artin/OBP-API
1
0
Fork 0
mirror of https://github.com/OpenBankProject/OBP-API.git synced 2026-02-06 13:26:51 +00:00
Code Issues Packages Projects Releases Wiki Activity

docfix/tweaked the document for email_to_space_mapping

Browse Source
This commit is contained in:
hongwei 2021-06-30 09:35:57 +02:00
parent b222b122ac
commit fe576925a4
5 changed files with 23 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
obp-api/src/main/resources/props/sample.props.template
View File

@ -961,7 +961,9 @@ default_auth_context_update_request_key=CUSTOMER_NUMBER
# Support removing the app type checkbox during consumer registration
#consumer_registration.display_app_type=true
# if set this props, it will grant all the dynamic roles automatically to the users whose emails contain the following domain.
# if set this props, we can automatically grant the Entitlements required to use all the Dynamic Endpoint roles belonging
# to the bank_ids (Spaces) the User has access to via their validated email domain. Entitlements are generated /refreshed
# both following manual locin and Direct Login token generation (POST).
# the default value is empty
#email_to_space_mapping=
# And here we provide an example to show how to prepare the mappings

8
obp-api/src/main/scala/code/api/directlogin.scala
View File

@ -97,7 +97,7 @@ object DirectLogin extends RestHelper with MdcLoggable {
case Req("my" :: "logins" :: "direct" :: Nil,_ , PostRequest) => {
for{
(httpCode: Int, message: String, userId:Long) <- createTokenFuture(getAllParameters)
_ <- Future{grantEntitlementsToUseDynamicEndpointsAtOneBankInDirectLogin(userId)}
_ <- Future{grantEntitlementsToUseDynamicEndpointsInSpacesInDirectLogin(userId)}
} yield {
if (httpCode == 200) {
(JSONFactory.createTokenJSON(message), HttpCode.`201`(CallContext()))
@ -109,16 +109,16 @@ object DirectLogin extends RestHelper with MdcLoggable {
}
def grantEntitlementsToUseDynamicEndpointsAtOneBankInDirectLogin(userId:Long) = {
def grantEntitlementsToUseDynamicEndpointsInSpacesInDirectLogin(userId:Long) = {
try {
if(!emailToSpaceMapping.isEmpty){
val resourceUser = UserX.findByResourceUserId(userId).openOrThrowException(s"$InvalidDirectLoginParameters can not find the resourceUser!")
val authUser = AuthUser.findUserByUsernameLocally(resourceUser.name).openOrThrowException(s"$InvalidDirectLoginParameters can not find the auth user!")
AuthUser.grantEntitlementsToUseDynamicEndpointsAtOneBank(authUser)
AuthUser.grantEntitlementsToUseDynamicEndpointsInSpaces(authUser)
}
} catch {
case e: Throwable => // error handling, found wrong props value as early as possible.
this.logger.error(s"directLogin.grantEntitlementsToUseDynamicEndpointsAtOneBank throw exception, details: $e" );
this.logger.error(s"directLogin.grantEntitlementsToUseDynamicEndpointsInSpaces throw exception, details: $e" );
}
}
/**

2
obp-api/src/main/scala/code/api/util/APIUtil.scala
View File

@ -2843,7 +2843,7 @@ object APIUtil extends MdcLoggable with CustomJsonFormats{
x =>
//TODO due to performance issue, first comment this out,
// val authUser = AuthUser.findUserByUsernameLocally(x._1.head.name).openOrThrowException("")
// tryo{AuthUser.grantEntitlementsToUseDynamicEndpointsAtOneBank(authUser, x._2)}.openOr(logger.error(s"${x._1} authenticatedAccess.grantEntitlementsToUseDynamicEndpointsAtOneBank throw exception! "))
// tryo{AuthUser.grantEntitlementsToUseDynamicEndpointsInSpaces(authUser, x._2)}.openOr(logger.error(s"${x._1} authenticatedAccess.grantEntitlementsToUseDynamicEndpointsInSpaces throw exception! "))
// make sure, if `refreshUserIfRequired` throw exception, do not break the `authenticatedAccess`,
// TODO better move `refreshUserIfRequired` to other place.

