Add optional user store domain query param to user APIs (!892) · Merge requests · entgra / carbon-device-mgt

Navod Zoysa requested to merge navodzoysa/carbon-device-mgt:ldap-fixes into master May 09, 2022

Purpose

To fix unauthorized access API errors. product-iots#1294

Update (01/08/2022) - Added fixes for unauthorized errors in user table when loading user roles for email usernames.

Goals

To be able to add secondary user stores and invoke user/role APIs without any errors.

Approach

Added a query param with domain to specify the user store domain.

Update (01/08/2022) - Removed {username} path parameter and instead added the username as a query parameter when invoking User Management APIs with email usernames.

Documentation

Example API url to fetch user roles with the specified user store domain :

api/device-mgt/v1.0/users/navod/roles?domain=IS

User Management APIs with {username} path parameter was removed and the username is added as a query parameter as the examples shown below:

api/device-mgt/v1.0/users/{username}/roles --> api/device-mgt/v1.0/users/roles?username=admin

api/device-mgt/v1.0/users/{username} --> api/device-mgt/v1.0/users?username=admin

api/device-mgt/v1.0/users/claims/{username} --> api/device-mgt/v1.0/users/claims?username=admin

Automation tests

Unit tests

UserManagementServiceImplTest
Integration tests

N/A

Security checks

Followed secure coding standards? yes
Ran FindSecurityBugs plugin and verified report? no
Confirmed that this PR doesn't commit any keys, passwords, tokens, usernames, or other secrets? yes

Test environment

Ubuntu 20.04.3, Entgra UEM 5.0.0

Learning

N/A

Edited Aug 01, 2022 by Navod Zoysa

Admin message

Add optional user store domain query param to user APIs