Adding User Auth and permission aaf services

Issue-ID: PORTAL-334 Change-Id: I2826f2a06f7d818d918ae5f45b500a8da78cec42 Signed-off-by: Kishore Reddy, Gujja (kg811t) <kg811t@research.att.com>
author: Kishore Reddy, Gujja (kg811t) <kg811t@research.att.com> 2018-07-09 13:41:00 -0400
committer: Kishore Reddy, Gujja (kg811t) <kg811t@research.att.com> 2018-07-11 13:20:28 -0400
commit: a96a3e49cd472aa902c22143358b87562603d47c (patch)
tree: 7e97578788de44f6704252cf982af09adcc05e8d /ecomp-sdk/epsdk-aaf
parent: 9ac542482e4710e5566d147ca7a7a42500628ba2 (diff)
6 files changed, 291 insertions, 126 deletions
diff --git a/ecomp-sdk/epsdk-aaf/src/main/java/org/onap/portalsdk/external/authorization/service/UserApiService.java b/ecomp-sdk/epsdk-aaf/src/main/java/org/onap/portalsdk/external/authorization/service/UserApiService.java
index 14aeaf5e..3d112268 100644
--- a/ecomp-sdk/epsdk-aaf/src/main/java/org/onap/portalsdk/external/authorization/service/UserApiService.java
+++ b/ecomp-sdk/epsdk-aaf/src/main/java/org/onap/portalsdk/external/authorization/service/UserApiService.java
@@ -43,7 +43,9 @@ import javax.servlet.http.HttpServletRequest;
 
 import org.onap.portalsdk.core.domain.RoleFunction;
 import org.onap.portalsdk.core.domain.User;
+import org.onap.portalsdk.external.authorization.domain.ExternalAccessPerms;
 import org.onap.portalsdk.external.authorization.exception.UserNotFoundException;
+import org.springframework.http.ResponseEntity;
 
 public interface UserApiService {
 	
@@ -63,4 +65,23 @@ public interface UserApiService {
 	 */
 	List<RoleFunction> getRoleFunctions(String orgUserId) throws Exception;
 	
+	/**
+	 *  Check if user exist in external auth system
+	 *  
+	 * @param username
+	 * @param password
+	 * @return Response<String>
+	 * @throws Exception
+	 */
+	ResponseEntity<String> checkUserExists(String username, String password) throws Exception;
+	
+	/**
+	 * Get if user has any perms
+	 * 
+	 * @param username
+	 * @param password
+	 * @return List<ExternalAccessPerms>
+	 * @throws Exception
+	 */
+	List<ExternalAccessPerms> getIfUserPermsExists(String username) throws Exception;
 }
diff --git a/ecomp-sdk/epsdk-aaf/src/main/java/org/onap/portalsdk/external/authorization/service/UserApiServiceImpl.java b/ecomp-sdk/epsdk-aaf/src/main/java/org/onap/portalsdk/external/authorization/service/UserApiServiceImpl.java
index fb320c17..bfe9808b 100644
--- a/ecomp-sdk/epsdk-aaf/src/main/java/org/onap/portalsdk/external/authorization/service/UserApiServiceImpl.java
+++ b/ecomp-sdk/epsdk-aaf/src/main/java/org/onap/portalsdk/external/authorization/service/UserApiServiceImpl.java
@@ -37,6 +37,7 @@
  */
 package org.onap.portalsdk.external.authorization.service;
 
+import java.io.IOException;
 import java.util.ArrayList;
 import java.util.List;
 import java.util.Set;
@@ -73,15 +74,23 @@ import org.springframework.http.ResponseEntity;
 import org.springframework.stereotype.Service;
 import org.springframework.web.client.RestTemplate;
 
+import com.fasterxml.jackson.core.JsonParseException;
+import com.fasterxml.jackson.databind.JsonMappingException;
 import com.fasterxml.jackson.databind.ObjectMapper;
 import com.fasterxml.jackson.databind.type.TypeFactory;
 
 @Service("userApiService")
 public class UserApiServiceImpl implements UserApiService {
 
-	private static final String AAF_GET_USER_ROLES_ENDPOINT = "roles/user/";
+	private static final String PASSCODE = "password";
 
-	private static final String AAF_GET_USER_PERMS_ENDPOINT = "perms/user/";
+	private static final String ID = "id";
+
+	private static final String EXTERNAL_AUTH_GET_USER_ROLES_ENDPOINT = "authz/roles/user/";
+
+	private static final String EXTERNAL_AUTH_GET_USER_PERMS_ENDPOINT = "authz/perms/user/";
+
+	private static final String EXTERNAL_AUTH_POST_CREDENTIALS_ENDPOINT = "authn/validate";
 
 	private static final EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(UserApiServiceImpl.class);
 
@@ -103,62 +112,29 @@ public class UserApiServiceImpl implements UserApiService {
 	private AppService appService;
 
