Skip to content
GitLab
Menu
Projects
Groups
Snippets
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
Menu
Open sidebar
IA2
GMS
Commits
cdc85827
Commit
cdc85827
authored
Mar 22, 2021
by
Sonia Zorba
Browse files
Set root always traversable; LoggingDAO fix
parent
3b4ded02
Pipeline
#1220
passed with stages
in 34 seconds
Changes
7
Pipelines
1
Hide whitespace changes
Inline
Side-by-side
gms/src/main/java/it/inaf/ia2/gms/authn/JWTFilter.java
View file @
cdc85827
...
...
@@ -56,13 +56,14 @@ public class JWTFilter implements Filter {
Map
<
String
,
Object
>
claims
=
userManager
.
parseIdTokenClaims
(
token
);
if
(
claims
.
get
(
"sub"
)
==
null
)
{
loggingDAO
.
logAction
(
ActionType
.
UNAUTHORIZED_ACCESS_ATTEMPT
,
"Attempt to access API with invalid token
"
,
request
);
loggingDAO
.
logAction
(
ActionType
.
UNAUTHORIZED_ACCESS_ATTEMPT
,
"Attempt to access API with invalid token
"
+
request
.
getRequestURI
()
,
request
);
response
.
sendError
(
HttpServletResponse
.
SC_UNAUTHORIZED
,
"Invalid access token: missing sub claim"
);
return
;
}
ServletRequestWithJWTPrincipal
wrappedRequest
=
new
ServletRequestWithJWTPrincipal
(
request
,
token
,
claims
);
loggingDAO
.
logAction
(
ActionType
.
UNAUTHORIZED_ACCESS_ATTEMPT
,
"API access from "
+
wrappedRequest
.
getUserPrincipal
().
getName
(),
request
);
loggingDAO
.
logAction
(
ActionType
.
API_CALL
,
request
.
getRequestURI
()
+
" called by "
+
wrappedRequest
.
getUserPrincipal
().
getName
(),
request
);
fc
.
doFilter
(
wrappedRequest
,
res
);
}
...
...
gms/src/main/java/it/inaf/ia2/gms/controller/HomePageController.java
View file @
cdc85827
package
it.inaf.ia2.gms.controller
;
import
it.inaf.ia2.gms.authn.SessionData
;
import
it.inaf.ia2.gms.exception.UnauthorizedException
;
import
it.inaf.ia2.gms.manager.InvitedRegistrationManager
;
import
it.inaf.ia2.gms.model.GroupBreadcrumb
;
import
it.inaf.ia2.gms.model.GroupNode
;
import
it.inaf.ia2.gms.model.Permission
;
import
it.inaf.ia2.gms.model.request.GroupsRequest
;
import
it.inaf.ia2.gms.model.response.GroupsTabResponse
;
import
it.inaf.ia2.gms.model.response.HomePageResponse
;
import
it.inaf.ia2.gms.model.response.PaginatedData
;
import
it.inaf.ia2.gms.persistence.model.InvitedRegistration
;
import
java.io.IOException
;
import
java.util.ArrayList
;
import
java.util.List
;
import
java.util.Optional
;
import
javax.servlet.ServletException
;
...
...
@@ -48,37 +42,14 @@ public class HomePageController {
response
.
setUser
(
session
.
getUserName
());
try
{
GroupsTabResponse
groupsTabResponse
=
groupsTabResponseBuilder
.
getGroupsTab
(
request
);
response
.
setBreadcrumbs
(
groupsTabResponse
.
getBreadcrumbs
());
response
.
setGroupsPanel
(
groupsTabResponse
.
getGroupsPanel
());
response
.
setPermission
(
groupsTabResponse
.
getPermission
());
}
catch
(
UnauthorizedException
ex
)
{
if
(
"ROOT"
.
equals
(
request
.
getGroupId
()))
{
response
.
setBreadcrumbs
(
getRootBreadcrumbs
());
response
.
setGroupsPanel
(
getEmptyGroupsPanel
(
request
));
response
.
setPermission
(
Permission
.
