(syncope) branch 3_0_X updated: [SYNCOPE-1811] MFA bypass properties (#665)

mdisabatino Wed, 27 Mar 2024 08:51:11 -0700

This is an automated email from the ASF dual-hosted git repository.

mdisabatino pushed a commit to branch 3_0_X
in repository https://gitbox.apache.org/repos/asf/syncope.git



The following commit(s) were added to refs/heads/3_0_X by this push:
     new f55f7ff2b5 [SYNCOPE-1811] MFA bypass properties (#665)
f55f7ff2b5 is described below

commit f55f7ff2b5cd54e235066f7610d502eaa3ea89ae
Author: mdisabatino <[email protected]>
AuthorDate: Wed Mar 27 16:51:00 2024 +0100

    [SYNCOPE-1811] MFA bypass properties (#665)
---
 .../console/policies/AuthPolicyModalPanel.java     | 19 ++++++++++++++
 .../console/policies/AuthPolicyModalPanel.html     |  9 +++++++
 .../policies/PolicyDirectoryPanel.properties       |  3 +++
 .../policies/PolicyDirectoryPanel_fr_CA.properties |  3 +++
 .../policies/PolicyDirectoryPanel_it.properties    |  3 +++
 .../policies/PolicyDirectoryPanel_ja.properties    |  4 +++
 .../policies/PolicyDirectoryPanel_pt_BR.properties |  3 +++
 .../policies/PolicyDirectoryPanel_ru.properties    |  3 +++
 .../common/lib/policy/DefaultAuthPolicyConf.java   | 30 ++++++++++++++++++++++
 .../wa/starter/mapping/DefaultAuthMapper.java      | 16 +++++++++---
 10 files changed, 90 insertions(+), 3 deletions(-)

diff --git 
a/client/am/console/src/main/java/org/apache/syncope/client/console/policies/AuthPolicyModalPanel.java
 
b/client/am/console/src/main/java/org/apache/syncope/client/console/policies/AuthPolicyModalPanel.java
index eec6a0b236..76833d3574 100644
--- 
a/client/am/console/src/main/java/org/apache/syncope/client/console/policies/AuthPolicyModalPanel.java
+++ 
b/client/am/console/src/main/java/org/apache/syncope/client/console/policies/AuthPolicyModalPanel.java
@@ -28,6 +28,7 @@ import 
org.apache.syncope.client.console.wicket.markup.html.bootstrap.dialog.Bas
 import org.apache.syncope.client.ui.commons.Constants;
 import org.apache.syncope.client.ui.commons.markup.html.form.AjaxCheckBoxPanel;
 import org.apache.syncope.client.ui.commons.markup.html.form.AjaxPalettePanel;
+import 
org.apache.syncope.client.ui.commons.markup.html.form.AjaxTextFieldPanel;
 import org.apache.syncope.client.ui.commons.pages.BaseWebPage;
 import org.apache.syncope.common.lib.policy.AuthPolicyTO;
 import org.apache.syncope.common.lib.to.AuthModuleTO;
@@ -79,6 +80,24 @@ public class AuthPolicyModalPanel extends 
AbstractModalPanel<AuthPolicyTO> {
                 "authModules",
                 new PropertyModel<>(model.getObject().getConf(), 
"authModules"),
                 allAuthModules));
+
+        add(new AjaxCheckBoxPanel(
+                "bypassEnabled",
+                "bypassEnabled",
+                new PropertyModel<>(model.getObject().getConf(), 
"bypassEnabled"),
+                false));
+
+        add(new AjaxTextFieldPanel(
+                "bypassPrincipalAttributeName",
+                "bypassPrincipalAttributeName",
+                new PropertyModel<>(model.getObject().getConf(), 
"bypassPrincipalAttributeName"),
+                false));
+
+        add(new AjaxTextFieldPanel(
+                "bypassPrincipalAttributeValue",
+                "bypassPrincipalAttributeValue",
+                new PropertyModel<>(model.getObject().getConf(), 
"bypassPrincipalAttributeValue"),
+                false));
     }
 
