From a96a3e49cd472aa902c22143358b87562603d47c Mon Sep 17 00:00:00 2001 From: "Kishore Reddy, Gujja (kg811t)" Date: Mon, 9 Jul 2018 13:41:00 -0400 Subject: Adding User Auth and permission aaf services Issue-ID: PORTAL-334 Change-Id: I2826f2a06f7d818d918ae5f45b500a8da78cec42 Signed-off-by: Kishore Reddy, Gujja (kg811t) --- .../authorization/service/UserApiService.java | 21 ++ .../authorization/service/UserApiServiceImpl.java | 308 +++++++++++++-------- .../util/EcompExternalAuthProperties.java | 2 + .../authorization/util/EcompExternalAuthUtils.java | 24 +- .../service/UserApiServiceImplTest.java | 46 ++- .../util/EcompExternalAuthUtilsTest.java | 16 +- 6 files changed, 291 insertions(+), 126 deletions(-) (limited to 'ecomp-sdk/epsdk-aaf') diff --git a/ecomp-sdk/epsdk-aaf/src/main/java/org/onap/portalsdk/external/authorization/service/UserApiService.java b/ecomp-sdk/epsdk-aaf/src/main/java/org/onap/portalsdk/external/authorization/service/UserApiService.java index 14aeaf5e..3d112268 100644 --- a/ecomp-sdk/epsdk-aaf/src/main/java/org/onap/portalsdk/external/authorization/service/UserApiService.java +++ b/ecomp-sdk/epsdk-aaf/src/main/java/org/onap/portalsdk/external/authorization/service/UserApiService.java @@ -43,7 +43,9 @@ import javax.servlet.http.HttpServletRequest; import org.onap.portalsdk.core.domain.RoleFunction; import org.onap.portalsdk.core.domain.User; +import org.onap.portalsdk.external.authorization.domain.ExternalAccessPerms; import org.onap.portalsdk.external.authorization.exception.UserNotFoundException; +import org.springframework.http.ResponseEntity; public interface UserApiService { @@ -63,4 +65,23 @@ public interface UserApiService { */ List getRoleFunctions(String orgUserId) throws Exception; + /** + * Check if user exist in external auth system + * + * @param username + * @param password + * @return Response + * @throws Exception + */ + ResponseEntity checkUserExists(String username, String password) throws Exception; + + /** + * Get if user has any perms + * + * @param username + * @param password + * @return List + * @throws Exception + */ + List getIfUserPermsExists(String username) throws Exception; } diff --git a/ecomp-sdk/epsdk-aaf/src/main/java/org/onap/portalsdk/external/authorization/service/UserApiServiceImpl.java b/ecomp-sdk/epsdk-aaf/src/main/java/org/onap/portalsdk/external/authorization/service/UserApiServiceImpl.java index fb320c17..bfe9808b 100644 --- a/ecomp-sdk/epsdk-aaf/src/main/java/org/onap/portalsdk/external/authorization/service/UserApiServiceImpl.java +++ b/ecomp-sdk/epsdk-aaf/src/main/java/org/onap/portalsdk/external/authorization/service/UserApiServiceImpl.java @@ -37,6 +37,7 @@ */ package org.onap.portalsdk.external.authorization.service; +import java.io.IOException; import java.util.ArrayList; import java.util.List; import java.util.Set; @@ -73,15 +74,23 @@ import org.springframework.http.ResponseEntity; import org.springframework.stereotype.Service; import org.springframework.web.client.RestTemplate; +import com.fasterxml.jackson.core.JsonParseException; +import com.fasterxml.jackson.databind.JsonMappingException; import com.fasterxml.jackson.databind.ObjectMapper; import com.fasterxml.jackson.databind.type.TypeFactory; @Service("userApiService") public class UserApiServiceImpl implements UserApiService { - private static final String AAF_GET_USER_ROLES_ENDPOINT = "roles/user/"; + private static final String PASSCODE = "password"; - private static final String AAF_GET_USER_PERMS_ENDPOINT = "perms/user/"; + private static final String ID = "id"; + + private static final String EXTERNAL_AUTH_GET_USER_ROLES_ENDPOINT = "authz/roles/user/"; + + private static final String EXTERNAL_AUTH_GET_USER_PERMS_ENDPOINT = "authz/perms/user/"; + + private static final String EXTERNAL_AUTH_POST_CREDENTIALS_ENDPOINT = "authn/validate"; private static final EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(UserApiServiceImpl.class); @@ -103,62 +112,29 @@ public class UserApiServiceImpl implements UserApiService { private AppService appService; @Override - public User getUser(String orgUserId, HttpServletRequest request) - throws UserNotFoundException { + public User getUser(String orgUserId, HttpServletRequest request) throws UserNotFoundException { User user = null; try { - String namespace = EcompExternalAuthProperties.getProperty(EcompExternalAuthProperties.EXTERNAL_AUTH_NAMESPACE); - HttpHeaders headers = EcompExternalAuthUtils.base64encodeKeyForAAFBasicAuth(); + String namespace = EcompExternalAuthProperties + .getProperty(EcompExternalAuthProperties.EXTERNAL_AUTH_NAMESPACE); + HttpHeaders headers = getBasicAuthHeaders(); HttpEntity entity = new HttpEntity<>(headers); - logger.debug(EELFLoggerDelegate.debugLogger, "getUserRoles: Connecting to external system for user {}", + logger.debug(EELFLoggerDelegate.debugLogger, "getUserRoles: Connecting to external auth system for user {}", orgUserId); - String endPoint = AAF_GET_USER_ROLES_ENDPOINT + orgUserId + String endPoint = EXTERNAL_AUTH_GET_USER_ROLES_ENDPOINT + orgUserId + EcompExternalAuthProperties.getProperty(EcompExternalAuthProperties.EXTERNAL_AUTH_USER_DOMAIN); ResponseEntity getResponse = template.exchange( - EcompExternalAuthProperties.getProperty(EcompExternalAuthProperties.EXTERNAL_AUTH_URL) + endPoint, HttpMethod.GET, entity, - String.class); + EcompExternalAuthProperties.getProperty(EcompExternalAuthProperties.EXTERNAL_AUTH_URL) + endPoint, + HttpMethod.GET, entity, String.class); if (getResponse.getStatusCode().value() == 200) { logger.debug(EELFLoggerDelegate.debugLogger, - "getUserRoles: Finished GET unp ser roles from external system and body: {}", + "getUserRoles: Finished GET unp ser roles from external auth system and body: {}", getResponse.getBody()); } String userRoles = getResponse.getBody(); - JSONObject userJsonObj = null; - JSONArray userJsonArray = null; ObjectMapper mapper = new ObjectMapper(); - List userRoleDetailList = new ArrayList<>(); - if (!userRoles.equals(EcompExternalAuthUtils.EXT_EMPTY_JSON_STRING)) { - userJsonObj = new JSONObject(userRoles); - userJsonArray = userJsonObj.getJSONArray(EcompExternalAuthUtils.EXT_ROLE_FIELD); - ExternalAccessUserRoleDetail userRoleDetail = null; - for (int i = 0; i < userJsonArray.length(); i++) { - JSONObject role = userJsonArray.getJSONObject(i); - if (!role.getString(EcompExternalAuthUtils.EXT_ROLE_FIELD_NAME).endsWith(EcompExternalAuthUtils.EXT_ROLE_FIELD_ADMIN) - && !role.getString(EcompExternalAuthUtils.EXT_ROLE_FIELD_NAME) - .endsWith(EcompExternalAuthUtils.EXT_ROLE_FIELD_OWNER) - && EcompExternalAuthUtils.checkNameSpaceMatching(role.getString(EcompExternalAuthUtils.EXT_ROLE_FIELD_NAME), - namespace)) { - ExternalRoleDescription desc = new ExternalRoleDescription(); - if(role.has(EcompExternalAuthUtils.EXT_FIELD_DESCRIPTION) - && EcompExternalAuthUtils - .isJSONValid(role.getString(EcompExternalAuthUtils.EXT_FIELD_DESCRIPTION))) { - desc = mapper.readValue(role.getString(EcompExternalAuthUtils.EXT_FIELD_DESCRIPTION), - ExternalRoleDescription.class); - } - if(role.has(EcompExternalAuthUtils.EXT_FIELD_PERMS)) { - JSONArray perms = role.getJSONArray(EcompExternalAuthUtils.EXT_FIELD_PERMS); - List permsList = mapper.readValue(perms.toString(), TypeFactory - .defaultInstance().constructCollectionType(List.class, ExternalAccessPerms.class)); - desc.setPermissions(permsList); - } - userRoleDetail = new ExternalAccessUserRoleDetail( - role.getString(EcompExternalAuthUtils.EXT_ROLE_FIELD_NAME), desc); - userRoleDetailList.add(userRoleDetail); - } - } - } else { - throw new UserNotFoundException("User roles not found!"); - } + List userRoleDetailList = setExterbalAccessUserRoles(namespace, userRoles, + mapper); if (userRoleDetailList.isEmpty()) { throw new UserNotFoundException("User roles not found!"); @@ -172,10 +148,48 @@ public class UserApiServiceImpl implements UserApiService { } - @SuppressWarnings({ "rawtypes", "unchecked" }) + private List setExterbalAccessUserRoles(String namespace, String userRoles, + ObjectMapper