concord-server: fix API key creation for the current user (#1222)

Author: ibodrov

it/server/src/test/java/com/walmartlabs/concord/it/server/ApiKeyIT.java

@@ -23,8 +23,9 @@
 import com.walmartlabs.concord.client2.*;
 import org.junit.jupiter.api.Test;
 
-import static org.junit.jupiter.api.Assertions.assertTrue;
-import static org.junit.jupiter.api.Assertions.fail;
+import java.util.List;
+
+import static org.junit.jupiter.api.Assertions.*;
 
 public class ApiKeyIT extends AbstractServerIT {
 
@@ -62,4 +63,38 @@ public void testOwner() throws Exception {
         cakr = apiKeyResource.createUserApiKey(new CreateApiKeyRequest().username(userAName));
         assertTrue(cakr.getOk());
     }
+
+    @Test
+    public void testCreatingKeyWithoutUsername() throws Exception {
+        String userName = "userA_" + randomString();
+
+        UsersApi usersApi = new UsersApi(getApiClient());
+        CreateUserResponse user = usersApi.createOrUpdateUser(new CreateUserRequest()
+                .username(userName)
+                .type(CreateUserRequest.TypeEnum.LOCAL));
+
+        // the new user has no api keys initially
+
+        ApiKeysApi apiKeyResource = new ApiKeysApi(getApiClient());
+        List<ApiKeyEntry> keys = apiKeyResource.listUserApiKeys(user.getId());
+        assertEquals(0, keys.size());
+
+        // admin creates a new api key for the new user
+
+        CreateApiKeyResponse cakr = apiKeyResource.createUserApiKey(new CreateApiKeyRequest().username(userName));
+        assertTrue(cakr.getOk());
+        keys = apiKeyResource.listUserApiKeys(user.getId());
+        assertEquals(1, keys.size());
+
+        // the new user creates another api key for themselves
+
+        setApiKey(cakr.getKey());
+        cakr = apiKeyResource.createUserApiKey(new CreateApiKeyRequest());
+        assertTrue(cakr.getOk());
+
+        // the new user lists all their api keys (should be 2)
+
+        keys = apiKeyResource.listUserApiKeys(user.getId());
+        assertEquals(2, keys.size());
+    }
 }

server/impl/src/main/java/com/walmartlabs/concord/server/security/apikey/ApiKeyManager.java

@@ -68,15 +68,18 @@ public ApiKeyManager(ApiKeyConfiguration cfg,
         this.auditLog = requireNonNull(auditLog);
     }
 
-
     public CreateApiKeyResponse create(CreateApiKeyRequest req) {
         String key = assertKeyValue(req);
 
         UUID userId = assertUserId(req.getUserId());
         if (userId == null) {
             userId = assertUsername(req.getUsername(), req.getUserDomain(), req.getUserType());
         }
-        
+
+        if (userId == null) {
+            userId = UserPrincipal.assertCurrent().getId();
+        }
+
         assertOwner(userId);
 
         String name = trim(req.getName());

server/impl/src/main/java/com/walmartlabs/concord/server/security/github/GithubRealm.java

@@ -78,7 +78,7 @@ protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token)
     @WithTimer
     protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
         UserPrincipal p = principals.oneByType(UserPrincipal.class);
-        if (!REALM_NAME.equals(p.getRealm())) {
+        if (p == null || !REALM_NAME.equals(p.getRealm())) {
             return null;
         }
 

server/impl/src/main/java/com/walmartlabs/concord/server/security/internal/InternalRealm.java

@@ -42,7 +42,7 @@ protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token)
     @Override
     protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
         UserPrincipal p = principals.oneByType(UserPrincipal.class);
-        if (!REALM_NAME.equals(p.getRealm())) {
+        if (p == null || !REALM_NAME.equals(p.getRealm())) {
             return null;
         }
 

server/plugins/oidc/src/main/java/com/walmartlabs/concord/server/plugins/oidc/OidcRealm.java

@@ -123,7 +123,7 @@ protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token)
     @Override
     protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
         UserPrincipal p = principals.oneByType(UserPrincipal.class);
-        if (!REALM_NAME.equals(p.getRealm())) {
+        if (p == null || !REALM_NAME.equals(p.getRealm())) {
             return null;
         }
 

server/plugins/pfed-sso/src/main/java/com/walmartlabs/concord/server/plugins/pfedsso/SsoRealm.java

@@ -99,7 +99,7 @@ protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token)
     @Override
     protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
         UserPrincipal p = principals.oneByType(UserPrincipal.class);
-        if (!REALM_NAME.equals(p.getRealm())) {
+        if (p == null || !REALM_NAME.equals(p.getRealm())) {
             return null;
         }