(syncope) branch master updated: [SYNCOPE-1837] Prevent unwanted resets on SCIM PUT (#895)

Wed, 06 Nov 2024 07:50:10 -0800 

This is an automated email from the ASF dual-hosted git repository.

sgarofalo pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/syncope.git


The following commit(s) were added to refs/heads/master by this push:
     new 406fb912f9 [SYNCOPE-1837] Prevent unwanted resets on SCIM PUT (#895)
406fb912f9 is described below

commit 406fb912f96786573494965caa09742ceb719c2c
Author: Samuel Garofalo <[email protected]>
AuthorDate: Wed Nov 6 14:20:00 2024 +0100

    [SYNCOPE-1837] Prevent unwanted resets on SCIM PUT (#895)
    
    * [SYNCOPE-1837] Prevent unwanted resets on SCIM PUT
---
 .../scimv2/cxf/service/SCIMGroupServiceImpl.java   |  7 ++++--
 .../scimv2/cxf/service/SCIMUserServiceImpl.java    |  9 +++++--
 .../org/apache/syncope/fit/core/SCIMITCase.java    | 28 ++++++++++++++++++++++
 3 files changed, 40 insertions(+), 4 deletions(-)

diff --git 
a/ext/scimv2/scim-rest-cxf/src/main/java/org/apache/syncope/ext/scimv2/cxf/service/SCIMGroupServiceImpl.java
 
b/ext/scimv2/scim-rest-cxf/src/main/java/org/apache/syncope/ext/scimv2/cxf/service/SCIMGroupServiceImpl.java
index 9aabf2516a..c8e746c331 100644
--- 
a/ext/scimv2/scim-rest-cxf/src/main/java/org/apache/syncope/ext/scimv2/cxf/service/SCIMGroupServiceImpl.java
+++ 
b/ext/scimv2/scim-rest-cxf/src/main/java/org/apache/syncope/ext/scimv2/cxf/service/SCIMGroupServiceImpl.java
@@ -31,6 +31,7 @@ import org.apache.commons.lang3.BooleanUtils;
 import org.apache.commons.lang3.StringUtils;
 import org.apache.syncope.common.lib.AnyOperations;
 import org.apache.syncope.common.lib.SyncopeConstants;
+import org.apache.syncope.common.lib.request.GroupUR;
 import org.apache.syncope.common.lib.request.MembershipUR;
 import org.apache.syncope.common.lib.request.UserUR;
 import org.apache.syncope.common.lib.to.GroupTO;
@@ -188,8 +189,10 @@ public class SCIMGroupServiceImpl extends 
AbstractSCIMService<SCIMGroup> impleme
         Set<String> beforeMembers = members(id);
 
         // update group, don't change members
-        ProvisioningResult<GroupTO> result = groupLogic.update(
-                AnyOperations.diff(binder.toGroupTO(group, true), 
groupLogic.read(id), false), false);
+        GroupUR req = AnyOperations.diff(binder.toGroupTO(group, true), 
groupLogic.read(id), false);
+        req.getResources().clear();
+        req.getAuxClasses().clear();
+        ProvisioningResult<GroupTO> result = groupLogic.update(req, false);
 
         // assign new members
         Set<String> afterMembers = new HashSet<>();
diff --git 
a/ext/scimv2/scim-rest-cxf/src/main/java/org/apache/syncope/ext/scimv2/cxf/service/SCIMUserServiceImpl.java
 
b/ext/scimv2/scim-rest-cxf/src/main/java/org/apache/syncope/ext/scimv2/cxf/service/SCIMUserServiceImpl.java
index c85aa3840a..7f40129b8c 100644
--- 
a/ext/scimv2/scim-rest-cxf/src/main/java/org/apache/syncope/ext/scimv2/cxf/service/SCIMUserServiceImpl.java
+++ 
b/ext/scimv2/scim-rest-cxf/src/main/java/org/apache/syncope/ext/scimv2/cxf/service/SCIMUserServiceImpl.java
@@ -122,8 +122,13 @@ public class SCIMUserServiceImpl extends 
AbstractSCIMService<SCIMUser> implement
 
         UserTO before = userLogic.read(id);
 
