Merge branch 'lifecycle' of github.com:indigo-iam/iam into lifecycle

* 'lifecycle' of github.com:indigo-iam/iam:
  Fix SONAR TOKEN inclusion
  Set sonar.host for GH actions sonar workflow
  Remove unused import
  First attempt at running sonar on GH actions
  Bump guava version to 29.0-jre
  Fix sonarlint warnings
  Fixes for Sonar warnings
  Allow hiding and disabling local authentication
  Fixed default urn namespace value for aarc profile
  Fixed code smell reported by Sonar

.github/workflows/maven.yml

@@ -1,6 +1,3 @@
-# This workflow will build a Java project with Maven
-# For more information see: https://help.github.com/actions/language-and-framework-guides/building-and-testing-java-with-maven
-
 name: build & packaging
 
 on: [push, pull_request] 

.github/workflows/sonar.yml

@@ -0,0 +1,40 @@
+name: Sonar analysis
+
+on: 
+
+  pull_request:
+    types: [opened, edited, reopened, synchronize]
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+
+    steps:
+    - name: Checkout
+      uses: actions/checkout@v2
+      with:
+        fetch-depth: 0
+    - name: Set up JDK 1.8
+      uses: actions/setup-java@v1
+      with:
+        java-version: 1.8
+    - name: Cache Maven packages
+      uses: actions/cache@v1
+      with:
+        path: ~/.m2
+        key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }}
+        restore-keys: ${{ runner.os }}-m2
+    - name: Sonar analysis
+      env:
+        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+      run: mvn -B -U install sonar:sonar 
+            -Dsonar.projectKey=indigo-iam_iam 
+            -Dsonar.organization=indigo-iam 
+            -Dsonar.login=$SONAR_TOKEN
+            -Dsonar.pullrequest.key=${{ github.event.number }}
+            -Dsonar.pullrequest.branch=${{ github.HEAD_REF }}
+            -Dsonar.pullrequest.base=${{ github.BASE_REF }}
+            -Dsonar.pullrequest.github.repository=${{ github.repository }}
+            -Dsonar.scm.provider=git
+            -Dsonar.host.url=https://sonarcloud.io

iam-login-service/pom.xml

@@ -353,9 +353,8 @@
         <artifactId>jacoco-maven-plugin</artifactId>
         <configuration>
           <excludes>
-            <exclude>it/infn/mw/iam/github/**/*.class</exclude>
-            <exclude>it/infn/mw/iam/config/github/**/*.class</exclude>
             <exclude>it/infn/mw/iam/api/registration/cern/mock/*.class</exclude>
+            <exclude>it/infn/mw/iam/api/registration/cern/dto/*.class</exclude>
           </excludes>
         </configuration>
         <executions>

iam-login-service/src/main/java/it/infn/mw/iam/api/account/lifecycle/AccountLifecycleDTO.java

@@ -20,9 +20,6 @@
 public class AccountLifecycleDTO {
 
   private Date endTime;
-
-  public AccountLifecycleDTO() {
-  }
 
   public Date getEndTime() {
     return endTime;

iam-login-service/src/main/java/it/infn/mw/iam/api/account/password_reset/PasswordResetService.java

@@ -14,16 +14,13 @@
  * limitations under the License.
  */
 package it.infn.mw.iam.api.account.password_reset;
-// Keep these includes, as the Javadoc refers to them...
-import it.infn.mw.iam.api.account.password_reset.error.BadUserPasswordError;
-import it.infn.mw.iam.api.account.password_reset.error.InvalidPasswordResetTokenError;
-import it.infn.mw.iam.api.account.password_reset.error.UserNotActiveOrNotVerified;
 
 /**
  * 
  * The IAM password reset service
  *
  */
+@SuppressWarnings("unused")
 public interface PasswordResetService {
 
 

iam-login-service/src/main/java/it/infn/mw/iam/api/registration/cern/DefaultCernHrDBApiService.java

@@ -80,7 +80,6 @@ public boolean hasValidExperimentParticipation(String personId) {
       return response.getBody();
     } catch (RestClientException e) {
       final String errorMsg = "HR db api error: " + e.getMessage();
-      LOG.warn(errorMsg, e);
       throw new CernHrDbApiError(errorMsg, e);
     } 
   }
@@ -101,7 +100,6 @@ public VOPersonDTO getHrDbPersonRecord(String personId) {
       return response.getBody();
     } catch (RestClientException e) {
       final String errorMsg = "HR db api error: " + e.getMessage();
-      LOG.warn(errorMsg, e);
       throw new CernHrDbApiError(errorMsg, e);
     }
   }

iam-login-service/src/main/java/it/infn/mw/iam/authn/util/JwtUtils.java

@@ -63,7 +63,6 @@ public static Map<String, String> getClaimsAsMap(JWT jwt) {
       } else {
         LOG.warn("Unsupported claim type '{}' for claim '{}'... skipping it",
             claimValue.getClass().getName(), claimName);
-        continue;
       }
     }
     return claimsMap;

iam-login-service/src/main/java/it/infn/mw/iam/authn/x509/PEMX509CertificateChainParser.java

