Fixes #474

oharsta · oharsta · commit 19e1ecf0f98f · 2025-06-19T11:53:29.000+02:00
diff --git a/server/src/main/java/access/manage/LocalManage.java b/server/src/main/java/access/manage/LocalManage.java
@@ -84,16 +84,16 @@ public Map<String, Object> providerById(EntityType entityType, String id) {
     }
 
     @Override
-    public List<Map<String, Object>> provisioning(Collection<String> ids) {
-        LOG.debug("provisioning for : " + ids);
+    public List<Map<String, Object>> provisioning(Collection<String> applicationIdentifiers) {
+        LOG.debug("provisioning for : " + applicationIdentifiers);
 
-        if (CollectionUtils.isEmpty(ids)) {
+        if (CollectionUtils.isEmpty(applicationIdentifiers)) {
             return Collections.emptyList();
         }
         return providers(EntityType.PROVISIONING).stream()
                 .filter(map -> {
                     List<Map<String, String>> applications = (List<Map<String, String>>) map.get("applications");
-                    return applications.stream().anyMatch(m -> ids.contains(m.get("id")));
+                    return applications.stream().anyMatch(m -> applicationIdentifiers.contains(m.get("id")));
                 })
                 .collect(Collectors.toList());
     }
diff --git a/server/src/main/java/access/manage/Manage.java b/server/src/main/java/access/manage/Manage.java
@@ -19,7 +19,7 @@ public interface Manage {
 
     List<Map<String, Object>> providersByIdIn(EntityType entityType, List<String> identifiers);
 
-    List<Map<String, Object>> provisioning(Collection<String> ids);
+    List<Map<String, Object>> provisioning(Collection<String> applicationIdentifiers);
 
     List<Map<String, Object>> providersAllowedByIdP(Map<String, Object> identityProvider);
 
diff --git a/server/src/main/java/access/manage/RemoteManage.java b/server/src/main/java/access/manage/RemoteManage.java
@@ -75,14 +75,14 @@ public Map<String, Object> providerById(EntityType entityType, String id) {
 
 
     @Override
-    public List<Map<String, Object>> provisioning(Collection<String> ids) {
+    public List<Map<String, Object>> provisioning(Collection<String> applicationIdentifiers) {
         LOG.debug("provisionings for identifiers");
 
-        if (CollectionUtils.isEmpty(ids)) {
+        if (CollectionUtils.isEmpty(applicationIdentifiers)) {
             return emptyList();
         }
         String queryUrl = String.format("%s/manage/api/internal/provisioning", url);
-        return transformProvider(restTemplate.postForObject(queryUrl, ids, List.class));
+        return transformProvider(restTemplate.postForObject(queryUrl, applicationIdentifiers, List.class));
     }
 
     @Override
diff --git a/server/src/main/java/access/provision/DefaultProvisioningResponse.java b/server/src/main/java/access/provision/DefaultProvisioningResponse.java
@@ -11,4 +11,5 @@ public boolean isGraphResponse() {
     public boolean isErrorResponse() {
         return false;
     }
+
 }
diff --git a/server/src/main/java/access/provision/ProvisioningResponse.java b/server/src/main/java/access/provision/ProvisioningResponse.java
@@ -7,4 +7,5 @@ public interface ProvisioningResponse {
     String remoteIdentifier();
 
     boolean isErrorResponse();
+
 }
diff --git a/server/src/main/java/access/provision/ProvisioningServiceDefault.java b/server/src/main/java/access/provision/ProvisioningServiceDefault.java
@@ -389,6 +389,7 @@ private Optional<ProvisioningResponse> newRequest(Provisioning provisioning, Str
         boolean isUser = provisionable instanceof User;
         String apiType = isUser ? USER_API : GROUP_API;
         RequestEntity<String> requestEntity = null;
+        boolean requiresRemoteIdentifier = false;
         if (hasEvaHook(provisioning) && isUser) {
             LOG.info(String.format("Provisioning new eva account for user %s and provisioning %s",
                     ((User) provisionable).getEmail(), provisioning.getEntityId()));
@@ -397,6 +398,7 @@ private Optional<ProvisioningResponse> newRequest(Provisioning provisioning, Str
             LOG.info(String.format("Provisioning new SCIM account for provisionable %s and provisioning %s",
                     provisionable.getName(), provisioning.getEntityId()));
             URI uri = this.provisioningUri(provisioning, apiType, Optional.empty());
+            requiresRemoteIdentifier = true;
             requestEntity = new RequestEntity<>(request, httpHeaders(provisioning), HttpMethod.POST, uri);
         } else if (hasGraphHook(provisioning) && isUser) {
             LOG.info(String.format("Provisioning new Graph user for provisionable %s and provisioning %s",
@@ -406,7 +408,15 @@ private Optional<ProvisioningResponse> newRequest(Provisioning provisioning, Str
         }
         if (requestEntity != null) {
             Map<String, Object> results = doExchange(requestEntity, apiType, mapParameterizedTypeReference, provisioning);
-            return Optional.of(new DefaultProvisioningResponse(String.valueOf(results.get("id"))));
+            String id = String.valueOf(results.get("id"));
+            if (!StringUtils.hasText(id) && requiresRemoteIdentifier) {
+                String errorMessage = String.format("Error in %s response %s send to entityID %s. ID is required, but empty SCIM request.",
+                        apiType,
+                        results,
+                        provisioning.getEntityId());
+                throw new RemoteException(HttpStatus.BAD_REQUEST, errorMessage, null);
+            }
+            return Optional.of(new DefaultProvisioningResponse(id));
         }
         return Optional.empty();
 
