From 34017c5b11c11acfa03613cebdc8805d451cb690 Mon Sep 17 00:00:00 2001
From: chasegawa <chasegawa@unicon.net>
Date: Thu, 18 Mar 2021 15:20:44 -0700
Subject: [PATCH] SHIBUI-1750

Updated controller for entity query to support the MDQ spec.
Added the spring etags filter.
---
 .../ui/configuration/ETagsConfiguration.java  | 17 ++++
 .../ui/controller/EntitiesController.java     | 28 ++++---
 .../controller/EntitiesControllerTests.groovy | 83 +++++++++++++++++++
 3 files changed, 115 insertions(+), 13 deletions(-)
 create mode 100644 backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/configuration/ETagsConfiguration.java

diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/configuration/ETagsConfiguration.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/configuration/ETagsConfiguration.java
new file mode 100644
index 000000000..a409c8909
--- /dev/null
+++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/configuration/ETagsConfiguration.java
@@ -0,0 +1,17 @@
+package edu.internet2.tier.shibboleth.admin.ui.configuration;
+
+import org.springframework.boot.web.servlet.FilterRegistrationBean;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.web.filter.ShallowEtagHeaderFilter;
+
+@Configuration
+public class ETagsConfiguration {
+    @Bean
+    public FilterRegistrationBean<ShallowEtagHeaderFilter> shallowEtagHeaderFilter() {
+        FilterRegistrationBean<ShallowEtagHeaderFilter> filterRegistrationBean = new FilterRegistrationBean<>(new ShallowEtagHeaderFilter());
+        filterRegistrationBean.addUrlPatterns("/api/entities/*", "/entities/*");
+        filterRegistrationBean.setName("etagFilter");
+        return filterRegistrationBean;
+    }
+}
diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/EntitiesController.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/EntitiesController.java
index 8a5172fb6..e96b7b5b0 100644
--- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/EntitiesController.java
+++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/EntitiesController.java
@@ -1,16 +1,14 @@
 package edu.internet2.tier.shibboleth.admin.ui.controller;
 
-import edu.internet2.tier.shibboleth.admin.ui.domain.frontend.EntityDescriptorRepresentation;
-import edu.internet2.tier.shibboleth.admin.ui.opensaml.OpenSamlObjects;
-import edu.internet2.tier.shibboleth.admin.ui.service.EntityDescriptorService;
-import net.shibboleth.utilities.java.support.resolver.CriteriaSet;
-import net.shibboleth.utilities.java.support.resolver.ResolverException;
+import java.io.UnsupportedEncodingException;
+import java.net.URLDecoder;
+
+import javax.servlet.http.HttpServletRequest;
+
 import org.opensaml.core.criterion.EntityIdCriterion;
 import org.opensaml.core.xml.io.MarshallingException;
 import org.opensaml.saml.metadata.resolver.MetadataResolver;
 import org.opensaml.saml.saml2.metadata.EntityDescriptor;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.ResponseEntity;
 import org.springframework.stereotype.Controller;
@@ -18,15 +16,19 @@
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestMethod;
 
-import javax.servlet.http.HttpServletRequest;
-import java.io.UnsupportedEncodingException;
-import java.net.URLDecoder;
+import edu.internet2.tier.shibboleth.admin.ui.domain.frontend.EntityDescriptorRepresentation;
+import edu.internet2.tier.shibboleth.admin.ui.opensaml.OpenSamlObjects;
+import edu.internet2.tier.shibboleth.admin.ui.service.EntityDescriptorService;
+import lombok.extern.slf4j.Slf4j;
+import net.shibboleth.utilities.java.support.resolver.CriteriaSet;
+import net.shibboleth.utilities.java.support.resolver.ResolverException;
 
 @Controller
-@RequestMapping(value = "/api/entities", method = RequestMethod.GET)
+@RequestMapping(value = { "/entities", // per protocol - https://spaces.at.internet2.edu/display/MDQ/Metadata+Query+Protocol
+                          "/api/entities" }, // existing - included to break no existing code
+                method = RequestMethod.GET)
+@Slf4j
 public class EntitiesController {
-    private static final Logger logger = LoggerFactory.getLogger(EntitiesController.class);
-
     @Autowired
     private MetadataResolver metadataResolver;
 
diff --git a/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/controller/EntitiesControllerTests.groovy b/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/controller/EntitiesControllerTests.groovy
index ea265d46d..e906cb058 100644
--- a/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/controller/EntitiesControllerTests.groovy
+++ b/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/controller/EntitiesControllerTests.groovy
@@ -64,6 +64,14 @@ class EntitiesControllerTests extends Specification {
         result.andExpect(status().isNotFound())
     }
 
