From a1740d3c9274c3ff389326fc013cdc9057bc02f2 Mon Sep 17 00:00:00 2001
From: pkazimierowski <pkazimierowski@man.poznan.pl>
Date: Mon, 7 Apr 2025 10:10:02 +0200
Subject: [PATCH 01/11] changed from array to set for a role

---
 .../net/geant/nmaas/portal/api/security/JWTTokenService.java   | 3 ++-
 src/main/resources/application.properties                      | 2 +-
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/src/main/java/net/geant/nmaas/portal/api/security/JWTTokenService.java b/src/main/java/net/geant/nmaas/portal/api/security/JWTTokenService.java
index 4397f113c..c63d712c4 100644
--- a/src/main/java/net/geant/nmaas/portal/api/security/JWTTokenService.java
+++ b/src/main/java/net/geant/nmaas/portal/api/security/JWTTokenService.java
@@ -19,6 +19,7 @@ import java.util.Collections;
 import java.util.Date;
 import java.util.List;
 import java.util.UUID;
+import java.util.stream.Collectors;
 
 @Service("jwtTokenService")
 @NoArgsConstructor
@@ -82,7 +83,7 @@ public class JWTTokenService {
                                 role ->
                                         role.getRole().toString()
                         )
-                        .toArray(String[]::new)
+                        .collect(Collectors.toSet())
                 )
                 .claim(LANGUAGE, user.getSelectedLanguage())
                 .signWith(getSignInKey(jwtSettings.getSigningKey()), SignatureAlgorithm.HS512)
diff --git a/src/main/resources/application.properties b/src/main/resources/application.properties
index 8c488a36b..4c48a5974 100644
--- a/src/main/resources/application.properties
+++ b/src/main/resources/application.properties
@@ -143,7 +143,7 @@ kubernetes.deployment.defaultStorageClass=${K8S_DEPLOYMENT_DEFAULT_STORAGE_CLASS
 # Portal configuration #
 # -------------------- #
 portal.config.maintenance=${PORTAL_MAINTENANCE_FLAG:false}
-portal.config.ssoLoginAllowed=${PORTAL_SSO_ALLOWED_FLAG:false}
+portal.config.ssoLoginAllowed=${PORTAL_SSO_ALLOWED_FLAG:true}
 portal.config.defaultLanguage=${PORTAL_DEFAULT_LANG:en}
 portal.config.testInstance=${PORTAL_TEST_INSTANCE_FLAG:false}
 portal.config.sendAppInstanceFailureEmails=${PORTAL_SEND_FAILURE_NOTIF_FLAG:false}
-- 
GitLab


From 78467fe72f663e93b0b8300161a397160649b559 Mon Sep 17 00:00:00 2001
From: Patryk Kazimierowski <pkazimierowski@man.poznan.pl>
Date: Mon, 7 Apr 2025 08:11:24 +0000
Subject: [PATCH 02/11] rollback

---
 src/main/resources/application.properties | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/main/resources/application.properties b/src/main/resources/application.properties
index 4c48a5974..8c488a36b 100644
--- a/src/main/resources/application.properties
+++ b/src/main/resources/application.properties
@@ -143,7 +143,7 @@ kubernetes.deployment.defaultStorageClass=${K8S_DEPLOYMENT_DEFAULT_STORAGE_CLASS
 # Portal configuration #
 # -------------------- #
 portal.config.maintenance=${PORTAL_MAINTENANCE_FLAG:false}
-portal.config.ssoLoginAllowed=${PORTAL_SSO_ALLOWED_FLAG:true}
+portal.config.ssoLoginAllowed=${PORTAL_SSO_ALLOWED_FLAG:false}
 portal.config.defaultLanguage=${PORTAL_DEFAULT_LANG:en}
 portal.config.testInstance=${PORTAL_TEST_INSTANCE_FLAG:false}
 portal.config.sendAppInstanceFailureEmails=${PORTAL_SEND_FAILURE_NOTIF_FLAG:false}
-- 
GitLab


From a7506857fe28cc49d0db40a863fc64f62eb8511e Mon Sep 17 00:00:00 2001
From: kbeyro <121854496+kbeyro@users.noreply.github.com>
Date: Mon, 7 Apr 2025 11:46:10 +0200
Subject: [PATCH 03/11] catch IllegalArgument and return DataConflict