 	@Override
-	public User getUser(String orgUserId, HttpServletRequest request)
-			throws UserNotFoundException {
+	public User getUser(String orgUserId, HttpServletRequest request) throws UserNotFoundException {
 		User user = null;
 		try {
-			String namespace = EcompExternalAuthProperties.getProperty(EcompExternalAuthProperties.EXTERNAL_AUTH_NAMESPACE);
-			HttpHeaders headers = EcompExternalAuthUtils.base64encodeKeyForAAFBasicAuth();
+			String namespace = EcompExternalAuthProperties
+					.getProperty(EcompExternalAuthProperties.EXTERNAL_AUTH_NAMESPACE);
+			HttpHeaders headers = getBasicAuthHeaders();
 			HttpEntity<String> entity = new HttpEntity<>(headers);
-			logger.debug(EELFLoggerDelegate.debugLogger, "getUserRoles: Connecting to external system for user {}",
+			logger.debug(EELFLoggerDelegate.debugLogger, "getUserRoles: Connecting to external auth system for user {}",
 					orgUserId);
-			String endPoint = AAF_GET_USER_ROLES_ENDPOINT + orgUserId
+			String endPoint = EXTERNAL_AUTH_GET_USER_ROLES_ENDPOINT + orgUserId
 					+ EcompExternalAuthProperties.getProperty(EcompExternalAuthProperties.EXTERNAL_AUTH_USER_DOMAIN);
 			ResponseEntity<String> getResponse = template.exchange(
-					EcompExternalAuthProperties.getProperty(EcompExternalAuthProperties.EXTERNAL_AUTH_URL) + endPoint, HttpMethod.GET, entity,
-					String.class);
+					EcompExternalAuthProperties.getProperty(EcompExternalAuthProperties.EXTERNAL_AUTH_URL) + endPoint,
+					HttpMethod.GET, entity, String.class);
 			if (getResponse.getStatusCode().value() == 200) {
 				logger.debug(EELFLoggerDelegate.debugLogger,
-						"getUserRoles: Finished GET unp ser roles from external system and body: {}",
+						"getUserRoles: Finished GET unp ser roles from external auth system and body: {}",
 						getResponse.getBody());
 			}
 			String userRoles = getResponse.getBody();
-			JSONObject userJsonObj = null;
-			JSONArray userJsonArray = null;
 			ObjectMapper mapper = new ObjectMapper();
-			List<ExternalAccessUserRoleDetail> userRoleDetailList = new ArrayList<>();
-			if (!userRoles.equals(EcompExternalAuthUtils.EXT_EMPTY_JSON_STRING)) {
-				userJsonObj = new JSONObject(userRoles);
-				userJsonArray = userJsonObj.getJSONArray(EcompExternalAuthUtils.EXT_ROLE_FIELD);
-				ExternalAccessUserRoleDetail userRoleDetail = null;
-				for (int i = 0; i < userJsonArray.length(); i++) {
-					JSONObject role = userJsonArray.getJSONObject(i);
-					if (!role.getString(EcompExternalAuthUtils.EXT_ROLE_FIELD_NAME).endsWith(EcompExternalAuthUtils.EXT_ROLE_FIELD_ADMIN)
-							&& !role.getString(EcompExternalAuthUtils.EXT_ROLE_FIELD_NAME)
-									.endsWith(EcompExternalAuthUtils.EXT_ROLE_FIELD_OWNER)
-							&& EcompExternalAuthUtils.checkNameSpaceMatching(role.getString(EcompExternalAuthUtils.EXT_ROLE_FIELD_NAME),
-									namespace)) {
-						ExternalRoleDescription desc = new ExternalRoleDescription();
-						if(role.has(EcompExternalAuthUtils.EXT_FIELD_DESCRIPTION)
-								&& EcompExternalAuthUtils
-										.isJSONValid(role.getString(EcompExternalAuthUtils.EXT_FIELD_DESCRIPTION))) {
-							desc = mapper.readValue(role.getString(EcompExternalAuthUtils.EXT_FIELD_DESCRIPTION),
-									ExternalRoleDescription.class);
-						}
-						if(role.has(EcompExternalAuthUtils.EXT_FIELD_PERMS)) {
-							JSONArray perms = role.getJSONArray(EcompExternalAuthUtils.EXT_FIELD_PERMS);
-							List<ExternalAccessPerms> permsList = mapper.readValue(perms.toString(), TypeFactory
-									.defaultInstance().constructCollectionType(List.class, ExternalAccessPerms.class));
-							desc.setPermissions(permsList);
-						}
-						userRoleDetail = new ExternalAccessUserRoleDetail(
-								role.getString(EcompExternalAuthUtils.EXT_ROLE_FIELD_NAME), desc);
-						userRoleDetailList.add(userRoleDetail);
-					}
-				}
-			} else {
-				throw new UserNotFoundException("User roles not found!");
-			}
+			List<ExternalAccessUserRoleDetail> userRoleDetailList = setExterbalAccessUserRoles(namespace, userRoles,
+					mapper);
 
 			if (userRoleDetailList.isEmpty()) {
 				throw new UserNotFoundException("User roles not found!");
@@ -172,10 +148,48 @@ public class UserApiServiceImpl implements UserApiService {
 
