diff options
15 files changed, 131 insertions, 19 deletions
diff --git a/deliveries/Dockerfile.be b/deliveries/Dockerfile.be index afc39816..21bb1a2c 100644 --- a/deliveries/Dockerfile.be +++ b/deliveries/Dockerfile.be @@ -39,7 +39,9 @@ RUN cd ${PORTALCONTEXT} && unzip -q *.war && rm *.war VOLUME ${TOMCATHOME}/logs +# Switch to unprivileged user RUN addgroup -g 1000 -S portal && adduser -u 1000 -S portal -G portal && chown -R portal:portal . && chmod -R 777 /etc/ssl/certs/java /var/ +USER portal # Switch back to root WORKDIR / diff --git a/deliveries/Dockerfile.portal b/deliveries/Dockerfile.portal index f12a3e30..cce3ed09 100644 --- a/deliveries/Dockerfile.portal +++ b/deliveries/Dockerfile.portal @@ -41,6 +41,10 @@ COPY ${FE_DIR} ${PORTALCONTEXT}/public VOLUME ${TOMCATHOME}/logs +# Switch to unprivileged user +RUN addgroup -g 1000 -S portal && adduser -u 1000 -S portal -G portal +USER portal + # Switch back to root WORKDIR / diff --git a/deliveries/Dockerfile.sdk b/deliveries/Dockerfile.sdk index 5f96aaad..4757d8a4 100644 --- a/deliveries/Dockerfile.sdk +++ b/deliveries/Dockerfile.sdk @@ -38,6 +38,10 @@ RUN cd ${SDKCONTEXT} && unzip -q *.war && rm *.war VOLUME ${TOMCATHOME}/logs +# Switch to unprivileged user +RUN addgroup -g 1000 -S portal && adduser -u 1000 -S portal -G portal +USER portal + # Switch back to root WORKDIR / diff --git a/deliveries/Dockerfile.widgetms b/deliveries/Dockerfile.widgetms index 82a2e4c6..8f4b1072 100644 --- a/deliveries/Dockerfile.widgetms +++ b/deliveries/Dockerfile.widgetms @@ -14,7 +14,9 @@ RUN sh -c 'touch /app.jar' # Launch script COPY start-wms.sh / +# Switch to unprivileged user RUN addgroup -g 1000 -S portal && adduser -u 1000 -S portal -G portal && mkdir logs / && chown -R portal:portal /start-wms.sh /tmp /etc/ssl/certs/java /logs && chmod -R 755 /start-wms.sh /etc/ssl/certs/java /logs /tmp +USER portal # Define default command CMD /start-wms.sh diff --git a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/UserRolesController.java b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/UserRolesController.java index 852e2bb8..aa180b0e 100644 --- a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/UserRolesController.java +++ b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/UserRolesController.java @@ -2,7 +2,7 @@ * ============LICENSE_START========================================== * ONAP Portal * =================================================================== - * Copyright (C) 2019 AT&T Intellectual Property. All rights reserved. + * Copyright (C) 2020 AT&T Intellectual Property. All rights reserved. * =================================================================== * * Unless otherwise specified, all software contained herein is licensed @@ -46,6 +46,7 @@ import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import org.apache.cxf.transport.http.HTTPException; import org.onap.portalapp.controller.EPRestrictedBaseController; +import org.onap.portalapp.portal.domain.EPApp; import org.onap.portalapp.portal.domain.EPRole; import org.onap.portalapp.portal.domain.EPUser; import org.onap.portalapp.portal.domain.EPUserAppCatalogRoles; @@ -58,6 +59,7 @@ import org.onap.portalapp.portal.logging.aop.EPEELFLoggerAdvice; import org.onap.portalapp.portal.logging.logic.EPLogUtil; import org.onap.portalapp.portal.service.AdminRolesService; import org.onap.portalapp.portal.service.ApplicationsRestClientService; +import org.onap.portalapp.portal.service.EPAppService; import org.onap.portalapp.portal.service.SearchService; import org.onap.portalapp.portal.service.UserRolesService; import org.onap.portalapp.portal.transport.AppNameIdIsAdmin; @@ -75,6 +77,7 @@ import org.onap.portalsdk.core.domain.AuditLog; import org.onap.portalsdk.core.logging.logic.EELFLoggerDelegate; import org.onap.portalsdk.core.restful.domain.EcompRole; import org.onap.portalsdk.core.service.AuditService; +import org.onap.portalsdk.core.service.DataAccessService; import org.onap.portalsdk.core.util.SystemProperties; import org.slf4j.MDC; import org.springframework.beans.factory.annotation.Autowired; @@ -103,6 +106,8 @@ public class UserRolesController extends EPRestrictedBaseController { private ApplicationsRestClientService applicationsRestClientService; @Autowired private AuditService auditService; + @Autowired + private DataAccessService dataAccessService; private static final String FAILURE = "failure"; @@ -288,6 +293,18 @@ public class UserRolesController extends EPRestrictedBaseController { EcompPortalUtils.setBadPermissions(user, response, "getAppRolesForUser"); feErrorString = EcompPortalUtils.getFEErrorString(true, response.getStatus()); } else { + try { + if(orgUserId!