Merge pull request #552 from ankitmashu/fix/provider_owner_check

ownerid and provider id check
datakaveri · Oct 4, 2024 · 962b27d · 962b27d
2 parents 9d93d7e + 4b7b333
commit 962b27d
Showing 1 changed file with 24 additions and 10 deletions.
diff --git a/src/main/java/iudx/resource/server/authenticator/JwtAuthenticationServiceImpl.java b/src/main/java/iudx/resource/server/authenticator/JwtAuthenticationServiceImpl.java
@@ -167,7 +167,7 @@ public AuthenticationService tokenInterospect(
         .compose(
             providerUserHandler -> {
               if (isIngestionEntitiesEndpoint(authenticationInfo)) {
-                return validateProviderUser(providerUserHandler, result.jwtData.getDid());
+                return validateProviderUser(providerUserHandler, result.jwtData);
               } else {
                 return Future.succeededFuture(true);
               }
@@ -465,8 +465,12 @@ Future<String> getProviderUserId(String id) {
                 response.forEach(
                     json -> {
                       JsonObject res = (JsonObject) json;
-                      String providerUserId = res.getString("providerUserId");
-                      LOGGER.info("providerUserId: " + providerUserId);
+                      String providerUserId = null;
+                      providerUserId = res.getString("providerUserId");
+                      if (providerUserId == null) {
+                        providerUserId = res.getString("ownerUserId");
+                        LOGGER.info(" owneruserid : " + providerUserId);
+                      }
                       promise.complete(providerUserId);
                     });
 
@@ -480,16 +484,26 @@ Future<String> getProviderUserId(String id) {
     return promise.future();
   }
 
-  Future<Boolean> validateProviderUser(String providerUserId, String did) {
+  Future<Boolean> validateProviderUser(String providerUserId, JwtData jwtData) {
     LOGGER.trace("validateProviderUser() started");
     Promise<Boolean> promise = Promise.promise();
     try {
-      if (did.equalsIgnoreCase(providerUserId)) {
-        LOGGER.info("success");
-        promise.complete(true);
-      } else {
-        LOGGER.error("fail");
-        promise.fail("incorrect providerUserId");
+      if (jwtData.getRole().equalsIgnoreCase("delegate")) {
+        if (jwtData.getDid().equalsIgnoreCase(providerUserId)) {
+          LOGGER.info("success");
+          promise.complete(true);
+        } else {
+          LOGGER.error("fail");
+          promise.fail("incorrect providerUserId");
+        }
+      } else if (jwtData.getRole().equalsIgnoreCase("provider")) {
+        if (jwtData.getSub().equalsIgnoreCase(providerUserId)) {
+          LOGGER.info("success");
+          promise.complete(true);
+        } else {
+          LOGGER.error("fail");
+          promise.fail("incorrect providerUserId");
+        }
       }
     } catch (Exception e) {
       LOGGER.error("exception occurred while validating provider user : " + e.getMessage());