diff --git a/.gitignore b/.gitignore index b298de799..160d8bdd0 100644 --- a/.gitignore +++ b/.gitignore @@ -415,3 +415,8 @@ beacon/spring/out /a.xml /application.yml /backend/src/test/resources/conf/deletem.xml +/testbed/authentication/shibui/saml-signing-cert.crt +/testbed/authentication/shibui/saml-signing-cert.key +/testbed/authentication/shibui/saml-signing-cert.pem +/testbed/authentication/shibui/samlKeystore.jks +/testbed/authentication/shibui/sp-metadata.xml diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/DangerController.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/DangerController.java index 7af217eb2..15c4a4a0a 100644 --- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/DangerController.java +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/DangerController.java @@ -9,6 +9,7 @@ import edu.internet2.tier.shibboleth.admin.ui.repository.MetadataResolversPositionOrderContainerRepository; import edu.internet2.tier.shibboleth.admin.ui.repository.ShibPropertySetRepository; import edu.internet2.tier.shibboleth.admin.ui.repository.ShibPropertySettingRepository; +import edu.internet2.tier.shibboleth.admin.ui.security.repository.ApproversRepository; import edu.internet2.tier.shibboleth.admin.ui.security.repository.GroupsRepository; import edu.internet2.tier.shibboleth.admin.ui.security.repository.OwnershipRepository; import edu.internet2.tier.shibboleth.admin.ui.security.repository.UserRepository; @@ -28,6 +29,9 @@ @Profile("very-dangerous") @Slf4j public class DangerController { + @Autowired + private ApproversRepository approversRepositry; + @Autowired private CustomEntityAttributeDefinitionRepository attributeRepository; @@ -105,6 +109,7 @@ private void clearShibSettings() { } private void clearUsersAndGroups() { + approversRepositry.deleteAll(); groupRepository.deleteAll(); ownershipRepository.clearAllOwnedByGroup(); userRepository.findAll().forEach(user -> { diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/RootUiViewController.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/RootUiViewController.java index 0af16ada6..80c861898 100644 --- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/RootUiViewController.java +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/RootUiViewController.java @@ -1,6 +1,10 @@ package edu.internet2.tier.shibboleth.admin.ui.controller; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.boot.actuate.info.InfoEndpoint; +import org.springframework.http.ResponseEntity; import org.springframework.stereotype.Controller; +import org.springframework.web.bind.annotation.GetMapping; import org.springframework.web.bind.annotation.RequestMapping; import javax.servlet.http.HttpServletRequest; @@ -15,6 +19,13 @@ @Controller public class RootUiViewController { + @Autowired InfoEndpoint infoEndpoint; + + @GetMapping(value = "/info") + public ResponseEntity getInfo() { + return ResponseEntity.ok(infoEndpoint.info()); + } + @RequestMapping("/") public String index() { return "redirect:/index.html"; diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/security/model/Group.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/security/model/Group.java index cafa4127c..316ed8b6a 100644 --- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/security/model/Group.java +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/security/model/Group.java @@ -57,7 +57,7 @@ public class Group implements Owner { @Column(name = "validation_regex") private String validationRegex; - @OneToMany(fetch = FetchType.LAZY) + @OneToMany(fetch = FetchType.EAGER) private List approversList = new ArrayList<>(); /** diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/JPAEntityDescriptorServiceImpl.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/JPAEntityDescriptorServiceImpl.java index a1c80b9dc..542022ce5 100644 --- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/JPAEntityDescriptorServiceImpl.java +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/JPAEntityDescriptorServiceImpl.java @@ -231,7 +231,8 @@ public EntityDescriptorRepresentation createNew(EntityDescriptorRepresentation e validateEntityIdAndACSUrls(edRep); ed.setIdOfOwner(userService.getCurrentUserGroup().getOwnerId()); - if (shibUiAuthorizationDelegate.hasPermission(userService.getCurrentUserAuthentication(), null, PermissionType.admin)) { + if (shibUiAuthorizationDelegate.hasPermission(userService.getCurrentUserAuthentication(), null, PermissionType.admin) || + userService.getCurrentUserGroup().getApproversList().isEmpty()) { ed.setApproved(true); } @@ -250,7 +251,8 @@ public EntityDescriptorRepresentation createNewEntityDescriptorFromXMLOrigin(Ent if (ed.getProtocol() == EntityDescriptorProtocol.OIDC) { ed.getSPSSODescriptor("").addSupportedProtocol("http://openid.net/specs/openid-connect-core-1_0.html"); } - if (shibUiAuthorizationDelegate.hasPermission(userService.getCurrentUserAuthentication(), null, PermissionType.admin)) { + if (shibUiAuthorizationDelegate.hasPermission(userService.getCurrentUserAuthentication(), null, PermissionType.admin) || + userService.getCurrentUserGroup().getApproversList().isEmpty()) { ed.setApproved(true); } EntityDescriptor savedEntity = entityDescriptorRepository.save(ed); @@ -669,8 +671,14 @@ public EntityDescriptorRepresentation updateEntityDescriptorEnabledStatus(String public EntityDescriptorRepresentation updateGroupForEntityDescriptor(String resourceId, String groupId) { EntityDescriptor ed = entityDescriptorRepository.findByResourceId(resourceId); ed.setIdOfOwner(groupId); + Group group = groupService.find(groupId); ownershipRepository.deleteEntriesForOwnedObject(ed); - ownershipRepository.save(new Ownership(groupService.find(groupId), ed)); + ownershipRepository.save(new Ownership(group, ed)); + // check and see if we need to update the approved status + if (!ed.isServiceEnabled()) { + int numApprovers = group.getApproversList().size(); + ed.setApproved(!(numApprovers > 0 && ed.approvedCount() < numApprovers)); + } EntityDescriptor savedEntity = entityDescriptorRepository.save(ed); return createRepresentationFromDescriptor(savedEntity); } diff --git a/ui/src/app/App.constant.js b/ui/src/app/App.constant.js index afa7a688c..ed133f11d 100644 --- a/ui/src/app/App.constant.js +++ b/ui/src/app/App.constant.js @@ -16,7 +16,7 @@ export const getActuatorPath = () => { export const BASE_PATH = getBasePath(); export const API_BASE_PATH = `${BASE_PATH}api`; -export const ACTUATOR_PATH = getActuatorPath(); +export const ACTUATOR_PATH = getBasePath(); export const FILTER_PLUGIN_TYPES = ['RequiredValidUntil', 'SignatureValidation', 'EntityRoleWhiteList']; diff --git a/ui/src/app/core/components/VersionInfo.js b/ui/src/app/core/components/VersionInfo.js index 1c88ad271..a833cec08 100644 --- a/ui/src/app/core/components/VersionInfo.js +++ b/ui/src/app/core/components/VersionInfo.js @@ -16,7 +16,7 @@ export function VersionInfo () { 'mode':'no-cors' } } - const { data = {} } = useFetch(`${ACTUATOR_PATH}actuator/info`, opts, []); + const { data = {} } = useFetch(`${ACTUATOR_PATH}/info`, opts, []); const [ versionData, setVersionData ] = React.useState('');