@@ -23,17 +23,13 @@
 import java.nio.charset.StandardCharsets;
 import java.security.cert.X509Certificate;
 
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
 import org.springframework.stereotype.Component;
 
 import eu.emi.security.authn.x509.impl.CertificateUtils;
 import eu.emi.security.authn.x509.impl.CertificateUtils.Encoding;
 
 @Component
 public class PEMX509CertificateChainParser implements X509CertificateChainParser {
-
-  public static final Logger LOG = LoggerFactory.getLogger(PEMX509CertificateChainParser.class);
 
   public PEMX509CertificateChainParser() {
     configureSecProvider();
@@ -54,8 +50,6 @@ public X509CertificateChainParsingResult parseChainFromString(String pemString)
       final String errorMessage = String.format("Error parsing certificate chain: %s", 
           e.getMessage());
 
-      LOG.error(errorMessage, e);
-
       throw new CertificateParsingError(errorMessage, e);
     }
   }

iam-login-service/src/main/java/it/infn/mw/iam/config/IamProperties.java

@@ -30,13 +30,44 @@
 @Component
 @ConfigurationProperties(prefix = "iam")
 public class IamProperties {
-
+  
   public enum EditableFields {
     NAME,
     SURNAME,
     EMAIL,
     PICTURE
   }
+
+  public enum LocalAuthenticationAllowedUsers {
+    ALL,
+    VO_ADMINS,
+    NONE
+  }
+
+  public enum LocalAuthenticationLoginPageMode {
+    VISIBLE,
+    HIDDEN,
+    HIDDEN_WITH_LINK
+  }
+
+  public static class LocalAuthenticationProperties {
+
+    LocalAuthenticationLoginPageMode loginPageVisibility;
+    LocalAuthenticationAllowedUsers enabledFor;
+
+    public LocalAuthenticationLoginPageMode getLoginPageVisibility() {
+      return loginPageVisibility;
+    }
+    public void setLoginPageVisibility(LocalAuthenticationLoginPageMode loginPageVisibility) {
+      this.loginPageVisibility = loginPageVisibility;
+    }
+    public LocalAuthenticationAllowedUsers getEnabledFor() {
+      return enabledFor;
+    }
+    public void setEnabledFor(LocalAuthenticationAllowedUsers enabledFor) {
+      this.enabledFor = enabledFor;
+    }
+  }
 
   @JsonInclude(JsonInclude.Include.NON_EMPTY)
   public static class UserProfileProperties {
@@ -77,7 +108,7 @@ public void setExternalAuthAttribute(String externalAuthAttribute) {
   public static class RegistrationProperties {
 
     boolean requireExternalAuthentication = false;
-
+    
     ExternalAuthenticationType authenticationType;
 
     String oidcIssuer;
@@ -389,6 +420,8 @@ public void setUrnNamespace(String urnNamespace) {
   private UserProfileProperties userProfile = new UserProfileProperties();
 
   private AarcProfileProperties aarcProfile = new AarcProfileProperties();
+
+  private LocalAuthenticationProperties localAuthn = new LocalAuthenticationProperties();
 
   public String getBaseUrl() {
     return baseUrl;
@@ -549,4 +582,13 @@ public AarcProfileProperties getAarcProfile() {
   public void setAarcProfile(AarcProfileProperties aarcProfile) {
     this.aarcProfile = aarcProfile;
   }
+
+  public LocalAuthenticationProperties getLocalAuthn() {
+    return localAuthn;
+  }
+
+  public void setLocalAuthn(LocalAuthenticationProperties localAuthn) {
+    this.localAuthn = localAuthn;
+  }
+
 }

iam-login-service/src/main/java/it/infn/mw/iam/config/TaskConfig.java

@@ -43,7 +43,7 @@
 
 @Configuration
 @EnableScheduling
-@Profile("prod")
+@Profile({"prod", "dev"})
 public class TaskConfig implements SchedulingConfigurer {
 
   public static final Logger LOG = LoggerFactory.getLogger(TaskConfig.class);