From 99c3239f70aeeb964e97283b1b715da3a2be836a Mon Sep 17 00:00:00 2001 From: Andrei Isvoran Date: Wed, 26 Jul 2023 13:09:59 +0200 Subject: [PATCH] Red-7006 Hide passwords only for external controller --- .../external/TenantsController.java | 11 +++++--- .../service/TenantManagementService.java | 27 ++++++++++++++++--- .../knecon/fforesight/tests/TenantsTest.java | 24 +++++++++++++++-- 3 files changed, 53 insertions(+), 9 deletions(-) diff --git a/src/main/java/com/knecon/fforesight/tenantusermanagement/controller/external/TenantsController.java b/src/main/java/com/knecon/fforesight/tenantusermanagement/controller/external/TenantsController.java index 8e897e5..904f9da 100644 --- a/src/main/java/com/knecon/fforesight/tenantusermanagement/controller/external/TenantsController.java +++ b/src/main/java/com/knecon/fforesight/tenantusermanagement/controller/external/TenantsController.java @@ -6,6 +6,7 @@ import static com.knecon.fforesight.tenantusermanagement.permissions.UserManagem import static com.knecon.fforesight.tenantusermanagement.permissions.UserManagementPermissions.UPDATE_TENANT; import java.util.List; +import java.util.stream.Collectors; import org.springframework.http.HttpStatus; import org.springframework.security.access.prepost.PreAuthorize; @@ -47,15 +48,16 @@ public class TenantsController implements TenantsResource, PublicResource { @PreAuthorize("hasAuthority('" + GET_TENANTS + "')") public List getTenants() { - - return tenantManagementService.getTenants(); + List tenants = tenantManagementService.getTenants(); + return tenants.stream().map(tenantManagementService::removePasswords).collect(Collectors.toList()); } @PreAuthorize("hasAuthority('" + GET_TENANTS + "')") public TenantResponse getTenant(String tenantId) { - return tenantManagementService.getTenant(tenantId); + TenantResponse tenantResponse = tenantManagementService.getTenant(tenantId); + return tenantManagementService.removePasswords(tenantResponse); } @@ -68,7 +70,8 @@ public class TenantsController implements TenantsResource, PublicResource { public TenantResponse updateTenant(String tenantId, @RequestBody TenantRequest tenantRequest) { - return tenantManagementService.updateTenant(tenantId, tenantRequest); + TenantResponse tenantResponse = tenantManagementService.updateTenant(tenantId, tenantRequest); + return tenantManagementService.removePasswords(tenantResponse); } diff --git a/src/main/java/com/knecon/fforesight/tenantusermanagement/service/TenantManagementService.java b/src/main/java/com/knecon/fforesight/tenantusermanagement/service/TenantManagementService.java index ed5e562..661f00a 100644 --- a/src/main/java/com/knecon/fforesight/tenantusermanagement/service/TenantManagementService.java +++ b/src/main/java/com/knecon/fforesight/tenantusermanagement/service/TenantManagementService.java @@ -4,7 +4,6 @@ import java.net.URI; import java.net.URISyntaxException; import java.sql.Connection; import java.sql.DriverManager; -import java.sql.PreparedStatement; import java.util.ArrayList; import java.util.HashMap; import java.util.List; @@ -14,7 +13,6 @@ import java.util.UUID; import java.util.stream.Collectors; import javax.sql.DataSource; -import javax.ws.rs.ClientErrorException; import org.keycloak.representations.idm.ClientRepresentation; import org.keycloak.representations.idm.CredentialRepresentation; @@ -26,7 +24,6 @@ import org.springframework.amqp.rabbit.core.RabbitTemplate; import org.springframework.beans.factory.annotation.Value; import org.springframework.http.HttpStatus; import org.springframework.jdbc.core.JdbcTemplate; -import org.springframework.jdbc.core.StatementCallback; import org.springframework.jdbc.datasource.SingleConnectionDataSource; import org.springframework.stereotype.Service; import org.springframework.transaction.annotation.Transactional; @@ -66,6 +63,7 @@ public class TenantManagementService implements TenantProvider { private static final Long MAX_WAIT_TIME = 60_000L; // 60 seconds private static final String FRONTEND_URL_PROPERTY = "frontendUrl"; private static final Set SUPPORTED_DATABASES = Set.of("postgresql"); + private static final String PASSWORD = "**********"; private final