Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Alias Handler for SCIM Users #2769
Alias Handler for SCIM Users #2769
Changes from 24 commits
b60ec98
3b14d18
2b3ba5e
36d441e
75bbacb
aa22118
4009ed3
800433e
ced3026
688a513
bd6a79a
1a3668d
28e206a
091fbf2
79cd7c7
ef5f4dc
37eedad
ff6079a
b4fb274
463202f
9ed1580
96af351
968a88e
e78e1fd
5699f43
0cf1ba7
97d13b3
4321693
31ebf13
823fc2f
f451e8e
File filter
Filter by extension
Conversations
Jump to
There are no files selected for viewing
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This should be setPasswordLastModifiedTime to align to the naming of the two following Time setters.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The setters are already named consistently to the underlying fields in the class as well as its JSON representation (
passwordLastModified
does not end with "time",lastLogonTime
andpreviousLogonTime
do), see for example here:uaa/model/src/main/java/org/cloudfoundry/identity/uaa/scim/impl/ScimUserJsonDeserializer.java
Line 92 in 091fbf2
I would therefore suggest to leave them as they are. What do you think?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Seems the naming inconsistency is more widespread, maybe this would be a good clean up following this PR.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Seems the naming inconsistency is more widespread, maybe this would be a good clean up following this PR.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why are these setting the Time to the existingAliasEntity instead of "now" or even null for the 2 logon times - a new Alias should have it's own timestamps. Setting them to the existingAlias seems it would be confusing when it was actually Modified or logged into.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This method is used for managing the fields that should differ between the "original" user and its alias, i.e., the properties of an alias that should be independent from the original user.
During updates, we build a copy of the original user and leave these three timestamps empty. After that, we call this method to overwrite the timestamps with the values from the version of the alias prior to the update.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Which one is it,
which I agree with
But this seems contrary to keeping them independent:
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sorry for the confusion in my explanation, I'll try again:
Let's say there is a user
U
in the "uaa" zone, which has an alias userA
in the zone "custom". Whenever we perform an update onU
, we persist the changes, which leads to a newer versionU'
with the changed properties.Then, to propagate the changes also to the alias, we build a new clone of
U'
, i.e.,A'
. This is done here:uaa/server/src/main/java/org/cloudfoundry/identity/uaa/scim/ScimUserAliasHandler.java
Line 87 in f451e8e
However, as you correctly addressed,
A'
would now have the same timestamp values (last logon, password last modified and previous logon) asU'
, which is incorrect. Therefore, before persistingA'
, we look up the version ofA'
before the update, i.e.,A
, and overwrite the timestamp values ofA'
with the timestamp values ofA
.This is done in the method of this GitHub conversation. The parameter
newAliasEntity
corresponds toA'
, whileexistingAliasEntity
corresponds toA
(and not toU
orU'
, as you might have thought when asking the question).