 	}
 
-	@SuppressWarnings({ "rawtypes", "unchecked" })
+	private List<ExternalAccessUserRoleDetail> setExterbalAccessUserRoles(String namespace, String userRoles,
+			ObjectMapper mapper) throws IOException, JsonParseException, JsonMappingException, UserNotFoundException {
+		JSONObject userJsonObj;
+		JSONArray userJsonArray;
+		List<ExternalAccessUserRoleDetail> userRoleDetailList = new ArrayList<>();
+		if (!userRoles.equals(EcompExternalAuthUtils.EXT_EMPTY_JSON_STRING)) {
+			userJsonObj = new JSONObject(userRoles);
+			userJsonArray = userJsonObj.getJSONArray(EcompExternalAuthUtils.EXT_ROLE_FIELD);
+			ExternalAccessUserRoleDetail userRoleDetail = null;
+			for (int i = 0; i < userJsonArray.length(); i++) {
+				JSONObject role = userJsonArray.getJSONObject(i);
+				if (!role.getString(EcompExternalAuthUtils.EXT_ROLE_FIELD_NAME)
+						.endsWith(EcompExternalAuthUtils.EXT_ROLE_FIELD_ADMIN)
+						&& !role.getString(EcompExternalAuthUtils.EXT_ROLE_FIELD_NAME)
+								.endsWith(EcompExternalAuthUtils.EXT_ROLE_FIELD_OWNER)
+						&& EcompExternalAuthUtils.checkNameSpaceMatching(
+								role.getString(EcompExternalAuthUtils.EXT_ROLE_FIELD_NAME), namespace)) {
+					ExternalRoleDescription desc = new ExternalRoleDescription();
+					if (role.has(EcompExternalAuthUtils.EXT_FIELD_DESCRIPTION) && EcompExternalAuthUtils
+							.isJSONValid(role.getString(EcompExternalAuthUtils.EXT_FIELD_DESCRIPTION))) {
+						desc = mapper.readValue(role.getString(EcompExternalAuthUtils.EXT_FIELD_DESCRIPTION),
+								ExternalRoleDescription.class);
+					}
+					if (role.has(EcompExternalAuthUtils.EXT_FIELD_PERMS)) {
+						JSONArray perms = role.getJSONArray(EcompExternalAuthUtils.EXT_FIELD_PERMS);
+						List<ExternalAccessPerms> permsList = mapper.readValue(perms.toString(), TypeFactory
+								.defaultInstance().constructCollectionType(List.class, ExternalAccessPerms.class));
+						desc.setPermissions(permsList);
+					}
+					userRoleDetail = new ExternalAccessUserRoleDetail(
+							role.getString(EcompExternalAuthUtils.EXT_ROLE_FIELD_NAME), desc);
+					userRoleDetailList.add(userRoleDetail);
+				}
+			}
+		} else {
+			throw new UserNotFoundException("User roles not found!");
+		}
+		return userRoleDetailList;
+	}
+
 	private User convertAAFUserRolesToEcompSDKUser(List<ExternalAccessUserRoleDetail> userRoleDetailList,
-			String orgUserId, String namespace, HttpServletRequest request)
-			throws Exception {
+			String orgUserId, String namespace, HttpServletRequest request) throws Exception {
 		User user = loginAAFService.findUserWithoutPwd(orgUserId);
 		PostSearchBean postSearchBean = new PostSearchBean();
 		if (user == null) {
@@ -189,56 +203,7 @@ public class UserApiServiceImpl implements UserApiService {
 		}
 		App app = appService.getApp(1l);
 		try {
-			Set userApps = new TreeSet();
-			for (ExternalAccessUserRoleDetail userRoleDetail : userRoleDetailList) {
-				ExternalRoleDescription roleDesc = userRoleDetail.getDescription();
-				UserApp userApp = new UserApp();
-				Role role = new Role();
-				Set roleFunctions = new TreeSet<>();
-				if (roleDesc != null) {
-					if (roleDesc.getName() == null) {
-						role.setActive(true);
-						role.setName(userRoleDetail.getName().substring(namespace.length() + 1));
-					} else {
-						role.setActive(Boolean.valueOf(roleDesc.getActive()));
-						role.setId(Long.valueOf(roleDesc.getAppRoleId()));
-						role.setName(roleDesc.getName());
-						if (!roleDesc.getPriority().equals(EcompExternalAuthUtils.EXT_NULL_VALUE)) {
-							role.setPriority(Integer.valueOf(roleDesc.getPriority()));
-						}
-					}
-					if (roleDesc.getPermissions() != null) {
-						for (ExternalAccessPerms extPerm : roleDesc.getPermissions()) {
-							RoleFunction roleFunction = new RoleFunction();
-							roleFunction.setCode(extPerm.getInstance());
-							roleFunction.setAction(extPerm.getAction());
-							if (extPerm.getDescription() != null
-									&& EcompExternalAuthUtils.checkNameSpaceMatching(extPerm.getType(), namespace)) {
-								roleFunction.setName(extPerm.getDescription());
-							} else if (extPerm.getDescription() == null
-									&& EcompExternalAuthUtils.checkNameSpaceMatching(extPerm.getType(), namespace)) {
-								roleFunction.setName(extPerm.getType().substring(namespace.length() + 1) + "|"
-										+ extPerm.getInstance() + "|" + extPerm.getAction());
-							} else if (extPerm.getDescription() == null
-									&& !EcompExternalAuthUtils.checkNameSpaceMatching(extPerm.getType(), namespace)) {
-								roleFunction.setName(
-										extPerm.getType() + "|" + extPerm.getInstance() + "|" + extPerm.getAction());
-							}
-							if (EcompExternalAuthUtils.checkNameSpaceMatching(extPerm.getType(), namespace)) {
-								roleFunction.setType(extPerm.getType().substring(namespace.length() + 1));
-							} else {
-								roleFunction.setType(extPerm.getType());
-							}
-							roleFunctions.add(roleFunction);
-						}
-					}
-				}
-				role.setRoleFunctions(roleFunctions);
-				userApp.setApp(app);
-				userApp.setRole(role);
-				userApp.setUserId(user.getId());
-				userApps.add(userApp);
-			}
+			Set userApps = setUserApps(userRoleDetailList, namespace, user, app);
 			user.setUserApps(userApps);
 		} catch (Exception e) {
 			logger.error(EELFLoggerDelegate.errorLogger, "createEPUser: createEPUser failed", e);
@@ -248,24 +213,86 @@ public class UserApiServiceImpl implements UserApiService {
 		return user;
 	}
 
