Alias handling

cloudfoundry · May 14, 2024 · a89ce12 · a89ce12
1 parent be8892e
commit a89ce12
Show file tree

Hide file tree

Showing 2 changed files with 19 additions and 10 deletions.
diff --git a/server/src/main/java/org/cloudfoundry/identity/uaa/provider/IdentityProviderEndpoints.java b/server/src/main/java/org/cloudfoundry/identity/uaa/provider/IdentityProviderEndpoints.java
@@ -257,6 +257,11 @@ public ResponseEntity<IdentityProvider> updateIdentityProvider(@PathVariable Str
             body.setConfig(definition);
         }
 
+        return persistIdentityProviderChange(body, rawConfig, zoneId, existing);
+    }
+
+    private ResponseEntity<IdentityProvider> persistIdentityProviderChange(IdentityProvider body, boolean rawConfig, String zoneId,
+            IdentityProvider existing) {
         final IdentityProvider<?> updatedIdp;
         try {
             updatedIdp = transactionTemplate.execute(txStatus -> {
@@ -321,13 +326,11 @@ public ResponseEntity<IdentityProvider> deleteSecret(@PathVariable String id) {
         String zoneId = identityZoneManager.getCurrentIdentityZoneId();
         IdentityProvider existing = identityProviderProvisioning.retrieve(id, zoneId);
         if((OIDC10.equals(existing.getType()) || OAUTH20.equals(existing.getType()))
-            && existing.getConfig() instanceof AbstractExternalOAuthIdentityProviderDefinition<?> idpConfiguration) {
-            idpConfiguration.setRelyingPartySecret(null);
-            identityProviderProvisioning.update(existing, zoneId);
-            setAuthMethod(existing);
-            redactSensitiveData(existing);
-            logger.info("Secret deleted for Identity Provider: {}", existing.getId());
-            return new ResponseEntity<>(existing, OK);
+            && existing.getConfig() instanceof AbstractExternalOAuthIdentityProviderDefinition<?>) {
+            IdentityProvider updated = existing;
+            ((AbstractExternalOAuthIdentityProviderDefinition) updated.getConfig()).setRelyingPartySecret(null);
+            logger.info("Delete secret for Identity Provider: {}", existing.getId());
+            return persistIdentityProviderChange(updated, false, zoneId, existing);
         } else {
             logger.debug("Invalid operation. This operation is only supported on external IDP of type OAuth/OIDC");
             return new ResponseEntity<>(UNPROCESSABLE_ENTITY);
@@ -343,8 +346,11 @@ public ResponseEntity<IdentityProvider> changeSecret(@PathVariable String id, @R
             return new ResponseEntity<>(UNPROCESSABLE_ENTITY);
         }
         if((OIDC10.equals(existing.getType()) || OAUTH20.equals(existing.getType()))
-            && existing.getConfig() instanceof AbstractExternalOAuthIdentityProviderDefinition<?> idpConfiguration) {
-            idpConfiguration.setRelyingPartySecret(secretChange.getSecret());
+            && existing.getConfig() instanceof AbstractExternalOAuthIdentityProviderDefinition<?>) {
+            IdentityProvider updated = existing;
+            ((AbstractExternalOAuthIdentityProviderDefinition) updated.getConfig()).setRelyingPartySecret(secretChange.getSecret());
+            logger.info("Change secret for Identity Provider: {}", existing.getId());
+            return persistIdentityProviderChange(updated, false, zoneId, existing);
         } else if(LDAP.equals(existing.getType()) && existing.getConfig() instanceof LdapIdentityProviderDefinition ldapIdentityProviderDefinition) {
             ldapIdentityProviderDefinition.setBindPassword(secretChange.getSecret());
         } else {

diff --git a/...r/src/test/java/org/cloudfoundry/identity/uaa/provider/IdentityProviderEndpointsTest.java b/...r/src/test/java/org/cloudfoundry/identity/uaa/provider/IdentityProviderEndpointsTest.java
@@ -325,7 +325,9 @@ void retrieve_by_origin_providers_redacts_data() {
 
     @Test
     void delete_secret_and_retrieve_by_origin_providers_redacts_data() {
-        when(mockIdentityProviderProvisioning.retrieve("puppyId", "uaa")).thenReturn(getExternalOAuthProvider());
+        IdentityProvider idp = getExternalOAuthProvider();
+        when(mockIdpAliasHandler.ensureConsistencyOfAliasEntity(null, idp)).thenReturn(idp);
+        when(mockIdentityProviderProvisioning.retrieve("puppyId", "uaa")).thenReturn(idp);
         ResponseEntity<IdentityProvider> oidcBody = identityProviderEndpoints.deleteSecret("puppyId");
         IdentityProvider<?> oidc = oidcBody.getBody();
         assertNotNull(oidc);
@@ -361,6 +363,7 @@ void change_bindPassword_and_retrieve_by_origin_providers_redacts_data() {
     @Test
     void change_secret_and_retrieve_by_origin_providers_redacts_data() {
         IdentityProvider idp = getExternalOAuthProvider();
+        when(mockIdpAliasHandler.ensureConsistencyOfAliasEntity(null, idp)).thenReturn(idp);
         when(mockIdentityProviderProvisioning.retrieve("puppyId", "uaa")).thenReturn(idp);
         IdentityProviderSecretChange identityProviderSecretChange = new IdentityProviderSecretChange();
         identityProviderSecretChange.setSecret("newSecret");