Fixes #471

Author: oharsta

client/src/api/index.js

@@ -337,6 +337,26 @@ export function connectServiceProviderToIdentityProvider(applicationManageIdenti
     return postPutJson("/api/v1/idp/connect", body, "PUT")
 }
 
+export function disconnectServiceProviderToIdentityProvider(applicationManageIdentifier, entityType, idpManageIdentifier, message) {
+    const body = {
+        applicationManageIdentifier: applicationManageIdentifier,
+        entityType: entityType,
+        idpManageIdentifier: idpManageIdentifier,
+        message
+    };
+    return postPutJson("/api/v1/idp/disconnect", body, "PUT")
+}
+
+export function cancelServiceProviderConnectionRequest(applicationManageIdentifier, entityType, idpManageIdentifier, message) {
+    const body = {
+        applicationManageIdentifier: applicationManageIdentifier,
+        entityType: entityType,
+        idpManageIdentifier: idpManageIdentifier,
+        message
+    };
+    return postPutJson("/api/v1/idp/cancel-connection-request", body, "PUT")
+}
+
 //External Invite Proxy
 export function inviteRoles(organizationGUID, applicationManageId) {
     return fetchJson(`/api/v1/invite/roles/${organizationGUID}/${applicationManageId}`);

client/src/locale/en.js

@@ -1051,7 +1051,8 @@ const en = {
         flash: {
             requestConnectionByMember: "Your request has been send",
             makeConnection: "Application access has been set",
-            requestConnection: "Application access is requested"
+            requestConnection: "Application access is requested",
+            cancelConnectionRequest: "Your request has been cancelled"
         }
     },
     appAccess: {

client/src/pages/ApplicationDetail.jsx

@@ -2,6 +2,7 @@ import "./ApplicationDetail.scss";
 import "../styles/access_card.scss";
 import React, {useEffect, useState} from "react";
 import {
+    cancelServiceProviderConnectionRequest,
     connectServiceProviderToIdentityProvider,
     getPolicyByServiceProviderEntityId,
     inviteRoles,
@@ -41,7 +42,7 @@ const confirmationModalOptions = {
     makeConnection: "makeConnection",
     requestConnection: "requestConnection",
     requestConnectionByMember: "requestConnectionByMember",
-    disconnectConnection: "disconnectConnection",
+    cancelConnection: "cancelConnection",
     requestDisconnectConnection: "requestDisconnectConnection",
 }
 
@@ -263,7 +264,21 @@ const ApplicationDetail = ({anonymous, refreshUser}) => {
             });
         } else {
             cancelConfirmation();
-            alert("cancel request");
+            setLoading(true);
+            const manageIdentifierOrg = user.identityProvider?.id || currentOrganization.manageIdentifier;
+            cancelServiceProviderConnectionRequest(
+                serviceProvider.id,
+                serviceProvider.type,
+                manageIdentifierOrg,
+                message)
+                .then(() => {
+                    //Because user is an useEffect dependency, everything will reload. Including change requests
+                    refreshUser(() => {
+                        //a small timeout to prevent flickering - cancelling requests does not happen that often
+                        setTimeout(() => setLoading(false), 75);
+                    });
+                    setFlash(I18n.t("applicationConnect.flash.cancelConnectionRequest"));
+                });
         }
     }
 

server/src/main/java/access/api/ConnectionController.java

@@ -205,7 +205,8 @@ public ResponseEntity<Map<String, Object>> requestProductionStatus(User user,
                                 user.getName(), connection.getName(), jiraKey)),
                 false,
                 PathUpdateType.ADDITION,
-                RequestType.ProductionStatusRequest);
+                RequestType.ProductionStatusRequest,
+                jiraKey);
         Map<String, Object> changeRequestResponse = manage.createChangeRequest(connection.getEnvironment(), changeRequest);
 
