From 05149335b30d585e32bbec5a9b7e177efdfcd0f4 Mon Sep 17 00:00:00 2001
From: Bill Smith <wsmith@unicon.net>
Date: Tue, 13 Nov 2018 17:16:55 -0700
Subject: [PATCH] [SHIBUI-999]

Added dependency on commons-io.
Moved validation of json schema to before the body is read/used.
Fixed a bug in relying party overrides creation from representation that
would cause a boolean value to be persisted instead of the persistValue
defined in the yaml.
---
 backend/build.gradle                          |  3 ++
 ...sonSchemaValidatingControllerAdvice.groovy | 29 +++++++++++++++----
 .../ui/service/JPAEntityServiceImpl.java      |  5 ++--
 3 files changed, 30 insertions(+), 7 deletions(-)

diff --git a/backend/build.gradle b/backend/build.gradle
index f03f9f9ed..baba8fd6d 100644
--- a/backend/build.gradle
+++ b/backend/build.gradle
@@ -139,6 +139,9 @@ dependencies {
     
     //JSON schema validator
     compile 'org.sharegov:mjson:1.4.1'
+
+    //Apache commons-io
+    compile group: 'commons-io', name: 'commons-io', version: '2.6'
 }
 
 def generatedSrcDir = new File(buildDir, 'generated/src/main/java')
diff --git a/backend/src/main/groovy/edu/internet2/tier/shibboleth/admin/ui/jsonschema/RelyingPartyOverridesJsonSchemaValidatingControllerAdvice.groovy b/backend/src/main/groovy/edu/internet2/tier/shibboleth/admin/ui/jsonschema/RelyingPartyOverridesJsonSchemaValidatingControllerAdvice.groovy
index 712142172..72931e182 100644
--- a/backend/src/main/groovy/edu/internet2/tier/shibboleth/admin/ui/jsonschema/RelyingPartyOverridesJsonSchemaValidatingControllerAdvice.groovy
+++ b/backend/src/main/groovy/edu/internet2/tier/shibboleth/admin/ui/jsonschema/RelyingPartyOverridesJsonSchemaValidatingControllerAdvice.groovy
@@ -1,9 +1,13 @@
 package edu.internet2.tier.shibboleth.admin.ui.jsonschema
 
 import edu.internet2.tier.shibboleth.admin.ui.domain.frontend.EntityDescriptorRepresentation
+import groovy.json.JsonBuilder
 import mjson.Json
+import org.apache.commons.io.IOUtils
+import org.apache.commons.io.input.CloseShieldInputStream
 import org.springframework.beans.factory.annotation.Autowired
 import org.springframework.core.MethodParameter
+import org.springframework.http.HttpHeaders
 import org.springframework.http.HttpInputMessage
 import org.springframework.http.HttpStatus
 import org.springframework.http.ResponseEntity
@@ -11,6 +15,7 @@ import org.springframework.http.converter.HttpMessageConverter
 import org.springframework.web.bind.annotation.ControllerAdvice
 import org.springframework.web.bind.annotation.ExceptionHandler
 import org.springframework.web.context.request.WebRequest
+import org.springframework.web.servlet.mvc.method.annotation.AbstractMessageConverterMethodArgumentResolver
 import org.springframework.web.servlet.mvc.method.annotation.RequestBodyAdviceAdapter
 
 import javax.annotation.PostConstruct
@@ -38,15 +43,29 @@ class RelyingPartyOverridesJsonSchemaValidatingControllerAdvice extends RequestB
     }
 
     @Override
-    Object afterBodyRead(Object body, HttpInputMessage inputMessage, MethodParameter parameter, Type targetType, Class<? extends HttpMessageConverter<?>> converterType) {
-        def relyingPartyOverrides = EntityDescriptorRepresentation.cast(body).relyingPartyOverrides
-        def relyingPartyOverridesJson = Json.make([relyingPartyOverrides: relyingPartyOverrides])
+    HttpInputMessage beforeBodyRead(HttpInputMessage inputMessage, MethodParameter parameter,
+                                           Type targetType, Class<? extends HttpMessageConverter<?>> converterType)
+            throws IOException {
+        def baos = new ByteArrayOutputStream()
+        IOUtils.copy(inputMessage.body, baos)
+        def bytes = baos.toByteArray()
         def schema = Json.schema(this.jsonSchemaLocation.uri)
-        def validationResult = schema.validate(relyingPartyOverridesJson)
+        def stream = new ByteArrayInputStream(bytes)
+        def validationResult = schema.validate(Json.read(stream.getText()))
         if (!validationResult.at('ok')) {
             throw new JsonSchemaValidationFailedException(validationResult.at('errors').asList())
         }
-        body
+        return new HttpInputMessage() {
+            @Override
+            InputStream getBody() throws IOException {
+                return new ByteArrayInputStream(bytes)
+            }
+
+            @Override
+            HttpHeaders getHeaders() {
+                return inputMessage.getHeaders()
+            }
+        }
     }
 
     @ExceptionHandler(JsonSchemaValidationFailedException)
diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/JPAEntityServiceImpl.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/JPAEntityServiceImpl.java
index 31a8b28ae..dd4335dea 100644
--- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/JPAEntityServiceImpl.java
+++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/JPAEntityServiceImpl.java
@@ -105,10 +105,11 @@ public List<Attribute> getAttributeListFromRelyingPartyOverridesRepresentation(M
             switch (ModelRepresentationConversions.AttributeTypes.valueOf(overrideProperty.getDisplayType().toUpperCase())) {
                 case BOOLEAN:
                     if (overrideProperty.getPersistType() != null &&
-                        !overrideProperty.getPersistType().equalsIgnoreCase("boolean")) {
+                        !overrideProperty.getPersistType().equalsIgnoreCase("boolean") &&
+                            (Boolean) entry.getValue()) {
                         list.add(attributeUtility.createAttributeWithStringValues(overrideProperty.getAttributeName(),
                                                                                    overrideProperty.getAttributeFriendlyName(),
-                                                                                   (String) entry.getValue()));
+                                                                                   overrideProperty.getPersistValue()));
                     } else {
                         list.add(attributeUtility.createAttributeWithBooleanValue(overrideProperty.getAttributeName(),
                                                                                    overrideProperty.getAttributeFriendlyName(),