MODLOGSAML-199: Remove legacy token support

descriptors/ModuleDescriptor-template.json

@@ -156,21 +156,17 @@
     }
   ],
   "requires": [
-    {
-      "id": "authtoken",
-      "version": "2.1"
-    },
-    {
-      "id": "authtoken2",
-      "version": "1.1"
-    },
     {
       "id": "users",
       "version": "14.0 15.0 16.0"
     },
     {
       "id": "configuration",
       "version": "2.0"
+    },
+    {
+      "id": "authtoken2",
+      "version": "1.1"
     }
   ],
   "launchDescriptor": {
@@ -194,6 +190,6 @@
       { "name": "DB_QUERYTIMEOUT", "value": "60000" },
       { "name": "DB_CHARSET", "value": "UTF-8" },
       { "name": "DB_MAXPOOLSIZE", "value": "5" }
-    ] 
+    ]
   }
 }

ramls/schemas/SamlConfig.json

@@ -43,11 +43,6 @@
       "description": "Where the IDP should call back after login is successful. Either callback or callback-with-expiry. Defaults to callback-with-expiry if not present.",
       "type": "string",
       "required": false
-    },
-    "useSecureTokens": {
-      "type": "boolean",
-      "description": "When present, and true, and when callback is configured with the value 'callback', enables the refresh token payload on the /callback endpoint.",
-      "required": false
     }
   }
 }

ramls/schemas/SamlConfigRequest.json

@@ -43,11 +43,6 @@
       "description": "Where the IDP should call back after login is successful. Either callback or callback-with-expiry. Defaults to callback-with-expiry if not present.",
       "type": "string",
       "required": false
-    },
-    "useSecureTokens": {
-      "type": "boolean",
-      "description": "When present, and 'true', and when callback is configured with the value 'callback', enables the refresh token payload on the /callback endpoint.",
-      "required": false
     }
   }
 }

src/main/java/org/folio/config/model/SamlConfiguration.java

@@ -1,5 +1,6 @@
 package org.folio.config.model;
 
+import com.fasterxml.jackson.annotation.JsonIgnore;
 import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
 import com.fasterxml.jackson.annotation.JsonProperty;
 import java.util.ArrayList;
@@ -54,7 +55,12 @@ public class SamlConfiguration {
   private String callback;
   @JsonProperty(IDS_LIST_CODE)
   private List<String> idsList;
+  /**
+   * @deprecated See MODLOGSAML-192 for background.
+   */
+  @Deprecated(since="2.9.3", forRemoval = true)
   @JsonProperty(SAML_USE_SECURE_TOKENS)
+  @JsonIgnore
   private String useSecureTokens;
 
   public SamlConfiguration(){
@@ -172,12 +178,4 @@ public String getUserProperty() {
   public void setUserProperty(String userProperty) {
     this.userProperty = userProperty;
   }
-
-  public String getUseSecureTokens() {
-    return useSecureTokens;
-  }
-
-  public void setUseSecureTokens(String useSecureTokens) {
-    this.useSecureTokens = useSecureTokens;
-  }
 }

src/main/java/org/folio/dao/impl/ConfigurationsDaoImpl.java

@@ -173,6 +173,9 @@ public Future<SamlConfiguration> storeEntry(Vertx vertx, OkapiHeaders okapiHeade
   }
 
   private static SamlConfiguration localUpdateSamlConfiguration(SamlConfiguration result, Map<String, String> map2Update) {
+    // Remove deprecated.
+    map2Update.remove(SamlConfiguration.SAML_USE_SECURE_TOKENS);
+
     for (Map.Entry<String, String> entry : map2Update.entrySet()) {
       localUpdateSamlConfiguration(result, entry.getKey(), entry.getValue());
     }

src/main/java/org/folio/rest/impl/SamlAPI.java

@@ -12,7 +12,6 @@
 import java.time.Instant;
 import java.util.*;
 
