Remove API to validate user access

API to validate user access is not working and its not useful at all.

Its not desired that admin knows users' passwords as it is required
by this user validation API.

Admin users can retrieve information provided by this API by using:
list-users, list-roles and list-domains APIs which are working fine.

JIRA: AAA-252
Change-Id: I7e1c2b0cef93851d59c4367a578fa7758d6c449d
Signed-off-by: Yaroslav Lastivka <yaroslav.lastivka@pantheon.tech>

diff --git a/aaa-shiro/impl/src/main/java/org/opendaylight/aaa/shiro/idm/DomainHandler.java b/aaa-shiro/impl/src/main/java/org/opendaylight/aaa/shiro/idm/DomainHandler.java
index 6fee26b5a3863dae0e2f65cf9ce3516f2a4e3480..032f0db2215c8ca31f7690a08e81099d202bc273 100644 (file)
--- a/aaa-shiro/impl/src/main/java/org/opendaylight/aaa/shiro/idm/DomainHandler.java
+++ b/aaa-shiro/impl/src/main/java/org/opendaylight/aaa/shiro/idm/DomainHandler.java
@@ -13,7 +13,6 @@ import static javax.ws.rs.core.Response.Status.CREATED;
 import static javax.ws.rs.core.Response.Status.FORBIDDEN;
 import static javax.ws.rs.core.Response.Status.INTERNAL_SERVER_ERROR;
 import static javax.ws.rs.core.Response.Status.NOT_FOUND;
-import static javax.ws.rs.core.Response.Status.UNAUTHORIZED;
 
 import java.util.ArrayList;
 import javax.ws.rs.Consumes;
@@ -31,7 +30,6 @@ import javax.ws.rs.core.UriInfo;
 import org.opendaylight.aaa.api.ClaimCache;
 import org.opendaylight.aaa.api.IDMStoreException;
 import org.opendaylight.aaa.api.IIDMStore;
-import org.opendaylight.aaa.api.model.Claim;
 import org.opendaylight.aaa.api.model.Domain;
 import org.opendaylight.aaa.api.model.Domains;
 import org.opendaylight.aaa.api.model.Grant;
@@ -39,8 +37,6 @@ import org.opendaylight.aaa.api.model.IDMError;
 import org.opendaylight.aaa.api.model.Role;
 import org.opendaylight.aaa.api.model.Roles;
 import org.opendaylight.aaa.api.model.User;
-import org.opendaylight.aaa.api.model.UserPwd;
-import org.opendaylight.aaa.api.model.Users;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
@@ -370,105 +366,6 @@ public class DomainHandler {
         return Response.status(CREATED).entity(newGrant).build();
     }
 
