55import access .jira .JiraClient ;
66import access .jira .JiraIssue ;
77import access .mail .MailBox ;
8- import access .manage .*;
9- import access .model .*;
8+ import access .manage .ChangeRequest ;
9+ import access .manage .DashBoardConnectionOption ;
10+ import access .manage .Manage ;
11+ import access .manage .PathUpdateType ;
12+ import access .manage .RequestType ;
13+ import access .model .Authority ;
14+ import access .model .ConnectionRequest ;
15+ import access .model .EntityType ;
16+ import access .model .Environment ;
17+ import access .model .Organization ;
18+ import access .model .OrganizationMembership ;
19+ import access .model .User ;
1020import access .repository .OrganizationRepository ;
1121import access .repository .UserRepository ;
1222import io .swagger .v3 .oas .annotations .security .SecurityRequirement ;
1727import org .springframework .http .ResponseEntity ;
1828import org .springframework .transaction .annotation .Transactional ;
1929import org .springframework .util .CollectionUtils ;
20- import org .springframework .util .StringUtils ;
2130import org .springframework .validation .annotation .Validated ;
2231import org .springframework .web .bind .annotation .PutMapping ;
2332import org .springframework .web .bind .annotation .RequestBody ;
@@ -61,7 +70,10 @@ public IdentityProviderController(UserRepository userRepository,
6170
6271 @ PutMapping ({"/connect" })
6372 public ResponseEntity <Map <String , Object >> connect (User user , @ RequestBody @ Validated ConnectionRequest connectionRequest ) {
64- LOG .debug ("/connect SP to IdP connection for " + user .getEmail ());
73+ String email = user .getEmail ();
74+ LOG .debug ("/connect SP to IdP connection for " + email );
75+
76+ user = reinitializeUser (user , userRepository );
6577
6678 String idpManageIdentifier = connectionRequest .getIdpManageIdentifier ();
6779 Organization organization = organizationRepository .findByManageIdentifier (idpManageIdentifier )
@@ -70,15 +82,11 @@ public ResponseEntity<Map<String, Object>> connect(User user, @RequestBody @Vali
7082 Map <String , Object > serviceProvider = manage .providerById (connectionRequest .getEntityType (),
7183 connectionRequest .getApplicationManageIdentifier (), Environment .PROD );
7284
73- Map <String , Object > identityProvider = manage .providerById (EntityType .saml20_idp , idpManageIdentifier , Environment .PROD );
74-
75- User userFromDB = reinitializeUser (user , userRepository );
76- //See https://github.com/OpenConext/OpenConext-access/wiki/Service-Connect-Flow
77- boolean memberRequest = !userFromDB .isSuperUser ();
85+ boolean memberRequest = !user .isSuperUser ();
7886 if (memberRequest ) {
79- OrganizationMembership organizationMembership = getOrganizationMembership (userFromDB , organization , Authority .GUEST )
87+ OrganizationMembership organizationMembership = getOrganizationMembership (user , organization , Authority .GUEST )
8088 .orElseThrow (() -> new NotAllowedException (
81- String .format ("User %s is not a member of organization %s" , userFromDB . getEmail () , organization .getName ())));
89+ String .format ("User %s is not a member of organization %s" , email , organization .getName ())));
8290 memberRequest = !organizationMembership .getAuthority ().equals (Authority .ADMIN );
8391 }
8492 if (memberRequest ) {
@@ -97,10 +105,14 @@ public ResponseEntity<Map<String, Object>> connect(User user, @RequestBody @Vali
97105 //Avoid UnsupportedException for immutable collections
98106 admins = new ArrayList <>(admins );
99107 admins .add (user );
100- mailBox .sendConnectionRequest (userFromDB , admins , organization , getProviderName (serviceProvider ),
108+ mailBox .sendConnectionRequest (user , admins , organization , getProviderName (serviceProvider ),
101109 connectionRequest .getMessage (), deeplink );
102110 return Results .createResult ();
103111 }
112+
113+ Map <String , Object > identityProvider = manage .providerById (EntityType .saml20_idp , idpManageIdentifier , Environment .PROD );
114+
115+ //See https://github.com/OpenConext/OpenConext-access/wiki/Service-Connect-Flow
104116 //Now check if the connection can be made automatically
105117 Map <String , Object > spMetaDataFields = getMetaDataFields (getData (serviceProvider ));
106118 DashBoardConnectionOption connectOption = DashBoardConnectionOption
@@ -111,12 +123,12 @@ public ResponseEntity<Map<String, Object>> connect(User user, @RequestBody @Vali