-import javax.ws.rs.core.NewCookie;
 import javax.ws.rs.core.Response;
 import javax.ws.rs.core.UriBuilder;
 
@@ -83,7 +82,6 @@ public class SamlAPI implements Saml {
   private static final Logger log = LogManager.getLogger(SamlAPI.class);
   public static final String CSRF_TOKEN = "csrfToken";
   public static final String RELAY_STATE = "relayState";
-  private static final String TOKEN_SIGN_ENDPOINT_LEGACY = "/token";
   private static final String TOKEN_SIGN_ENDPOINT = "/token/sign";
   public static final String SET_COOKIE = "Set-Cookie";
   public static final String LOCATION = "Location";
@@ -257,15 +255,10 @@ private void doPostSamlCallback(String body, RoutingContext routingContext, Map<
           JsonObject payload = new JsonObject().put("payload",
             new JsonObject().put("sub", userObject.getString(USERNAME)).put("user_id", userId));
 
-          var tokenSignEndpoint = getTokenSignEndpoint(configuration);
-          return fetchToken(webClient, payload, parsedHeaders, tokenSignEndpoint)
+          return fetchToken(webClient, payload, parsedHeaders, TOKEN_SIGN_ENDPOINT)
             .map(jsonResponse -> {
-              if (isLegacyResponse(tokenSignEndpoint)) {
-                return redirectResponseLegacy(jsonResponse, stripesBaseUrl, originalUrl);
-              } else {
-                var okapiPath = UrlUtil.getPathFromOkapiUrl(parsedHeaders.getUrl());
-                return redirectResponse(jsonResponse, stripesBaseUrl, originalUrl, okapiPath);
-              }
+              var okapiPath = UrlUtil.getPathFromOkapiUrl(parsedHeaders.getUrl());
+              return redirectResponse(jsonResponse, stripesBaseUrl, originalUrl, okapiPath);
             });
           });
       })
@@ -276,17 +269,6 @@ private void doPostSamlCallback(String body, RoutingContext routingContext, Map<
       });
   }
 
-  private boolean isLegacyResponse(SamlConfiguration configuration) {
-    return "callback".equals(configuration.getCallback()) && ! "true".equals(configuration.getUseSecureTokens());
-  }
-
-  private String getTokenSignEndpoint(SamlConfiguration configuration) {
-    if (isLegacyResponse(configuration)) {
-      return TOKEN_SIGN_ENDPOINT_LEGACY;
-    }
-    return TOKEN_SIGN_ENDPOINT;
-  }
-
   private PostSamlCallbackResponse failCallbackResponse(Throwable cause, RoutingContext routingContext) {
     PostSamlCallbackResponse response;
     if (cause instanceof ForbiddenException) {
@@ -301,10 +283,6 @@ private PostSamlCallbackResponse failCallbackResponse(Throwable cause, RoutingCo
     return response;
   }
 
-  private boolean isLegacyResponse(String endpoint) {
-    return endpoint.equals(TOKEN_SIGN_ENDPOINT_LEGACY);
-  }
-
   private Future<JsonObject> fetchToken(WebClient client, JsonObject payload, OkapiHeaders parsedHeaders, String endpoint) {
     HttpRequest<Buffer> request = client.postAbs(parsedHeaders.getUrl() + endpoint);
 
@@ -322,23 +300,6 @@ private Future<JsonObject> fetchToken(WebClient client, JsonObject payload, Okap
       });
   }
 
-  private Response redirectResponseLegacy(JsonObject jsonObject, URI stripesBaseUrl, URI originalUrl) {
-    String authToken = jsonObject.getString("token");
-
-    final String location = UriBuilder.fromUri(stripesBaseUrl)
-      .path("sso-landing")
-      .queryParam("ssoToken", authToken)
-      .queryParam("fwd", originalUrl.getPath())
-      .build()
-      .toString();
-
-    final String cookie = new NewCookie("ssoToken",
-      authToken, "", originalUrl.getHost(), "", 3600, true).toString();
-    var headers = PostSamlCallbackResponse.headersFor302().withSetCookie(cookie).withXOkapiToken(authToken)
-      .withLocation(location);
-    return PostSamlCallbackResponse.respond302(headers);
-  }
-
   private Response redirectResponse(JsonObject jsonObject,
       URI stripesBaseUrl, URI originalUrl, String okapiPath) {
 
