From a1740d3c9274c3ff389326fc013cdc9057bc02f2 Mon Sep 17 00:00:00 2001
From: pkazimierowski <pkazimierowski@man.poznan.pl>
Date: Mon, 7 Apr 2025 10:10:02 +0200
Subject: [PATCH 01/11] changed from array to set for a role
---
.../net/geant/nmaas/portal/api/security/JWTTokenService.java | 3 ++-
src/main/resources/application.properties | 2 +-
2 files changed, 3 insertions(+), 2 deletions(-)
diff --git a/src/main/java/net/geant/nmaas/portal/api/security/JWTTokenService.java b/src/main/java/net/geant/nmaas/portal/api/security/JWTTokenService.java
index 4397f113c..c63d712c4 100644
--- a/src/main/java/net/geant/nmaas/portal/api/security/JWTTokenService.java
+++ b/src/main/java/net/geant/nmaas/portal/api/security/JWTTokenService.java
@@ -19,6 +19,7 @@ import java.util.Collections;
import java.util.Date;
import java.util.List;
import java.util.UUID;
+import java.util.stream.Collectors;
@Service("jwtTokenService")
@NoArgsConstructor
@@ -82,7 +83,7 @@ public class JWTTokenService {
role ->
role.getRole().toString()
)
- .toArray(String[]::new)
+ .collect(Collectors.toSet())
)
.claim(LANGUAGE, user.getSelectedLanguage())
.signWith(getSignInKey(jwtSettings.getSigningKey()), SignatureAlgorithm.HS512)
diff --git a/src/main/resources/application.properties b/src/main/resources/application.properties
index 8c488a36b..4c48a5974 100644
--- a/src/main/resources/application.properties
+++ b/src/main/resources/application.properties
@@ -143,7 +143,7 @@ kubernetes.deployment.defaultStorageClass=${K8S_DEPLOYMENT_DEFAULT_STORAGE_CLASS
# Portal configuration #
# -------------------- #
portal.config.maintenance=${PORTAL_MAINTENANCE_FLAG:false}
-portal.config.ssoLoginAllowed=${PORTAL_SSO_ALLOWED_FLAG:false}
+portal.config.ssoLoginAllowed=${PORTAL_SSO_ALLOWED_FLAG:true}
portal.config.defaultLanguage=${PORTAL_DEFAULT_LANG:en}
portal.config.testInstance=${PORTAL_TEST_INSTANCE_FLAG:false}
portal.config.sendAppInstanceFailureEmails=${PORTAL_SEND_FAILURE_NOTIF_FLAG:false}
--
GitLab
From 78467fe72f663e93b0b8300161a397160649b559 Mon Sep 17 00:00:00 2001
From: Patryk Kazimierowski <pkazimierowski@man.poznan.pl>
Date: Mon, 7 Apr 2025 08:11:24 +0000
Subject: [PATCH 02/11] rollback
---
src/main/resources/application.properties | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/main/resources/application.properties b/src/main/resources/application.properties
index 4c48a5974..8c488a36b 100644
--- a/src/main/resources/application.properties
+++ b/src/main/resources/application.properties
@@ -143,7 +143,7 @@ kubernetes.deployment.defaultStorageClass=${K8S_DEPLOYMENT_DEFAULT_STORAGE_CLASS
# Portal configuration #
# -------------------- #
portal.config.maintenance=${PORTAL_MAINTENANCE_FLAG:false}
-portal.config.ssoLoginAllowed=${PORTAL_SSO_ALLOWED_FLAG:true}
+portal.config.ssoLoginAllowed=${PORTAL_SSO_ALLOWED_FLAG:false}
portal.config.defaultLanguage=${PORTAL_DEFAULT_LANG:en}
portal.config.testInstance=${PORTAL_TEST_INSTANCE_FLAG:false}
portal.config.sendAppInstanceFailureEmails=${PORTAL_SEND_FAILURE_NOTIF_FLAG:false}
--
GitLab
From a7506857fe28cc49d0db40a863fc64f62eb8511e Mon Sep 17 00:00:00 2001
From: kbeyro <121854496+kbeyro@users.noreply.github.com>
Date: Mon, 7 Apr 2025 11:46:10 +0200
Subject: [PATCH 03/11] catch IllegalArgument and return DataConflict
---
.../nmaas/portal/api/market/DomainController.java | 15 ++++++++++++++-
1 file changed, 14 insertions(+), 1 deletion(-)
diff --git a/src/main/java/net/geant/nmaas/portal/api/market/DomainController.java b/src/main/java/net/geant/nmaas/portal/api/market/DomainController.java
index d86dece0d..019da0b7e 100644
