Merge Release-5.1.0 to master (#1156)

* Release 5.0.1 merging to master (#1137) (#1138)

controller/app/controllers/feed/validator/FeedRequestValidator.java

@@ -1,6 +1,8 @@
 package controllers.feed.validator;
 
 import java.util.Map;
+
+import com.typesafe.config.ConfigFactory;
 import org.apache.commons.lang3.StringUtils;
 import org.sunbird.exception.ProjectCommonException;
 import org.sunbird.exception.ResponseCode;
@@ -12,9 +14,11 @@
 public class FeedRequestValidator extends BaseRequestValidator {
   public static boolean userIdValidation(
       String accessTokenUserId, String managedForUserId, String requestUserId) {
-    if (!StringUtils.equalsIgnoreCase(accessTokenUserId, requestUserId)
-        && !StringUtils.equalsIgnoreCase(managedForUserId, requestUserId)) {
-      ProjectCommonException.throwUnauthorizedErrorException();
+    if(ConfigFactory.load().getBoolean(JsonKey.AUTH_ENABLED)){
+      if (!StringUtils.equalsIgnoreCase(accessTokenUserId, requestUserId)
+              && !StringUtils.equalsIgnoreCase(managedForUserId, requestUserId)) {
+        ProjectCommonException.throwUnauthorizedErrorException();
+      }
     }
     return true;
   }

controller/conf/application.conf

@@ -743,7 +743,7 @@ play.cache {
 }
 
 #optional config
-AuthenticationEnabled = false
+AuthenticationEnabled = true
 
 # Logger
 # ~~~~~

core/platform-common/src/main/java/org/sunbird/validator/BaseRequestValidator.java

@@ -4,6 +4,8 @@
 import java.util.Arrays;
 import java.util.List;
 import java.util.Map;
+
+import com.typesafe.config.ConfigFactory;
 import org.apache.commons.collections.MapUtils;
 import org.apache.commons.lang.StringUtils;
 import org.sunbird.exception.ProjectCommonException;
@@ -183,17 +185,17 @@ public void validateListParam(Map<String, Object> requestMap, String... fields)
    * @param userIdKey Attribute name for user ID in API request
    */
   public static void validateUserId(Request request, String userIdKey) {
-    if (!(request
-        .getRequest()
-        .get(userIdKey)
-        .equals(request.getContext().get(JsonKey.REQUESTED_BY)))) {
-      throw new ProjectCommonException(
-          ResponseCode.invalidParameterValue,
-          ResponseCode.invalidParameterValue.getErrorMessage(),
-          ResponseCode.CLIENT_ERROR.getResponseCode(),
-          (String) request.getRequest().get(JsonKey.USER_ID),
-          JsonKey.USER_ID);
-    }
+      if (ConfigFactory.load().getBoolean(JsonKey.AUTH_ENABLED) && !(request
+              .getRequest()
+              .get(userIdKey)
+              .equals(request.getContext().get(JsonKey.REQUESTED_BY)))) {
+        throw new ProjectCommonException(
+                ResponseCode.invalidParameterValue,
+                ResponseCode.invalidParameterValue.getErrorMessage(),
+                ResponseCode.CLIENT_ERROR.getResponseCode(),
+                (String) request.getRequest().get(JsonKey.USER_ID),
+                JsonKey.USER_ID);
+      }
   }
 
   public void validateSearchRequest(Request request) {

core/platform-common/src/main/resources/application.conf

@@ -0,0 +1,2 @@
+# This is the configuration file for the service folder.
+AuthenticationEnabled=true

core/platform-common/src/main/resources/externalresource.properties

@@ -36,7 +36,7 @@ sunbird_otp_allowed_attempt=2
 #Telemetry producer related info
 telemetry_pdata_id=local.sunbird.learning.service
 telemetry_pdata_pid=learning-service
-telemetry_pdata_ver=5.0.1
+telemetry_pdata_ver=5.1.0
 #elastic search top n result count for telemetry
 searchTopN=5
 ekstep.channel.update.api.url=/channel/v3/update

core/platform-common/src/test/java/org/sunbird/validator/BaseRequestValidatorTest.java

