fix(config-api): user service conflict with fido2 and script enhancem…

…ent (#3767)

jans-config-api/common/src/main/java/io/jans/configapi/util/ApiConstants.java

@@ -110,6 +110,7 @@ private ApiConstants() {}
     public static final String ALL = "all";
     public static final String ACTIVE = "active";
     public static final String INACTIVE = "inactive"; 
+    public static final String ADD_SCRIPT_TEMPLATE = "addScriptTemplate";
 
     // API Protection
     public static final String PROTECTION_TYPE_OAUTH2 = "oauth2";

jans-config-api/docs/jans-config-api-swagger.yaml

@@ -3853,6 +3853,15 @@ paths:
       summary: Adds a new custom script
       description: Adds a new custom script
       operationId: post-config-scripts
+      parameters:
+      - name: addScriptTemplate
+        in: query
+        description: Boolean flag to indicate if script template is to be added. If
+          CustomScript request object has script populated then script template will
+          not be added.
+        schema:
+          type: boolean
+          default: false
       requestBody:
         description: CustomScript object
         content:
@@ -7524,19 +7533,19 @@ components:
           $ref: '#/components/schemas/AttributeValidation'
         tooltip:
           type: string
-        whitePagesCanView:
-          type: boolean
-        userCanEdit:
-          type: boolean
-        userCanAccess:
+        userCanView:
           type: boolean
         adminCanAccess:
           type: boolean
-        userCanView:
+        adminCanView:
+          type: boolean
+        userCanEdit:
           type: boolean
         adminCanEdit:
           type: boolean
-        adminCanView:
+        userCanAccess:
+          type: boolean
+        whitePagesCanView:
           type: boolean
         baseDn:
           type: string
@@ -8257,8 +8266,6 @@ components:
           type: object
           additionalProperties:
             type: string
-        fapi:
-          type: boolean
         allResponseTypesSupported:
           uniqueItems: true
           type: array
@@ -8268,6 +8275,8 @@ components:
             - code
             - token
             - id_token
+        fapi:
+          type: boolean
     AuthenticationFilter:
       required:
       - baseDn
@@ -9127,6 +9136,7 @@ components:
           type: string
           enum:
           - ldap
+          - db
           - file
         baseDn:
           type: string
@@ -9234,6 +9244,12 @@ components:
           type: string
         "y":
           type: string
+        key_ops:
+          type: string
+          enum:
+          - "KeyOps{value='connect'} CONNECT"
+          - "KeyOps{value='ssa'} SSA"
+          - "KeyOps{value='all'} ALL"
     WebKeysConfiguration:
       type: object
       properties:

jans-config-api/plugins/docs/fido2-plugin-swagger.yaml

@@ -130,6 +130,10 @@ components:
           type: array
           items:
             type: string
+        superGluuEnabled:
+          type: boolean
+        oldU2fMigrationEnabled:
+          type: boolean
         fido2Configuration:
           $ref: '#/components/schemas/Fido2Configuration'
     Fido2Configuration:
@@ -172,6 +176,30 @@ components:
           type: array
           items:
             type: string
+    Fido2DeviceData:
+      type: object
+      properties:
+        uuid:
+          type: string
+        token:
+          type: string
+          writeOnly: true
+        type:
+          type: string
+        platform:
+          type: string
+        name:
+          type: string
+        os_name:
+          type: string
+        os_version:
+          type: string
+        custom_data:
+          type: object
+          additionalProperties:
+            type: string
+        push_token:
+          type: string
     Fido2RegistrationData:
       type: object
       properties:
@@ -209,6 +237,7 @@ components:
           - pending
           - registered
           - compromised
+          - canceled
         counter:
           type: integer
           format: int32
@@ -228,15 +257,32 @@ components:
           type: string
         challange:
           type: string
+        challengeHash:
+          type: string
         creationDate:
           type: string
           format: date-time
         userInum:
           type: string
-        publicKeyId:
+        rpId:
+          type: string
+        sessionStateId:
+          type: string
+        expirationDate:
           type: string
+          format: date-time
+        deletable:
+          type: boolean
+        ttl:
+          type: integer
+          format: int32
         displayName:
           type: string
+        publicKeyId:
+          type: string
+        publicKeyIdHash:
+          type: integer
+          format: int32
         registrationData:
           $ref: '#/components/schemas/Fido2RegistrationData'
         counter:
@@ -248,10 +294,15 @@ components:
           - pending
           - registered
           - compromised
+          - canceled
         deviceNotificationConf:
           type: string
-        challangeHash:
-          type: string
+        deviceData:
+          $ref: '#/components/schemas/Fido2DeviceData'
+        expiration:
+          type: integer
+          format: int32
+          writeOnly: true
         baseDn:
           type: string
   securitySchemes:

jans-config-api/plugins/user-mgt-plugin/src/main/java/io/jans/configapi/plugin/mgt/rest/UserResource.java

@@ -196,7 +196,7 @@ public Response updateUser(@Valid CustomUser customUser)
             logger.debug("Updated user:{}", user);
         } catch (Exception ex) {
             logger.error("Error while updating user", ex);
-            thorwInternalServerException(ex);
+            throwInternalServerException(ex);
         }
 
         // excludedAttributes

jans-config-api/plugins/user-mgt-plugin/src/main/java/io/jans/configapi/plugin/mgt/service/UserMgmtService.java

@@ -3,6 +3,7 @@
 import com.github.fge.jsonpatch.JsonPatchException;
 import io.jans.as.common.model.common.User;
 import io.jans.as.common.util.AttributeConstants;
+import io.jans.configapi.core.service.ConfigUserService;
 import io.jans.as.model.config.StaticConfiguration;
 import io.jans.as.model.configuration.AppConfiguration;
 import io.jans.configapi.core.util.Jackson;
@@ -34,7 +35,7 @@
 
 @ApplicationScoped
 @Named("userMgmtSrv")
-public class UserMgmtService extends io.jans.as.common.service.common.UserService {
+public class UserMgmtService {
 
     @Inject
     private Logger logger;
@@ -48,26 +49,29 @@ public class UserMgmtService extends io.jans.as.common.service.common.UserServic
     @Inject
     ConfigurationService configurationService;
 
+    @Inject
+    PersistenceEntryManager persistenceEntryManager;
+
     @Inject
     AuthUtil authUtil;
 
     @Inject
     MgtUtil mgtUtil;
 
-    private static final String BIRTH_DATE = "birthdate";
+    @Inject
+    ConfigUserService userService;
 
-    @Override
-    public List<String> getPersonCustomObjectClassList() {
-        return appConfiguration.getPersonCustomObjectClassList();
-    }
+    private static final String BIRTH_DATE = "birthdate";
 
-    @Override
     public String getPeopleBaseDn() {
-        return staticConfiguration.getBaseDn().getPeople();
+        return userService.getPeopleBaseDn();
     }
 
     public PagedResult<User> searchUsers(SearchRequest searchRequest) {
-        logger.debug("Search Users with searchRequest:{}", escapeLog(searchRequest));
+        if (logger.isDebugEnabled()) {
+            logger.debug("Search Users with searchRequest:{}, getPeopleBaseDn():{}", escapeLog(searchRequest),
+                    getPeopleBaseDn());
+        }
         Filter searchFilter = null;
         List<Filter> filters = new ArrayList<>();
         if (searchRequest.getFilterAssertionValue() != null && !searchRequest.getFilterAssertionValue().isEmpty()) {
@@ -85,7 +89,7 @@ public PagedResult<User> searchUsers(SearchRequest searchRequest) {
             searchFilter = Filter.createORFilter(filters);
         }
         logger.debug("Users searchFilter:{}", searchFilter);
-        return persistenceEntryManager.findPagedEntries(getPeopleBaseDn(), User.class, searchFilter, null,
+        return persistenceEntryManager.findPagedEntries(userService.getPeopleBaseDn(), User.class, searchFilter, null,
                 searchRequest.getSortBy(), SortOrder.getByValue(searchRequest.getSortOrder()),
                 searchRequest.getStartIndex(), searchRequest.getCount(), searchRequest.getMaxCount());
 
