Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(config-api): smtp password decryption and encryption logic #4161

Merged
merged 13 commits into from
Mar 15, 2023
Merged

fix(config-api): smtp password decryption and encryption logic #4161

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
13 commits
Select commit Hold shift + click to select a range
93b5bec
fix(config-api): customObjectClass changes
pujavs Mar 10, 2023
d8908ec
Merge branch 'main' of https://github.com/JanssenProject/jans into ja…
pujavs Mar 10, 2023
5315017
fix(config-api): user custom attribute changes and agama param changes
pujavs Mar 10, 2023
3b05bbb
Merge branch 'main' of https://github.com/JanssenProject/jans into ja…
pujavs Mar 10, 2023
2e3e141
fix(config-api): user custom attribute changes and agama param changes
pujavs Mar 10, 2023
c5e458b
fix(config-api): user custom attribute changes and agama param changes
pujavs Mar 10, 2023
a1e9b4b
Merge branch 'main' of https://github.com/JanssenProject/jans into ja…
pujavs Mar 13, 2023
e195ebc
Merge branch 'main' of https://github.com/JanssenProject/jans into ja…
pujavs Mar 14, 2023
bad1ad6
feat(config-api): agama deployment path param change and client autho…
pujavs Mar 14, 2023
c5f467e
feat(config-api): agama deployment path param change and client autho…
pujavs Mar 14, 2023
48de61d
feat(config-api): agama deployment path param change and client autho…
pujavs Mar 14, 2023
ba7fff9
Merge branch 'main' of https://github.com/JanssenProject/jans into ja…
pujavs Mar 15, 2023
35cc5dd
fix(config-api): smtp password decryption and encryption logic
pujavs Mar 15, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
36 changes: 18 additions & 18 deletions jans-config-api/docs/jans-config-api-swagger.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7687,17 +7687,17 @@ components:
type: string
whitePagesCanView:
type: boolean
adminCanView:
adminCanEdit:
type: boolean
userCanView:
type: boolean
userCanEdit:
type: boolean
adminCanAccess:
type: boolean
userCanAccess:
adminCanView:
type: boolean
adminCanEdit:
userCanAccess:
type: boolean
baseDn:
type: string
Expand Down Expand Up @@ -8422,8 +8422,6 @@ components:
type: object
additionalProperties:
type: string
fapi:
type: boolean
allResponseTypesSupported:
uniqueItems: true
type: array
Expand All @@ -8433,6 +8431,8 @@ components:
- code
- token
- id_token
fapi:
type: boolean
AuthenticationFilter:
required:
- baseDn
Expand Down Expand Up @@ -8955,6 +8955,17 @@ components:
format: int32
displayName:
type: string
authenticationMethod:
type: string
enum:
- client_secret_basic
- client_secret_post
- client_secret_jwt
- private_key_jwt
- access_token
- tls_client_auth
- self_signed_tls_client_auth
- none
allAuthenticationMethods:
uniqueItems: true
type: array
Expand All @@ -8969,17 +8980,6 @@ components:
- tls_client_auth
- self_signed_tls_client_auth
- none
authenticationMethod:
type: string
enum:
- client_secret_basic
- client_secret_post
- client_secret_jwt
- private_key_jwt
- access_token
- tls_client_auth
- self_signed_tls_client_auth
- none
baseDn:
type: string
inum:
Expand Down Expand Up @@ -9304,14 +9304,14 @@ components:
type: boolean
internal:
type: boolean
locationPath:
type: string
locationType:
type: string
enum:
- ldap
- db
- file
locationPath:
type: string
baseDn:
type: string
ScriptError:
Expand Down
2 changes: 1 addition & 1 deletion jans-config-api/profiles/default/config-api-test.properties
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
# The URL of your Jans installation
test.server=https://jenkins-config-api.gluu.org

