You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@syncope.apache.org by mm...@apache.org on 2022/10/12 19:38:46 UTC
[syncope] branch master updated: SYNCOPE-1699: Extract key from path if undefined in request body (#381)
This is an automated email from the ASF dual-hosted git repository.
mmoayyed pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/syncope.git
The following commit(s) were added to refs/heads/master by this push:
new 782cd4aa43 SYNCOPE-1699: Extract key from path if undefined in request body (#381)
782cd4aa43 is described below
commit 782cd4aa4308a336ac4bcaa20194851d1d8cb93f
Author: Misagh Moayyed <mm...@gmail.com>
AuthorDate: Wed Oct 12 23:38:40 2022 +0400
SYNCOPE-1699: Extract key from path if undefined in request body (#381)
---
.../core/rest/cxf/service/AbstractService.java | 20 ++++++++++++++++---
.../apache/syncope/fit/core/UserIssuesITCase.java | 23 ++++++++++++++++++++++
2 files changed, 40 insertions(+), 3 deletions(-)
diff --git a/core/idrepo/rest-cxf/src/main/java/org/apache/syncope/core/rest/cxf/service/AbstractService.java b/core/idrepo/rest-cxf/src/main/java/org/apache/syncope/core/rest/cxf/service/AbstractService.java
index a207be6f02..245e19b299 100644
--- a/core/idrepo/rest-cxf/src/main/java/org/apache/syncope/core/rest/cxf/service/AbstractService.java
+++ b/core/idrepo/rest-cxf/src/main/java/org/apache/syncope/core/rest/cxf/service/AbstractService.java
@@ -61,10 +61,24 @@ public abstract class AbstractService implements JAXRSService {
protected String getActualKey(final AnyDAO<?> dao, final String pretendingKey) {
String actualKey = pretendingKey;
- if (!SyncopeConstants.UUID_PATTERN.matcher(pretendingKey).matches()) {
- actualKey = dao.findKey(pretendingKey);
+ if (uriInfo.getPathParameters(true).containsKey("key")) {
+ final String keyInPath = uriInfo.getPathParameters(true).get("key").get(0);
+ if (actualKey == null) {
+ actualKey = keyInPath;
+ } else if (!actualKey.equals(keyInPath)) {
+ SyncopeClientException sce = SyncopeClientException.build(ClientExceptionType.InvalidRequest);
+ sce.getElements().add("Key specified in request does not match key in the path");
+ throw sce;
+ }
+ }
+ if (actualKey == null) {
+ SyncopeClientException sce = SyncopeClientException.build(ClientExceptionType.InvalidRequest);
+ sce.getElements().add("Key is null");
+ throw sce;
+ }
+ if (!SyncopeConstants.UUID_PATTERN.matcher(actualKey).matches()) {
+ actualKey = dao.findKey(actualKey);
}
-
return actualKey;
}
diff --git a/fit/core-reference/src/test/java/org/apache/syncope/fit/core/UserIssuesITCase.java b/fit/core-reference/src/test/java/org/apache/syncope/fit/core/UserIssuesITCase.java
index 83e9471953..0eab07f324 100644
--- a/fit/core-reference/src/test/java/org/apache/syncope/fit/core/UserIssuesITCase.java
+++ b/fit/core-reference/src/test/java/org/apache/syncope/fit/core/UserIssuesITCase.java
@@ -35,11 +35,14 @@ import java.util.List;
import java.util.Map;
import java.util.Optional;
import java.util.Set;
+import java.util.UUID;
import javax.naming.NamingException;
import javax.ws.rs.core.GenericType;
+import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;
import org.apache.commons.lang3.tuple.Triple;
import org.apache.cxf.helpers.IOUtils;
+import org.apache.cxf.jaxrs.client.WebClient;
import org.apache.syncope.client.lib.SyncopeClient;
import org.apache.syncope.common.lib.Attr;
import org.apache.syncope.common.lib.SyncopeClientException;
@@ -91,6 +94,26 @@ import org.springframework.jdbc.core.JdbcTemplate;
public class UserIssuesITCase extends AbstractITCase {
+ @Test
+ public void issueSYNCOPE1699() throws Exception {
+ UserTO userTO = createUser(UserITCase.getUniqueSample("syncope1669@apache.org")).getEntity();
+
+ UserUR req = new UserUR();
+ req.setUsername(new StringReplacePatchItem.Builder().value("newUsername" + getUUIDString()).build());
+
+ WebClient webClient = WebClient.create(ADDRESS + "/users/" + userTO.getKey(), ADMIN_UNAME, ADMIN_PWD, null).
+ accept(MediaType.APPLICATION_JSON_TYPE).
+ type(MediaType.APPLICATION_JSON_TYPE);
+
+ Response response = webClient.invoke("PATCH", JSON_MAPPER.writeValueAsString(req));
+ assertEquals(Response.Status.OK.getStatusCode(), response.getStatus());
+
+ // Key is mismatched in the path parameter and the request body.
+ req.setKey(UUID.randomUUID().toString());
+ response = webClient.invoke("PATCH", JSON_MAPPER.writeValueAsString(req));
+ assertEquals(Response.Status.BAD_REQUEST.getStatusCode(), response.getStatus());
+ }
+
@Test
public void issue186() {
// 1. create an user with strict mandatory attributes only