feat(config-api): session and token search enhancement (#9844)

* fix(config-api): asset mgt endpoint fixes Signed-off-by: pujavs <[email protected]> * feat(config-api): asset upload mgt ehancement and fido Signed-off-by: pujavs <[email protected]> * feat(config-api): asset upload mgt ehancement and fido Signed-off-by: pujavs <[email protected]> * feat(config-api): asset upload mgt ehancement and fido Signed-off-by: pujavs <[email protected]> * fix(config-api): asset upload Signed-off-by: pujavs <[email protected]> * fix(config-api): lock review comments Signed-off-by: pujavs <[email protected]> * feat(config-api): lock code review comments Signed-off-by: pujavs <[email protected]> * feat(config-api): lock master renamed to lock server Signed-off-by: pujavs <[email protected]> * feat(config-api): lock master renamed to lock server Signed-off-by: pujavs <[email protected]> * feat(config-api): lock master renamed to lock server Signed-off-by: pujavs <[email protected]> * feat(config-api): lock master renamed to lock server Signed-off-by: pujavs <[email protected]> * feat(config-api): fido2 delete functionality Signed-off-by: pujavs <[email protected]> * fix(config-api): acr validation Signed-off-by: pujavs <[email protected]> * feat(config-api): doc(config-api): IDP schema attribute descriptions #9187 Signed-off-by: pujavs <[email protected]> * feat(config-api): sync with main Signed-off-by: pujavs <[email protected]> * feat(config-api): uploading assets via API generates 2 entries #9178 Signed-off-by: pujavs <[email protected]> * feat(config-api): asset mgt, fido and IDP changes Signed-off-by: pujavs <[email protected]> * feat(config-api): fido2 device endpoint Signed-off-by: pujavs <[email protected]> * feat(config-api): fido2 endpoint Signed-off-by: pujavs <[email protected]> * feat(config-api): fido2 endpoint Signed-off-by: pujavs <[email protected]> * feat(config-api): sync with main Signed-off-by: pujavs <[email protected]> * feat(config-api): sync with main Signed-off-by: pujavs <[email protected]> * feat(config-api): sync with main Signed-off-by: pujavs <[email protected]> * feat(config-api): resolved sonar review issues Signed-off-by: pujavs <[email protected]> * feat(config-api): sonar review comment fix Signed-off-by: pujavs <[email protected]> * feat(config-api): swagger spec Signed-off-by: pujavs <[email protected]> * feat(config-api): saml config attribute description Signed-off-by: pujavs <[email protected]> * doc(config-api): added SAML attribute description Signed-off-by: pujavs <[email protected]> * doc(config-api): added SAML attribute description Signed-off-by: pujavs <[email protected]> * feat(config-api): sync with main Signed-off-by: pujavs <[email protected]> * fix(jans-lock): code review comment fix isssue#9305 Signed-off-by: pujavs <[email protected]> * fix(jans-lock): code review comment fix isssue#9305 Signed-off-by: pujavs <[email protected]> * feat(config-api): lock review point Signed-off-by: pujavs <[email protected]> * fix(lock): code review comment Signed-off-by: pujavs <[email protected]> * fix(lock): code review comment Signed-off-by: pujavs <[email protected]> * fix(config-api): sync with main Signed-off-by: pujavs <[email protected]> * feat(config-api): lock endpoint fixes and SAML IDP NPE Signed-off-by: pujavs <[email protected]> * feat(config-api): asset enhancement Signed-off-by: pujavs <[email protected]> * feat(config-api): implement timer for asset mgt to fetch and deploy assets forconfig-api #9403 Signed-off-by: pujavs <[email protected]> * fix(config-api): scope validation issue #9426 Signed-off-by: pujavs <[email protected]> * fix(config-api): asset delete error fix Signed-off-by: pujavs <[email protected]> * feat(config-api): sysnc with main Signed-off-by: pujavs <[email protected]> * fix(config-ap): lock audit endpoint parameter declaration error#9460 Signed-off-by: pujavs <[email protected]> * feat(config-api): client token functionality Signed-off-by: pujavs <[email protected]> * fix(Config-api): lock