diff --git a/jans-config-api/docs/jans-config-api-swagger.yaml b/jans-config-api/docs/jans-config-api-swagger.yaml index 812e408c8b4..e8f1d586443 100644 --- a/jans-config-api/docs/jans-config-api-swagger.yaml +++ b/jans-config-api/docs/jans-config-api-swagger.yaml @@ -7687,7 +7687,7 @@ components: type: string whitePagesCanView: type: boolean - adminCanView: + adminCanEdit: type: boolean userCanView: type: boolean @@ -7695,9 +7695,9 @@ components: type: boolean adminCanAccess: type: boolean - userCanAccess: + adminCanView: type: boolean - adminCanEdit: + userCanAccess: type: boolean baseDn: type: string @@ -8422,8 +8422,6 @@ components: type: object additionalProperties: type: string - fapi: - type: boolean allResponseTypesSupported: uniqueItems: true type: array @@ -8433,6 +8431,8 @@ components: - code - token - id_token + fapi: + type: boolean AuthenticationFilter: required: - baseDn @@ -8955,6 +8955,17 @@ components: format: int32 displayName: type: string + authenticationMethod: + type: string + enum: + - client_secret_basic + - client_secret_post + - client_secret_jwt + - private_key_jwt + - access_token + - tls_client_auth + - self_signed_tls_client_auth + - none allAuthenticationMethods: uniqueItems: true type: array @@ -8969,17 +8980,6 @@ components: - tls_client_auth - self_signed_tls_client_auth - none - authenticationMethod: - type: string - enum: - - client_secret_basic - - client_secret_post - - client_secret_jwt - - private_key_jwt - - access_token - - tls_client_auth - - self_signed_tls_client_auth - - none baseDn: type: string inum: @@ -9304,14 +9304,14 @@ components: type: boolean internal: type: boolean - locationPath: - type: string locationType: type: string enum: - ldap - db - file + locationPath: + type: string baseDn: type: string ScriptError: diff --git a/jans-config-api/profiles/default/config-api-test.properties b/jans-config-api/profiles/default/config-api-test.properties index 9855448d2f0..a7ef3b7a3f7 100644 --- a/jans-config-api/profiles/default/config-api-test.properties +++ b/jans-config-api/profiles/default/config-api-test.properties @@ -1,7 +1,7 @@ # The URL of your Jans installation test.server=https://jenkins-config-api.gluu.org -test.scopes=https://jans.io/oauth/config/acrs.readonly https://jans.io/oauth/config/acrs.write https://jans.io/oauth/config/attributes.readonly https://jans.io/oauth/config/attributes.write https://jans.io/oauth/config/attributes.delete https://jans.io/oauth/config/cache.readonly https://jans.io/oauth/config/cache.write https://jans.io/oauth/config/openid/clients.readonly https://jans.io/oauth/config/openid/clients.write https://jans.io/oauth/config/openid/clients.delete https://jans.io/oauth/jans-auth-server/config/properties.readonly https://jans.io/oauth/jans-auth-server/config/properties.write https://jans.io/oauth/config/smtp.readonly https://jans.io/oauth/config/smtp.write https://jans.io/oauth/config/smtp.delete https://jans.io/oauth/config/scripts.readonly https://jans.io/oauth/config/scripts.write https://jans.io/oauth/config/scripts.delete https://jans.io/oauth/config/fido2.readonly https://jans.io/oauth/config/fido2.write https://jans.io/oauth/config/jwks.readonly https://jans.io/oauth/config/jwks.write https://jans.io/oauth/config/jwks.delete https://jans.io/oauth/config/database/ldap.readonly https://jans.io/oauth/config/database/ldap.write https://jans.io/oauth/config/database/ldap.delete https://jans.io/oauth/config/logging.readonly https://jans.io/oauth/config/logging.write https://jans.io/oauth/config/scopes.readonly https://jans.io/oauth/config/scopes.write https://jans.io/oauth/config/scopes.delete https://jans.io/oauth/config/uma/resources.readonly https://jans.io/oauth/config/uma/resources.write https://jans.io/oauth/config/uma/resources.delete https://jans.io/oauth/config/database/sql.readonly https://jans.io/oauth/config/database/sql.write https://jans.io/oauth/config/database/sql.delete https://jans.io/oauth/config/stats.readonly jans_stat https://jans.io/scim/users.read https://jans.io/scim/users.write https://jans.io/oauth/config/scim/users.read