Update error messages thrown when external SSO is enabled.
Project: http://git-wip-us.apache.org/repos/asf/usergrid/repo Commit: http://git-wip-us.apache.org/repos/asf/usergrid/commit/0b840237 Tree: http://git-wip-us.apache.org/repos/asf/usergrid/tree/0b840237 Diff: http://git-wip-us.apache.org/repos/asf/usergrid/diff/0b840237 Branch: refs/heads/asf-site Commit: 0b84023705eac7765fda8f8ecb8fc277a3bfcfc5 Parents: f385b07 Author: Michael Russo <[email protected]> Authored: Tue Aug 2 08:41:11 2016 -0700 Committer: Michael Russo <[email protected]> Committed: Tue Aug 2 08:41:11 2016 -0700 ---------------------------------------------------------------------- .../rest/management/ManagementResource.java | 11 +++--- .../rest/management/users/UserResource.java | 37 ++++++++++---------- .../rest/management/users/UsersResource.java | 5 +-- .../rest/management/ExternalSSOEnabledIT.java | 2 +- .../rest/management/ManagementResourceIT.java | 6 ++-- 5 files changed, 31 insertions(+), 30 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/usergrid/blob/0b840237/stack/rest/src/main/java/org/apache/usergrid/rest/management/ManagementResource.java ---------------------------------------------------------------------- diff --git a/stack/rest/src/main/java/org/apache/usergrid/rest/management/ManagementResource.java b/stack/rest/src/main/java/org/apache/usergrid/rest/management/ManagementResource.java index f36c4ff..83f06ed 100644 --- a/stack/rest/src/main/java/org/apache/usergrid/rest/management/ManagementResource.java +++ b/stack/rest/src/main/java/org/apache/usergrid/rest/management/ManagementResource.java @@ -61,6 +61,7 @@ import java.util.Map; import static javax.servlet.http.HttpServletResponse.*; import static javax.ws.rs.core.MediaType.*; import static org.apache.commons.lang.StringUtils.isNotBlank; +import static org.apache.usergrid.security.tokens.cassandra.TokenServiceImpl.USERGRID_EXTERNAL_SSO_PROVIDER; import static org.apache.usergrid.security.tokens.cassandra.TokenServiceImpl.USERGRID_EXTERNAL_SSO_PROVIDER_URL; import static org.apache.usergrid.security.tokens.cassandra.TokenServiceImpl.USERGRID_EXTERNAL_SSO_ENABLED; import static org.apache.usergrid.utils.JsonUtils.mapToJsonString; @@ -398,7 +399,7 @@ public class ManagementResource extends AbstractContextResource { && !userServiceAdmin(username) ){ OAuthResponse response = OAuthResponse.errorResponse( SC_BAD_REQUEST ).setError( OAuthError.TokenResponse.INVALID_GRANT ) - .setErrorDescription( "SSO Integration is enabled, Admin users must login via provider: "+ + .setErrorDescription( "External SSO integration is enabled, admin users must login via provider: "+ properties.getProperty(TokenServiceImpl.USERGRID_EXTERNAL_SSO_PROVIDER) ).buildJSONMessage(); return Response.status( response.getResponseStatus() ).type( jsonMediaType( callback ) ) .entity( wrapWithCallback( response.getBody(), callback ) ).build(); @@ -625,16 +626,12 @@ public class ManagementResource extends AbstractContextResource { return; // we only care about username/password auth } - //why !isexternal_sso_enabled ? -// final boolean externalTokensEnabled = -// !StringUtils.isEmpty( properties.getProperty( USERGRID_EXTERNAL_SSO_ENABLED ) ); - if ( tokens.isExternalSSOProviderEnabled() ) { // when external tokens enabled then only superuser can obtain an access token if ( !userServiceAdmin(username)) { // this guy is not the superuser - throw new IllegalArgumentException( "Admin Users must login via " + - properties.getProperty(USERGRID_EXTERNAL_SSO_PROVIDER_URL) ); + throw new IllegalArgumentException( "External SSO integration is enabled, admin users must login via provider: "+ + properties.getProperty(TokenServiceImpl.USERGRID_EXTERNAL_SSO_PROVIDER) ); } } } http://git-wip-us.apache.org/repos/asf/usergrid/blob/0b840237/stack/rest/src/main/java/org/apache/usergrid/rest/management/users/UserResource.java ---------------------------------------------------------------------- diff --git a/stack/rest/src/main/java/org/apache/usergrid/rest/management/users/UserResource.java b/stack/rest/src/main/java/org/apache/usergrid/rest/management/users/UserResource.java index 21d4c23..e511e2e 100644 --- a/stack/rest/src/main/java/org/apache/usergrid/rest/management/users/UserResource.java +++ b/stack/rest/src/main/java/org/apache/usergrid/rest/management/users/UserResource.java @@ -30,6 +30,7 @@ import org.apache.usergrid.rest.management.users.organizations.OrganizationsReso import org.apache.usergrid.rest.security.annotations.RequireAdminUserAccess; import org.apache.usergrid.security.shiro.principals.PrincipalIdentifier; import org.apache.usergrid.security.tokens.TokenInfo; +import org.apache.usergrid.security.tokens.cassandra.TokenServiceImpl; import org.apache.usergrid.security.tokens.exceptions.TokenException; import org.apache.usergrid.services.ServiceResults; import org.glassfish.jersey.server.mvc.Viewable; @@ -137,8 +138,8 @@ public class UserResource extends AbstractContextResource { throws Exception { if ( tokens.isExternalSSOProviderEnabled() ) { - throw new IllegalArgumentException( "Admin Users must reset passwords via " + - properties.getProperty(USERGRID_EXTERNAL_SSO_PROVIDER_URL) ); + throw new IllegalArgumentException( "External SSO integration is enabled, admin users must reset passwords via" + + " provider: "+ properties.getProperty(TokenServiceImpl.USERGRID_EXTERNAL_SSO_PROVIDER) ); } if ( json == null ) { @@ -205,8 +206,8 @@ public class UserResource extends AbstractContextResource { ApiResponse response = createApiResponse(); response.setAction( "get admin user" ); -// commenting out creation of token each time and setting the token value to the one sent in the request. -// String token = management.getAccessTokenForAdminUser( user.getUuid(), ttl ); + // commenting out creation of token each time and setting the token value to the one sent in the request. + // String token = management.getAccessTokenForAdminUser( user.getUuid(), ttl ); Map<String, Object> userOrganizationData = management.getAdminUserOrganizationData( user, !shallow ); //userOrganizationData.put( "token", token ); @@ -223,8 +224,8 @@ public class UserResource extends AbstractContextResource { public Viewable showPasswordResetForm( @Context UriInfo ui, @QueryParam( "token" ) String token ) { if ( tokens.isExternalSSOProviderEnabled() ) { - throw new IllegalArgumentException( "Admin Users must reset passwords via " + - properties.getProperty(USERGRID_EXTERNAL_SSO_PROVIDER_URL) ); + throw new IllegalArgumentException( "External SSO integration is enabled, admin users must reset password via" + + " provider: "+ properties.getProperty(TokenServiceImpl.USERGRID_EXTERNAL_SSO_PROVIDER) ); } UUID organizationId = null; @@ -267,8 +268,8 @@ public class UserResource extends AbstractContextResource { } if ( tokens.isExternalSSOProviderEnabled() ) { - throw new IllegalArgumentException( "Admin Users must reset passwords via " + - properties.getProperty(USERGRID_EXTERNAL_SSO_PROVIDER_URL) ); + throw new IllegalArgumentException( "External SSO integration is enabled, admin users must reset password via" + + " provider: "+ properties.getProperty(TokenServiceImpl.USERGRID_EXTERNAL_SSO_PROVIDER) ); } UUID organizationId = null; @@ -353,8 +354,8 @@ public class UserResource extends AbstractContextResource { public Viewable activate( @Context UriInfo ui, @QueryParam( "token" ) String