audit endpoint path param rectification Signed-off-by: pujavs <[email protected]> * feat(config-api): clint token endpoint - wip Signed-off-by: pujavs <[email protected]> * feat(config-api): clint token endpoint Signed-off-by: pujavs <[email protected]> * feat(config-api): client token endpoint Signed-off-by: pujavs <[email protected]> * feat(config-api): client token endpoint Signed-off-by: pujavs <[email protected]> * feat(config-api): token endpoint Signed-off-by: pujavs <[email protected]> * feat(config-api): token endpoint Signed-off-by: pujavs <[email protected]> * feat(config-api): token endpoint Signed-off-by: pujavs <[email protected]> * feat(config-api): session ednpoint wip Signed-off-by: pujavs <[email protected]> * feat(config-api): session ednpoint wip Signed-off-by: pujavs <[email protected]> * feat(config-api): session and token endpoint Signed-off-by: pujavs <[email protected]> * feat(config-api): session endpoint Signed-off-by: pujavs <[email protected]> * feat(config-api): session endpoint Signed-off-by: pujavs <[email protected]> * feat(config-api): session and fido2 endpoint Signed-off-by: pujavs <[email protected]> * test(config-api): marked session failing test case Signed-off-by: pujavs <[email protected]> * feat(config-api): asset mgt dir mapping changes wip Signed-off-by: pujavs <[email protected]> * feat(config-api): asset mgt dir changes Signed-off-by: pujavs <[email protected]> * feat(config-api): asset mgt changes for dir Signed-off-by: pujavs <[email protected]> * feat(config-api): asset mgt endpoint -wip Signed-off-by: pujavs <[email protected]> * feat(config-api): asset mgt endpoint Signed-off-by: pujavs <[email protected]> * feat(config-api): custom asset mgt wip Signed-off-by: pujavs <[email protected]> * feat(config-api): custom asset mgt Signed-off-by: pujavs <[email protected]> * feat(config-api): custom asset mgt Signed-off-by: pujavs <[email protected]> * feat(config-api): session endpoint changes to remove sessionId Signed-off-by: pujavs <[email protected]> * feat(config-api) session endpoint changes to hide id Signed-off-by: pujavs <[email protected]> * feat(config-api) session endpoint changes to hide id Signed-off-by: pujavs <[email protected]> * feat(config-api): session endpoint mgt Signed-off-by: pujavs <[email protected]> * feat(config-api): session enhancement for removing id Signed-off-by: pujavs <[email protected]> * feat(config-api): session endpoint changes to remove session id Signed-off-by: pujavs <[email protected]> * feat(config-api): session endpoint changes to remove session id Signed-off-by: pujavs <[email protected]> * feat(config-api): session endpoint changes to remove session id Signed-off-by: pujavs <[email protected]> * feat(config-api): session endpoint changes to remove session id Signed-off-by: pujavs <[email protected]> * feat(config-api): search fieldValuePair enhancement Signed-off-by: pujavs <[email protected]> * feat(config-api): search fieldValuePair enhancement Signed-off-by: pujavs <[email protected]> * feat(config-api): session field filter enhancement - wip Signed-off-by: pujavs <[email protected]> * feat(config-api): session field search enhancement wip Signed-off-by: pujavs <[email protected]> * feat(config-api): session endpoint search enhancemnt Signed-off-by: pujavs <[email protected]> * feat(config-api): session endpoint search enhancemnt Signed-off-by: pujavs <[email protected]> * feat(config-api): session endpoint search enhancement Signed-off-by: pujavs <[email protected]> * feat(config-api): session and token endpoint enhacement Signed-off-by: pujavs <[email protected]> * feat(config-api): session and token search enhancement Signed-off-by: pujavs <[email protected]> --------- Signed-off-by: pujavs <[email protected]> Co-authored-by: YuriyZ <[email protected]> Co-authored-by: Yuriy Movchan <[email protected]> Former-commit-id: c20ae82
JanssenProject · Oct 18, 2024 · d1dd7e8 · d1dd7e8
1 parent 1624d19
commit d1dd7e8
Show file tree