--- a/src/main/java/net/geant/nmaas/portal/api/market/DomainController.java
+++ b/src/main/java/net/geant/nmaas/portal/api/market/DomainController.java
@@ -19,6 +19,7 @@ import net.geant.nmaas.portal.api.domain.KeyValueView;
import net.geant.nmaas.portal.api.domain.UserViewMinimal;
import net.geant.nmaas.portal.api.exception.MissingElementException;
import net.geant.nmaas.portal.api.exception.ProcessingException;
+import net.geant.nmaas.portal.exceptions.DataConflictException;
import net.geant.nmaas.portal.exceptions.ObjectNotFoundException;
import net.geant.nmaas.portal.persistent.entity.ApplicationStatePerDomain;
import net.geant.nmaas.portal.persistent.entity.Domain;
@@ -36,9 +37,11 @@ import org.apache.commons.lang3.StringUtils;
import org.modelmapper.ModelMapper;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.ApplicationEventPublisher;
+import org.springframework.http.HttpStatus;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.transaction.annotation.Transactional;
import org.springframework.web.bind.annotation.DeleteMapping;
+import org.springframework.web.bind.annotation.ExceptionHandler;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PatchMapping;
import org.springframework.web.bind.annotation.PathVariable;
@@ -47,6 +50,7 @@ import org.springframework.web.bind.annotation.PutMapping;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestParam;
+import org.springframework.web.bind.annotation.ResponseStatus;
import org.springframework.web.bind.annotation.RestController;
import java.nio.file.AccessDeniedException;
@@ -142,7 +146,11 @@ public class DomainController extends AppBaseController {
}
return new Id(domain.getId());
- } catch (InvalidDomainException e) {
+
+ } catch (IllegalArgumentException e) {
+ throw new DataConflictException(e.getMessage());
+ }
+ catch (InvalidDomainException e) {
throw new ProcessingException(e.getMessage());
}
}
@@ -365,4 +373,9 @@ public class DomainController extends AppBaseController {
this.domainService.updateAnnotation(id, annotation);
}
+ @ExceptionHandler(DataConflictException.class)
+ @ResponseStatus(code = HttpStatus.CONFLICT)
+ public String handleDataConfigException(DataConflictException e){
+ return e.getMessage();
+ }
}
\ No newline at end of file
--
GitLab
From 5ab75c9b7a8404071c39bab63259a9d4d95b88b1 Mon Sep 17 00:00:00 2001
From: pkazimierowski <pkazimierowski@man.poznan.pl>
Date: Wed, 9 Apr 2025 09:01:21 +0200
Subject: [PATCH 04/11] extended conditions for saml token
---
.../service/impl/OidcUserServiceImpl.java | 26 +++++++------------
1 file changed, 10 insertions(+), 16 deletions(-)
diff --git a/src/main/java/net/geant/nmaas/portal/service/impl/OidcUserServiceImpl.java b/src/main/java/net/geant/nmaas/portal/service/impl/OidcUserServiceImpl.java
index a9eebe460..6b6b264f5 100644
--- a/src/main/java/net/geant/nmaas/portal/service/impl/OidcUserServiceImpl.java
+++ b/src/main/java/net/geant/nmaas/portal/service/impl/OidcUserServiceImpl.java
@@ -51,14 +51,15 @@ public class OidcUserServiceImpl implements OidcUserService {
.existsBySamlToken(oidcUserSub);
boolean existUserByUsernameAsSamlToken = userService
.existsBySamlToken(oidcUserPreferredUsername);
- boolean existUserByEmail = userService
- .existsByEmail(oidcUserEmail);
+ boolean existsUserBySamlTokenAsEmail = userService
+ .existsBySamlToken(oidcUserEmail);
if (existUserBySamlToken) {
return userService
.findBySamlToken(oidcUserSub)
.orElseThrow();
- } else if (existUserByUsernameAsSamlToken) {
+ } else if (existUserByUsernameAsSamlToken
+ || existsUserBySamlTokenAsEmail) {
User user = userService
.findBySamlToken(oidcUserPreferredUsername)