EncryptionDecryptionService encryptionService; private final TenantRepository tenantRepository; @@ -447,6 +445,27 @@ public class TenantManagementService implements TenantProvider { return tenantRepository.findAll().stream().map(this::convert).collect(Collectors.toList()); } + public TenantResponse removePasswords(TenantResponse tenantResponse) { + + if (tenantResponse.getDatabaseConnection() != null) { + tenantResponse.getDatabaseConnection().setPassword(PASSWORD); + } + + if (tenantResponse.getSearchConnection() != null) { + tenantResponse.getSearchConnection().setPassword(PASSWORD); + } + + if (tenantResponse.getAzureStorageConnection() != null) { + tenantResponse.getAzureStorageConnection().setConnectionString(PASSWORD); + } + + if (tenantResponse.getS3StorageConnection() != null){ + tenantResponse.getS3StorageConnection().setSecret(PASSWORD); + } + + return tenantResponse; + } + private TenantResponse convert(TenantEntity entity) { @@ -469,6 +488,7 @@ public class TenantManagementService implements TenantProvider { .schema(entity.getDatabaseConnection().getSchema()) .username(entity.getDatabaseConnection().getUsername()) .params(entity.getDatabaseConnection().getParams()) + .password(entity.getDatabaseConnection().getPassword()) .build()) .searchConnection(SearchConnection.builder() .hosts(entity.getSearchConnection().getHosts()) @@ -477,6 +497,7 @@ public class TenantManagementService implements TenantProvider { .username(entity.getSearchConnection().getUsername()) .numberOfShards(entity.getSearchConnection().getNumberOfShards()) .numberOfReplicas(entity.getSearchConnection().getNumberOfReplicas()) + .password(entity.getSearchConnection().getPassword()) .build()) .build(); diff --git a/src/test/java/com/knecon/fforesight/tests/TenantsTest.java b/src/test/java/com/knecon/fforesight/tests/TenantsTest.java index 91079b5..9bbd6e2 100644 --- a/src/test/java/com/knecon/fforesight/tests/TenantsTest.java +++ b/src/test/java/com/knecon/fforesight/tests/TenantsTest.java @@ -33,6 +33,8 @@ public class TenantsTest extends AbstractTenantUserManagementIntegrationTest { @Autowired private EncryptionDecryptionService encryptionService; + private static final String PASSWORD = "**********"; + @Test public void testCreateNewTenant() { @@ -89,8 +91,8 @@ public class TenantsTest extends AbstractTenantUserManagementIntegrationTest { var updatedTenant = tenantsClient.updateTenant("new_tenant", tenantRequest); - tenantRequest.getSearchConnection().setPassword(null); - tenantRequest.getDatabaseConnection().setPassword(null); + tenantRequest.getSearchConnection().setPassword(PASSWORD); + tenantRequest.getDatabaseConnection().setPassword(PASSWORD); assertThat(updatedTenant.getDisplayName()).isEqualTo(tenantRequest.getDisplayName()); assertThat(updatedTenant.getSearchConnection()).isEqualTo(tenantRequest.getSearchConnection()); @@ -103,6 +105,7 @@ public class TenantsTest extends AbstractTenantUserManagementIntegrationTest { assertThat(tenantEntity.getSearchConnection()).isEqualTo(tenantRequest.getSearchConnection()); assertThat(tenantEntity.getDatabaseConnection()).isEqualTo(tenantRequest.getDatabaseConnection()); assertThat(tenantEntity.getS3StorageConnection().getBucketName()).isEqualTo("redaction2"); + assertThat(tenantEntity.getS3StorageConnection().getSecret()).isEqualTo(PASSWORD); tenantRequest.setS3StorageConnection(null); @@ -174,4 +177,21 @@ public class TenantsTest extends AbstractTenantUserManagementIntegrationTest { TenantContext.clear(); } + @Test + public void testRemovePasswords() { + testTenantService.createTestTenantIfNotExists("new_tenant_passwords", minioPort); + + TenantContext.setTenantId("new_tenant_passwords"); + + var tenant = tenantsClient.getTenant("new_tenant_passwords"); + assertThat(tenant.getDatabaseConnection()).isNotNull(); + assertThat(tenant.getDatabaseConnection().getPassword()).isEqualTo(PASSWORD); + assertThat(tenant.getSearchConnection()).isNotNull(); + assertThat(tenant.getSearchConnection().getPassword()).isEqualTo(PASSWORD); + assertThat(tenant.getS3StorageConnection()).isNotNull(); + assertThat(tenant.getS3StorageConnection().getSecret()).isEqualTo(PASSWORD); + + TenantContext.clear(); + } + }