This is an automated email from the ASF dual-hosted git repository. ilgrosso pushed a commit to branch 2_1_X in repository https://gitbox.apache.org/repos/asf/syncope.git
The following commit(s) were added to refs/heads/2_1_X by this push: new 2f23ffe [SYNCOPE-1651] Reviewing delegation validation logic 2f23ffe is described below commit 2f23ffe579156d901d0cfd1079c3254b925a9c8a Author: Francesco Chicchiriccò <ilgro...@apache.org> AuthorDate: Wed Nov 24 11:02:29 2021 +0100 [SYNCOPE-1651] Reviewing delegation validation logic --- .../core/spring/security/AuthDataAccessor.java | 24 ++++++++++++++-------- 1 file changed, 15 insertions(+), 9 deletions(-) diff --git a/core/spring/src/main/java/org/apache/syncope/core/spring/security/AuthDataAccessor.java b/core/spring/src/main/java/org/apache/syncope/core/spring/security/AuthDataAccessor.java index 72d81f8..fa7d0da 100644 --- a/core/spring/src/main/java/org/apache/syncope/core/spring/security/AuthDataAccessor.java +++ b/core/spring/src/main/java/org/apache/syncope/core/spring/security/AuthDataAccessor.java @@ -184,17 +184,23 @@ public class AuthDataAccessor { } protected String getDelegationKey(final SyncopeAuthenticationDetails details, final String delegatedKey) { - return Optional.ofNullable(details.getDelegatedBy()). - map(delegatingKey -> SyncopeConstants.UUID_PATTERN.matcher(delegatingKey).matches() - ? delegatingKey - : userDAO.findKey(delegatingKey)).map(delegatingKey -> { + if (details.getDelegatedBy() == null) { + return null; + } + + String delegatingKey = SyncopeConstants.UUID_PATTERN.matcher(details.getDelegatedBy()).matches() + ? details.getDelegatedBy() + : userDAO.findKey(details.getDelegatedBy()); + if (delegatingKey == null) { + throw new SessionAuthenticationException( + "Delegating user " + details.getDelegatedBy() + " cannot be found"); + } - LOG.debug("Delegation request: delegating:{}, delegated:{}", delegatingKey, delegatedKey); + LOG.debug("Delegation request: delegating:{}, delegated:{}", delegatingKey, delegatedKey); - return delegationDAO.findValidFor(delegatingKey, delegatedKey). - orElseThrow(() -> new SessionAuthenticationException( - "Delegation by " + delegatingKey + " was requested but none found")); - }).orElse(null); + return delegationDAO.findValidFor(delegatingKey, delegatedKey). + orElseThrow(() -> new SessionAuthenticationException( + "Delegation by " + delegatingKey + " was requested but none found")); } /**