.orElseThrow();
@@ -71,7 +72,7 @@ public class OidcUserServiceImpl implements OidcUserService {
+ oidcUserPreferredUsername
+ " does not match internal user ");
}
- } else {
+ } else {
return registerNewUser(oidcUser);
}
}
@@ -116,20 +117,13 @@ public class OidcUserServiceImpl implements OidcUserService {
@Override
public boolean externalUserRequiredLinking(OidcUser oidcUser) {
- String oidcUserSub = oidcUser.getAttribute("sub");
String oidcUserEmail = oidcUser.getAttribute("email");
- String oidcUserPreferredUsername = oidcUser.getAttribute("preferred_username");
-
- boolean existUserBySamlToken = userService
- .existsBySamlToken(oidcUserSub);
- boolean existUserByUsernameAsSamlToken = userService
- .existsBySamlToken(oidcUserPreferredUsername);
- boolean existUserByEmail = userService
- .existsByEmail(oidcUserEmail);
- if(existUserBySamlToken || existUserByUsernameAsSamlToken) {
- return false;
- }else return existUserByEmail;
+ if(userService.existsByEmail(oidcUserEmail)){
+ User user = userService.findByEmail(oidcUserEmail);
+ return user.getSamlToken().isEmpty();
+ }
+ return false;
}
@Override
--
GitLab
From e8bb7c9aab720cdb5aa93c7fa32914349473d4cf Mon Sep 17 00:00:00 2001
From: pkazimierowski <pkazimierowski@man.poznan.pl>
Date: Wed, 9 Apr 2025 09:13:31 +0200
Subject: [PATCH 05/11] fixed condition
---
.../geant/nmaas/portal/service/impl/OidcUserServiceImpl.java | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/main/java/net/geant/nmaas/portal/service/impl/OidcUserServiceImpl.java b/src/main/java/net/geant/nmaas/portal/service/impl/OidcUserServiceImpl.java
index 6b6b264f5..3303cbfa6 100644
--- a/src/main/java/net/geant/nmaas/portal/service/impl/OidcUserServiceImpl.java
+++ b/src/main/java/net/geant/nmaas/portal/service/impl/OidcUserServiceImpl.java
@@ -121,7 +121,7 @@ public class OidcUserServiceImpl implements OidcUserService {
if(userService.existsByEmail(oidcUserEmail)){
User user = userService.findByEmail(oidcUserEmail);
- return user.getSamlToken().isEmpty();
+ return user.getSamlToken() == null || user.getSamlToken().isEmpty();
}
return false;
}
--
GitLab
From 47a2760d52709a1ef8af1a324b7d5d814f7a4b4b Mon Sep 17 00:00:00 2001
From: Lukasz Lopatowski <llopat@man.poznan.pl>
Date: Wed, 9 Apr 2025 09:25:09 +0200
Subject: [PATCH 06/11] Refactor
---
.../portal/api/auth/OIDCAuthController.java | 28 ++++---------------
.../nmaas/portal/service/OidcUserService.java | 4 +++
.../service/impl/OidcUserServiceImpl.java | 14 ++++------
3 files changed, 14 insertions(+), 32 deletions(-)
diff --git a/src/main/java/net/geant/nmaas/portal/api/auth/OIDCAuthController.java b/src/main/java/net/geant/nmaas/portal/api/auth/OIDCAuthController.java
index 16512e829..60775d661 100644
--- a/src/main/java/net/geant/nmaas/portal/api/auth/OIDCAuthController.java
+++ b/src/main/java/net/geant/nmaas/portal/api/auth/OIDCAuthController.java
@@ -41,29 +41,20 @@ import static java.lang.String.format;
public class OIDCAuthController {
private final OidcUserService oidcUserService;
-
private final JWTTokenService jwtTokenService;
-
private final UserLoginRegisterService loginRegisterService;
-
private final UserService userService;
-
private final PasswordEncoder passwordEncoder;
-
private final DomainService domains;
-
private final ConfigurationManager configurationManager;
-
@Value("${portal.address}")
private String portalAddress;
@Value("${spring.security.oauth2.client.provider.my-oidc.issuer-uri:http://localhost:8080/realms/geant}")
private String oidcAddress;
-
@PostMapping("api/oidc/link")
public UserOidcToken oidcLinkedSuccess(@RequestBody final OidcLogin oidcLogin, HttpServletRequest request) {
