diff --git a/coral/types/api.d.ts b/coral/types/api.d.ts index 63d8ee6f1..16d1cd0cc 100644 --- a/coral/types/api.d.ts +++ b/coral/types/api.d.ts @@ -7996,9 +7996,9 @@ export enum ApiPaths { approveRequest = "/request/approve", registerUser = "/registerUser", promoteSchema = "/promote/schema", - deleteOperationalRequest = "/operationalRequest/reqId/:reqId/delete", - declineOperationalRequest = "/operationalRequest/reqId/:reqId/decline", - approveOperationalRequest = "/operationalRequest/reqId/:reqId/approve", + deleteOperationalRequest = "/operationalRequest/reqId/{reqId}/delete", + declineOperationalRequest = "/operationalRequest/reqId/{reqId}/decline", + approveOperationalRequest = "/operationalRequest/reqId/{reqId}/approve", createConsumerOffsetsResetRequest = "/operationalRequest/consumerOffsetsReset/create", logout = "/logout", approveTopicRequests = "/execTopicRequests", @@ -8031,24 +8031,24 @@ export enum ApiPaths { createAcl = "/createAcl", restartConnector = "/connector/restart", changePwd = "/chPwd", - addEnvToCache = "/cache/tenant/:tenantId/entityType/environment", + addEnvToCache = "/cache/tenant/{tenantId}/entityType/environment", addTenantId = "/addTenantId", addRoleId = "/addRoleId", addNewUser = "/addNewUser", addNewTeam = "/addNewTeam", addNewEnv = "/addNewEnv", addNewCluster = "/addNewCluster", - claimAcl = "/acl/claim/:aclId", - getSwitchTeams = "/user/:userId/switchTeamsList", - getTopicRequest = "/topic/request/:topicReqId", + claimAcl = "/acl/claim/{aclId}", + getSwitchTeams = "/user/{userId}/switchTeamsList", + getTopicRequest = "/topic/request/{topicReqId}", testClusterApiConnection = "/testClusterApiConnection", shutdownApp = "/shutdownContext", showUsers = "/showUserList", - getSchemaOfTopicFromSource = "/schemas/source/:source/kafkaEnv/:kafkaEnvId/topic/:topicName/schemaVersion/:schemaVersion", - getSchemaRequest = "/schema/request/:schemaReqId", + getSchemaOfTopicFromSource = "/schemas/source/{source}/kafkaEnv/{kafkaEnvId}/topic/{topicName}/schemaVersion/{schemaVersion}", + getSchemaRequest = "/schema/request/{schemaReqId}", resetCache = "/resetCache", getRequestStatistics = "/requests/statistics", - getOperationalRequests = "/operationalRequests/requestsFor/:requestsFor", + getOperationalRequests = "/operationalRequests/requestsFor/{requestsFor}", validateOffsetRequestDetails = "/operationalRequest/consumerOffsetsReset/validate", getRegistrationInfoFromId = "/getUserInfoFromRegistrationId", getUserDetails = "/getUserDetails", @@ -8126,11 +8126,11 @@ export enum ApiPaths { getAclRequests = "/getAclRequests", getAclRequestsForApprover = "/getAclRequestsForApprover", getSchemaRegEnvsPaginated = "/environments/schemaRegistry", - getSchemaRegEnv = "/environments/schemaRegistry/:envId", + getSchemaRegEnv = "/environments/schemaRegistry/{envId}", getKafkaConnectEnvsPaginated = "/environments/kafkaconnect", - getKafkaConnectEnv = "/environments/kafkaconnect/:envId", + getKafkaConnectEnv = "/environments/kafkaconnect/{envId}", getKafkaEnvsPaginated = "/environments/kafka", - getKafkaEnv = "/environments/kafka/:envId", - getAclRequest = "/acl/request/:aclRequestId", - removeEnvFromCache = "/cache/tenant/:tenantId/entityType/environment/id/:id" + getKafkaEnv = "/environments/kafka/{envId}", + getAclRequest = "/acl/request/{aclRequestId}", + removeEnvFromCache = "/cache/tenant/{tenantId}/entityType/environment/id/{id}" } diff --git a/core/src/main/java/io/aiven/klaw/auth/KwAuthenticationSuccessHandler.java b/core/src/main/java/io/aiven/klaw/auth/KwAuthenticationSuccessHandler.java index c457059fe..7d7dccbee 100644 --- a/core/src/main/java/io/aiven/klaw/auth/KwAuthenticationSuccessHandler.java +++ b/core/src/main/java/io/aiven/klaw/auth/KwAuthenticationSuccessHandler.java @@ -62,25 +62,30 @@ public String getRedirectPage(HttpServletRequest request, Authentication authent String providerRoute = "{{ provider }}"; String coralTopicsUri = "/coral/"; - if (quickStartEnabled - && handleDbRequests - .getUsersInfo( - UtilMethods.getUserName( - authentication.getPrincipal(), preferredUsernameAttribute, emailAttribute)) - .getRole() - .equals(KwConstants.USER_ROLE)) { - return coralTopicsUri; - } - - if (coralEnabled - && UtilControllerService.isCoralBuilt - && !handleDbRequests - .getUsersInfo( - UtilMethods.getUserName( - authentication.getPrincipal(), preferredUsernameAttribute, emailAttribute)) - .getRole() - .equals(KwConstants.SUPERADMIN_ROLE)) { - return coralTopicsUri; + try { + if (quickStartEnabled + && handleDbRequests + .getUsersInfo( + UtilMethods.getUserName( + authentication.getPrincipal(), preferredUsernameAttribute, emailAttribute)) + .getRole() + .equals(KwConstants.USER_ROLE)) { + return coralTopicsUri; + } + + if (coralEnabled + && UtilControllerService.isCoralBuilt + && !handleDbRequests + .getUsersInfo( + UtilMethods.getUserName( + authentication.getPrincipal(), preferredUsernameAttribute, emailAttribute)) + .getRole() + .equals(KwConstants.SUPERADMIN_ROLE)) { + return coralTopicsUri; + } + } catch (Exception e) { + log.info("Could not retrieve user info"); + return rootPath + indexPage; } if (defaultSavedRequest == null) { diff --git a/core/src/main/java/io/aiven/klaw/model/requests/ProfileModel.java b/core/src/main/java/io/aiven/klaw/model/requests/ProfileModel.java index 84242cf16..35bb8cc60 100644 --- a/core/src/main/java/io/aiven/klaw/model/requests/ProfileModel.java +++ b/core/src/main/java/io/aiven/klaw/model/requests/ProfileModel.java @@ -18,7 +18,7 @@ public class ProfileModel implements Serializable { @Size(min = 5, max = 50, message = "Name must be atleast 5 characters") @Pattern( message = "Invalid Full name", - regexp = "^[A-Za-zÀ-ÖØ-öø-ÿ' ]*$") // Pattern a-zA-z accents and umlaut and/or spaces. + regexp = "^[A-Za-zÀ-ÖØ-öø-ÿ' ()]*$") // Pattern a-zA-z accents and umlaut and/or spaces. private String fullname; @Email(message = "Email should be valid") diff --git a/core/src/main/java/io/aiven/klaw/model/requests/RegisterUserInfoModel.java b/core/src/main/java/io/aiven/klaw/model/requests/RegisterUserInfoModel.java index 355add8fa..4abfe44f0 100644 --- a/core/src/main/java/io/aiven/klaw/model/requests/RegisterUserInfoModel.java +++ b/core/src/main/java/io/aiven/klaw/model/requests/RegisterUserInfoModel.java @@ -33,7 +33,7 @@ public class RegisterUserInfoModel implements Serializable { @NotNull(message = "Name cannot be null") @Pattern( message = "Invalid Full name.", - regexp = "^[a-zA-z ]*$") // Pattern a-zA-z and/or spaces. + regexp = "^[a-zA-Z ()]*$") // Pattern a-zA-z and/or spaces. private String fullname; @Email(message = "Email should be valid") diff --git a/core/src/main/java/io/aiven/klaw/service/UiControllerLoginService.java b/core/src/main/java/io/aiven/klaw/service/UiControllerLoginService.java