---
 .../nmaas/portal/api/market/DomainController.java | 15 ++++++++++++++-
 1 file changed, 14 insertions(+), 1 deletion(-)

diff --git a/src/main/java/net/geant/nmaas/portal/api/market/DomainController.java b/src/main/java/net/geant/nmaas/portal/api/market/DomainController.java
index d86dece0d..019da0b7e 100644
--- a/src/main/java/net/geant/nmaas/portal/api/market/DomainController.java
+++ b/src/main/java/net/geant/nmaas/portal/api/market/DomainController.java
@@ -19,6 +19,7 @@ import net.geant.nmaas.portal.api.domain.KeyValueView;
 import net.geant.nmaas.portal.api.domain.UserViewMinimal;
 import net.geant.nmaas.portal.api.exception.MissingElementException;
 import net.geant.nmaas.portal.api.exception.ProcessingException;
+import net.geant.nmaas.portal.exceptions.DataConflictException;
 import net.geant.nmaas.portal.exceptions.ObjectNotFoundException;
 import net.geant.nmaas.portal.persistent.entity.ApplicationStatePerDomain;
 import net.geant.nmaas.portal.persistent.entity.Domain;
@@ -36,9 +37,11 @@ import org.apache.commons.lang3.StringUtils;
 import org.modelmapper.ModelMapper;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.ApplicationEventPublisher;
+import org.springframework.http.HttpStatus;
 import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.transaction.annotation.Transactional;
 import org.springframework.web.bind.annotation.DeleteMapping;
+import org.springframework.web.bind.annotation.ExceptionHandler;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.PatchMapping;
 import org.springframework.web.bind.annotation.PathVariable;
@@ -47,6 +50,7 @@ import org.springframework.web.bind.annotation.PutMapping;
 import org.springframework.web.bind.annotation.RequestBody;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestParam;
+import org.springframework.web.bind.annotation.ResponseStatus;
 import org.springframework.web.bind.annotation.RestController;
 
 import java.nio.file.AccessDeniedException;
@@ -142,7 +146,11 @@ public class DomainController extends AppBaseController {
 			}
 
 			return new Id(domain.getId());
-		} catch (InvalidDomainException e) {
+
+		} catch (IllegalArgumentException e) {
+			throw new DataConflictException(e.getMessage());
+		}
+		 catch (InvalidDomainException e) {
 			throw new ProcessingException(e.getMessage());
 		}
 	}
@@ -365,4 +373,9 @@ public class DomainController extends AppBaseController {
 		this.domainService.updateAnnotation(id, annotation);
 	}
 
+	@ExceptionHandler(DataConflictException.class)
+	@ResponseStatus(code = HttpStatus.CONFLICT)
+	public String handleDataConfigException(DataConflictException e){
+		return e.getMessage();
+	}
 }
\ No newline at end of file
-- 
GitLab


From 5ab75c9b7a8404071c39bab63259a9d4d95b88b1 Mon Sep 17 00:00:00 2001
From: pkazimierowski <pkazimierowski@man.poznan.pl>
Date: Wed, 9 Apr 2025 09:01:21 +0200
Subject: [PATCH 04/11] extended conditions for saml token

---
 .../service/impl/OidcUserServiceImpl.java     | 26 +++++++------------
 1 file changed, 10 insertions(+), 16 deletions(-)

diff --git a/src/main/java/net/geant/nmaas/portal/service/impl/OidcUserServiceImpl.java b/src/main/java/net/geant/nmaas/portal/service/impl/OidcUserServiceImpl.java
index a9eebe460..6b6b264f5 100644
--- a/src/main/java/net/geant/nmaas/portal/service/impl/OidcUserServiceImpl.java
+++ b/src/main/java/net/geant/nmaas/portal/service/impl/OidcUserServiceImpl.java
@@ -51,14 +51,15 @@ public class OidcUserServiceImpl implements OidcUserService {
                 .existsBySamlToken(oidcUserSub);
         boolean existUserByUsernameAsSamlToken = userService
                 .existsBySamlToken(oidcUserPreferredUsername);
-        boolean existUserByEmail = userService
-                .existsByEmail(oidcUserEmail);
+        boolean existsUserBySamlTokenAsEmail = userService
+                .existsBySamlToken(oidcUserEmail);
 
         if (existUserBySamlToken) {
             return userService
                     .findBySamlToken(oidcUserSub)
                     .orElseThrow();
-        } else if (existUserByUsernameAsSamlToken) {
+        } else if (existUserByUsernameAsSamlToken
+                || existsUserBySamlTokenAsEmail) {
             User user = userService
                     .findBySamlToken(oidcUserPreferredUsername)
                     .orElseThrow();
@@ -71,7 +72,7 @@ public class OidcUserServiceImpl implements OidcUserService {
                         + oidcUserPreferredUsername
                         + " does not match internal user ");
             }
-        }  else {
+        } else {
             return registerNewUser(oidcUser);
         }
     }
@@ -116,20 +117,13 @@ public class OidcUserServiceImpl implements OidcUserService {
     @Override
     public boolean externalUserRequiredLinking(OidcUser oidcUser) {
 