     @Override
diff --git 
a/client/am/console/src/main/resources/org/apache/syncope/client/console/policies/AuthPolicyModalPanel.html
 
b/client/am/console/src/main/resources/org/apache/syncope/client/console/policies/AuthPolicyModalPanel.html
index b71bbf3fe2..e66a972c85 100644
--- 
a/client/am/console/src/main/resources/org/apache/syncope/client/console/policies/AuthPolicyModalPanel.html
+++ 
b/client/am/console/src/main/resources/org/apache/syncope/client/console/policies/AuthPolicyModalPanel.html
@@ -24,5 +24,14 @@ under the License.
     <div class="form-group">
       <span wicket:id="authModules"/>
     </div>
+    <div class="form-group">
+      <span wicket:id="bypassEnabled"/>
+    </div>
+    <div class="form-group">
+      <span wicket:id="bypassPrincipalAttributeName"/>
+    </div>
+    <div class="form-group">
+      <span wicket:id="bypassPrincipalAttributeValue"/>
+    </div>
   </wicket:extend>
 </html>
diff --git 
a/client/idrepo/console/src/main/resources/org/apache/syncope/client/console/policies/PolicyDirectoryPanel.properties
 
b/client/idrepo/console/src/main/resources/org/apache/syncope/client/console/policies/PolicyDirectoryPanel.properties
index 0f90076df1..d5451c65bd 100644
--- 
a/client/idrepo/console/src/main/resources/org/apache/syncope/client/console/policies/PolicyDirectoryPanel.properties
+++ 
b/client/idrepo/console/src/main/resources/org/apache/syncope/client/console/policies/PolicyDirectoryPanel.properties
@@ -55,3 +55,6 @@ enable.stConf=Enable ST
 enable.proxyTgtConf=Enable Proxy TGT
 enable.proxyStConf=Enable Proxy ST
 auditHistory.title=Configuration history
+bypassEnabled=Enable Bypass
+bypassPrincipalAttributeName=Bypass Principal Attribute Name
+bypassPrincipalAttributeValue=Bypass Principal Attribute Value
diff --git 
a/client/idrepo/console/src/main/resources/org/apache/syncope/client/console/policies/PolicyDirectoryPanel_fr_CA.properties
 
b/client/idrepo/console/src/main/resources/org/apache/syncope/client/console/policies/PolicyDirectoryPanel_fr_CA.properties
index 840dcbceba..a951aa0562 100644
--- 
a/client/idrepo/console/src/main/resources/org/apache/syncope/client/console/policies/PolicyDirectoryPanel_fr_CA.properties
+++ 
b/client/idrepo/console/src/main/resources/org/apache/syncope/client/console/policies/PolicyDirectoryPanel_fr_CA.properties
@@ -55,3 +55,6 @@ enable.stConf=Enable ST
 enable.proxyTgtConf=Enable Proxy TGT
 enable.proxyStConf=Enable Proxy ST
 auditHistory.title=Historique de configuration
+bypassEnabled=Enable Bypass
+bypassPrincipalAttributeName=Bypass Principal Attribute Name
+bypassPrincipalAttributeValue=Bypass Principal Attribute Value
diff --git 
a/client/idrepo/console/src/main/resources/org/apache/syncope/client/console/policies/PolicyDirectoryPanel_it.properties
 
b/client/idrepo/console/src/main/resources/org/apache/syncope/client/console/policies/PolicyDirectoryPanel_it.properties
index c6122404d4..a55a004688 100644
--- 
a/client/idrepo/console/src/main/resources/org/apache/syncope/client/console/policies/PolicyDirectoryPanel_it.properties
+++ 
b/client/idrepo/console/src/main/resources/org/apache/syncope/client/console/policies/PolicyDirectoryPanel_it.properties
@@ -55,3 +55,6 @@ enable.stConf=Abilita ST
 enable.proxyTgtConf=Abilita Proxy TGT
 enable.proxyStConf=Abilita Proxy ST
 auditHistory.title=Storico delle configurazioni
+bypassEnabled=Abilita Bypass
+bypassPrincipalAttributeName=Bypass Nome Attributo
+bypassPrincipalAttributeValue=Bypass Valore Attributo
diff --git 
a/client/idrepo/console/src/main/resources/org/apache/syncope/client/console/policies/PolicyDirectoryPanel_ja.properties
 
