Merge branch 'dev'

Author: Jenkins CI

documentation/src/main/doc/endpoint-oauth.txt

@@ -185,14 +185,15 @@ scope="openid profile read-tasks"
 ==== Revocation and logout
 
 The path +/revoke+ can be used to revoke an access token which was previously issued. This endpoint
-is implemented according to the RFC 7009, with the following Unity specifics: 
+is implemented according to the RFC 7009. Only access and refresh tokens can be revoked using this endpoint. 
 
-. The +token_type_hint+ is a mandatory argument, must be always provided (in RFC it is optional). THe allowed values
-  are +access_token+ and +refresh_token+.
-. The endpoint access is not authenticated - or better said the access is authorized implicitly by providing
-  a valid token to be revoked. The +client_id+ must be always given.
-   
-Typical usage:
+Note that this endpoint has different requirements depending on whether the client is public or confidential. For
+public clients +client_id+ parameter is mandatory but client authentication is not needed. For confidential clients
++client_id+ is not mandatory but client authentication is mandatory. See RFC for details. Note also that Unity offers
+a configuration option to allow for unauthenticated access for confidential clients. This option is for backwards 
+compatibility (pre 3.7.0 release) when authentication was not required for all types of clients. 
+
+Typical usage (public client case):
 
 ----
 POST /.../revoke HTTP/1.1

documentation/src/main/rest-api/rest-api-v1.txt

@@ -1289,4 +1289,37 @@ then any token can be removed, otherwise it is allowed for removing owned tokens
 Triggers sending user notification of the given message template. Request may use additional, variable, query parameters
 which are used as template parameters. All such parameters should have the +custom.+ prefix (which is mandatory
 in message template for custom properties).
- 
+
+=== Get idp usage statistics
+
++@Path("/idp-stats")+ +
++@GET+ +
++@QueryParam("since")+ +
++@QueryParam("groupBy")+ +
++@QueryParam("skipZeroRecords")+ +
+
+Returns idp usage statistics since a given date. Idp statistics can be grouped, allowed options are: none, day, month, total. 
+It is also possible to control whether all-zero records in the requested time range should be included or not with the 
++skipZeroRecords+ option, accepting +true+ (the default) and +false+ values.
+
+Example output without any grouping applied:
+
+----
+[
+   {
+      "idpId":"endpoint-id",
+      "idpName":"Endpoint name",
+      "clientId":"clientId1",
+      "clientName":"Client Name",
+      "sigInStats":[
+         {
+            "periodStart":"2021-10-21T15:14:09Z",
+            "periodEnd":"2021-10-21T15:15:09Z",
+            "totatCount":1,
+            "successfullCount":1,
+            "failedCount":0
+         }
+      ]
+   }
+]
+----

engine-api/src/main/java/pl/edu/icm/unity/engine/api/EntityManagement.java

@@ -8,6 +8,7 @@
 import java.util.Date;
 import java.util.List;
 import java.util.Map;
+import java.util.Set;
 
 import pl.edu.icm.unity.exceptions.EngineException;
 import pl.edu.icm.unity.types.authn.CredentialRequirements;
@@ -152,12 +153,11 @@ void scheduleEntityChange(EntityParam toChange, Date changeTime, EntityScheduled
 
 
 	/**
-	 * Returns information about an entity along with its all identities. Search by
-	 * verifiable email assigned to the entity.
+	 * Returns entities with assigned e-mail - as attribute or identity
 	 * 
 	 * @param contactEmail email assigned to the entity
 	 */
-	Entity getEntityByContactEmail(String contactEmail) throws EngineException;
+	Set<Entity> getAllEntitiesWithContactEmail(String contactEmail) throws EngineException;
 
 	/**
 	 * Returns a collection with all groups where the entity is a member. For convenience returned 

engine-api/src/main/java/pl/edu/icm/unity/engine/api/GroupsManagement.java

@@ -13,6 +13,7 @@
 import pl.edu.icm.unity.types.basic.AttributesClass;
 import pl.edu.icm.unity.types.basic.EntityParam;
 import pl.edu.icm.unity.types.basic.Group;
+import pl.edu.icm.unity.types.basic.GroupsChain;
 import pl.edu.icm.unity.types.basic.GroupContents;
 