TRAVERSE
);
}
else
{
throw
ex
;
}
}
GroupsTabResponse
groupsTabResponse
=
groupsTabResponseBuilder
.
getGroupsTab
(
request
);
response
.
setBreadcrumbs
(
groupsTabResponse
.
getBreadcrumbs
());
response
.
setGroupsPanel
(
groupsTabResponse
.
getGroupsPanel
());
response
.
setPermission
(
groupsTabResponse
.
getPermission
());
return
ResponseEntity
.
ok
(
response
);
}
private
List
<
GroupBreadcrumb
>
getRootBreadcrumbs
()
{
List
<
GroupBreadcrumb
>
breadcrumbs
=
new
ArrayList
<>();
GroupBreadcrumb
breadcrumb
=
new
GroupBreadcrumb
();
breadcrumb
.
setGroupId
(
"ROOT"
);
breadcrumb
.
setGroupName
(
"ROOT"
);
breadcrumbs
.
add
(
breadcrumb
);
return
breadcrumbs
;
}
private
PaginatedData
<
GroupNode
>
getEmptyGroupsPanel
(
GroupsRequest
request
)
{
return
new
PaginatedData
<>(
new
ArrayList
<>(),
1
,
request
.
getPaginatorPageSize
());
}
@GetMapping
(
value
=
"/"
,
produces
=
MediaType
.
TEXT_HTML_VALUE
)
public
String
index
(
HttpServletRequest
request
,
HttpServletResponse
response
)
throws
ServletException
,
IOException
{
...
...
gms/src/main/java/it/inaf/ia2/gms/manager/GroupsManager.java
View file @
cdc85827
...
...
@@ -84,6 +84,10 @@ public class GroupsManager extends UserAwareComponent {
}
public
void
verifyUserCanReadGroup
(
GroupEntity
group
)
{
if
(
GroupsService
.
ROOT
.
equals
(
group
.
getId
()))
{
// Everybody can read the root
return
;
}
if
(
permissionsManager
.
getCurrentUserPermission
(
group
)
==
null
)
{
loggingDAO
.
logAction
(
ActionType
.
UNAUTHORIZED_ACCESS_ATTEMPT
,
"Unauthorized group management request, group_id="
+
group
.
getId
());
throw
new
UnauthorizedException
(
"Missing permission to see this group"
);
...
...
gms/src/main/java/it/inaf/ia2/gms/manager/PermissionsManager.java
View file @
cdc85827
...
...
@@ -10,6 +10,7 @@ import it.inaf.ia2.gms.service.PermissionUtils;
import
it.inaf.ia2.gms.service.PermissionsService
;
import
it.inaf.ia2.gms.authn.RapClient
;
import
it.inaf.ia2.gms.persistence.model.ActionType
;
import
it.inaf.ia2.gms.service.GroupsService
;
import
it.inaf.ia2.rap.data.RapUser
;
import
java.util.ArrayList
;
import
java.util.List
;
...
...
@@ -159,6 +160,8 @@ public class PermissionsManager extends UserAwareComponent {
public
Permission
getCurrentUserPermission
(
GroupEntity
group
)
{
List
<
PermissionEntity
>
permissions
=
permissionsService
.
findUserPermissions
(
group
,
getCurrentUserId
());
return
PermissionUtils
.
getGroupPermission
(
group
,
permissions
).
orElse
(
null
);
return
PermissionUtils
.
getGroupPermission
(
group
,
permissions
).
orElse
(
GroupsService
.
ROOT
.
equals
(
group
.
getId
())
?
Permission
.
TRAVERSE
:
null
);
}
}
gms/src/main/java/it/inaf/ia2/gms/persistence/model/ActionType.java
View file @
cdc85827
...
...
