TSK-1494: Validate the AccessIds with EqualsFilter instead of WhitespaceWildcardsFilter
This commit is contained in:
Joerg Heffner
gitgoodjhe
parent
f2f132fb04
commit
ed5d262138
|
|
@ -80,7 +80,7 @@ public class AccessIdController {
|
|||
|
||||
taskanaEngine.checkRoleMembership(TaskanaRole.ADMIN, TaskanaRole.BUSINESS_ADMIN);
|
||||
|
||||
if (!validateAccessId(accessId)) {
|
||||
if (!ldapClient.validateAccessId(accessId)) {
|
||||
throw new InvalidArgumentException("The accessId is invalid");
|
||||
}
|
||||
|
||||
|
|
@ -93,8 +93,4 @@ public class AccessIdController {
|
|||
}
|
||||
return response;
|
||||
}
|
||||
|
||||
private boolean validateAccessId(String accessId) throws InvalidArgumentException {
|
||||
return ldapClient.searchUsersAndGroups(accessId).size() == 1;
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -214,6 +214,46 @@ public class LdapClient {
|
|||
return accessIds;
|
||||
}
|
||||
|
||||
/**
|
||||
* Validates a given AccessId / name.
|
||||
*
|
||||
* @param name lookup string for names or groups
|
||||
* @return whether the given name is valid or not
|
||||
*/
|
||||
public boolean validateAccessId(final String name) {
|
||||
|
||||
LOGGER.debug("entry to validateAccessId(name = {})", name);
|
||||
|
||||
isInitOrFail();
|
||||
|
||||
if (nameIsDn(name)) {
|
||||
|
||||
AccessIdRepresentationModel groupByDn = searchAccessIdByDn(name);
|
||||
|
||||
return groupByDn != null;
|
||||
|
||||
} else {
|
||||
|
||||
final AndFilter andFilter = new AndFilter();
|
||||
andFilter.and(new EqualsFilter(getUserSearchFilterName(), getUserSearchFilterValue()));
|
||||
|
||||
final OrFilter orFilter = new OrFilter();
|
||||
orFilter.or(new EqualsFilter(getUserIdAttribute(), name));
|
||||
|
||||
andFilter.and(orFilter);
|
||||
|
||||
final List<AccessIdRepresentationModel> accessIds =
|
||||
ldapTemplate.search(
|
||||
getUserSearchBase(),
|
||||
andFilter.encode(),
|
||||
SearchControls.SUBTREE_SCOPE,
|
||||
getLookUpUserAttributesToReturn(),
|
||||
new UserContextMapper());
|
||||
|
||||
return !accessIds.isEmpty();
|
||||
}
|
||||
}
|
||||
|
||||
public String getUserSearchBase() {
|
||||
return LdapSettings.TASKANA_LDAP_USER_SEARCH_BASE.getValueFromEnv(env);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -157,6 +157,25 @@ class AccessIdControllerIntTest {
|
|||
+ "cn=Organisationseinheit KSC,cn=organisation,OU=Test,O=TASKANA");
|
||||
}
|
||||
|
||||
@Test
|
||||
void should_ValidateAccessIdWithEqualsFilterAndReturnAccessIdsOfGroupsTheAccessIdIsMemberOf() {
|
||||
ResponseEntity<List<AccessIdRepresentationModel>> response =
|
||||
TEMPLATE.exchange(
|
||||
restHelper.toUrl(RestEndpoints.URL_ACCESS_ID_GROUPS) + "?access-id=user-2-1",
|
||||
HttpMethod.GET,
|
||||
restHelper.defaultRequest(),
|
||||
ACCESS_ID_LIST_TYPE);
|
||||
|
||||
assertThat(response.getBody())
|
||||
.isNotNull()
|
||||
.extracting(AccessIdRepresentationModel::getAccessId)
|
||||
.usingElementComparator(String.CASE_INSENSITIVE_ORDER)
|
||||
.containsExactlyInAnyOrder(
|
||||
"cn=ksc-users,cn=groups,ou=Test,O=TASKANA",
|
||||
"cn=Organisationseinheit KSC 2,cn=Organisationseinheit KSC,"
|
||||
+ "cn=organisation,ou=Test,O=TASKANA");
|
||||
}
|
||||
|
||||
@Test
|
||||
void should_ReturnBadRequest_ifAccessIdOfUserContainsInvalidCharacter() {
|
||||
ThrowingCallable call =
|
||||
|
|
|
|||
Loading…
Reference in New Issue