 
@@ -111,5 +112,11 @@ void addMemberFromParent(String path, EntityParam entity,
 	 * Updates the group and pass information: changed property and new value used for audit log only
 	 */
 	void updateGroup(String path, Group group, String changedProperty, String newValue) throws EngineException;
+	
+	
+	/**
+	 * @return GroupChain for given group
+	 */
+	GroupsChain getGroupsChain(String path) throws EngineException;
 }
 

engine-api/src/main/java/pl/edu/icm/unity/engine/api/IdpStatisticManagement.java

@@ -0,0 +1,34 @@
+/*
+ * Copyright (c) 2021 Bixbit - Krzysztof Benedyczak. All rights reserved.
+ * See LICENCE.txt file for licensing information.
+ */
+
+package pl.edu.icm.unity.engine.api;
+
+import java.time.LocalDateTime;
+import java.util.List;
+
+import pl.edu.icm.unity.engine.api.idp.statistic.GroupedIdpStatistic;
+import pl.edu.icm.unity.exceptions.EngineException;
+import pl.edu.icm.unity.types.basic.idpStatistic.IdpStatistic;
+
+public interface IdpStatisticManagement
+{
+	public static final int DEFAULT_STAT_SIZE_LIMIT = Integer.MAX_VALUE;
+	public static final int DEFAULT_SIG_IN_RECORD_LIMIT = 100000;
+
+	public enum GroupBy
+	{
+		none, day, month, total
+	};
+
+	List<IdpStatistic> getIdpStatisticsSince(LocalDateTime since, int limit) throws EngineException;
+
+	void deleteOlderThan(LocalDateTime olderThan) throws EngineException;
+
+	void addIdpStatistic(IdpStatistic toAdd) throws EngineException;
+
+	List<GroupedIdpStatistic> getIdpStatisticsSinceGroupBy(LocalDateTime since, GroupBy groupBy, int sigInlimit,
+			boolean skipZeroRecords) throws EngineException;
+
+}

engine-api/src/main/java/pl/edu/icm/unity/engine/api/attributes/AttributeStatementMVELContextKey.java

@@ -0,0 +1,37 @@
+/*
+ * Copyright (c) 2021 Bixbit - Krzysztof Benedyczak. All rights reserved.
+ * See LICENCE.txt file for licensing information.
+ */
+
+package pl.edu.icm.unity.engine.api.attributes;
+
+import java.util.Map;
+import java.util.stream.Collectors;
+import java.util.stream.Stream;
+
+public enum AttributeStatementMVELContextKey
+{
+	idsByType(AttributeStatementMVELContextKey.descriptionPrefix + "idsByType"),
+	attrs(AttributeStatementMVELContextKey.descriptionPrefix + "attrs"),
+	attr(AttributeStatementMVELContextKey.descriptionPrefix + "attr"),
+	eattrs(AttributeStatementMVELContextKey.descriptionPrefix + "eattrs"),
+	eattr(AttributeStatementMVELContextKey.descriptionPrefix + "eattr"),
+	groupName(AttributeStatementMVELContextKey.descriptionPrefix + "groupName"),
+	groups(AttributeStatementMVELContextKey.descriptionPrefix + "groups"),
+	groupsObj(AttributeStatementMVELContextKey.descriptionPrefix + "groupsObj"),
+	entityId(AttributeStatementMVELContextKey.descriptionPrefix + "entityId");
+
+	public static final String descriptionPrefix = "AttributeStatementMVELContextKey.";
+	public final String descriptionKey;
+
+	private AttributeStatementMVELContextKey(String descriptionKey)
+	{
+		this.descriptionKey = descriptionKey;
+	}
+		
+	public static Map<String, String> toMap()
+	{
+		return Stream.of(values()).collect(Collectors.toMap(v -> v.name(), v -> v.descriptionKey));		
+	}
+	
+}

engine-api/src/main/java/pl/edu/icm/unity/engine/api/authn/remote/AuthenticationTriggeringContext.java

@@ -5,6 +5,7 @@
 package pl.edu.icm.unity.engine.api.authn.remote;
 
 import pl.edu.icm.unity.engine.api.authn.PartialAuthnState;
+import pl.edu.icm.unity.engine.api.authn.sandbox.SandboxAuthnEvent;
 import pl.edu.icm.unity.engine.api.authn.sandbox.SandboxAuthnRouter;
 import pl.edu.icm.unity.types.authn.AuthenticationOptionKey;
 import pl.edu.icm.unity.types.registration.RegistrationForm;
@@ -32,13 +33,13 @@ private AuthenticationTriggeringContext(boolean rememberMeSet,
 		this.authenticationOptionKey = authenticationOptionKey;
 	}
 
