There can be more then one institution_admin

OpenConext · Nov 17, 2023 · a0c06e8 · a0c06e8
1 parent 02b5da7
commit a0c06e8
Show file tree

Hide file tree

Showing 3 changed files with 10 additions and 5 deletions.
diff --git a/README.md b/README.md
@@ -42,13 +42,13 @@ mvn clean deploy
 
 ### [Endpoints](#endpoints)
 
-<https://access.test.surfconext.nl/ui/swagger-ui/index.html>
+<https://invite.test.surfconext.nl/ui/swagger-ui/index.html>
 
 <https://mock.test.surfconext.nl/>
 
 <https://welcome.test.surfconext.nl/>
 
-<https://access.test.surfconext.nl/>
+<https://invite.test.surfconext.nl/>
 
 ### [Mock](#mock)
 

diff --git a/server/src/main/java/access/repository/UserRepository.java b/server/src/main/java/access/repository/UserRepository.java
@@ -14,7 +14,7 @@ public interface UserRepository extends JpaRepository<User, Long> {
 
     Optional<User> findBySubIgnoreCase(String sub);
 
-    Optional<User> findByOrganizationGUIDAndAndInstitutionAdmin(String organizationGUID, boolean institutionAdmin);
+    List<User> findByOrganizationGUIDAndAndInstitutionAdmin(String organizationGUID, boolean institutionAdmin);
 
     List<User> findByUserRoles_role_id(Long roleId);
 

diff --git a/server/src/main/java/access/security/UserHandlerMethodArgumentResolver.java b/server/src/main/java/access/security/UserHandlerMethodArgumentResolver.java
@@ -19,6 +19,7 @@
 
 import java.security.Principal;
 import java.util.Collections;
+import java.util.List;
 import java.util.Map;
 import java.util.Optional;
 import java.util.concurrent.atomic.AtomicBoolean;
@@ -66,8 +67,12 @@ public User resolveArgument(MethodParameter methodParameter,
             APIToken apiToken = apiTokenRepository.findByHashedValue(hashedToken)
                     .orElseThrow(UserRestrictionException::new);
             String organizationGuid = apiToken.getOrganizationGUID();
-            User user = userRepository.findByOrganizationGUIDAndAndInstitutionAdmin(organizationGuid, true)
-                    .orElseThrow(UserRestrictionException::new);
+            List<User> institutionAdmins = userRepository.findByOrganizationGUIDAndAndInstitutionAdmin(organizationGuid, true);
+            if (institutionAdmins.isEmpty()) {
+                throw new UserRestrictionException();
+            }
+            //Does not make any difference security-wise which user we return
+            User user = institutionAdmins.get(0);
             //The overhead is justified for API usage
             user.setApplications(manage.providersByInstitutionalGUID(organizationGuid));
             user.setInstitution(manage.identityProviderByInstitutionalGUID(organizationGuid).orElse(Collections.emptyMap()));