Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix re-enabling OAuth2 security on APIs configured with only mutual SSL #12742

Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open

Fix re-enabling OAuth2 security on APIs configured with only mutual SSL #12742

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
c71558c
Fix re-enabling OAuth2 security on APIs configured with only mutual SSL
nimsara66 Jan 9, 2025
3c4ea22
Add JavaDoc comments for methods
nimsara66 Feb 5, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
69 changes: 66 additions & 3 deletions ...va/org/wso2/carbon/apimgt/rest/api/publisher/v1/common/mappings/PublisherCommonUtils.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -150,6 +150,9 @@
import java.util.regex.Matcher;
import java.util.regex.Pattern;

import static org.wso2.carbon.apimgt.api.model.policy.PolicyConstants.AI_API_QUOTA_TYPE;
import static org.wso2.carbon.apimgt.api.model.policy.PolicyConstants.EVENT_COUNT_TYPE;

import static org.wso2.carbon.apimgt.impl.APIConstants.GOVERNANCE_COMPLIANCE_ERROR_MESSAGE;
import static org.wso2.carbon.apimgt.impl.APIConstants.GOVERNANCE_COMPLIANCE_KEY;
import static org.wso2.carbon.apimgt.impl.APIConstants.PUBLISH;
Expand Down Expand Up @@ -347,6 +350,7 @@
|| APIConstants.APITransportType.WEBSUB.toString().equals(originalAPI.getType())
|| APIConstants.APITransportType.SSE.toString().equals(originalAPI.getType())
|| APIConstants.APITransportType.ASYNC.toString().equals(originalAPI.getType()));
boolean isAIAPI = APIConstants.API_SUBTYPE_AI_API.equals(originalAPI.getSubtype());

Check warning on line 353 in components/apimgt/org.wso2.carbon.apimgt.rest.api.publisher.v1.common/src/main/java/org/wso2/carbon/apimgt/rest/api/publisher/v1/common/mappings/PublisherCommonUtils.java

View check run for this annotation

Codecov / codecov/patch

components/apimgt/org.wso2.carbon.apimgt.rest.api.publisher.v1.common/src/main/java/org/wso2/carbon/apimgt/rest/api/publisher/v1/common/mappings/PublisherCommonUtils.java#L353 

Added line #L353 was not covered by tests

Scope[] apiDtoClassAnnotatedScopes = APIDTO.class.getAnnotationsByType(Scope.class);
boolean hasClassLevelScope = checkClassScopeAnnotation(apiDtoClassAnnotatedScopes, tokenScopes);
Expand Down Expand Up @@ -508,9 +512,20 @@
if (!APIUtil.isSubscriptionValidationDisablingAllowed(tenantDomain)) {
if (apiSecurity != null && (apiSecurity.contains(APIConstants.DEFAULT_API_SECURITY_OAUTH2) || apiSecurity
.contains(APIConstants.API_SECURITY_API_KEY)) && condition) {
throw new APIManagementException(
"A tier should be defined if the API is not in CREATED or PROTOTYPED state",
ExceptionCodes.TIER_CANNOT_BE_NULL);
Set<Tier> availableThrottlingPolicyList = apiProvider.getTiers();
tiersFromDTO = availableThrottlingPolicyList.stream()
.filter(tier -> isApplicableTier(tier, isAsyncAPI, isAIAPI))
.map(Tier::getName)
.findFirst()
.map(Collections::singletonList)
.orElse(Collections.emptyList());
apiDtoToUpdate.setPolicies(tiersFromDTO);

Check warning on line 522 in components/apimgt/org.wso2.carbon.apimgt.rest.api.publisher.v1.common/src/main/java/org/wso2/carbon/apimgt/rest/api/publisher/v1/common/mappings/PublisherCommonUtils.java

View check run for this annotation

Codecov / codecov/patch

components/apimgt/org.wso2.carbon.apimgt.rest.api.publisher.v1.common/src/main/java/org/wso2/carbon/apimgt/rest/api/publisher/v1/common/mappings/PublisherCommonUtils.java#L515-L522 

Added lines #L515 - L522 were not covered by tests

if (tiersFromDTO.isEmpty()) {
throw new APIManagementException(

Check warning on line 525 in components/apimgt/org.wso2.carbon.apimgt.rest.api.publisher.v1.common/src/main/java/org/wso2/carbon/apimgt/rest/api/publisher/v1/common/mappings/PublisherCommonUtils.java

View check run for this annotation

Codecov / codecov/patch

components/apimgt/org.wso2.carbon.apimgt.rest.api.publisher.v1.common/src/main/java/org/wso2/carbon/apimgt/rest/api/publisher/v1/common/mappings/PublisherCommonUtils.java#L525 

Added line #L525 was not covered by tests
"A tier should be defined if the API is not in CREATED or PROTOTYPED state",
ExceptionCodes.TIER_CANNOT_BE_NULL);
}
}
} else {
if (apiSecurity != null) {
Expand Down Expand Up @@ -704,6 +719,54 @@
return apiToUpdate;
}

private static boolean isApplicableTier(Tier tier, boolean isAsyncAPI, boolean isAIAPI) {
if (isAsyncAPI) {
return isAsyncAPITier(tier);

Check warning on line 724 in components/apimgt/org.wso2.carbon.apimgt.rest.api.publisher.v1.common/src/main/java/org/wso2/carbon/apimgt/rest/api/publisher/v1/common/mappings/PublisherCommonUtils.java

View check run for this annotation

Codecov / codecov/patch

components/apimgt/org.wso2.carbon.apimgt.rest.api.publisher.v1.common/src/main/java/org/wso2/carbon/apimgt/rest/api/publisher/v1/common/mappings/PublisherCommonUtils.java#L724 

Added line #L724 was not covered by tests
}

if (isAIAPI) {
return isAIAPITier(tier);

Check warning on line 728 in components/apimgt/org.wso2.carbon.apimgt.rest.api.publisher.v1.common/src/main/java/org/wso2/carbon/apimgt/rest/api/publisher/v1/common/mappings/PublisherCommonUtils.java

View check run for this annotation

Codecov / codecov/patch

components/apimgt/org.wso2.carbon.apimgt.rest.api.publisher.v1.common/src/main/java/org/wso2/carbon/apimgt/rest/api/publisher/v1/common/mappings/PublisherCommonUtils.java#L728 

Added line #L728 was not covered by tests
}

return isRegularAPITier(tier);

Check warning on line 731 in components/apimgt/org.wso2.carbon.apimgt.rest.api.publisher.v1.common/src/main/java/org/wso2/carbon/apimgt/rest/api/publisher/v1/common/mappings/PublisherCommonUtils.java

View check run for this annotation

Codecov / codecov/patch

components/apimgt/org.wso2.carbon.apimgt.rest.api.publisher.v1.common/src/main/java/org/wso2/carbon/apimgt/rest/api/publisher/v1/common/mappings/PublisherCommonUtils.java#L731 

Added line #L731 was not covered by tests
}

/**
* Checks if the given tier is an Async API tier.
*
* @param tier The tier to evaluate.
* @return {@code true} if the tier is of type EVENT_COUNT_TYPE, otherwise {@code false}.
*/
private static boolean isAsyncAPITier(Tier tier) {
return EVENT_COUNT_TYPE.equals(tier.getQuotaPolicyType());

Check warning on line 741 in components/apimgt/org.wso2.carbon.apimgt.rest.api.publisher.v1.common/src/main/java/org/wso2/carbon/apimgt/rest/api/publisher/v1/common/mappings/PublisherCommonUtils.java

View check run for this annotation

Codecov / codecov/patch

components/apimgt/org.wso2.carbon.apimgt.rest.api.publisher.v1.common/src/main/java/org/wso2/carbon/apimgt/rest/api/publisher/v1/common/mappings/PublisherCommonUtils.java#L741 

Added line #L741 was not covered by tests
}

/**
* Checks if the given tier is an AI API tier.
*
* @param tier The tier to evaluate.
* @return {@code true} if the tier is of type AI_API_QUOTA_TYPE,
* contains the default subscription-less policy name,
* or has a null quota policy type. Otherwise, returns {@code false}.
*/
private static boolean isAIAPITier(Tier tier) {
return AI_API_QUOTA_TYPE.equals(tier.getQuotaPolicyType()) ||
tier.getName().contains(APIConstants.DEFAULT_SUB_POLICY_SUBSCRIPTIONLESS) ||
tier.getQuotaPolicyType() == null;
}

/**
* Checks if the given tier is a regular API tier.
*
* @param tier The tier to evaluate.
* @return {@code true} if the tier is neither an AI API tier nor an Async API tier,
* otherwise {@code false}.
*/
private static boolean isRegularAPITier(Tier tier) {
return !AI_API_QUOTA_TYPE.equals(tier.getQuotaPolicyType()) &&
!EVENT_COUNT_TYPE.equals(tier.getQuotaPolicyType());
}

/**
* This method will encrypt the Api Key
*
Expand Down
Loading