feat(jans-config-api): remove session_id from API and use sid in API …

…instead (#9739)

* fix(config-api): asset mgt endpoint fixes

Signed-off-by: pujavs <[email protected]>

* feat(config-api): asset upload mgt ehancement and fido

Signed-off-by: pujavs <[email protected]>

* feat(config-api): asset upload mgt ehancement and fido

Signed-off-by: pujavs <[email protected]>

* feat(config-api): asset upload mgt ehancement and fido

Signed-off-by: pujavs <[email protected]>

* fix(config-api): asset upload

Signed-off-by: pujavs <[email protected]>

* fix(config-api): lock review comments

Signed-off-by: pujavs <[email protected]>

* feat(config-api): lock code review comments

Signed-off-by: pujavs <[email protected]>

* feat(config-api): lock master renamed to lock server

Signed-off-by: pujavs <[email protected]>

* feat(config-api): lock master renamed to lock server

Signed-off-by: pujavs <[email protected]>

* feat(config-api): lock master renamed to lock server

Signed-off-by: pujavs <[email protected]>

* feat(config-api): lock master renamed to lock server

Signed-off-by: pujavs <[email protected]>

* feat(config-api): fido2 delete functionality

Signed-off-by: pujavs <[email protected]>

* fix(config-api): acr validation

Signed-off-by: pujavs <[email protected]>

* feat(config-api): doc(config-api): IDP schema attribute descriptions #9187

Signed-off-by: pujavs <[email protected]>

* feat(config-api): sync with main

Signed-off-by: pujavs <[email protected]>

* feat(config-api): uploading assets via API generates 2 entries #9178

Signed-off-by: pujavs <[email protected]>

* feat(config-api): asset mgt, fido and IDP changes

Signed-off-by: pujavs <[email protected]>

* feat(config-api): fido2 device endpoint

Signed-off-by: pujavs <[email protected]>

* feat(config-api): fido2 endpoint

Signed-off-by: pujavs <[email protected]>

* feat(config-api): fido2 endpoint

Signed-off-by: pujavs <[email protected]>

* feat(config-api): sync with main

Signed-off-by: pujavs <[email protected]>

* feat(config-api): sync with main

Signed-off-by: pujavs <[email protected]>

* feat(config-api): sync with main

Signed-off-by: pujavs <[email protected]>

* feat(config-api): resolved sonar review issues

Signed-off-by: pujavs <[email protected]>

* feat(config-api): sonar review comment fix

Signed-off-by: pujavs <[email protected]>

* feat(config-api): swagger spec

Signed-off-by: pujavs <[email protected]>

* feat(config-api): saml config attribute description

Signed-off-by: pujavs <[email protected]>

* doc(config-api): added SAML attribute description

Signed-off-by: pujavs <[email protected]>

* doc(config-api): added SAML attribute description

Signed-off-by: pujavs <[email protected]>

* feat(config-api): sync with main

Signed-off-by: pujavs <[email protected]>

* fix(jans-lock): code review comment fix isssue#9305

Signed-off-by: pujavs <[email protected]>

* fix(jans-lock): code review comment fix isssue#9305

Signed-off-by: pujavs <[email protected]>

* feat(config-api): lock review point

Signed-off-by: pujavs <[email protected]>

* fix(lock): code review comment

Signed-off-by: pujavs <[email protected]>

* fix(lock): code review comment

Signed-off-by: pujavs <[email protected]>

* fix(config-api): sync with main

Signed-off-by: pujavs <[email protected]>

* feat(config-api): lock endpoint fixes and SAML IDP NPE

Signed-off-by: pujavs <[email protected]>

* feat(config-api): asset enhancement

Signed-off-by: pujavs <[email protected]>

* feat(config-api): implement timer for asset mgt to fetch and deploy assets forconfig-api #9403