-        String oidcUserSub = oidcUser.getAttribute("sub");
         String oidcUserEmail = oidcUser.getAttribute("email");
-        String oidcUserPreferredUsername = oidcUser.getAttribute("preferred_username");
-
-        boolean existUserBySamlToken = userService
-                .existsBySamlToken(oidcUserSub);
-        boolean existUserByUsernameAsSamlToken = userService
-                .existsBySamlToken(oidcUserPreferredUsername);
-        boolean existUserByEmail = userService
-                .existsByEmail(oidcUserEmail);
 
-        if(existUserBySamlToken || existUserByUsernameAsSamlToken) {
-            return false;
-        }else return existUserByEmail;
+        if(userService.existsByEmail(oidcUserEmail)){
+            User user = userService.findByEmail(oidcUserEmail);
+            return user.getSamlToken().isEmpty();
+        }
+        return false;
     }
 
     @Override
-- 
GitLab


From e8bb7c9aab720cdb5aa93c7fa32914349473d4cf Mon Sep 17 00:00:00 2001
From: pkazimierowski <pkazimierowski@man.poznan.pl>
Date: Wed, 9 Apr 2025 09:13:31 +0200
Subject: [PATCH 05/11] fixed condition

---
 .../geant/nmaas/portal/service/impl/OidcUserServiceImpl.java    | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/main/java/net/geant/nmaas/portal/service/impl/OidcUserServiceImpl.java b/src/main/java/net/geant/nmaas/portal/service/impl/OidcUserServiceImpl.java
index 6b6b264f5..3303cbfa6 100644
--- a/src/main/java/net/geant/nmaas/portal/service/impl/OidcUserServiceImpl.java
+++ b/src/main/java/net/geant/nmaas/portal/service/impl/OidcUserServiceImpl.java
@@ -121,7 +121,7 @@ public class OidcUserServiceImpl implements OidcUserService {
 
         if(userService.existsByEmail(oidcUserEmail)){
             User user = userService.findByEmail(oidcUserEmail);
-            return user.getSamlToken().isEmpty();
+            return user.getSamlToken() == null || user.getSamlToken().isEmpty();
         }
         return false;
     }
-- 
GitLab


From 47a2760d52709a1ef8af1a324b7d5d814f7a4b4b Mon Sep 17 00:00:00 2001
From: Lukasz Lopatowski <llopat@man.poznan.pl>
Date: Wed, 9 Apr 2025 09:25:09 +0200
Subject: [PATCH 06/11] Refactor

---
 .../portal/api/auth/OIDCAuthController.java   | 28 ++++---------------
 .../nmaas/portal/service/OidcUserService.java |  4 +++
 .../service/impl/OidcUserServiceImpl.java     | 14 ++++------
 3 files changed, 14 insertions(+), 32 deletions(-)

diff --git a/src/main/java/net/geant/nmaas/portal/api/auth/OIDCAuthController.java b/src/main/java/net/geant/nmaas/portal/api/auth/OIDCAuthController.java
index 16512e829..60775d661 100644
--- a/src/main/java/net/geant/nmaas/portal/api/auth/OIDCAuthController.java
+++ b/src/main/java/net/geant/nmaas/portal/api/auth/OIDCAuthController.java
@@ -41,29 +41,20 @@ import static java.lang.String.format;
 public class OIDCAuthController {
 
     private final OidcUserService oidcUserService;
-
     private final JWTTokenService jwtTokenService;
-
     private final UserLoginRegisterService loginRegisterService;
-
     private final UserService userService;
-
     private final PasswordEncoder passwordEncoder;
-
     private final DomainService domains;
-
     private final ConfigurationManager configurationManager;
 
-
     @Value("${portal.address}")
     private String portalAddress;
     @Value("${spring.security.oauth2.client.provider.my-oidc.issuer-uri:http://localhost:8080/realms/geant}")
     private String oidcAddress;
 
