diff --git a/it/server/src/test/java/com/walmartlabs/concord/it/server/ApiKeyIT.java b/it/server/src/test/java/com/walmartlabs/concord/it/server/ApiKeyIT.java index 2a7a1c1d80..b32a23183e 100644 --- a/it/server/src/test/java/com/walmartlabs/concord/it/server/ApiKeyIT.java +++ b/it/server/src/test/java/com/walmartlabs/concord/it/server/ApiKeyIT.java @@ -23,8 +23,9 @@ import com.walmartlabs.concord.client2.*; import org.junit.jupiter.api.Test; -import static org.junit.jupiter.api.Assertions.assertTrue; -import static org.junit.jupiter.api.Assertions.fail; +import java.util.List; + +import static org.junit.jupiter.api.Assertions.*; public class ApiKeyIT extends AbstractServerIT { @@ -62,4 +63,38 @@ public void testOwner() throws Exception { cakr = apiKeyResource.createUserApiKey(new CreateApiKeyRequest().username(userAName)); assertTrue(cakr.getOk()); } + + @Test + public void testCreatingKeyWithoutUsername() throws Exception { + String userName = "userA_" + randomString(); + + UsersApi usersApi = new UsersApi(getApiClient()); + CreateUserResponse user = usersApi.createOrUpdateUser(new CreateUserRequest() + .username(userName) + .type(CreateUserRequest.TypeEnum.LOCAL)); + + // the new user has no api keys initially + + ApiKeysApi apiKeyResource = new ApiKeysApi(getApiClient()); + List keys = apiKeyResource.listUserApiKeys(user.getId()); + assertEquals(0, keys.size()); + + // admin creates a new api key for the new user + + CreateApiKeyResponse cakr = apiKeyResource.createUserApiKey(new CreateApiKeyRequest().username(userName)); + assertTrue(cakr.getOk()); + keys = apiKeyResource.listUserApiKeys(user.getId()); + assertEquals(1, keys.size()); + + // the new user creates another api key for themselves + + setApiKey(cakr.getKey()); + cakr = apiKeyResource.createUserApiKey(new CreateApiKeyRequest()); + assertTrue(cakr.getOk()); + + // the new user lists all their api keys (should be 2) + + keys = apiKeyResource.listUserApiKeys(user.getId()); + assertEquals(2, keys.size()); + } } diff --git a/server/impl/src/main/java/com/walmartlabs/concord/server/security/apikey/ApiKeyManager.java b/server/impl/src/main/java/com/walmartlabs/concord/server/security/apikey/ApiKeyManager.java index d082317ff8..e940668605 100644 --- a/server/impl/src/main/java/com/walmartlabs/concord/server/security/apikey/ApiKeyManager.java +++ b/server/impl/src/main/java/com/walmartlabs/concord/server/security/apikey/ApiKeyManager.java @@ -68,7 +68,6 @@ public ApiKeyManager(ApiKeyConfiguration cfg, this.auditLog = requireNonNull(auditLog); } - public CreateApiKeyResponse create(CreateApiKeyRequest req) { String key = assertKeyValue(req); @@ -76,7 +75,11 @@ public CreateApiKeyResponse create(CreateApiKeyRequest req) { if (userId == null) { userId = assertUsername(req.getUsername(), req.getUserDomain(), req.getUserType()); } - + + if (userId == null) { + userId = UserPrincipal.assertCurrent().getId(); + } + assertOwner(userId); String name = trim(req.getName()); diff --git a/server/impl/src/main/java/com/walmartlabs/concord/server/security/github/GithubRealm.java b/server/impl/src/main/java/com/walmartlabs/concord/server/security/github/GithubRealm.java index 9f6babd8f7..a5468b35e5 100644 --- a/server/impl/src/main/java/com/walmartlabs/concord/server/security/github/GithubRealm.java +++ b/server/impl/src/main/java/com/walmartlabs/concord/server/security/github/GithubRealm.java @@ -78,7 +78,7 @@ protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) @WithTimer protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) { UserPrincipal p = principals.oneByType(UserPrincipal.class); - if (!REALM_NAME.equals(p.getRealm())) { + if (p == null || !REALM_NAME.equals(p.getRealm())) { return null; } diff --git a/server/impl/src/main/java/com/walmartlabs/concord/server/security/internal/InternalRealm.java b/server/impl/src/main/java/com/walmartlabs/concord/server/security/internal/InternalRealm.java index 710fd21c91..ebd70a8fef 100644 --- a/server/impl/src/main/java/com/walmartlabs/concord/server/security/internal/InternalRealm.java +++ b/server/impl/src/main/java/com/walmartlabs/concord/server/security/internal/InternalRealm.java @@ -42,7 +42,7 @@ protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) @Override protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) { UserPrincipal p = principals.oneByType(UserPrincipal.class); - if (!REALM_NAME.equals(p.getRealm())) { + if (p == null || !REALM_NAME.equals(p.getRealm())) { return null; } diff --git a/server/plugins/oidc/src/main/java/com/walmartlabs/concord/server/plugins/oidc/OidcRealm.java b/server/plugins/oidc/src/main/java/com/walmartlabs/concord/server/plugins/oidc/OidcRealm.java index 788e10af21..c0dd515857 100644 --- a/server/plugins/oidc/src/main/java/com/walmartlabs/concord/server/plugins/oidc/OidcRealm.java +++ b/server/plugins/oidc/src/main/java/com/walmartlabs/concord/server/plugins/oidc/OidcRealm.java @@ -123,7 +123,7 @@ protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) @Override protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) { UserPrincipal p = principals.oneByType(UserPrincipal.class); - if (!REALM_NAME.equals(p.getRealm())) { + if (p == null || !REALM_NAME.equals(p.getRealm())) { return null; } diff --git a/server/plugins/pfed-sso/src/main/java/com/walmartlabs/concord/server/plugins/pfedsso/SsoRealm.java b/server/plugins/pfed-sso/src/main/java/com/walmartlabs/concord/server/plugins/pfedsso/SsoRealm.java index 8f33fc2f8b..3cce474faa 100644 --- a/server/plugins/pfed-sso/src/main/java/com/walmartlabs/concord/server/plugins/pfedsso/SsoRealm.java +++ b/server/plugins/pfed-sso/src/main/java/com/walmartlabs/concord/server/plugins/pfedsso/SsoRealm.java @@ -99,7 +99,7 @@ protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) @Override protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) { UserPrincipal p = principals.oneByType(UserPrincipal.class); - if (!REALM_NAME.equals(p.getRealm())) { + if (p == null || !REALM_NAME.equals(p.getRealm())) { return null; }