+	@SuppressWarnings({ "rawtypes", "unchecked" })
+	private Set setUserApps(List<ExternalAccessUserRoleDetail> userRoleDetailList, String namespace, User user,
+			App app) {
+		Set userApps = new TreeSet();
+		for (ExternalAccessUserRoleDetail userRoleDetail : userRoleDetailList) {
+			ExternalRoleDescription roleDesc = userRoleDetail.getDescription();
+			UserApp userApp = new UserApp();
+			Role role = new Role();
+			Set roleFunctions = new TreeSet<>();
+			if (roleDesc != null) {
+				if (roleDesc.getName() == null) {
+					role.setActive(true);
+					role.setName(userRoleDetail.getName().substring(namespace.length() + 1));
+				} else {
+					role.setActive(Boolean.valueOf(roleDesc.getActive()));
+					role.setId(Long.valueOf(roleDesc.getAppRoleId()));
+					role.setName(roleDesc.getName());
+					if (!roleDesc.getPriority().equals(EcompExternalAuthUtils.EXT_NULL_VALUE)) {
+						role.setPriority(Integer.valueOf(roleDesc.getPriority()));
+					}
+				}
+				if (roleDesc.getPermissions() != null) {
+					for (ExternalAccessPerms extPerm : roleDesc.getPermissions()) {
+						RoleFunction roleFunction = new RoleFunction();
+						roleFunction.setCode(extPerm.getInstance());
+						roleFunction.setAction(extPerm.getAction());
+						if (extPerm.getDescription() != null
+								&& EcompExternalAuthUtils.checkNameSpaceMatching(extPerm.getType(), namespace)) {
+							roleFunction.setName(extPerm.getDescription());
+						} else if (extPerm.getDescription() == null
+								&& EcompExternalAuthUtils.checkNameSpaceMatching(extPerm.getType(), namespace)) {
+							roleFunction.setName(extPerm.getType().substring(namespace.length() + 1) + "|"
+									+ extPerm.getInstance() + "|" + extPerm.getAction());
+						} else if (extPerm.getDescription() == null
+								&& !EcompExternalAuthUtils.checkNameSpaceMatching(extPerm.getType(), namespace)) {
+							roleFunction.setName(
+									extPerm.getType() + "|" + extPerm.getInstance() + "|" + extPerm.getAction());
+						}
+						if (EcompExternalAuthUtils.checkNameSpaceMatching(extPerm.getType(), namespace)) {
+							roleFunction.setType(extPerm.getType().substring(namespace.length() + 1));
+						} else {
+							roleFunction.setType(extPerm.getType());
+						}
+						roleFunctions.add(roleFunction);
+					}
+				}
+			}
+			role.setRoleFunctions(roleFunctions);
+			userApp.setApp(app);
+			userApp.setRole(role);
+			userApp.setUserId(user.getId());
+			userApps.add(userApp);
+		}
+		return userApps;
+	}
+
 	@Override
 	public List<RoleFunction> getRoleFunctions(String orgUserId) throws Exception {
 		ObjectMapper mapper = new ObjectMapper();
-		HttpHeaders headers = EcompExternalAuthUtils.base64encodeKeyForAAFBasicAuth();
+		HttpHeaders headers = getBasicAuthHeaders();
 		HttpEntity<String> entity = new HttpEntity<>(headers);
-		logger.debug(EELFLoggerDelegate.debugLogger, "getRoleFunctions: Connecting to external system for user {}",
+		logger.debug(EELFLoggerDelegate.debugLogger, "getRoleFunctions: Connecting to external auth system for user {}",
 				orgUserId);
-		String endPoint = AAF_GET_USER_PERMS_ENDPOINT + orgUserId
