WIP for Idp_SP connection

Author: oharsta

client/src/api/index.js

@@ -94,24 +94,29 @@ export function searchUsers(pagination = {}) {
 export function feedback(message) {
     return postPutJson("/api/v1/users/feedback", {message: message}, "POST");
 }
+
 //Organizations
 
 //attributePaths = {"organizationMemberships.user", "invitations.invitee", "joinRequests.user"}
 export function organizationUserManagementById(id) {
     return fetchJson(`/api/v1/organizations/details/${id}`);
 }
+
 //attributePaths = {"applications.connections"}
 export function organizationApplicationsById(id) {
     return fetchJson(`/api/v1/organizations/applications/${id}`);
 }
+
 //no extra attributes, but with the metadata from manage (if internal organization)
 export function organizationMineById(id) {
     return fetchJson(`/api/v1/organizations/mine/${id}`);
 }
+
 //attributePaths = {"organizationMemberships.user"}
 export function organizationUsersById(id) {
     return fetchJson(`/api/v1/organizations/users/${id}`);
 }
+
 //no extra relations fetched, just plain attributes
 export function organizationLightById(id) {
     return fetchJson(`/api/v1/organizations/light/${id}`);
@@ -297,6 +302,16 @@ export function deleteAllInvitations(organization) {
     return fetchDelete(`/api/v1/invitations/delete/all/${organization.id}`)
 }
 
+//IdentityProvider
+export function connectServiceProviderToIdentityProvider(applicationManageIdentifier, entityType, idpManageIdentifier) {
+    const body = {
+        applicationManageIdentifier: applicationManageIdentifier,
+        entityType: entityType,
+        idpManageIdentifier: idpManageIdentifier
+    };
+    return postPutJson("/api/v1/idp/connect", body, "PUT")
+}
+
 //Public
 export function publicIdentityProviders() {
     return fetchJson("/api/v1/public/identity-providers");

client/src/locale/en.js

@@ -1021,7 +1021,12 @@ const en = {
     applicationConnect: {
         connect: "Connect",
         request: "Request connection",
-        back: "← Back to other apps"
+        back: "← Back to other apps",
+        defaultAccess: "Hoe wil je default toegang instellen?",
+        access: {
+            all:"Iedereen van de {{orgName}} heeft direct automatisch toegang",
+            some: "Pas toegangsregels toe"
+        }
     }
 }
 

client/src/pages/ApplicationDetail.jsx

@@ -1,9 +1,9 @@
 import "./ApplicationDetail.scss";
 import React, {useEffect, useState} from "react";
-import {publicServiceProviderByDetail} from "../api/index.js";
+import {connectServiceProviderToIdentityProvider, publicServiceProviderByDetail} from "../api/index.js";
 import I18n from "../locale/I18n.js";
 import {useNavigate, useParams} from "react-router-dom";
-import {Button, ButtonIconPlacement, ButtonType, Loader} from "@surfnet/sds";
+import {Button, ButtonIconPlacement, ButtonType, Loader, RadioOptions, RadioOptionsOrientation} from "@surfnet/sds";
 import StudentPng from "../icons/student2.png";
 import PlaceHolderImage from "@surfnet/sds/icons/placeholder-image.svg";
 import ArrowLeftIcon from "@surfnet/sds/icons/functional-icons/arrow-left-2.svg";
@@ -13,6 +13,13 @@ import {useAppStore} from "../stores/AppStore.js";
 import {useShallow} from "zustand/react/shallow";
 import ConfirmationDialog from "../components/ConfirmationDialog.jsx";
 
+const confirmationModalOptions = {
+    makeConnection: "makeConnection",
+    requestConnection: "requestConnection",
+    disconnectConnection: "disconnectConnection",
+    requestDisconnectConnection: "requestDisconnectConnection",
+}
+
 const ApplicationDetail = ({anonymous}) => {
 
         const {arp, privacy, user} = useAppStore(useShallow(state => ({
@@ -28,13 +35,24 @@ const ApplicationDetail = ({anonymous}) => {
         const [serviceProvider, setServiceProvider] = useState([]);
         const [showAttributes, setShowAttributes] = useState(false);
         const [showPrivacy, setShowPrivacy] = useState(false);
+        const [metaData, setMetaData] = useState({});
+        const [connectWithOutInteraction, setConnectWithOutInteraction] = useState(false);
         const [confirmation, setConfirmation] = useState({});
+        const [accessChoice, setAccessChoice] = useState("ALL");
+        const [confirmationModalOption, setConfirmationModalOption] = useState(null);
+
 
