRefreshToken(linkedUser), oidcLogin.oidcToken() ); - - } @GetMapping("/api/oidc/success") public RedirectView oidcLoginSuccess(@AuthenticationPrincipal OidcUser oidcUser, HttpServletRequest request) { - if (oidcUserService.externalUserRequiredLinking(oidcUser)) { String linkingRedirectUrl = portalAddress + "/login-linking?oidc_token=" @@ -122,7 +108,6 @@ public class OIDCAuthController { return new RedirectView(linkingRedirectUrl); } - try { User user = oidcUserService.checkUser(oidcUser); String redirectUrl = portalAddress @@ -152,13 +137,10 @@ public class OIDCAuthController { @GetMapping("/api/oidc/logout/{oidcToken}") public RedirectView logout(@PathVariable String oidcToken) { - String logoutUrl = oidcAddress + "/protocol/openid-connect/logout"; return new RedirectView(logoutUrl + "?id_token_hint=" + oidcToken); - } - void validate(String email, String providedPassword, String actualPassword, boolean isEnabled) { validateConditionAndLogMessage(email == null || providedPassword == null, format("Login failed: missing credentials%s", email != null ? (format(" (email: %s)", email)) : "")); @@ -168,7 +150,7 @@ public class OIDCAuthController { void checkUserApprovals(User user) { if (!user.isTermsOfUseAccepted() || !user.isPrivacyPolicyAccepted()) { - log.info(format("Check during login: Terms of Use or Privacy Policy were not accepted by user [%s]", user.getUsername())); + log.info("Check during login: Terms of Use or Privacy Policy were not accepted by user [{}]", user.getUsername()); user.setNewRoles(ImmutableSet.of(new UserRole(user, domains.getGlobalDomain().orElseThrow(SignupException::new), Role.ROLE_NOT_ACCEPTED))); } } diff --git a/src/main/java/net/geant/nmaas/portal/service/OidcUserService.java b/src/main/java/net/geant/nmaas/portal/service/OidcUserService.java index 7f94bf9f9..2ec194196 100644 --- a/src/main/java/net/geant/nmaas/portal/service/OidcUserService.java +++ b/src/main/java/net/geant/nmaas/portal/service/OidcUserService.java @@ -7,9 +7,13 @@ import org.springframework.security.oauth2.core.oidc.user.OidcUser; public interface OidcUserService { User checkUser(OidcUser oidcUser); + User register(OidcUser user, Domain globalDomain); + User registerNewUser(OidcUser oidcUser); + boolean externalUserRequiredLinking(OidcUser oidcUser); + User linkUser(String email, String samlToken, String firstName, String lastName); } diff --git a/src/main/java/net/geant/nmaas/portal/service/impl/OidcUserServiceImpl.java b/src/main/java/net/geant/nmaas/portal/service/impl/OidcUserServiceImpl.java index 3303cbfa6..45bd9a90e 100644 --- a/src/main/java/net/geant/nmaas/portal/service/impl/OidcUserServiceImpl.java +++ b/src/main/java/net/geant/nmaas/portal/service/impl/OidcUserServiceImpl.java @@ -58,8 +58,7 @@ public class OidcUserServiceImpl implements OidcUserService { return userService .findBySamlToken(oidcUserSub) .orElseThrow(); - } else if (existUserByUsernameAsSamlToken - || existsUserBySamlTokenAsEmail) { + } else if (existUserByUsernameAsSamlToken || existsUserBySamlTokenAsEmail) { User user = userService .findBySamlToken(oidcUserPreferredUsername) .orElseThrow(); @@ -80,9 +79,7 @@ public class OidcUserServiceImpl implements OidcUserService { @Override public User registerNewUser(OidcUser oidcUser) { try { - return register(oidcUser, - domains.getGlobalDomain().orElseThrow(MissingElementException::new) - ); + return register(oidcUser, domains.getGlobalDomain().orElseThrow(MissingElementException::new)); } catch (ObjectAlreadyExistsException e) { throw new SignupException("User already exists"); } catch (MissingElementException e) { @@ -93,7 +90,6 @@ public class OidcUserServiceImpl implements OidcUserService { @Override public User register(OidcUser oidcUser, Domain globalDomain) { - Map<String, Object> attributes = oidcUser.getAttributes(); byte[] array = new byte[16]; new SecureRandom().nextBytes(array); String generatedString = Base64.getEncoder().encodeToString(array); @@ -119,10 +115,11 @@ public class OidcUserServiceImpl implements OidcUserService { String oidcUserEmail = oidcUser.getAttribute("email"); - if(userService.existsByEmail(oidcUserEmail)){ - User user = userService.findByEmail(oidcUserEmail); + if (userService.existsByEmail(oidcUserEmail)) { + final User user = userService.findByEmail(oidcUserEmail); return user.getSamlToken() == null || user.getSamlToken().isEmpty(); } + return false; } @@ -138,5 +135,4 @@ public class OidcUserServiceImpl implements OidcUserService { return user; } - } -- GitLab From 84181c4b2f4f9c7d3faee2bc073835a0a788624b Mon Sep 17 00:00:00 2001 From: pkazimierowski <pkazimierowski@man.poznan.pl> Date: Wed, 9 Apr 2025 10:30:37 +0200 Subject: [PATCH 07/11] fixed condition --- .../service/impl/OidcUserServiceImpl.java | 24 +++++++------------ 1 file changed, 8 insertions(+), 16 deletions(-) diff --git a/src/main/java/net/geant/nmaas/portal/service/impl/OidcUserServiceImpl.java b/src/main/java/net/geant/nmaas/portal/service/impl/OidcUserServiceImpl.java index 45bd9a90e..562b3452e 100644 --- a/src/main/java/net/geant/nmaas/portal/service/impl/OidcUserServiceImpl.java +++ b/src/main/java/net/geant/nmaas/portal/service/impl/OidcUserServiceImpl.java @@ -49,31 +49,23 @@ public class OidcUserServiceImpl implements OidcUserService { boolean existUserBySamlToken = userService .existsBySamlToken(oidcUserSub); - boolean existUserByUsernameAsSamlToken = userService - .existsBySamlToken(oidcUserPreferredUsername); - boolean existsUserBySamlTokenAsEmail = userService - .existsBySamlToken(oidcUserEmail); if (existUserBySamlToken) { return userService .findBySamlToken(oidcUserSub) .orElseThrow(); - } else if (existUserByUsernameAsSamlToken || existsUserBySamlTokenAsEmail) { - User user = userService - .findBySamlToken(oidcUserPreferredUsername) - .orElseThrow(); - if (user.getEmail().equals(oidcUserEmail)) { + } + if(userService.existsByEmail(oidcUserEmail)) { + User user = userService.findByEmail(oidcUserEmail); + if (user.getSamlToken().equals(oidcUserEmail) + || user.getSamlToken().equals(oidcUserPreferredUsername)) { user.setSamlToken(oidcUserSub); userService.update(user); return user; - } else { - throw new ExternalUserMatchException("External user " - + oidcUserPreferredUsername - + " does not match internal user "); - } - } else { - return registerNewUser(oidcUser); + } } + return registerNewUser(oidcUser); + } @Override -- GitLab From e5bcebca80886614870ca7cdd1f717d2a5e2da92 Mon Sep 17 00:00:00 2001 From: pkazimierowski <pkazimierowski@man.poznan.pl> Date: Wed, 9 Apr 2025 15:21:47 +0200 Subject: [PATCH 08/11] fixed test --- .../nmaas/portal/service/impl/OidcUserServiceImplTest.java | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/test/java/net/geant/nmaas/portal/service/impl/OidcUserServiceImplTest.java b/src/test/java/net/geant/nmaas/portal/service/impl/OidcUserServiceImplTest.java index