apply corrections from pull request feedbacks

Author: Leopold-Cramer

common/src/main/kotlin/com/cosmotech/common/config/CsmPlatformProperties.kt

@@ -74,7 +74,7 @@ data class CsmPlatformProperties(
       val mailJwtClaim: String = "preferred_username",
 
       /** The JWT Claim where the groups information are stored */
-      val groupJwtClaim: String = "user_groups",
+      val groupJwtClaim: String = "groups",
 
       /** The JWT Claim where the roles information is stored */
       val rolesJwtClaim: String = "roles",

common/src/main/kotlin/com/cosmotech/common/rbac/CsmRbac.kt

@@ -198,9 +198,7 @@ open class CsmRbac(
         } else {
           groups.any {
             this.getEntityRole(rbacSecurity, it) == this.getAdminRole(rolesDefinition)
-          } ||
-              this.getEntityRole(rbacSecurity, rbacSecurity.default) ==
-                  this.getAdminRole(rolesDefinition)
+          } || rbacSecurity.default == this.getAdminRole(rolesDefinition)
         }
     logger.debug("RBAC ${rbacSecurity.id} - $user has default admin rbac role: $isAdmin")
     return isAdmin
@@ -220,9 +218,7 @@ open class CsmRbac(
         } else {
           groups.any {
             verifyPermissionFromRole(permission, getEntityRole(rbacSecurity, it), rolesDefinition)
-          } ||
-              verifyPermissionFromRole(
-                  permission, getEntityRole(rbacSecurity, rbacSecurity.default), rolesDefinition)
+          } || verifyPermissionFromRole(permission, rbacSecurity.default, rolesDefinition)
         }
     logger.debug("RBAC ${rbacSecurity.id} - $user has permission $permission in ACL: $isAuthorized")
     return isAuthorized

common/src/main/kotlin/com/cosmotech/common/utils/SecurityUtils.kt

@@ -56,11 +56,14 @@ fun getCurrentAccountIdentifier(configuration: CsmPlatformProperties): String {
 }
 
 fun getCurrentAccountGroups(configuration: CsmPlatformProperties): List<String> {
-  val authentication = getCurrentAuthentication()
-  val jwt = (authentication as JwtAuthenticationToken).token.tokenValue
-  val jwtClaimsSet = JWTParser.parse(jwt).jwtClaimsSet
-  return jwtClaimsSet.getListClaim(configuration.authorization.groupJwtClaim).toList()
-      as List<String>
+  return (getValueFromAuthenticatedToken(configuration) {
+    try {
+      val jwt = JWTParser.parse(it)
+      jwt.jwtClaimsSet.getStringListClaim(configuration.authorization.groupJwtClaim)
+    } catch (e: ParseException) {
+      JSONObjectUtils.parse(it)[configuration.authorization.groupJwtClaim] as List<String>
+    }
+  } ?: emptyList())
 }
 
 fun getCurrentAuthenticatedRoles(configuration: CsmPlatformProperties): List<String> {

dataset/src/integrationTest/kotlin/com/cosmotech/dataset/service/DatasetServiceIntegrationTest.kt

@@ -96,7 +96,6 @@ class DatasetServiceIntegrationTest() : CsmTestBase() {
   val UNALLOWED_MIME_TYPE_SOURCE_FILE_NAME = "wrong_mimetype.yaml"
   val INVENTORY_SOURCE_FILE_NAME = "product_inventory.csv"
   val WRONG_ORIGINAL_FILE_NAME = "../../wrong_name_pattern.csv"
-  val defaultGroup = listOf("myTestGroup")
 
   private val logger = LoggerFactory.getLogger(DatasetServiceIntegrationTest::class.java)
 