@@ -104,7 +108,7 @@ public User patchUser(String inum, UserPatchRequest userPatchRequest) throws Jso
             return null;
         }
 
-        User user = getUserByInum(inum);
+        User user = userService.getUserByInum(inum);
         if (user == null) {
             return null;
         }
@@ -126,7 +130,7 @@ public User patchUser(String inum, UserPatchRequest userPatchRequest) throws Jso
 
         // persist user
         ignoreCustomObjectClassesForNonLDAP(user);
-        user = updateUser(user);
+        user = userService.updateUser(user);
         logger.debug("User after patch user:{}", user);
         return user;
 
@@ -135,7 +139,7 @@ public User patchUser(String inum, UserPatchRequest userPatchRequest) throws Jso
     public User getUserBasedOnInum(String inum) {
         User result = null;
         try {
-            result = getUserByInum(inum);
+            result = userService.getUserByInum(inum);
         } catch (Exception ex) {
             logger.error("Failed to load user entry", ex);
         }
@@ -150,12 +154,12 @@ private User updateCustomAttributes(User user, List<CustomObjectAttribute> custo
         }
 
         for (CustomObjectAttribute attribute : customAttributes) {
-            CustomObjectAttribute existingAttribute = getCustomAttribute(user, attribute.getName());
+            CustomObjectAttribute existingAttribute = userService.getCustomAttribute(user, attribute.getName());
             logger.debug("Existing CustomAttributes with existingAttribute:{} ", existingAttribute);
 
             // add
             if (existingAttribute == null) {
-                boolean result = addUserAttribute(user, attribute.getName(), attribute.getValues(),
+                boolean result = userService.addUserAttribute(user, attribute.getName(), attribute.getValues(),
                         attribute.isMultiValued());
                 logger.debug("Result of adding CustomAttributes attribute:{} , result:{} ", attribute, result);
             }
@@ -324,4 +328,12 @@ public User ignoreCustomObjectClassesForNonLDAP(User user) {
         }
         return user;
     }
+
+    public User addUser(User user, boolean active) {
+        return userService.addUser(user, active);
+    }
+
+    public User updateUser(User user) {
+        return userService.updateUser(user);
+    }
 }