111123 .equals (idpInstitutionGUID );
112124 boolean connectWithoutInteraction = idpAndSpShareInstitution || !connectOption .equals (DashBoardConnectionOption .connectWithInteraction );
113125 if (connectWithoutInteraction ) {
114- manage .connectWithoutInteraction (identityProvider , serviceProvider , userFromDB );
126+ manage .connectWithoutInteraction (identityProvider , serviceProvider , user );
115127 if (connectOption .equals (DashBoardConnectionOption .connectWithoutInteractionWithEmail )) {
116128 List <String > recipients = contactPersons (serviceProvider );
117129 if (!CollectionUtils .isEmpty (recipients )) {
118130 mailBox .sendNewConnectionCreated (
119- userFromDB ,
131+ user ,
120132 recipients ,
121133 getProviderName (identityProvider ),
122134 getProviderName (serviceProvider ),
@@ -143,13 +155,13 @@ public ResponseEntity<Map<String, Object>> connect(User user, @RequestBody @Vali
143155 changeRequestURL ),
144156 summary ,
145157 EntityType .valueOf ((String ) serviceProvider .get ("type" )),
146- user . getEmail ()
158+ email
147159 ));
148160 ChangeRequest changeRequest = new ChangeRequest (
149161 idpManageIdentifier ,
150162 EntityType .saml20_idp ,
151163 Map .of ("allowedEntities" , Map .of ("name" , serviceProviderEntityID )),
152- Map .of ("user" , user . getEmail () ,
164+ Map .of ("user" , email ,
153165 "notes" , String .format ("Connection request requested by %s from %s for %s. See Jira %s" ,
154166 user .getName (),
155167 identityProviderEntityID ,
@@ -164,5 +176,58 @@ public ResponseEntity<Map<String, Object>> connect(User user, @RequestBody @Vali
164176 Map .of ("status" , HttpStatus .CREATED .value (), "jiraKey" , jiraKey ));
165177 }
166178
179+ @ PutMapping ({"/disconnect" })
180+ public ResponseEntity <Map <String , Object >> disconnect (User user , @ RequestBody @ Validated ConnectionRequest connectionRequest ) {
181+ LOG .debug ("/disconnect SP to IdP request by " + user .getEmail ());
182+
183+ user = reinitializeUser (user , userRepository );
184+
185+ String idpManageIdentifier = connectionRequest .getIdpManageIdentifier ();
186+ Organization organization = organizationRepository .findByManageIdentifier (idpManageIdentifier )
187+ .orElseThrow (() -> new NotFoundException ("Organization with manageIdentifier not found: " + idpManageIdentifier ));
188+
189+ Map <String , Object > serviceProvider = manage .providerById (connectionRequest .getEntityType (),
190+ connectionRequest .getApplicationManageIdentifier (), Environment .PROD );
191+
192+ confirmOrganizationMembership (user , organization , Authority .ADMIN );
193+ Map <String , Object > identityProvider = manage .providerById (EntityType .saml20_idp , idpManageIdentifier , Environment .PROD );
194+
195+ String changeRequestURL = manage .changeRequestURLConnectionRequest (EntityType .saml20_idp , idpManageIdentifier );
196+
197+ String identityProviderEntityID = getEntityID (identityProvider );
198+ String serviceProviderEntityID = getEntityID (serviceProvider );
199+ String lineSeparator = System .lineSeparator ();
200+ String summary = String .format ("Disconnection request requested by %s for %s." ,
201+ user .getName (), getProviderName (identityProvider ));
202+ String jiraKey = jiraClient .create (new JiraIssue (
203+ serviceProviderEntityID ,
204+ identityProviderEntityID ,
205+ String .format ("%s%sA change request in manage has been created to merge this user request. See:%s%s" ,
206+ summary ,
207+ lineSeparator ,
208+ lineSeparator ,
209+ changeRequestURL ),
210+ summary ,
211+ EntityType .valueOf ((String ) serviceProvider .get ("type" )),
212+ user .getEmail ()
213+ ));
214+ ChangeRequest changeRequest = new ChangeRequest (
215+ idpManageIdentifier ,
216+ EntityType .saml20_idp ,
217+ Map .of ("allowedEntities" , Map .of ("name" , serviceProviderEntityID )),
218+ Map .of ("user" , user .getEmail (),
219+ "notes" , String .format ("Disconnection request requested by %s from %s for %s. See Jira %s" ,
220+ user .getName (),
221+ identityProviderEntityID ,
222+ serviceProviderEntityID ,
223+ jiraKey )),
224+ true ,
225+ PathUpdateType .REMOVAL ,
226+ RequestType .UnlinkRequest );
227+ manage .createChangeRequest (Environment .PROD , changeRequest );
228+
229+ return ResponseEntity .status (HttpStatus .CREATED ).body (
230+ Map .of ("status" , HttpStatus .CREATED .value (), "jiraKey" , jiraKey ));
231+ }
167232
168233}
0 commit comments