-
     @PostMapping("api/oidc/link")
     public UserOidcToken oidcLinkedSuccess(@RequestBody final OidcLogin oidcLogin, HttpServletRequest request) {
-
         User user = userService.findByEmail(oidcLogin.email());
         try {
             validate(
@@ -81,14 +72,12 @@ public class OIDCAuthController {
             throw new AuthenticationException(ae.getMessage());
         }
         checkUserApprovals(user);
-        if (
-                configurationManager.getConfiguration().isMaintenance()
-                        && user.getRoles().stream().noneMatch(
-                        value -> value.getRole().equals(Role.ROLE_SYSTEM_ADMIN)
-                )
-        ) {
+
+        if (configurationManager.getConfiguration().isMaintenance()
+                && user.getRoles().stream().noneMatch(value -> value.getRole().equals(Role.ROLE_SYSTEM_ADMIN))) {
             throw new UndergoingMaintenanceException("Application is undergoing maintenance right now");
         }
+
         this.loginRegisterService.registerNewSuccessfulLogin(
                 user,
                 request.getHeader(HttpHeaders.HOST),
@@ -108,13 +97,10 @@ public class OIDCAuthController {
                 jwtTokenService.getRefreshToken(linkedUser),
                 oidcLogin.oidcToken()
         );
-
-
     }
 
     @GetMapping("/api/oidc/success")
     public RedirectView oidcLoginSuccess(@AuthenticationPrincipal OidcUser oidcUser, HttpServletRequest request) {
-
         if (oidcUserService.externalUserRequiredLinking(oidcUser)) {
             String linkingRedirectUrl = portalAddress
                     + "/login-linking?oidc_token="
@@ -122,7 +108,6 @@ public class OIDCAuthController {
             return new RedirectView(linkingRedirectUrl);
         }
 
-
         try {
             User user = oidcUserService.checkUser(oidcUser);
             String redirectUrl = portalAddress
@@ -152,13 +137,10 @@ public class OIDCAuthController {
 
     @GetMapping("/api/oidc/logout/{oidcToken}")
     public RedirectView logout(@PathVariable String oidcToken) {
-
         String logoutUrl = oidcAddress + "/protocol/openid-connect/logout";
         return new RedirectView(logoutUrl + "?id_token_hint=" + oidcToken);
-
     }
 
-
     void validate(String email, String providedPassword, String actualPassword, boolean isEnabled) {
         validateConditionAndLogMessage(email == null || providedPassword == null,
                 format("Login failed: missing credentials%s", email != null ? (format(" (email: %s)", email)) : ""));
@@ -168,7 +150,7 @@ public class OIDCAuthController {
 
     void checkUserApprovals(User user) {
         if (!user.isTermsOfUseAccepted() || !user.isPrivacyPolicyAccepted()) {
-            log.info(format("Check during login: Terms of Use or Privacy Policy were not accepted by user [%s]", user.getUsername()));
+            log.info("Check during login: Terms of Use or Privacy Policy were not accepted by user [{}]", user.getUsername());
             user.setNewRoles(ImmutableSet.of(new UserRole(user, domains.getGlobalDomain().orElseThrow(SignupException::new), Role.ROLE_NOT_ACCEPTED)));
         }
     }
diff --git a/src/main/java/net/geant/nmaas/portal/service/OidcUserService.java b/src/main/java/net/geant/nmaas/portal/service/OidcUserService.java
index 7f94bf9f9..2ec194196 100644
--- a/src/main/java/net/geant/nmaas/portal/service/OidcUserService.java
+++ b/src/main/java/net/geant/nmaas/portal/service/OidcUserService.java
@@ -7,9 +7,13 @@ import org.springframework.security.oauth2.core.oidc.user.OidcUser;
 public interface OidcUserService {
 
     User checkUser(OidcUser oidcUser);
+
     User register(OidcUser user, Domain globalDomain);
+
     User registerNewUser(OidcUser oidcUser);
+
     boolean externalUserRequiredLinking(OidcUser oidcUser);
+
     User linkUser(String email, String samlToken, String firstName, String lastName);
 
