Skip to content

Commit

Permalink
[SYNCOPE-1651] Reviewing delegation validation logic
Browse files Browse the repository at this point in the history
  • Loading branch information
@ilgrosso
ilgrosso committed Nov 24, 2021
1 parent 661b22f commit 2f23ffe
Showing 1 changed file with 15 additions and 9 deletions.
24 changes: 15 additions & 9 deletions core/spring/src/main/java/org/apache/syncope/core/spring/security/AuthDataAccessor.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -184,17 +184,23 @@ public Domain findDomain(final String key) {
}

protected String getDelegationKey(final SyncopeAuthenticationDetails details, final String delegatedKey) {
return Optional.ofNullable(details.getDelegatedBy()).
map(delegatingKey -> SyncopeConstants.UUID_PATTERN.matcher(delegatingKey).matches()
? delegatingKey
: userDAO.findKey(delegatingKey)).map(delegatingKey -> {
if (details.getDelegatedBy() == null) {
return null;
}

String delegatingKey = SyncopeConstants.UUID_PATTERN.matcher(details.getDelegatedBy()).matches()
? details.getDelegatedBy()
: userDAO.findKey(details.getDelegatedBy());
if (delegatingKey == null) {
throw new SessionAuthenticationException(
"Delegating user " + details.getDelegatedBy() + " cannot be found");
}

LOG.debug("Delegation request: delegating:{}, delegated:{}", delegatingKey, delegatedKey);
LOG.debug("Delegation request: delegating:{}, delegated:{}", delegatingKey, delegatedKey);

return delegationDAO.findValidFor(delegatingKey, delegatedKey).
orElseThrow(() -> new SessionAuthenticationException(
"Delegation by " + delegatingKey + " was requested but none found"));
}).orElse(null);
return delegationDAO.findValidFor(delegatingKey, delegatedKey).
orElseThrow(() -> new SessionAuthenticationException(
"Delegation by " + delegatingKey + " was requested but none found"));
}

/**
Expand Down

0 comments on commit 2f23ffe

Please sign in to comment.