add impersonation property

Thumimku · May 2, 2024 · 043133f · 043133f
1 parent 6201849
commit 043133f
Show file tree

Hide file tree

Showing 7 changed files with 286 additions and 17 deletions.
diff --git a/.../src/main/java/org/wso2/carbon/identity/application/common/model/ClientImpersonation.java b/.../src/main/java/org/wso2/carbon/identity/application/common/model/ClientImpersonation.java
@@ -0,0 +1,112 @@
+/*
+ *  Copyright (c) 2024, WSO2 LLC. (http://www.wso2.com).
+ *
+ *  WSO2 LLC. licenses this file to you under the Apache License,
+ *  Version 2.0 (the "License"); you may not use this file except
+ *  in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License.
+ *
+ */
+
+package org.wso2.carbon.identity.application.common.model;
+
+import org.apache.axiom.om.OMElement;
+import org.apache.axis2.databinding.annotation.IgnoreNullElement;
+
+import java.io.Serializable;
+import java.util.Iterator;
+
+import javax.xml.bind.annotation.XmlAccessType;
+import javax.xml.bind.annotation.XmlAccessorType;
+import javax.xml.bind.annotation.XmlElement;
+import javax.xml.bind.annotation.XmlRootElement;
+
+/**
+ * This class represents the metadata related to client impersonation. It is used for
+ * serializing and deserializing data to/from XML format.
+ */
+@XmlAccessorType(XmlAccessType.FIELD)
+@XmlRootElement(name = "ClientImpersonationMetaData")
+public class ClientImpersonation implements Serializable {
+
+    private static final long serialVersionUID = 1995041000019950518L;
+    private static final String IS_IMPERSONATION_EMAIL_NOTIFICATION_ENABLED = "IsImpersonationEmailNotificationEnabled";
+    private static final String IS_IMPERSONATION_ENABLED = "IsImpersonationEnabled";
+
+    @IgnoreNullElement
+    @XmlElement(name = IS_IMPERSONATION_ENABLED)
+    private boolean isImpersonationEnabled;
+
+    // Field to store whether email notification for impersonation is enabled.
+    @IgnoreNullElement
+    @XmlElement(name = IS_IMPERSONATION_EMAIL_NOTIFICATION_ENABLED)
+    private boolean isImpersonationEmailNotificationEnabled;
+
+    /**
+     * Creates an instance of the ClientImpersonationMetaData class by parsing an OMElement.
+     *
+     * @param metaDataOM The OMElement to parse and build the ClientImpersonationMetaData object from.
+     * @return A new ClientImpersonationMetaData object populated with data from the OMElement.
+     */
+    public static ClientImpersonation build(OMElement metaDataOM) {
+        ClientImpersonation metaData = new ClientImpersonation();
+
+        Iterator<?> iter = metaDataOM.getChildElements();
+
+        while (iter.hasNext()) {
+            OMElement element = (OMElement) (iter.next());
+            String elementName = element.getLocalName();
+
+            if (IS_IMPERSONATION_ENABLED.equals(elementName)) {
+                boolean isImpersonationEnabled = element.getText() != null && Boolean.parseBoolean(element.getText());
+                metaData.setImpersonationEnabled(isImpersonationEnabled);
+            } else if (IS_IMPERSONATION_EMAIL_NOTIFICATION_ENABLED.equals(elementName)) {
+                boolean isImpersonationEmailNotificationEnabled = element.getText() != null
+                        && Boolean.parseBoolean(element.getText());
+                metaData.setImpersonationEmailNotificationEnabled(isImpersonationEmailNotificationEnabled);
+            }
+        }
+        return metaData;
+    }
+
+
+    /**
+     * Get the value indicating whether email notification for impersonation is enabled.
+     *
+     * @return True if attestation is enabled, otherwise false.
+     */
+    public boolean isImpersonationEmailNotificationEnabled() {
+
+        return isImpersonationEmailNotificationEnabled;
+    }
+
+    /**
+     * Set the value indicating whether email notification for impersonation is enabled.
+     *
+     * @param impersonationEmailNotificationEnabled True to enable attestation, false to disable it.
+     */
+    public void setImpersonationEmailNotificationEnabled(boolean impersonationEmailNotificationEnabled) {
+
+        isImpersonationEmailNotificationEnabled = impersonationEmailNotificationEnabled;
+    }
+
+
+    public boolean isImpersonationEnabled() {
+
+        return isImpersonationEnabled;
+    }
+
+    public void setImpersonationEnabled(boolean impersonationEnabled) {
+
+        isImpersonationEnabled = impersonationEnabled;
+    }
+}
diff --git a/...mmon/src/main/java/org/wso2/carbon/identity/application/common/model/ServiceProvider.java b/...mmon/src/main/java/org/wso2/carbon/identity/application/common/model/ServiceProvider.java
@@ -149,6 +149,10 @@ public class ServiceProvider implements Serializable {
     @XmlElement(name = "ClientAttestationMetaData")
     private ClientAttestationMetaData clientAttestationMetaData;
 
+    @IgnoreNullElement
+    @XmlElement(name = "ClientImpersonation")
+    private ClientImpersonation clientImpersonation;
+
     /*
      * <ServiceProvider> <ApplicationID></ApplicationID> <Description></Description>
      * <Owner>....</Owner>
@@ -201,6 +205,9 @@ public static ServiceProvider build(OMElement serviceProviderOM) {
             } else if (IS_API_BASED_AUTHENTICATION_ENABLED.equals(elementName)) {
                 boolean isAPIBasedAuthEnabled = element.getText() != null && "true".equals(element.getText());
                 serviceProvider.setAPIBasedAuthenticationEnabled(isAPIBasedAuthEnabled);
+            } else if ("ClientImpersonation".equals(elementName)) {
+                // build client impersonation meta data configuration.
+                serviceProvider.setClientImpersonation(ClientImpersonation.build(element));
             } else if ("ClientAttestationMetaData".equals(elementName)) {
                 // build client attestation meta data configuration.
                 serviceProvider
@@ -602,5 +609,15 @@ public void setClientAttestationMetaData(ClientAttestationMetaData clientAttesta
 
         this.clientAttestationMetaData = clientAttestationMetaData;
     }
+
+    public ClientImpersonation getClientImpersonation() {
+
+        return clientImpersonation;
+    }
+
+    public void setClientImpersonation(ClientImpersonation clientImpersonation) {
+
+        this.clientImpersonation = clientImpersonation;
+    }
 }
 
diff --git a/...n/java/org/wso2/carbon/identity/application/common/util/IdentityApplicationConstants.java b/...n/java/org/wso2/carbon/identity/application/common/util/IdentityApplicationConstants.java
@@ -122,6 +122,12 @@ private IdentityApplicationConstants() {
     public static final String IS_API_BASED_AUTHENTICATION_ENABLED_DISPLAY_NAME = "Is API Based Authentication Enabled";
     public static final String IS_ATTESTATION_ENABLED_PROPERTY_NAME = "IsAttestationEnabled";
     public static final String IS_ATTESTATION_ENABLED_DISPLAY_NAME = "Is Client Attestation Enabled";
+    public static final String IS_IMPERSONATION_ENABLED_PROPERTY_NAME = "IsImpersonationEnabled";
+    public static final String IS_IMPERSONATION_ENABLED_DISPLAY_NAME = "Is Client Impersonation Enabled";
+    public static final String IS_IMPERSONATION_EMAIL_NOTIFICATION_ENABLED_PROPERTY_NAME =
+            "IsImpersonationEmailNotificationEnabled";
+    public static final String IS_IMPERSONATION_EMAIL_NOTIFICATION_ENABLED_DISPLAY_NAME =
+            "Is Impersonation Email Notification Enabled";
     public static final String ANDROID_PACKAGE_NAME_PROPERTY_NAME = "androidPackageName";
     public static final String ANDROID_PACKAGE_NAME_DISPLAY_NAME = "Android mobile application package name";
     public static final String APPLE_APP_ID_PROPERTY_NAME = "appleAppId";

diff --git a/...t/src/main/java/org/wso2/carbon/identity/application/mgt/dao/impl/ApplicationDAOImpl.java b/...t/src/main/java/org/wso2/carbon/identity/application/mgt/dao/impl/ApplicationDAOImpl.java
@@ -41,6 +41,7 @@
 import org.wso2.carbon.identity.application.common.model.ClaimConfig;
 import org.wso2.carbon.identity.application.common.model.ClaimMapping;
 import org.wso2.carbon.identity.application.common.model.ClientAttestationMetaData;
+import org.wso2.carbon.identity.application.common.model.ClientImpersonation;
 import org.wso2.carbon.identity.application.common.model.ConsentConfig;
 import org.wso2.carbon.identity.application.common.model.ConsentPurpose;
 import org.wso2.carbon.identity.application.common.model.ConsentPurposeConfigs;
@@ -152,6 +153,10 @@
 import static org.wso2.carbon.identity.application.common.util.IdentityApplicationConstants.IS_ATTESTATION_ENABLED_PROPERTY_NAME;
 import static org.wso2.carbon.identity.application.common.util.IdentityApplicationConstants.IS_B2B_SS_APP_SP_PROPERTY_DISPLAY_NAME;
 import static org.wso2.carbon.identity.application.common.util.IdentityApplicationConstants.IS_B2B_SS_APP_SP_PROPERTY_NAME;
+import static org.wso2.carbon.identity.application.common.util.IdentityApplicationConstants.IS_IMPERSONATION_EMAIL_NOTIFICATION_ENABLED_DISPLAY_NAME;
+import static org.wso2.carbon.identity.application.common.util.IdentityApplicationConstants.IS_IMPERSONATION_EMAIL_NOTIFICATION_ENABLED_PROPERTY_NAME;
+import static org.wso2.carbon.identity.application.common.util.IdentityApplicationConstants.IS_IMPERSONATION_ENABLED_DISPLAY_NAME;
+import static org.wso2.carbon.identity.application.common.util.IdentityApplicationConstants.IS_IMPERSONATION_ENABLED_PROPERTY_NAME;
 import static org.wso2.carbon.identity.application.common.util.IdentityApplicationConstants.IS_MANAGEMENT_APP_SP_PROPERTY_DISPLAY_NAME;
 import static org.wso2.carbon.identity.application.common.util.IdentityApplicationConstants.IS_MANAGEMENT_APP_SP_PROPERTY_NAME;
 import static org.wso2.carbon.identity.application.common.util.IdentityApplicationConstants.IS_SYSTEM_RESERVED_APP_DISPLAY_NAME;
@@ -469,6 +474,18 @@ private ApplicationCreateResult persistBasicApplicationInformation(Connection co
                 storeAndroidAttestationServiceCredentialAsSecret(application);
             }
 
+            if (application.getClientImpersonation() != null) {
+                ServiceProviderProperty isImpersonationEnabled =
+                        buildIsImpersonationEnabledProperty(application.getClientImpersonation());
+                serviceProviderProperties.add(isImpersonationEnabled);
+
+                if (application.getClientImpersonation().isImpersonationEnabled()) {
+                    ServiceProviderProperty isImpersonationEmailNotificationEnabled =
+                            buildIsImpersonationEmailNotificationEnabledProperty(application.getClientImpersonation());
+                    serviceProviderProperties.add(isImpersonationEmailNotificationEnabled);
+                }
+            }
+
             ServiceProviderProperty allowedRoleAudienceProperty = buildAllowedRoleAudienceProperty(application);
             serviceProviderProperties.add(allowedRoleAudienceProperty);
             application.setSpProperties(serviceProviderProperties.toArray(new ServiceProviderProperty[0]));
@@ -2185,6 +2202,13 @@ public ServiceProvider getApplication(int applicationId) throws IdentityApplicat
                         (getAndroidAttestationServiceCredentials(serviceProvider));
             }
             serviceProvider.setClientAttestationMetaData(clientAttestationMetaData);
+            ClientImpersonation clientImpersonation = new ClientImpersonation();
+            clientImpersonation.setImpersonationEnabled(getIsImpersonationEnabled(propertyList));
+            if (clientImpersonation.isImpersonationEnabled()) {
+                clientImpersonation.setImpersonationEmailNotificationEnabled
+                        (getIsImpersonationEmailNotificationEnabled(propertyList));
+            }
+            serviceProvider.setClientImpersonation(clientImpersonation);
             serviceProvider.setInboundAuthenticationConfig(getInboundAuthenticationConfig(
                     applicationId, connection, tenantID));
             serviceProvider
@@ -2390,6 +2414,27 @@ private boolean getIsB2BSSApp(List<ServiceProviderProperty> propertyList) {
         return Boolean.parseBoolean(value);
     }
 
+    private boolean getIsImpersonationEnabled(List<ServiceProviderProperty> propertyList) {
+
+        String value = propertyList.stream()
+                .filter(property -> IS_IMPERSONATION_ENABLED_PROPERTY_NAME.equals(property.getName()))
+                .findFirst()
+                .map(ServiceProviderProperty::getValue)
+                .orElse(StringUtils.EMPTY);
+        return Boolean.parseBoolean(value);
+    }
+
+    private boolean getIsImpersonationEmailNotificationEnabled(List<ServiceProviderProperty> propertyList) {
+
+        String value = propertyList.stream()
+                .filter(property -> IS_IMPERSONATION_EMAIL_NOTIFICATION_ENABLED_PROPERTY_NAME
+                        .equals(property.getName()))
+                .findFirst()
+                .map(ServiceProviderProperty::getValue)
+                .orElse(StringUtils.EMPTY);
+        return Boolean.parseBoolean(value);
+    }
+
     private boolean getIsAPIBasedAuthenticationEnabled(List<ServiceProviderProperty> propertyList) {
 
         String value = propertyList.stream()
@@ -5072,9 +5117,41 @@ private void updateConfigurationsAsServiceProperties(ServiceProvider sp)
             storeAndroidAttestationServiceCredentialAsSecret(sp);
         }
 
+        if (sp.getClientImpersonation() != null) {
+            ServiceProviderProperty isImpersonationEnabled =
+                    buildIsImpersonationEnabledProperty(sp.getClientImpersonation());
+            spPropertyMap.put(isImpersonationEnabled.getName(), isImpersonationEnabled);
+
+            if (sp.getClientImpersonation().isImpersonationEnabled()) {
+                ServiceProviderProperty isImpersonationEmailNotificationEnabled =
+                        buildIsImpersonationEmailNotificationEnabledProperty(sp.getClientImpersonation());
+                spPropertyMap.put(isImpersonationEmailNotificationEnabled.getName(),
+                        isImpersonationEmailNotificationEnabled);
+            }
+        }
+
         sp.setSpProperties(spPropertyMap.values().toArray(new ServiceProviderProperty[0]));
     }
 
+    private ServiceProviderProperty buildIsImpersonationEnabledProperty(ClientImpersonation clientImpersonation) {
+
+        ServiceProviderProperty isImpersonationEnabled = new ServiceProviderProperty();
+        isImpersonationEnabled.setName(IS_IMPERSONATION_ENABLED_PROPERTY_NAME);
+        isImpersonationEnabled.setDisplayName(IS_IMPERSONATION_ENABLED_DISPLAY_NAME);
+        isImpersonationEnabled.setValue(String.valueOf(clientImpersonation.isImpersonationEnabled()));
+        return isImpersonationEnabled;
+    }
+
+    private ServiceProviderProperty buildIsImpersonationEmailNotificationEnabledProperty
+            (ClientImpersonation clientImpersonation) {
+
+        ServiceProviderProperty property = new ServiceProviderProperty();
+        property.setName(IS_IMPERSONATION_EMAIL_NOTIFICATION_ENABLED_PROPERTY_NAME);
+        property.setDisplayName(IS_IMPERSONATION_EMAIL_NOTIFICATION_ENABLED_DISPLAY_NAME);
+        property.setValue(String.valueOf(clientImpersonation.isImpersonationEmailNotificationEnabled()));
+        return property;
+    }
+
     private ServiceProviderProperty buildIsAPIBasedAuthenticationEnabledProperty(ServiceProvider sp) {
 
         ServiceProviderProperty isAPIBasedAuthenticationEnabled = new ServiceProviderProperty();

diff --git a/...t/java/org/wso2/carbon/identity/application/mgt/ApplicationManagementServiceImplTest.java b/...t/java/org/wso2/carbon/identity/application/mgt/ApplicationManagementServiceImplTest.java
@@ -39,6 +39,7 @@
 import org.wso2.carbon.identity.application.common.model.ClaimConfig;
 import org.wso2.carbon.identity.application.common.model.ClaimMapping;
 import org.wso2.carbon.identity.application.common.model.ClientAttestationMetaData;
+import org.wso2.carbon.identity.application.common.model.ClientImpersonation;
 import org.wso2.carbon.identity.application.common.model.FederatedAuthenticatorConfig;
 import org.wso2.carbon.identity.application.common.model.IdentityProvider;
 import org.wso2.carbon.identity.application.common.model.InboundAuthenticationConfig;
@@ -999,6 +1000,62 @@ public void testAddApplicationWithAttestationData(boolean isAttestationEnabled,
                 REGISTRY_SYSTEM_USERNAME);
     }
 
+    @DataProvider(name = "testAddApplicationWithClientImpersonationData")
+    public Object[][] testAddApplicationWithClientImpersonationData() {
+
+
+        return new Object[][]{
+                {true, true},
+                {false, true},
+                {true, false},
+        };
+    }
+
+    @Test(dataProvider = "testAddApplicationWithClientImpersonationData")
+    public void testAddApplicationWithClientImpersonationData(boolean isImpersonationEnabled,
+                                                      boolean isEmailNotificationEnabled) throws Exception {
+
+        ServiceProvider inputSP = new ServiceProvider();
+        inputSP.setApplicationName(APPLICATION_NAME_1);
+
+        addApplicationConfigurations(inputSP);
+        ClientImpersonation clientImpersonation = new ClientImpersonation();
+        clientImpersonation.setImpersonationEnabled(isImpersonationEnabled);
+        clientImpersonation.setImpersonationEmailNotificationEnabled(isEmailNotificationEnabled);
+        inputSP.setClientImpersonation(clientImpersonation);
+
+        // Adding new application.
+        ServiceProvider addedSP = applicationManagementService.addApplication(inputSP, SUPER_TENANT_DOMAIN_NAME,
+                REGISTRY_SYSTEM_USERNAME);
+        Assert.assertEquals(addedSP.getClientImpersonation().isImpersonationEnabled(), isImpersonationEnabled);
+        Assert.assertEquals(addedSP.getClientImpersonation().isImpersonationEmailNotificationEnabled(),
+                isEmailNotificationEnabled);
+
+        //  Retrieving added application.
+        ServiceProvider retrievedSP = applicationManagementService.getApplicationExcludingFileBasedSPs
+                (inputSP.getApplicationName(), SUPER_TENANT_DOMAIN_NAME);
+        Assert.assertEquals(retrievedSP.getClientImpersonation().isImpersonationEnabled(), isImpersonationEnabled);
+        Assert.assertEquals(retrievedSP.getClientImpersonation().isImpersonationEmailNotificationEnabled(),
+                isImpersonationEnabled && isEmailNotificationEnabled);
+
+        // Updating the application by changing the isManagementApplication flag. It should be changed.
+        ClientImpersonation clientImpersonationUpdate = new ClientImpersonation();
+        clientImpersonationUpdate.setImpersonationEnabled(!isImpersonationEnabled);
+        clientImpersonationUpdate.setImpersonationEmailNotificationEnabled(!isEmailNotificationEnabled);
+        inputSP.setClientImpersonation(clientImpersonationUpdate);
+        applicationManagementService.updateApplication(inputSP, SUPER_TENANT_DOMAIN_NAME, REGISTRY_SYSTEM_USERNAME);
+
+        retrievedSP = applicationManagementService.getApplicationExcludingFileBasedSPs
+                (inputSP.getApplicationName(), SUPER_TENANT_DOMAIN_NAME);
+
+        Assert.assertEquals(retrievedSP.getClientImpersonation().isImpersonationEnabled(), !isImpersonationEnabled);
+        Assert.assertEquals(retrievedSP.getClientImpersonation().isImpersonationEmailNotificationEnabled(),
+                !(isImpersonationEnabled || isEmailNotificationEnabled));
+        // Deleting added application.
+        applicationManagementService.deleteApplication(inputSP.getApplicationName(), SUPER_TENANT_DOMAIN_NAME,
+                REGISTRY_SYSTEM_USERNAME);
+    }
+
     private void addApplicationConfigurations(ServiceProvider serviceProvider) {
 
         serviceProvider.setDescription("Created for testing");