 }
diff --git a/src/main/java/net/geant/nmaas/portal/service/impl/OidcUserServiceImpl.java b/src/main/java/net/geant/nmaas/portal/service/impl/OidcUserServiceImpl.java
index 3303cbfa6..45bd9a90e 100644
--- a/src/main/java/net/geant/nmaas/portal/service/impl/OidcUserServiceImpl.java
+++ b/src/main/java/net/geant/nmaas/portal/service/impl/OidcUserServiceImpl.java
@@ -58,8 +58,7 @@ public class OidcUserServiceImpl implements OidcUserService {
             return userService
                     .findBySamlToken(oidcUserSub)
                     .orElseThrow();
-        } else if (existUserByUsernameAsSamlToken
-                || existsUserBySamlTokenAsEmail) {
+        } else if (existUserByUsernameAsSamlToken || existsUserBySamlTokenAsEmail) {
             User user = userService
                     .findBySamlToken(oidcUserPreferredUsername)
                     .orElseThrow();
@@ -80,9 +79,7 @@ public class OidcUserServiceImpl implements OidcUserService {
     @Override
     public User registerNewUser(OidcUser oidcUser) {
         try {
-            return register(oidcUser,
-                    domains.getGlobalDomain().orElseThrow(MissingElementException::new)
-            );
+            return register(oidcUser, domains.getGlobalDomain().orElseThrow(MissingElementException::new));
         } catch (ObjectAlreadyExistsException e) {
             throw new SignupException("User already exists");
         } catch (MissingElementException e) {
@@ -93,7 +90,6 @@ public class OidcUserServiceImpl implements OidcUserService {
     @Override
     public User register(OidcUser oidcUser, Domain globalDomain) {
 
-        Map<String, Object> attributes = oidcUser.getAttributes();
         byte[] array = new byte[16];
         new SecureRandom().nextBytes(array);
         String generatedString = Base64.getEncoder().encodeToString(array);
@@ -119,10 +115,11 @@ public class OidcUserServiceImpl implements OidcUserService {
 
         String oidcUserEmail = oidcUser.getAttribute("email");
 
-        if(userService.existsByEmail(oidcUserEmail)){
-            User user = userService.findByEmail(oidcUserEmail);
+        if (userService.existsByEmail(oidcUserEmail)) {
+            final User user = userService.findByEmail(oidcUserEmail);
             return user.getSamlToken() == null || user.getSamlToken().isEmpty();
         }
+
         return false;
     }
 
@@ -138,5 +135,4 @@ public class OidcUserServiceImpl implements OidcUserService {
         return user;
     }
 
-
 }
-- 
GitLab


From 84181c4b2f4f9c7d3faee2bc073835a0a788624b Mon Sep 17 00:00:00 2001
From: pkazimierowski <pkazimierowski@man.poznan.pl>
Date: Wed, 9 Apr 2025 10:30:37 +0200
Subject: [PATCH 07/11] fixed condition

---
 .../service/impl/OidcUserServiceImpl.java     | 24 +++++++------------
 1 file changed, 8 insertions(+), 16 deletions(-)

diff --git a/src/main/java/net/geant/nmaas/portal/service/impl/OidcUserServiceImpl.java b/src/main/java/net/geant/nmaas/portal/service/impl/OidcUserServiceImpl.java
index 45bd9a90e..562b3452e 100644
--- a/src/main/java/net/geant/nmaas/portal/service/impl/OidcUserServiceImpl.java
+++ b/src/main/java/net/geant/nmaas/portal/service/impl/OidcUserServiceImpl.java
@@ -49,31 +49,23 @@ public class OidcUserServiceImpl implements OidcUserService {
 
         boolean existUserBySamlToken = userService
                 .existsBySamlToken(oidcUserSub);
-        boolean existUserByUsernameAsSamlToken = userService
-                .existsBySamlToken(oidcUserPreferredUsername);
-        boolean existsUserBySamlTokenAsEmail = userService
-                .existsBySamlToken(oidcUserEmail);
 
         if (existUserBySamlToken) {
             return userService
                     .findBySamlToken(oidcUserSub)
                     .orElseThrow();
-        } else if (existUserByUsernameAsSamlToken || existsUserBySamlTokenAsEmail) {
-            User user = userService
-                    .findBySamlToken(oidcUserPreferredUsername)
-                    .orElseThrow();
-            if (user.getEmail().equals(oidcUserEmail)) {
+        }
+        if(userService.existsByEmail(oidcUserEmail)) {
+            User user = userService.findByEmail(oidcUserEmail);
+            if (user.getSamlToken().equals(oidcUserEmail)
+                    || user.getSamlToken().equals(oidcUserPreferredUsername)) {
                 user.setSamlToken(oidcUserSub);
                 userService.update(user);
                 return user;
-            } else {
-                throw new ExternalUserMatchException("External user "
-                        + oidcUserPreferredUsername
-                        + " does not match internal user ");
-            }
-        } else {
-            return registerNewUser(oidcUser);
+                }
         }
+        return registerNewUser(oidcUser);
+
     }
 
     @Override
-- 
GitLab


From e5bcebca80886614870ca7cdd1f717d2a5e2da92 Mon Sep 17 00:00:00 2001
From: pkazimierowski <pkazimierowski@man.poznan.pl>
Date: Wed, 9 Apr 2025 15:21:47 +0200
Subject: [PATCH 08/11] fixed test