b/client/idrepo/console/src/main/resources/org/apache/syncope/client/console/policies/PolicyDirectoryPanel_ja.properties
index 4499e1b471..bd417f8aad 100644
--- 
a/client/idrepo/console/src/main/resources/org/apache/syncope/client/console/policies/PolicyDirectoryPanel_ja.properties
+++ 
b/client/idrepo/console/src/main/resources/org/apache/syncope/client/console/policies/PolicyDirectoryPanel_ja.properties
@@ -55,3 +55,7 @@ enable.stConf=Enable ST
 enable.proxyTgtConf=Enable Proxy TGT
 enable.proxyStConf=Enable Proxy ST
 auditHistory.title=\u8a2d\u5b9a\u5c65\u6b74
+bypassEnabled=Enable Bypass
+bypassPrincipalAttributeName=Bypass Principal Attribute Name
+bypassPrincipalAttributeValue=Bypass Principal Attribute Value
+
diff --git 
a/client/idrepo/console/src/main/resources/org/apache/syncope/client/console/policies/PolicyDirectoryPanel_pt_BR.properties
 
b/client/idrepo/console/src/main/resources/org/apache/syncope/client/console/policies/PolicyDirectoryPanel_pt_BR.properties
index 4799d4841b..f189b1abdd 100644
--- 
a/client/idrepo/console/src/main/resources/org/apache/syncope/client/console/policies/PolicyDirectoryPanel_pt_BR.properties
+++ 
b/client/idrepo/console/src/main/resources/org/apache/syncope/client/console/policies/PolicyDirectoryPanel_pt_BR.properties
@@ -55,3 +55,6 @@ enable.stConf=Enable ST
 enable.proxyTgtConf=Enable Proxy TGT
 enable.proxyStConf=Enable Proxy ST
 auditHistory.title=Hist\u00f3rico de configura\u00e7\u00e3o
+bypassEnabled=Enable Bypass
+bypassPrincipalAttributeName=Bypass Principal Attribute Name
+bypassPrincipalAttributeValue=Bypass Principal Attribute Value
diff --git 
a/client/idrepo/console/src/main/resources/org/apache/syncope/client/console/policies/PolicyDirectoryPanel_ru.properties
 
b/client/idrepo/console/src/main/resources/org/apache/syncope/client/console/policies/PolicyDirectoryPanel_ru.properties
index 9148686cad..e767cb8b71 100644
--- 
a/client/idrepo/console/src/main/resources/org/apache/syncope/client/console/policies/PolicyDirectoryPanel_ru.properties
+++ 
b/client/idrepo/console/src/main/resources/org/apache/syncope/client/console/policies/PolicyDirectoryPanel_ru.properties
@@ -56,3 +56,6 @@ enable.stConf=Enable ST
 enable.proxyTgtConf=Enable Proxy TGT
 enable.proxyStConf=Enable Proxy ST
 auditHistory.title=\u0418\u0441\u0442\u043e\u0440\u0438\u044f 
\u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u0438
+bypassEnabled=Enable Bypass
+bypassPrincipalAttributeName=Bypass Principal Attribute Name
+bypassPrincipalAttributeValue=Bypass Principal Attribute Value
diff --git 
a/common/am/lib/src/main/java/org/apache/syncope/common/lib/policy/DefaultAuthPolicyConf.java
 
b/common/am/lib/src/main/java/org/apache/syncope/common/lib/policy/DefaultAuthPolicyConf.java
index d78ef7cff9..b0a4b4f789 100644
--- 
a/common/am/lib/src/main/java/org/apache/syncope/common/lib/policy/DefaultAuthPolicyConf.java
+++ 
b/common/am/lib/src/main/java/org/apache/syncope/common/lib/policy/DefaultAuthPolicyConf.java
@@ -29,6 +29,12 @@ public class DefaultAuthPolicyConf implements AuthPolicyConf 
{
 
     private boolean tryAll;
 
+    private boolean bypassEnabled;
+
+    private String bypassPrincipalAttributeName;
+
+    private String bypassPrincipalAttributeValue;
+
     private final List<String> authModules = new ArrayList<>();
 
     public boolean isTryAll() {
@@ -39,6 +45,30 @@ public class DefaultAuthPolicyConf implements AuthPolicyConf 
{
         this.tryAll = tryAll;
     }
 
