AbsaOSS · dk1844 · Sep 11, 2023 · Sep 6, 2023
@@ -16,4 +16,10 @@
 
 package za.co.absa.loginsvc.model
 
-case class User(name: String, email: Option[String], displayName: Option[String], groups: Seq[String])
+case class User(name: String, email: Option[String], displayName: Option[String], groups: Seq[String]) {
+  def filterGroupsByPrefixes(prefixes: Set[String]): User = {
+    val filteredGroups = groups.filter(group => prefixes.exists(group.startsWith))
+
+    this.copy(groups = filteredGroups)
+  }
+}
@@ -72,21 +72,21 @@ class TokenController @Autowired()(jwtService: JWTService) {
         ))
     )
   )
-  @Parameter(in = ParameterIn.QUERY, name = "groups-prefix", schema = new Schema(implementation = classOf[String]), example = "pam-",
-    description = "Prefix of groups only to be returned in JWT user object")
+  @Parameter(in = ParameterIn.QUERY, name = "group-prefixes", schema = new Schema(implementation = classOf[String]), example = "pam-,dehdl-",
+    description = "Prefixes of groups only to be returned in JWT user object (,-separated)")
   @PostMapping(
     path = Array("/generate"),
     produces = Array(MediaType.APPLICATION_JSON_VALUE)
   )
   @ResponseStatus(HttpStatus.OK)
   @SecurityRequirement(name = "basicAuth")
-  def generateToken(authentication: Authentication, @RequestParam("groups-prefix") optionalGroupsPrefix: Optional[String]): CompletableFuture[TokenWrapper] = {
+  def generateToken(authentication: Authentication, @RequestParam("group-prefixes") groupPrefixes: Optional[String]): CompletableFuture[TokenWrapper] = {
     val user = authentication.getPrincipal.asInstanceOf[User]
-    val groupsPrefix = optionalGroupsPrefix.toScalaOption
+    val groupPrefixesStrScala = groupPrefixes.toScalaOption
 
-    val filteredGroupsUser = groupsPrefix.applyIfDefined(user, { (user: User, prefix) =>
-      val filteredGroups = user.groups.filter(_.startsWith(prefix))
-      user.copy(groups = filteredGroups)
+    val filteredGroupsUser = groupPrefixesStrScala.applyIfDefined(user, { (user: User, prefixesStr) =>
+      val prefixes = prefixesStr.trim.split(',')
+      user.filterGroupsByPrefixes(prefixes.toSet)
     })
 
     val jwt = jwtService.generateToken(filteredGroupsUser)

@@ -0,0 +1,22 @@
+package za.co.absa.loginsvc.model
+
+import org.scalatest.flatspec.AnyFlatSpec
+import org.scalatest.matchers.should.Matchers
+
+class UserTest extends AnyFlatSpec with Matchers {
+
+  val testUser = User("testUser", None, None, groups = Seq(
+    "blue-123",
+    "blue-256",
+    "red-ABC",
+    "reddish-DEF",
+    "black",
+    "black-and-white"
+  ))
+
+  "User" should "filterGroups by prefixes" in {
+    testUser.filterGroupsByPrefixes(Set("red", "black", "yellow")) shouldBe
+      testUser.copy(groups = Seq("red-ABC", "reddish-DEF", "black","black-and-white"))
+  }
+
+}
@@ -26,7 +26,7 @@ import java.util
 
 object FakeAuthentication {
 
-  val fakeUser: User = User("fakeUser", Some("[email protected]"), Some("Fake Name"), Seq("fake-group1", "second-fake-group"))
+  val fakeUser: User = User("fakeUser", Some("[email protected]"), Some("Fake Name"), Seq("first-fake-group", "second-fake-group", "third-fake-group", "another-group"))
 
   val fakeUserAuthentication: Authentication = new UsernamePasswordAuthenticationToken(
     fakeUser, "fakePassword", new util.ArrayList[GrantedAuthority]()

@@ -48,8 +48,9 @@ class TokenControllerTest extends AnyFlatSpec with ControllerIntegrationTestBase
 
   behavior of "generateToken"
 
+  val fakeJWT = "abc.fakeJWTToken.abc"
+
   it should "return token generated by mocked JWTService for the authenticated user" in {
-    val fakeJWT = "abc.fakeJWTToken.abc"
     when(jwtService.generateToken(FakeAuthentication.fakeUser)).thenReturn(fakeJWT)
 
     assertOkAndResultBodyJsonEquals(
@@ -59,22 +60,30 @@ class TokenControllerTest extends AnyFlatSpec with ControllerIntegrationTestBase
     )(FakeAuthentication.fakeUserAuthentication)
   }
 
-  it should "return token generated by mocked JWTService for the authenticated user with groups-prefix" in {
-    val fakeJWT = "abc.fakeJWTToken.abc"
+  it should "return token generated by mocked JWTService for the authenticated user with group-prefixes (single)" in {
+    // `groups-prefixes` fill change the groups in user object passed to the jwtService.generateToken
+    val fakeUserFilteredGroups = FakeAuthentication.fakeUser.copy(groups = Seq("first-fake-group"))
+    when(jwtService.generateToken(fakeUserFilteredGroups)).thenReturn(fakeJWT)
+
+    assertOkAndResultBodyJsonEquals(
+      "/token/generate?group-prefixes=first",
+      Post(),
+      s"""{"token": "$fakeJWT"}"""
+    )(FakeAuthentication.fakeUserAuthentication)
+  }
 
-    // `groups-prefix` fill change the groups in user object passed to the jwtService.generateToken
-    val fakeUserFilteredGroups = FakeAuthentication.fakeUser.copy(groups = Seq("fake-group1"))
+  it should "return token generated by mocked JWTService for the authenticated user with group-prefixes (multiple ,-separated)" in {
+    val fakeUserFilteredGroups = FakeAuthentication.fakeUser.copy(groups = Seq("second-fake-group", "third-fake-group"))
     when(jwtService.generateToken(fakeUserFilteredGroups)).thenReturn(fakeJWT)
 
     assertOkAndResultBodyJsonEquals(
-      "/token/generate?groups-prefix=fake",
+      "/token/generate?group-prefixes=second,third,nonexistent",
       Post(),
       s"""{"token": "$fakeJWT"}"""
     )(FakeAuthentication.fakeUserAuthentication)
   }
 
   it should "fail for anonymous (not authenticated) user" in {
-    val fakeJWT = "abc.fakeJWTToken.abc"
     when(jwtService.generateToken(any[User]())).thenReturn(fakeJWT)
 
     assertNotAuthenticatedFailure(