---
 .../nmaas/portal/service/impl/OidcUserServiceImplTest.java  | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/test/java/net/geant/nmaas/portal/service/impl/OidcUserServiceImplTest.java b/src/test/java/net/geant/nmaas/portal/service/impl/OidcUserServiceImplTest.java
index bfc13ee3c..959c22530 100644
--- a/src/test/java/net/geant/nmaas/portal/service/impl/OidcUserServiceImplTest.java
+++ b/src/test/java/net/geant/nmaas/portal/service/impl/OidcUserServiceImplTest.java
@@ -66,10 +66,10 @@ class OidcUserServiceImplTest {
         //given
         User existingUser = new User("testuser");
         existingUser.setEmail("test@example.com");
+        existingUser.setSamlToken("test@example.com");
         //when
-        when(userService.existsBySamlToken("test-sub")).thenReturn(false);
-        when(userService.existsBySamlToken("testuser")).thenReturn(true);
-        when(userService.findBySamlToken("testuser")).thenReturn(Optional.of(existingUser));
+        when(userService.existsByEmail("test@example.com")).thenReturn(true);
+        when(userService.findByEmail("test@example.com")).thenReturn(existingUser);
         User result = oidcUserService.checkUser(oidcUser);
         //then
         assertEquals(existingUser, result);
-- 
GitLab


From 3baddfbca967db27efeb8ed690d6bec26d8f7b61 Mon Sep 17 00:00:00 2001
From: pkazimierowski <pkazimierowski@man.poznan.pl>
Date: Wed, 9 Apr 2025 15:22:12 +0200
Subject: [PATCH 09/11] removed redundant test

---
 .../portal/service/impl/OidcUserServiceImplTest.java | 12 ------------
 1 file changed, 12 deletions(-)

diff --git a/src/test/java/net/geant/nmaas/portal/service/impl/OidcUserServiceImplTest.java b/src/test/java/net/geant/nmaas/portal/service/impl/OidcUserServiceImplTest.java
index 959c22530..44860c31d 100644
--- a/src/test/java/net/geant/nmaas/portal/service/impl/OidcUserServiceImplTest.java
+++ b/src/test/java/net/geant/nmaas/portal/service/impl/OidcUserServiceImplTest.java
@@ -75,18 +75,6 @@ class OidcUserServiceImplTest {
         assertEquals(existingUser, result);
     }
 
-    @Test
-    void shouldThrowExceptionWhenPreferredUsernameDoesNotMatchEmail() {
-        //given
-        User existingUser = new User("testuser");
-        existingUser.setEmail("diffrent@example.com");
-        //when
-        when(userService.existsBySamlToken("test-sub")).thenReturn(false);
-        when(userService.existsBySamlToken("testuser")).thenReturn(true);
-        when(userService.findBySamlToken("testuser")).thenReturn(Optional.of(existingUser));
-        //then
-        assertThrows(ExternalUserMatchException.class, () -> oidcUserService.checkUser(oidcUser));
-    }
 
 
 }
\ No newline at end of file
-- 
GitLab


From cee6490a2fa341a646d7437f6a319b17bdd9831c Mon Sep 17 00:00:00 2001
From: Lukasz Lopatowski <llopat@man.poznan.pl>
Date: Wed, 9 Apr 2025 21:31:08 +0200
Subject: [PATCH 10/11] Updated version to 1.7.1 and added initial changelog

---
 build.gradle                                        | 10 +++++-----
 .../nmaas/portal/api/auth/OIDCAuthController.java   |  2 +-
 .../geant/nmaas/portal/service/OidcUserService.java |  2 +-
 .../portal/service/impl/OidcUserServiceImpl.java    | 13 +++----------
 src/main/resources/changelog.json                   | 11 +++++++++++
 .../portal/api/auth/OIDCAuthControllerTest.java     |  4 ++--
 6 files changed, 23 insertions(+), 19 deletions(-)

diff --git a/build.gradle b/build.gradle
index a3f6c9574..e4d4daa9f 100644
--- a/build.gradle
+++ b/build.gradle
@@ -13,7 +13,7 @@ repositories {
     mavenCentral()
 }
 