@@ -121,7 +120,7 @@ class DatasetServiceIntegrationTest() : CsmTestBase() {
   fun setUp() {
     mockkStatic("com.cosmotech.common.utils.SecurityUtilsKt")
     every { getCurrentAccountIdentifier(any()) } returns CONNECTED_ADMIN_USER
-    every { getCurrentAccountGroups(any()) } returns defaultGroup
+    every { getCurrentAccountGroups(any()) } returns listOf("myTestGroup")
     every { getCurrentAuthenticatedUserName(csmPlatformProperties) } returns "test.user"
     every { getCurrentAuthenticatedRoles(any()) } returns listOf("user")
 

dataset/src/integrationTest/kotlin/com/cosmotech/dataset/service/DatasetServiceRBACTest.kt

@@ -86,7 +86,6 @@ class DatasetServiceRBACTest : CsmTestBase() {
   val CONNECTED_ADMIN_USER = "test.admin@cosmotech.com"
   val CONNECTED_DEFAULT_USER = "test.user@cosmotech.com"
   val CUSTOMER_SOURCE_FILE_NAME = "customers.csv"
-  val defaultGroup = listOf("myTestGroup")
 
   private val logger = LoggerFactory.getLogger(DatasetServiceIntegrationTest::class.java)
 
@@ -112,7 +111,7 @@ class DatasetServiceRBACTest : CsmTestBase() {
   fun setUp() {
     mockkStatic("com.cosmotech.common.utils.SecurityUtilsKt")
     every { getCurrentAccountIdentifier(any()) } returns CONNECTED_ADMIN_USER
-    every { getCurrentAccountGroups(any()) } returns defaultGroup
+    every { getCurrentAccountGroups(any()) } returns listOf("myTestGroup")
     every { getCurrentAuthenticatedUserName(csmPlatformProperties) } returns "test.user"
     every { getCurrentAuthenticatedRoles(any()) } returns listOf("user")
 

organization/src/integrationTest/kotlin/com/cosmotech/organization/service/OrganizationServiceRBACTest.kt

@@ -55,7 +55,6 @@ import org.springframework.test.context.junit4.SpringRunner
 class OrganizationServiceRBACTest : CsmTestBase() {
   val CONNECTED_ADMIN_USER = "test.admin@cosmotech.com"
   val TEST_USER_MAIL = "testuser@mail.fr"
-  val defaultGroup = listOf("myTestGroup")
 
   // NEEDED: recreate indexes in redis
   @Autowired lateinit var rediSearchIndexer: RediSearchIndexer
@@ -71,7 +70,7 @@ class OrganizationServiceRBACTest : CsmTestBase() {
   fun setUp() {
     mockkStatic("com.cosmotech.common.utils.SecurityUtilsKt")
     every { getCurrentAccountIdentifier(any()) } returns TEST_USER_MAIL
-    every { getCurrentAccountGroups(any()) } returns defaultGroup
+    every { getCurrentAccountGroups(any()) } returns listOf("myTestGroup")
     every { getCurrentAuthenticatedUserName(csmPlatformProperties) } returns "my.account-tester"
     every { getCurrentAuthenticatedRoles(any()) } returns listOf()
     rediSearchIndexer.createIndexFor(Organization::class.java)

organization/src/test/kotlin/com/cosmotech/organization/service/OrganizationServiceImplTests.kt

@@ -51,8 +51,6 @@ const val USER_ID = "bob@mycompany.com"
 @ExtendWith(MockKExtension::class)
 class OrganizationServiceImplTests {
 
-  val defaultGroup = listOf("myTestGroup")
-
   @Suppress("unused") @MockK private var eventPublisher: CsmEventPublisher = mockk(relaxed = true)
 
   @Suppress("unused")
@@ -70,7 +68,7 @@ class OrganizationServiceImplTests {
 
     mockkStatic("com.cosmotech.common.utils.SecurityUtilsKt")
     every { getCurrentAccountIdentifier(any()) } returns USER_ID
-    every { getCurrentAccountGroups(any()) } returns defaultGroup
+    every { getCurrentAccountGroups(any()) } returns listOf("myTestGroup")
     every { getCurrentAuthenticatedUserName(csmPlatformProperties) } returns "my.account-tester"
     every { getCurrentAuthenticatedRoles(any()) } returns listOf()
 

run/src/integrationTest/kotlin/com/cosmotech/run/service/RunServiceIntegrationTest.kt