test.scopes=https://jans.io/oauth/config/acrs.readonly https://jans.io/oauth/config/acrs.write https://jans.io/oauth/config/attributes.readonly https://jans.io/oauth/config/attributes.write https://jans.io/oauth/config/attributes.delete https://jans.io/oauth/config/cache.readonly https://jans.io/oauth/config/cache.write https://jans.io/oauth/config/openid/clients.readonly https://jans.io/oauth/config/openid/clients.write https://jans.io/oauth/config/openid/clients.delete https://jans.io/oauth/jans-auth-server/config/properties.readonly https://jans.io/oauth/jans-auth-server/config/properties.write https://jans.io/oauth/config/smtp.readonly https://jans.io/oauth/config/smtp.write https://jans.io/oauth/config/smtp.delete https://jans.io/oauth/config/scripts.readonly https://jans.io/oauth/config/scripts.write https://jans.io/oauth/config/scripts.delete https://jans.io/oauth/config/fido2.readonly https://jans.io/oauth/config/fido2.write https://jans.io/oauth/config/jwks.readonly https://jans.io/oauth/config/jwks.write https://jans.io/oauth/config/jwks.delete https://jans.io/oauth/config/database/ldap.readonly https://jans.io/oauth/config/database/ldap.write https://jans.io/oauth/config/database/ldap.delete https://jans.io/oauth/config/logging.readonly https://jans.io/oauth/config/logging.write https://jans.io/oauth/config/scopes.readonly https://jans.io/oauth/config/scopes.write https://jans.io/oauth/config/scopes.delete https://jans.io/oauth/config/uma/resources.readonly https://jans.io/oauth/config/uma/resources.write https://jans.io/oauth/config/uma/resources.delete https://jans.io/oauth/config/database/sql.readonly https://jans.io/oauth/config/database/sql.write https://jans.io/oauth/config/database/sql.delete https://jans.io/oauth/config/stats.readonly jans_stat https://jans.io/scim/users.read https://jans.io/scim/users.write https://jans.io/oauth/config/scim/users.read https://jans.io/oauth/config/scim/users.write https://jans.io/scim/config.readonly https://jans.io/scim/config.write https://jans.io/oauth/config/organization.readonly https://jans.io/oauth/config/organization.write https://jans.io/oauth/config/user.readonly https://jans.io/oauth/config/user.write https://jans.io/oauth/config/user.delete https://jans.io/oauth/config/agama.readonly https://jans.io/oauth/config/agama.write https://jans.io/oauth/config/agama.delete https://jans.io/oauth/jans-auth-server/session.readonly https://jans.io/oauth/jans-auth-server/session.delete revoke_session
test.scopes=https://jans.io/oauth/config/acrs.readonly https://jans.io/oauth/config/acrs.write https://jans.io/oauth/config/attributes.readonly https://jans.io/oauth/config/attributes.write https://jans.io/oauth/config/attributes.delete https://jans.io/oauth/config/cache.readonly https://jans.io/oauth/config/cache.write https://jans.io/oauth/config/openid/clients.readonly https://jans.io/oauth/config/openid/clients.write https://jans.io/oauth/config/openid/clients.delete https://jans.io/oauth/jans-auth-server/config/properties.readonly https://jans.io/oauth/jans-auth-server/config/properties.write https://jans.io/oauth/config/smtp.readonly https://jans.io/oauth/config/smtp.write https://jans.io/oauth/config/smtp.delete https://jans.io/oauth/config/scripts.readonly https://jans.io/oauth/config/scripts.write https://jans.io/oauth/config/scripts.delete https://jans.io/oauth/config/fido2.readonly https://jans.io/oauth/config/fido2.write https://jans.io/oauth/config/jwks.readonly https://jans.io/oauth/config/jwks.write https://jans.io/oauth/config/jwks.delete https://jans.io/oauth/config/database/ldap.readonly https://jans.io/oauth/config/database/ldap.write https://jans.io/oauth/config/database/ldap.delete https://jans.io/oauth/config/logging.readonly https://jans.io/oauth/config/logging.write https://jans.io/oauth/config/scopes.readonly https://jans.io/oauth/config/scopes.write https://jans.io/oauth/config/scopes.delete https://jans.io/oauth/config/uma/resources.readonly https://jans.io/oauth/config/uma/resources.write https://jans.io/oauth/config/uma/resources.delete https://jans.io/oauth/config/database/sql.readonly https://jans.io/oauth/config/database/sql.write https://jans.io/oauth/config/database/sql.delete https://jans.io/oauth/config/stats.readonly jans_stat https://jans.io/scim/users.read https://jans.io/scim/users.write https://jans.io/oauth/config/scim/users.read https://jans.io/oauth/config/scim/users.write https://jans.io/scim/config.readonly https://jans.io/scim/config.write https://jans.io/oauth/config/organization.readonly https://jans.io/oauth/config/organization.write https://jans.io/oauth/config/user.readonly https://jans.io/oauth/config/user.write https://jans.io/oauth/config/user.delete https://jans.io/oauth/config/agama.readonly https://jans.io/oauth/config/agama.write https://jans.io/oauth/config/agama.delete https://jans.io/oauth/jans-auth-server/session.readonly https://jans.io/oauth/jans-auth-server/session.delete revoke_session https://jans.io/oauth/config/read-all https://jans.io/oauth/config/write-all https://jans.io/oauth/config/delete-all https://jans.io/oauth/config/openid-read https://jans.io/oauth/config/openid-write https://jans.io/oauth/config/openid-delete https://jans.io/oauth/config/uma-read https://jans.io/oauth/config/uma-write https://jans.io/oauth/config/uma-delete https://jans.io/oauth/jans-auth-server/config/adminui/user/role.readonly https://jans.io/oauth/jans-auth-server/config/adminui/user/role.write https://jans.io/oauth/jans-auth-server/config/adminui/read-all https://jans.io/oauth/jans-auth-server/config/adminui/write-all https://jans.io/oauth/jans-auth-server/config/adminui/user/role.delete https://jans.io/oauth/jans-auth-server/config/adminui/delete-all https://jans.io/oauth/jans-auth-server/config/adminui/user/permission.readonly https://jans.io/oauth/jans-auth-server/config/adminui/user/permission.write https://jans.io/oauth/jans-auth-server/config/adminui/user/permission.write https://jans.io/oauth/jans-auth-server/config/adminui/user/permission.delete https://jans.io/oauth/jans-auth-server/config/adminui/user/rolePermissionMapping.readonly https://jans.io/oauth/jans-auth-server/config/adminui/user/rolePermissionMapping.write https://jans.io/oauth/jans-auth-server/config/adminui/user/rolePermissionMapping.delete https://jans.io/oauth/jans-auth-server/config/adminui/license.readonly https://jans.io/oauth/jans-auth-server/config/adminui/license.write https://jans.io/oauth/config/plugin.readonly https://jans.io/oauth/client/authorizations.readonly https://jans.io/oauth/client/authorizations.delete

