fixed activeKeyId on update

[#137124807] https://www.pivotaltracker.com/story/show/137124807 Signed-off-by: Helen Chung <hchung@pivotal.io>
cloudfoundry · Jan 27, 2017 · 07b67d5 · 07b67d5
1 parent 0738640
commit 07b67d5
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 4 deletions.
diff --git a/server/src/main/java/org/cloudfoundry/identity/uaa/zone/IdentityZoneEndpoints.java b/server/src/main/java/org/cloudfoundry/identity/uaa/zone/IdentityZoneEndpoints.java
@@ -227,6 +227,10 @@ public ResponseEntity<IdentityZone> updateIdentityZone(
             throw new AccessDeniedException("Zone admins can only update their own zone.");
         }
 
+        // make sure it exists
+        IdentityZone existingZone = zoneDao.retrieve(id);
+        restoreSecretProperties(existingZone, body);
+
         try {
             body = validator.validate(body, IdentityZoneValidator.Mode.MODIFY);
         } catch(InvalidIdentityZoneDetailsException ex) {
@@ -236,11 +240,8 @@ public ResponseEntity<IdentityZone> updateIdentityZone(
         IdentityZone previous = IdentityZoneHolder.get();
         try {
             logger.debug("Zone - updating id["+id+"] subdomain["+body.getSubdomain()+"]");
-            // make sure it exists
-            IdentityZone existingZone = zoneDao.retrieve(id);
             // ignore the id in the body, the id in the path is the only one that matters
             body.setId(id);
-            validateAndUpdateConfig(existingZone, body);
             IdentityZone updated = zoneDao.update(body);
             IdentityZoneHolder.set(updated); //what???
             logger.debug("Zone - updated id[" + updated.getId() + "] subdomain[" + updated.getSubdomain() + "]");
@@ -250,7 +251,7 @@ public ResponseEntity<IdentityZone> updateIdentityZone(
         }
     }
 
-    private void validateAndUpdateConfig(IdentityZone existingZone, IdentityZone newZone) {
+    private void restoreSecretProperties(IdentityZone existingZone, IdentityZone newZone) {
         if(newZone.getConfig() != null) {
             if (newZone.getConfig().getTokenPolicy() != null) {
                 if (newZone.getConfig().getTokenPolicy().getKeys() != null && !newZone.getConfig().getTokenPolicy().getKeys().isEmpty()) {

diff --git a/...test/java/org/cloudfoundry/identity/uaa/mock/zones/IdentityZoneEndpointsMockMvcTests.java b/...test/java/org/cloudfoundry/identity/uaa/mock/zones/IdentityZoneEndpointsMockMvcTests.java
@@ -449,6 +449,7 @@ public void testCreateAndUpdateDoesNotReturnKeys() throws Exception {
 
         IdentityZone created = createZone(id, HttpStatus.CREATED, identityClientToken);
         assertEquals(Collections.EMPTY_MAP, created.getConfig().getTokenPolicy().getKeys());
+        assertEquals("kid", created.getConfig().getTokenPolicy().getActiveKeyId());
         assertNull(created.getConfig().getSamlConfig().getPrivateKey());
         assertNull(created.getConfig().getSamlConfig().getPrivateKeyPassword());
         assertNull(created.getConfig().getSamlConfig().getCertificate());
@@ -458,6 +459,7 @@ public void testCreateAndUpdateDoesNotReturnKeys() throws Exception {
         HashMap<String, String> keys = new HashMap<>();
         keys.put("key1","value1");
         tokenPolicy.setKeys(keys);
+        tokenPolicy.setActiveKeyId("key1");
         SamlConfig samlConfig = new SamlConfig();
         samlConfig.setCertificate(serviceProviderCertificate);
         samlConfig.setPrivateKey(serviceProviderKey);
@@ -469,6 +471,7 @@ public void testCreateAndUpdateDoesNotReturnKeys() throws Exception {
         IdentityZone updated = updateZone(created, HttpStatus.OK, identityClientToken);
         assertEquals("updated description", updated.getDescription());
         assertEquals(Collections.EMPTY_MAP, updated.getConfig().getTokenPolicy().getKeys());
+        assertEquals("key1", updated.getConfig().getTokenPolicy().getActiveKeyId());
         assertNull(updated.getConfig().getSamlConfig().getPrivateKey());
         assertNull(updated.getConfig().getSamlConfig().getPrivateKeyPassword());
         assertNull(updated.getConfig().getSamlConfig().getCertificate());
@@ -1356,6 +1359,7 @@ public void userCanReadAZone_withZoneZoneIdReadToken() throws Exception {
         assertNull(zoneResult.getConfig().getSamlConfig().getCertificate());
         assertNull(zoneResult.getConfig().getSamlConfig().getPrivateKeyPassword());
         assertEquals(Collections.EMPTY_MAP, zoneResult.getConfig().getTokenPolicy().getKeys());
+        assertEquals("kid", zoneResult.getConfig().getTokenPolicy().getActiveKeyId());
     }
 
     private IdentityZone getIdentityZone(String id, HttpStatus expect, String token) throws Exception {
@@ -1380,6 +1384,7 @@ private IdentityZone createZone(String id, HttpStatus expect, String token) thro
         Map<String, String> keys = new HashMap<>();
         keys.put("kid", "key");
         identityZone.getConfig().getTokenPolicy().setKeys(keys);
+        identityZone.getConfig().getTokenPolicy().setActiveKeyId("kid");
 
         MvcResult result = getMockMvc().perform(
             post("/identity-zones")