Skip to content
This repository has been archived by the owner on May 16, 2023. It is now read-only.

Commit

Permalink
Feat: Additional Shared Realms (#283)
Browse files Browse the repository at this point in the history 
* Add support for Shared-Realms (without UserManagement)

* Add SharedRealms List to FrontendConfig
  • Loading branch information
@f11h
f11h authored Feb 21, 2023
1 parent d5e1c99 commit b9b6dc1
Show file tree
Hide file tree
Showing 7 changed files with 66 additions and 2 deletions.
4 changes: 4 additions & 0 deletions src/main/java/app/coronawarn/quicktest/config/QuickTestConfig.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,8 @@

package app.coronawarn.quicktest.config;

import java.util.ArrayList;
import java.util.List;
import lombok.Getter;
import lombok.Setter;
import org.springframework.boot.context.properties.ConfigurationProperties;
Expand All @@ -44,6 +46,8 @@ public class QuickTestConfig {
private String labId;
private String pcrEnabledKey;

private List<String> sharedRealms = new ArrayList<>();

private FrontendContextConfig frontendContextConfig = new FrontendContextConfig();
private CancellationConfig cancellation = new CancellationConfig();

Expand Down
3 changes: 2 additions & 1 deletion src/main/java/app/coronawarn/quicktest/controller/ConfigController.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -60,7 +60,8 @@ public ResponseEntity<QuickTestContextFile> getQuickTestContextFile() {
new QuickTestContextFile(
quickTestConfig.getFrontendContextConfig().getRulesServerUrl(),
quickTestConfig.getFrontendContextConfig().getEnvironmentName(),
quickTestConfig.getCancellation().getCompletePendingTestsHours()
quickTestConfig.getCancellation().getCompletePendingTestsHours(),
quickTestConfig.getSharedRealms()
));
}
}
4 changes: 4 additions & 0 deletions src/main/java/app/coronawarn/quicktest/model/quicktest/QuickTestContextFile.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,7 @@

import com.fasterxml.jackson.annotation.JsonProperty;
import io.swagger.v3.oas.annotations.media.Schema;
import java.util.List;
import lombok.Data;
import lombok.RequiredArgsConstructor;

Expand All @@ -41,4 +42,7 @@ public class QuickTestContextFile {
@JsonProperty("cancellation-complete-pending-tests")
private final int cancellationCompletePendingTests;

@JsonProperty("disable-user-management")
private final List<String> disableUserManagement;

}
13 changes: 12 additions & 1 deletion src/main/java/app/coronawarn/quicktest/utils/Utilities.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -94,7 +94,7 @@ public Map<String, String> getIdsFromToken() throws ResponseStatusException {
KeycloakPrincipal keycloakPrincipal = (KeycloakPrincipal) principal;
String realmName = keycloakPrincipal.getKeycloakSecurityContext().getRealm();

if (realmName != null && realmName.equals(keycloakAdminProperties.getRealm())) {
if (isSharedRealm(realmName)) {
String rootGroupNames = getRootGroupsFromToken();
ids.put(quickTestConfig.getTenantIdKey(), rootGroupNames);
} else {
Expand All @@ -118,6 +118,17 @@ public Map<String, String> getIdsFromToken() throws ResponseStatusException {
return ids;
}

/**
* Check if Realm is Realm with User Management via QT-Portal or is another shared realm.
*
* @param realmName Name of the Realm to check
* @return if realm is shared.
*/
private boolean isSharedRealm(String realmName) {
return realmName != null && (quickTestConfig.getSharedRealms().contains(realmName)
|| keycloakAdminProperties.getRealm().equals(realmName));
}

/**
* Get root group from Token.
*
Expand Down
1 change: 1 addition & 0 deletions src/main/resources/application-cloud.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -139,6 +139,7 @@ quicktest:
environment-name: ${QUICK_TEST_ENVIRONMENT_NAME:unknown}
cancellation:
final-deletion-days: ${QUICK_TEST_CANCELLATION_FINAL_DELETION_DAYS:28}
sharedRealms: ${QUICK_TEST_SHARED_REALMS}

archive:
excluded-partners: ${QT_ARCHIVE_EXCLUDED_PARTNERS:}
Expand Down
41 changes: 41 additions & 0 deletions src/test/java/app/coronawarn/quicktest/utils/UtilitiesTest.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -147,6 +147,47 @@ public void testGetIdsFromTokenForSelfServiceRealm() {

}

@Test
@WithMockUser(username = "myUser", roles = {"myAuthority"})
public void testGetIdsFromTokenForNonAdminSelfServiceRealm() {
final String pocId = "testPOC";
final String userId = "userId";
final String tokenGroupString = "[" +
"/rootGroup/NRW/Wuppertal/Barmen," +
"/rootGroup" +
"]";
GroupRepresentation rootGroup = new GroupRepresentation();
rootGroup.setName("rootGroup");

when(keycloakServiceMock.getRootGroupsOfUser(userId)).thenReturn(List.of(rootGroup));

SecurityContext springSecurityContext = SecurityContextHolder.createEmptyContext();
SecurityContextHolder.setContext(springSecurityContext);
Set<String> roles = Sets.newSet("user");

KeycloakPrincipal principal = mock(KeycloakPrincipal.class);
RefreshableKeycloakSecurityContext keycloakSecurityContext = mock(RefreshableKeycloakSecurityContext.class);
when(principal.getKeycloakSecurityContext()).thenReturn(keycloakSecurityContext);
when(principal.getKeycloakSecurityContext().getRealm()).thenReturn("qt-alt");

AccessToken idToken = mock(AccessToken.class);
when(idToken.getSubject()).thenReturn(userId);
when(principal.getKeycloakSecurityContext().getToken()).thenReturn(idToken);
Map<String, Object> mockTokens = new HashMap<>();
mockTokens.put(quickTestConfig.getPointOfCareIdName(), pocId);
mockTokens.put(quickTestConfig.getGroupKey(), tokenGroupString);
when(idToken.getOtherClaims()).thenReturn(mockTokens);

KeycloakAccount account = new SimpleKeycloakAccount(principal, roles, keycloakSecurityContext);
KeycloakAuthenticationToken token = new KeycloakAuthenticationToken(account, false);
springSecurityContext.setAuthentication(token);

Map<String, Object> expectedTokens = new HashMap<>();
expectedTokens.put(quickTestConfig.getTenantPointOfCareIdKey(), pocId);
expectedTokens.put(quickTestConfig.getTenantIdKey(), rootGroup.getName());
assertEquals(expectedTokens, utilities.getIdsFromToken());
}

@Test
@WithMockUser(username = "myUser", roles = {"myAuthority"})
public void testGetIdsFromTokenFailed() {
Expand Down
2 changes: 2 additions & 0 deletions src/test/resources/application.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -77,6 +77,8 @@ quicktest:
dbEncryptionKey: abcdefghjklmnopq
pointOfCareInformationName: poc_details
pointOfCareInformationDelimiter: \,
sharedRealms:
- qt-alt
clean-up-settings:
cron: "0 0 0 29 2 ?"
max-age-in-minutes: 2
Expand Down

0 comments on commit b9b6dc1

Please sign in to comment.