bfc13ee3c..959c22530 100644 --- a/src/test/java/net/geant/nmaas/portal/service/impl/OidcUserServiceImplTest.java +++ b/src/test/java/net/geant/nmaas/portal/service/impl/OidcUserServiceImplTest.java @@ -66,10 +66,10 @@ class OidcUserServiceImplTest { //given User existingUser = new User("testuser"); existingUser.setEmail("test@example.com"); + existingUser.setSamlToken("test@example.com"); //when - when(userService.existsBySamlToken("test-sub")).thenReturn(false); - when(userService.existsBySamlToken("testuser")).thenReturn(true); - when(userService.findBySamlToken("testuser")).thenReturn(Optional.of(existingUser)); + when(userService.existsByEmail("test@example.com")).thenReturn(true); + when(userService.findByEmail("test@example.com")).thenReturn(existingUser); User result = oidcUserService.checkUser(oidcUser); //then assertEquals(existingUser, result); -- GitLab From 3baddfbca967db27efeb8ed690d6bec26d8f7b61 Mon Sep 17 00:00:00 2001 From: pkazimierowski <pkazimierowski@man.poznan.pl> Date: Wed, 9 Apr 2025 15:22:12 +0200 Subject: [PATCH 09/11] removed redundant test --- .../portal/service/impl/OidcUserServiceImplTest.java | 12 ------------ 1 file changed, 12 deletions(-) diff --git a/src/test/java/net/geant/nmaas/portal/service/impl/OidcUserServiceImplTest.java b/src/test/java/net/geant/nmaas/portal/service/impl/OidcUserServiceImplTest.java index 959c22530..44860c31d 100644 --- a/src/test/java/net/geant/nmaas/portal/service/impl/OidcUserServiceImplTest.java +++ b/src/test/java/net/geant/nmaas/portal/service/impl/OidcUserServiceImplTest.java @@ -75,18 +75,6 @@ class OidcUserServiceImplTest { assertEquals(existingUser, result); } - @Test - void shouldThrowExceptionWhenPreferredUsernameDoesNotMatchEmail() { - //given - User existingUser = new User("testuser"); - existingUser.setEmail("diffrent@example.com"); - //when - when(userService.existsBySamlToken("test-sub")).thenReturn(false); - when(userService.existsBySamlToken("testuser")).thenReturn(true); - when(userService.findBySamlToken("testuser")).thenReturn(Optional.of(existingUser)); - //then - assertThrows(ExternalUserMatchException.class, () -> oidcUserService.checkUser(oidcUser)); - } } \ No newline at end of file -- GitLab From cee6490a2fa341a646d7437f6a319b17bdd9831c Mon Sep 17 00:00:00 2001 From: Lukasz Lopatowski <llopat@man.poznan.pl> Date: Wed, 9 Apr 2025 21:31:08 +0200 Subject: [PATCH 10/11] Updated version to 1.7.1 and added initial changelog --- build.gradle | 10 +++++----- .../nmaas/portal/api/auth/OIDCAuthController.java | 2 +- .../geant/nmaas/portal/service/OidcUserService.java | 2 +- .../portal/service/impl/OidcUserServiceImpl.java | 13 +++---------- src/main/resources/changelog.json | 11 +++++++++++ .../portal/api/auth/OIDCAuthControllerTest.java | 4 ++-- 6 files changed, 23 insertions(+), 19 deletions(-) diff --git a/build.gradle b/build.gradle index a3f6c9574..e4d4daa9f 100644 --- a/build.gradle +++ b/build.gradle @@ -13,7 +13,7 @@ repositories { mavenCentral() } -version = '1.7.0' +version = '1.7.1' group = 'net.geant.nmaas' java { @@ -34,7 +34,7 @@ protobuf { } plugins { grpc { - artifact = 'io.grpc:protoc-gen-grpc-java:1.69.1' + artifact = 'io.grpc:protoc-gen-grpc-java:1.71.0' } } generateProtoTasks { @@ -133,9 +133,9 @@ dependencies { implementation('io.fabric8:kubernetes-client:6.13.5') implementation('com.google.protobuf:protobuf-java:4.29.3') - implementation('io.grpc:grpc-netty-shaded:1.69.1') - implementation('io.grpc:grpc-protobuf:1.69.1') - implementation('io.grpc:grpc-stub:1.69.1') + implementation('io.grpc:grpc-netty-shaded:1.71.0') + implementation('io.grpc:grpc-protobuf:1.71.0') + implementation('io.grpc:grpc-stub:1.71.0') implementation('com.opencsv:opencsv:5.9') diff --git a/src/main/java/net/geant/nmaas/portal/api/auth/OIDCAuthController.java b/src/main/java/net/geant/nmaas/portal/api/auth/OIDCAuthController.java index 60775d661..df0071568 100644 --- a/src/main/java/net/geant/nmaas/portal/api/auth/OIDCAuthController.java +++ b/src/main/java/net/geant/nmaas/portal/api/auth/OIDCAuthController.java @@ -101,7 +101,7 @@ public class OIDCAuthController { @GetMapping("/api/oidc/success") public RedirectView oidcLoginSuccess(@AuthenticationPrincipal OidcUser oidcUser, HttpServletRequest request) { - if (oidcUserService.externalUserRequiredLinking(oidcUser)) { + if (oidcUserService.externalUserRequiresLinking(oidcUser)) { String linkingRedirectUrl = portalAddress + "/login-linking?oidc_token=" + oidcUser.getIdToken().getTokenValue(); diff --git a/src/main/java/net/geant/nmaas/portal/service/OidcUserService.java b/src/main/java/net/geant/nmaas/portal/service/OidcUserService.java index 2ec194196..c5829ede4 100644 --- a/src/main/java/net/geant/nmaas/portal/service/OidcUserService.java +++ b/src/main/java/net/geant/nmaas/portal/service/OidcUserService.java @@ -12,7 +12,7 @@ public interface OidcUserService { User registerNewUser(OidcUser oidcUser); - boolean externalUserRequiredLinking(OidcUser oidcUser); + boolean externalUserRequiresLinking(OidcUser oidcUser); User linkUser(String email, String samlToken, String firstName, String lastName); diff --git a/src/main/java/net/geant/nmaas/portal/service/impl/OidcUserServiceImpl.java b/src/main/java/net/geant/nmaas/portal/service/impl/OidcUserServiceImpl.java index 562b3452e..85b513fec 100644 --- a/src/main/java/net/geant/nmaas/portal/service/impl/OidcUserServiceImpl.java +++ b/src/main/java/net/geant/nmaas/portal/service/impl/OidcUserServiceImpl.java @@ -4,8 +4,6 @@ import lombok.RequiredArgsConstructor; import lombok.extern.slf4j.Slf4j; import net.geant.nmaas.portal.api.exception.MissingElementException; import net.geant.nmaas.portal.api.exception.SignupException; -import net.geant.nmaas.portal.api.exception.ExternalUserCanNotBeLinked; -import net.geant.nmaas.portal.api.exception.ExternalUserMatchException; import net.geant.nmaas.portal.exceptions.ObjectAlreadyExistsException; import net.geant.nmaas.portal.persistent.entity.Domain; import net.geant.nmaas.portal.persistent.entity.Role; @@ -21,7 +19,6 @@ import org.springframework.stereotype.Service; import java.security.SecureRandom; import java.util.Base64; -import java.util.Map; @Service @RequiredArgsConstructor @@ -29,17 +26,13 @@ import java.util.Map; public class OidcUserServiceImpl implements OidcUserService { private final UserService userService; - private final DomainService domains; - private final UserRepository userRepository; - private final ConfigurationManager configurationManager; @Value("${oidc.allowedLinkingUsersByEmail:false}") private boolean allowedLinkingUsersByEmail; - @Override public User checkUser(OidcUser oidcUser) { @@ -55,14 +48,14 @@ public class OidcUserServiceImpl implements OidcUserService { .findBySamlToken(oidcUserSub) .orElseThrow(); } - if(userService.existsByEmail(oidcUserEmail)) { + if (userService.existsByEmail(oidcUserEmail)) { User user = userService.findByEmail(oidcUserEmail); if (user.getSamlToken().equals(oidcUserEmail) || user.getSamlToken().equals(oidcUserPreferredUsername)) { user.setSamlToken(oidcUserSub); userService.update(user); return user; - } + } } return registerNewUser(oidcUser); @@ -103,7 +96,7 @@ public class OidcUserServiceImpl implements OidcUserService { } @Override - public boolean externalUserRequiredLinking(OidcUser oidcUser) { + public boolean externalUserRequiresLinking(OidcUser oidcUser) { String oidcUserEmail = oidcUser.getAttribute("email"); diff --git a/src/main/resources/changelog.json b/src/main/resources/changelog.json index 8c1c9229d..388478d4f 100644 --- a/src/main/resources/changelog.json +++ b/src/main/resources/changelog.json @@ -1,5 +1,16 @@ { "versions" : [ + { + "verNo" : "1.7.1", + "date" : "(2025/04/10)", + "topic" : [ + { + "title" : "Authentication and user access improvements", + "tags" : "[Enhancement]", + "description" : "JWT size reduction and account linking mechanism" + } + ] + }, { "verNo" : "1.7.0", "date" : "(2025/04/02)", diff --git a/src/test/java/net/geant/nmaas/portal/api/auth/OIDCAuthControllerTest.java b/src/test/java/net/geant/nmaas/portal/api/auth/OIDCAuthControllerTest.java index 90b0cdce3..8398cba5c 100644 --- a/src/test/java/net/geant/nmaas/portal/api/auth/OIDCAuthControllerTest.java +++ b/src/test/java/net/geant/nmaas/portal/api/auth/OIDCAuthControllerTest.java @@ -114,7 +114,7 @@ class OIDCAuthControllerTest { when(idToken.getTokenValue()).thenReturn("oidc-token"); when(oidcUser.getIdToken()).thenReturn(idToken); - when(oidcUserService.externalUserRequiredLinking(any())).thenReturn(false); + when(oidcUserService.externalUserRequiresLinking(any())).thenReturn(false); Constructor<User> userConstructor = User.class.getDeclaredConstructor(); userConstructor.setAccessible(true); @@ -147,7 +147,7 @@ class OIDCAuthControllerTest { when(idToken.getTokenValue()).thenReturn("oidc-token"); when(oidcUser.getIdToken()).thenReturn(idToken); - when(oidcUserService.externalUserRequiredLinking(any())).thenReturn(true); + when(oidcUserService.externalUserRequiresLinking(any())).thenReturn(true); // when RedirectView result = oidcAuthController.oidcLoginSuccess(oidcUser, request); -- GitLab From 0630a212c97dd6a9fa9cd6068c6dfa453aea367b Mon Sep 17 00:00:00 2001 From: Lukasz Lopatowski <llopat@man.poznan.pl> Date: Thu, 10 Apr 2025 13:05:54 +0200 Subject: [PATCH 11/11] Fixed changelog and pumped boot version --- build.gradle | 2 +- src/main/resources/changelog.json | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/build.gradle b/build.gradle index e4d4daa9f..ef1ef35b3 100644 --- a/build.gradle +++ b/build.gradle @@ -2,7 +2,7 @@ plugins { id 'java' id 'idea' id 'jacoco' - id 'org.springframework.boot' version '3.4.3' + id 'org.springframework.boot' version '3.4.4' id 'io.spring.dependency-management' version '1.1.7' id 'com.gorylenko.gradle-git-properties' version '2.4.2' id 'org.sonarqube' version '6.0.1.5171' diff --git a/src/main/resources/changelog.json b/src/main/resources/changelog.json index 388478d4f..ed50a597c 100644 --- a/src/main/resources/changelog.json +++ b/src/main/resources/changelog.json @@ -17,7 +17,7 @@ "topic" : [ { "title" : "Integration with OIDC-compliant IdP", - "tags" : "[New feature]", + "tags" : "[New Feature]", "description" : "Moved away from the custom SAML-based IdP integration in favor of adding OIDC support" }, { -- GitLab