VIC-1918: Tenant data in authorised context

virtualidentityag · Nov 1, 2022 · 828273e · 828273e
1 parent 8a46019
commit 828273e
Show file tree

Hide file tree

Showing 3 changed files with 34 additions and 27 deletions.
diff --git a/src/main/java/com/vi/tenantservice/api/facade/TenantServiceFacade.java b/src/main/java/com/vi/tenantservice/api/facade/TenantServiceFacade.java
@@ -91,7 +91,7 @@ public List<BasicTenantLicensingDTO> getAllTenants() {
   public Optional<RestrictedTenantDTO> findTenantBySubdomain(String subdomain, Long tenantId) {
     var tenantById = tenantService.findTenantBySubdomain(subdomain);
 
-    if (multitenancyWithSingleDomain && (authorisationService.isAuthorised() || tenantId != null)) {
+    if (multitenancyWithSingleDomain && authorisationService.isRequestTenantAware(tenantId)) {
       return getSingleDomainSpecificTenantData(tenantById, tenantId);
     }
 

diff --git a/src/main/java/com/vi/tenantservice/config/security/AuthorisationService.java b/src/main/java/com/vi/tenantservice/config/security/AuthorisationService.java
@@ -1,11 +1,21 @@
 package com.vi.tenantservice.config.security;
 
+import com.fasterxml.jackson.core.JsonProcessingException;
+import com.fasterxml.jackson.databind.DeserializationFeature;
+import com.fasterxml.jackson.databind.ObjectMapper;
+import java.util.Base64;
+import java.util.Map;
 import java.util.Optional;
+import javax.servlet.http.Cookie;
+import javax.servlet.http.HttpServletRequest;
 import org.keycloak.KeycloakPrincipal;
 import org.springframework.security.access.AccessDeniedException;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.stereotype.Service;
+import org.springframework.web.context.request.RequestContextHolder;
+import org.springframework.web.context.request.ServletRequestAttributes;
+import org.springframework.web.util.WebUtils;
 
 @Service
 public class AuthorisationService {
@@ -37,7 +47,26 @@ private KeycloakPrincipal getPrincipal() {
     return (KeycloakPrincipal) getAuthentication().getPrincipal();
   }
 
-  public boolean isAuthorised() {
-    return !"anonymousUser".equals(getAuthentication().getPrincipal());
+  public boolean isRequestTenantAware(Long tenantId) {
+    if (tenantId != null) {
+      return true;
+    }
+    HttpServletRequest request =
+        ((ServletRequestAttributes) RequestContextHolder.getRequestAttributes())
+            .getRequest();
+    Cookie token = WebUtils.getCookie(request, "keycloak");
+    String[] chunks = token.getValue().split("\\.");
+    Base64.Decoder decoder = Base64.getUrlDecoder();
+    String payload = new String(decoder.decode(chunks[1]));
+    var objectMapper = new ObjectMapper()
+        .configure(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES, false);
+    try {
+      Map<String, Object> map = objectMapper.readValue(payload, Map.class);
+      Integer tenantIdFromCookie = (Integer) map.get("tenantId");
+      return tenantIdFromCookie != null;
+    } catch (JsonProcessingException e) {
+      return false;
+    }
+
   }
 }
diff --git a/src/test/java/com/vi/tenantservice/api/facade/TenantServiceFacadeTest.java b/src/test/java/com/vi/tenantservice/api/facade/TenantServiceFacadeTest.java
@@ -200,7 +200,7 @@ void getSingleTenant_Should_shouldThrowIllegalStateException_When_moreTenantsAre
   }
 
   @Test
-  void findTenantBySubdomain_Should_returnTenantDataBasedOnTenantFromAccessToken_When_tenantIdPresentInToken(){
+  void findTenantBySubdomain_Should_returnTenantAwareData_When_RequestIsTenantAware(){
     String subdomain = "app";
     ReflectionTestUtils.setField(tenantServiceFacade,"multitenancyWithSingleDomain",true);
     ReflectionTestUtils.setField(tenantServiceFacade,"tenantConverter",new TenantConverter());
@@ -214,7 +214,7 @@ void findTenantBySubdomain_Should_returnTenantDataBasedOnTenantFromAccessToken_W
     Optional<TenantEntity> accessTokenTenantData = Optional.of(accessTokenTenant);
 
     when(tenantService.findTenantBySubdomain(subdomain)).thenReturn(defaultTenant);
-    when(authorisationService.isAuthorised()).thenReturn(true);
+    when(authorisationService.isRequestTenantAware(null)).thenReturn(true);
     when(authorisationService.findTenantIdInAccessToken()).thenReturn(Optional.of(2L));
     when(tenantService.findTenantById(2L)).thenReturn(accessTokenTenantData);
 
@@ -223,26 +223,4 @@ void findTenantBySubdomain_Should_returnTenantDataBasedOnTenantFromAccessToken_W
 
   }
 
-  @Test
-  void findTenantBySubdomain_Should_returnTenantDataBasedOnTenantFromQueryParam_When_tenantIdQueryParam(){
-    String subdomain = "app";
-    ReflectionTestUtils.setField(tenantServiceFacade,"multitenancyWithSingleDomain",true);
-    ReflectionTestUtils.setField(tenantServiceFacade,"tenantConverter",new TenantConverter());
-
-    TenantEntity defaultTenantEntity = new TenantEntity();
-    defaultTenantEntity.setContentPrivacy("content1");
-    Optional<TenantEntity> defaultTenant = Optional.of(defaultTenantEntity);
-
-    TenantEntity accessTokenTenant = new TenantEntity();
-    accessTokenTenant.setContentPrivacy("content2");
-    Optional<TenantEntity> queryTenantData = Optional.of(accessTokenTenant);
-
-    when(tenantService.findTenantBySubdomain(subdomain)).thenReturn(defaultTenant);
-    when(authorisationService.isAuthorised()).thenReturn(false);
-    when(tenantService.findTenantById(2L)).thenReturn(queryTenantData);
-
-    Optional<RestrictedTenantDTO> tenantDTO = tenantServiceFacade.findTenantBySubdomain(subdomain, 2L);
-    assertThat(tenantDTO.get().getContent().getPrivacy()).contains("content2");
-
-  }
 }