From 7516722ec5694385f00c3b4b33dd7ba4e80f7324 Mon Sep 17 00:00:00 2001 From: nttdata-rtorsoli Date: Tue, 20 Feb 2024 12:15:48 +0100 Subject: [PATCH 1/3] PIN-4574 Add TENANT_ALLOWED_ORIGINS to session token creation --- .../api/impl/AuthorizationApiServiceImpl.scala | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/src/main/scala/it/pagopa/interop/backendforfrontend/api/impl/AuthorizationApiServiceImpl.scala b/src/main/scala/it/pagopa/interop/backendforfrontend/api/impl/AuthorizationApiServiceImpl.scala index 7d174d42..a95176a1 100644 --- a/src/main/scala/it/pagopa/interop/backendforfrontend/api/impl/AuthorizationApiServiceImpl.scala +++ b/src/main/scala/it/pagopa/interop/backendforfrontend/api/impl/AuthorizationApiServiceImpl.scala @@ -95,10 +95,8 @@ final case class AuthorizationApiServiceImpl( } } - private final val allowedOrigins: Set[String] = Set("IPA", "ANAC", "IVASS") - private def assertTenantAllowed(selfcareId: String, origin: String): Future[Unit] = - if (allowedOrigins.contains(origin) || allowList.contains(selfcareId)) Future.successful(()) + if (TENANT_ALLOWED_ORIGINS.contains(origin) || allowList.contains(selfcareId)) Future.successful(()) else Future.failed(UnknownTenantOrigin(selfcareId)) private def getTenantOr( @@ -123,7 +121,7 @@ final case class AuthorizationApiServiceImpl( onboardingData <- selfcareV2ClientService.getOnboardingsInstitution(institutionApi.id, None) onboardingDataApi <- onboardingData.toApi.toFuture externalId = - if (institutionApi.origin == "IPA") institutionApi.subunitCode.getOrElse(institutionApi.originId) + if (institutionApi.origin == IPA) institutionApi.subunitCode.getOrElse(institutionApi.originId) else institutionApi.taxCode resourceId <- tenantProcessService .selfcareUpsertTenant( From 9a779b04a0be223a91e017769865afc57d8ed5f6 Mon Sep 17 00:00:00 2001 From: nttdata-rtorsoli Date: Tue, 20 Feb 2024 15:45:39 +0100 Subject: [PATCH 2/3] PIN-4574 Changed to env var --- src/main/resources/application.conf | 2 +- .../api/impl/AuthorizationApiServiceImpl.scala | 5 +++-- .../common/system/ApplicationConfiguration.scala | 5 +++-- src/test/resources/application-test.conf | 1 + 4 files changed, 8 insertions(+), 5 deletions(-) diff --git a/src/main/resources/application.conf b/src/main/resources/application.conf index 60393769..5e8c176f 100644 --- a/src/main/resources/application.conf +++ b/src/main/resources/application.conf @@ -7,7 +7,7 @@ backend-for-frontend { signer-max-connections = 200 signer-max-connections = ${?KMS_MAX_CONCURRENCY} - + tenant-allowed-origins = ${TENANT_ALLOWED_ORIGINS} pagopa-tenant-id = ${PAGOPA_TENANT_ID} jwt { diff --git a/src/main/scala/it/pagopa/interop/backendforfrontend/api/impl/AuthorizationApiServiceImpl.scala b/src/main/scala/it/pagopa/interop/backendforfrontend/api/impl/AuthorizationApiServiceImpl.scala index a95176a1..4eb7c3a9 100644 --- a/src/main/scala/it/pagopa/interop/backendforfrontend/api/impl/AuthorizationApiServiceImpl.scala +++ b/src/main/scala/it/pagopa/interop/backendforfrontend/api/impl/AuthorizationApiServiceImpl.scala @@ -96,7 +96,8 @@ final case class AuthorizationApiServiceImpl( } private def assertTenantAllowed(selfcareId: String, origin: String): Future[Unit] = - if (TENANT_ALLOWED_ORIGINS.contains(origin) || allowList.contains(selfcareId)) Future.successful(()) + if (ApplicationConfiguration.tenantAllowedOrigins.contains(origin) || allowList.contains(selfcareId)) + Future.successful(()) else Future.failed(UnknownTenantOrigin(selfcareId)) private def getTenantOr( @@ -121,7 +122,7 @@ final case class AuthorizationApiServiceImpl( onboardingData <- selfcareV2ClientService.getOnboardingsInstitution(institutionApi.id, None) onboardingDataApi <- onboardingData.toApi.toFuture externalId = - if (institutionApi.origin == IPA) institutionApi.subunitCode.getOrElse(institutionApi.originId) + if (institutionApi.origin == "IPA") institutionApi.subunitCode.getOrElse(institutionApi.originId) else institutionApi.taxCode resourceId <- tenantProcessService .selfcareUpsertTenant( diff --git a/src/main/scala/it/pagopa/interop/backendforfrontend/common/system/ApplicationConfiguration.scala b/src/main/scala/it/pagopa/interop/backendforfrontend/common/system/ApplicationConfiguration.scala index cc95fd95..1ca30cf4 100644 --- a/src/main/scala/it/pagopa/interop/backendforfrontend/common/system/ApplicationConfiguration.scala +++ b/src/main/scala/it/pagopa/interop/backendforfrontend/common/system/ApplicationConfiguration.scala @@ -34,8 +34,9 @@ object ApplicationConfiguration { val ecKeysIdentifiers: Set[String] = config.getString("backend-for-frontend.ec-keys-identifiers").split(",").toSet.filter(_.nonEmpty) - val signerMaxConnections: Int = config.getInt("backend-for-frontend.signer-max-connections") - + val signerMaxConnections: Int = config.getInt("backend-for-frontend.signer-max-connections") + val tenantAllowedOrigins: Set[String] = + config.getString("backend-for-frontend.tenant-allowed-origins").split(",").toSet.filter(_.nonEmpty) val rateLimiterConfigs: LimiterConfig = { val rateInterval = config.getDuration("backend-for-frontend.rate-limiter.rate-interval") val timeout = config.getDuration("backend-for-frontend.rate-limiter.timeout") diff --git a/src/test/resources/application-test.conf b/src/test/resources/application-test.conf index 40e602b6..fbd038a4 100644 --- a/src/test/resources/application-test.conf +++ b/src/test/resources/application-test.conf @@ -10,6 +10,7 @@ backend-for-frontend { rsa-keys-identifiers = "" signer-max-connections = 10 + tenant-allowed-origins = "IPA,ANAC,IVASS" pagopa-tenant-id = "5ec5dd81-ff71-4af8-974b-4190eb8347bf" jwt { From cca80702461cc5a67fe12db015d5b8ac372f244f Mon Sep 17 00:00:00 2001 From: nttdata-rtorsoli Date: Wed, 21 Feb 2024 12:29:59 +0100 Subject: [PATCH 3/3] PIN-4574 Resolved PR issue --- src/test/resources/application-test.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/test/resources/application-test.conf b/src/test/resources/application-test.conf index fbd038a4..d19822b7 100644 --- a/src/test/resources/application-test.conf +++ b/src/test/resources/application-test.conf @@ -10,7 +10,7 @@ backend-for-frontend { rsa-keys-identifiers = "" signer-max-connections = 10 - tenant-allowed-origins = "IPA,ANAC,IVASS" + tenant-allowed-origins = "IPA,ANAC" pagopa-tenant-id = "5ec5dd81-ff71-4af8-974b-4190eb8347bf" jwt {