token.endpoint=https://jenkins-config-api.gluu.org/jans-auth/restv1/token
token.grant.type=client_credentials
Expand Down
8 changes: 4 additions & 4 deletions jans-config-api/profiles/local/test.properties
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,8 +2,8 @@
test.scopes=https://jans.io/oauth/config/acrs.readonly https://jans.io/oauth/config/acrs.write https://jans.io/oauth/config/attributes.readonly https://jans.io/oauth/config/attributes.write https://jans.io/oauth/config/attributes.delete https://jans.io/oauth/config/cache.readonly https://jans.io/oauth/config/cache.write https://jans.io/oauth/config/openid/clients.readonly https://jans.io/oauth/config/openid/clients.write https://jans.io/oauth/config/openid/clients.delete https://jans.io/oauth/jans-auth-server/config/properties.readonly https://jans.io/oauth/jans-auth-server/config/properties.write https://jans.io/oauth/config/smtp.readonly https://jans.io/oauth/config/smtp.write https://jans.io/oauth/config/smtp.delete https://jans.io/oauth/config/scripts.readonly https://jans.io/oauth/config/scripts.write https://jans.io/oauth/config/scripts.delete https://jans.io/oauth/config/fido2.readonly https://jans.io/oauth/config/fido2.write https://jans.io/oauth/config/jwks.readonly https://jans.io/oauth/config/jwks.write https://jans.io/oauth/config/jwks.delete https://jans.io/oauth/config/database/ldap.readonly https://jans.io/oauth/config/database/ldap.write https://jans.io/oauth/config/database/ldap.delete https://jans.io/oauth/config/logging.readonly https://jans.io/oauth/config/logging.write https://jans.io/oauth/config/scopes.readonly https://jans.io/oauth/config/scopes.write https://jans.io/oauth/config/scopes.delete https://jans.io/oauth/config/uma/resources.readonly https://jans.io/oauth/config/uma/resources.write https://jans.io/oauth/config/uma/resources.delete https://jans.io/oauth/config/database/sql.readonly https://jans.io/oauth/config/database/sql.write https://jans.io/oauth/config/database/sql.delete https://jans.io/oauth/config/stats.readonly jans_stat https://jans.io/scim/users.read https://jans.io/scim/users.write https://jans.io/oauth/config/scim/users.read https://jans.io/oauth/config/scim/users.write https://jans.io/scim/config.readonly https://jans.io/scim/config.write https://jans.io/oauth/config/organization.readonly https://jans.io/oauth/config/organization.write https://jans.io/oauth/config/user.readonly https://jans.io/oauth/config/user.write https://jans.io/oauth/config/user.delete https://jans.io/oauth/config/agama.readonly https://jans.io/oauth/config/agama.write https://jans.io/oauth/config/agama.delete https://jans.io/oauth/jans-auth-server/session.readonly https://jans.io/oauth/jans-auth-server/session.delete revoke_session https://jans.io/oauth/config/read-all https://jans.io/oauth/config/write-all https://jans.io/oauth/config/delete-all https://jans.io/oauth/config/openid-read https://jans.io/oauth/config/openid-write https://jans.io/oauth/config/openid-delete https://jans.io/oauth/config/uma-read https://jans.io/oauth/config/uma-write https://jans.io/oauth/config/uma-delete https://jans.io/oauth/jans-auth-server/config/adminui/user/role.readonly https://jans.io/oauth/jans-auth-server/config/adminui/user/role.write https://jans.io/oauth/jans-auth-server/config/adminui/read-all https://jans.io/oauth/jans-auth-server/config/adminui/write-all https://jans.io/oauth/jans-auth-server/config/adminui/user/role.delete https://jans.io/oauth/jans-auth-server/config/adminui/delete-all https://jans.io/oauth/jans-auth-server/config/adminui/user/permission.readonly https://jans.io/oauth/jans-auth-server/config/adminui/user/permission.write https://jans.io/oauth/jans-auth-server/config/adminui/user/permission.write https://jans.io/oauth/jans-auth-server/config/adminui/user/permission.delete https://jans.io/oauth/jans-auth-server/config/adminui/user/rolePermissionMapping.readonly https://jans.io/oauth/jans-auth-server/config/adminui/user/rolePermissionMapping.write https://jans.io/oauth/jans-auth-server/config/adminui/user/rolePermissionMapping.delete https://jans.io/oauth/jans-auth-server/config/adminui/license.readonly https://jans.io/oauth/jans-auth-server/config/adminui/license.write https://jans.io/oauth/config/plugin.readonly https://jans.io/oauth/client/authorizations.readonly https://jans.io/oauth/client/authorizations.delete

