From 553c1d9f83a42b25ff41e7e0eda32636430c416e Mon Sep 17 00:00:00 2001 From: holgerhagen <19706592+holgerhagen@users.noreply.github.com> Date: Fri, 26 Jun 2020 14:19:11 +0200 Subject: [PATCH] TSK-1308: Fixed: return groups from LDAP, accessId is member of. --- .../common/rest/AccessIdController.java | 7 ++-- .../taskana/common/rest/ldap/LdapClient.java | 12 +++--- .../rest/AccessIdControllerIntTest.java | 40 +++++++++++++++++++ .../src/test/resources/application.properties | 4 +- .../src/test/resources/taskana-test.ldif | 2 + 5 files changed, 54 insertions(+), 11 deletions(-) diff --git a/rest/taskana-rest-spring/src/main/java/pro/taskana/common/rest/AccessIdController.java b/rest/taskana-rest-spring/src/main/java/pro/taskana/common/rest/AccessIdController.java index c4e55f6ed..bcc974ef8 100644 --- a/rest/taskana-rest-spring/src/main/java/pro/taskana/common/rest/AccessIdController.java +++ b/rest/taskana-rest-spring/src/main/java/pro/taskana/common/rest/AccessIdController.java @@ -63,11 +63,10 @@ public class AccessIdController { if (!validateAccessId(accessId)) { throw new InvalidArgumentException("The accessId is invalid"); } - List accessIdUsers; + List accessIds; ResponseEntity> response; - accessIdUsers = ldapClient.searchUsersAndGroups(accessId); - accessIdUsers.addAll(ldapClient.searchGroupsofUsersIsMember(accessId)); - response = ResponseEntity.ok(accessIdUsers); + accessIds = ldapClient.searchGroupsAccessIdIsMemberOf(accessId); + response = ResponseEntity.ok(accessIds); if (LOGGER.isDebugEnabled()) { LOGGER.debug("Exit from getGroupsByAccessId(), returning {}", response); } diff --git a/rest/taskana-rest-spring/src/main/java/pro/taskana/common/rest/ldap/LdapClient.java b/rest/taskana-rest-spring/src/main/java/pro/taskana/common/rest/ldap/LdapClient.java index bba61479e..640c1c07a 100644 --- a/rest/taskana-rest-spring/src/main/java/pro/taskana/common/rest/ldap/LdapClient.java +++ b/rest/taskana-rest-spring/src/main/java/pro/taskana/common/rest/ldap/LdapClient.java @@ -17,6 +17,7 @@ import org.springframework.ldap.core.LdapTemplate; import org.springframework.ldap.core.support.AbstractContextMapper; import org.springframework.ldap.filter.AndFilter; import org.springframework.ldap.filter.EqualsFilter; +import org.springframework.ldap.filter.LikeFilter; import org.springframework.ldap.filter.OrFilter; import org.springframework.ldap.filter.WhitespaceWildcardsFilter; import org.springframework.stereotype.Component; @@ -182,15 +183,15 @@ public class LdapClient { return accessId; } - public List searchGroupsofUsersIsMember(final String name) + public List searchGroupsAccessIdIsMemberOf(final String name) throws InvalidArgumentException { - LOGGER.debug("entry to searchGroupsofUsersIsMember(name = {}).", name); + LOGGER.debug("entry to searchGroupsAccessIdIsMemberOf(name = {}).", name); isInitOrFail(); testMinSearchForLength(name); final AndFilter andFilter = new AndFilter(); - andFilter.and(new WhitespaceWildcardsFilter(getGroupNameAttribute(), "")); - andFilter.and(new EqualsFilter(getGroupsOfUser(), name)); + andFilter.and(new EqualsFilter(getGroupSearchFilterName(), getGroupSearchFilterValue())); + andFilter.and(new LikeFilter(getGroupsOfUser(), "*" + name + "*")); String[] userAttributesToReturn = {getUserIdAttribute(), getGroupNameAttribute()}; @@ -202,7 +203,8 @@ public class LdapClient { userAttributesToReturn, new GroupContextMapper()); LOGGER.debug( - "exit from searchGroupsofUsersIsMember. Retrieved the following users: {}.", accessIds); + "exit from searchGroupsAccessIdIsMemberOf. Retrieved the following accessIds: {}.", + accessIds); return accessIds; } diff --git a/rest/taskana-rest-spring/src/test/java/pro/taskana/common/rest/AccessIdControllerIntTest.java