mapper) throws IOException, JsonParseException, JsonMappingException, UserNotFoundException { + JSONObject userJsonObj; + JSONArray userJsonArray; + List userRoleDetailList = new ArrayList<>(); + if (!userRoles.equals(EcompExternalAuthUtils.EXT_EMPTY_JSON_STRING)) { + userJsonObj = new JSONObject(userRoles); + userJsonArray = userJsonObj.getJSONArray(EcompExternalAuthUtils.EXT_ROLE_FIELD); + ExternalAccessUserRoleDetail userRoleDetail = null; + for (int i = 0; i < userJsonArray.length(); i++) { + JSONObject role = userJsonArray.getJSONObject(i); + if (!role.getString(EcompExternalAuthUtils.EXT_ROLE_FIELD_NAME) + .endsWith(EcompExternalAuthUtils.EXT_ROLE_FIELD_ADMIN) + && !role.getString(EcompExternalAuthUtils.EXT_ROLE_FIELD_NAME) + .endsWith(EcompExternalAuthUtils.EXT_ROLE_FIELD_OWNER) + && EcompExternalAuthUtils.checkNameSpaceMatching( + role.getString(EcompExternalAuthUtils.EXT_ROLE_FIELD_NAME), namespace)) { + ExternalRoleDescription desc = new ExternalRoleDescription(); + if (role.has(EcompExternalAuthUtils.EXT_FIELD_DESCRIPTION) && EcompExternalAuthUtils + .isJSONValid(role.getString(EcompExternalAuthUtils.EXT_FIELD_DESCRIPTION))) { + desc = mapper.readValue(role.getString(EcompExternalAuthUtils.EXT_FIELD_DESCRIPTION), + ExternalRoleDescription.class); + } + if (role.has(EcompExternalAuthUtils.EXT_FIELD_PERMS)) { + JSONArray perms = role.getJSONArray(EcompExternalAuthUtils.EXT_FIELD_PERMS); + List permsList = mapper.readValue(perms.toString(), TypeFactory + .defaultInstance().constructCollectionType(List.class, ExternalAccessPerms.class)); + desc.setPermissions(permsList); + } + userRoleDetail = new ExternalAccessUserRoleDetail( + role.getString(EcompExternalAuthUtils.EXT_ROLE_FIELD_NAME), desc); + userRoleDetailList.add(userRoleDetail); + } + } + } else { + throw new UserNotFoundException("User roles not found!"); + } + return userRoleDetailList; + } + private User convertAAFUserRolesToEcompSDKUser(List userRoleDetailList, - String orgUserId, String namespace, HttpServletRequest request) - throws Exception { + String orgUserId, String namespace, HttpServletRequest request) throws Exception { User user = loginAAFService.findUserWithoutPwd(orgUserId); PostSearchBean postSearchBean = new PostSearchBean(); if (user == null) { @@ -189,56 +203,7 @@ public class UserApiServiceImpl implements UserApiService { } App app = appService.getApp(1l); try { - Set userApps = new TreeSet(); - for (ExternalAccessUserRoleDetail userRoleDetail : userRoleDetailList) { - ExternalRoleDescription roleDesc = userRoleDetail.getDescription(); - UserApp userApp = new UserApp(); - Role role = new Role(); - Set roleFunctions = new TreeSet<>(); - if (roleDesc != null) { - if (roleDesc.getName() == null) { - role.setActive(true); - role.setName(userRoleDetail.getName().substring(namespace.length() + 1)); - } else { - role.setActive(Boolean.valueOf(roleDesc.getActive())); - role.setId(Long.valueOf(roleDesc.getAppRoleId())); - role.setName(roleDesc.getName()); - if (!roleDesc.getPriority().equals(EcompExternalAuthUtils.EXT_NULL_VALUE)) { - role.setPriority(Integer.valueOf(roleDesc.getPriority())); - } - } - if (roleDesc.getPermissions() != null) { - for (ExternalAccessPerms extPerm : roleDesc.getPermissions()) { - RoleFunction roleFunction = new RoleFunction(); - roleFunction.setCode(extPerm.getInstance()); - roleFunction.setAction(extPerm.getAction()); - if (extPerm.getDescription() != null - && EcompExternalAuthUtils.checkNameSpaceMatching(extPerm.getType(), namespace)) { - roleFunction.setName(extPerm.getDescription()); - } else if (extPerm.getDescription() == null - && EcompExternalAuthUtils.checkNameSpaceMatching(extPerm.getType(), namespace)) { - roleFunction.setName(extPerm.getType().substring(namespace.length() + 1) + "|" - + extPerm.getInstance() + "|" + extPerm.getAction()); - } else if (extPerm.getDescription() == null - && !EcompExternalAuthUtils.checkNameSpaceMatching(extPerm.getType(), namespace)) { - roleFunction.setName( - extPerm.getType() + "|" + extPerm.getInstance() + "|" + extPerm.getAction()); - } - if (EcompExternalAuthUtils.checkNameSpaceMatching(extPerm.getType(), namespace)) { - roleFunction.setType(extPerm.getType().substring(namespace.length() + 1)); - } else { - roleFunction.setType(extPerm.getType()); - } - roleFunctions.add(roleFunction); - } - } - } - role.setRoleFunctions(roleFunctions); - userApp.setApp(app); - userApp.setRole(role); - userApp.setUserId(user.getId()); - userApps.add(userApp); - } + Set userApps = setUserApps(userRoleDetailList, namespace, user, app); user.setUserApps(userApps); } catch (Exception e) { logger.error(EELFLoggerDelegate.errorLogger, "createEPUser: createEPUser failed", e); @@ -248,24 +213,86 @@ public class UserApiServiceImpl implements UserApiService { return user; } + @SuppressWarnings({ "rawtypes", "unchecked" }) + private Set setUserApps(List userRoleDetailList, String namespace, User user, + App app) { + Set userApps = new TreeSet(); + for (ExternalAccessUserRoleDetail userRoleDetail : userRoleDetailList) { + ExternalRoleDescription roleDesc = userRoleDetail.getDescription(); + UserApp userApp = new UserApp(); + Role role = new Role(); + Set roleFunctions = new TreeSet<>(); + if (roleDesc != null) { + if (roleDesc.getName() == null) { + role.setActive(true); + role.setName(userRoleDetail.getName().substring(namespace.length() + 1)); + } else { + role.setActive(Boolean.valueOf(roleDesc.getActive())); + role.setId(Long.valueOf(roleDesc.getAppRoleId())); + role.setName(roleDesc.getName()); + if (!roleDesc.getPriority().equals(EcompExternalAuthUtils.EXT_NULL_VALUE)) { + role.setPriority(Integer.valueOf(roleDesc.getPriority())); + } + } + if (roleDesc.getPermissions() != null) { + for (ExternalAccessPerms extPerm : roleDesc.getPermissions()) { + RoleFunction roleFunction = new RoleFunction(); + roleFunction.setCode(extPerm.getInstance()); + roleFunction.setAction(extPerm.getAction()); + if (extPerm.getDescription() != null + && EcompExternalAuthUtils.checkNameSpaceMatching(extPerm.getType(), namespace)) { + roleFunction.setName(extPerm.getDescription()); + } else if (extPerm.getDescription() == null + && EcompExternalAuthUtils.checkNameSpaceMatching(extPerm.getType(), namespace)) { + roleFunction.setName(extPerm.getType().substring(namespace.length() + 1) + "|" + + extPerm.getInstance() + "|" + extPerm.getAction()); + } else if (extPerm.getDescription() == null + && !EcompExternalAuthUtils.checkNameSpaceMatching(extPerm.getType(), namespace)) { + roleFunction.setName( + extPerm.getType() + "|" + extPerm.getInstance() + "|" + extPerm.getAction()); + } + if (EcompExternalAuthUtils.checkNameSpaceMatching(extPerm.getType(), namespace)) { + roleFunction.setType(extPerm.getType().substring(namespace.length() + 1)); + } else { + roleFunction.setType(extPerm.getType()); + } + roleFunctions.add(roleFunction); + } + } + } + role.setRoleFunctions(roleFunctions); + userApp.setApp(app); + userApp.setRole(role); + userApp.setUserId(user.getId()); + userApps.add(userApp); + } + return userApps; + } + @Override public List getRoleFunctions(String orgUserId) throws Exception { ObjectMapper mapper = new ObjectMapper(); - HttpHeaders headers = EcompExternalAuthUtils.base64encodeKeyForAAFBasicAuth(); + HttpHeaders headers = getBasicAuthHeaders(); HttpEntity entity = new HttpEntity<>(headers); - logger.debug(EELFLoggerDelegate.debugLogger, "getRoleFunctions: Connecting to external system for user {}", + logger.debug(EELFLoggerDelegate.debugLogger, "getRoleFunctions: Connecting to external auth system for user {}", orgUserId); - String endPoint = AAF_GET_USER_PERMS_ENDPOINT + orgUserId + String endPoint = EXTERNAL_AUTH_GET_USER_PERMS_ENDPOINT + orgUserId + EcompExternalAuthProperties.getProperty(EcompExternalAuthProperties.EXTERNAL_AUTH_USER_DOMAIN); ResponseEntity getResponse = template.exchange( - EcompExternalAuthProperties.getProperty(EcompExternalAuthProperties.EXTERNAL_AUTH_URL) + endPoint, HttpMethod.GET, entity, - String.class); + EcompExternalAuthProperties.getProperty(EcompExternalAuthProperties.EXTERNAL_AUTH_URL) + endPoint, + HttpMethod.GET, entity, String.class); if (getResponse.getStatusCode().value() == 200) { logger.debug(EELFLoggerDelegate.debugLogger, "getRoleFunctions: Finished GET user perms from external system and body: {}", getResponse.getBody()); } String userPerms = getResponse.getBody(); + List extPermsList = convertPermsJSONArrayToExternalAccessPerms(mapper, userPerms); + return convertToRoleFunctionList(extPermsList); + } + + private List convertPermsJSONArrayToExternalAccessPerms(ObjectMapper mapper, String userPerms) + throws IOException, JsonParseException, JsonMappingException { JSONObject userPermsJsonObj = null; JSONArray userPermsJsonArray = null; List extPermsList = new ArrayList<>(); @@ -274,13 +301,34 @@ public class UserApiServiceImpl implements UserApiService { userPermsJsonArray = userPermsJsonObj.getJSONArray(EcompExternalAuthUtils.EXT_PERM_FIELD); for (int i = 0; i < userPermsJsonArray.length(); i++) { JSONObject permJsonObj = userPermsJsonArray.getJSONObject(i); - if (!permJsonObj.getString(EcompExternalAuthUtils.EXT_PERM_FIELD_TYPE).endsWith(EcompExternalAuthUtils.EXT_PERM_ACCESS)) { + if (!permJsonObj.getString(EcompExternalAuthUtils.EXT_PERM_FIELD_TYPE) + .endsWith(EcompExternalAuthUtils.EXT_PERM_ACCESS)) { ExternalAccessPerms perm = mapper.readValue(permJsonObj.toString(), ExternalAccessPerms.class); extPermsList.add(perm); } } } - return convertToRoleFunctionList(extPermsList); + return extPermsList; + } + + private ResponseEntity getPermsFromExternalAuthSystem(HttpEntity entity, String endPoint) { + ResponseEntity getResponse = template.exchange( + EcompExternalAuthProperties.getProperty(EcompExternalAuthProperties.EXTERNAL_AUTH_URL) + endPoint, + HttpMethod.GET, entity, String.class); + if (getResponse.getStatusCode().value() == 200) { + logger.debug(EELFLoggerDelegate.debugLogger, + "getPermsFromExternalAuthSystem: Finished GET user perms from external auth system and body: {}", + getResponse.getBody()); + } + return getResponse; + } + + private HttpHeaders getBasicAuthHeaders() throws Exception { + String userName = EcompExternalAuthProperties.getProperty(EcompExternalAuthProperties.EXTERNAL_AUTH_USER_NAME); + String encryptedPass = EcompExternalAuthProperties + .getProperty(EcompExternalAuthProperties.EXTERNAL_AUTH_PASSWORD); + String decryptedPass = EcompExternalAuthUtils.decryptPass(encryptedPass); + return EcompExternalAuthUtils.base64encodeKeyForAAFBasicAuth(userName, decryptedPass); } private List convertToRoleFunctionList(List extPermsList) { @@ -311,11 +359,55 @@ public class UserApiServiceImpl implements UserApiService { return roleFunctions; } - private SearchResult loadSearchResultData(PostSearchBean searchCriteria) - throws NamingException { + private SearchResult loadSearchResultData(PostSearchBean searchCriteria) throws NamingException { return ldapService.searchPost(searchCriteria.getUser(), searchCriteria.getSortBy1(), searchCriteria.getSortBy2(), searchCriteria.getSortBy3(), searchCriteria.getPageNo(), searchCriteria.getNewDataSize(), 1); } + @Override + public ResponseEntity checkUserExists(String username, String password) throws Exception { + username = changeIfUserDomainNotAppended(username); + HttpHeaders headers = EcompExternalAuthUtils.base64encodeKeyForAAFBasicAuth(username, password); + String appUsername = EcompExternalAuthProperties + .getProperty(EcompExternalAuthProperties.EXTERNAL_AUTH_USER_NAME); + String appPass = EcompExternalAuthUtils.decryptPass( + EcompExternalAuthProperties.getProperty(EcompExternalAuthProperties.EXTERNAL_AUTH_PASSWORD)); + JSONObject credentials = new JSONObject(); + credentials.put(ID, appUsername); + credentials.put(PASSCODE, appPass); + HttpEntity entity = new HttpEntity<>(credentials.toString(), headers); + logger.debug(EELFLoggerDelegate.debugLogger, "checkUserExists: Connecting to external auth system for user {}", + username); + ResponseEntity getResponse = template.exchange(EcompExternalAuthProperties + .getProperty(EcompExternalAuthProperties.EXTERNAL_AUTH_URL) + + EXTERNAL_AUTH_POST_CREDENTIALS_ENDPOINT, HttpMethod.POST, entity, String.class); + if (getResponse.getStatusCode().value() == 200) { + logger.debug(EELFLoggerDelegate.debugLogger, + "checkUserExists: Finished POST from external auth system to validate credentials and status: {}", + getResponse.getStatusCode().value()); + } + return getResponse; + } + + private String changeIfUserDomainNotAppended(String username) { + if (!EcompExternalAuthUtils.validate(username)) { + username = username + EcompExternalAuthProperties + .getProperty(EcompExternalAuthProperties.EXTERNAL_AUTH_USER_DOMAIN); + } + return username; + } + + @Override + public List getIfUserPermsExists(String username) throws Exception { + HttpHeaders headers = getBasicAuthHeaders(); + HttpEntity entity = new HttpEntity<>(headers); + logger.debug(EELFLoggerDelegate.debugLogger, + "getIfUserPermsExists: Connecting to external auth system for user {}", username); + username = changeIfUserDomainNotAppended(username); + String endPoint = EXTERNAL_AUTH_GET_USER_PERMS_ENDPOINT + username; + ResponseEntity getResponse = getPermsFromExternalAuthSystem(entity, endPoint); + return convertPermsJSONArrayToExternalAccessPerms(new ObjectMapper(), getResponse.getBody()); + } + } diff --git a/ecomp-sdk/epsdk-aaf/src/main/java/org/onap/portalsdk/external/authorization/util/EcompExternalAuthProperties.java b/ecomp-sdk/epsdk-aaf/src/main/java/org/onap/portalsdk/external/authorization/util/EcompExternalAuthProperties.java index 87d4c1fd..d5d04326 100644 --- a/ecomp-sdk/epsdk-aaf/src/main/java/org/onap/portalsdk/external/authorization/util/EcompExternalAuthProperties.java +++ b/ecomp-sdk/epsdk-aaf/src/main/java/org/onap/portalsdk/external/authorization/util/EcompExternalAuthProperties.java @@ -51,6 +51,8 @@ public class EcompExternalAuthProperties { public static final String EXTERNAL_AUTH_PASSWORD = "extern_auth_password"; public static final String EXTERNAL_AUTH_URL = "extern_auth_url"; + + public static final String EXTERNAL_AUTH_VALIDATE_CREDENTIALS_URL = "extern_auth_validate_creds_url"; public static final String EXTERNAL_AUTH_USER_DOMAIN = "extern_auth_user_domain"; diff --git a/ecomp-sdk/epsdk-aaf/src/main/java/org/onap/portalsdk/external/authorization/util/EcompExternalAuthUtils.java b/ecomp-sdk/epsdk-aaf/src/main/java/org/onap/portalsdk/external/authorization/util/EcompExternalAuthUtils.java index 6f4ff29a..dc6559ab 100644 --- a/ecomp-sdk/epsdk-aaf/src/main/java/org/onap/portalsdk/external/authorization/util/EcompExternalAuthUtils.java +++ b/ecomp-sdk/epsdk-aaf/src/main/java/org/onap/portalsdk/external/authorization/util/EcompExternalAuthUtils.java @@ -38,6 +38,8 @@ package org.onap.portalsdk.external.authorization.util; import java.io.IOException; +import java.util.regex.Matcher; +import java.util.regex.Pattern; import javax.xml.bind.DatatypeConverter; @@ -65,11 +67,11 @@ public class EcompExternalAuthUtils { public static final String EXT_ROLE_FIELD_OWNER = ".owner"; public static final String EXT_ROLE_FIELD_ADMIN = ".admin"; - public static HttpHeaders base64encodeKeyForAAFBasicAuth() throws Exception { - String userName = EcompExternalAuthProperties.getProperty(EcompExternalAuthProperties.EXTERNAL_AUTH_USER_NAME); - String encryptedPass = EcompExternalAuthProperties.getProperty(EcompExternalAuthProperties.EXTERNAL_AUTH_PASSWORD); - String decryptedPass = decryptPass(encryptedPass); - String usernamePass = userName + ":" + decryptedPass; + public static final Pattern VALID_USER_DOMAIN_ADDRESS_REGEX = + Pattern.compile("^[A-Z0-9._%+-]+@[A-Z0-9.-]+\\.