+		String endPoint = EXTERNAL_AUTH_GET_USER_PERMS_ENDPOINT + orgUserId
 				+ EcompExternalAuthProperties.getProperty(EcompExternalAuthProperties.EXTERNAL_AUTH_USER_DOMAIN);
 		ResponseEntity<String> getResponse = template.exchange(
-				EcompExternalAuthProperties.getProperty(EcompExternalAuthProperties.EXTERNAL_AUTH_URL) + endPoint, HttpMethod.GET, entity,
-				String.class);
+				EcompExternalAuthProperties.getProperty(EcompExternalAuthProperties.EXTERNAL_AUTH_URL) + endPoint,
+				HttpMethod.GET, entity, String.class);
 		if (getResponse.getStatusCode().value() == 200) {
 			logger.debug(EELFLoggerDelegate.debugLogger,
 					"getRoleFunctions: Finished GET user perms from external system and body: {}",
 					getResponse.getBody());
 		}
 		String userPerms = getResponse.getBody();
+		List<ExternalAccessPerms> extPermsList = convertPermsJSONArrayToExternalAccessPerms(mapper, userPerms);
+		return convertToRoleFunctionList(extPermsList);
+	}
+
+	private List<ExternalAccessPerms> convertPermsJSONArrayToExternalAccessPerms(ObjectMapper mapper, String userPerms)
+			throws IOException, JsonParseException, JsonMappingException {
 		JSONObject userPermsJsonObj = null;
 		JSONArray userPermsJsonArray = null;
 		List<ExternalAccessPerms> extPermsList = new ArrayList<>();
@@ -274,13 +301,34 @@ public class UserApiServiceImpl implements UserApiService {
 			userPermsJsonArray = userPermsJsonObj.getJSONArray(EcompExternalAuthUtils.EXT_PERM_FIELD);
 			for (int i = 0; i < userPermsJsonArray.length(); i++) {
 				JSONObject permJsonObj = userPermsJsonArray.getJSONObject(i);
-				if (!permJsonObj.getString(EcompExternalAuthUtils.EXT_PERM_FIELD_TYPE).endsWith(EcompExternalAuthUtils.EXT_PERM_ACCESS)) {
+				if (!permJsonObj.getString(EcompExternalAuthUtils.EXT_PERM_FIELD_TYPE)
+						.endsWith(EcompExternalAuthUtils.EXT_PERM_ACCESS)) {
 					ExternalAccessPerms perm = mapper.readValue(permJsonObj.toString(), ExternalAccessPerms.class);
 					extPermsList.add(perm);
 				}
 			}
 		}
-		return convertToRoleFunctionList(extPermsList);
+		return extPermsList;
+	}
+
+	private ResponseEntity<String> getPermsFromExternalAuthSystem(HttpEntity<String> entity, String endPoint) {
+		ResponseEntity<String> getResponse = template.exchange(
+				EcompExternalAuthProperties.getProperty(EcompExternalAuthProperties.EXTERNAL_AUTH_URL) + endPoint,
+				HttpMethod.GET, entity, String.class);
+		if (getResponse.getStatusCode().value() == 200) {
+			logger.debug(EELFLoggerDelegate.debugLogger,
+					"getPermsFromExternalAuthSystem: Finished GET user perms from external auth system and body: {}",
+					getResponse.getBody());
+		}
+		return getResponse;
+	}
+
+	private HttpHeaders getBasicAuthHeaders() throws Exception {
+		String userName = EcompExternalAuthProperties.getProperty(EcompExternalAuthProperties.EXTERNAL_AUTH_USER_NAME);
+		String encryptedPass = EcompExternalAuthProperties
+				.getProperty(EcompExternalAuthProperties.EXTERNAL_AUTH_PASSWORD);
+		String decryptedPass = EcompExternalAuthUtils.decryptPass(encryptedPass);
+		return EcompExternalAuthUtils.base64encodeKeyForAAFBasicAuth(userName, decryptedPass);
 	}
 
