Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix: SCIM error message for invalid request values in V1 and V2 Roles Remove-Add-Replace operations (fixes #20334) #559

Merged
merged 7 commits into from
Jul 5, 2024
Merged

Fix: SCIM error message for invalid request values in V1 and V2 Roles Remove-Add-Replace operations (fixes #20334) #559

Show file tree
Hide file tree
Changes from 2 commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
f8dc3cb
Fix SCIM error message for invalid request values in V1 and V2 Roles …
BimsaraBodaragama Jul 2, 2024
04d7b00
Update the licenses of SCIMRoleManagerV1 with the new header format f…
BimsaraBodaragama Jul 2, 2024
b10c883
Fix invalidValue code and update to generic error message for group I…
BimsaraBodaragama Jul 4, 2024
65b7b99
Test: Add testPatchRoleWithGroupDisplayNameInsteadOfGroupIdThrowingEr…
BimsaraBodaragama Jul 5, 2024
e15eeb8
refactor: instantiate SCIMRoleManagerV2 in tests
BimsaraBodaragama Jul 5, 2024
c8cf26b
refactor: remove SCIMRoleManagerV2 from @PrepareForTest
BimsaraBodaragama Jul 5, 2024
e97c090
fix: replace JUnit assertEquals with TestNG assertEquals
BimsaraBodaragama Jul 5, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
29 changes: 19 additions & 10 deletions ...cim2.common/src/main/java/org/wso2/carbon/identity/scim2/common/impl/SCIMRoleManager.java
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
/*
* Copyright (c) 2020, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
* Copyright (c) 2020-2024, WSO2 LLC. (http://www.wso2.com).
*
* WSO2 Inc. licenses this file to you under the Apache License,
* WSO2 LLC. licenses this file to you under the Apache License,
* Version 2.0 (the "License"); you may not use this file except
* in compliance with the License.
* You may obtain a copy of the License at
Expand All @@ -11,7 +11,7 @@
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
Expand Down Expand Up @@ -771,21 +771,30 @@ private void updatePermissions(String roleId, List<PatchOperation> permissionOpe

private void prepareAddedRemovedGroupLists(Set<String> addedGroupsIds, Set<String> removedGroupsIds,
Set<String> replacedGroupsIds, PatchOperation groupOperation,
Map<String, String> groupObject, List<GroupBasicInfo> groupListOfRole) {
Map<String, String> groupObject, List<GroupBasicInfo> groupListOfRole)
throws BadRequestException {

String value = groupObject.get(SCIMConstants.CommonSchemaConstants.VALUE);

if (StringUtils.isBlank(value)) {
throw new BadRequestException(
"Updating groups of the role by display name is not supported. Update using group id instead.",
BimsaraBodaragama marked this conversation as resolved.
Show resolved Hide resolved
ResponseCodeConstants.INVALID_SYNTAX);
BimsaraBodaragama marked this conversation as resolved.
Show resolved Hide resolved
}

switch (groupOperation.getOperation()) {
case (SCIMConstants.OperationalConstants.ADD):
removedGroupsIds.remove(groupObject.get(SCIMConstants.CommonSchemaConstants.VALUE));
if (!isGroupExist(groupObject.get(SCIMConstants.CommonSchemaConstants.VALUE), groupListOfRole)) {
addedGroupsIds.add(groupObject.get(SCIMConstants.CommonSchemaConstants.VALUE));
removedGroupsIds.remove(value);
if (!isGroupExist(value, groupListOfRole)) {
addedGroupsIds.add(value);
}
break;
case (SCIMConstants.OperationalConstants.REMOVE):
addedGroupsIds.remove(groupObject.get(SCIMConstants.CommonSchemaConstants.VALUE));
removedGroupsIds.add(groupObject.get(SCIMConstants.CommonSchemaConstants.VALUE));
addedGroupsIds.remove(value);
removedGroupsIds.add(value);
break;
case (SCIMConstants.OperationalConstants.REPLACE):
replacedGroupsIds.add(groupObject.get(SCIMConstants.CommonSchemaConstants.VALUE));
replacedGroupsIds.add(value);
break;
}
}
Expand Down
20 changes: 14 additions & 6 deletions ...m2.common/src/main/java/org/wso2/carbon/identity/scim2/common/impl/SCIMRoleManagerV2.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1214,19 +1214,27 @@ private List<String> getUserIDList(List<String> userList, String tenantDomain) t

private void prepareInitialGroupLists(Set<String> givenAddedGroupsIds, Set<String> givenRemovedGroupsIds,
Set<String> givenReplacedGroupsIds, PatchOperation groupOperation,
Map<String, String> groupObject) {
Map<String, String> groupObject) throws BadRequestException {

String value = groupObject.get(SCIMConstants.CommonSchemaConstants.VALUE);

if (StringUtils.isBlank(value)) {
throw new BadRequestException(
"Updating groups of the role by display name is not supported. Update using group id instead.",
ResponseCodeConstants.INVALID_SYNTAX);
}

switch (groupOperation.getOperation()) {
case (SCIMConstants.OperationalConstants.ADD):
givenRemovedGroupsIds.remove(groupObject.get(SCIMConstants.CommonSchemaConstants.VALUE));
givenAddedGroupsIds.add(groupObject.get(SCIMConstants.CommonSchemaConstants.VALUE));
givenRemovedGroupsIds.remove(value);
givenAddedGroupsIds.add(value);
break;
case (SCIMConstants.OperationalConstants.REMOVE):
givenAddedGroupsIds.remove(groupObject.get(SCIMConstants.CommonSchemaConstants.VALUE));
givenRemovedGroupsIds.add(groupObject.get(SCIMConstants.CommonSchemaConstants.VALUE));
givenAddedGroupsIds.remove(value);
givenRemovedGroupsIds.add(value);
break;
case (SCIMConstants.OperationalConstants.REPLACE):
givenReplacedGroupsIds.add(groupObject.get(SCIMConstants.CommonSchemaConstants.VALUE));
givenReplacedGroupsIds.add(value);
break;
default:
break;
Expand Down
Loading