=null) { + EPUser localUser = getUserInfo(orgUserId,applicationsRestClientService); + if(localUser !=null) { + if(localUser.isSystemUser()) { + isSystemUser = true; + } + } + } + } catch (Exception e) { + logger.error(EELFLoggerDelegate.errorLogger, "isSystemUser update failed", e); + } if ((!isSystemUser && EcompPortalUtils.legitimateUserId(orgUserId)) || isSystemUser) { result = userRolesService.getAppRolesForUser(appid, orgUserId, extRequestValue, user); logger.debug(EELFLoggerDelegate.debugLogger, "getAppRolesForUser: result {}, appId {}", result, appid); @@ -572,4 +589,23 @@ public class UserRolesController extends EPRestrictedBaseController { } return isSuperAdmin; } + + /** + * + * @param userId + * @param app + * @param applicationsRestClientService + * @return EPUser + * @throws HTTPException + */ + protected EPUser getUserInfo(String userId, ApplicationsRestClientService applicationsRestClientService) + throws HTTPException { + @SuppressWarnings("unchecked") + List<EPUser> userList = (List<EPUser>) dataAccessService + .executeQuery("from EPUser where orgUserId='" + userId + "'", null); + if (userList != null && !userList.isEmpty()) + return userList.get(0); + else + return null; + } } diff --git a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/service/UserRolesCommonServiceImpl.java b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/service/UserRolesCommonServiceImpl.java index ab688820..e5ce2068 100644 --- a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/service/UserRolesCommonServiceImpl.java +++ b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/service/UserRolesCommonServiceImpl.java @@ -2,7 +2,7 @@ * ============LICENSE_START========================================== * ONAP Portal * =================================================================== - * Copyright (C) 2019 AT&T Intellectual Property. All rights reserved. + * Copyright (C) 2020 AT&T Intellectual Property. All rights reserved. * =================================================================== * * Unless otherwise specified, all software contained herein is licensed @@ -1192,7 +1192,7 @@ public class UserRolesCommonServiceImpl { * @param roleInAppUser Contains list of active roles */ @SuppressWarnings("unchecked") - private void updateUserRolesInExternalSystem(EPApp app, String orgUserId, List<RoleInAppForUser> roleInAppUser, boolean isPortalRequest,boolean isSystemUser,Set<EcompRole> deletedRolesByApprover,boolean isLoggedInUserRoleAdminofApp) throws Exception + private void updateUserRolesInExternalSystem(EPApp app, String orgUserId, List<RoleInAppForUser> roleInAppUser, boolean isPortalRequest,boolean nonHumanUserId,Set<EcompRole> deletedRolesByApprover,boolean isLoggedInUserRoleAdminofApp) throws Exception { try { // check if user exists @@ -1200,15 +1200,23 @@ public class UserRolesCommonServiceImpl { userParams.put("orgUserIdValue", orgUserId); List<EPUser> userInfo = checkIfUserExists(userParams); if (userInfo.isEmpty()) { - createLocalUserIfNecessary(orgUserId, isSystemUser); + createLocalUserIfNecessary(orgUserId, nonHumanUserId); } String name = ""; if (EPCommonSystemProperties - .containsProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_USER_DOMAIN) && !isSystemUser) { - name = orgUserId - + SystemProperties.getProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_USER_DOMAIN); + .containsProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_USER_DOMAIN) && !nonHumanUserId) { + if(orgUserId.indexOf("@") ==-1) { + name = orgUserId + SystemProperties.getProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_USER_DOMAIN); + }else { + name = orgUserId; + } } else { name = orgUserId; + if(nonHumanUserId && orgUserId!