+    def 'GET /entities/test'() {
+        when:
+        def result = mockMvc.perform(get("/entities/test"))
+
+        then:
+        result.andExpect(status().isNotFound())
+    }
+    
     def 'GET /api/entities/test XML'() {
         when:
         def result = mockMvc.perform(get("/api/entities/test").header('Accept', 'application/xml'))
@@ -72,6 +80,15 @@ class EntitiesControllerTests extends Specification {
         result.andExpect(status().isNotFound())
     }
 
+    def 'GET /entities/test XML'() {
+        when:
+        def result = mockMvc.perform(get("/entities/test").header('Accept', 'application/xml'))
+
+        then:
+        result.andExpect(status().isNotFound())
+    }
+
+    
     def 'GET /api/entities/http%3A%2F%2Ftest.scaldingspoon.org%2Ftest1'() {
         given:
         def expectedBody = '''
@@ -108,6 +125,42 @@ class EntitiesControllerTests extends Specification {
                 .andExpect(content().json(expectedBody, false))
     }
 
+    def 'GET /entities/http%3A%2F%2Ftest.scaldingspoon.org%2Ftest1'() {
+        given:
+        def expectedBody = '''
+            {
+                "id":null,
+                "serviceProviderName":null,
+                "entityId":"http://test.scaldingspoon.org/test1",
+                "organization":null,
+                "contacts":null,
+                "mdui":null,
+                "serviceProviderSsoDescriptor": {
+                    "protocolSupportEnum":"SAML 2",
+                    "nameIdFormats":["urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"]
+                },
+                "logoutEndpoints":null,
+                "securityInfo":null,
+                "assertionConsumerServices":[
+                    {"locationUrl":"https://test.scaldingspoon.org/test1/acs","binding":"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST","makeDefault":false}
+                ],
+                "serviceEnabled":false,
+                "createdDate":null,
+                "modifiedDate":null,
+                "relyingPartyOverrides":{},
+                "attributeRelease":["givenName","employeeNumber"]
+            }
+        '''
+        when:
+        def result = mockMvc.perform(get('/entities/http%3A%2F%2Ftest.scaldingspoon.org%2Ftest1'))
+
+        then:
+        def x = content()
+        result.andExpect(status().isOk())
+                .andExpect(content().contentType(MediaType.APPLICATION_JSON))
+                .andExpect(content().json(expectedBody, false))
+    }
+    
     def 'GET /api/entities/http%3A%2F%2Ftest.scaldingspoon.org%2Ftest1 XML'() {
         given:
         def expectedBody = '''<?xml version="1.0" encoding="UTF-8"?>
@@ -137,4 +190,34 @@ class EntitiesControllerTests extends Specification {
                 .andExpect(content().contentType('application/xml;charset=ISO-8859-1'))
                 .andExpect(content().xml(expectedBody))
     }
+    
+    def 'GET /entities/http%3A%2F%2Ftest.scaldingspoon.org%2Ftest1 XML'() {
+        given:
+        def expectedBody = '''<?xml version="1.0" encoding="UTF-8"?>
+<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" entityID="http://test.scaldingspoon.org/test1">
+  <md:Extensions>
+    <mdattr:EntityAttributes xmlns:mdattr="urn:oasis:names:tc:SAML:metadata:attribute">
+      <saml:Attribute xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://scaldingspoon.org/realm" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
+        <saml:AttributeValue>internal</saml:AttributeValue>
+      </saml:Attribute>
+      <saml:Attribute xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://shibboleth.net/ns/attributes/releaseAllValues" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
+        <saml:AttributeValue>givenName</saml:AttributeValue>
+        <saml:AttributeValue>employeeNumber</saml:AttributeValue>
+      </saml:Attribute>
+    </mdattr:EntityAttributes>
+  </md:Extensions>
+  <md:SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
+    <md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified</md:NameIDFormat>
+    <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://test.scaldingspoon.org/test1/acs" index="1"/>
+  </md:SPSSODescriptor>
+</md:EntityDescriptor>
+'''
+        when:
+        def result = mockMvc.perform(get('/entities/http%3A%2F%2Ftest.scaldingspoon.org%2Ftest1').header('Accept', 'application/xml'))
+
+        then:
+        result.andExpect(status().isOk())
+                .andExpect(content().contentType('application/xml;charset=ISO-8859-1'))
+                .andExpect(content().xml(expectedBody))
+    }
 }