         useEffect(() => {
             publicServiceProviderByDetail(manageType, manageId)
                 .then(res => {
                     setServiceProvider(res);
                     setLoading(false);
+                    const newMetaData = res.data.metaDataFields;
+                    setMetaData(newMetaData);
+                    const connectOption = newMetaData["coin:dashboard_connect_option"] || "connect_with_interaction";
+                    const sameInstitution = !isEmpty(newMetaData["coin:institution_guid"]) &&
+                        newMetaData["coin:institution_guid"] === user.identityProvider.data.metaDataFields["coin:institution_guid"]
+                    setConnectWithOutInteraction(connectOption !== "connect_with_interaction" || sameInstitution);
                 })
                 .catch(() => {
                     navigate("/404");
@@ -63,8 +81,6 @@ const ApplicationDetail = ({anonymous}) => {
             );
         }
 
-        const metaData = serviceProvider.data.metaDataFields;
-
         const toggleShowAttributes = e => {
             stopEvent(e);
             setShowAttributes(true);
@@ -79,57 +95,65 @@ const ApplicationDetail = ({anonymous}) => {
             return arp.attributes.find(attr => attr.urn === urn);
         }
 
-        const mayConnectWithoutInteraction = () => {
-            const connectOption = metaData["coin:dashboard_connect_option"] || "connect_with_interaction";
-            const sameInstitution = !isEmpty(metaData["coin:institution_guid"]) &&
-                metaData["coin:institution_guid"] === user.identityProvider.data.metaDataFields["coin:institution_guid"]
-            return connectOption !== "connect_with_interaction" || sameInstitution;
-        }
-
-        const openConnectDialog = () => {
-            setConfirmation({
-                open: true,
-                cancel: () => setConfirmation({open: false}),
-                action: () => doDelete(invitation, false),
-                question: I18n.t("invitationsManagement.deleteConfirmation", {email: invitation.inviter.name}),
-                okButton: I18n.t("invitationsManagement.revoke")
-            });
-        }
-
-        const doRequestConnection = () => {
-
+        const confirmationModalChildren = () => {
+            if (confirmationModalOption === confirmationModalOptions.makeConnection ) {
+                return (
+                    <div className="connect-options-container">
+                        <RadioOptions name={"access"}
+                                      label={I18n.t("applicationConnect.defaultAccess")}
+                                      value={accessChoice}
+                                      onChange={e => {
+                                          const newValue = e.target.id.replace("access_", "").toUpperCase();
+                                          setAccessChoice(newValue);
+                                      }}
+                                      isMultiple={true}
+                                      labels={["ALL", "SOME"]}
+                                      labelResolver={label => I18n.t(`applicationConnect.access.${label.toLowerCase()}`, {
+                                          orgName: providerName(I18n.locale, user.identityProvider)
+                                      })}
+                                      orientation={RadioOptionsOrientation.column}/>
+                    </div>
+                );
+            }
+            return "TODO"
         }
 
-        const openRequestConnectionDialog = () => {
-            setConfirmation({
-                open: true,
-                cancel: () => setConfirmation({open: false}),
-                action: () => doDelete(invitation, false),
-                question: I18n.t("invitationsManagement.deleteConfirmation", {email: invitation.inviter.name}),
-                okButton: I18n.t("invitationsManagement.revoke")
-            });
+        const doRequestConnection = withConfirmation => {
+            if (withConfirmation) {
+                setConfirmation({
+                    open: true,
+                    cancel: () => setConfirmation({open: false}),
+                    action: () => doRequestConnection(false),
+                    title: null,
+                    question: null,
+                    okButton: I18n.t("forms.proceed")
+                });
+                setConfirmationModalOption(confirmationModalOptions.makeConnection)
+            } else {
+                setConfirmation({});
+                connectServiceProviderToIdentityProvider(serviceProvider.id,serviceProvider.type, user.identityProvider.id)
+                    .then(() => {
+                        //Where to go to next?
+                        alert("done")
+                    })
+            }
         }
 
         const goBack = e => {
             stopEvent(e);
             navigate(-1);
         }
 