@@ -616,7 +577,6 @@ private SamlConfig configToDto(SamlConfiguration config) {
       .withSamlAttribute(config.getSamlAttribute())
       .withUserProperty(config.getUserProperty())
       .withCallback(config.getCallback())
-      .withUseSecureTokens(Boolean.valueOf(config.getUseSecureTokens()))
       .withMetadataInvalidated(Boolean.valueOf(config.getMetadataInvalidated()));
     try {
       URI uri = URI.create(config.getOkapiUrl());
@@ -727,10 +687,6 @@ private SamlConfiguration updateSamlConfiguration(SamlConfiguration config, Saml
     result.setCallback(config.getCallback());
     ConfigEntryUtil.valueChanged(config.getCallback(), updatedConfig.getCallback(), result::setCallback);
 
-    result.setUseSecureTokens(config.getUseSecureTokens());
-    ConfigEntryUtil.valueChanged(config.getUseSecureTokens(), updatedConfig.getUseSecureTokens(),
-      result::setUseSecureTokens);
-
     result.setKeystore(config.getKeystore());
     result.setKeystorePassword(config.getKeystorePassword());
     result.setPrivateKeyPassword(config.getPrivateKeyPassword());

src/test/java/org/folio/dao/impl/ConfigurationsDaoImplTest.java

@@ -205,7 +205,7 @@ public void getConfigurationData2ExistentEntries(TestContext context) {
 
   @Test
   public void testSamlConfigurationUpdateEmptyDatabase(TestContext context) {
-    mock.setMockContent("mock_content_legacy.json");
+    mock.setMockContent("mock_content_callback.json");
     SamlConfiguration samlConfigurationToStoreInDatabase = mock.getMockPartialContent();
     Map<String, String> map2Update = SamlConfigurationUtil.samlConfiguration2Map(samlConfigurationToStoreInDatabase);
     int expectedInt = 0;
@@ -229,7 +229,7 @@ public void testSamlConfigurationUpdateEmptyDatabaseIncorrectCode(TestContext co
 
   @Test
   public void testSamlConfigurationUpdateEmptyDatabaseComplete(TestContext context) {
-    mock.setMockContent("mock_content_legacy.json");
+    mock.setMockContent("mock_content_callback.json");
     SamlConfiguration samlConfigurationToStoreInDatabase = mock.getMockPartialContent();
     Map<String, String> map2Update = SamlConfigurationUtil.samlConfiguration2Map(mock.getMockPartialContent());
     map2Update.put(SamlConfiguration.IDP_METADATA_CODE, "SamlConfiguration.IDP_METADATA_CODE value");

src/test/java/org/folio/rest/impl/IdpCallbackTest.java

@@ -70,7 +70,7 @@ public void after() {
   @Test
   public void post(TestContext context) {
     IDP.setPostBinding();
-    setOkapi("mock_idptest_post_secure_tokens.json");
+    setOkapi("mock_idptest_post_callback.json");
     dataMigrationHelper.dataMigrationCompleted(vertx, context, false);
     for (int i = 0; i < 2; i++) {
       SamlTestHelper.testPost(CALLBACK);
@@ -80,7 +80,7 @@ public void post(TestContext context) {
   @Test
   public void redirect(TestContext context) {
     IDP.setRedirectBinding();
-    setOkapi("mock_idptest_redirect_secure_tokens.json");
+    setOkapi("mock_idptest_redirect_callback.json");
     dataMigrationHelper.dataMigrationCompleted(vertx, context, false);
 
     for (int i = 0; i < 2; i++) {