-
User user = userService.findByEmail(oidcLogin.email());
try {
validate(
@@ -81,14 +72,12 @@ public class OIDCAuthController {
throw new AuthenticationException(ae.getMessage());
}
checkUserApprovals(user);
- if (
- configurationManager.getConfiguration().isMaintenance()
- && user.getRoles().stream().noneMatch(
- value -> value.getRole().equals(Role.ROLE_SYSTEM_ADMIN)
- )
- ) {
+
+ if (configurationManager.getConfiguration().isMaintenance()
+ && user.getRoles().stream().noneMatch(value -> value.getRole().equals(Role.ROLE_SYSTEM_ADMIN))) {
throw new UndergoingMaintenanceException("Application is undergoing maintenance right now");
}
+
this.loginRegisterService.registerNewSuccessfulLogin(
user,
request.getHeader(HttpHeaders.HOST),
@@ -108,13 +97,10 @@ public class OIDCAuthController {
jwtTokenService.getRefreshToken(linkedUser),
oidcLogin.oidcToken()
);
-
-
}
@GetMapping("/api/oidc/success")
public RedirectView oidcLoginSuccess(@AuthenticationPrincipal OidcUser oidcUser, HttpServletRequest request) {
-
if (oidcUserService.externalUserRequiredLinking(oidcUser)) {
String linkingRedirectUrl = portalAddress
+ "/login-linking?oidc_token="
@@ -122,7 +108,6 @@ public class OIDCAuthController {
return new RedirectView(linkingRedirectUrl);
}
-
try {
User user = oidcUserService.checkUser(oidcUser);
String redirectUrl = portalAddress
@@ -152,13 +137,10 @@ public class OIDCAuthController {
@GetMapping("/api/oidc/logout/{oidcToken}")
public RedirectView logout(@PathVariable String oidcToken) {
-
String logoutUrl = oidcAddress + "/protocol/openid-connect/logout";
return new RedirectView(logoutUrl + "?id_token_hint=" + oidcToken);
-
}
-
void validate(String email, String providedPassword, String actualPassword, boolean isEnabled) {
validateConditionAndLogMessage(email == null || providedPassword == null,
format("Login failed: missing credentials%s", email != null ? (format(" (email: %s)", email)) : ""));
@@ -168,7 +150,7 @@ public class OIDCAuthController {
void checkUserApprovals(User user) {
if (!user.isTermsOfUseAccepted() || !user.isPrivacyPolicyAccepted()) {
- log.info(format("Check during login: Terms of Use or Privacy Policy were not accepted by user [%s]", user.getUsername()));
+ log.info("Check during login: Terms of Use or Privacy Policy were not accepted by user [{}]", user.getUsername());
user.setNewRoles(ImmutableSet.of(new UserRole(user, domains.getGlobalDomain().orElseThrow(SignupException::new), Role.ROLE_NOT_ACCEPTED)));
}
}
diff --git a/src/main/java/net/geant/nmaas/portal/service/OidcUserService.java b/src/main/java/net/geant/nmaas/portal/service/OidcUserService.java
index 7f94bf9f9..2ec194196 100644
--- a/src/main/java/net/geant/nmaas/portal/service/OidcUserService.java
+++ b/src/main/java/net/geant/nmaas/portal/service/OidcUserService.java
@@ -7,9 +7,13 @@ import org.springframework.security.oauth2.core.oidc.user.OidcUser;
public interface OidcUserService {
User checkUser(OidcUser oidcUser);
+
User register(OidcUser user, Domain globalDomain);
+
User registerNewUser(OidcUser oidcUser);
+
boolean externalUserRequiredLinking(OidcUser oidcUser);
+
User linkUser(String email, String samlToken, String firstName, String lastName);
}
diff --git a/src/main/java/net/geant/nmaas/portal/service/impl/OidcUserServiceImpl.java b/src/main/java/net/geant/nmaas/portal/service/impl/OidcUserServiceImpl.java
index 3303cbfa6..45bd9a90e 100644
--- a/src/main/java/net/geant/nmaas/portal/service/impl/OidcUserServiceImpl.java
+++ b/src/main/java/net/geant/nmaas/portal/service/impl/OidcUserServiceImpl.java