-    /**
-     * Used to validate user access.
-     *
-     * @param info
-     *            passed from Jersey
-     * @param domainId
-     *            the domain in question
-     * @param userpwd
-     *            the password attempt
-     * @return A response stating success or failure of user validation.
-     */
-    @POST
-    @Path("/{did}/users/roles")
-    @Consumes(MediaType.APPLICATION_JSON)
-    @Produces(MediaType.APPLICATION_JSON)
-    public Response validateUser(@Context final UriInfo info, @PathParam("did") final String domainId,
-            final UserPwd userpwd) {
-        LOG.info("GET /domains/{}/users", domainId);
-
-        final Domain domain;
-        try {
-            domain = iidMStore.readDomain(domainId);
-        } catch (IDMStoreException se) {
-            LOG.error("StoreException: ", se);
-            IDMError idmerror = new IDMError();
-            idmerror.setMessage("Internal error getting domain");
-            idmerror.setDetails(se.getMessage());
-            return Response.status(INTERNAL_SERVER_ERROR).entity(idmerror).build();
-        }
-        if (domain == null) {
-            IDMError idmerror = new IDMError();
-            idmerror.setMessage("Not found! Domain id:" + domainId);
-            return Response.status(NOT_FOUND).entity(idmerror).build();
-        }
-
-        // check request body for username and pwd
-        final String username = userpwd.getUsername();
-        if (username == null) {
-            IDMError idmerror = new IDMError();
-            idmerror.setMessage("username not specfied in request body");
-            return Response.status(BAD_REQUEST).entity(idmerror).build();
-        }
-        final String pwd = userpwd.getUserpwd();
-        if (pwd == null) {
-            IDMError idmerror = new IDMError();
-            idmerror.setMessage("userpwd not specfied in request body");
-            return Response.status(BAD_REQUEST).entity(idmerror).build();
-        }
-
-        // find userid for user
-        final Users users;
-        try {
-            users = iidMStore.getUsers(username, domainId);
-        } catch (IDMStoreException e) {
-            LOG.error("StoreException", e);
-            IDMError idmerror = new IDMError();
-            idmerror.setMessage("Internal error getting user");
-            idmerror.setDetails(e.getMessage());
-            return Response.status(INTERNAL_SERVER_ERROR).entity(idmerror).build();
-        }
-
-        final var userList = users.getUsers();
-        if (userList.isEmpty()) {
-            IDMError idmerror = new IDMError();
-            idmerror.setMessage("did not find username: " + username);
-            return Response.status(NOT_FOUND).entity(idmerror).build();
-        }
-
-        final User user = userList.get(0);
-        final String userPwd = user.getPassword();
-        final String reqPwd = userpwd.getUserpwd();
-        if (!userPwd.equals(reqPwd)) {
-            IDMError idmerror = new IDMError();
-            idmerror.setMessage("password does not match for username: " + username);
-            return Response.status(UNAUTHORIZED).entity(idmerror).build();
-        }
-
-        final var roleList = new ArrayList<Role>();
-        try {
-            for (Grant grant : iidMStore.getGrants(domainId, user.getUserid()).getGrants()) {
-                roleList.add(iidMStore.readRole(grant.getRoleid()));
-            }
-        } catch (IDMStoreException e) {
-            LOG.error("StoreException", e);
-            IDMError idmerror = new IDMError();
-            idmerror.setMessage("Internal error getting Roles");
-            idmerror.setDetails(e.getMessage());
-            return Response.status(INTERNAL_SERVER_ERROR).entity(idmerror).build();
-        }
-
-        Claim claim = new Claim();
-        claim.setDomainid(domainId);
-        claim.setUsername(username);
-        claim.setUserid(user.getUserid());
-        claim.setRoles(roleList);
-
-        return Response.ok(claim).build();
-    }
-
     /**
      * Get the grants for a user on a domain.
      *

diff --git a/aaa-shiro/impl/src/test/java/org/opendaylight/aaa/shiro/idm/rest/test/DomainHandlerTest.java b/aaa-shiro/impl/src/test/java/org/opendaylight/aaa/shiro/idm/rest/test/DomainHandlerTest.java
index fc605943f5cc40c841543bfa1c9374849456ebbf..13f11e2760b210b09db9a33a5d3c4498ad701f6e 100644 (file)
--- a/aaa-shiro/impl/src/test/java/org/opendaylight/aaa/shiro/idm/rest/test/DomainHandlerTest.java
+++ b/aaa-shiro/impl/src/test/java/org/opendaylight/aaa/shiro/idm/rest/test/DomainHandlerTest.java
@@ -76,18 +76,6 @@ public class DomainHandlerTest extends HandlerTest {
         clientResponse = target("/v1/domains/5/users/0/roles").request().post(entity(grantData));
         assertEquals(404, clientResponse.getStatus());
 
-        // check validate user (admin)
-        Map<String, String> usrPwdData = new HashMap<>();
-        usrPwdData.put("username", "admin");
-        usrPwdData.put("userpwd", "admin");
-        clientResponse = target("/v1/domains/0/users/roles").request().post(entity(usrPwdData));
-        assertEquals(200, clientResponse.getStatus());
-
-        // check validate user (admin) with wrong password
-        usrPwdData.put("userpwd", "1234");
-        clientResponse = target("/v1/domains/0/users/roles").request().post(entity(usrPwdData));
-        assertEquals(401, clientResponse.getStatus());
-
         // check get user (admin) roles
         Roles usrRoles = target("/v1/domains/0/users/0/roles").request().get(Roles.class);
         assertNotNull(usrRoles);