https://jans.io/oauth/config/scim/users.write https://jans.io/scim/config.readonly https://jans.io/scim/config.write https://jans.io/oauth/config/organization.readonly https://jans.io/oauth/config/organization.write https://jans.io/oauth/config/user.readonly https://jans.io/oauth/config/user.write https://jans.io/oauth/config/user.delete https://jans.io/oauth/config/agama.readonly https://jans.io/oauth/config/agama.write https://jans.io/oauth/config/agama.delete https://jans.io/oauth/jans-auth-server/session.readonly https://jans.io/oauth/jans-auth-server/session.delete revoke_session +test.scopes=https://jans.io/oauth/config/acrs.readonly https://jans.io/oauth/config/acrs.write https://jans.io/oauth/config/attributes.readonly https://jans.io/oauth/config/attributes.write https://jans.io/oauth/config/attributes.delete https://jans.io/oauth/config/cache.readonly https://jans.io/oauth/config/cache.write https://jans.io/oauth/config/openid/clients.readonly https://jans.io/oauth/config/openid/clients.write https://jans.io/oauth/config/openid/clients.delete https://jans.io/oauth/jans-auth-server/config/properties.readonly https://jans.io/oauth/jans-auth-server/config/properties.write https://jans.io/oauth/config/smtp.readonly https://jans.io/oauth/config/smtp.write https://jans.io/oauth/config/smtp.delete https://jans.io/oauth/config/scripts.readonly https://jans.io/oauth/config/scripts.write https://jans.io/oauth/config/scripts.delete https://jans.io/oauth/config/fido2.readonly https://jans.io/oauth/config/fido2.write https://jans.io/oauth/config/jwks.readonly https://jans.io/oauth/config/jwks.write https://jans.io/oauth/config/jwks.delete https://jans.io/oauth/config/database/ldap.readonly https://jans.io/oauth/config/database/ldap.write https://jans.io/oauth/config/database/ldap.delete https://jans.io/oauth/config/logging.readonly https://jans.io/oauth/config/logging.write https://jans.io/oauth/config/scopes.readonly https://jans.io/oauth/config/scopes.write https://jans.io/oauth/config/scopes.delete https://jans.io/oauth/config/uma/resources.readonly https://jans.io/oauth/config/uma/resources.write https://jans.io/oauth/config/uma/resources.delete https://jans.io/oauth/config/database/sql.readonly https://jans.io/oauth/config/database/sql.write https://jans.io/oauth/config/database/sql.delete https://jans.io/oauth/config/stats.readonly jans_stat https://jans.io/scim/users.read https://jans.io/scim/users.write https://jans.io/oauth/config/scim/users.read https://jans.io/oauth/config/scim/users.write https://jans.io/scim/config.readonly https://jans.io/scim/config.write https://jans.io/oauth/config/organization.readonly https://jans.io/oauth/config/organization.write https://jans.io/oauth/config/user.readonly https://jans.io/oauth/config/user.write https://jans.io/oauth/config/user.delete https://jans.io/oauth/config/agama.readonly https://jans.io/oauth/config/agama.write https://jans.io/oauth/config/agama.delete https://jans.io/oauth/jans-auth-server/session.readonly https://jans.io/oauth/jans-auth-server/session.delete revoke_session https://jans.io/oauth/config/read-all https://jans.io/oauth/config/write-all https://jans.io/oauth/config/delete-all https://jans.io/oauth/config/openid-read https://jans.io/oauth/config/openid-write https://jans.io/oauth/config/openid-delete https://jans.io/oauth/config/uma-read https://jans.io/oauth/config/uma-write https://jans.io/oauth/config/uma-delete https://jans.io/oauth/jans-auth-server/config/adminui/user/role.readonly https://jans.io/oauth/jans-auth-server/config/adminui/user/role.write https://jans.io/oauth/jans-auth-server/config/adminui/read-all https://jans.io/oauth/jans-auth-server/config/adminui/write-all https://jans.io/oauth/jans-auth-server/config/adminui/user/role.delete https://jans.io/oauth/jans-auth-server/config/adminui/delete-all https://jans.io/oauth/jans-auth-server/config/adminui/user/permission.readonly https://jans.io/oauth/jans-auth-server/config/adminui/user/permission.write https://jans.io/oauth/jans-auth-server/config/adminui/user/permission.write