-        ProvisioningResult<UserTO> result = userLogic.update(
-                AnyOperations.diff(binder.toUserTO(user, true), before, 
false), false);
+        UserUR req = AnyOperations.diff(binder.toUserTO(user, true), before, 
false);
+        req.getResources().clear();
+        req.getAuxClasses().clear();
+        req.getRelationships().clear();
+        req.getRoles().clear();
+        req.getLinkedAccounts().clear();
+        ProvisioningResult<UserTO> result = userLogic.update(req, false);
 
         if (before.isSuspended() == user.isActive()) {
             StatusR statusR = new StatusR.Builder(
diff --git 
a/fit/core-reference/src/test/java/org/apache/syncope/fit/core/SCIMITCase.java 
b/fit/core-reference/src/test/java/org/apache/syncope/fit/core/SCIMITCase.java
index 082862a7a1..f44e004e3f 100644
--- 
a/fit/core-reference/src/test/java/org/apache/syncope/fit/core/SCIMITCase.java
+++ 
b/fit/core-reference/src/test/java/org/apache/syncope/fit/core/SCIMITCase.java
@@ -45,6 +45,9 @@ import java.util.List;
 import java.util.UUID;
 import org.apache.commons.lang3.StringUtils;
 import org.apache.cxf.jaxrs.client.WebClient;
+import org.apache.syncope.common.lib.request.GroupUR;
+import org.apache.syncope.common.lib.request.StringPatchItem;
+import org.apache.syncope.common.lib.request.UserUR;
 import org.apache.syncope.common.lib.scim.SCIMComplexConf;
 import org.apache.syncope.common.lib.scim.SCIMConf;
 import org.apache.syncope.common.lib.scim.SCIMEnterpriseUserConf;
@@ -54,8 +57,10 @@ import org.apache.syncope.common.lib.scim.SCIMItem;
 import org.apache.syncope.common.lib.scim.SCIMUserConf;
 import org.apache.syncope.common.lib.scim.SCIMUserNameConf;
 import org.apache.syncope.common.lib.scim.types.EmailCanonicalType;
+import org.apache.syncope.common.lib.to.GroupTO;
 import org.apache.syncope.common.lib.to.ProvisioningResult;
 import org.apache.syncope.common.lib.to.UserTO;
+import org.apache.syncope.common.lib.types.PatchOperation;
 import org.apache.syncope.ext.scimv2.api.SCIMConstants;
 import org.apache.syncope.ext.scimv2.api.data.Group;
 import org.apache.syncope.ext.scimv2.api.data.ListResponse;
@@ -704,6 +709,12 @@ public class SCIMITCase extends AbstractITCase {
         user = response.readEntity(SCIMUser.class);
         assertNotNull(user.getId());
 
+        UserTO userTO = USER_SERVICE.read(user.getId());
+        assertNotNull(userTO);
+        USER_SERVICE.update(new UserUR.Builder(userTO.getKey()).resource(
+                new 
StringPatchItem.Builder().value(RESOURCE_NAME_LDAP).operation(PatchOperation.ADD_REPLACE).build())
+                .build());
+
         user.getName().setFormatted("new" + user.getUserName());
 
         response = webClient().path("Users").path(user.getId()).put(user);
@@ -711,6 +722,10 @@ public class SCIMITCase extends AbstractITCase {
 
         user = response.readEntity(SCIMUser.class);
         assertTrue(user.getName().getFormatted().startsWith("new"));
+
+        userTO = USER_SERVICE.read(user.getId());
+        assertNotNull(userTO);
+        assertTrue(userTO.getResources().contains(RESOURCE_NAME_LDAP));
     }
 
     @Test
@@ -860,6 +875,15 @@ public class SCIMITCase extends AbstractITCase {
         assertEquals(1, group.getMembers().size());
         assertEquals("b3cbc78d-32e6-4bd4-92e0-bbe07566a2ee", 
group.getMembers().get(0).getValue());
 
+        GroupTO groupTO = GROUP_SERVICE.read(group.getId());
+        assertNotNull(groupTO);
+        GROUP_SERVICE.update(new GroupUR.Builder(groupTO.getKey()).resource(
+                new 
StringPatchItem.Builder().value(RESOURCE_NAME_LDAP).operation(PatchOperation.ADD_REPLACE).build())
+                .build());
+        groupTO = GROUP_SERVICE.read(group.getId());
+        assertNotNull(groupTO);
+        assertTrue(groupTO.getResources().contains(RESOURCE_NAME_LDAP));
+
         group.setDisplayName("other" + group.getId());
         group.getMembers().add(new 
Member("c9b2dec2-00a7-4855-97c0-d854842b4b24", null, null));
 
@@ -870,6 +894,10 @@ public class SCIMITCase extends AbstractITCase {
         assertTrue(group.getDisplayName().startsWith("other"));
         assertEquals(2, group.getMembers().size());
 
+        groupTO = GROUP_SERVICE.read(group.getId());
+        assertNotNull(groupTO);
+        assertTrue(groupTO.getResources().contains(RESOURCE_NAME_LDAP));
+
         group.getMembers().clear();
         group.getMembers().add(new 
Member("c9b2dec2-00a7-4855-97c0-d854842b4b24", null, null));

Reply via email to