[NAE-2273] Implement User Impersonation

application-engine/src/main/groovy/com/netgrif/application/engine/migration/ActionMigration.groovy

@@ -1,12 +1,11 @@
 package com.netgrif.application.engine.migration
 
 import com.netgrif.application.engine.auth.service.UserService
-import com.netgrif.application.engine.objects.auth.domain.ActorTransformer
 import com.netgrif.application.engine.objects.petrinet.domain.PetriNet
 import com.netgrif.application.engine.objects.petrinet.domain.VersionType
 import com.netgrif.application.engine.petrinet.params.ImportPetriNetParams
-import com.netgrif.application.engine.petrinet.service.interfaces.IPetriNetService
 import com.netgrif.application.engine.objects.workflow.domain.eventoutcomes.petrinetoutcomes.ImportPetriNetEventOutcome
+import com.netgrif.application.engine.petrinet.service.interfaces.IPetriNetService
 import groovy.util.logging.Slf4j
 import org.springframework.beans.factory.annotation.Autowired
 import org.springframework.core.io.ClassPathResource
@@ -30,7 +29,7 @@ class ActionMigration {
             ImportPetriNetEventOutcome newPetriNet = petriNetService.importPetriNet(ImportPetriNetParams.with()
                     .xmlFile(netStream)
                     .releaseType(VersionType.MAJOR)
-                    .author(ActorTransformer.toLoggedUser(userService.getLoggedOrSystem()))
+                    .author(userService.getLoggedOrSystem())
                     .build())
             List<PetriNet> oldPetriNets
 
@@ -44,7 +43,7 @@ class ActionMigration {
                         .collect(Collectors.toList())
             }
 
-            if (oldPetriNets.size() == 0){
+            if (oldPetriNets.size() == 0) {
                 String message = "Older version of Petri net with ID [" + newPetriNet.getNet().importId + "] is not present in MongoDB."
                 log.error(message)
                 throw new IllegalArgumentException(message)

application-engine/src/main/java/com/netgrif/application/engine/actions/ActionApiImpl.java

@@ -127,7 +127,7 @@ public CreateCaseEventOutcome createCaseByIdentifier(String identifier, String t
                 .processIdentifier(identifier)
                 .title(title)
                 .color(color)
-                .author(resolveAbstractUser(authPrincipalDto))
+                .author(ActorTransformer.toLoggedUser(resolveAbstractUser(authPrincipalDto)))
                 .locale(locale)
                 .params(params)
                 .build());
@@ -158,7 +158,7 @@ public Page<Task> searchTasks(List<String> elasticStringQueries, AuthPrincipalDt
     @Override
     public AssignTaskEventOutcome assignTask(String taskId, AuthPrincipalDto authPrincipalDto, Map<String, String> params) throws TransitionNotExecutableException {
         Task task = taskService.findOne(taskId);
-        AbstractUser user = resolveAbstractUser(authPrincipalDto);
+        LoggedUser user = ActorTransformer.toLoggedUser(resolveAbstractUser(authPrincipalDto));
         return taskService.assignTask(TaskParams.with()
                 .task(task)
                 .user(user)
@@ -169,7 +169,7 @@ public AssignTaskEventOutcome assignTask(String taskId, AuthPrincipalDto authPri
     @Override
     public CancelTaskEventOutcome cancelTask(String taskId, AuthPrincipalDto authPrincipalDto, Map<String, String> params) {
         Task task = taskService.findOne(taskId);
-        AbstractUser user = resolveAbstractUser(authPrincipalDto);
+        LoggedUser user = ActorTransformer.toLoggedUser(resolveAbstractUser(authPrincipalDto));
         return taskService.cancelTask(TaskParams.with()
                 .task(task)
                 .user(user)
@@ -180,7 +180,7 @@ public CancelTaskEventOutcome cancelTask(String taskId, AuthPrincipalDto authPri
     @Override
     public FinishTaskEventOutcome finishTask(String taskId, AuthPrincipalDto authPrincipalDto, Map<String, String> params) throws TransitionNotExecutableException {
         Task task = taskService.findOne(taskId);
-        AbstractUser user = resolveAbstractUser(authPrincipalDto);
+        LoggedUser user = ActorTransformer.toLoggedUser(resolveAbstractUser(authPrincipalDto));
         return taskService.finishTask(TaskParams.with()
                 .task(task)
                 .user(user)

application-engine/src/main/java/com/netgrif/application/engine/auth/service/AuthorizationService.java