@@ -1,6 +1,7 @@
 package org.sunbird.validator;
 
 import static org.junit.Assert.assertEquals;
+import static org.sunbird.validator.BaseRequestValidator.validateUserId;
 
 import java.text.MessageFormat;
 import java.util.*;
@@ -160,4 +161,13 @@ public void testValidateSearchRequestFailureWithInvalidFiltersNullValueInString(
           e.getMessage());
     }
   }
+
+  @Test(expected = ProjectCommonException.class)
+  public void testValidateUserIdFailure() {
+    Request request = new Request();
+    Map<String, Object> reqmap = new HashMap<>();
+    reqmap.put(JsonKey.USER_ID, "userId");
+    request.setRequest(reqmap);
+    validateUserId(request, JsonKey.USER_ID);
+  }
 }

service/src/main/java/org/sunbird/actor/notes/NotesManagementActor.java

@@ -5,6 +5,8 @@
 import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
+
+import com.typesafe.config.ConfigFactory;
 import org.apache.commons.lang3.StringUtils;
 import org.sunbird.actor.core.BaseActor;
 import org.sunbird.exception.ProjectCommonException;
@@ -83,9 +85,7 @@ private void updateNote(Request actorMessage) {
     List<Map<String, Object>> correlatedObject = new ArrayList<>();
     String noteId = (String) actorMessage.getContext().get(JsonKey.NOTE_ID);
     String userId = (String) actorMessage.getContext().get(JsonKey.REQUESTED_BY);
-    if (!notesService.validateUserForNoteUpdate(userId, noteId, context)) {
-      ProjectCommonException.throwUnauthorizedErrorException();
-    }
+    checkAuthEnabled(context, noteId, userId);
     Map<String, Object> list = notesService.getNoteById(noteId, context);
     if (list.isEmpty()) {
       ProjectCommonException.throwClientErrorException(
@@ -108,12 +108,7 @@ private void getNote(Request actorMessage) {
     logger.debug(context, "Get Note method call start");
     String noteId = (String) actorMessage.getContext().get(JsonKey.NOTE_ID);
     String userId = (String) actorMessage.getContext().get(JsonKey.REQUESTED_BY);
-    if (!notesService.validateUserForNoteUpdate(userId, noteId, context)) {
-      throw new ProjectCommonException(
-          ResponseCode.invalidParameterValue,
-          ResponseCode.invalidParameterValue.getErrorMessage(),
-          ResponseCode.RESOURCE_NOT_FOUND.getResponseCode());
-    }
+    checkAuthEnabled(context, noteId, userId);
     Map<String, Object> request = new HashMap<>();
     Map<String, Object> filters = new HashMap<>();
     filters.put(JsonKey.ID, noteId);
@@ -129,6 +124,16 @@ private void getNote(Request actorMessage) {
     sender().tell(response, self());
   }
 
+  private void checkAuthEnabled(RequestContext context, String noteId, String userId) {
+      if (ConfigFactory.load().getBoolean(JsonKey.AUTH_ENABLED) &&
+              !notesService.validateUserForNoteUpdate(userId, noteId, context)) {
+        throw new ProjectCommonException(
+                ResponseCode.invalidParameterValue,
+                ResponseCode.invalidParameterValue.getErrorMessage(),
+                ResponseCode.RESOURCE_NOT_FOUND.getResponseCode());
+      }
+  }
+
   private void searchNote(Request actorMessage) {
     RequestContext context = actorMessage.getRequestContext();
     logger.debug(context, "Search Note method call start");
@@ -148,9 +153,7 @@ private void deleteNote(Request actorMessage) {
     List<Map<String, Object>> correlatedObject = new ArrayList<>();
     String noteId = (String) actorMessage.getContext().get(JsonKey.NOTE_ID);
     String userId = (String) actorMessage.getContext().get(JsonKey.REQUESTED_BY);
-    if (!notesService.validateUserForNoteUpdate(userId, noteId, context)) {
-      ProjectCommonException.throwUnauthorizedErrorException();
-    }
+    checkAuthEnabled(context, noteId, userId);
     if (!notesService.noteIdExists(noteId, context)) {
       ProjectCommonException.throwClientErrorException(
           ResponseCode.invalidParameter,

service/src/main/java/org/sunbird/service/user/UserProfileReadService.java

@@ -6,6 +6,8 @@
 import java.time.LocalDate;
 import java.util.*;
 import java.util.stream.Collectors;
+
+import com.typesafe.config.ConfigFactory;
 import org.apache.commons.collections.CollectionUtils;
 import org.apache.commons.collections.MapUtils;
 import org.apache.commons.lang3.StringUtils;
@@ -100,8 +102,10 @@ public Response getUserProfileData(Request actorMessage) {
             + managedForId
             + " managedBy "
             + managedBy);
-    if (!isPrivate && StringUtils.isNotEmpty(managedBy) && !managedBy.equals(requestedById)) {
-      ProjectCommonException.throwUnauthorizedErrorException();
+    if(ConfigFactory.load().getBoolean(JsonKey.AUTH_ENABLED)) {
+      if (!isPrivate && StringUtils.isNotEmpty(managedBy) && !managedBy.equals(requestedById)) {
+        ProjectCommonException.throwUnauthorizedErrorException();
+      }
     }
     getManagedToken(actorMessage, userId, result, managedBy);
     String requestFields = (String) actorMessage.getContext().get(JsonKey.FIELDS);