         LOG.debug("Change request response from manage: " + changeRequestResponse);
@@ -276,7 +277,7 @@ private Connection productionReadyChangeRequests(Connection connection, User use
         Map<String, Object> auditData = Map.of("user", user.getEmail(),
                 "notes", String.format("Production status requested by %s for %s. See Jira %s",
                         user.getName(), connection.getName(), jiraKey));
-        List<ChangeRequest> changeRequests = connectionProviderConverter.deduceChangeRequests(connection, provider, auditData);
+        List<ChangeRequest> changeRequests = connectionProviderConverter.deduceChangeRequests(connection, provider, auditData, jiraKey);
         changeRequests.forEach(changeRequest -> manage.createChangeRequest(environment, changeRequest));
         //Now the tricky bit, we must fetch the changeRequest after they are created and return the data based on the provider
         connection.mergeMetaData(provider, true);

server/src/main/java/access/api/IdentityProviderController.java

@@ -36,6 +36,7 @@
 import java.util.ArrayList;
 import java.util.List;
 import java.util.Map;
+import java.util.Optional;
 
 import static access.SwaggerOpenIdConfig.API_TOKENS_SCHEME_NAME;
 import static access.SwaggerOpenIdConfig.OPEN_ID_SCHEME_NAME;
@@ -46,6 +47,7 @@
 @Transactional
 @SecurityRequirement(name = OPEN_ID_SCHEME_NAME, scopes = {"openid"})
 @SecurityRequirement(name = API_TOKENS_SCHEME_NAME)
+@SuppressWarnings("unchecked")
 public class IdentityProviderController implements UserAccessRights {
 
     private static final Log LOG = LogFactory.getLog(IdentityProviderController.class);
@@ -169,7 +171,8 @@ public ResponseEntity<Map<String, Object>> connect(User user, @RequestBody @Vali
                                 jiraKey)),
                 true,
                 PathUpdateType.ADDITION,
-                RequestType.LinkRequest);
+                RequestType.LinkRequest,
+                jiraKey);
         manage.createChangeRequest(Environment.PROD, changeRequest);
 
         return ResponseEntity.status(HttpStatus.CREATED).body(
@@ -223,11 +226,47 @@ public ResponseEntity<Map<String, Object>> disconnect(User user, @RequestBody @V
                                 jiraKey)),
                 true,
                 PathUpdateType.REMOVAL,
-                RequestType.UnlinkRequest);
+                RequestType.UnlinkRequest,
+                jiraKey);
         manage.createChangeRequest(Environment.PROD, changeRequest);
 
         return ResponseEntity.status(HttpStatus.CREATED).body(
                 Map.of("status", HttpStatus.CREATED.value(), "jiraKey", jiraKey));
     }
 
+    @PutMapping({"/cancel-connection-request"})
+    public ResponseEntity<Map<String, Object>> cancelConnectionRequest(User user, @RequestBody @Validated ConnectionRequest connectionRequest) {
+        LOG.debug("/cancelConnectionRequest SP to IdP request by " + user.getEmail());
+
+        user = reinitializeUser(user, userRepository);
+
+        String idpManageIdentifier = connectionRequest.getIdpManageIdentifier();
+        Organization organization = organizationRepository.findByManageIdentifier(idpManageIdentifier)
+                .orElseThrow(() -> new NotFoundException("Organization with manageIdentifier not found: " + idpManageIdentifier));
+
+        Map<String, Object> serviceProvider = manage.providerById(connectionRequest.getEntityType(),
+                connectionRequest.getApplicationManageIdentifier(), Environment.PROD);
+
+        confirmOrganizationMembership(user, organization, Authority.ADMIN);
+        Map<String, Object> identityProvider = manage.providerById(EntityType.saml20_idp, idpManageIdentifier, Environment.PROD);
+
+        List<Map<String, Object>> changeRequests = manage.getChangeRequestsIdentityProvider(identityProvider);
+        String serviceProviderEntityID = getEntityID(serviceProvider);
+        List<Map<String, Object>> openChangeRequests = changeRequests.stream()
+                .filter(changeRequest ->
+                        EntityType.saml20_idp.name().equals(changeRequest.get("type")) &&
+                                PathUpdateType.ADDITION.name().equalsIgnoreCase((String) changeRequest.get("pathUpdateType")) &&
+                                RequestType.LinkRequest.name().equalsIgnoreCase((String) changeRequest.get("requestType")) &&
+                                serviceProviderEntityID.equals(((Map<String, Map<String, String>>)
+                                        changeRequest.getOrDefault("pathUpdates", Map.of()))
+                                        .getOrDefault("allowedEntities", Map.of()).get("name")))
+                .toList();
+        //First delete all manage change request - this is most likely to succeed
+        openChangeRequests.forEach(changeRequest -> manage.rejectChangeRequest(Environment.PROD, new ChangeRequest(changeRequest)));
+        //Then update all Jira comments, this API is not so stable
+        String comment = "Ticket can be closed by request of the requestor";
+        openChangeRequests.forEach(changeRequest -> jiraClient.comment((String) changeRequest.get("ticketKey"), comment));
+
+        return Results.okResult();
+    }
 }