@@ -58,8 +58,7 @@ public class OidcUserServiceImpl implements OidcUserService {
return userService
.findBySamlToken(oidcUserSub)
.orElseThrow();
- } else if (existUserByUsernameAsSamlToken
- || existsUserBySamlTokenAsEmail) {
+ } else if (existUserByUsernameAsSamlToken || existsUserBySamlTokenAsEmail) {
User user = userService
.findBySamlToken(oidcUserPreferredUsername)
.orElseThrow();
@@ -80,9 +79,7 @@ public class OidcUserServiceImpl implements OidcUserService {
@Override
public User registerNewUser(OidcUser oidcUser) {
try {
- return register(oidcUser,
- domains.getGlobalDomain().orElseThrow(MissingElementException::new)
- );
+ return register(oidcUser, domains.getGlobalDomain().orElseThrow(MissingElementException::new));
} catch (ObjectAlreadyExistsException e) {
throw new SignupException("User already exists");
} catch (MissingElementException e) {
@@ -93,7 +90,6 @@ public class OidcUserServiceImpl implements OidcUserService {
@Override
public User register(OidcUser oidcUser, Domain globalDomain) {
- Map<String, Object> attributes = oidcUser.getAttributes();
byte[] array = new byte[16];
new SecureRandom().nextBytes(array);
String generatedString = Base64.getEncoder().encodeToString(array);
@@ -119,10 +115,11 @@ public class OidcUserServiceImpl implements OidcUserService {
String oidcUserEmail = oidcUser.getAttribute("email");
- if(userService.existsByEmail(oidcUserEmail)){
- User user = userService.findByEmail(oidcUserEmail);
+ if (userService.existsByEmail(oidcUserEmail)) {
+ final User user = userService.findByEmail(oidcUserEmail);
return user.getSamlToken() == null || user.getSamlToken().isEmpty();
}
+
return false;
}
@@ -138,5 +135,4 @@ public class OidcUserServiceImpl implements OidcUserService {
return user;
}
-
}
--
GitLab
From 84181c4b2f4f9c7d3faee2bc073835a0a788624b Mon Sep 17 00:00:00 2001
From: pkazimierowski <pkazimierowski@man.poznan.pl>
Date: Wed, 9 Apr 2025 10:30:37 +0200
Subject: [PATCH 07/11] fixed condition
---
.../service/impl/OidcUserServiceImpl.java | 24 +++++++------------
1 file changed, 8 insertions(+), 16 deletions(-)
diff --git a/src/main/java/net/geant/nmaas/portal/service/impl/OidcUserServiceImpl.java b/src/main/java/net/geant/nmaas/portal/service/impl/OidcUserServiceImpl.java
index 45bd9a90e..562b3452e 100644
--- a/src/main/java/net/geant/nmaas/portal/service/impl/OidcUserServiceImpl.java
+++ b/src/main/java/net/geant/nmaas/portal/service/impl/OidcUserServiceImpl.java
@@ -49,31 +49,23 @@ public class OidcUserServiceImpl implements OidcUserService {
boolean existUserBySamlToken = userService
.existsBySamlToken(oidcUserSub);
- boolean existUserByUsernameAsSamlToken = userService
- .existsBySamlToken(oidcUserPreferredUsername);
- boolean existsUserBySamlTokenAsEmail = userService
- .existsBySamlToken(oidcUserEmail);
if (existUserBySamlToken) {
return userService
.findBySamlToken(oidcUserSub)
.orElseThrow();
- } else if (existUserByUsernameAsSamlToken || existsUserBySamlTokenAsEmail) {
- User user = userService
- .findBySamlToken(oidcUserPreferredUsername)
- .orElseThrow();
- if (user.getEmail().equals(oidcUserEmail)) {
+ }
+ if(userService.existsByEmail(oidcUserEmail)) {
+ User user = userService.findByEmail(oidcUserEmail);
+ if (user.getSamlToken().equals(oidcUserEmail)
+ || user.getSamlToken().equals(oidcUserPreferredUsername)) {
user.setSamlToken(oidcUserSub);
userService.update(user);
return user;
- } else {
- throw new ExternalUserMatchException("External user "
- + oidcUserPreferredUsername
- + " does not match internal user ");
- }
- } else {
- return registerNewUser(oidcUser);
+ }
}
+ return registerNewUser(oidcUser);
