Merge branch 'RED-7006-passwords' into 'main'

Red-7006 Hide passwords only for external controller

See merge request fforesight/tenant-user-management-service!7
This commit is contained in:
Timo Bejan 2023-07-26 13:09:59 +02:00
commit d5a14a5bf3
3 changed files with 53 additions and 9 deletions

View File

@ -6,6 +6,7 @@ import static com.knecon.fforesight.tenantusermanagement.permissions.UserManagem
import static com.knecon.fforesight.tenantusermanagement.permissions.UserManagementPermissions.UPDATE_TENANT;
import java.util.List;
import java.util.stream.Collectors;
import org.springframework.http.HttpStatus;
import org.springframework.security.access.prepost.PreAuthorize;
@ -47,15 +48,16 @@ public class TenantsController implements TenantsResource, PublicResource {
@PreAuthorize("hasAuthority('" + GET_TENANTS + "')")
public List<TenantResponse> getTenants() {
return tenantManagementService.getTenants();
List<TenantResponse> tenants = tenantManagementService.getTenants();
return tenants.stream().map(tenantManagementService::removePasswords).collect(Collectors.toList());
}
@PreAuthorize("hasAuthority('" + GET_TENANTS + "')")
public TenantResponse getTenant(String tenantId) {
return tenantManagementService.getTenant(tenantId);
TenantResponse tenantResponse = tenantManagementService.getTenant(tenantId);
return tenantManagementService.removePasswords(tenantResponse);
}
@ -68,7 +70,8 @@ public class TenantsController implements TenantsResource, PublicResource {
public TenantResponse updateTenant(String tenantId,
@RequestBody TenantRequest tenantRequest) {
return tenantManagementService.updateTenant(tenantId, tenantRequest);
TenantResponse tenantResponse = tenantManagementService.updateTenant(tenantId, tenantRequest);
return tenantManagementService.removePasswords(tenantResponse);
}

View File

@ -4,7 +4,6 @@ import java.net.URI;
import java.net.URISyntaxException;
import java.sql.Connection;
import java.sql.DriverManager;
import java.sql.PreparedStatement;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
@ -14,7 +13,6 @@ import java.util.UUID;
import java.util.stream.Collectors;
import javax.sql.DataSource;
import javax.ws.rs.ClientErrorException;
import org.keycloak.representations.idm.ClientRepresentation;
import org.keycloak.representations.idm.CredentialRepresentation;
@ -26,7 +24,6 @@ import org.springframework.amqp.rabbit.core.RabbitTemplate;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.http.HttpStatus;
import org.springframework.jdbc.core.JdbcTemplate;
import org.springframework.jdbc.core.StatementCallback;
import org.springframework.jdbc.datasource.SingleConnectionDataSource;
import org.springframework.stereotype.Service;
import org.springframework.transaction.annotation.Transactional;
@ -66,6 +63,7 @@ public class TenantManagementService implements TenantProvider {
private static final Long MAX_WAIT_TIME = 60_000L; // 60 seconds
private static final String FRONTEND_URL_PROPERTY = "frontendUrl";
private static final Set<String> SUPPORTED_DATABASES = Set.of("postgresql");
private static final String PASSWORD = "**********";
private final EncryptionDecryptionService encryptionService;
private final TenantRepository tenantRepository;
@ -447,6 +445,27 @@ public class TenantManagementService implements TenantProvider {
return tenantRepository.findAll().stream().map(this::convert).collect(Collectors.toList());
}
public TenantResponse removePasswords(TenantResponse tenantResponse) {
if (tenantResponse.getDatabaseConnection() != null) {
tenantResponse.getDatabaseConnection().setPassword(PASSWORD);
}
if (tenantResponse.getSearchConnection() != null) {
tenantResponse.getSearchConnection().setPassword(PASSWORD);
}
if (tenantResponse.getAzureStorageConnection() != null) {
tenantResponse.getAzureStorageConnection().setConnectionString(PASSWORD);
}
if (tenantResponse.getS3StorageConnection() != null){
tenantResponse.getS3StorageConnection().setSecret(PASSWORD);
}
return tenantResponse;
}
private TenantResponse convert(TenantEntity entity) {
@ -469,6 +488,7 @@ public class TenantManagementService implements TenantProvider {
.schema(entity.getDatabaseConnection().getSchema())
.username(entity.getDatabaseConnection().getUsername())
.params(entity.getDatabaseConnection().getParams())
.password(entity.getDatabaseConnection().getPassword())
.build())
.searchConnection(SearchConnection.builder()
.hosts(entity.getSearchConnection().getHosts())
@ -477,6 +497,7 @@ public class TenantManagementService implements TenantProvider {
.username(entity.getSearchConnection().getUsername())
.numberOfShards(entity.getSearchConnection().getNumberOfShards())
.numberOfReplicas(entity.getSearchConnection().getNumberOfReplicas())
.password(entity.getSearchConnection().getPassword())
.build())
.build();

View File

@ -33,6 +33,8 @@ public class TenantsTest extends AbstractTenantUserManagementIntegrationTest {
@Autowired
private EncryptionDecryptionService encryptionService;
private static final String PASSWORD = "**********";
@Test
public void testCreateNewTenant() {
@ -89,8 +91,8 @@ public class TenantsTest extends AbstractTenantUserManagementIntegrationTest {
var updatedTenant = tenantsClient.updateTenant("new_tenant", tenantRequest);
tenantRequest.getSearchConnection().setPassword(null);
tenantRequest.getDatabaseConnection().setPassword(null);
tenantRequest.getSearchConnection().setPassword(PASSWORD);
tenantRequest.getDatabaseConnection().setPassword(PASSWORD);
assertThat(updatedTenant.getDisplayName()).isEqualTo(tenantRequest.getDisplayName());
assertThat(updatedTenant.getSearchConnection()).isEqualTo(tenantRequest.getSearchConnection());
@ -103,6 +105,7 @@ public class TenantsTest extends AbstractTenantUserManagementIntegrationTest {
assertThat(tenantEntity.getSearchConnection()).isEqualTo(tenantRequest.getSearchConnection());
assertThat(tenantEntity.getDatabaseConnection()).isEqualTo(tenantRequest.getDatabaseConnection());
assertThat(tenantEntity.getS3StorageConnection().getBucketName()).isEqualTo("redaction2");
assertThat(tenantEntity.getS3StorageConnection().getSecret()).isEqualTo(PASSWORD);
tenantRequest.setS3StorageConnection(null);
@ -174,4 +177,21 @@ public class TenantsTest extends AbstractTenantUserManagementIntegrationTest {
TenantContext.clear();
}
@Test
public void testRemovePasswords() {
testTenantService.createTestTenantIfNotExists("new_tenant_passwords", minioPort);
TenantContext.setTenantId("new_tenant_passwords");
var tenant = tenantsClient.getTenant("new_tenant_passwords");
assertThat(tenant.getDatabaseConnection()).isNotNull();
assertThat(tenant.getDatabaseConnection().getPassword()).isEqualTo(PASSWORD);
assertThat(tenant.getSearchConnection()).isNotNull();
assertThat(tenant.getSearchConnection().getPassword()).isEqualTo(PASSWORD);
assertThat(tenant.getS3StorageConnection()).isNotNull();
assertThat(tenant.getS3StorageConnection().getSecret()).isEqualTo(PASSWORD);
TenantContext.clear();
}
}