jans-config-api/profiles/local/test.properties

@@ -2,8 +2,8 @@
 test.scopes=https://jans.io/oauth/config/acrs.readonly https://jans.io/oauth/config/acrs.write https://jans.io/oauth/config/attributes.readonly https://jans.io/oauth/config/attributes.write https://jans.io/oauth/config/attributes.delete https://jans.io/oauth/config/cache.readonly https://jans.io/oauth/config/cache.write https://jans.io/oauth/config/openid/clients.readonly https://jans.io/oauth/config/openid/clients.write https://jans.io/oauth/config/openid/clients.delete https://jans.io/oauth/jans-auth-server/config/properties.readonly https://jans.io/oauth/jans-auth-server/config/properties.write https://jans.io/oauth/config/smtp.readonly https://jans.io/oauth/config/smtp.write https://jans.io/oauth/config/smtp.delete https://jans.io/oauth/config/scripts.readonly https://jans.io/oauth/config/scripts.write https://jans.io/oauth/config/scripts.delete https://jans.io/oauth/config/fido2.readonly https://jans.io/oauth/config/fido2.write https://jans.io/oauth/config/jwks.readonly https://jans.io/oauth/config/jwks.write https://jans.io/oauth/config/jwks.delete https://jans.io/oauth/config/database/ldap.readonly https://jans.io/oauth/config/database/ldap.write https://jans.io/oauth/config/database/ldap.delete https://jans.io/oauth/config/logging.readonly https://jans.io/oauth/config/logging.write https://jans.io/oauth/config/scopes.readonly https://jans.io/oauth/config/scopes.write https://jans.io/oauth/config/scopes.delete https://jans.io/oauth/config/uma/resources.readonly https://jans.io/oauth/config/uma/resources.write https://jans.io/oauth/config/uma/resources.delete https://jans.io/oauth/config/database/sql.readonly https://jans.io/oauth/config/database/sql.write https://jans.io/oauth/config/database/sql.delete https://jans.io/oauth/config/stats.readonly jans_stat https://jans.io/scim/users.read https://jans.io/scim/users.write https://jans.io/oauth/config/scim/users.read https://jans.io/oauth/config/scim/users.write https://jans.io/scim/config.readonly https://jans.io/scim/config.write https://jans.io/oauth/config/organization.readonly https://jans.io/oauth/config/organization.write https://jans.io/oauth/config/user.readonly https://jans.io/oauth/config/user.write https://jans.io/oauth/config/user.delete https://jans.io/oauth/config/agama.readonly https://jans.io/oauth/config/agama.write https://jans.io/oauth/config/agama.delete https://jans.io/oauth/jans-auth-server/session.readonly https://jans.io/oauth/jans-auth-server/session.delete revoke_session https://jans.io/oauth/config/read-all https://jans.io/oauth/config/write-all https://jans.io/oauth/config/delete-all https://jans.io/oauth/config/openid-read https://jans.io/oauth/config/openid-write https://jans.io/oauth/config/openid-delete https://jans.io/oauth/config/uma-read https://jans.io/oauth/config/uma-write https://jans.io/oauth/config/uma-delete https://jans.io/oauth/jans-auth-server/config/adminui/user/role.readonly https://jans.io/oauth/jans-auth-server/config/adminui/user/role.write https://jans.io/oauth/jans-auth-server/config/adminui/read-all https://jans.io/oauth/jans-auth-server/config/adminui/write-all https://jans.io/oauth/jans-auth-server/config/adminui/user/role.delete https://jans.io/oauth/jans-auth-server/config/adminui/delete-all https://jans.io/oauth/jans-auth-server/config/adminui/user/permission.readonly https://jans.io/oauth/jans-auth-server/config/adminui/user/permission.write https://jans.io/oauth/jans-auth-server/config/adminui/user/permission.write https://jans.io/oauth/jans-auth-server/config/adminui/user/permission.delete https://jans.io/oauth/jans-auth-server/config/adminui/user/rolePermissionMapping.readonly https://jans.io/oauth/jans-auth-server/config/adminui/user/rolePermissionMapping.write https://jans.io/oauth/jans-auth-server/config/adminui/user/rolePermissionMapping.delete https://jans.io/oauth/jans-auth-server/config/adminui/license.readonly https://jans.io/oauth/jans-auth-server/config/adminui/license.write https://jans.io/oauth/config/plugin.readonly
 
 # jans.server
-token.endpoint=https://jans.server2/jans-auth/restv1/token
+token.endpoint=https://jans.server1/jans-auth/restv1/token
 token.grant.type=client_credentials
-test.client.id=1800.c9c0b756-a1fc-4013-9feb-64d531ac2dc1
-test.client.secret=ONfjpemnGAFU
-test.issuer=https://jans.server2/
+test.client.id=1800.53043ff9-102c-4b52-8456-c7c5cde2dfd3
+test.client.secret=tYRVpvtI4S3U
+test.issuer=https://jans.server1/

jans-config-api/server/src/main/java/io/jans/configapi/rest/resource/auth/AcrsResource.java

@@ -81,7 +81,7 @@ public Response updateDefaultAuthenticationMethod(@NotNull AuthenticationMethod
         log.debug("ACRS details to  update - authenticationMethod:{}", authenticationMethod);
 
         if (authenticationMethod == null || StringUtils.isBlank(authenticationMethod.getDefaultAcr())) {
-            thorwBadRequestException("Default authentication method should not be null or empty !");
+            throwBadRequestException("Default authentication method should not be null or empty !");
         }
 
         if (authenticationMethod != null) {