+    public boolean isBypassEnabled() {
+        return bypassEnabled;
+    }
+
+    public void setBypassEnabled(final boolean bypassEnabled) {
+        this.bypassEnabled = bypassEnabled;
+    }
+
+    public String getBypassPrincipalAttributeName() {
+        return bypassPrincipalAttributeName;
+    }
+
+    public void setBypassPrincipalAttributeName(final String 
bypassPrincipalAttributeName) {
+        this.bypassPrincipalAttributeName = bypassPrincipalAttributeName;
+    }
+
+    public String getBypassPrincipalAttributeValue() {
+        return bypassPrincipalAttributeValue;
+    }
+
+    public void setBypassPrincipalAttributeValue(final String 
bypassPrincipalAttributeValue) {
+        this.bypassPrincipalAttributeValue = bypassPrincipalAttributeValue;
+    }
+
     @JacksonXmlElementWrapper(localName = "authModules")
     @JacksonXmlProperty(localName = "authModule")
     public List<String> getAuthModules() {
diff --git 
a/wa/starter/src/main/java/org/apache/syncope/wa/starter/mapping/DefaultAuthMapper.java
 
b/wa/starter/src/main/java/org/apache/syncope/wa/starter/mapping/DefaultAuthMapper.java
index e656adabb1..0fc3326b5c 100644
--- 
a/wa/starter/src/main/java/org/apache/syncope/wa/starter/mapping/DefaultAuthMapper.java
+++ 
b/wa/starter/src/main/java/org/apache/syncope/wa/starter/mapping/DefaultAuthMapper.java
@@ -23,6 +23,7 @@ import java.util.List;
 import java.util.Optional;
 import java.util.Set;
 import java.util.stream.Collectors;
+import org.apache.commons.lang3.StringUtils;
 import org.apache.commons.lang3.tuple.Pair;
 import org.apache.syncope.common.lib.auth.MFAAuthModuleConf;
 import org.apache.syncope.common.lib.auth.Pac4jAuthModuleConf;
@@ -78,8 +79,9 @@ public class DefaultAuthMapper implements AuthMapper {
             delegatedAuthHandlers.addAll(authModules.stream().
                     filter(m -> m.getConf() instanceof Pac4jAuthModuleConf).
                     map(m -> Pair.of(
-                    m.getKey(),
-                    Optional.ofNullable(((Pac4jAuthModuleConf) 
m.getConf()).getClientName()).orElse(m.getKey()))).
+                            m.getKey(),
+                            Optional.ofNullable(((Pac4jAuthModuleConf) 
m.getConf()).getClientName())
+                                    .orElse(m.getKey()))).
                     collect(Collectors.toSet()));
             if (!delegatedAuthHandlers.isEmpty()) {
                 
authHandlers.removeAll(delegatedAuthHandlers.stream().map(Pair::getLeft).collect(Collectors.toSet()));
@@ -110,7 +112,15 @@ public class DefaultAuthMapper implements AuthMapper {
                     collect(Collectors.toSet());
 
             mfaPolicy = new DefaultRegisteredServiceMultifactorPolicy();
-            mfaPolicy.setBypassEnabled(false);
+
+            if 
(StringUtils.isNotBlank(policyConf.getBypassPrincipalAttributeName())
+                    && 
StringUtils.isNotBlank(policyConf.getBypassPrincipalAttributeValue())) {
+                
mfaPolicy.setBypassPrincipalAttributeName(policyConf.getBypassPrincipalAttributeName());
+                
mfaPolicy.setBypassPrincipalAttributeValue(policyConf.getBypassPrincipalAttributeValue());
+            } else {
+                mfaPolicy.setBypassEnabled(policyConf.isBypassEnabled());
+            }
+
             mfaPolicy.setForceExecution(true);
             mfaPolicy.setMultifactorAuthenticationProviders(mfaProviders);
         }

(syncope) branch 3_0_X updated: [SYNCOPE-1811] MFA bypass properties (#665)

Reply via email to