-	public static AuthenticationTriggeringContext registrationTriggeredAuthn(RegistrationForm form, 
-			String invitationCode,
-			AuthenticationOptionKey authenticationOptionKey)
+	public static AuthenticationTriggeringContext registrationTriggeredAuthn(RegistrationForm form,
+			String invitationCode, AuthenticationOptionKey authenticationOptionKey)
 	{
 		if (form == null)
 			throw new IllegalArgumentException("Form must be set in registration triggered remote authn");
-		return new AuthenticationTriggeringContext(false, null, form, invitationCode, null, authenticationOptionKey);
+		return new AuthenticationTriggeringContext(false, null, form, invitationCode, new MockSandboxAuthnRouter(),
+				authenticationOptionKey);
 	}
 
 
@@ -90,4 +91,22 @@ public String toString()
 				"AuthenticationTriggeringContext [rememberMeSet=%s, firstFactorAuthnState=%s, form=%s, invitationCode=%s]",
 				rememberMeSet, firstFactorAuthnState, form, invitationCode);
 	}
+	
+	private static final class MockSandboxAuthnRouter implements SandboxAuthnRouter
+	{
+		@Override
+		public void addListener(AuthnResultListener listener)
+		{
+		}
+
+		@Override
+		public void removeListener(AuthnResultListener listener)
+		{
+		}
+
+		@Override
+		public void fireEvent(SandboxAuthnEvent event)
+		{
+		}
+	}
 }

engine-api/src/main/java/pl/edu/icm/unity/engine/api/authn/sandbox/SandboxAuthenticationResult.java

@@ -5,6 +5,7 @@
 package pl.edu.icm.unity.engine.api.authn.sandbox;
 
 import pl.edu.icm.unity.engine.api.authn.AuthenticationResult;
+import pl.edu.icm.unity.engine.api.authn.RemoteAuthenticationResult;
 
 public class SandboxAuthenticationResult implements AuthenticationResult
 {
@@ -66,5 +67,11 @@ public String toString()
 		return baseResult.toString();
 	}
 
+	@Override
+	public RemoteAuthenticationResult asRemote()
+	{
+		return baseResult.asRemote();
+	}
+	
 
 }

engine-api/src/main/java/pl/edu/icm/unity/engine/api/bulkops/EntityMVELContextKey.java

@@ -0,0 +1,36 @@
+/*
+ * Copyright (c) 2021 Bixbit - Krzysztof Benedyczak. All rights reserved.
+ * See LICENCE.txt file for licensing information.
+ */
+
+package pl.edu.icm.unity.engine.api.bulkops;
+
+import java.util.Map;
+import java.util.stream.Collectors;
+import java.util.stream.Stream;
+
+public enum EntityMVELContextKey
+{	
+	idsByType(EntityMVELContextKey.descriptionPrefix + "idsByType"),
+	idsByTypeObj(EntityMVELContextKey.descriptionPrefix + "idsByTypeObj"),
+	attrs(EntityMVELContextKey.descriptionPrefix + "attrs"),
+	attr(EntityMVELContextKey.descriptionPrefix + "attr"),
+	groups(EntityMVELContextKey.descriptionPrefix + "groups"),
+	status(EntityMVELContextKey.descriptionPrefix + "status"),
+	credReq(EntityMVELContextKey.descriptionPrefix + "credReq"),
+	credStatus(EntityMVELContextKey.descriptionPrefix + "credStatus");
+
+	public static final String descriptionPrefix = "EntityMVELContextKey.";
+	public final String descriptionKey;
+
+	private EntityMVELContextKey(String descriptionKey)
+	{
+		this.descriptionKey = descriptionKey;
+	}
+
+
+	public static Map<String, String> toMap()
+	{
+		return Stream.of(values()).collect(Collectors.toMap(v -> v.name(), v -> v.descriptionKey));
+	}
+}

engine-api/src/main/java/pl/edu/icm/unity/engine/api/endpoint/EndpointFileConfigurationManagement.java

@@ -0,0 +1,20 @@
+/*
+ * Copyright (c) 2021 Bixbit - Krzysztof Benedyczak. All rights reserved.
+ * See LICENCE.txt file for licensing information.
+ */
+
+package pl.edu.icm.unity.engine.api.endpoint;
+
+import java.util.Optional;
+
+import pl.edu.icm.unity.exceptions.EngineException;
+import pl.edu.icm.unity.types.endpoint.EndpointConfiguration;
+
+public interface EndpointFileConfigurationManagement
+{
+
+	EndpointConfiguration getEndpointConfig(String name) throws EngineException;
+
+	Optional<String> getEndpointConfigKey(String endpointName);
+
+}