[A-Z]{2,6}$", Pattern.CASE_INSENSITIVE); + + public static HttpHeaders base64encodeKeyForAAFBasicAuth(String username, String password) throws Exception { + String usernamePass = username + ":" + password; String encToBase64 = String.valueOf((DatatypeConverter.printBase64Binary(usernamePass.getBytes()))); HttpHeaders headers = new HttpHeaders(); headers.add("Authorization", "Basic " + encToBase64); @@ -77,7 +79,7 @@ public class EcompExternalAuthUtils { return headers; } - private static String decryptPass(String encrypted) throws Exception { + public static String decryptPass(String encrypted) throws Exception { String result = ""; if (encrypted != null && encrypted.length() > 0) { try { @@ -91,6 +93,16 @@ public class EcompExternalAuthUtils { return result; } + /** + * Validates, if given username has fully domain address + * @param String + * @return true or false + */ + public static boolean validate(String username) { + Matcher matcher = VALID_USER_DOMAIN_ADDRESS_REGEX.matcher(username); + return matcher.find(); + } + /** * * It checks whether the namespace is matching or not diff --git a/ecomp-sdk/epsdk-aaf/src/test/java/org/onap/portalsdk/external/authorization/service/UserApiServiceImplTest.java b/ecomp-sdk/epsdk-aaf/src/test/java/org/onap/portalsdk/external/authorization/service/UserApiServiceImplTest.java index d93b03c1..9836c5f1 100644 --- a/ecomp-sdk/epsdk-aaf/src/test/java/org/onap/portalsdk/external/authorization/service/UserApiServiceImplTest.java +++ b/ecomp-sdk/epsdk-aaf/src/test/java/org/onap/portalsdk/external/authorization/service/UserApiServiceImplTest.java @@ -37,6 +37,7 @@ */ package org.onap.portalsdk.external.authorization.service; +import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertNotNull; import static org.junit.Assert.assertNull; @@ -83,6 +84,7 @@ import org.springframework.http.HttpHeaders; import org.springframework.http.HttpMethod; import org.springframework.http.HttpStatus; import org.springframework.http.ResponseEntity; +import org.springframework.web.client.HttpClientErrorException; import org.springframework.web.client.RestTemplate; import com.fasterxml.jackson.databind.ObjectMapper; @@ -132,7 +134,7 @@ public class UserApiServiceImplTest { PowerMockito.mockStatic(SystemProperties.class); Mockito.when(EcompExternalAuthProperties.getProperty(EcompExternalAuthProperties.EXTERNAL_AUTH_NAMESPACE)) .thenReturn("com.test.app2"); - Mockito.when(EcompExternalAuthUtils.base64encodeKeyForAAFBasicAuth()).thenReturn(new HttpHeaders()); + Mockito.when(EcompExternalAuthUtils.base64encodeKeyForAAFBasicAuth(Matchers.anyString(), Matchers.anyString())).thenReturn(new HttpHeaders()); Mockito.when(EcompExternalAuthProperties.getProperty(EcompExternalAuthProperties.EXTERNAL_AUTH_USER_DOMAIN)) .thenReturn("@test.com"); MockitoAnnotations.initMocks(this); @@ -286,6 +288,15 @@ public class UserApiServiceImplTest { @Test public void getRoleFunctionsTest() throws Exception { + JSONObject mockJsonObjectPerms = mockUserPerms(); + ResponseEntity response = new ResponseEntity<>(mockJsonObjectPerms.toString(), HttpStatus.OK); + Mockito.when(template.exchange(Matchers.anyString(), Matchers.eq(HttpMethod.GET), + Matchers.>any(), Matchers.eq(String.class))).thenReturn(response); + List actual = UserApiServiceImpl.getRoleFunctions("test123"); + assertNotNull(actual); + } + + private JSONObject mockUserPerms() { JSONObject mockJsonObjectPerms = new JSONObject(); JSONObject mockJsonObjectPerm1 = new JSONObject(); JSONObject mockJsonObjectPerm2 = new JSONObject(); @@ -304,10 +315,39 @@ public class UserApiServiceImplTest { permsList.add(mockJsonObjectPerm1); permsList.add(mockJsonObjectPerm2); mockJsonObjectPerms.put("perm", permsList); + return mockJsonObjectPerms; + } + + @Test + public void checkUserExistsTest() throws Exception { + ResponseEntity response = new ResponseEntity<>(HttpStatus.OK); + Mockito.when(template.exchange(Matchers.anyString(), Matchers.eq(HttpMethod.POST), + Matchers.>any(), Matchers.eq(String.class))).thenReturn(response); + ResponseEntity actual = UserApiServiceImpl.checkUserExists("test", "test"); + assertNotNull(actual); + } + + @Test(expected = HttpClientErrorException.class) + public void checkUserExistsExceptionTest() throws Exception { + Mockito.when(template.exchange(Matchers.anyString(), Matchers.eq(HttpMethod.POST), + Matchers.