Add optional user store domain query param to user APIs
Purpose
To fix unauthorized access API errors. product-iots#1294
Update (01/08/2022) - Added fixes for unauthorized errors in user table when loading user roles for email usernames.
Goals
To be able to add secondary user stores and invoke user/role APIs without any errors.
Approach
Added a query param with domain to specify the user store domain.
Update (01/08/2022) - Removed {username}
path parameter and instead added the username as a query parameter when invoking User Management APIs with email usernames.
Documentation
- Example API url to fetch user roles with the specified user store domain :
api/device-mgt/v1.0/users/navod/roles?domain=IS
- User Management APIs with {username} path parameter was removed and the username is added as a query parameter as the examples shown below:
api/device-mgt/v1.0/users/{username}/roles
-->api/device-mgt/v1.0/users/roles?username=admin
api/device-mgt/v1.0/users/{username}
-->api/device-mgt/v1.0/users?username=admin
api/device-mgt/v1.0/users/claims/{username}
-->api/device-mgt/v1.0/users/claims?username=admin
Automation tests
- Unit tests
UserManagementServiceImplTest
- Integration tests
N/A
Security checks
- Followed secure coding standards? yes
- Ran FindSecurityBugs plugin and verified report? no
- Confirmed that this PR doesn't commit any keys, passwords, tokens, usernames, or other secrets? yes
Related MRs
!884 (merged), https://gitlab.com/entgra/emm-proprietary-plugins/-/merge_requests/820, https://gitlab.com/entgra/emm-proprietary-plugins/-/merge_requests/828
Test environment
Ubuntu 20.04.3, Entgra UEM 5.0.0
Learning
N/A