-version = '1.7.0'
+version = '1.7.1'
 group = 'net.geant.nmaas'
 
 java {
@@ -34,7 +34,7 @@ protobuf {
     }
     plugins {
         grpc {
-            artifact = 'io.grpc:protoc-gen-grpc-java:1.69.1'
+            artifact = 'io.grpc:protoc-gen-grpc-java:1.71.0'
         }
     }
     generateProtoTasks {
@@ -133,9 +133,9 @@ dependencies {
     implementation('io.fabric8:kubernetes-client:6.13.5')
 
     implementation('com.google.protobuf:protobuf-java:4.29.3')
-    implementation('io.grpc:grpc-netty-shaded:1.69.1')
-    implementation('io.grpc:grpc-protobuf:1.69.1')
-    implementation('io.grpc:grpc-stub:1.69.1')
+    implementation('io.grpc:grpc-netty-shaded:1.71.0')
+    implementation('io.grpc:grpc-protobuf:1.71.0')
+    implementation('io.grpc:grpc-stub:1.71.0')
 
     implementation('com.opencsv:opencsv:5.9')
 
diff --git a/src/main/java/net/geant/nmaas/portal/api/auth/OIDCAuthController.java b/src/main/java/net/geant/nmaas/portal/api/auth/OIDCAuthController.java
index 60775d661..df0071568 100644
--- a/src/main/java/net/geant/nmaas/portal/api/auth/OIDCAuthController.java
+++ b/src/main/java/net/geant/nmaas/portal/api/auth/OIDCAuthController.java
@@ -101,7 +101,7 @@ public class OIDCAuthController {
 
     @GetMapping("/api/oidc/success")
     public RedirectView oidcLoginSuccess(@AuthenticationPrincipal OidcUser oidcUser, HttpServletRequest request) {
-        if (oidcUserService.externalUserRequiredLinking(oidcUser)) {
+        if (oidcUserService.externalUserRequiresLinking(oidcUser)) {
             String linkingRedirectUrl = portalAddress
                     + "/login-linking?oidc_token="
                     + oidcUser.getIdToken().getTokenValue();
diff --git a/src/main/java/net/geant/nmaas/portal/service/OidcUserService.java b/src/main/java/net/geant/nmaas/portal/service/OidcUserService.java
index 2ec194196..c5829ede4 100644
--- a/src/main/java/net/geant/nmaas/portal/service/OidcUserService.java
+++ b/src/main/java/net/geant/nmaas/portal/service/OidcUserService.java
@@ -12,7 +12,7 @@ public interface OidcUserService {
 
     User registerNewUser(OidcUser oidcUser);
 
-    boolean externalUserRequiredLinking(OidcUser oidcUser);
+    boolean externalUserRequiresLinking(OidcUser oidcUser);
 
     User linkUser(String email, String samlToken, String firstName, String lastName);
 
diff --git a/src/main/java/net/geant/nmaas/portal/service/impl/OidcUserServiceImpl.java b/src/main/java/net/geant/nmaas/portal/service/impl/OidcUserServiceImpl.java
index 562b3452e..85b513fec 100644
--- a/src/main/java/net/geant/nmaas/portal/service/impl/OidcUserServiceImpl.java
+++ b/src/main/java/net/geant/nmaas/portal/service/impl/OidcUserServiceImpl.java
@@ -4,8 +4,6 @@ import lombok.RequiredArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
 import net.geant.nmaas.portal.api.exception.MissingElementException;
 import net.geant.nmaas.portal.api.exception.SignupException;
-import net.geant.nmaas.portal.api.exception.ExternalUserCanNotBeLinked;
-import net.geant.nmaas.portal.api.exception.ExternalUserMatchException;
 import net.geant.nmaas.portal.exceptions.ObjectAlreadyExistsException;
 import net.geant.nmaas.portal.persistent.entity.Domain;
 import net.geant.nmaas.portal.persistent.entity.Role;
@@ -21,7 +19,6 @@ import org.springframework.stereotype.Service;
 
 import java.security.SecureRandom;
 import java.util.Base64;
-import java.util.Map;
 
 @Service
 @RequiredArgsConstructor
@@ -29,17 +26,13 @@ import java.util.Map;
 public class OidcUserServiceImpl implements OidcUserService {
 
     private final UserService userService;
-
     private final DomainService domains;
-
     private final UserRepository userRepository;
-
     private final ConfigurationManager configurationManager;
 
     @Value("${oidc.allowedLinkingUsersByEmail:false}")
     private boolean allowedLinkingUsersByEmail;
 