+
}
@Override
--
GitLab
From e5bcebca80886614870ca7cdd1f717d2a5e2da92 Mon Sep 17 00:00:00 2001
From: pkazimierowski <pkazimierowski@man.poznan.pl>
Date: Wed, 9 Apr 2025 15:21:47 +0200
Subject: [PATCH 08/11] fixed test
---
.../nmaas/portal/service/impl/OidcUserServiceImplTest.java | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/src/test/java/net/geant/nmaas/portal/service/impl/OidcUserServiceImplTest.java b/src/test/java/net/geant/nmaas/portal/service/impl/OidcUserServiceImplTest.java
index bfc13ee3c..959c22530 100644
--- a/src/test/java/net/geant/nmaas/portal/service/impl/OidcUserServiceImplTest.java
+++ b/src/test/java/net/geant/nmaas/portal/service/impl/OidcUserServiceImplTest.java
@@ -66,10 +66,10 @@ class OidcUserServiceImplTest {
//given
User existingUser = new User("testuser");
existingUser.setEmail("test@example.com");
+ existingUser.setSamlToken("test@example.com");
//when
- when(userService.existsBySamlToken("test-sub")).thenReturn(false);
- when(userService.existsBySamlToken("testuser")).thenReturn(true);
- when(userService.findBySamlToken("testuser")).thenReturn(Optional.of(existingUser));
+ when(userService.existsByEmail("test@example.com")).thenReturn(true);
+ when(userService.findByEmail("test@example.com")).thenReturn(existingUser);
User result = oidcUserService.checkUser(oidcUser);
//then
assertEquals(existingUser, result);
--
GitLab
From 3baddfbca967db27efeb8ed690d6bec26d8f7b61 Mon Sep 17 00:00:00 2001
From: pkazimierowski <pkazimierowski@man.poznan.pl>
Date: Wed, 9 Apr 2025 15:22:12 +0200
Subject: [PATCH 09/11] removed redundant test
---
.../portal/service/impl/OidcUserServiceImplTest.java | 12 ------------
1 file changed, 12 deletions(-)
diff --git a/src/test/java/net/geant/nmaas/portal/service/impl/OidcUserServiceImplTest.java b/src/test/java/net/geant/nmaas/portal/service/impl/OidcUserServiceImplTest.java
index 959c22530..44860c31d 100644
--- a/src/test/java/net/geant/nmaas/portal/service/impl/OidcUserServiceImplTest.java
+++ b/src/test/java/net/geant/nmaas/portal/service/impl/OidcUserServiceImplTest.java
@@ -75,18 +75,6 @@ class OidcUserServiceImplTest {
assertEquals(existingUser, result);
}
- @Test
- void shouldThrowExceptionWhenPreferredUsernameDoesNotMatchEmail() {
- //given
- User existingUser = new User("testuser");
- existingUser.setEmail("diffrent@example.com");
- //when
- when(userService.existsBySamlToken("test-sub")).thenReturn(false);
- when(userService.existsBySamlToken("testuser")).thenReturn(true);
- when(userService.findBySamlToken("testuser")).thenReturn(Optional.of(existingUser));
- //then
- assertThrows(ExternalUserMatchException.class, () -> oidcUserService.checkUser(oidcUser));
- }
}
\ No newline at end of file
--
GitLab
From cee6490a2fa341a646d7437f6a319b17bdd9831c Mon Sep 17 00:00:00 2001
From: Lukasz Lopatowski <llopat@man.poznan.pl>
Date: Wed, 9 Apr 2025 21:31:08 +0200
Subject: [PATCH 10/11] Updated version to 1.7.1 and added initial changelog
---
build.gradle | 10 +++++-----
.../nmaas/portal/api/auth/OIDCAuthController.java | 2 +-
.../geant/nmaas/portal/service/OidcUserService.java | 2 +-
.../portal/service/impl/OidcUserServiceImpl.java | 13 +++----------
src/main/resources/changelog.json | 11 +++++++++++
.../portal/api/auth/OIDCAuthControllerTest.java | 4 ++--
6 files changed, 23 insertions(+), 19 deletions(-)
diff --git a/build.gradle b/build.gradle
index a3f6c9574..e4d4daa9f 100644
--- a/build.gradle
+++ b/build.gradle
@@ -13,7 +13,7 @@ repositories {
mavenCentral()
}
-version = '1.7.0'
+version = '1.7.1'
group = 'net.geant.nmaas'
java {
@@ -34,7 +34,7 @@ protobuf {
}
plugins {