service/src/main/java/org/sunbird/service/user/impl/UserServiceImpl.java

@@ -8,6 +8,8 @@
 import java.util.*;
 import java.util.concurrent.TimeUnit;
 import java.util.stream.Collectors;
+
+import com.typesafe.config.ConfigFactory;
 import org.apache.commons.collections.CollectionUtils;
 import org.apache.commons.collections.MapUtils;
 import org.apache.commons.lang3.RandomStringUtils;
@@ -123,12 +125,14 @@ public void validateUserId(Request request, String managedById, RequestContext c
             + managedForId);
     // LIUA token is validated when LIUA is updating own account details or LIUA token is validated
     // when updating MUA details
-    if ((StringUtils.isNotEmpty(managedForId) && !managedForId.equals(userId))
-        || (StringUtils.isEmpty(managedById)
-            && (!StringUtils.isBlank(userId) && !userId.equals(ctxtUserId))) // UPDATE
-        || (StringUtils.isNotEmpty(managedById)
-            && !(ctxtUserId.equals(managedById)))) // CREATE NEW USER/ UPDATE MUA {
-    ProjectCommonException.throwUnauthorizedErrorException();
+    if(ConfigFactory.load().getBoolean(JsonKey.AUTH_ENABLED)) {
+      if ((StringUtils.isNotEmpty(managedForId) && !managedForId.equals(userId))
+              || (StringUtils.isEmpty(managedById)
+              && (!StringUtils.isBlank(userId) && !userId.equals(ctxtUserId))) // UPDATE
+              || (StringUtils.isNotEmpty(managedById)
+              && !(ctxtUserId.equals(managedById)))) // CREATE NEW USER/ UPDATE MUA {
+        ProjectCommonException.throwUnauthorizedErrorException();
+    }
   }
 
   @Override
@@ -145,9 +149,12 @@ public void validateUploader(Request request, RequestContext context) {
     String uploaderUserId = (String) userMap.get(JsonKey.UPDATED_BY);
     User uploader = getUserById(uploaderUserId, context);
     User user = getUserById(userId, context);
-    if (!user.getRootOrgId().equalsIgnoreCase(uploader.getRootOrgId())) {
-      ProjectCommonException.throwUnauthorizedErrorException();
+    if(ConfigFactory.load().getBoolean(JsonKey.AUTH_ENABLED)) {
+      if (!user.getRootOrgId().equalsIgnoreCase(uploader.getRootOrgId())) {
+        ProjectCommonException.throwUnauthorizedErrorException();
+      }
     }
+
   }
 
   @Override

service/src/main/resources/application.conf

@@ -0,0 +1,2 @@
+# This is the configuration file for the service folder.
+AuthenticationEnabled=true

service/src/test/java/org/sunbird/service/user/UserServiceImplTest.java

@@ -25,6 +25,7 @@
 import org.sunbird.exception.ProjectCommonException;
 import org.sunbird.helper.ServiceFactory;
 import org.sunbird.keys.JsonKey;
+import org.sunbird.request.Request;
 import org.sunbird.request.RequestContext;
 import org.sunbird.response.Response;
 import org.sunbird.service.user.impl.UserServiceImpl;
@@ -46,7 +47,6 @@
 public class UserServiceImplTest {
 
   private static CassandraOperation cassandraOperationImpl = null;
-
   @Before
   public void setUp() throws JsonProcessingException {
     PowerMockito.mockStatic(ServiceFactory.class);
@@ -155,4 +155,13 @@ public void getUserDetailsByIdForES() {
         userService.getUserDetailsForES("3422-324-2342", new RequestContext());
     Assert.assertNotNull(userDetailsForEs);
   }
+
+  @Test(expected = ProjectCommonException.class)
+  public void testValidateUserIdFailure() {
+    UserService userService = UserServiceImpl.getInstance();
+    Request request = new Request();
+    request.getContext().put(JsonKey.USER_ID, "userId");
+    request.getContext().put(JsonKey.MANAGED_FOR, "managedFor");
+    userService.validateUserId(request, "123456", new RequestContext());
+  }
 }