@@ -13,8 +13,6 @@ public class AuthorizationService implements IAuthorizationService {
 
     @Override
     public boolean hasAuthority(String authority) {
-        // TODO: impersonation
-//        LoggedUser loggedUser = userService.getLoggedUserFromContext().getSelfOrImpersonated();
         LoggedUser loggedUser = userService.getLoggedUserFromContext();
         return loggedUser.getAuthoritySet().stream().anyMatch(it -> it.getAuthority().equals(authority));
     }

application-engine/src/main/java/com/netgrif/application/engine/auth/web/AuthenticationController.java

@@ -1,19 +1,20 @@
 package com.netgrif.application.engine.auth.web;
 
-import com.netgrif.application.engine.objects.auth.domain.AbstractUser;
-import com.netgrif.application.engine.configuration.properties.SecurityConfigurationProperties;
-import com.netgrif.application.engine.workflow.web.responsebodies.MessageResource;
-import com.netgrif.application.engine.objects.auth.domain.LoggedUser;
 import com.netgrif.application.engine.auth.service.InvalidUserTokenException;
-import com.netgrif.application.engine.auth.service.interfaces.IRegistrationService;
+import com.netgrif.application.engine.auth.service.UserFactory;
 import com.netgrif.application.engine.auth.service.UserService;
+import com.netgrif.application.engine.auth.service.interfaces.IRegistrationService;
 import com.netgrif.application.engine.auth.web.requestbodies.ChangePasswordRequest;
 import com.netgrif.application.engine.auth.web.requestbodies.NewUserRequest;
 import com.netgrif.application.engine.auth.web.requestbodies.RegistrationRequest;
-import com.netgrif.application.engine.auth.service.UserFactory;
+import com.netgrif.application.engine.auth.web.responsebodies.User;
+import com.netgrif.application.engine.configuration.properties.SecurityConfigurationProperties;
 import com.netgrif.application.engine.mail.interfaces.IMailAttemptService;
 import com.netgrif.application.engine.mail.interfaces.IMailService;
+import com.netgrif.application.engine.objects.auth.domain.AbstractUser;
+import com.netgrif.application.engine.objects.auth.domain.LoggedUser;
 import com.netgrif.application.engine.security.service.ISecurityContextService;
+import com.netgrif.application.engine.workflow.web.responsebodies.MessageResource;
 import freemarker.template.TemplateException;
 import io.swagger.v3.oas.annotations.Operation;
 import io.swagger.v3.oas.annotations.security.SecurityRequirement;
@@ -33,7 +34,9 @@
 import java.io.IOException;
 import java.net.URLDecoder;
 import java.nio.charset.StandardCharsets;
-import java.util.*;
+import java.util.Base64;
+import java.util.Locale;
+import java.util.Optional;
 
 @Slf4j
 @RestController
@@ -91,8 +94,6 @@ public MessageResource signup(@RequestBody RegistrationRequest regRequest) {
     @PostMapping(value = "/invite", consumes = MediaType.APPLICATION_JSON_VALUE, produces = MediaTypes.HAL_JSON_VALUE)
     public MessageResource invite(@RequestBody NewUserRequest newUserRequest, Authentication auth) {
         try {
-            // TODO: impersonation
-//            if (!serverAuthProperties.isOpenRegistration() && (auth == null || !((LoggedUser) auth.getPrincipal()).getSelfOrImpersonated().isAdmin())) {
             if (!serverAuthProperties.isOpenRegistration() && (auth == null || !((LoggedUser) auth.getPrincipal()).isAdmin())) {
                 return MessageResource.errorMessage("Only admin can invite new users!");
             }
@@ -148,7 +149,11 @@ public ResponseEntity<?> login(Authentication auth, Locale locale) {
             return ResponseEntity.status(HttpStatus.UNAUTHORIZED).build();
         }
         LoggedUser loggedUser = (LoggedUser) authentication.getPrincipal();
-        return ResponseEntity.ok(userResponseFactory.getUser(userService.findById(loggedUser.getStringId(), null), locale));
+        User userResponse = userResponseFactory.getUser(userService.findById(loggedUser.getStringId(), null), locale);
+        if (loggedUser.isImpersonating()) {
+            userResponse.setImpersonated(userResponseFactory.getUser(loggedUser.getImpersonatedUser(), locale));
+        }
+        return ResponseEntity.ok(userResponse);
     }
 