# jans.server
token.endpoint=https://jans.server1/jans-auth/restv1/token
token.endpoint=https://jans.server2/jans-auth/restv1/token
token.grant.type=client_credentials
test.client.id=1800.bf52932e-6f81-4a1b-be78-ccc0147f2a32
test.client.secret=WBvBJiWJnfbh
test.issuer=https://jans.server1/
test.client.id=1800.a5e5d2d8-d379-4d68-b12a-575a84c22e04
test.client.secret=ahqZzbPrSDcC
test.issuer=https://jans.server2/
61 changes: 44 additions & 17 deletions ...fig-api/server/src/main/java/io/jans/configapi/rest/resource/auth/ConfigSmtpResource.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -67,10 +67,12 @@ public class ConfigSmtpResource extends ConfigBaseResource {
@GET
@ProtectedApi(scopes = { ApiAccessConstants.SMTP_READ_ACCESS }, groupScopes = {
ApiAccessConstants.SMTP_WRITE_ACCESS }, superScopes = { ApiAccessConstants.SUPER_ADMIN_READ_ACCESS })
public Response getSmtpServerConfiguration() {
public Response getSmtpServerConfiguration() throws EncryptionException {
SmtpConfiguration smtpConfiguration = configurationService.getConfiguration().getSmtpConfiguration();
log.debug(SMTP_CONFIGURATION + ":{}", smtpConfiguration);
return Response.ok(Objects.requireNonNullElseGet(smtpConfiguration, SmtpConfiguration::new)).build();
log.info(SMTP_CONFIGURATION + ":{} from DB", smtpConfiguration);
decryptPassword(smtpConfiguration);
log.info(SMTP_CONFIGURATION + ":{} fetched", smtpConfiguration);
return Response.ok(smtpConfiguration).build();
}

@Operation(summary = "Adds SMTP server configuration", description = "Adds SMTP server configuration", operationId = "post-config-smtp", tags = {
Expand All @@ -86,17 +88,15 @@ public Response getSmtpServerConfiguration() {
ApiAccessConstants.SUPER_ADMIN_WRITE_ACCESS })
public Response setupSmtpConfiguration(@Valid SmtpConfiguration smtpConfiguration) throws EncryptionException {
log.debug(SMTP_CONFIGURATION + ":{}", smtpConfiguration);
String password = smtpConfiguration.getPassword();
if (password != null && !password.isEmpty()) {
smtpConfiguration.setPassword(encryptionService.encrypt(password));
}

encryptPassword(smtpConfiguration);
GluuConfiguration configurationUpdate = configurationService.getConfiguration();
log.debug("configurationUpdate:{}", configurationUpdate);
configurationUpdate.setSmtpConfiguration(smtpConfiguration);
configurationService.updateConfiguration(configurationUpdate);
return Response.status(Response.Status.CREATED)
.entity(configurationService.getConfiguration().getSmtpConfiguration()).build();
smtpConfiguration = configurationService.getConfiguration().getSmtpConfiguration();
decryptPassword(smtpConfiguration);
log.debug("After creeation " + SMTP_CONFIGURATION + ":{}", smtpConfiguration);
return Response.status(Response.Status.CREATED).entity(smtpConfiguration).build();
}