Signed-off-by: pujavs <[email protected]>

* fix(config-api): scope validation issue #9426

Signed-off-by: pujavs <[email protected]>

* fix(config-api): asset delete error fix

Signed-off-by: pujavs <[email protected]>

* feat(config-api): sysnc with main

Signed-off-by: pujavs <[email protected]>

* fix(config-ap): lock audit endpoint parameter declaration error#9460

Signed-off-by: pujavs <[email protected]>

* feat(config-api): client token functionality

Signed-off-by: pujavs <[email protected]>

* fix(Config-api): lock audit endpoint path param rectification

Signed-off-by: pujavs <[email protected]>

* feat(config-api): clint token endpoint - wip

Signed-off-by: pujavs <[email protected]>

* feat(config-api): clint token endpoint

Signed-off-by: pujavs <[email protected]>

* feat(config-api): client token endpoint

Signed-off-by: pujavs <[email protected]>

* feat(config-api): client token endpoint

Signed-off-by: pujavs <[email protected]>

* feat(config-api): token endpoint

Signed-off-by: pujavs <[email protected]>

* feat(config-api): token endpoint

Signed-off-by: pujavs <[email protected]>

* feat(config-api): token endpoint

Signed-off-by: pujavs <[email protected]>

* feat(config-api): session ednpoint wip

Signed-off-by: pujavs <[email protected]>

* feat(config-api): session ednpoint wip

Signed-off-by: pujavs <[email protected]>

* feat(config-api): session and token endpoint

Signed-off-by: pujavs <[email protected]>

* feat(config-api): session endpoint

Signed-off-by: pujavs <[email protected]>

* feat(config-api): session endpoint

Signed-off-by: pujavs <[email protected]>

* feat(config-api): session and fido2 endpoint

Signed-off-by: pujavs <[email protected]>

* test(config-api): marked session failing test case

Signed-off-by: pujavs <[email protected]>

* feat(config-api): asset mgt dir mapping changes wip

Signed-off-by: pujavs <[email protected]>

* feat(config-api): asset mgt dir changes

Signed-off-by: pujavs <[email protected]>

* feat(config-api): asset mgt changes for dir

Signed-off-by: pujavs <[email protected]>

* feat(config-api): asset mgt endpoint -wip

Signed-off-by: pujavs <[email protected]>

* feat(config-api): asset mgt endpoint

Signed-off-by: pujavs <[email protected]>

* feat(config-api): custom asset mgt wip

Signed-off-by: pujavs <[email protected]>

* feat(config-api): custom asset mgt

Signed-off-by: pujavs <[email protected]>

* feat(config-api): custom asset mgt

Signed-off-by: pujavs <[email protected]>

* feat(config-api): session endpoint changes to remove sessionId

Signed-off-by: pujavs <[email protected]>

* feat(config-api) session endpoint changes to hide id

Signed-off-by: pujavs <[email protected]>

* feat(config-api) session endpoint changes to hide id

Signed-off-by: pujavs <[email protected]>

* feat(config-api): session endpoint mgt

Signed-off-by: pujavs <[email protected]>

* feat(config-api): session enhancement for removing id

Signed-off-by: pujavs <[email protected]>

* feat(config-api): session endpoint changes to remove session id

Signed-off-by: pujavs <[email protected]>

* feat(config-api): session endpoint changes to remove session id

Signed-off-by: pujavs <[email protected]>

* feat(config-api): session endpoint changes to remove session id

Signed-off-by: pujavs <[email protected]>

* feat(config-api): session endpoint changes to remove session id

Signed-off-by: pujavs <[email protected]>

---------

Signed-off-by: pujavs <[email protected]>
Co-authored-by: YuriyZ <[email protected]>
Former-commit-id: 8a81082

jans-config-api/common/src/main/java/io/jans/configapi/util/ApiConstants.java

@@ -89,6 +89,7 @@ private ApiConstants() {}
     public static final String SERVICE = "/service";
     public static final String SEARCH = "/search";
     public static final String JANSID_PATH = "/id";
+    public static final String SID_PATH = "/sid";
 
     public static final String APP_VERSION = "/app-version";
     public static final String SERVER_STAT = "/server-stat";
@@ -113,6 +114,7 @@ private ApiConstants() {}
     public static final String TOKEN_CODE_PATH = "/tknCde";
     public static final String JANSID_PATH_PARAM = "/{jansId}";
     public static final String TOKEN_CODE_PATH_PARAM = "/{tknCde}";
+    public static final String SID_PATH_PARAM = "/{sid}";
 