 	private List<RoleFunction> convertToRoleFunctionList(List<ExternalAccessPerms> extPermsList) {
@@ -311,11 +359,55 @@ public class UserApiServiceImpl implements UserApiService {
 		return roleFunctions;
 	}
 
-	private SearchResult loadSearchResultData(PostSearchBean searchCriteria)
-			throws NamingException {
+	private SearchResult loadSearchResultData(PostSearchBean searchCriteria) throws NamingException {
 		return ldapService.searchPost(searchCriteria.getUser(), searchCriteria.getSortBy1(),
 				searchCriteria.getSortBy2(), searchCriteria.getSortBy3(), searchCriteria.getPageNo(),
 				searchCriteria.getNewDataSize(), 1);
 	}
 
+	@Override
+	public ResponseEntity<String> checkUserExists(String username, String password) throws Exception {
+		username = changeIfUserDomainNotAppended(username);
+		HttpHeaders headers = EcompExternalAuthUtils.base64encodeKeyForAAFBasicAuth(username, password);
+		String appUsername = EcompExternalAuthProperties
+				.getProperty(EcompExternalAuthProperties.EXTERNAL_AUTH_USER_NAME);
+		String appPass = EcompExternalAuthUtils.decryptPass(
+				EcompExternalAuthProperties.getProperty(EcompExternalAuthProperties.EXTERNAL_AUTH_PASSWORD));
+		JSONObject credentials = new JSONObject();
+		credentials.put(ID, appUsername);
+		credentials.put(PASSCODE, appPass);
+		HttpEntity<String> entity = new HttpEntity<>(credentials.toString(), headers);
+		logger.debug(EELFLoggerDelegate.debugLogger, "checkUserExists: Connecting to external auth system for user {}",
+				username);
+		ResponseEntity<String> getResponse = template.exchange(EcompExternalAuthProperties
+				.getProperty(EcompExternalAuthProperties.EXTERNAL_AUTH_URL)
+				+ EXTERNAL_AUTH_POST_CREDENTIALS_ENDPOINT, HttpMethod.POST, entity, String.class);
+		if (getResponse.getStatusCode().value() == 200) {
+			logger.debug(EELFLoggerDelegate.debugLogger,
+					"checkUserExists: Finished POST from external auth system to validate credentials and status: {}",
+					getResponse.getStatusCode().value());
+		}
+		return getResponse;
+	}
+
+	private String changeIfUserDomainNotAppended(String username) {
+		if (!EcompExternalAuthUtils.validate(username)) {
+			username = username + EcompExternalAuthProperties
+					.getProperty(EcompExternalAuthProperties.EXTERNAL_AUTH_USER_DOMAIN);
+		}
+		return username;
+	}
+
+	@Override
+	public List<ExternalAccessPerms> getIfUserPermsExists(String username) throws Exception {
+		HttpHeaders headers = getBasicAuthHeaders();
+		HttpEntity<String> entity = new HttpEntity<>(headers);
+		logger.debug(EELFLoggerDelegate.debugLogger,
+				"getIfUserPermsExists: Connecting to external auth system for user {}", username);
+		username = changeIfUserDomainNotAppended(username);
+		String endPoint = EXTERNAL_AUTH_GET_USER_PERMS_ENDPOINT + username;
+		ResponseEntity<String> getResponse = getPermsFromExternalAuthSystem(entity, endPoint);
+		return convertPermsJSONArrayToExternalAccessPerms(new ObjectMapper(), getResponse.getBody());
+	}
+
 }
diff --git a/ecomp-sdk/epsdk-aaf/src/main/java/org/onap/portalsdk/external/authorization/util/EcompExternalAuthProperties.java b/ecomp-sdk/epsdk-aaf/src/main/java/org/onap/portalsdk/external/authorization/util/EcompExternalAuthProperties.java
index 87d4c1fd..d5d04326 100644
--- a/ecomp-sdk/epsdk-aaf/src/main/java/org/onap/portalsdk/external/authorization/util/EcompExternalAuthProperties.java
+++ b/ecomp-sdk/epsdk-aaf/src/main/java/org/onap/portalsdk/external/authorization/util/EcompExternalAuthProperties.java
@@ -51,6 +51,8 @@ public class EcompExternalAuthProperties {
 	public static final String EXTERNAL_AUTH_PASSWORD = "extern_auth_password";
 
 	public static final String EXTERNAL_AUTH_URL = "extern_auth_url";
+	
+	public static final String EXTERNAL_AUTH_VALIDATE_CREDENTIALS_URL = "extern_auth_validate_creds_url";
 
 	public static final String EXTERNAL_AUTH_USER_DOMAIN = "extern_auth_user_domain";
 	
diff --git a/ecomp-sdk/epsdk-aaf/src/main/java/org/onap/portalsdk/external/authorization/util/EcompExternalAuthUtils.java b/ecomp-sdk/epsdk-aaf/src/main/java/org/onap/portalsdk/external/authorization/util/EcompExternalAuthUtils.java
index 6f4ff29a..dc6559ab 100644
--- a/ecomp-sdk/epsdk-aaf/src/main/java/org/onap/portalsdk/external/authorization/util/EcompExternalAuthUtils.java
+++ b/ecomp-sdk/epsdk-aaf/src/main/java/org/onap/portalsdk/external/authorization/util/EcompExternalAuthUtils.java
@@ -38,6 +38,8 @@
 package org.onap.portalsdk.external.authorization.util;
 
 import java.io.IOException;
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
 
 import javax.xml.bind.DatatypeConverter;
 
@@ -65,11 +67,11 @@ public class EcompExternalAuthUtils {
 	public static final String EXT_ROLE_FIELD_OWNER = ".owner";
 	public static final String EXT_ROLE_FIELD_ADMIN = ".admin";
 
-	public static HttpHeaders base64encodeKeyForAAFBasicAuth() throws Exception {
-		String userName = EcompExternalAuthProperties.getProperty(EcompExternalAuthProperties.EXTERNAL_AUTH_USER_NAME);
-		String encryptedPass = EcompExternalAuthProperties.getProperty(EcompExternalAuthProperties.EXTERNAL_AUTH_PASSWORD);
-		String decryptedPass = decryptPass(encryptedPass);
-		String usernamePass = userName + ":" + decryptedPass;
+	public static final Pattern VALID_USER_DOMAIN_ADDRESS_REGEX = 
+		    Pattern.compile("^[A-Z0-9._%+-]+@[A-Z0-9.-]+\\.[A-Z]{2,6}$", Pattern.CASE_INSENSITIVE);
+	
+	public static HttpHeaders base64encodeKeyForAAFBasicAuth(String username, String password) throws Exception {
+		String usernamePass = username + ":" + password;
 		String encToBase64 = String.valueOf((DatatypeConverter.printBase64Binary(usernamePass.getBytes())));
 		HttpHeaders headers = new HttpHeaders();
 		headers.add("Authorization", "Basic " + encToBase64);
@@ -77,7 +79,7 @@ public class EcompExternalAuthUtils {
 		return headers;
 	}
 