=null) { + if(orgUserId.indexOf("@") ==-1) { + name = orgUserId + SystemProperties.getProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_USER_DOMAIN); + } + } } ObjectMapper mapper = new ObjectMapper(); HttpHeaders headers = EcompPortalUtils.base64encodeKeyForAAFBasicAuth(); @@ -23,7 +23,6 @@ <module>ecomp-portal-BE-os</module> <module>portal-FE-os</module> <module>ecomp-portal-widget-ms</module> - <module>portal-BE</module> </modules> <properties> diff --git a/portal-FE-common/src/app/layout/components/userbar/userbar.component.html b/portal-FE-common/src/app/layout/components/userbar/userbar.component.html index 0ff5a554..898a8fb4 100644 --- a/portal-FE-common/src/app/layout/components/userbar/userbar.component.html +++ b/portal-FE-common/src/app/layout/components/userbar/userbar.component.html @@ -45,7 +45,10 @@ <nav [ngStyle]="{'right': isOpen ? '18px' : '-75px' }" class="usb-item usb-item-vertical usb-item-right" id="usb-item-s2"> <h3>Online Users</h3> <div *ngFor="let user of userList" style="font-size: 10px;"> - <a [href]="user.linkQ"><img class="activeUserIcon" [src]="user.linkPic" alt="User Link"></a> + <a [href]="user.linkQ" *ngIf="(user.linkPicURL !='')"> + <img class="activeUserIcon" [src]="user.linkPic" alt="User Link"> + </a> + <a [href]="user.linkQ"><i *ngIf="(user.linkPicURL == '')" class="activeUserIcon default-user-icon icon ion-md-person"></i></a> <div class="userId-txt">{{user.userId}}</div> </div> </nav>
\ No newline at end of file diff --git a/portal-FE-common/src/app/layout/components/userbar/userbar.component.scss b/portal-FE-common/src/app/layout/components/userbar/userbar.component.scss index 81801104..451adfc7 100644 --- a/portal-FE-common/src/app/layout/components/userbar/userbar.component.scss +++ b/portal-FE-common/src/app/layout/components/userbar/userbar.component.scss @@ -112,3 +112,9 @@ button { width: 55px; border-radius: 50%; } + +.default-user-icon{ + font-size: 45px; + display: block; + color: black; +}
\ No newline at end of file diff --git a/portal-FE-common/src/app/layout/components/userbar/userbar.component.ts b/portal-FE-common/src/app/layout/components/userbar/userbar.component.ts index 661317bf..2136abb2 100644 --- a/portal-FE-common/src/app/layout/components/userbar/userbar.component.ts +++ b/portal-FE-common/src/app/layout/components/userbar/userbar.component.ts @@ -88,8 +88,9 @@ export class UserbarComponent implements OnInit { for (var i = 0; i < maxItems; i++) { var data = { userId: _res[i], - linkQ: this.api.linkQ, - linkPic: this.api.linkPic + linkQ: this.sanitizer.bypassSecurityTrustResourceUrl(this.api.linkQ + _res[i]), + linkPic: this.api.linkPic + _res[i], + linkPicURL:this.api.linkPic } this.userList.push(data); } diff --git a/portal-FE-common/src/app/pages/dashboard-application-catalog/dashboard-application-catalog.component.ts b/portal-FE-common/src/app/pages/dashboard-application-catalog/dashboard-application-catalog.component.ts index baaa4c49..be4c09e2 100644 --- a/portal-FE-common/src/app/pages/dashboard-application-catalog/dashboard-application-catalog.component.ts +++ b/portal-FE-common/src/app/pages/dashboard-application-catalog/dashboard-application-catalog.component.ts @@ -119,12 +119,16 @@ export class DashboardApplicationCatalogComponent implements OnInit { } else { resJson.index = 3; - } - - this.selectedSortType = this.sortOptions[resJson.index]; + } + this.selectedSortType = this.sortOptions[resJson.index]; //console.log(this.selectedSortType); - this.getAppCatalogService(data); + this.getAppCatalogService(data); } + else { + this.sortTypeChanged('N'); + } + + }, error => { console.log('getUserAppsSortTypePreference Error Object' + error.message); }); @@ -152,6 +156,12 @@ export class DashboardApplicationCatalogComponent implements OnInit { getAppCatalogService(userAppSortTypePref: string) { //console.log("getAppCatalogServices called"); + if(!userAppSortTypePref) + { + userAppSortTypePref = "N"; + this.selectedSortType = this.sortOptions[0]; + //console.log("userAppSortTypePref"+userAppSortTypePref); + } this.applicationCatalogService.getAppsOrderBySortPref(userAppSortTypePref).subscribe(data => { //console.log("Response data" + data); this.appCatalogData = data; diff --git a/portal-FE-common/src/app/pages/users/users.component.ts b/portal-FE-common/src/app/pages/users/users.component.ts index 23538b5f..935be921 