Make PATCH to change aup signature time working

for client credentials flow
indigo-iam · Jul 5, 2024 · 85cac24 · 85cac24
1 parent 9fc54b7
commit 85cac24
Show file tree

Hide file tree

Showing 3 changed files with 52 additions and 20 deletions.
diff --git a/iam-login-service/src/main/java/it/infn/mw/iam/api/aup/AupSignatureController.java b/iam-login-service/src/main/java/it/infn/mw/iam/api/aup/AupSignatureController.java
@@ -26,6 +26,8 @@
 import org.springframework.context.ApplicationEventPublisher;
 import org.springframework.http.HttpStatus;
 import org.springframework.security.access.prepost.PreAuthorize;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.oauth2.provider.OAuth2Authentication;
 import org.springframework.transaction.annotation.Transactional;
 import org.springframework.web.bind.annotation.DeleteMapping;
 import org.springframework.web.bind.annotation.ExceptionHandler;
@@ -57,7 +59,8 @@
 public class AupSignatureController {
 
   private static final String ACCOUNT_NOT_FOUND_FOR_ID_MESSAGE = "Account not found for id: %s";
-  private static final String ACCOUNT_NOT_FOUND_FOR_AUTHENTICATED_USER_MESSAGE = "Account not found for authenticated user";
+  private static final String ACCOUNT_NOT_FOUND_FOR_AUTHENTICATED_USER_MESSAGE =
+      "Account not found for authenticated user";
 
   private final AupSignatureConverter signatureConverter;
   private final AccountUtils accountUtils;
@@ -108,7 +111,7 @@ public void signAup() throws AccountNotFoundException {
   public AupSignatureDTO getSignature() throws AccountNotFoundException {
 
     IamAccount account = accountUtils.getAuthenticatedUserAccount()
-        .orElseThrow(accountNotFoundException(ACCOUNT_NOT_FOUND_FOR_AUTHENTICATED_USER_MESSAGE));
+      .orElseThrow(accountNotFoundException(ACCOUNT_NOT_FOUND_FOR_AUTHENTICATED_USER_MESSAGE));
 
     IamAup aup = aupRepo.findDefaultAup().orElseThrow(aupNotFoundException());
     IamAupSignature sig =
@@ -118,7 +121,8 @@ public AupSignatureDTO getSignature() throws AccountNotFoundException {
 
   @GetMapping(value = "/iam/aup/signature/{accountId}")
   @PreAuthorize("#iam.hasScope('iam:admin.read') or #iam.hasAnyDashboardRole('ROLE_ADMIN', 'ROLE_GM') or #iam.isUser(#accountId)")
-  public AupSignatureDTO getSignatureForAccount(@PathVariable String accountId) throws AccountNotFoundException {
+  public AupSignatureDTO getSignatureForAccount(@PathVariable String accountId)
+      throws AccountNotFoundException {
 
     IamAccount account = accountUtils.getByAccountId(accountId)
       .orElseThrow(accountNotFoundException(format(ACCOUNT_NOT_FOUND_FOR_ID_MESSAGE, accountId)));
@@ -133,29 +137,42 @@ public AupSignatureDTO getSignatureForAccount(@PathVariable String accountId) th
   @PatchMapping(value = "/iam/aup/signature/{accountId}")
   @ResponseStatus(value = HttpStatus.CREATED)
   @PreAuthorize("#iam.hasScope('iam:admin.write') or #iam.hasDashboardRole('ROLE_ADMIN')")
-  public AupSignatureDTO updateSignatureForAccount(@PathVariable String accountId) throws AccountNotFoundException {
+  public AupSignatureDTO updateSignatureForAccount(@PathVariable String accountId,
+      Authentication authentication) throws AccountNotFoundException {
 
-    IamAccount updaterAccount = accountUtils.getAuthenticatedUserAccount()
-        .orElseThrow(accountNotFoundException(ACCOUNT_NOT_FOUND_FOR_AUTHENTICATED_USER_MESSAGE));
+    Optional<IamAccount> updaterAccount = accountUtils.getAuthenticatedUserAccount();
 
     IamAccount account = accountUtils.getByAccountId(accountId)
       .orElseThrow(accountNotFoundException(format(ACCOUNT_NOT_FOUND_FOR_ID_MESSAGE, accountId)));
     IamAup aup = aupRepo.findDefaultAup().orElseThrow(aupNotFoundException());
     Date now = new Date(timeProvider.currentTimeMillis());
 