22
obp-api/src/main/scala/code/model/dataAccess/AuthUser.scala
View File

@ -930,8 +930,8 @@ def restoreSomeSessions(): Unit = {
S.notice(S.?("logged.in"))
preLoginState()
if(emailToSpaceMapping.nonEmpty){
tryo{AuthUser.grantEntitlementsToUseDynamicEndpointsAtOneBank(user)}
.openOr(logger.error(s"${user} authenticatedAccess.grantEntitlementsToUseDynamicEndpointsAtOneBank throw exception! "))
tryo{AuthUser.grantEntitlementsToUseDynamicEndpointsInSpaces(user)}
.openOr(logger.error(s"${user} authenticatedAccess.grantEntitlementsToUseDynamicEndpointsInSpaces throw exception! "))
}
S.redirectTo(redirect)
})
@ -1113,7 +1113,9 @@ def restoreSomeSessions(): Unit = {
}
/**
* Spaces is the obp BankIds, each bank can create many dynamice endpoints, all of them are belong to one Bank.(Space)
* A Space is an alias for the OBP Bank. Each Bank / Space can contain many Dynamic Endpoints. If a User belongs to a Space,
* the User can use those endpoints but not modify them. If a User creates a Bank (aka Space) the user can create
* and modify Dynamic Endpoints and other objects in that Bank / Space.
*
* @return
*/
@ -1134,24 +1136,24 @@ def restoreSomeSessions(): Unit = {
}
}
def grantEntitlementsToUseDynamicEndpointsAtOneBank(user: AuthUser) = {
val createdByProcess = "grantEntitlementsToUseDynamicEndpointsAtOneBank"
def grantEntitlementsToUseDynamicEndpointsInSpaces(user: AuthUser) = {
val createdByProcess = "grantEntitlementsToUseDynamicEndpointsInSpaces"
val userId = user.user.obj.map(_.userId).getOrElse("")
// user's already auto granted entitlements.
val allGrantedEntitlements = Entitlement.entitlement.vend.getEntitlementsByUserId(userId)
val entitlementsGrantedByThisProcess = Entitlement.entitlement.vend.getEntitlementsByUserId(userId)
.map(_.filter(role => role.createdByProcess == createdByProcess))
.getOrElse(Nil)
def isEntitlementAlreadyBeGranted(role:ApiRole, bankId: String): Boolean =
allGrantedEntitlements.exists(entitlement => entitlement.roleName == role.toString() && entitlement.bankId == bankId)
def alreadyHasEntitlement(role:ApiRole, bankId: String): Boolean =
entitlementsGrantedByThisProcess.exists(entitlement => entitlement.roleName == role.toString() && entitlement.bankId == bankId)
//call mySpaces --> get BankIds --> listOfRolesToUseAllDynamicEndpointsAOneBank (at each bank)--> Grant roles (for each role)
val allCurrentDynamicRoleToBankIdPairs: List[(ApiRole, String)] = for {
BankId(bankId) <- mySpaces(user: AuthUser)
role <- DynamicEndpointHelper.listOfRolesToUseAllDynamicEndpointsAOneBank(Some(bankId))
} yield {
if (!isEntitlementAlreadyBeGranted(role, bankId)) {
if (!alreadyHasEntitlement(role, bankId)) {
Entitlement.entitlement.vend.addEntitlement(bankId, userId, role.toString, createdByProcess)
}
@ -1161,7 +1163,7 @@ def restoreSomeSessions(): Unit = {
// if user's auto granted entitlement invalid, delete it.
// invalid happens when some dynamic endpoints are removed, so the entitlements linked to the deleted dynamic endpoints are invalid.
for {
grantedEntitlement <- allGrantedEntitlements
grantedEntitlement <- entitlementsGrantedByThisProcess
grantedEntitlementRoleName = grantedEntitlement.roleName
grantedEntitlementBankId = grantedEntitlement.bankId
} {

4
release_notes.md
View File

@ -5,7 +5,9 @@
Date Commit Action
29/06/2021 98c5503c Existing Props authUser.skipEmailValidation now defaults to false (i.e. we now force email validation by default)
29/06/2021 0b08199b Added props: email_to_space_mapping, default is empty
We can grant all the dynamic roles automatic when the user login and create the directLogin Token.
We can automatically grant the Entitlements required to use all the Dynamic Endpoint roles belonging to
the bank_ids (Spaces) the User has access to via their validated email domain. Entitlements are
sam generated /refreshed both following manual locin and Direct Login token generation (POST).
14/03/2021 e29001e2 Added props: webui_login_page_instruction_title, default is 'Log on to the Open Bank Project API'.
The clients can customise the login page instraction title.
13/03/2021 3c9880a9 Added props: featured_api_collection_ids, default is Empty.