-
     @Override
     public User checkUser(OidcUser oidcUser) {
 
@@ -55,14 +48,14 @@ public class OidcUserServiceImpl implements OidcUserService {
                     .findBySamlToken(oidcUserSub)
                     .orElseThrow();
         }
-        if(userService.existsByEmail(oidcUserEmail)) {
+        if (userService.existsByEmail(oidcUserEmail)) {
             User user = userService.findByEmail(oidcUserEmail);
             if (user.getSamlToken().equals(oidcUserEmail)
                     || user.getSamlToken().equals(oidcUserPreferredUsername)) {
                 user.setSamlToken(oidcUserSub);
                 userService.update(user);
                 return user;
-                }
+            }
         }
         return registerNewUser(oidcUser);
 
@@ -103,7 +96,7 @@ public class OidcUserServiceImpl implements OidcUserService {
     }
 
     @Override
-    public boolean externalUserRequiredLinking(OidcUser oidcUser) {
+    public boolean externalUserRequiresLinking(OidcUser oidcUser) {
 
         String oidcUserEmail = oidcUser.getAttribute("email");
 
diff --git a/src/main/resources/changelog.json b/src/main/resources/changelog.json
index 8c1c9229d..388478d4f 100644
--- a/src/main/resources/changelog.json
+++ b/src/main/resources/changelog.json
@@ -1,5 +1,16 @@
 {
   "versions" : [
+    {
+      "verNo" : "1.7.1",
+      "date" : "(2025/04/10)",
+      "topic" : [
+        {
+          "title" : "Authentication and user access improvements",
+          "tags" : "[Enhancement]",
+          "description" : "JWT size reduction and account linking mechanism"
+        }
+      ]
+    },
     {
       "verNo" : "1.7.0",
       "date" : "(2025/04/02)",
diff --git a/src/test/java/net/geant/nmaas/portal/api/auth/OIDCAuthControllerTest.java b/src/test/java/net/geant/nmaas/portal/api/auth/OIDCAuthControllerTest.java
index 90b0cdce3..8398cba5c 100644
--- a/src/test/java/net/geant/nmaas/portal/api/auth/OIDCAuthControllerTest.java
+++ b/src/test/java/net/geant/nmaas/portal/api/auth/OIDCAuthControllerTest.java
@@ -114,7 +114,7 @@ class OIDCAuthControllerTest {
         when(idToken.getTokenValue()).thenReturn("oidc-token");
         when(oidcUser.getIdToken()).thenReturn(idToken);
 
-        when(oidcUserService.externalUserRequiredLinking(any())).thenReturn(false);
+        when(oidcUserService.externalUserRequiresLinking(any())).thenReturn(false);
 
         Constructor<User> userConstructor = User.class.getDeclaredConstructor();
         userConstructor.setAccessible(true);
@@ -147,7 +147,7 @@ class OIDCAuthControllerTest {
         when(idToken.getTokenValue()).thenReturn("oidc-token");
         when(oidcUser.getIdToken()).thenReturn(idToken);
 
-        when(oidcUserService.externalUserRequiredLinking(any())).thenReturn(true);
+        when(oidcUserService.externalUserRequiresLinking(any())).thenReturn(true);
 
         // when
         RedirectView result = oidcAuthController.oidcLoginSuccess(oidcUser, request);
-- 
GitLab


From 0630a212c97dd6a9fa9cd6068c6dfa453aea367b Mon Sep 17 00:00:00 2001
From: Lukasz Lopatowski <llopat@man.poznan.pl>
Date: Thu, 10 Apr 2025 13:05:54 +0200
Subject: [PATCH 11/11] Fixed changelog and pumped boot version

---
 build.gradle                      | 2 +-
 src/main/resources/changelog.json | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/build.gradle b/build.gradle
index e4d4daa9f..ef1ef35b3 100644
--- a/build.gradle
+++ b/build.gradle
@@ -2,7 +2,7 @@ plugins {
     id 'java'
     id 'idea'
     id 'jacoco'
-    id 'org.springframework.boot' version '3.4.3'
+    id 'org.springframework.boot' version '3.4.4'
     id 'io.spring.dependency-management' version '1.1.7'
     id 'com.gorylenko.gradle-git-properties' version '2.4.2'
     id 'org.sonarqube' version '6.0.1.5171'
diff --git a/src/main/resources/changelog.json b/src/main/resources/changelog.json
index 388478d4f..ed50a597c 100644
--- a/src/main/resources/changelog.json
+++ b/src/main/resources/changelog.json
@@ -17,7 +17,7 @@
       "topic" : [
         {
           "title" : "Integration with OIDC-compliant IdP",
-          "tags" : "[New feature]",
+          "tags" : "[New Feature]",
           "description" : "Moved away from the custom SAML-based IdP integration in favor of adding OIDC support"
         },
         {
-- 
GitLab