>any(), Matchers.eq(String.class))).thenThrow(new HttpClientErrorException(HttpStatus.UNAUTHORIZED)); + UserApiServiceImpl.checkUserExists("test", "test"); + } + + @Test + public void getIfUserPermsExistsTest() throws Exception { + JSONObject mockJsonObjectPerms = mockUserPerms(); ResponseEntity response = new ResponseEntity<>(mockJsonObjectPerms.toString(), HttpStatus.OK); Mockito.when(template.exchange(Matchers.anyString(), Matchers.eq(HttpMethod.GET), Matchers.>any(), Matchers.eq(String.class))).thenReturn(response); - List actual = UserApiServiceImpl.getRoleFunctions("test123"); - assertNotNull(actual); + UserApiServiceImpl.getIfUserPermsExists("test123@test.com"); + } + + @Test(expected = HttpClientErrorException.class) + public void getIfUserPermsExistsInvalidUserTest() throws Exception { + Mockito.when(template.exchange(Matchers.anyString(), Matchers.eq(HttpMethod.GET), + Matchers.>any(), Matchers.eq(String.class))).thenThrow(new HttpClientErrorException(HttpStatus.UNAUTHORIZED)); + UserApiServiceImpl.getIfUserPermsExists("test1"); } + } diff --git a/ecomp-sdk/epsdk-aaf/src/test/java/org/onap/portalsdk/external/authorization/util/EcompExternalAuthUtilsTest.java b/ecomp-sdk/epsdk-aaf/src/test/java/org/onap/portalsdk/external/authorization/util/EcompExternalAuthUtilsTest.java index b35a1cda..4357b0a5 100644 --- a/ecomp-sdk/epsdk-aaf/src/test/java/org/onap/portalsdk/external/authorization/util/EcompExternalAuthUtilsTest.java +++ b/ecomp-sdk/epsdk-aaf/src/test/java/org/onap/portalsdk/external/authorization/util/EcompExternalAuthUtilsTest.java @@ -41,20 +41,21 @@ import static org.junit.Assert.assertFalse; import static org.junit.Assert.assertNotNull; import static org.junit.Assert.assertTrue; +import javax.xml.bind.DatatypeConverter; + import org.junit.Before; import org.junit.Test; import org.junit.runner.RunWith; import org.mockito.Mockito; import org.mockito.MockitoAnnotations; import org.onap.portalsdk.core.onboarding.util.CipherUtil; -import org.onap.portalsdk.core.util.SystemProperties; import org.powermock.api.mockito.PowerMockito; import org.powermock.core.classloader.annotations.PrepareForTest; import org.powermock.modules.junit4.PowerMockRunner; import org.springframework.http.HttpHeaders; @RunWith(PowerMockRunner.class) -@PrepareForTest({ EcompExternalAuthProperties.class, CipherUtil.class }) +@PrepareForTest({ EcompExternalAuthProperties.class, CipherUtil.class, DatatypeConverter.class }) public class EcompExternalAuthUtilsTest { public static final String EXT_EMPTY_JSON_STRING = "{}"; @@ -73,6 +74,7 @@ public class EcompExternalAuthUtilsTest { public void setup() { PowerMockito.mockStatic(EcompExternalAuthProperties.class); PowerMockito.mockStatic(CipherUtil.class); + PowerMockito.mockStatic(DatatypeConverter.class); Mockito.when(EcompExternalAuthProperties.getProperty(EcompExternalAuthProperties.EXTERNAL_AUTH_USER_NAME)) .thenReturn("test_username"); Mockito.when(EcompExternalAuthProperties.getProperty(EcompExternalAuthProperties.EXTERNAL_AUTH_PASSWORD)) @@ -82,19 +84,15 @@ public class EcompExternalAuthUtilsTest { @Test public void base64encodeKeyForAAFBasicAuthTest() throws Exception { - Mockito.when( - CipherUtil.decryptPKC("test_password", SystemProperties.getProperty(SystemProperties.Decryption_Key))) - .thenReturn("test_decrypted_password"); - HttpHeaders actual = EcompExternalAuthUtils.base64encodeKeyForAAFBasicAuth(); + HttpHeaders actual = EcompExternalAuthUtils.base64encodeKeyForAAFBasicAuth("test", "test"); assertNotNull(actual); } @Test(expected = NullPointerException.class) public void base64encodeKeyForAAFBasicAuthDecryptPassExceptionTest() throws Exception { - Mockito.when( - CipherUtil.decryptPKC("test_password", SystemProperties.getProperty(SystemProperties.Decryption_Key))) + Mockito.when(DatatypeConverter.printBase64Binary("test:test".getBytes())) .thenThrow(new NullPointerException()); - EcompExternalAuthUtils.base64encodeKeyForAAFBasicAuth(); + EcompExternalAuthUtils.base64encodeKeyForAAFBasicAuth("test", "test"); } @Test -- cgit 1.2.3-korg