     public static final String USERID = "userId";
     public static final String USERNAME = "username";
@@ -123,6 +125,7 @@ private ApiConstants() {}
     public static final String STATUS = "status";
     public static final String INUM = "inum";
     public static final String JANSID = "jansId";
+    public static final String SID = "sid";
     public static final String JANS_USR_DN = "jansUsrDN";
     public static final String ID = "id";
     public static final String SCOPE_INUM = "scope_inum";

jans-config-api/docs/jans-config-api-swagger.yaml

@@ -7543,17 +7543,17 @@ paths:
       security:
       - oauth2:
         - https://jans.io/oauth/config/scopes.readonly
-  /api/v1/jans-auth-server/session/id/{jansId}:
+  /api/v1/jans-auth-server/session/sid/{sid}:
     get:
       tags:
       - Auth - Session Management
       summary: Get session by id.
       description: Get session by id.
       operationId: get-session-by-id
       parameters:
-      - name: jansId
+      - name: sid
         in: path
-        description: Session Unique identifier.
+        description: Session identifier.
         required: true
         schema:
           type: string
@@ -7585,15 +7585,15 @@ paths:
       description: Delete a session.
       operationId: delete-session
       parameters:
-      - name: jansId
+      - name: sid
         in: path
-        description: Session Unique identifier.
+        description: Session identifier.
         required: true
         schema:
           type: string
       responses:
-        "200":
-          description: Ok
+        "204":
+          description: No Content
         "401":
           description: Unauthorized
         "404":
@@ -7619,8 +7619,8 @@ paths:
         schema:
           type: string
       responses:
-        "200":
-          description: Ok
+        "204":
+          description: No Content
         "401":
           description: Unauthorized
         "404":
@@ -9215,19 +9215,19 @@ components:
           type: string
         selected:
           type: boolean
-        whitePagesCanView:
-          type: boolean
         adminCanView:
           type: boolean
         userCanView:
           type: boolean
+        adminCanEdit:
+          type: boolean
         userCanEdit:
           type: boolean
-        adminCanEdit:
+        adminCanAccess:
           type: boolean
         userCanAccess:
           type: boolean
-        adminCanAccess:
+        whitePagesCanView:
           type: boolean
         baseDn:
           type: string
@@ -10076,8 +10076,6 @@ components:
           type: boolean
         lockMessageConfig:
           $ref: '#/components/schemas/LockMessageConfig'
-        fapi:
-          type: boolean
         allResponseTypesSupported:
           uniqueItems: true
           type: array
@@ -10087,6 +10085,8 @@ components:
             - code
             - token
             - id_token
+        fapi:
+          type: boolean
     AuthenticationFilter:
       required:
       - baseDn
@@ -11194,14 +11194,14 @@ components:
           type: boolean
         internal:
           type: boolean
+        locationPath:
+          type: string
         locationType:
           type: string
           enum:
           - ldap
           - db
           - file
-        locationPath:
-          type: string
         baseDn:
           type: string
     ScriptError:
@@ -11630,10 +11630,10 @@ components:
         ttl:
           type: integer
           format: int32
-        opbrowserState:
-          type: string
         persisted:
           type: boolean
+        opbrowserState:
+          type: string
     SessionIdAccessMap:
       type: object
       properties:

jans-config-api/plugins/fido2-plugin/src/main/java/io/jans/configapi/plugin/fido2/rest/Fido2RegistrationResource.java

@@ -116,6 +116,7 @@ public Response findAllRegisteredByUsername(
             @Parameter(description = "User name") @PathParam("username") @NotNull String username) {
         logger.info("FIDO2 registration entries by username.");
         List<Fido2RegistrationEntry> entries = fido2RegistrationService.findAllRegisteredByUsername(username);
+        logger.info("FIDO2 registration entries by entries:{}", entries);
         return Response.ok(entries).build();
     }
 

jans-config-api/plugins/fido2-plugin/src/main/java/io/jans/configapi/plugin/fido2/service/Fido2RegistrationService.java

