diff --git a/src/main/java/com/knecon/fforesight/tenantusermanagement/service/TenantManagementService.java b/src/main/java/com/knecon/fforesight/tenantusermanagement/service/TenantManagementService.java index 3f50796..6049042 100644 --- a/src/main/java/com/knecon/fforesight/tenantusermanagement/service/TenantManagementService.java +++ b/src/main/java/com/knecon/fforesight/tenantusermanagement/service/TenantManagementService.java @@ -85,7 +85,7 @@ public class TenantManagementService implements TenantProvider { @SneakyThrows public TenantResponse createTenant(TenantRequest tenantRequest) { - log.info("Tenants are: {}", tenantRepository.findAll().stream().map(TenantEntity::getTenantId).collect(Collectors.toList())); + log.info("Tenants are: {}", tenantRepository.findAll().stream().map(TenantEntity::getTenantId).toList()); log.info("Requested to create tenant for: {}", tenantRequest.getTenantId()); try { @@ -297,7 +297,7 @@ public class TenantManagementService implements TenantProvider { rolesRepresentation.setRealm(roles); realm.setRoles(rolesRepresentation); - realm.setUsers(users.stream().map(this::toUserRepresentation).collect(Collectors.toList())); + realm.setUsers(users.stream().map(tenantUser -> toUserRepresentation(tenantId, tenantUser)).toList()); realm.setPasswordPolicy("digits(1) and length(12) and lowerCase(1) and notEmail and notUsername and specialChars(1) and upperCase(1)"); @@ -315,11 +315,11 @@ public class TenantManagementService implements TenantProvider { } - private UserRepresentation toUserRepresentation(TenantUser redUser) { + private UserRepresentation toUserRepresentation(String tenantId, TenantUser redUser) { var credentialRepresentation = new CredentialRepresentation(); - credentialRepresentation.setType("password"); - validatePasswordWithPolicy(redUser.getPassword(), redUser.getUsername(), redUser.getEmail()); + credentialRepresentation.setType(CredentialRepresentation.PASSWORD); + validatePasswordWithPolicy(tenantId, redUser.getPassword(), redUser.getUsername(), redUser.getEmail()); credentialRepresentation.setValue(redUser.getPassword()); var user = new UserRepresentation(); @@ -346,10 +346,14 @@ public class TenantManagementService implements TenantProvider { } - private void validatePasswordWithPolicy(String password, String username, String email) { + private void validatePasswordWithPolicy(String tenantId, String password, String username, String email) { - if (password.equals(username) || !validateEmailIsNotPassword(email, password) || !checkStringContainsUpperCaseAndLowerCaseAndDigitsAndSpecialCharsAndHasLength(password)) { - throw new ResponseStatusException(HttpStatus.BAD_REQUEST, "Password does not match password policy."); + var realmPasswordPolicy = realmService.realm(tenantId).toRepresentation().getPasswordPolicy(); + if(realmPasswordPolicy == null || realmPasswordPolicy.isEmpty()) { + // KC has no policy set, thus we validate it manually + if (password.equals(username) || !validateEmailIsNotPassword(email, password) || !checkStringContainsUpperCaseAndLowerCaseAndDigitsAndSpecialCharsAndHasLength(password)) { + throw new ResponseStatusException(HttpStatus.BAD_REQUEST, "Password does not match password policy."); + } } } @@ -481,7 +485,7 @@ public class TenantManagementService implements TenantProvider { public List getTenants() { - return tenantRepository.findAll().stream().map(this::convert).collect(Collectors.toList()); + return tenantRepository.findAll().stream().map(this::convert).toList(); }