Hide file tree

Showing 10 changed files with 588 additions and 124 deletions.
diff --git a/jans-config-api/docs/jans-config-api-swagger.yaml b/jans-config-api/docs/jans-config-api-swagger.yaml
@@ -9215,13 +9215,13 @@ components:
           type: string
         selected:
           type: boolean
-        adminCanView:
-          type: boolean
-        userCanView:
+        userCanEdit:
           type: boolean
         adminCanEdit:
           type: boolean
-        userCanEdit:
+        adminCanView:
+          type: boolean
+        userCanView:
           type: boolean
         adminCanAccess:
           type: boolean
@@ -10076,6 +10076,8 @@ components:
           type: boolean
         lockMessageConfig:
           $ref: '#/components/schemas/LockMessageConfig'
+        fapi:
+          type: boolean
         allResponseTypesSupported:
           uniqueItems: true
           type: array
@@ -10085,8 +10087,6 @@ components:
             - code
             - token
             - id_token
-        fapi:
-          type: boolean
     AuthenticationFilter:
       required:
       - baseDn
@@ -11194,14 +11194,14 @@ components:
           type: boolean
         internal:
           type: boolean
-        locationPath:
-          type: string
         locationType:
           type: string
           enum:
           - ldap
           - db
           - file
+        locationPath:
+          type: string
         baseDn:
           type: string
     ScriptError:
@@ -11630,10 +11630,10 @@ components:
         ttl:
           type: integer
           format: int32
-        persisted:
-          type: boolean
         opbrowserState:
           type: string
+        persisted:
+          type: boolean
     SessionIdAccessMap:
       type: object
       properties:

diff --git a/...plugin/src/main/java/io/jans/configapi/plugin/fido2/service/Fido2RegistrationService.java b/...plugin/src/main/java/io/jans/configapi/plugin/fido2/service/Fido2RegistrationService.java
@@ -10,6 +10,7 @@
 import io.jans.as.common.service.OrganizationService;
 import io.jans.as.model.config.StaticConfiguration;
 import io.jans.configapi.configuration.ConfigurationFactory;
+import io.jans.configapi.core.util.DataUtil;
 import io.jans.configapi.util.ApiConstants;
 import io.jans.model.SearchRequest;
 import io.jans.orm.PersistenceEntryManager;
@@ -32,7 +33,6 @@
 import java.util.ArrayList;
 import java.util.Collections;
 import java.util.List;
-import java.util.Map;
 
 /**
  * @author Yuriy Movchan
@@ -86,48 +86,38 @@ public PagedResult<Fido2RegistrationEntry> searchFido2Registration(SearchRequest
         if (searchRequest.getFilterAssertionValue() != null && !searchRequest.getFilterAssertionValue().isEmpty()) {
 