server/src/main/java/access/api/OrganizationController.java

@@ -161,9 +161,6 @@ public ResponseEntity<Organization> findMyOrganization(User user,
             if (organization.mergeMetaData(provider, false)) {
                 organizationRepository.save(organization);
             }
-            List<Map<String, Object>> changeRequests = manage.getChangeRequestsIdentityProvider(provider);
-            organization.convertChangeRequests(changeRequests);
-
         }
         return ResponseEntity.ok(organization);
     }

server/src/main/java/access/jira/JiraClient.java

@@ -12,7 +12,9 @@
 import org.springframework.core.io.ClassPathResource;
 import org.springframework.http.HttpEntity;
 import org.springframework.http.HttpHeaders;
+import org.springframework.http.HttpMethod;
 import org.springframework.http.MediaType;
+import org.springframework.http.ResponseEntity;
 import org.springframework.http.client.ClientHttpRequestInterceptor;
 import org.springframework.http.client.SimpleClientHttpRequestFactory;
 import org.springframework.stereotype.Service;
@@ -102,6 +104,18 @@ public String create(JiraIssue issue) {
         }
     }
 
+    public void comment(String jiraKey, String comment) {
+        String commentUrl = config.getBaseUrl() + "/issue/" + jiraKey + "/comment";
+        Map<String, String> body = Map.of("body", comment);
+        HttpEntity<Object> commentRequestEntity = new HttpEntity<>(body, defaultHeaders);
+
+        LOG.info("Sending JSON {} to JIRA", body);
+
+        ResponseEntity<Map> responseEntity = restTemplate.exchange(commentUrl, HttpMethod.POST, commentRequestEntity, Map.class);
+
+        LOG.info("Response {} from JIRA", responseEntity.getBody());
+    }
+
     private String resolveIssueType() {
         return this.mappings.get(this.config.getEnvironment())
                 .get("issueTypes").entrySet().stream()

server/src/main/java/access/manage/ChangeRequest.java

@@ -35,13 +35,22 @@ public class ChangeRequest implements Serializable {
 
     private RequestType requestType;
 
+    private String ticketKey;
+
+    public ChangeRequest(Map<String, Object> manageChangeRequest) {
+        this.id = (String) manageChangeRequest.get("id");
+        this.type = (String) manageChangeRequest.get("type");
+        this.metaDataId = (String) manageChangeRequest.get("metaDataId");
+    }
+
     public ChangeRequest(String metaDataId,
                          EntityType entityType,
                          Map<String, Object> pathUpdates,
                          Map<String, Object> auditData,
                          boolean incrementalChange,
                          PathUpdateType pathUpdateType,
-                         RequestType requestType) {
+                         RequestType requestType,
+                         String ticketKey) {
         this.metaDataId = metaDataId;
         this.type = entityType.name();
         this.note = auditData != null ? (String) auditData.get("notes") : null;
@@ -50,6 +59,7 @@ public ChangeRequest(String metaDataId,
         this.incrementalChange = incrementalChange;
         this.pathUpdateType = pathUpdateType;
         this.requestType = requestType;
+        this.ticketKey = ticketKey;
     }
 