-        const connectButtonText = () => {
-            //Is the app already connected, may the app be connected without interaction, or is there already an outstanding change request?
-            return I18n.t(`applicationConnect.${mayConnectWithoutInteraction() ? "connect" : "request"}`)
-        }
-
-        const {open, cancel, action, question, okButton, children} = confirmation;
+        const {open, cancel, action, question, title, okButton} = confirmation;
 
         return (
             <div className="application-detail-container">
                 {open && <ConfirmationDialog confirm={action}
                                              cancel={cancel}
-                                             confirmationHeader={I18n.t("forms.submit")}
                                              confirmationTxt={okButton}
+                                             confirmationHeader={title}
                                              question={question}>
-                    {children}
+                    {confirmationModalChildren()}
                 </ConfirmationDialog>
                 }
                 {anonymous && <div className="application-detail-header-container">
@@ -164,8 +188,8 @@ const ApplicationDetail = ({anonymous}) => {
                                                   iconPlacement={ButtonIconPlacement.Left}
                                                   onClick={goBack}
                                                   txt={I18n.t("applicationDetail.back")}/>}
-                            {!anonymous && <Button onClick={() => alert("Todo")}
-                                                   txt={connectButtonText()}/>}
+                            {!anonymous && <Button onClick={() => doRequestConnection(true)}
+                                                   txt={I18n.t(`applicationConnect.${connectWithOutInteraction ? "connect" : "request"}`)}/>}
                         </div>
                         <div className="details">
                             <div className="left">

client/src/pages/ApplicationDetail.scss

@@ -6,6 +6,18 @@ div.application-detail-container {
 
     $width: 920px;
 
+    .sds--modal--container {
+        max-width: 620px;
+    }
+
+    .connect-options-container {
+        .sds--text-field-container > [class^="option-"] {
+            padding: 14px 20px 14px 10px;
+            background-color: var(--sds--color--gray--background);
+            border-radius: 6px;
+        }
+    }
+
     .application-detail-header-container {
         width: 100%;
         background-color: var(--sds--color--gray--background);
@@ -41,6 +53,11 @@ div.application-detail-container {
     .application-detail-top {
         background-color: white;
         padding: 0 25px;
+
+        a {
+            color: var(--sds--color--gray--500);
+            text-decoration: none;
+        }
     }
 
     .application-detail {

client/src/pages/Profile.jsx

@@ -12,6 +12,7 @@ import {SESSION_STORAGE_LOCATION} from "../utils/Login.js";
 import {useNavigate} from "react-router";
 import {mainMenuItems} from "../utils/MenuItems.js";
 import InputField from "../components/InputField.jsx";
+import {providerName} from "../utils/Manage.js";
 
 const Profile = ({setIsAuthenticated}) => {
 
@@ -91,7 +92,7 @@ const Profile = ({setIsAuthenticated}) => {
                     />
                 }
                 {user.institutionAdmin &&
-                    <InputField name={I18n.t("profile.institutionAdmin")}
+                    <InputField name={I18n.t("profile.institutionAdmin", {orgName: providerName(I18n.locale, user.identityProvider)})}
                                 noInput={true}
                     />
                 }

server/src/main/java/access/api/IdentityProviderController.java

@@ -86,6 +86,18 @@ public ResponseEntity<Map<String, Object>> connect(User user, @RequestBody @Vali
             // TODO send email
             return Results.createResult();
         }
+        //Now check if the connection can be made automatically
+        Map<String, Object> spMetaDataFields = getMetaDataFields(getData(serviceProvider));
+        String connectOption = (String) spMetaDataFields.getOrDefault("coin:dashboard_connect_option", "connect_with_interaction");
+        String idpInstitutionGUID = (String) getMetaDataFields(getData(identityProvider)).get("coin:institution_guid");
+
+        boolean idpAndSpShareInstitution = spMetaDataFields.getOrDefault("coin:institution_guid", "nope")
+                .equals(idpInstitutionGUID);
+        boolean connectWithoutInteraction = idpAndSpShareInstitution || !connectOption.equals("connect_with_interaction");
+        if (connectWithoutInteraction) {
+            manage.connectWithoutInteraction(identityProvider, serviceProvider, userFromDB);
+            return Results.createResult();
+        }
 
