You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@syncope.apache.org by mm...@apache.org on 2022/10/12 19:38:46 UTC

[syncope] branch master updated: SYNCOPE-1699: Extract key from path if undefined in request body (#381)

This is an automated email from the ASF dual-hosted git repository.

mmoayyed pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/syncope.git


The following commit(s) were added to refs/heads/master by this push:
     new 782cd4aa43 SYNCOPE-1699: Extract key from path  if undefined in request body (#381)
782cd4aa43 is described below

commit 782cd4aa4308a336ac4bcaa20194851d1d8cb93f
Author: Misagh Moayyed <mm...@gmail.com>
AuthorDate: Wed Oct 12 23:38:40 2022 +0400

    SYNCOPE-1699: Extract key from path  if undefined in request body (#381)
---
 .../core/rest/cxf/service/AbstractService.java     | 20 ++++++++++++++++---
 .../apache/syncope/fit/core/UserIssuesITCase.java  | 23 ++++++++++++++++++++++
 2 files changed, 40 insertions(+), 3 deletions(-)

diff --git a/core/idrepo/rest-cxf/src/main/java/org/apache/syncope/core/rest/cxf/service/AbstractService.java b/core/idrepo/rest-cxf/src/main/java/org/apache/syncope/core/rest/cxf/service/AbstractService.java
index a207be6f02..245e19b299 100644
--- a/core/idrepo/rest-cxf/src/main/java/org/apache/syncope/core/rest/cxf/service/AbstractService.java
+++ b/core/idrepo/rest-cxf/src/main/java/org/apache/syncope/core/rest/cxf/service/AbstractService.java
@@ -61,10 +61,24 @@ public abstract class AbstractService implements JAXRSService {
 
     protected String getActualKey(final AnyDAO<?> dao, final String pretendingKey) {
         String actualKey = pretendingKey;
-        if (!SyncopeConstants.UUID_PATTERN.matcher(pretendingKey).matches()) {
-            actualKey = dao.findKey(pretendingKey);
+        if (uriInfo.getPathParameters(true).containsKey("key")) {
+            final String keyInPath = uriInfo.getPathParameters(true).get("key").get(0);
+            if (actualKey == null) {
+                actualKey = keyInPath;
+            } else if (!actualKey.equals(keyInPath)) {
+                SyncopeClientException sce = SyncopeClientException.build(ClientExceptionType.InvalidRequest);
+                sce.getElements().add("Key specified in request does not match key in the path");
+                throw sce;
+            }
+        }
+        if (actualKey == null) {
+            SyncopeClientException sce = SyncopeClientException.build(ClientExceptionType.InvalidRequest);
+            sce.getElements().add("Key is null");
+            throw sce;
+        }
+        if (!SyncopeConstants.UUID_PATTERN.matcher(actualKey).matches()) {
+            actualKey = dao.findKey(actualKey);
         }
-
         return actualKey;
     }
 
diff --git a/fit/core-reference/src/test/java/org/apache/syncope/fit/core/UserIssuesITCase.java b/fit/core-reference/src/test/java/org/apache/syncope/fit/core/UserIssuesITCase.java
index 83e9471953..0eab07f324 100644
--- a/fit/core-reference/src/test/java/org/apache/syncope/fit/core/UserIssuesITCase.java
+++ b/fit/core-reference/src/test/java/org/apache/syncope/fit/core/UserIssuesITCase.java
@@ -35,11 +35,14 @@ import java.util.List;
 import java.util.Map;
 import java.util.Optional;
 import java.util.Set;
+import java.util.UUID;
 import javax.naming.NamingException;
 import javax.ws.rs.core.GenericType;
+import javax.ws.rs.core.MediaType;
 import javax.ws.rs.core.Response;
 import org.apache.commons.lang3.tuple.Triple;
 import org.apache.cxf.helpers.IOUtils;
+import org.apache.cxf.jaxrs.client.WebClient;
 import org.apache.syncope.client.lib.SyncopeClient;
 import org.apache.syncope.common.lib.Attr;
 import org.apache.syncope.common.lib.SyncopeClientException;
@@ -91,6 +94,26 @@ import org.springframework.jdbc.core.JdbcTemplate;
 
 public class UserIssuesITCase extends AbstractITCase {
 
+    @Test
+    public void issueSYNCOPE1699() throws Exception {
+        UserTO userTO = createUser(UserITCase.getUniqueSample("syncope1669@apache.org")).getEntity();
+
+        UserUR req = new UserUR();
+        req.setUsername(new StringReplacePatchItem.Builder().value("newUsername" + getUUIDString()).build());
+
+        WebClient webClient = WebClient.create(ADDRESS + "/users/" + userTO.getKey(), ADMIN_UNAME, ADMIN_PWD, null).
+            accept(MediaType.APPLICATION_JSON_TYPE).
+            type(MediaType.APPLICATION_JSON_TYPE);
+
+        Response response = webClient.invoke("PATCH", JSON_MAPPER.writeValueAsString(req));
+        assertEquals(Response.Status.OK.getStatusCode(), response.getStatus());
+
+        // Key is mismatched in the path parameter and the request body.
+        req.setKey(UUID.randomUUID().toString());
+        response = webClient.invoke("PATCH", JSON_MAPPER.writeValueAsString(req));
+        assertEquals(Response.Status.BAD_REQUEST.getStatusCode(), response.getStatus());
+    }
+    
     @Test
     public void issue186() {
         // 1. create an user with strict mandatory attributes only