@@ -15,5 +15,6 @@ public enum ActionType {
INVITED_REGISTRATION_OPENED
,
INVITED_REGISTRATION_DELETED
,
INVITED_REGISTRATION_COMPLETED
,
API_CALL
,
UNAUTHORIZED_ACCESS_ATTEMPT
}
gms/src/test/java/it/inaf/ia2/gms/manager/GroupsManagerTest.java
0 → 100644
View file @
cdc85827
package
it.inaf.ia2.gms.manager
;
import
it.inaf.ia2.gms.exception.UnauthorizedException
;
import
it.inaf.ia2.gms.persistence.LoggingDAO
;
import
it.inaf.ia2.gms.persistence.model.GroupEntity
;
import
it.inaf.ia2.gms.service.GroupsService
;
import
static
org
.
junit
.
Assert
.
assertTrue
;
import
org.junit.Test
;
import
org.junit.runner.RunWith
;
import
org.mockito.InjectMocks
;
import
org.mockito.Mock
;
import
org.mockito.junit.MockitoJUnitRunner
;
@RunWith
(
MockitoJUnitRunner
.
class
)
public
class
GroupsManagerTest
{
@Mock
private
GroupsService
groupsService
;
@Mock
private
PermissionsManager
permissionsManager
;
@Mock
private
LoggingDAO
loggingDAO
;
@InjectMocks
private
GroupsManager
groupsManager
;
@Test
public
void
testRootAlwaysReadable
()
{
GroupEntity
root
=
new
GroupEntity
();
root
.
setName
(
"ROOT"
);
root
.
setId
(
GroupsService
.
ROOT
);
root
.
setPath
(
""
);
groupsManager
.
verifyUserCanReadGroup
(
root
);
}
@Test
public
void
testVerifyUserCanReadGroupFails
()
{
boolean
exception
=
false
;
GroupEntity
group
=
new
GroupEntity
();
group
.
setName
(
"group_name"
);
group
.
setId
(
"group_id"
);
group
.
setPath
(
"group_id"
);
try
{
groupsManager
.
verifyUserCanReadGroup
(
group
);
}
catch
(
UnauthorizedException
ex
)
{
exception
=
true
;
}
assertTrue
(
exception
);
}
}
gms/src/test/java/it/inaf/ia2/gms/manager/PermissionsManagerTest.java
View file @
cdc85827
...
...
@@ -5,11 +5,13 @@ import it.inaf.ia2.gms.model.Permission;
import
it.inaf.ia2.gms.persistence.LoggingDAO
;
import
it.inaf.ia2.gms.persistence.model.GroupEntity
;
import
it.inaf.ia2.gms.persistence.model.PermissionEntity
;
import
it.inaf.ia2.gms.service.GroupsService
;
import
it.inaf.ia2.gms.service.PermissionsService
;
import
java.util.ArrayList
;
import
java.util.Collections
;
import
java.util.List
;
import
javax.servlet.http.HttpServletRequest
;
import
static
org
.
junit
.
Assert
.
assertEquals
;
import
org.junit.Before
;
import
org.junit.Test
;
import
org.junit.runner.RunWith
;
...
...
@@ -137,6 +139,18 @@ public class PermissionsManagerTest {
permissionsManager
.
removePermission
(
group
,
TARGET_USER_ID
);
}
@Test
public
void
testGetCurrentUserPermissionAlwaysTraverseRoot
()
{
when
(
permissionsService
.
findUserPermissions
(
any
(),
any
())).
thenReturn
(
new
ArrayList
<>());
GroupEntity
root
=
new
GroupEntity
();
root
.
setName
(
"ROOT"
);
root
.
setId
(
GroupsService
.
ROOT
);
root
.
setPath
(
""
);
assertEquals
(
Permission
.
TRAVERSE
,
permissionsManager
.
getCurrentUserPermission
(
root
));
}
private
List
<
PermissionEntity
>
getUserPermissions
(
GroupEntity
group
,
Permission
permission
)
{
PermissionEntity
entity
=
new
PermissionEntity
();
entity
.
setPermission
(
permission
);
...
...
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment