Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix: SCIM error handling for group display name (fixes #20344) #557

Closed
wants to merge 6 commits into from
Closed

Fix: SCIM error handling for group display name (fixes #20344) #557

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
8388c51
Fix: SCIM error handling for group display name (fixes #20344)
Jun 28, 2024
9f11dc4
Fix SCIM error handling with generalized message for invalid request …
Jun 28, 2024
d18b5ae
Generalize SCIM error message for invalid request values (fixes #20334)
Jun 28, 2024
b974ba9
Fix SCIM error message for invalid request values in V1 and V2 Roles …
Jul 1, 2024
33c09b9
Refactor SCIM error handling to directly use error message string (fi…
Jul 1, 2024
0961878
Refactor prepareInitialGroupLists to use StringUtils for null and emp…
BimsaraBodaragama Jul 1, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
23 changes: 16 additions & 7 deletions ...cim2.common/src/main/java/org/wso2/carbon/identity/scim2/common/impl/SCIMRoleManager.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -771,21 +771,30 @@ private void updatePermissions(String roleId, List<PatchOperation> permissionOpe

private void prepareAddedRemovedGroupLists(Set<String> addedGroupsIds, Set<String> removedGroupsIds,
Set<String> replacedGroupsIds, PatchOperation groupOperation,
Map<String, String> groupObject, List<GroupBasicInfo> groupListOfRole) {
Map<String, String> groupObject, List<GroupBasicInfo> groupListOfRole)
throws BadRequestException {

String value = groupObject.get(SCIMConstants.CommonSchemaConstants.VALUE);

if (StringUtils.isBlank(value)) {
throw new BadRequestException(
"Updating groups of the role by display name is not supported. Update using group id instead.",
ResponseCodeConstants.INVALID_SYNTAX);
}

switch (groupOperation.getOperation()) {
case (SCIMConstants.OperationalConstants.ADD):
removedGroupsIds.remove(groupObject.get(SCIMConstants.CommonSchemaConstants.VALUE));
if (!isGroupExist(groupObject.get(SCIMConstants.CommonSchemaConstants.VALUE), groupListOfRole)) {
addedGroupsIds.add(groupObject.get(SCIMConstants.CommonSchemaConstants.VALUE));
removedGroupsIds.remove(value);
if (!isGroupExist(value, groupListOfRole)) {
addedGroupsIds.add(value);
}
break;
case (SCIMConstants.OperationalConstants.REMOVE):
addedGroupsIds.remove(groupObject.get(SCIMConstants.CommonSchemaConstants.VALUE));
removedGroupsIds.add(groupObject.get(SCIMConstants.CommonSchemaConstants.VALUE));
addedGroupsIds.remove(value);
removedGroupsIds.add(value);
break;
case (SCIMConstants.OperationalConstants.REPLACE):
replacedGroupsIds.add(groupObject.get(SCIMConstants.CommonSchemaConstants.VALUE));
replacedGroupsIds.add(value);
break;
}
}
Expand Down
22 changes: 15 additions & 7 deletions ...m2.common/src/main/java/org/wso2/carbon/identity/scim2/common/impl/SCIMRoleManagerV2.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1125,7 +1125,7 @@ private void doUpdateGroups(String roleId, Set<String> newGroupIDList, Set<Strin
new ArrayList<>(deleteGroupIDList), tenantDomain);
} catch (IdentityRoleManagementException e) {
if (RoleConstants.Error.INVALID_REQUEST.getCode().equals(e.getErrorCode())) {
throw new BadRequestException(e.getMessage());
throw new BadRequestException();
}
throw new CharonException(
String.format("Error occurred while updating groups in the role with ID: %s", roleId), e);
Expand Down Expand Up @@ -1214,19 +1214,27 @@ private List<String> getUserIDList(List<String> userList, String tenantDomain) t

private void prepareInitialGroupLists(Set<String> givenAddedGroupsIds, Set<String> givenRemovedGroupsIds,
Set<String> givenReplacedGroupsIds, PatchOperation groupOperation,
Map<String, String> groupObject) {
Map<String, String> groupObject) throws BadRequestException {

String value = groupObject.get(SCIMConstants.CommonSchemaConstants.VALUE);

if (StringUtils.isBlank(value)) {
throw new BadRequestException(
"Updating groups of the role by display name is not supported. Update using group id instead.",
ResponseCodeConstants.INVALID_SYNTAX);
}

switch (groupOperation.getOperation()) {
case (SCIMConstants.OperationalConstants.ADD):
givenRemovedGroupsIds.remove(groupObject.get(SCIMConstants.CommonSchemaConstants.VALUE));
givenAddedGroupsIds.add(groupObject.get(SCIMConstants.CommonSchemaConstants.VALUE));
givenRemovedGroupsIds.remove(value);
givenAddedGroupsIds.add(value);
break;
case (SCIMConstants.OperationalConstants.REMOVE):
givenAddedGroupsIds.remove(groupObject.get(SCIMConstants.CommonSchemaConstants.VALUE));
givenRemovedGroupsIds.add(groupObject.get(SCIMConstants.CommonSchemaConstants.VALUE));
givenAddedGroupsIds.remove(value);
givenRemovedGroupsIds.add(value);
break;
case (SCIMConstants.OperationalConstants.REPLACE):
givenReplacedGroupsIds.add(groupObject.get(SCIMConstants.CommonSchemaConstants.VALUE));
givenReplacedGroupsIds.add(value);
break;
default:
break;
Expand Down
Loading