             for (String assertionValue : searchRequest.getFilterAssertionValue()) {
-                log.debug(" **** Search Fido2Registration with assertionValue:{}", assertionValue);
-                if (StringUtils.isNotBlank(assertionValue)) {
-                    String[] targetArray = new String[] { assertionValue };
-
-                    Filter displayNameFilter = Filter.createSubstringFilter("displayName", null, targetArray, null);
-                    Filter descriptionFilter = Filter.createSubstringFilter("jansRegistrationData", null, targetArray,
-                            null);
-                    Filter statusFilter = Filter.createSubstringFilter("jansStatus", null, targetArray, null);
-                    Filter notificationConfFilter = Filter.createSubstringFilter("jansDeviceNotificationConf", null,
-                            targetArray, null);
-                    Filter deviceDataFilter = Filter.createSubstringFilter("jansDeviceData", null, targetArray, null);
-                    Filter personInumFilter = Filter.createSubstringFilter("personInum", null, targetArray, null);
-                    Filter inumFilter = Filter.createSubstringFilter("jansId", null, targetArray, null);
-
-                    filters.add(Filter.createORFilter(displayNameFilter, descriptionFilter, statusFilter,
-                            notificationConfFilter, deviceDataFilter, personInumFilter, inumFilter));
-                }
+                log.info(" **** Search Fido2Registration with assertionValue:{}", assertionValue);
+
+                String[] targetArray = new String[] { assertionValue };
+
+                Filter displayNameFilter = Filter.createSubstringFilter("displayName", null, targetArray, null);
+                Filter descriptionFilter = Filter.createSubstringFilter("jansRegistrationData", null, targetArray,
+                        null);
+                Filter statusFilter = Filter.createSubstringFilter("jansStatus", null, targetArray, null);
+                Filter notificationConfFilter = Filter.createSubstringFilter("jansDeviceNotificationConf", null,
+                        targetArray, null);
+                Filter deviceDataFilter = Filter.createSubstringFilter("jansDeviceData", null, targetArray, null);
+                Filter personInumFilter = Filter.createSubstringFilter("personInum", null, targetArray, null);
+                Filter inumFilter = Filter.createSubstringFilter("jansId", null, targetArray, null);
+
+                filters.add(Filter.createORFilter(displayNameFilter, descriptionFilter, statusFilter,
+                        notificationConfFilter, deviceDataFilter, personInumFilter, inumFilter));
+
             }
             searchFilter = Filter.createORFilter(filters);
         }
 
-        log.debug("\n\n\n Fido2Registration pattern searchFilter:{}", searchFilter);
+        log.debug("Fido2Registration pattern searchFilter:{}", searchFilter);
 
         List<Filter> fieldValueFilters = new ArrayList<>();
-        if (searchRequest.getFieldValueMap() != null && !searchRequest.getFieldValueMap().isEmpty()) {
-            for (Map.Entry<String, String> entry : searchRequest.getFieldValueMap().entrySet()) {
-                Filter dataFilter = Filter.createEqualityFilter(entry.getKey(), entry.getValue());
-                log.trace("Fido2Registration dataFilter:{}", dataFilter);
-                fieldValueFilters.add(Filter.createANDFilter(dataFilter));
-            }
-
-            if(!filters.isEmpty()) {
-                searchFilter = Filter.createANDFilter(Filter.createORFilter(filters),
-                        Filter.createANDFilter(fieldValueFilters));
-            }
-            else {
-                searchFilter = Filter.createANDFilter(fieldValueFilters);
-            }
-
+        if (searchRequest.getFieldFilterData() != null && !searchRequest.getFieldFilterData().isEmpty()) {
+            fieldValueFilters = DataUtil.createFilter(searchRequest.getFieldFilterData(),
+                    getDnFido2RegistrationEntry(null), persistenceEntryManager);
         }
 
-        log.debug(" Final - Fido2Registration searchFilter:{}", searchFilter);
+        fieldValueFilters.add(Filter.createORFilter(filters));
+
+        log.info(" Final - Fido2Registration searchFilter:{}", searchFilter);
 
         return persistenceEntryManager.findPagedEntries(getDnFido2RegistrationEntry(null), Fido2RegistrationEntry.class,
                 searchFilter, null, searchRequest.getSortBy(), SortOrder.getByValue(searchRequest.getSortOrder()),
@@ -147,15 +137,16 @@ public List<Fido2RegistrationEntry> findAllRegisteredByUsername(String username)
         }
 
         String baseDn = getBaseDnForFido2RegistrationEntries(userInum);
-        log.debug("Find Fido2 Registered by baseDn:{}", baseDn);
+        log.info("Find Fido2 Registered by baseDn:{}", baseDn);
         if (persistenceEntryManager.hasBranchesSupport(baseDn) && !containsBranch(baseDn)) {
             return Collections.emptyList();
         }
 