@@ -79,14 +79,14 @@ public Fido2RegistrationEntry getFido2RegistrationEntryById(String id) {
     }
 
     public PagedResult<Fido2RegistrationEntry> searchFido2Registration(SearchRequest searchRequest) {
-        log.info("Search Fido2Registration with searchRequest:{}", searchRequest);
+        log.info("**** Search Fido2Registration with searchRequest:{}", searchRequest);
 
         Filter searchFilter = null;
         List<Filter> filters = new ArrayList<>();
         if (searchRequest.getFilterAssertionValue() != null && !searchRequest.getFilterAssertionValue().isEmpty()) {
 
             for (String assertionValue : searchRequest.getFilterAssertionValue()) {
-                log.info("Search Fido2Registration with assertionValue:{}", assertionValue);
+                log.debug(" **** Search Fido2Registration with assertionValue:{}", assertionValue);
                 if (StringUtils.isNotBlank(assertionValue)) {
                     String[] targetArray = new String[] { assertionValue };
 
@@ -107,7 +107,7 @@ public PagedResult<Fido2RegistrationEntry> searchFido2Registration(SearchRequest
             searchFilter = Filter.createORFilter(filters);
         }
 
-        log.debug("Fido2Registration pattern searchFilter:{}", searchFilter);
+        log.debug("\n\n\n Fido2Registration pattern searchFilter:{}", searchFilter);
 
         List<Filter> fieldValueFilters = new ArrayList<>();
         if (searchRequest.getFieldValueMap() != null && !searchRequest.getFieldValueMap().isEmpty()) {
@@ -116,11 +116,18 @@ public PagedResult<Fido2RegistrationEntry> searchFido2Registration(SearchRequest
                 log.trace("Fido2Registration dataFilter:{}", dataFilter);
                 fieldValueFilters.add(Filter.createANDFilter(dataFilter));
             }
-            searchFilter = Filter.createANDFilter(Filter.createORFilter(filters),
-                    Filter.createANDFilter(fieldValueFilters));
+
+            if(!filters.isEmpty()) {
+                searchFilter = Filter.createANDFilter(Filter.createORFilter(filters),
+                        Filter.createANDFilter(fieldValueFilters));
+            }
+            else {
+                searchFilter = Filter.createANDFilter(fieldValueFilters);
+            }
+
         }
 
-        log.debug("Fido2Registration searchFilter:{}", searchFilter);
+        log.debug(" Final - Fido2Registration searchFilter:{}", searchFilter);
 
         return persistenceEntryManager.findPagedEntries(getDnFido2RegistrationEntry(null), Fido2RegistrationEntry.class,
                 searchFilter, null, searchRequest.getSortBy(), SortOrder.getByValue(searchRequest.getSortOrder()),
@@ -140,14 +147,14 @@ public List<Fido2RegistrationEntry> findAllRegisteredByUsername(String username)
         }
 
         String baseDn = getBaseDnForFido2RegistrationEntries(userInum);
-        log.info("Find Fido2 Registered by baseDn:{}", baseDn);
+        log.debug("Find Fido2 Registered by baseDn:{}", baseDn);
         if (persistenceEntryManager.hasBranchesSupport(baseDn) && !containsBranch(baseDn)) {
             return Collections.emptyList();
         }
 
         Filter registeredFilter = Filter.createEqualityFilter("jansStatus",
                 Fido2RegistrationStatus.registered.getValue());
-
+        log.info("Find Fido2 Registered by registeredFilter:{}", registeredFilter);
         return persistenceEntryManager.findEntries(baseDn, Fido2RegistrationEntry.class, registeredFilter);
     }
 

jans-config-api/server/src/main/java/io/jans/configapi/rest/resource/auth/SessionResource.java