grpc {
- artifact = 'io.grpc:protoc-gen-grpc-java:1.69.1'
+ artifact = 'io.grpc:protoc-gen-grpc-java:1.71.0'
}
}
generateProtoTasks {
@@ -133,9 +133,9 @@ dependencies {
implementation('io.fabric8:kubernetes-client:6.13.5')
implementation('com.google.protobuf:protobuf-java:4.29.3')
- implementation('io.grpc:grpc-netty-shaded:1.69.1')
- implementation('io.grpc:grpc-protobuf:1.69.1')
- implementation('io.grpc:grpc-stub:1.69.1')
+ implementation('io.grpc:grpc-netty-shaded:1.71.0')
+ implementation('io.grpc:grpc-protobuf:1.71.0')
+ implementation('io.grpc:grpc-stub:1.71.0')
implementation('com.opencsv:opencsv:5.9')
diff --git a/src/main/java/net/geant/nmaas/portal/api/auth/OIDCAuthController.java b/src/main/java/net/geant/nmaas/portal/api/auth/OIDCAuthController.java
index 60775d661..df0071568 100644
--- a/src/main/java/net/geant/nmaas/portal/api/auth/OIDCAuthController.java
+++ b/src/main/java/net/geant/nmaas/portal/api/auth/OIDCAuthController.java
@@ -101,7 +101,7 @@ public class OIDCAuthController {
@GetMapping("/api/oidc/success")
public RedirectView oidcLoginSuccess(@AuthenticationPrincipal OidcUser oidcUser, HttpServletRequest request) {
- if (oidcUserService.externalUserRequiredLinking(oidcUser)) {
+ if (oidcUserService.externalUserRequiresLinking(oidcUser)) {
String linkingRedirectUrl = portalAddress
+ "/login-linking?oidc_token="
+ oidcUser.getIdToken().getTokenValue();
diff --git a/src/main/java/net/geant/nmaas/portal/service/OidcUserService.java b/src/main/java/net/geant/nmaas/portal/service/OidcUserService.java
index 2ec194196..c5829ede4 100644
--- a/src/main/java/net/geant/nmaas/portal/service/OidcUserService.java
+++ b/src/main/java/net/geant/nmaas/portal/service/OidcUserService.java
@@ -12,7 +12,7 @@ public interface OidcUserService {
User registerNewUser(OidcUser oidcUser);
- boolean externalUserRequiredLinking(OidcUser oidcUser);
+ boolean externalUserRequiresLinking(OidcUser oidcUser);
User linkUser(String email, String samlToken, String firstName, String lastName);
diff --git a/src/main/java/net/geant/nmaas/portal/service/impl/OidcUserServiceImpl.java b/src/main/java/net/geant/nmaas/portal/service/impl/OidcUserServiceImpl.java
index 562b3452e..85b513fec 100644
--- a/src/main/java/net/geant/nmaas/portal/service/impl/OidcUserServiceImpl.java
+++ b/src/main/java/net/geant/nmaas/portal/service/impl/OidcUserServiceImpl.java
@@ -4,8 +4,6 @@ import lombok.RequiredArgsConstructor;
import lombok.extern.slf4j.Slf4j;
import net.geant.nmaas.portal.api.exception.MissingElementException;
import net.geant.nmaas.portal.api.exception.SignupException;
-import net.geant.nmaas.portal.api.exception.ExternalUserCanNotBeLinked;
-import net.geant.nmaas.portal.api.exception.ExternalUserMatchException;
import net.geant.nmaas.portal.exceptions.ObjectAlreadyExistsException;
import net.geant.nmaas.portal.persistent.entity.Domain;
import net.geant.nmaas.portal.persistent.entity.Role;
@@ -21,7 +19,6 @@ import org.springframework.stereotype.Service;
import java.security.SecureRandom;
import java.util.Base64;
-import java.util.Map;
@Service
@RequiredArgsConstructor
@@ -29,17 +26,13 @@ import java.util.Map;
public class OidcUserServiceImpl implements OidcUserService {
private final UserService userService;
-
private final DomainService domains;
-
private final UserRepository userRepository;
-
private final ConfigurationManager configurationManager;
@Value("${oidc.allowedLinkingUsersByEmail:false}")
private boolean allowedLinkingUsersByEmail;
-
@Override
public User checkUser(OidcUser oidcUser) {
@@ -55,14 +48,14 @@ public class OidcUserServiceImpl implements OidcUserService {