-	private static String decryptPass(String encrypted) throws Exception {
+	public static String decryptPass(String encrypted) throws Exception {
 		String result = "";
 		if (encrypted != null && encrypted.length() > 0) {
 			try {
@@ -92,6 +94,16 @@ public class EcompExternalAuthUtils {
 	}
 	
 	/**
+	 * Validates, if given username has fully domain address
+	 * @param String
+	 * @return true or false
+	 */
+	public static boolean validate(String username) {
+        Matcher matcher = VALID_USER_DOMAIN_ADDRESS_REGEX.matcher(username);
+        return matcher.find();
+	}
+	
+	/**
 	 * 
 	 * It checks whether the namespace is matching or not
 	 * 
diff --git a/ecomp-sdk/epsdk-aaf/src/test/java/org/onap/portalsdk/external/authorization/service/UserApiServiceImplTest.java b/ecomp-sdk/epsdk-aaf/src/test/java/org/onap/portalsdk/external/authorization/service/UserApiServiceImplTest.java
index d93b03c1..9836c5f1 100644
--- a/ecomp-sdk/epsdk-aaf/src/test/java/org/onap/portalsdk/external/authorization/service/UserApiServiceImplTest.java
+++ b/ecomp-sdk/epsdk-aaf/src/test/java/org/onap/portalsdk/external/authorization/service/UserApiServiceImplTest.java
@@ -37,6 +37,7 @@
  */
 package org.onap.portalsdk.external.authorization.service;
 
+import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.assertNotNull;
 import static org.junit.Assert.assertNull;
 
@@ -83,6 +84,7 @@ import org.springframework.http.HttpHeaders;
 import org.springframework.http.HttpMethod;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
+import org.springframework.web.client.HttpClientErrorException;
 import org.springframework.web.client.RestTemplate;
 
 import com.fasterxml.jackson.databind.ObjectMapper;
@@ -132,7 +134,7 @@ public class UserApiServiceImplTest {
 		PowerMockito.mockStatic(SystemProperties.class);
 		Mockito.when(EcompExternalAuthProperties.getProperty(EcompExternalAuthProperties.EXTERNAL_AUTH_NAMESPACE))
 				.thenReturn("com.test.app2");
-		Mockito.when(EcompExternalAuthUtils.base64encodeKeyForAAFBasicAuth()).thenReturn(new HttpHeaders());
+		Mockito.when(EcompExternalAuthUtils.base64encodeKeyForAAFBasicAuth(Matchers.anyString(), Matchers.anyString())).thenReturn(new HttpHeaders());
 		Mockito.when(EcompExternalAuthProperties.getProperty(EcompExternalAuthProperties.EXTERNAL_AUTH_USER_DOMAIN))
 				.thenReturn("@test.com");
 		MockitoAnnotations.initMocks(this);
@@ -286,6 +288,15 @@ public class UserApiServiceImplTest {
 
 	@Test
 	public void getRoleFunctionsTest() throws Exception {
+		JSONObject mockJsonObjectPerms = mockUserPerms();
+		ResponseEntity<String> response = new ResponseEntity<>(mockJsonObjectPerms.toString(), HttpStatus.OK);
+		Mockito.when(template.exchange(Matchers.anyString(), Matchers.eq(HttpMethod.GET),
+				Matchers.<HttpEntity<String>>any(), Matchers.eq(String.class))).thenReturn(response);
+		List<RoleFunction> actual = UserApiServiceImpl.getRoleFunctions("test123");
+		assertNotNull(actual);
+	}
+
+	private JSONObject mockUserPerms() {
 		JSONObject mockJsonObjectPerms = new JSONObject();
 		JSONObject mockJsonObjectPerm1 = new JSONObject();
 		JSONObject mockJsonObjectPerm2 = new JSONObject();
@@ -304,10 +315,39 @@ public class UserApiServiceImplTest {
 		permsList.add(mockJsonObjectPerm1);
 		permsList.add(mockJsonObjectPerm2);
 		mockJsonObjectPerms.put("perm", permsList);
+		return mockJsonObjectPerms;
+	}
+	
+	@Test
+	public void checkUserExistsTest() throws Exception {
+		ResponseEntity<String> response = new ResponseEntity<>(HttpStatus.OK);
+		Mockito.when(template.exchange(Matchers.anyString(), Matchers.eq(HttpMethod.POST),
+				Matchers.<HttpEntity<String>>any(), Matchers.eq(String.class))).thenReturn(response);
+		ResponseEntity<String> actual = UserApiServiceImpl.checkUserExists("test", "test");
+		assertNotNull(actual);
+	}
+	
+	@Test(expected = HttpClientErrorException.class)
+	public void checkUserExistsExceptionTest() throws Exception {
+		Mockito.when(template.exchange(Matchers.anyString(), Matchers.eq(HttpMethod.POST),
+				Matchers.<HttpEntity<String>>any(), Matchers.eq(String.class))).thenThrow(new HttpClientErrorException(HttpStatus.UNAUTHORIZED));
+		UserApiServiceImpl.checkUserExists("test", "test");
+	}
+	
+	@Test
+	public void getIfUserPermsExistsTest() throws Exception {
+		JSONObject mockJsonObjectPerms = mockUserPerms();
 		ResponseEntity<String> response = new ResponseEntity<>(mockJsonObjectPerms.toString(), HttpStatus.OK);
 		Mockito.when(template.exchange(Matchers.anyString(), Matchers.eq(HttpMethod.GET),
 				Matchers.<HttpEntity<String>>any(), Matchers.eq(String.class))).thenReturn(response);
-		List<RoleFunction> actual = UserApiServiceImpl.getRoleFunctions("test123");
-		assertNotNull(actual);
+		UserApiServiceImpl.getIfUserPermsExists("test123@test.com");
+	}
+	
+	@Test(expected = HttpClientErrorException.class)
+	public void getIfUserPermsExistsInvalidUserTest() throws Exception {
+		Mockito.when(template.exchange(Matchers.anyString(), Matchers.eq(HttpMethod.GET),
+				Matchers.<HttpEntity<String>>any(), Matchers.eq(String.class))).thenThrow(new HttpClientErrorException(HttpStatus.UNAUTHORIZED));
+		UserApiServiceImpl.getIfUserPermsExists("test1");
 	}
+	
 }
diff --git a/ecomp-sdk/epsdk-aaf/src/test/java/org/onap/portalsdk/external/authorization/util/EcompExternalAuthUtilsTest.java b/ecomp-sdk/epsdk-aaf/src/test/java/org/onap/portalsdk/external/authorization/util/EcompExternalAuthUtilsTest.java
index b35a1cda..4357b0a5 100644
--- a/ecomp-sdk/epsdk-aaf/src/test/java/org/onap/portalsdk/external/authorization/util/EcompExternalAuthUtilsTest.java
+++ b/ecomp-sdk/epsdk-aaf/src/test/java/org/onap/portalsdk/external/authorization/util/EcompExternalAuthUtilsTest.java
@@ -41,20 +41,21 @@ import static org.junit.Assert.assertFalse;
 import static org.junit.Assert.assertNotNull;
 import static org.junit.Assert.assertTrue;
 