https://jans.io/oauth/jans-auth-server/config/adminui/user/permission.delete https://jans.io/oauth/jans-auth-server/config/adminui/user/rolePermissionMapping.readonly https://jans.io/oauth/jans-auth-server/config/adminui/user/rolePermissionMapping.write https://jans.io/oauth/jans-auth-server/config/adminui/user/rolePermissionMapping.delete https://jans.io/oauth/jans-auth-server/config/adminui/license.readonly https://jans.io/oauth/jans-auth-server/config/adminui/license.write https://jans.io/oauth/config/plugin.readonly https://jans.io/oauth/client/authorizations.readonly https://jans.io/oauth/client/authorizations.delete token.endpoint=https://jenkins-config-api.gluu.org/jans-auth/restv1/token token.grant.type=client_credentials diff --git a/jans-config-api/profiles/local/test.properties b/jans-config-api/profiles/local/test.properties index d7fe54e2e6d..c3b0abdd0ff 100644 --- a/jans-config-api/profiles/local/test.properties +++ b/jans-config-api/profiles/local/test.properties @@ -2,8 +2,8 @@ test.scopes=https://jans.io/oauth/config/acrs.readonly https://jans.io/oauth/config/acrs.write https://jans.io/oauth/config/attributes.readonly https://jans.io/oauth/config/attributes.write https://jans.io/oauth/config/attributes.delete https://jans.io/oauth/config/cache.readonly https://jans.io/oauth/config/cache.write https://jans.io/oauth/config/openid/clients.readonly https://jans.io/oauth/config/openid/clients.write https://jans.io/oauth/config/openid/clients.delete https://jans.io/oauth/jans-auth-server/config/properties.readonly https://jans.io/oauth/jans-auth-server/config/properties.write https://jans.io/oauth/config/smtp.readonly https://jans.io/oauth/config/smtp.write https://jans.io/oauth/config/smtp.delete https://jans.io/oauth/config/scripts.readonly https://jans.io/oauth/config/scripts.write https://jans.io/oauth/config/scripts.delete https://jans.io/oauth/config/fido2.readonly https://jans.io/oauth/config/fido2.write https://jans.io/oauth/config/jwks.readonly https://jans.io/oauth/config/jwks.write https://jans.io/oauth/config/jwks.delete https://jans.io/oauth/config/database/ldap.readonly https://jans.io/oauth/config/database/ldap.write https://jans.io/oauth/config/database/ldap.delete https://jans.io/oauth/config/logging.readonly https://jans.io/oauth/config/logging.write https://jans.io/oauth/config/scopes.readonly https://jans.io/oauth/config/scopes.write https://jans.io/oauth/config/scopes.delete https://jans.io/oauth/config/uma/resources.readonly https://jans.io/oauth/config/uma/resources.write https://jans.io/oauth/config/uma/resources.delete https://jans.io/oauth/config/database/sql.readonly https://jans.io/oauth/config/database/sql.write https://jans.io/oauth/config/database/sql.delete https://jans.io/oauth/config/stats.readonly jans_stat https://jans.io/scim/users.read https://jans.io/scim/users.write https://jans.io/oauth/config/scim/users.read https://jans.io/oauth/config/scim/users.write https://jans.io/scim/config.readonly https://jans.io/scim/config.write https://jans.io/oauth/config/organization.readonly https://jans.io/oauth/config/organization.write https://jans.io/oauth/config/user.readonly https://jans.io/oauth/config/user.write https://jans.io/oauth/config/user.delete https://jans.io/oauth/config/agama.readonly https://jans.io/oauth/config/agama.write https://jans.io/oauth/config/agama.delete https://jans.io/oauth/jans-auth-server/session.readonly https://jans.io/oauth/jans-auth-server/session.delete revoke_session https://jans.io/oauth/config/read-all https://jans.io/oauth/config/write-all https://jans.io/oauth/config/delete-all https://jans.io/oauth/config/openid-read https://jans.io/oauth/config/openid-write https://jans.io/oauth/config/openid-delete https://jans.io/oauth/config/uma-read https://jans.io/oauth/config/uma-write https://jans.io/oauth/config/uma-delete https://jans.io/oauth/jans-auth-server/config/adminui/user/role.readonly https://jans.io/oauth/jans-auth-server/config/adminui/user/role.write https://jans.io/oauth/jans-auth-server/config/adminui/read-all