.findBySamlToken(oidcUserSub)
.orElseThrow();
}
- if(userService.existsByEmail(oidcUserEmail)) {
+ if (userService.existsByEmail(oidcUserEmail)) {
User user = userService.findByEmail(oidcUserEmail);
if (user.getSamlToken().equals(oidcUserEmail)
|| user.getSamlToken().equals(oidcUserPreferredUsername)) {
user.setSamlToken(oidcUserSub);
userService.update(user);
return user;
- }
+ }
}
return registerNewUser(oidcUser);
@@ -103,7 +96,7 @@ public class OidcUserServiceImpl implements OidcUserService {
}
@Override
- public boolean externalUserRequiredLinking(OidcUser oidcUser) {
+ public boolean externalUserRequiresLinking(OidcUser oidcUser) {
String oidcUserEmail = oidcUser.getAttribute("email");
diff --git a/src/main/resources/changelog.json b/src/main/resources/changelog.json
index 8c1c9229d..388478d4f 100644
--- a/src/main/resources/changelog.json
+++ b/src/main/resources/changelog.json
@@ -1,5 +1,16 @@
{
"versions" : [
+ {
+ "verNo" : "1.7.1",
+ "date" : "(2025/04/10)",
+ "topic" : [
+ {
+ "title" : "Authentication and user access improvements",
+ "tags" : "[Enhancement]",
+ "description" : "JWT size reduction and account linking mechanism"
+ }
+ ]
+ },
{
"verNo" : "1.7.0",
"date" : "(2025/04/02)",
diff --git a/src/test/java/net/geant/nmaas/portal/api/auth/OIDCAuthControllerTest.java b/src/test/java/net/geant/nmaas/portal/api/auth/OIDCAuthControllerTest.java
index 90b0cdce3..8398cba5c 100644
--- a/src/test/java/net/geant/nmaas/portal/api/auth/OIDCAuthControllerTest.java
+++ b/src/test/java/net/geant/nmaas/portal/api/auth/OIDCAuthControllerTest.java
@@ -114,7 +114,7 @@ class OIDCAuthControllerTest {
when(idToken.getTokenValue()).thenReturn("oidc-token");
when(oidcUser.getIdToken()).thenReturn(idToken);
- when(oidcUserService.externalUserRequiredLinking(any())).thenReturn(false);
+ when(oidcUserService.externalUserRequiresLinking(any())).thenReturn(false);
Constructor<User> userConstructor = User.class.getDeclaredConstructor();
userConstructor.setAccessible(true);
@@ -147,7 +147,7 @@ class OIDCAuthControllerTest {
when(idToken.getTokenValue()).thenReturn("oidc-token");
when(oidcUser.getIdToken()).thenReturn(idToken);
- when(oidcUserService.externalUserRequiredLinking(any())).thenReturn(true);
+ when(oidcUserService.externalUserRequiresLinking(any())).thenReturn(true);
// when
RedirectView result = oidcAuthController.oidcLoginSuccess(oidcUser, request);
--
GitLab
From 0630a212c97dd6a9fa9cd6068c6dfa453aea367b Mon Sep 17 00:00:00 2001
From: Lukasz Lopatowski <llopat@man.poznan.pl>
Date: Thu, 10 Apr 2025 13:05:54 +0200
Subject: [PATCH 11/11] Fixed changelog and pumped boot version
---
build.gradle | 2 +-
src/main/resources/changelog.json | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/build.gradle b/build.gradle
index e4d4daa9f..ef1ef35b3 100644
--- a/build.gradle
+++ b/build.gradle
@@ -2,7 +2,7 @@ plugins {
id 'java'
id 'idea'
id 'jacoco'
- id 'org.springframework.boot' version '3.4.3'
+ id 'org.springframework.boot' version '3.4.4'
id 'io.spring.dependency-management' version '1.1.7'
id 'com.gorylenko.gradle-git-properties' version '2.4.2'
id 'org.sonarqube' version '6.0.1.5171'
diff --git a/src/main/resources/changelog.json b/src/main/resources/changelog.json
index 388478d4f..ed50a597c 100644
--- a/src/main/resources/changelog.json
+++ b/src/main/resources/changelog.json
@@ -17,7 +17,7 @@
"topic" : [
{
"title" : "Integration with OIDC-compliant IdP",
- "tags" : "[New feature]",
+ "tags" : "[New Feature]",
"description" : "Moved away from the custom SAML-based IdP integration in favor of adding OIDC support"
},
{
--
GitLab