     @Operation(summary = "Reset password")

application-engine/src/main/java/com/netgrif/application/engine/auth/web/UserController.java

@@ -124,8 +124,12 @@ public ResponseEntity<User> getLoggedUser(Authentication auth, Locale locale) {
             log.error("Could not find user with id [{}]", loggedUser.getId(), e);
             return ResponseEntity.status(HttpStatus.BAD_REQUEST).build();
         }
+        User userResponse = userFactory.getUser(user, locale);
+        if (loggedUser.isImpersonating()) {
+            userResponse.setImpersonated(userFactory.getUser(loggedUser.getImpersonatedUser(), locale));
+        }
 
-        return ResponseEntity.ok(userFactory.getUser(user, locale));
+        return ResponseEntity.ok(userResponse);
     }
 
     @ApiResponses(value = {
@@ -155,9 +159,7 @@ public ResponseEntity<Page<User>> search(@RequestBody UserSearchRequestBody quer
     @GetMapping(value = "/{realmId}/{id}", produces = MediaType.APPLICATION_JSON_VALUE)
     public ResponseEntity<User> getUser(@PathVariable("realmId") String realmId, @PathVariable("id") String userId, Locale locale) {
         LoggedUser actualUser = userService.getLoggedUserFromContext();
-        // TODO: impersonation
-//        LoggedUser loggedUser = actualUser.getSelfOrImpersonated();
-        LoggedUser loggedUser = actualUser;
+        LoggedUser loggedUser = actualUser.getSelfOrImpersonated();
         if (!loggedUser.isAdmin() && !Objects.equals(loggedUser.getId(), userId)) {
             log.info("User [{}] trying to get another user with ID [{}]", actualUser.getUsername(), userId);
             return ResponseEntity.status(HttpStatus.UNAUTHORIZED).build();
@@ -229,7 +231,7 @@ public ResponseEntity<ResponseMessage> assignRolesToUser(@PathVariable("realmId"
         }
     }
 
-//
+    //
 //    @PreAuthorize("@authorizationService.hasAuthority('ADMIN')")
 //    @Operation(summary = "Assign negative roles to the user", description = "Caller must have the ADMIN role", security = {@SecurityRequirement(name = "X-Auth-Token")})
 //    @PutMapping(value = "/{realmId}/{id}/negativeRole", consumes = MediaType.APPLICATION_JSON_VALUE, produces = MediaType.APPLICATION_JSON_VALUE)

application-engine/src/main/java/com/netgrif/application/engine/configuration/NaeSecurityConfiguration.java

@@ -1,16 +1,16 @@
 package com.netgrif.application.engine.configuration;
 
-import com.netgrif.application.engine.configuration.properties.SecurityConfigurationProperties;
-import com.netgrif.application.engine.objects.auth.domain.Authority;
+import com.netgrif.application.engine.auth.repository.ImpersonatorRepository;
 import com.netgrif.application.engine.auth.service.AuthorityService;
 import com.netgrif.application.engine.auth.service.UserService;
+import com.netgrif.application.engine.configuration.properties.SecurityConfigurationProperties;
 import com.netgrif.application.engine.configuration.security.ImpersonationRequestFilter;
 import com.netgrif.application.engine.configuration.security.PublicAuthenticationFilter;
 import com.netgrif.application.engine.configuration.security.RestAuthenticationEntryPoint;
 import com.netgrif.application.engine.configuration.security.SecurityContextFilter;
 import com.netgrif.application.engine.configuration.security.filter.HostValidationRequestFilter;
 import com.netgrif.application.engine.configuration.security.jwt.IJwtService;
-import com.netgrif.application.engine.impersonation.service.interfaces.IImpersonationService;
+import com.netgrif.application.engine.objects.auth.domain.Authority;
 import com.netgrif.application.engine.security.service.ISecurityContextService;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.beans.factory.annotation.Autowired;
@@ -37,7 +37,6 @@
 import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
 import org.springframework.web.filter.ForwardedHeaderFilter;
 