-        Filter registeredFilter = Filter.createEqualityFilter("jansStatus",
-                Fido2RegistrationStatus.registered.getValue());
-        log.info("Find Fido2 Registered by registeredFilter:{}", registeredFilter);
-        return persistenceEntryManager.findEntries(baseDn, Fido2RegistrationEntry.class, registeredFilter);
+        Filter searchFilter = Filter.createANDFilter(Filter.createEqualityFilter("personInum", userInum),
+                Filter.createEqualityFilter("jansStatus", Fido2RegistrationStatus.registered.getValue()));
+
+        log.info("Find Fido2 Registered by searchFilter:{}", searchFilter);
+        return persistenceEntryManager.findEntries(getDnFido2RegistrationEntry(null), Fido2RegistrationEntry.class, searchFilter);
     }
 
     public String getBaseDnForFido2RegistrationEntries(String userInum) {

diff --git a/jans-config-api/server/src/main/java/io/jans/configapi/service/auth/SessionService.java b/jans-config-api/server/src/main/java/io/jans/configapi/service/auth/SessionService.java
@@ -10,6 +10,8 @@
 import io.jans.as.common.model.session.SessionIdState;
 import io.jans.as.model.config.StaticConfiguration;
 import io.jans.configapi.util.ApiConstants;
+import io.jans.configapi.core.util.DataUtil;
+import io.jans.model.FieldFilterData;
 import io.jans.model.SearchRequest;
 import io.jans.model.token.TokenEntity;
 import io.jans.model.token.TokenType;
@@ -19,7 +21,6 @@
 import io.jans.orm.search.filter.Filter;
 import io.jans.service.CacheService;
 import io.jans.util.StringHelper;
-
 import jakarta.enterprise.context.ApplicationScoped;
 import jakarta.inject.Inject;
 import jakarta.ws.rs.NotFoundException;
@@ -29,7 +30,6 @@
 import java.util.ArrayList;
 import java.util.Date;
 import java.util.List;
-import java.util.Map;
 
 import org.apache.commons.lang.StringUtils;
 import org.slf4j.Logger;
@@ -62,6 +62,15 @@ public String getDnForSession(String sessionId) {
         return String.format("jansId=%s,%s", sessionId, staticConfiguration.getBaseDn().getSessions());
     }
 
+    public String getDnForUser(String userInum) {
+        String peopleDn = staticConfiguration.getBaseDn().getPeople();
+        if (StringHelper.isEmpty(userInum)) {
+            return peopleDn;
+        }
+
+        return String.format("inum=%s,%s", userInum, peopleDn);
+    }
+
     public SessionId getSessionBySid(String sid) {
         if (logger.isInfoEnabled()) {
             logger.info(SID_MSG, escapeLog(sid));
@@ -113,40 +122,35 @@ public PagedResult<SessionId> searchSession(SearchRequest searchRequest) {
         if (searchRequest.getFilterAssertionValue() != null && !searchRequest.getFilterAssertionValue().isEmpty()) {
 