index 21881adf1..15ec545a4 100644 --- a/core/src/main/java/io/aiven/klaw/service/UiControllerLoginService.java +++ b/core/src/main/java/io/aiven/klaw/service/UiControllerLoginService.java @@ -44,6 +44,9 @@ public class UiControllerLoginService { @Value("${klaw.login.authentication.type}") private String authenticationType; + @Value("${spring.ad.domain:#{null}}") + private String adDomain; + @Value("${klaw.enable.authorization.ad:false}") private boolean enableUserAuthorizationFromAD; @@ -114,14 +117,19 @@ public String checkAnonymousLogin( String userName) { DefaultOAuth2User defaultOAuth2User = null; String nameAttribute = "name"; + String emailAttribute = "email"; + String emailAttributeVal = null; Collection authorities = null; + Object principal = abstractAuthenticationToken.getPrincipal(); // Extract attributes for user verification/registration if (abstractAuthenticationToken instanceof OAuth2AuthenticationToken) { - defaultOAuth2User = - (DefaultOAuth2User) SecurityContextHolder.getContext().getAuthentication().getPrincipal(); - nameAttribute = (String) defaultOAuth2User.getAttributes().get(nameAttribute); - authorities = defaultOAuth2User.getAuthorities(); + if (principal instanceof DefaultOAuth2User) { + defaultOAuth2User = (DefaultOAuth2User) principal; + nameAttribute = (String) defaultOAuth2User.getAttributes().get(nameAttribute); + emailAttributeVal = (String) defaultOAuth2User.getAttributes().get(emailAttribute); + authorities = defaultOAuth2User.getAuthorities(); + } } else if (abstractAuthenticationToken instanceof UsernamePasswordAuthenticationToken) { nameAttribute = abstractAuthenticationToken.getName(); authorities = abstractAuthenticationToken.getAuthorities(); @@ -146,7 +154,8 @@ public String checkAnonymousLogin( } } } - return registerStagingUser(userName, nameAttribute, roleValidationPair.getRight()); + return registerStagingUser( + userName, nameAttribute, roleValidationPair.getRight(), emailAttributeVal); } if (abstractAuthenticationToken.isAuthenticated()) { @@ -272,7 +281,8 @@ public String checkAuth( } // register user with staging status, and forward to signup - public String registerStagingUser(String userName, Object fullName, String roleFromAD) { + public String registerStagingUser( + String userName, Object fullName, String roleFromAD, String emailClaim) { try { log.info("User found in SSO/AD and not in Klaw db :{}", userName); String existingRegistrationId = @@ -296,6 +306,11 @@ public String registerStagingUser(String userName, Object fullName, String roleF registerUserInfoModel.setRole( Objects.requireNonNullElse(roleFromAD, KwConstants.USER_ROLE)); registerUserInfoModel.setRegisteredTime(new Timestamp(System.currentTimeMillis())); + + if (emailClaim != null) { + registerUserInfoModel.setMailid(emailClaim); + } + registerUserInfoModel.setUsername(userName); registerUserInfoModel.setPwd(""); if (fullName != null) { diff --git a/core/src/main/java/io/aiven/klaw/service/UsersTeamsControllerService.java b/core/src/main/java/io/aiven/klaw/service/UsersTeamsControllerService.java index b6be032a6..7e85ad6c0 100644 --- a/core/src/main/java/io/aiven/klaw/service/UsersTeamsControllerService.java +++ b/core/src/main/java/io/aiven/klaw/service/UsersTeamsControllerService.java @@ -508,7 +508,10 @@ public ApiResponse deleteUser(String userIdToDelete, boolean isExternal) throws } try { - inMemoryUserDetailsManager.deleteUser(userIdToDelete); + if (inMemoryUserDetailsManager != null + && inMemoryUserDetailsManager.userExists(userIdToDelete)) { + inMemoryUserDetailsManager.deleteUser(userIdToDelete); + } String result = manageDatabase.getHandleDbRequests().deleteUserRequest(userIdToDelete); if (result.equals(ApiResultStatus.SUCCESS.value)) { commonUtilsService.updateMetadata( @@ -628,8 +631,10 @@ public ApiResponse addNewUser(UserInfoModel newUser, boolean isExternal) throws : ApiResponse.notOk(result); } catch (Exception e) { try { - if (inMemoryUserDetailsManager != null) + if (inMemoryUserDetailsManager != null + && inMemoryUserDetailsManager.userExists(newUser.getUsername())) { inMemoryUserDetailsManager.deleteUser(newUser.getUsername()); + } } catch (Exception e1) { log.error("Try deleting user"); } diff --git a/core/src/main/resources/static/js/registerUsers.js b/core/src/main/resources/static/js/registerUsers.js index 288995302..f5f2bdc48 100644 --- a/core/src/main/resources/static/js/registerUsers.js +++ b/core/src/main/resources/static/js/registerUsers.js @@ -493,19 +493,19 @@ app.controller("registerUsersCtrl", function($scope, $http, $location, $window) return; } - if(!$scope.registerUser.emailid) + if(!$scope.registerUser.mailid) { $scope.alertnote = "Email id is mandatory."; $scope.showAlertToast(); return; } - else if($scope.registerUser.emailid.length < 7) + else if($scope.registerUser.mailid.length < 7) { $scope.alertnote = "Please enter a valid email id."; $scope.showAlertToast(); return; } - else if(!$scope.registerUser.emailid.includes("@")) + else if(!$scope.registerUser.mailid.includes("@")) { $scope.alertnote = "Please enter a valid email id."; $scope.showAlertToast(); @@ -518,7 +518,7 @@ app.controller("registerUsersCtrl", function($scope, $http, $location, $window) serviceInput['username'] = $scope.registerUser.username; serviceInput['fullname'] = $scope.registerUser.fullname; - serviceInput['mailid'] = $scope.registerUser.emailid; + serviceInput['mailid'] = $scope.registerUser.mailid; serviceInput['tenantName'] = tenantName.trim(); serviceInput['pwd'] = ''; diff --git a/core/src/main/resources/templates/registerLdap.html b/core/src/main/resources/templates/registerLdap.html index 673c7bead..6f7e99424 100644 --- a/core/src/main/resources/templates/registerLdap.html +++ b/core/src/main/resources/templates/registerLdap.html @@ -354,7 +354,7 @@

Sign Up

class="form-control" type="email" required - ng-model="registerUser.emailid" + ng-model="registerUser.mailid" /> diff --git a/openapi.json b/openapi.json index 2e8706dea..812891087 100644 --- a/openapi.json +++ b/openapi.json @@ -5886,7 +5886,7 @@ "type" : "string", "maxLength" : 50, "minLength" : 5, - "pattern" : "^[A-Za-zÀ-ÖØ-öø-ÿ' ]*$" + "pattern" : "^[A-Za-zÀ-ÖØ-öø-ÿ' ()]*$" }, "mailid" : { "type" : "string" @@ -5937,7 +5937,7 @@ "type" : "string", "maxLength" : 50, "minLength" : 5, - "pattern" : "^[A-Za-zÀ-ÖØ-öø-ÿ' ]*$" + "pattern" : "^[A-Za-zÀ-ÖØ-öø-ÿ' ()]*$" }, "mailid" : { "type" : "string" @@ -6282,7 +6282,7 @@ "type" : "string", "maxLength" : 50, "minLength" : 5, - "pattern" : "^[A-Za-zÀ-ÖØ-öø-ÿ' ]*$" + "pattern" : "^[A-Za-zÀ-ÖØ-öø-ÿ' ()]*$" }, "mailid" : { "type" : "string" @@ -6544,7 +6544,7 @@ "type" : "string", "maxLength" : 50, "minLength" : 5, - "pattern" : "^[a-zA-z ]*$" + "pattern" : "^[a-zA-Z ()]*$" }, "mailid" : { "type" : "string"