@Operation(summary = "Updates SMTP server configuration", description = "Updates SMTP server configuration", operationId = "put-config-smtp", tags = {
Expand All @@ -113,16 +113,15 @@ public Response setupSmtpConfiguration(@Valid SmtpConfiguration smtpConfiguratio
ApiAccessConstants.SUPER_ADMIN_WRITE_ACCESS })
public Response updateSmtpConfiguration(@Valid SmtpConfiguration smtpConfiguration) throws EncryptionException {
log.debug(SMTP_CONFIGURATION + ":{}", smtpConfiguration);
String password = smtpConfiguration.getPassword();
if (password != null && !password.isEmpty()) {
smtpConfiguration.setPassword(encryptionService.encrypt(password));
}
log.debug(SMTP_CONFIGURATION + ":{}", smtpConfiguration);
encryptPassword(smtpConfiguration);
GluuConfiguration configurationUpdate = configurationService.getConfiguration();
log.debug("configurationUpdate:{}", configurationUpdate);
configurationUpdate.setSmtpConfiguration(smtpConfiguration);
configurationService.updateConfiguration(configurationUpdate);
return Response.ok(configurationService.getConfiguration().getSmtpConfiguration()).build();
smtpConfiguration = configurationService.getConfiguration().getSmtpConfiguration();
decryptPassword(smtpConfiguration);
log.debug("After update " + SMTP_CONFIGURATION + ":{}", smtpConfiguration);
return Response.ok(smtpConfiguration).build();
}

@Operation(summary = "Test SMTP server configuration", description = "Test SMTP server configuration", operationId = "test-config-smtp", tags = {
Expand All @@ -145,7 +144,7 @@ public Response testSmtpConfiguration() throws EncryptionException {
smtpConfiguration.getFromName(), smtpConfiguration.getFromEmailAddress(), null,
"SMTP Configuration verification", "Mail to test smtp configuration",
"Mail to test smtp configuration");
log.debug("smtpConfiguration test status:{}", status);
log.info("smtpConfiguration test status:{}", status);
return Response.ok(status).build();
}

Expand All @@ -165,4 +164,32 @@ public Response removeSmtpConfiguration() {
return Response.noContent().build();
}

private SmtpConfiguration encryptPassword(SmtpConfiguration smtpConfiguration) throws EncryptionException {
if (smtpConfiguration == null) {
return smtpConfiguration;
}
String password = smtpConfiguration.getPassword();
if (password != null && !password.isEmpty()) {
try {
encryptionService.decrypt(password);
} catch (Exception ex) {
log.error("Exception while decryption of smtpConfiguration password hence will encrypt it!!!");
smtpConfiguration.setPassword(encryptionService.encrypt(password));
}
}
return smtpConfiguration;
}

private SmtpConfiguration decryptPassword(SmtpConfiguration smtpConfiguration) throws EncryptionException {
if (smtpConfiguration != null) {
String password = smtpConfiguration.getPassword();
if (password != null && !password.isEmpty()) {
smtpConfiguration.setPassword(encryptionService.decrypt(password));
}
} else {
smtpConfiguration = new SmtpConfiguration();
}
return smtpConfiguration;
}

}
2 changes: 1 addition & 1 deletion ...-config-api/server/src/main/java/io/jans/configapi/security/api/ApiProtectionService.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -172,7 +172,7 @@ private List<Scope> validateScope(String resourceName, ProtectionScopeType prote
log.debug("Re-verify ConfigApiScope rsScope.getName():{} with rsScope.getInum():{} in DB - scope:{} ",
rsScope.getName(), rsScope.getInum(), scope);
if (scope == null) {
log.debug("Scope - '{}' does not exist, hence creating it.", scope);
log.info("Scope - '{}' does not exist, hence creating it.", scope);
// Scope does not exists hence create Scope
scope = new Scope();
String inum = rsScope.getInum();
Expand Down