         String changeRequestURL = manage.changeRequestURLConnectionRequest(EntityType.saml20_idp, idpManageIdentifier);
 

server/src/main/java/access/manage/LocalManage.java

@@ -1,10 +1,7 @@
 package access.manage;
 
 import access.exception.NotFoundException;
-import access.model.Connection;
-import access.model.EntityType;
-import access.model.Environment;
-import access.model.Organization;
+import access.model.*;
 import com.fasterxml.jackson.core.type.TypeReference;
 import com.fasterxml.jackson.databind.ObjectMapper;
 import lombok.SneakyThrows;
@@ -247,4 +244,9 @@ public List<Map<String, Object>> identityProvidersByAllowedConnections(List<Conn
                 })
                 .toList();
     }
+
+    @Override
+    public void connectWithoutInteraction(Map<String, Object> identityProvider, Map<String, Object> serviceProvider, User currentUser) {
+        //nope
+    }
 }

server/src/main/java/access/manage/Manage.java

@@ -1,9 +1,6 @@
 package access.manage;
 
-import access.model.Connection;
-import access.model.EntityType;
-import access.model.Environment;
-import access.model.Organization;
+import access.model.*;
 
 import java.util.*;
 
@@ -49,6 +46,8 @@ public interface Manage {
 
     List<Map<String, Object>> identityProvidersByAllowedConnections(List<Connection> connections);
 
+    void connectWithoutInteraction(Map<String, Object> identityProvider, Map<String, Object> serviceProvider, User currentUser);
+
     default Map<String, Object> sanitizeProvider(Map<String, Object> provider) {
         //Different Manage API calls return 'id' or '_id'
         if (provider.containsKey("id")) {

server/src/main/java/access/manage/ManageData.java

@@ -15,8 +15,8 @@ public static Map<String, Object> getMetaDataFields(Map<String, Object> data) {
         return (Map<String, Object>) data.get("metaDataFields");
     }
 
-    public static Map<String, Object> getData(Map<String, Object> data) {
-        return (Map<String, Object>) data.get("data");
+    public static Map<String, Object> getData(Map<String, Object> provider) {
+        return (Map<String, Object>) provider.get("data");
     }
 
 

server/src/main/java/access/manage/RemoteManage.java

@@ -230,7 +230,7 @@ public Map<String, Object> identityProviderByEntityID(String entityID) {
         if (identityProviders.isEmpty()) {
             throw new NotFoundException("No identityProviders found for entityID: " + entityID);
         }
-        return identityProviders.getFirst();
+        return sanitizeProvider(identityProviders.getFirst());
     }
 
     @Override
@@ -339,6 +339,21 @@ public List<Map<String, Object>> identityProvidersByAllowedConnections(List<Conn
         return restTemplate.postForEntity(URI.create(url), body, List.class).getBody();
     }
 
+    @Override
+    public void connectWithoutInteraction(Map<String, Object> identityProvider, Map<String, Object> serviceProvider, User user) {
+        RestTemplate restTemplate = environmentRestTemplate(Environment.PROD);
+        String url = String.format("%s/manage/api/internal/connectWithoutInteraction",
+                environmentUrl(Environment.PROD));
+        Map<String, String> bodyMap = new HashMap<>();
+        bodyMap.put("idpId", (String) getData(identityProvider).get("entityid"));
+        bodyMap.put("spId", (String) getData(serviceProvider).get("entityid"));
+        bodyMap.put("spType", (String) serviceProvider.get("type"));
+        bodyMap.put("user", user.getName());
+        bodyMap.put("userUrn", user.getSub());
+        //Fire and forget. An exception will be thrown by the restTemplate if the return is not 20X
+        restTemplate.put(url, bodyMap);
+    }
+
     private List<Map<String, Object>> getRemoteMetaData(Environment environment, String type, boolean allAttributes) {
         Map<String, Object> baseQuery = getBaseQuery(allAttributes);
         String url = String.format("%s/manage/api/internal/search/%s", environmentUrl(environment), type);