@@ -475,14 +485,13 @@ private <T, S> T doExchange(RequestEntity<S> requestEntity,
                     provisioning.getEntityId()));
             return restTemplate.exchange(requestEntity, typeReference).getBody();
         } catch (RestClientException e) {
-            LOG.error(String.format("Error from %s with original stack-trace", provisioning.getEntityId()), e);
-
             String errorMessage = String.format("Error %s SCIM request (entityID %s) to %s with %s httpMethod and body %s",
                     api,
                     provisioning.getEntityId(),
                     requestEntity.getUrl(),
                     requestEntity.getMethod(),
                     requestEntity.getBody());
+            LOG.error(errorMessage, e);
             throw new RemoteException(HttpStatus.BAD_REQUEST, errorMessage, e);
         }
     }
@@ -531,7 +540,7 @@ private HttpHeaders httpHeaders(Provisioning provisioning) {
                 } else if (StringUtils.hasText(provisioning.getScimBearerToken())) {
                     String decryptedScimBearerToken = this.decryptScimBearerToken(provisioning);
                     //For testing only, remove before prod
-                    LOG.debug(String.format("Inserting header Authorization: Bearer %s ",decryptedScimBearerToken));
+                    LOG.debug(String.format("Inserting header Authorization: Bearer %s ", decryptedScimBearerToken));
                     headers.add(HttpHeaders.AUTHORIZATION, String.format("Bearer %s", decryptedScimBearerToken));
                 }
                 headers.setContentType(MediaType.APPLICATION_JSON);
diff --git a/server/src/main/java/access/provision/graph/GraphResponse.java b/server/src/main/java/access/provision/graph/GraphResponse.java
@@ -14,4 +14,5 @@ public boolean isGraphResponse() {
     public boolean isErrorResponse() {
         return errorResponse;
     }
+
 }
diff --git a/server/src/test/java/access/AbstractTest.java b/server/src/test/java/access/AbstractTest.java
@@ -342,8 +342,8 @@ protected JWTClaimsSet getJwtClaimsSet(String clientId, String sub, String redir
         return builder.build();
     }
 
-    protected void stubForManageProvisioning(List<String> identifiers) throws JsonProcessingException {
-        List<Map<String, Object>> providers = localManage.provisioning(identifiers);
+    protected void stubForManageProvisioning(List<String> applicationIdentifiers) throws JsonProcessingException {
+        List<Map<String, Object>> providers = localManage.provisioning(applicationIdentifiers);
         String body = writeValueAsString(providers);
         stubFor(post(urlPathMatching("/manage/api/internal/provisioning"))
                 .willReturn(aResponse().withHeader("Content-Type", "application/json")
@@ -468,12 +468,16 @@ protected String stubForCreateScimRole() throws JsonProcessingException {
 
     protected String stubForCreateScimUser() throws JsonProcessingException {
         String value = UUID.randomUUID().toString();
-        String body = objectMapper.writeValueAsString(Map.of("id", value));
+        return stubForCreateScimUser(value);
+    }
+
+    protected String stubForCreateScimUser(String idValue) throws JsonProcessingException {
+        String body = objectMapper.writeValueAsString(Map.of("id", idValue));
         stubFor(post(urlPathMatching("/api/scim/v2/users"))
                 .willReturn(aResponse()
                         .withHeader("Content-Type", "application/json")
                         .withBody(body)));
-        return value;
+        return idValue;
     }
 
     protected String stubForCreateEvaUser() throws JsonProcessingException {
diff --git a/server/src/test/java/access/provision/ProvisioningServiceDefaultTest.java b/server/src/test/java/access/provision/ProvisioningServiceDefaultTest.java
@@ -2,6 +2,7 @@
 
 import access.AbstractTest;
 import access.eduid.EduIDProvision;
+import access.exception.RemoteException;
 import access.model.*;
 import access.provision.scim.OperationType;
 import com.fasterxml.jackson.core.JsonProcessingException;
@@ -15,8 +16,7 @@
 import java.util.UUID;
 
 import static com.github.tomakehurst.wiremock.client.WireMock.*;
-import static org.junit.jupiter.api.Assertions.assertEquals;
-import static org.junit.jupiter.api.Assertions.assertTrue;
+import static org.junit.jupiter.api.Assertions.*;
 