@@ -82,7 +82,6 @@ class RunServiceIntegrationTest : CsmTestBase() {
 
   val CONNECTED_ADMIN_USER = "test.admin@cosmotech.com"
   val CONNECTED_READER_USER = "test.user@cosmotech.com"
-  val defaultGroup = listOf("myTestGroup")
   private val logger = LoggerFactory.getLogger(RunServiceIntegrationTest::class.java)
 
   @MockK(relaxed = true) private lateinit var containerFactory: RunContainerFactory
@@ -115,7 +114,7 @@ class RunServiceIntegrationTest : CsmTestBase() {
   fun setUp() {
     mockkStatic("com.cosmotech.common.utils.SecurityUtilsKt")
     every { getCurrentAccountIdentifier(any()) } returns CONNECTED_ADMIN_USER
-    every { getCurrentAccountGroups(any()) } returns defaultGroup
+    every { getCurrentAccountGroups(any()) } returns listOf("myTestGroup")
     every { getCurrentAuthenticatedUserName(csmPlatformProperties) } returns "test.user"
     every { getCurrentAuthenticatedRoles(any()) } returns listOf("user")
 

runner/src/integrationTest/kotlin/com/cosmotech/runner/service/RunnerServiceIntegrationTest.kt

@@ -92,7 +92,6 @@ class RunnerServiceIntegrationTest : CsmTestBase() {
   val TEST_USER_MAIL = "fake@mail.fr"
   val CUSTOMERS_FILE_NAME = "customers.csv"
   val CUSTOMERS_5_LINES_FILE_NAME = "customers_5_lines.csv"
-  val defaultGroup = listOf("myTestGroup")
 
   private val logger = LoggerFactory.getLogger(RunnerServiceIntegrationTest::class.java)
   private val defaultName = "my.account-tester@cosmotech.com"
@@ -144,7 +143,7 @@ class RunnerServiceIntegrationTest : CsmTestBase() {
     every { containerRegistryService.getImageLabel(any(), any(), any()) } returns null
     mockkStatic("com.cosmotech.common.utils.SecurityUtilsKt")
     every { getCurrentAccountIdentifier(any()) } returns CONNECTED_ADMIN_USER
-    every { getCurrentAccountGroups(any()) } returns defaultGroup
+    every { getCurrentAccountGroups(any()) } returns listOf("myTestGroup")
     every { getCurrentAuthenticatedUserName(csmPlatformProperties) } returns "test.user"
     every { getCurrentAuthenticatedRoles(any()) } returns listOf(ROLE_ORGANIZATION_USER)
 

runner/src/integrationTest/kotlin/com/cosmotech/runner/service/RunnerServiceRBACTest.kt

@@ -83,7 +83,6 @@ class RunnerServiceRBACTest : CsmTestBase() {
 
   val CONNECTED_ADMIN_USER = "test.admin@cosmotech.com"
   val TEST_USER_MAIL = "testuser@mail.fr"
-  val defaultGroup = listOf("myTestGroup")
 
   @Autowired lateinit var rediSearchIndexer: RediSearchIndexer
   @Autowired lateinit var organizationApiService: OrganizationApiServiceInterface
@@ -99,7 +98,7 @@ class RunnerServiceRBACTest : CsmTestBase() {
   fun setUp() {
     mockkStatic("com.cosmotech.common.utils.SecurityUtilsKt")
     every { getCurrentAccountIdentifier(any()) } returns CONNECTED_ADMIN_USER
-    every { getCurrentAccountGroups(any()) } returns defaultGroup
+    every { getCurrentAccountGroups(any()) } returns listOf("myTestGroup")
     every { getCurrentAuthenticatedUserName(csmPlatformProperties) } returns "test.user"
     every { getCurrentAuthenticatedRoles(any()) } returns listOf()