 }

server/src/main/java/access/manage/ConnectionProviderConverter.java

@@ -178,7 +178,8 @@ public void convertContactPersons(Map<String, Object> applicationMetaData, Map<S
     //For all attributes that have been changed, we create a single ChangeRequest
     public List<ChangeRequest> deduceChangeRequests(Connection connection,
                                                     Map<String, Object> currentProvider,
-                                                    Map<String, Object> auditData) {
+                                                    Map<String, Object> auditData,
+                                                    String jiraKey) {
         //We need to compare maps, the current data in Manage (e.g. currentProvider) and the new Data in Connection
         //So we need to convert the connection in to the new Map, without modifying the originalMap
         Map clonedProvider = deepClone(currentProvider);
@@ -197,7 +198,8 @@ public List<ChangeRequest> deduceChangeRequests(Connection connection,
                     auditData,
                     false,
                     null,
-                    RequestType.Change);
+                    RequestType.Change,
+                    jiraKey);
             changeRequests.add(changeRequest);
         }
         return changeRequests;

server/src/main/java/access/model/Organization.java

@@ -176,73 +176,4 @@ public boolean mergeMetaData(Map<String, Object> provider, boolean force) {
         this.metaData.put("contactPersons", contactPersons);
         return true;
     }
-
-    @SuppressWarnings("unchecked")
-    public void convertChangeRequests(List<Map<String, Object>> changeRequests) {
-        //We don't convert the changeRequests to the same data as the metaData of an Organization as this proves
-        //to be too difficult. We sort it out on the client
-        this.changeRequests = changeRequests;
-//        this.changeRequests = changeRequests.stream()
-//                .map(changeRequest -> {
-//                    Map<String, Object> pathUpdates = (Map<String, Object>) changeRequest.get("pathUpdates");
-//                    Map<String, Object> provider = new HashMap<>();
-//                    //To prevent NullPointerException
-//                    provider.put("version", -1);
-//
-//                    Map<String, Object> data = new HashMap<>();
-//                    provider.put("data", data);
-//
-//                    Map<String, Object> metaDataFields = new HashMap<>();
-//                    data.put("metaDataFields", metaDataFields);
-//
-//                    pathUpdates.forEach((key, value) -> {
-//                        if (key.startsWith("metaDataFields")) {
-//                            //See src/test/resources/manage/change_request_large.json
-//                            key = key.substring("metaDataFields.".length());
-//                            metaDataFields.put(key, value);
-//                        } else {
-//                            //For pathUpdates to the stepupEntities, mfaEntities, disableConsent
-//                            String pathUpdateType = (String) changeRequest.get("pathUpdateType");
-//                            if (pathUpdateType == null) {
-//                                data.put(key, value);
-//                            } else {
-//                                //For incremental changes, we need the current value from the metaData and apply the change
-//                                Object originalValue = this.metaData.get(key);
-//                                if (originalValue instanceof List originalValueList) {
-//                                    if (pathUpdateType.equals(PathUpdateType.ADDITION.name())) {
-//                                        List newValue = new ArrayList(originalValueList);
-//                                        if (value instanceof Map) {
-//                                            newValue.add(value);
-//                                        } else if (value instanceof List listValue) {
-//                                            newValue.addAll(listValue);
-//                                        }
-//                                        data.put(key, newValue);
-//                                    } else {
-//                                        List<String> removedNames = value instanceof Map ? List.of((String) ((Map) value).get("name")) :
-//                                                ((List) value).stream().map(m -> ((Map) m).get("name")).toList();
-//                                        List newValue = originalValueList.stream()
-//                                                .filter(m -> !removedNames.contains(((Map) m).get("name")))
-//                                                .toList();
-//                                        data.put(key, newValue);
-//                                    }
-//                                } else {
-//                                    data.put(key, value);
-//                                }
-//                            }
-//                        }
-//                    });
-//                    Organization organization = new Organization();
-//                    organization.mergeMetaData(provider, true);
-//                    Map<String, Object> connectionMetaData = organization.getMetaData();
-//                    //Now clean up all keys where the value is empty
-//                    connectionMetaData.entrySet().removeIf(entry -> isEmpty(entry.getValue()));
-//                    //copy some of the auditData for display purposes and revoke functionality
-//                    List.of("id", "metaDataId", "type", "auditData", "created")
-//                            .forEach(attr -> connectionMetaData.put(attr, changeRequest.get(attr)));
-//                    return connectionMetaData;
-//                })
-//                .toList();
-    }
-
-
 }