b/rest/taskana-rest-spring/src/test/java/pro/taskana/common/rest/AccessIdControllerIntTest.java index e8eb424bc..51fa81002 100644 --- a/rest/taskana-rest-spring/src/test/java/pro/taskana/common/rest/AccessIdControllerIntTest.java +++ b/rest/taskana-rest-spring/src/test/java/pro/taskana/common/rest/AccessIdControllerIntTest.java @@ -107,6 +107,46 @@ class AccessIdControllerIntTest { .isEqualTo(HttpStatus.BAD_REQUEST); } + @Test + void should_returnAccessIdsOfGroupsTheAccessIdIsMemberOf_ifAccessIdOfUserIsGiven() { + ResponseEntity> response = + template.exchange( + restHelper.toUrl(Mapping.URL_ACCESSID_GROUPS) + "?access-id=teamlead-2", + HttpMethod.GET, + restHelper.defaultRequest(), + ParameterizedTypeReference.forType(AccessIdListResource.class)); + + List body = response.getBody(); + assertThat(body).isNotNull(); + assertThat(body) + .extracting(AccessIdRepresentationModel::getAccessId) + .usingElementComparator(String.CASE_INSENSITIVE_ORDER) + .containsExactlyInAnyOrder( + "cn=ksc-teamleads,cn=groups,OU=Test,O=TASKANA", + "cn=business-admins,cn=groups,OU=Test,O=TASKANA", + "cn=monitor-users,cn=groups,OU=Test,O=TASKANA", + "cn=Organisationseinheit KSC 2,cn=Organisationseinheit KSC,cn=organisation,OU=Test,O=TASKANA"); + } + + @Test + void should_returnAccessIdsOfGroupsTheAccessIdIsMemberOf_ifAccessIdOfGroupIsGiven() { + ResponseEntity> response = + template.exchange( + restHelper.toUrl(Mapping.URL_ACCESSID_GROUPS) + + "?access-id=cn=Organisationseinheit KSC 1," + + "cn=Organisationseinheit KSC,cn=organisation,OU=Test,O=TASKANA", + HttpMethod.GET, + restHelper.defaultRequest(), + ParameterizedTypeReference.forType(AccessIdListResource.class)); + + List body = response.getBody(); + assertThat(body).isNotNull(); + assertThat(body) + .extracting(AccessIdRepresentationModel::getAccessId) + .usingElementComparator(String.CASE_INSENSITIVE_ORDER) + .containsExactlyInAnyOrder("cn=Organisationseinheit KSC,cn=organisation,OU=Test,O=TASKANA"); + } + static class AccessIdListResource extends ArrayList { private static final long serialVersionUID = 1L; } diff --git a/rest/taskana-rest-spring/src/test/resources/application.properties b/rest/taskana-rest-spring/src/test/resources/application.properties index 6a3dead47..87009b0a9 100644 --- a/rest/taskana-rest-spring/src/test/resources/application.properties +++ b/rest/taskana-rest-spring/src/test/resources/application.properties @@ -25,13 +25,13 @@ taskana.ldap.userSearchFilterValue=person taskana.ldap.userFirstnameAttribute=givenName taskana.ldap.userLastnameAttribute=sn taskana.ldap.userIdAttribute=uid -taskana.ldap.groupSearchBase=cn=groups +taskana.ldap.groupSearchBase= taskana.ldap.groupSearchFilterName=objectclass taskana.ldap.groupSearchFilterValue=groupOfUniqueNames taskana.ldap.groupNameAttribute=cn taskana.ldap.minSearchForLength=3 taskana.ldap.maxNumberOfReturnedAccessIds=50 -taskana.ldap.groupsOfUser=memberUid +taskana.ldap.groupsOfUser=uniquemember # Embedded Spring LDAP server spring.ldap.embedded.base-dn= OU=Test,O=TASKANA spring.ldap.embedded.credential.username= uid=admin diff --git a/rest/taskana-rest-spring/src/test/resources/taskana-test.ldif b/rest/taskana-rest-spring/src/test/resources/taskana-test.ldif index 451300e5e..a4196c95c 100644 --- a/rest/taskana-rest-spring/src/test/resources/taskana-test.ldif +++ b/rest/taskana-rest-spring/src/test/resources/taskana-test.ldif @@ -230,6 +230,8 @@ objectclass: top ###################### dn: cn=Organisationseinheit KSC,cn=organisation,OU=Test,O=TASKANA cn: Organisationseinheit KSC +uniquemember: cn=Organisationseinheit KSC 1,cn=Organisationseinheit KSC,cn=organisation,OU=Test,O=TASKANA +uniquemember: cn=Organisationseinheit KSC 2,cn=Organisationseinheit KSC,cn=organisation,OU=Test,O=TASKANA objectclass: groupofuniquenames objectclass: top