You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@syncope.apache.org by il...@apache.org on 2021/11/24 10:04:10 UTC

[syncope] branch master updated: [SYNCOPE-1651] Reviewing delegation validation logic

This is an automated email from the ASF dual-hosted git repository.

ilgrosso pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/syncope.git


The following commit(s) were added to refs/heads/master by this push:
     new 615bbec  [SYNCOPE-1651] Reviewing delegation validation logic
615bbec is described below

commit 615bbec2fe069f1cf813648ebb126a721e80d0e5
Author: Francesco Chicchiriccò <il...@apache.org>
AuthorDate: Wed Nov 24 11:02:29 2021 +0100

    [SYNCOPE-1651] Reviewing delegation validation logic
---
 .../core/spring/security/AuthDataAccessor.java     | 24 ++++++++++++++--------
 1 file changed, 15 insertions(+), 9 deletions(-)

diff --git a/core/spring/src/main/java/org/apache/syncope/core/spring/security/AuthDataAccessor.java b/core/spring/src/main/java/org/apache/syncope/core/spring/security/AuthDataAccessor.java
index d057150..6cd89b4 100644
--- a/core/spring/src/main/java/org/apache/syncope/core/spring/security/AuthDataAccessor.java
+++ b/core/spring/src/main/java/org/apache/syncope/core/spring/security/AuthDataAccessor.java
@@ -183,17 +183,23 @@ public class AuthDataAccessor {
     }
 
     protected String getDelegationKey(final SyncopeAuthenticationDetails details, final String delegatedKey) {
-        return Optional.ofNullable(details.getDelegatedBy()).
-                map(delegatingKey -> SyncopeConstants.UUID_PATTERN.matcher(delegatingKey).matches()
-                ? delegatingKey
-                : userDAO.findKey(delegatingKey)).map(delegatingKey -> {
+        if (details.getDelegatedBy() == null) {
+            return null;
+        }
+
+        String delegatingKey = SyncopeConstants.UUID_PATTERN.matcher(details.getDelegatedBy()).matches()
+                ? details.getDelegatedBy()
+                : userDAO.findKey(details.getDelegatedBy());
+        if (delegatingKey == null) {
+            throw new SessionAuthenticationException(
+                    "Delegating user " + details.getDelegatedBy() + " cannot be found");
+        }
 
-            LOG.debug("Delegation request: delegating:{}, delegated:{}", delegatingKey, delegatedKey);
+        LOG.debug("Delegation request: delegating:{}, delegated:{}", delegatingKey, delegatedKey);
 
-            return delegationDAO.findValidFor(delegatingKey, delegatedKey).
-                    orElseThrow(() -> new SessionAuthenticationException(
-                    "Delegation by " + delegatingKey + " was requested but none found"));
-        }).orElse(null);
+        return delegationDAO.findValidFor(delegatingKey, delegatedKey).
+                orElseThrow(() -> new SessionAuthenticationException(
+                "Delegation by " + delegatingKey + " was requested but none found"));
     }
 
     /**