token ) { if ( tokens.isExternalSSOProviderEnabled() ) { - throw new IllegalArgumentException( "Admin Users must activate via " + - properties.getProperty(USERGRID_EXTERNAL_SSO_PROVIDER_URL) ); + throw new IllegalArgumentException( "External SSO integration is enabled, admin users must activate via" + + " provider: "+ properties.getProperty(TokenServiceImpl.USERGRID_EXTERNAL_SSO_PROVIDER) ); } UUID organizationId = null; @@ -383,8 +384,8 @@ public class UserResource extends AbstractContextResource { public Viewable confirm( @Context UriInfo ui, @QueryParam( "token" ) String token ) { if ( tokens.isExternalSSOProviderEnabled() ) { - throw new IllegalArgumentException( "Admin Users must confirm via " + - properties.getProperty(USERGRID_EXTERNAL_SSO_PROVIDER_URL) ); + throw new IllegalArgumentException( "External SSO integration is enabled, admin users must confirm " + + "via provider: "+ properties.getProperty(TokenServiceImpl.USERGRID_EXTERNAL_SSO_PROVIDER ) ); } UUID organizationId = null; @@ -419,8 +420,8 @@ public class UserResource extends AbstractContextResource { throws Exception { if ( tokens.isExternalSSOProviderEnabled() ) { - throw new IllegalArgumentException( "Admin Users must reactivate via " + - properties.getProperty(USERGRID_EXTERNAL_SSO_PROVIDER_URL) ); + throw new IllegalArgumentException( "External SSO integration is enabled, admin user must re-activate " + + "via provider: "+ properties.getProperty(TokenServiceImpl.USERGRID_EXTERNAL_SSO_PROVIDER ) ); } logger.info( "Send activation email for user: {}" , user.getUuid() ); @@ -443,8 +444,8 @@ public class UserResource extends AbstractContextResource { throws Exception { if ( tokens.isExternalSSOProviderEnabled() ) { - throw new IllegalArgumentException( "Admin Users must tokens must be revoked via " + - properties.getProperty(USERGRID_EXTERNAL_SSO_PROVIDER_URL) ); + throw new IllegalArgumentException( "External SSO integration is enabled, admin user tokens must be revoked " + + "via provider: "+ properties.getProperty(TokenServiceImpl.USERGRID_EXTERNAL_SSO_PROVIDER) ); } UUID adminId = user.getUuid(); @@ -480,8 +481,8 @@ public class UserResource extends AbstractContextResource { @QueryParam( "token" ) String token ) throws Exception { if ( tokens.isExternalSSOProviderEnabled() ) { - throw new IllegalArgumentException( "Admin Users must tokens must be revoked via " + - properties.getProperty(USERGRID_EXTERNAL_SSO_PROVIDER_URL) ); + throw new IllegalArgumentException( "External SSO integration is enabled, admin user token must be revoked via " + + "via provider: "+ properties.getProperty(TokenServiceImpl.USERGRID_EXTERNAL_SSO_PROVIDER ) ); } UUID adminId = user.getUuid(); http://git-wip-us.apache.org/repos/asf/usergrid/blob/0b840237/stack/rest/src/main/java/org/apache/usergrid/rest/management/users/UsersResource.java ---------------------------------------------------------------------- diff --git a/stack/rest/src/main/java/org/apache/usergrid/rest/management/users/UsersResource.java b/stack/rest/src/main/java/org/apache/usergrid/rest/management/users/UsersResource.java index ca7833b..607c3e0 100644 --- a/stack/rest/src/main/java/org/apache/usergrid/rest/management/users/UsersResource.java +++ b/stack/rest/src/main/java/org/apache/usergrid/rest/management/users/UsersResource.java @@ -29,6 +29,7 @@ import org.apache.usergrid.rest.RootResource; import org.apache.usergrid.rest.exceptions.AuthErrorInfo; import org.apache.usergrid.rest.exceptions.RedirectionException; import org.apache.usergrid.security.shiro.utils.SubjectUtils; +import org.apache.usergrid.security.tokens.cassandra.TokenServiceImpl; import org.glassfish.jersey.server.mvc.Viewable; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -115,8 +116,8 @@ public class UsersResource extends AbstractContextResource { throws Exception { if ( tokens.isExternalSSOProviderEnabled() ) { - throw new IllegalArgumentException( "Admin Users must signup via " + - properties.getProperty(USERGRID_EXTERNAL_SSO_PROVIDER_URL) ); + throw new IllegalArgumentException( "External SSO integration is enabled, admin users registering without an org" + + " must do so via provider: "+ properties.getProperty(TokenServiceImpl.USERGRID_EXTERNAL_SSO_PROVIDER) ); } // email is only required parameter http://git-wip-us.apache.org/repos/asf/usergrid/blob/0b840237/stack/rest/src/test/java/org/apache/usergrid/rest/management/ExternalSSOEnabledIT.java ---------------------------------------------------------------------- diff --git a/stack/rest/src/test/java/org/apache/usergrid/rest/management/ExternalSSOEnabledIT.java b/stack/rest/src/test/java/org/apache/usergrid/rest/management/ExternalSSOEnabledIT.java index 972ed05..cae65df 100644 --- a/stack/rest/src/test/java/org/apache/usergrid/rest/management/ExternalSSOEnabledIT.java +++ b/stack/rest/src/test/java/org/apache/usergrid/rest/management/ExternalSSOEnabledIT.java @@ -166,7 +166,7 @@ public class ExternalSSOEnabledIT extends AbstractRestIT { // /managment/token -> adminusername and password --> should fail. ApiResponse postResponse1 = pathResource("management/token").post(false, ApiResponse.class,loginInfo1); -// fail( "SSO Integration is enabled, Admin users must login via provider: "+ USERGRID_EXTERNAL_SSO_PROVIDER_URL); +// fail( "External SSO integration is enabled, admin users must login via provider: "+ USERGRID_EXTERNAL_SSO_PROVIDER_URL); http://git-wip-us.apache.org/repos/asf/usergrid/blob/0b840237/stack/rest/src/test/java/org/apache/usergrid/rest/management/ManagementResourceIT.java ---------------------------------------------------------------------- diff --git a/stack/rest/src/test/java/org/apache/usergrid/rest/management/ManagementResourceIT.java b/stack/rest/src/test/java/org/apache/usergrid/rest/management/ManagementResourceIT.java index b689527..1da00d4 100644 --- a/stack/rest/src/test/java/org/apache/usergrid/rest/management/ManagementResourceIT.java +++ b/stack/rest/src/test/java/org/apache/usergrid/rest/management/ManagementResourceIT.java @@ -25,6 +25,7 @@ import org.apache.usergrid.rest.management.organizations.OrganizationsResource; import org.apache.usergrid.rest.test.resource.AbstractRestIT; import org.apache.usergrid.rest.test.resource.model.*; import org.apache.usergrid.rest.test.resource.model.Collection; +import org.apache.usergrid.security.tokens.cassandra.TokenServiceImpl; import org.junit.Before; import org.junit.Test; import org.slf4j.Logger; @@ -687,14 +688,15 @@ public class ManagementResourceIT extends AbstractRestIT { put( "grant_type", "password" ); }}; ApiResponse postResponse = pathResource( "management/token" ).post( false, ApiResponse.class, loginInfo ); - fail( "SSO Integration is enabled, Admin users must login via provider: "+ USERGRID_EXTERNAL_SSO_PROVIDER_URL); + fail( "External SSO integration is enabled, admin users must login via provider using configured property: "+ + TokenServiceImpl.USERGRID_EXTERNAL_SSO_PROVIDER ); } catch (ClientErrorException actual) { assertEquals( 400, actual.getResponse().getStatus() ); String errorMsg = actual.getResponse().readEntity( JsonNode.class ) .get( "error_description" ).toString(); logger.error( "ERROR: " + errorMsg ); - assertTrue( errorMsg.contains( "Admin Users must login via" ) ); + assertTrue( errorMsg.contains( "admin users must login via" ) ); } catch (Exception e) { fail( "We expected a ClientErrorException" );
