From c579658890564f4f3739b0e63ff3e591024b2bee Mon Sep 17 00:00:00 2001
From: David Meng <xlmeng@amazon.com>
Date: Mon, 12 Sep 2022 21:15:04 +0000
Subject: [PATCH] Squashed commit of the following
commit 3b661d0e
Author: David Meng <xlmeng@amazon.com>
Date: Tue Aug 23 2022 11:24:37 GMT-0400 (Eastern Daylight Time)
Refactor AuthorizationFilter::hasAnyPermission to avoid always returning true
---
.../notification/auth/AuthorizationFilter.java | 16 +++++++---------
.../auth/AuthorizationFilterTest.java | 2 +-
2 files changed, 8 insertions(+), 10 deletions(-)
diff --git a/notification-core/src/main/java/org/opengroup/osdu/notification/auth/AuthorizationFilter.java b/notification-core/src/main/java/org/opengroup/osdu/notification/auth/AuthorizationFilter.java
index 0d4693068..a69afee52 100644
--- a/notification-core/src/main/java/org/opengroup/osdu/notification/auth/AuthorizationFilter.java
+++ b/notification-core/src/main/java/org/opengroup/osdu/notification/auth/AuthorizationFilter.java
@@ -63,25 +63,23 @@ public class AuthorizationFilter {
if (Arrays.asList(requiredRoles).contains(Config.CRON) && requestInfoExt.isCronRequest()) {
dpsHeaders.put(DpsHeaders.USER_EMAIL, Config.CRON);
requestInfoExt.setHeaders(dpsHeaders);
- return true;
} else if (Arrays.asList(requiredRoles).contains(Config.PUBSUB)) {
String jwt = dpsHeaders.getAuthorization().substring(BEARER_PREFIX.length());
if (!this.validator.isValidPublisherServiceAccount(jwt)) {
- if (!this.authorizeWithEntitlements(requiredRoles)) {
- throw new AppException(401, "Invalid User Identity", "this user is not authorized for this operation");
- }
+ this.authorizeWithEntitlements(requiredRoles);
+ } else {
+ return false;
}
- return true;
} else {
- return authorizeWithEntitlements(requiredRoles);
+ authorizeWithEntitlements(requiredRoles);
}
+ return true;
}
- private boolean authorizeWithEntitlements(String... requiredRoles) {
- AuthorizationResponse authorizationResponse = authService.authorizeAny(requestInfoExt.getHeaders(), requiredRoles);
+ private void authorizeWithEntitlements(String... requiredRoles) {
DpsHeaders dpsHeaders = requestInfoExt.getHeaders();
+ AuthorizationResponse authorizationResponse = authService.authorizeAny(dpsHeaders, requiredRoles);
dpsHeaders.put(DpsHeaders.USER_EMAIL, authorizationResponse.getUser());
requestInfoExt.setHeaders(dpsHeaders);
- return true;
}
}
diff --git a/notification-core/src/test/java/org/opengroup/osdu/notification/auth/AuthorizationFilterTest.java b/notification-core/src/test/java/org/opengroup/osdu/notification/auth/AuthorizationFilterTest.java
index 44cfac89b..5ae208b77 100644
--- a/notification-core/src/test/java/org/opengroup/osdu/notification/auth/AuthorizationFilterTest.java
+++ b/notification-core/src/test/java/org/opengroup/osdu/notification/auth/AuthorizationFilterTest.java
@@ -112,7 +112,7 @@ public class AuthorizationFilterTest {
this.sut.hasAnyPermission(ROLE3);
}
- @Test
+ @Test(expected = Test.None.class)
public void should_authenticateRequest_when_isFromPubsubAndUserIdentityIsCorrect() {
when(headers.getAuthorization()).thenReturn(TEST_PUBSUB_JWT);
when(this.validator.isValidServiceAccount(any(), any())).thenReturn(true);
--
GitLab