+import javax.xml.bind.DatatypeConverter;
+
 import org.junit.Before;
 import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.mockito.Mockito;
 import org.mockito.MockitoAnnotations;
 import org.onap.portalsdk.core.onboarding.util.CipherUtil;
-import org.onap.portalsdk.core.util.SystemProperties;
 import org.powermock.api.mockito.PowerMockito;
 import org.powermock.core.classloader.annotations.PrepareForTest;
 import org.powermock.modules.junit4.PowerMockRunner;
 import org.springframework.http.HttpHeaders;
 
 @RunWith(PowerMockRunner.class)
-@PrepareForTest({ EcompExternalAuthProperties.class, CipherUtil.class })
+@PrepareForTest({ EcompExternalAuthProperties.class, CipherUtil.class, DatatypeConverter.class })
 public class EcompExternalAuthUtilsTest {
 
 	public static final String EXT_EMPTY_JSON_STRING = "{}";
@@ -73,6 +74,7 @@ public class EcompExternalAuthUtilsTest {
 	public void setup() {
 		PowerMockito.mockStatic(EcompExternalAuthProperties.class);
 		PowerMockito.mockStatic(CipherUtil.class);
+		PowerMockito.mockStatic(DatatypeConverter.class);
 		Mockito.when(EcompExternalAuthProperties.getProperty(EcompExternalAuthProperties.EXTERNAL_AUTH_USER_NAME))
 				.thenReturn("test_username");
 		Mockito.when(EcompExternalAuthProperties.getProperty(EcompExternalAuthProperties.EXTERNAL_AUTH_PASSWORD))
@@ -82,19 +84,15 @@ public class EcompExternalAuthUtilsTest {
 
 	@Test
 	public void base64encodeKeyForAAFBasicAuthTest() throws Exception {
-		Mockito.when(
-				CipherUtil.decryptPKC("test_password", SystemProperties.getProperty(SystemProperties.Decryption_Key)))
-				.thenReturn("test_decrypted_password");
-		HttpHeaders actual = EcompExternalAuthUtils.base64encodeKeyForAAFBasicAuth();
+		HttpHeaders actual = EcompExternalAuthUtils.base64encodeKeyForAAFBasicAuth("test", "test");
 		assertNotNull(actual);
 	}
 
 	@Test(expected = NullPointerException.class)
 	public void base64encodeKeyForAAFBasicAuthDecryptPassExceptionTest() throws Exception {
-		Mockito.when(
-				CipherUtil.decryptPKC("test_password", SystemProperties.getProperty(SystemProperties.Decryption_Key)))
+		Mockito.when(DatatypeConverter.printBase64Binary("test:test".getBytes()))
 				.thenThrow(new NullPointerException());
-		EcompExternalAuthUtils.base64encodeKeyForAAFBasicAuth();
+		EcompExternalAuthUtils.base64encodeKeyForAAFBasicAuth("test", "test");
 	}
 
 	@Test
author	Kishore Reddy, Gujja (kg811t) <kg811t@research.att.com>	2018-07-09 13:41:00 -0400
committer	Kishore Reddy, Gujja (kg811t) <kg811t@research.att.com>	2018-07-11 13:20:28 -0400
commit	a96a3e49cd472aa902c22143358b87562603d47c (patch)
tree	7e97578788de44f6704252cf982af09adcc05e8d /ecomp-sdk/epsdk-aaf
parent	9ac542482e4710e5566d147ca7a7a42500628ba2 (diff)