https://jans.io/oauth/jans-auth-server/config/adminui/write-all https://jans.io/oauth/jans-auth-server/config/adminui/user/role.delete https://jans.io/oauth/jans-auth-server/config/adminui/delete-all https://jans.io/oauth/jans-auth-server/config/adminui/user/permission.readonly https://jans.io/oauth/jans-auth-server/config/adminui/user/permission.write https://jans.io/oauth/jans-auth-server/config/adminui/user/permission.write https://jans.io/oauth/jans-auth-server/config/adminui/user/permission.delete https://jans.io/oauth/jans-auth-server/config/adminui/user/rolePermissionMapping.readonly https://jans.io/oauth/jans-auth-server/config/adminui/user/rolePermissionMapping.write https://jans.io/oauth/jans-auth-server/config/adminui/user/rolePermissionMapping.delete https://jans.io/oauth/jans-auth-server/config/adminui/license.readonly https://jans.io/oauth/jans-auth-server/config/adminui/license.write https://jans.io/oauth/config/plugin.readonly https://jans.io/oauth/client/authorizations.readonly https://jans.io/oauth/client/authorizations.delete # jans.server -token.endpoint=https://jans.server1/jans-auth/restv1/token +token.endpoint=https://jans.server2/jans-auth/restv1/token token.grant.type=client_credentials -test.client.id=1800.bf52932e-6f81-4a1b-be78-ccc0147f2a32 -test.client.secret=WBvBJiWJnfbh -test.issuer=https://jans.server1/ \ No newline at end of file +test.client.id=1800.a5e5d2d8-d379-4d68-b12a-575a84c22e04 +test.client.secret=ahqZzbPrSDcC +test.issuer=https://jans.server2/ \ No newline at end of file diff --git a/jans-config-api/server/src/main/java/io/jans/configapi/rest/resource/auth/ConfigSmtpResource.java b/jans-config-api/server/src/main/java/io/jans/configapi/rest/resource/auth/ConfigSmtpResource.java index 18109bd996a..0884ff2fbcb 100644 --- a/jans-config-api/server/src/main/java/io/jans/configapi/rest/resource/auth/ConfigSmtpResource.java +++ b/jans-config-api/server/src/main/java/io/jans/configapi/rest/resource/auth/ConfigSmtpResource.java @@ -67,10 +67,12 @@ public class ConfigSmtpResource extends ConfigBaseResource { @GET @ProtectedApi(scopes = { ApiAccessConstants.SMTP_READ_ACCESS }, groupScopes = { ApiAccessConstants.SMTP_WRITE_ACCESS }, superScopes = { ApiAccessConstants.SUPER_ADMIN_READ_ACCESS }) - public Response getSmtpServerConfiguration() { + public Response getSmtpServerConfiguration() throws EncryptionException { SmtpConfiguration smtpConfiguration = configurationService.getConfiguration().getSmtpConfiguration(); - log.debug(SMTP_CONFIGURATION + ":{}", smtpConfiguration); - return Response.ok(Objects.requireNonNullElseGet(smtpConfiguration, SmtpConfiguration::new)).build(); + log.info(SMTP_CONFIGURATION + ":{} from DB", smtpConfiguration); + decryptPassword(smtpConfiguration); + log.info(SMTP_CONFIGURATION + ":{} fetched", smtpConfiguration); + return Response.ok(smtpConfiguration).build(); } @Operation(summary = "Adds SMTP server configuration", description = "Adds SMTP server configuration", operationId = "post-config-smtp", tags = { @@ -86,17 +88,15 @@ public Response getSmtpServerConfiguration() { ApiAccessConstants.SUPER_ADMIN_WRITE_ACCESS }) public Response setupSmtpConfiguration(@Valid SmtpConfiguration smtpConfiguration) throws EncryptionException { log.debug(SMTP_CONFIGURATION + ":{}", smtpConfiguration); - String password = smtpConfiguration.getPassword(); - if (password != null && !password.isEmpty()) { - smtpConfiguration.setPassword(encryptionService.encrypt(password)); - } - + encryptPassword(smtpConfiguration); GluuConfiguration configurationUpdate = configurationService.getConfiguration(); log.debug("configurationUpdate:{}", configurationUpdate); configurationUpdate.setSmtpConfiguration(smtpConfiguration); configurationService.updateConfiguration(configurationUpdate); - return Response.status(Response.Status.CREATED) - .entity(configurationService.getConfiguration().getSmtpConfiguration()).build(); + smtpConfiguration = configurationService.getConfiguration().getSmtpConfiguration(); + decryptPassword(smtpConfiguration); + log.debug("After creeation " + SMTP_CONFIGURATION + ":{}", smtpConfiguration); + return Response.status(Response.Status.CREATED).entity(smtpConfiguration).build(); } @Operation(summary = "Updates SMTP server configuration", description = "Updates SMTP server configuration", operationId = "put-config-smtp", tags = { @@ -113,16 +113,15 @@ public Response setupSmtpConfiguration(@Valid SmtpConfiguration smtpConfiguratio ApiAccessConstants.SUPER_ADMIN_WRITE_ACCESS }) public Response updateSmtpConfiguration(@Valid SmtpConfiguration smtpConfiguration) throws EncryptionException { log.debug(SMTP_CONFIGURATION + ":{}", smtpConfiguration); - String password = smtpConfiguration.getPassword(); - if (password != null && !password.isEmpty()) { - smtpConfiguration.setPassword(encryptionService.encrypt(password)); - } - log.debug(SMTP_CONFIGURATION + ":{}", smtpConfiguration); + encryptPassword(smtpConfiguration); GluuConfiguration configurationUpdate = configurationService.getConfiguration(); log.debug("configurationUpdate:{}", configurationUpdate); configurationUpdate.setSmtpConfiguration(smtpConfiguration); configurationService.updateConfiguration(configurationUpdate); - return Response.ok(configurationService.getConfiguration().getSmtpConfiguration()).build(); + smtpConfiguration = configurationService.getConfiguration().getSmtpConfiguration(); + decryptPassword(smtpConfiguration); + log.debug("After update " + SMTP_CONFIGURATION + ":{}", smtpConfiguration); + return Response.ok(smtpConfiguration).build(); } @Operation(summary = "Test SMTP server configuration", description = "Test SMTP server configuration", operationId = "test-config-smtp", tags = { @@ -145,7 +144,7 @@ public Response testSmtpConfiguration() throws EncryptionException { smtpConfiguration.getFromName(), smtpConfiguration.getFromEmailAddress(), null, "SMTP Configuration verification", "Mail to test smtp configuration", "Mail to test smtp configuration"); - log.debug("smtpConfiguration test status:{}", status); + log.info("smtpConfiguration test status:{}", status); return Response.ok(status).build(); } @@ -165,4 +164,32 @@ public Response removeSmtpConfiguration() { return Response.noContent().build(); } + private SmtpConfiguration encryptPassword(SmtpConfiguration smtpConfiguration) throws EncryptionException { + if (smtpConfiguration == null) { + return smtpConfiguration; + } + String password = smtpConfiguration.getPassword(); + if (password != null && !password.isEmpty()) { + try { + encryptionService.decrypt(password); + } catch (Exception ex) { + log.error("Exception while decryption of smtpConfiguration password hence will encrypt it!!!"); + smtpConfiguration.setPassword(encryptionService.encrypt(password)); + } + } + return smtpConfiguration; + } + + private SmtpConfiguration decryptPassword(SmtpConfiguration smtpConfiguration) throws EncryptionException { + if (smtpConfiguration != null) { + String password = smtpConfiguration.getPassword(); + if (password != null && !password.isEmpty()) { + smtpConfiguration.setPassword(encryptionService.decrypt(password)); + } + } else { + smtpConfiguration = new SmtpConfiguration(); + } + return smtpConfiguration; + } + } diff --git a/jans-config-api/server/src/main/java/io/jans/configapi/security/api/ApiProtectionService.java b/jans-config-api/server/src/main/java/io/jans/configapi/security/api/ApiProtectionService.java index 8b13d43ecd1..eee3862cfd5 100644 --- a/jans-config-api/server/src/main/java/io/jans/configapi/security/api/ApiProtectionService.java +++ b/jans-config-api/server/src/main/java/io/jans/configapi/security/api/ApiProtectionService.java @@ -172,7 +172,7 @@ private List validateScope(String resourceName, ProtectionScopeType prote log.debug("Re-verify ConfigApiScope rsScope.getName():{} with rsScope.getInum():{} in DB - scope:{} ", rsScope.getName(), rsScope.getInum(), scope); if (scope == null) { - log.debug("Scope - '{}' does not exist, hence creating it.", scope); + log.info("Scope - '{}' does not exist, hence creating it.", scope); // Scope does not exists hence create Scope scope = new Scope(); String inum = rsScope.getInum();