100644 --- a/portal-FE-common/src/app/pages/users/users.component.ts +++ b/portal-FE-common/src/app/pages/users/users.component.ts @@ -2,7 +2,7 @@ * ============LICENSE_START========================================== * ONAP Portal * =================================================================== - * Copyright (C) 2019 AT&T Intellectual Property. All rights reserved. + * Copyright (C) 2020 AT&T Intellectual Property. All rights reserved. * =================================================================== * * Unless otherwise specified, all software contained herein is licensed @@ -93,7 +93,19 @@ export class UsersComponent implements OnInit { openExistingUserModal(userData: any) { const modalRef = this.ngbModal.open(NewUserModalComponent); - modalRef.componentInstance.userTitle = `${userData.firstName}, ${userData.lastName} ` + '(' + `${userData.orgUserId}` + ')'; + let firstName = ''; + let lastName = ''; + let orgUserId = ''; + if(userData && userData.firstName && userData.firstName!=null){ + firstName = userData.firstName; + } + if(userData && userData.lastName && userData.lastName!=null){ + lastName = ',' + userData.lastName; + } + if(userData && userData.orgUserId && userData.orgUserId!=null){ + orgUserId = ' (' +userData.orgUserId + ')'; + } + modalRef.componentInstance.userTitle = `${firstName} ${lastName} ${orgUserId}` ; modalRef.componentInstance.dialogState = 2; modalRef.componentInstance.userModalData = userData; modalRef.componentInstance.disableBack = true; diff --git a/portal-FE-os/src/app/pages/users/new-user-modal/new-user-modal.component.ts b/portal-FE-os/src/app/pages/users/new-user-modal/new-user-modal.component.ts index 76c14f17..e5133a92 100644 --- a/portal-FE-os/src/app/pages/users/new-user-modal/new-user-modal.component.ts +++ b/portal-FE-os/src/app/pages/users/new-user-modal/new-user-modal.component.ts @@ -122,7 +122,7 @@ export class NewUserModalComponent implements OnInit { searchUserRadioChange($event: MatRadioChange) { if ($event.value === 'System') { this.searchTitleText = 'Enter System UserID'; - this.placeholderText = 'xxxxxx@org.com'; + this.placeholderText = 'xxxxxx or xxxxxx@org.com'; this.isSystemUserCheck = true; } else { this.searchTitleText = 'Enter First Name, Last Name or ATTUID'; diff --git a/portal-FE-os/src/app/shared/interceptors/header-interceptor.ts b/portal-FE-os/src/app/shared/interceptors/header-interceptor.ts index bb76e14b..10a3f95b 100644 --- a/portal-FE-os/src/app/shared/interceptors/header-interceptor.ts +++ b/portal-FE-os/src/app/shared/interceptors/header-interceptor.ts @@ -46,17 +46,22 @@ import { import { Observable } from 'rxjs'; import { v4 as uuid } from 'uuid'; import { Injectable } from '@angular/core'; -declare const getWebJunctionXSRFToken: any; +declare const getXSRFToken: any; @Injectable() export class HeaderInterceptor implements HttpInterceptor { intercept(req: HttpRequest<any>, next: HttpHandler): Observable<HttpEvent<any>> { // Clone the request to add the new header // HttpHeader object immutable - copy values + var XSRFToken = getXSRFToken(); const headerSettings: { [name: string]: string | string[]; } = {}; headerSettings['X-ECOMP-RequestID'] = uuid(); const requestType = req.params.get('requestType'); + + if (XSRFToken && XSRFToken.name && XSRFToken.value) + headerSettings['X-XSRF-TOKEN'] = XSRFToken.value; + if(requestType!=null && requestType==='fileUpload'){ //headerSettings['Content-Type'] = 'multipart/form-data'; }else if(requestType!=null && requestType==='downloadWidgetFile'){ diff --git a/portal-FE-os/src/app/shared/utils/utils.js b/portal-FE-os/src/app/shared/utils/utils.js index 3c99f4ac..95d4c686 100644 --- a/portal-FE-os/src/app/shared/utils/utils.js +++ b/portal-FE-os/src/app/shared/utils/utils.js @@ -1,3 +1,23 @@ +function getXSRFToken() { + var cookies = getCookies(); + var XSRFToken = { + name:'', + value:'' + }; + //var contextRoot = getContextRoot(); + var hasXSRFToken = false; + for(var name in cookies) { + if(name == "XSRF-TOKEN") { + XSRFToken.name = name; + XSRFToken.value = cookies[name]; + hasXSRFToken = true; + } + } + + return (hasXSRFToken==false)?null:XSRFToken; +} + + function getCookies() { var cookies = { }; if (document.cookie && document.cookie != '') { |