@@ -110,22 +110,22 @@ public Response searchSessionEntries(
     @GET
     @ProtectedApi(scopes = { ApiAccessConstants.JANS_AUTH_SESSION_READ_ACCESS }, groupScopes = {}, superScopes = {
             ApiAccessConstants.SUPER_ADMIN_READ_ACCESS })
-    @Path(ApiConstants.JANSID_PATH + ApiConstants.JANSID_PATH_PARAM)
+    @Path(ApiConstants.SID_PATH + ApiConstants.SID_PATH_PARAM)
     public Response getSessionById(
-            @Parameter(description = "Session Unique identifier.") @PathParam(ApiConstants.JANSID) @NotNull String jansId) {
+            @Parameter(description = "Session identifier.") @PathParam(ApiConstants.SID) @NotNull String sid) {
         if (logger.isInfoEnabled()) {
-            logger.info("Delete session identified by jansId:{}", escapeLog(jansId));
+            logger.info("Delete session identified by sid:{}", escapeLog(sid));
         }
-        checkResourceNotNull(jansId, ApiConstants.JANSID);
-        final SessionId session = sessionService.getSessionById(jansId);
+        checkResourceNotNull(sid, ApiConstants.SID);
+        final SessionId session = sessionService.getSessionBySid(sid);
         logger.debug("session:{}", session);
         return Response.ok(session).build();
     }
 
     @Operation(summary = "Revoke all sessions by userDn", description = "Revoke all sessions by userDn", operationId = "revoke-user-session", tags = {
             "Auth - Session Management" }, security = @SecurityRequirement(name = "oauth2", scopes = {
                     ApiAccessConstants.JANS_AUTH_SESSION_DELETE_ACCESS, ApiAccessConstants.JANS_AUTH_REVOKE_SESSION }))
-    @ApiResponses(value = { @ApiResponse(responseCode = "200", description = "Ok"),
+    @ApiResponses(value = { @ApiResponse(responseCode = "204", description = "No Content"),
             @ApiResponse(responseCode = "401", description = "Unauthorized"),
             @ApiResponse(responseCode = "404", description = "Not Found"),
             @ApiResponse(responseCode = "500", description = "InternalServerError") })
@@ -147,23 +147,23 @@ public Response deleteUsersSession(
     @Operation(summary = "Delete a session.", description = "Delete a session.", operationId = "delete-session", tags = {
             "Auth - Session Management" }, security = @SecurityRequirement(name = "oauth2", scopes = {
                     ApiAccessConstants.JANS_AUTH_SESSION_DELETE_ACCESS, ApiAccessConstants.JANS_AUTH_REVOKE_SESSION }))
-    @ApiResponses(value = { @ApiResponse(responseCode = "200", description = "Ok"),
+    @ApiResponses(value = { @ApiResponse(responseCode = "204", description = "No Content"),
             @ApiResponse(responseCode = "401", description = "Unauthorized"),
             @ApiResponse(responseCode = "404", description = "Not Found"),
             @ApiResponse(responseCode = "500", description = "InternalServerError") })
     @DELETE
     @ProtectedApi(scopes = { ApiAccessConstants.JANS_AUTH_SESSION_DELETE_ACCESS,
             ApiAccessConstants.JANS_AUTH_REVOKE_SESSION }, groupScopes = {}, superScopes = {
                     ApiAccessConstants.SUPER_ADMIN_DELETE_ACCESS })
-    @Path(ApiConstants.JANSID_PATH + ApiConstants.JANSID_PATH_PARAM)
-    public Response deleteSessionById(
-            @Parameter(description = "Session Unique identifier.") @PathParam(ApiConstants.JANSID) @NotNull String jansId) {
+    @Path(ApiConstants.SID_PATH + ApiConstants.SID_PATH_PARAM)
+    public Response deleteSessionBySid(
+            @Parameter(description = "Session identifier.") @PathParam(ApiConstants.SID) @NotNull String sid) {
         if (logger.isInfoEnabled()) {
-            logger.info("Delete session identified by jansId:{}", escapeLog(jansId));
+            logger.info("Delete session identified by sid:{}", escapeLog(sid));
         }
-        checkResourceNotNull(jansId, ApiConstants.JANSID);
+        checkResourceNotNull(sid, ApiConstants.SID);
 
-        sessionService.revokeSessionById(jansId);
+        sessionService.revokeSessionBySid(sid);
         return Response.ok().build();
     }