-import java.util.HashSet;
 import java.util.List;
 
 import static org.springframework.http.HttpMethod.OPTIONS;
@@ -75,7 +74,7 @@ public class NaeSecurityConfiguration extends AbstractSecurityConfiguration {
     private ISecurityContextService securityContextService;
 
     @Autowired
-    protected IImpersonationService impersonationService;
+    protected ImpersonatorRepository impersonatorRepository;
 
     @Autowired
     private List<AuthenticationProvider> authenticationProviders;
@@ -195,6 +194,6 @@ private HostValidationRequestFilter hostValidationRequestFilter() {
     }
 
     private ImpersonationRequestFilter impersonationRequestFilter() {
-        return new ImpersonationRequestFilter(impersonationService);
+        return new ImpersonationRequestFilter(impersonatorRepository);
     }
 }

application-engine/src/main/java/com/netgrif/application/engine/configuration/SessionRegistryConfiguration.java

@@ -1,6 +1,6 @@
 package com.netgrif.application.engine.configuration;
 
-import com.netgrif.application.engine.configuration.properties.ImpersonationConfigurationProperties;
+import com.netgrif.application.engine.adapter.spring.configuration.ImpersonationConfigurationProperties;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;

application-engine/src/main/java/com/netgrif/application/engine/configuration/security/AuthenticationService.java

@@ -1,16 +1,13 @@
 package com.netgrif.application.engine.configuration.security;
 
 
+import com.netgrif.application.engine.auth.repository.ImpersonatorRepository;
 import com.netgrif.application.engine.configuration.properties.SecurityConfigurationProperties;
-import com.netgrif.application.engine.configuration.properties.ServerConfigurationProperties;
-import com.netgrif.application.engine.objects.auth.domain.LoggedUser;
 import com.netgrif.application.engine.configuration.security.interfaces.IAuthenticationService;
-import com.netgrif.application.engine.impersonation.service.interfaces.IImpersonationService;
+import com.netgrif.application.engine.objects.auth.domain.LoggedUser;
 import jakarta.servlet.http.HttpServletRequest;
 import lombok.Data;
 import lombok.extern.slf4j.Slf4j;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.beans.factory.annotation.Value;
 import org.springframework.context.ApplicationListener;
 import org.springframework.context.event.EventListener;
 import org.springframework.security.authentication.event.AuthenticationFailureBadCredentialsEvent;
@@ -32,13 +29,13 @@ public class AuthenticationService implements IAuthenticationService, Applicatio
 
     private ConcurrentMap<String, Attempt> cache;
 
-    private final IImpersonationService impersonationService;
+    private final ImpersonatorRepository impersonatorRepository;
     private final SecurityConfigurationProperties securityConfigurationProperties;
 
-    public AuthenticationService(IImpersonationService impersonationService,
+    public AuthenticationService(ImpersonatorRepository impersonatorRepository,
                                  SecurityConfigurationProperties securityConfigurationProperties) {
         super();
-        this.impersonationService = impersonationService;
+        this.impersonatorRepository = impersonatorRepository;
         this.securityConfigurationProperties = securityConfigurationProperties;
         cache = new ConcurrentHashMap<>();
     }
@@ -102,7 +99,7 @@ private void timeout(String key) {
     protected void resolveImpersonatorOnLogin(Object principal) {
         try {
             if (principal instanceof LoggedUser) {
-                impersonationService.removeImpersonator(((LoggedUser) principal).getStringId());
+                impersonatorRepository.deleteById(((LoggedUser) principal).getStringId());
             }
         } catch (Exception e) {
             log.warn("Failed to resolve impersonator " + principal, e);
@@ -111,10 +108,11 @@ protected void resolveImpersonatorOnLogin(Object principal) {
 
     protected void resolveImpersonatorOnLogout(Object principal) {
         try {
-            // TODO: impersonation
-//            if (principal instanceof LoggedUser && ((LoggedUser) principal).isImpersonating()) {
-//                impersonationService.onSessionDestroy((LoggedUser) principal);
-//            }
+            if (principal instanceof LoggedUser && ((LoggedUser) principal).isImpersonating()) {
+                impersonatorRepository.deleteById(((LoggedUser) principal).getStringId());
+                // TODO: event?
+//                publisher.publishEvent(new ImpersonationEvent(impersonator, impersonator.getImpersonated(), RunPhase.STOP));
+            }
         } catch (Exception e) {
             log.warn("Failed to resolve impersonator " + principal, e);
         }