Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(auth_methods): Add checks for duplicate auth_method in create API #5161

Merged
merged 6 commits into from
Jul 2, 2024
Merged

fix(auth_methods): Add checks for duplicate auth_method in create API #5161

merged 6 commits into from
Jul 2, 2024

Conversation

ThisIsMani
Copy link
Contributor

Type of Change

  • Bugfix
  • New feature
  • Enhancement
  • Refactoring
  • Dependency updates
  • Documentation
  • CI/CD

Description

Currently create will accept and insert auth methods with same type and name, which shouldn't be possible. This PR fixes that.

Additional Changes

  • This PR modifies the API contract
  • This PR modifies the database schema
  • This PR modifies application configuration/environment variables

Motivation and Context

Closes #5160.

How did you test it?

curl --location 'http://localhost:8080/user/auth' \
--header 'Content-Type: application/json' \
--header 'api-key: test_admin' \
--data '{
    "owner_id": "org_qaamgpukifSyBG0AxtYA2x",
    "owner_type": "organization",
    "auth_method": {
        "auth_type": "open_id_connect",
        "private_config": {
            "base_url": "https://dev-28418517.okta.com",
            "client_id": "0oahmmwdmuFvv2pFo5d7",
            "client_secret": "-VIrZZeN_A0SdSpFykAUZ0iMJNpSYQyILcfUmYlmZaLaFK7uRayrEuSvhs-Um5IR"
        },
        "public_config": {
            "name": "okta"
        }
    },
    "allow_signup": false
}'

If this API is hit with same auth_type and name in public_config, then the API will throw the following error.

{
    "error": {
        "type": "invalid_request",
        "message": "User auth method already exists",
        "code": "UR_43"
    }
}

Checklist

  • I formatted the code cargo +nightly fmt --all
  • I addressed lints thrown by cargo clippy
  • I reviewed the submitted code
  • I added unit tests for my changes where possible

@ThisIsMani ThisIsMani added C-bug Category: Bug S-waiting-on-review Status: This PR has been implemented and needs to be reviewed A-users Area: Users labels Jun 28, 2024
@ThisIsMani ThisIsMani self-assigned this Jun 28, 2024
@ThisIsMani ThisIsMani requested a review from a team as a code owner June 28, 2024 11:56
apoorvdixit88
apoorvdixit88 previously approved these changes Jun 28, 2024
View reviewed changes
Copy link
Contributor

@apoorvdixit88 apoorvdixit88 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

racnan
racnan reviewed Jul 1, 2024
View reviewed changes
crates/router/src/utils/user.rs
pub async fn construct_public_and_private_db_configs(
auth_config: &user_api::AuthConfig,
encryption_key: &[u8],
) -> UserResult<(Option<Encryption>, Option<serde_json::Value>)> {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

why (Option<T1>,Option<T2>) why not Option<(T1,T2)> if public and private config are coupled ?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In DB, both are optional, so a case where when one is optional and other is not comes then, we will have to change this everywhere.

crates/router/src/utils/user.rs Outdated
public_config,
} => {
let private_config_value = serde_json::to_value(private_config.clone())
.change_context(UserErrors::AuthConfigParsingError)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

why is this 400 ? isnt invalid value caught at api level ?
or someone can pass api model validation (serde) but still provide invalid json ?

crates/router/src/utils/user.rs Outdated
),
))
}
_ => Ok((None, None)),
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lets match each value here, so that new enum breaks the code at compile time

racnan
racnan reviewed Jul 1, 2024
View reviewed changes
crates/router/src/utils/user.rs Outdated
Comment on lines 254 to 264
pub fn parse_oidc_public_config(
public_config: Option<serde_json::Value>,
) -> UserResult<Option<user_api::OpenIdConnectPublicConfig>> {
public_config
.map(|config| {
serde_json::from_value::<user_api::OpenIdConnectPublicConfig>(config)
.change_context(UserErrors::InternalServerError)
.attach_printable("Unable to parse OpenIdConnectPublicConfig")
})
.transpose()
}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this can be generic instead exclusively for OpenIdConnectPublicConfig.

@Gnanasundari24 Gnanasundari24 added this pull request to the merge queue Jul 2, 2024
Merged via the queue into main with commit 045e974 Jul 2, 2024
11 checks passed
@Gnanasundari24 Gnanasundari24 deleted the sso-improvements branch July 2, 2024 08:06
pixincreate added a commit that referenced this pull request Jul 2, 2024
@pixincreate
Merge branch 'main' of github.com:juspay/hyperswitch into refactor-er…
ca94f76 
…ror-handling-in-cypress

* 'main' of github.com:juspay/hyperswitch:
  fix(auth_methods): Add checks for duplicate `auth_method` in create API (#5161)
  chore(version): 2024.07.02.0
  fix(router): rename the browser name header to `x-browser-name` (#5162)
  fix(router): mark retry payment as failure if `connector_tokenization` fails (#5114)
  fix(connector): [Paypal] dispute webhook deserialization failure (#5111)
  feat(analytics): Add v2 payment analytics (payment-intents analytics) (#5150)
  feat(globalsearch): Implement tag-based filters in global search (#5151)
  refactor(connector): Add amount conversion framework to iatapay along with amount conversion code to connector template (#4866)
  feat(payment_link): add multiple custom css support in business level  (#5137)
  feat(connector): [Bambora Apac] Template for integration (#5062)
  feat(tls): add support for https in actix web (#5089)
  chore(ci): fix ci tests failing by removing them (#5167)
  chore(version): 2024.07.01.0
  chore(postman): update Postman collection files
  ci(postman): log request id for user tests (#5159)
  chore(euclid_wasm): make field domain optional wasm (#5154)
@SanchithHegde SanchithHegde removed the S-waiting-on-review Status: This PR has been implemented and needs to be reviewed label Jul 7, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@apoorvdixit88 apoorvdixit88 apoorvdixit88 approved these changes

@racnan racnan racnan approved these changes

Assignees

@ThisIsMani ThisIsMani

Labels
A-users Area: Users C-bug Category: Bug
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

bug(auth_methods): Create auth methods is allowing auth methods with same type to be inserted multiple times
5 participants
@ThisIsMani @apoorvdixit88 @racnan @SanchithHegde @Gnanasundari24