 class ProvisioningServiceDefaultTest extends AbstractTest {
 
@@ -27,14 +27,23 @@ class ProvisioningServiceDefaultTest extends AbstractTest {
     void newUserRequest() throws JsonProcessingException {
         User user = userRepository.findBySubIgnoreCase(GUEST_SUB).get();
         //See server/src/main/resources/manage/provisioning.json, applicationId="3"
-        this.stubForManageProvisioning(List.of("3"));
+        this.stubForManageProvisioning(List.of("7"));
         String remoteScimIdentifier = this.stubForCreateEvaUser();
         provisioningService.newUserRequest(user);
         List<RemoteProvisionedUser> remoteProvisionedUsers = remoteProvisionedUserRepository.findAll();
         assertEquals(1, remoteProvisionedUsers.size());
         assertEquals(remoteScimIdentifier, remoteProvisionedUsers.get(0).getRemoteIdentifier());
     }
 
+    @Test
+    void newUserRequestWithInvalidRemoteResponse() throws JsonProcessingException {
+        User user = userRepository.findBySubIgnoreCase(GUEST_SUB).get();
+        //We will return a SCIM provisioning app
+        this.stubForManageProvisioning(List.of("1"));
+        this.stubForCreateScimUser("");
+        assertThrows(RemoteException.class, () -> provisioningService.newUserRequest(user));
+    }
+
     @Test
     void newUserRequestWithEduIDProvisioning() throws JsonProcessingException {
         User user = userRepository.findBySubIgnoreCase(GUEST_SUB).get();

Original file line number	Diff line number	Diff line change
`@@ -84,16 +84,16 @@ public Map<String, Object> providerById(EntityType entityType, String id) {`
`84`	`84`	`}`
`85`	`85`
`86`	`86`	`@Override`
`87`		`- public List<Map<String, Object>> provisioning(Collection<String> ids) {`
`88`		`- LOG.debug("provisioning for : " + ids);`
	`87`	`+ public List<Map<String, Object>> provisioning(Collection<String> applicationIdentifiers) {`
	`88`	`+ LOG.debug("provisioning for : " + applicationIdentifiers);`
`89`	`89`
`90`		`- if (CollectionUtils.isEmpty(ids)) {`
	`90`	`+ if (CollectionUtils.isEmpty(applicationIdentifiers)) {`
`91`	`91`	`return Collections.emptyList();`
`92`	`92`	`}`
`93`	`93`	`return providers(EntityType.PROVISIONING).stream()`
`94`	`94`	`.filter(map -> {`
`95`	`95`	`List<Map<String, String>> applications = (List<Map<String, String>>) map.get("applications");`
`96`		`- return applications.stream().anyMatch(m -> ids.contains(m.get("id")));`
	`96`	`+ return applications.stream().anyMatch(m -> applicationIdentifiers.contains(m.get("id")));`
`97`	`97`	`})`
`98`	`98`	`.collect(Collectors.toList());`
`99`	`99`	`}`
Original file line number	Diff line number	Diff line change
`@@ -75,14 +75,14 @@ public Map<String, Object> providerById(EntityType entityType, String id) {`
`75`	`75`
`76`	`76`
`77`	`77`	`@Override`
`78`		`- public List<Map<String, Object>> provisioning(Collection<String> ids) {`
	`78`	`+ public List<Map<String, Object>> provisioning(Collection<String> applicationIdentifiers) {`
`79`	`79`	`LOG.debug("provisionings for identifiers");`
`80`	`80`
`81`		`- if (CollectionUtils.isEmpty(ids)) {`
	`81`	`+ if (CollectionUtils.isEmpty(applicationIdentifiers)) {`
`82`	`82`	`return emptyList();`
`83`	`83`	`}`
`84`	`84`	`String queryUrl = String.format("%s/manage/api/internal/provisioning", url);`
`85`		`- return transformProvider(restTemplate.postForObject(queryUrl, ids, List.class));`
	`85`	`+ return transformProvider(restTemplate.postForObject(queryUrl, applicationIdentifiers, List.class));`
`86`	`86`	`}`
`87`	`87`
`88`	`88`	`@Override`
Original file line number	Diff line number	Diff line change
`@@ -11,4 +11,5 @@ public boolean isGraphResponse() {`
`11`	`11`	`public boolean isErrorResponse() {`
`12`	`12`	`return false;`
`13`	`13`	`}`
	`14`	`+`
`14`	`15`	`}`
Original file line number	Diff line number	Diff line change
`@@ -7,4 +7,5 @@ public interface ProvisioningResponse {`
`7`	`7`	`String remoteIdentifier();`
`8`	`8`
`9`	`9`	`boolean isErrorResponse();`
	`10`	`+`
`10`	`11`	`}`
Original file line number	Diff line number	Diff line change
`@@ -14,4 +14,5 @@ public boolean isGraphResponse() {`
`14`	`14`	`public boolean isErrorResponse() {`
`15`	`15`	`return errorResponse;`
`16`	`16`	`}`
	`17`	`+`
`17`	`18`	`}`