             for (String assertionValue : searchRequest.getFilterAssertionValue()) {
-                logger.debug("Session Search with assertionValue:{}", assertionValue);
-                if (StringUtils.isNotBlank(assertionValue)) {
-                    String[] targetArray = new String[] { assertionValue };
-                    Filter userFilter = Filter.createSubstringFilter(ApiConstants.JANS_USR_DN, null, targetArray, null);
-                    Filter sidFilter = Filter.createSubstringFilter(ApiConstants.SID, null, targetArray, null);
-                    Filter sessAttrFilter = Filter.createSubstringFilter(ApiConstants.JANS_SESS_ATTR, null, targetArray,
-                            null);
-                    Filter permissionFilter = Filter.createSubstringFilter("jansPermissionGrantedMap", null,
-                            targetArray, null);
-                    Filter idFilter = Filter.createSubstringFilter(ApiConstants.JANSID, null, targetArray, null);
-                    filters.add(
-                            Filter.createORFilter(userFilter, sidFilter, sessAttrFilter, permissionFilter, idFilter));
-                }
+                logger.info("Session Search with assertionValue:{}", assertionValue);
+
+                String[] targetArray = new String[] { assertionValue };
+                Filter userFilter = Filter.createSubstringFilter(ApiConstants.JANS_USR_DN, null, targetArray, null);
+                Filter sidFilter = Filter.createSubstringFilter(ApiConstants.SID, null, targetArray, null);
+                Filter sessAttrFilter = Filter.createSubstringFilter(ApiConstants.JANS_SESS_ATTR, null, targetArray,
+                        null);
+                Filter permissionFilter = Filter.createSubstringFilter("jansPermissionGrantedMap", null, targetArray,
+                        null);
+                Filter idFilter = Filter.createSubstringFilter(ApiConstants.JANSID, null, targetArray, null);
+                filters.add(Filter.createORFilter(userFilter, sidFilter, sessAttrFilter, permissionFilter, idFilter));
+
             }
             searchFilter = Filter.createORFilter(filters);
         }
 
         logger.debug("Session pattern searchFilter:{}", searchFilter);
+
         List<Filter> fieldValueFilters = new ArrayList<>();
-        if (searchRequest.getFieldValueMap() != null && !searchRequest.getFieldValueMap().isEmpty()) {
-            for (Map.Entry<String, String> entry : searchRequest.getFieldValueMap().entrySet()) {
-                Filter dataFilter = Filter.createEqualityFilter(entry.getKey(), entry.getValue());
-                logger.trace("Session dataFilter:{}", dataFilter);
-                fieldValueFilters.add(Filter.createANDFilter(dataFilter));
-            }
-            if (filters.isEmpty()) {
-                searchFilter = Filter.createANDFilter(fieldValueFilters);
-            } else {
-                searchFilter = Filter.createANDFilter(Filter.createORFilter(filters),
-                        Filter.createANDFilter(fieldValueFilters));
-            }
+        if (searchRequest.getFieldFilterData() != null && !searchRequest.getFieldFilterData().isEmpty()) {
+            List<FieldFilterData> fieldFilterDataList = this.modifyFilter(searchRequest.getFieldFilterData());
+            fieldValueFilters = DataUtil.createFilter(fieldFilterDataList, getDnForSession(null),
+                    persistenceEntryManager);
         }
 
-        logger.debug("Session searchFilter:{}", searchFilter);
+        fieldValueFilters.add(Filter.createORFilter(filters));
+        searchFilter = Filter.createANDFilter(fieldValueFilters);
+
+        logger.info("Session searchFilter:{}", searchFilter);
 
         PagedResult<SessionId> pagedSessionList = persistenceEntryManager.findPagedEntries(getDnForSession(null),
                 SessionId.class, searchFilter, null, searchRequest.getSortBy(),
@@ -283,4 +287,24 @@ private SessionId excludeAttribute(SessionId session) {
         return session;
     }
 
+    private List<FieldFilterData> modifyFilter(List<FieldFilterData> fieldFilterDataList) {
+
+        logger.debug("modify filter - fieldFilterDataList:{}", fieldFilterDataList);
+        if (fieldFilterDataList == null || fieldFilterDataList.isEmpty()) {
+            return fieldFilterDataList;
+        }
+
+        for (FieldFilterData fieldFilterData : fieldFilterDataList) {
+            if (fieldFilterData != null && StringUtils.isNotBlank(fieldFilterData.getField())) {
+                String field = fieldFilterData.getField();
+                if ("jansUsrDN".equalsIgnoreCase(field)) {
+                    // get Dn
+                    fieldFilterData.setValue(getDnForUser(fieldFilterData.getValue()));
+                }
+            }
+        }
+
+        return fieldFilterDataList;
+    }
+
 }