     IamAupSignature signature = signatureRepo.createSignatureForAccount(aup, account, now);
-    eventPublisher.publishEvent(new AupSignedOnBehalfEvent(this, signature, updaterAccount.getUsername()));
+    if (updaterAccount.isPresent()) {
+      eventPublisher.publishEvent(
+          new AupSignedOnBehalfEvent(this, signature, updaterAccount.get().getUuid(), false));
+    } else {
+      String clientId = null;
+
+      if (authentication instanceof OAuth2Authentication) {
+        OAuth2Authentication oauth2Auth = (OAuth2Authentication) authentication;
+        clientId = oauth2Auth.getOAuth2Request().getClientId();
+      }
+
+      eventPublisher.publishEvent(new AupSignedOnBehalfEvent(this, signature, clientId, true));
+    }
 
     return signatureConverter.dtoFromEntity(signature);
   }
 
   @DeleteMapping(value = "/iam/aup/signature/{accountId}")
   @ResponseStatus(value = HttpStatus.NO_CONTENT)
   @PreAuthorize("#iam.hasScope('iam:admin.write') or #iam.hasDashboardRole('ROLE_ADMIN')")
-  public void deleteSignatureForAccount(@PathVariable String accountId) throws AccountNotFoundException {
+  public void deleteSignatureForAccount(@PathVariable String accountId)
+      throws AccountNotFoundException {
 
     IamAccount deleterAccount = accountUtils.getAuthenticatedUserAccount()
-        .orElseThrow(accountNotFoundException(ACCOUNT_NOT_FOUND_FOR_AUTHENTICATED_USER_MESSAGE));
+      .orElseThrow(accountNotFoundException(ACCOUNT_NOT_FOUND_FOR_AUTHENTICATED_USER_MESSAGE));
     IamAccount signatureAccount = accountUtils.getByAccountId(accountId)
       .orElseThrow(accountNotFoundException(format(ACCOUNT_NOT_FOUND_FOR_ID_MESSAGE, accountId)));
 
@@ -166,7 +183,8 @@ public void deleteSignatureForAccount(@PathVariable String accountId) throws Acc
 
     if (signature.isPresent()) {
       signatureRepo.deleteSignatureForAccount(aup, signatureAccount);
-      eventPublisher.publishEvent(new AupSignatureDeletedEvent(this, deleterAccount.getUsername(), signature.get()));
+      eventPublisher.publishEvent(
+          new AupSignatureDeletedEvent(this, deleterAccount.getUsername(), signature.get()));
     }
   }
 

diff --git a/iam-login-service/src/main/java/it/infn/mw/iam/audit/events/IamAuditApplicationEvent.java b/iam-login-service/src/main/java/it/infn/mw/iam/audit/events/IamAuditApplicationEvent.java
@@ -29,22 +29,22 @@
 import com.fasterxml.jackson.annotation.JsonTypeInfo.Id;
 
 @JsonPropertyOrder({"timestamp", "@type", "category", "principal", "message"})
-@JsonTypeInfo(use=Id.NAME, property="@type")
+@JsonTypeInfo(use = Id.NAME, property = "@type")
 public abstract class IamAuditApplicationEvent extends ApplicationEvent {
 
   private static final long serialVersionUID = -6276169409979227109L;
-  
+
   public static final String NULL_PRINCIPAL = "<unknown>";
 
   @JsonInclude
   private final IamEventCategory category;
-  
+
   @JsonInclude
   private final String principal;
-  
+
   @JsonInclude
   private final String message;
-  
+
 
   public IamAuditApplicationEvent(IamEventCategory category, Object source, String message) {
     super(source);
@@ -59,6 +59,14 @@ public IamAuditApplicationEvent(IamEventCategory category, Object source, String
     }
   }
 
+  public IamAuditApplicationEvent(IamEventCategory category, Object source, String message,
+      String principal) {
+    super(source);
+    this.message = message;
+    this.category = category;
+    this.principal = principal != null ? principal : NULL_PRINCIPAL;
+  }
+
   protected IamAuditApplicationEvent(IamEventCategory category, Object source) {
     this(category, source, null);
   }
@@ -80,9 +88,9 @@ public IamEventCategory getCategory() {
   public Object getSource() {
     return super.getSource();
   }
-  
+
   @JsonProperty("source")
-  public String getSourceClass(){
+  public String getSourceClass() {
     return super.getSource().getClass().getSimpleName();
   }
 }
diff --git a/iam-login-service/src/main/java/it/infn/mw/iam/audit/events/aup/AupSignedOnBehalfEvent.java b/iam-login-service/src/main/java/it/infn/mw/iam/audit/events/aup/AupSignedOnBehalfEvent.java
@@ -34,9 +34,15 @@ public class AupSignedOnBehalfEvent extends IamAuditApplicationEvent {
   @JsonSerialize(using = IamAupSignatureSerializer.class)
   final IamAupSignature signature;
 
-  public AupSignedOnBehalfEvent(Object source, IamAupSignature signature, String signedBy) {
-    super(IamEventCategory.AUP, source, format("Administrator %s signed the AUP on behalf of %s",
-        signedBy, signature.getAccount().getUsername()));
+  public AupSignedOnBehalfEvent(Object source, IamAupSignature signature, String signedBy,
+      boolean isClient) {
+    super(IamEventCategory.AUP, source,
+        isClient
+            ? format("Client %s signed the AUP on behalf of %s user", signedBy,
+                signature.getAccount().getUsername())
+            : format("User %s signed the AUP on behalf of %s user", signedBy,
+                signature.getAccount().getUsername()),
+        isClient ? "client: " + signedBy : "user: " + signedBy);
     this.signature = signature;
   }
 }