Fix code

due to rebase from develop branch

iam-login-service/pom.xml

@@ -274,13 +274,8 @@
     </dependency>
 
     <dependency>
-<<<<<<< HEAD
       <groupId>com.mysql</groupId>
       <artifactId>mysql-connector-j</artifactId>
-=======
-      <groupId>mysql</groupId>
-      <artifactId>mysql-connector-java</artifactId>
->>>>>>> af13c9c9 (Merging changes for updating Spring boot and Java version. Squashed commit of the following:)
       <scope>runtime</scope>
     </dependency>
 
@@ -438,70 +433,6 @@
         <directory>src/main/webapp</directory>
       </resource>
     </resources>
-<<<<<<< HEAD
-=======
-    <plugins>
-      <plugin>
-        <groupId>org.apache.maven.plugins</groupId>
-        <artifactId>maven-surefire-plugin</artifactId>
-        <configuration>
-          <!-- Jacoco prepare-agent builds some command-line params without -->
-          <!-- which jacoco will not instrument. Hence it is important to add -->
-          <!-- those command-line params here (${argLine} holds those params) -->
-          <argLine>${argLine} ${jvm.test.args}</argLine>
-          <runOrder>alphabetical</runOrder>
-          <useSystemClassLoader>false</useSystemClassLoader>
-        </configuration>
-      </plugin>
-      <plugin>
-        <groupId>org.jacoco</groupId>
-        <artifactId>jacoco-maven-plugin</artifactId>
-        <configuration>
-          <excludes>
-            <exclude>it/infn/mw/iam/api/registration/cern/mock/*.class</exclude>
-            <exclude>it/infn/mw/iam/api/registration/cern/dto/*.class</exclude>
-          </excludes>
-        </configuration>
-        <executions>
-          <execution>
-            <id>agent</id>
-            <goals>
-              <goal>prepare-agent</goal>
-            </goals>
-            <configuration>
-              <tasks>
-                <echo>Project Base Path (WEB):: ${project.basedir}</echo>
-                <echo>Jacoco exec target path (WEB)::
-                  ${sonar.jacoco.reportPath}</echo>
-              </tasks>
-            </configuration>
-          </execution>
-
-          <execution>
-            <id>report-aggregate</id>
-            <goals>
-              <goal>report-aggregate</goal>
-            </goals>
-          </execution>
-        </executions>
-      </plugin>
-      <plugin>
-        <groupId>org.springframework.boot</groupId>
-        <artifactId>spring-boot-maven-plugin</artifactId>
-        <configuration>
-          <mainClass>it.infn.mw.iam.IamLoginService</mainClass>
-        </configuration>
-        <executions>
-          <execution>
-            <goals>
-              <goal>build-info</goal>
-            </goals>
-          </execution>
-        </executions>
-      </plugin>
-    </plugins>
-
->>>>>>> af13c9c9 (Merging changes for updating Spring boot and Java version. Squashed commit of the following:)
     <pluginManagement>
       <plugins>
         <plugin>

iam-login-service/src/main/java/it/infn/mw/iam/api/account/multi_factor_authentication/authenticator_app/AuthenticatorAppSettingsController.java

@@ -19,7 +19,6 @@
 
 import javax.validation.Valid;
 
-import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.MediaType;
 import org.springframework.security.access.prepost.PreAuthorize;
@@ -71,7 +70,6 @@ public class AuthenticatorAppSettingsController {
   private final QrGenerator qrGenerator;
   private final IamTotpMfaProperties iamTotpMfaProperties;
 
-  @Autowired
   public AuthenticatorAppSettingsController(IamTotpMfaService service,
       IamAccountRepository accountRepository, QrGenerator qrGenerator,
       IamTotpMfaProperties iamTotpMfaProperties) {

iam-login-service/src/main/java/it/infn/mw/iam/api/requests/model/CertificateDTO.java

@@ -22,6 +22,4 @@ public interface CertificateDTO {
     String getSubjectDn();
 
     String getIssuerDn();
-
-    void migrate(JdbcTemplate jdbcTemplate) throws DataAccessException;
 }

iam-login-service/src/main/java/it/infn/mw/iam/api/scim/model/ScimAttribute.java

@@ -0,0 +1,74 @@
+/**
+ * Copyright (c) Istituto Nazionale di Fisica Nucleare (INFN). 2016-2021
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package it.infn.mw.iam.api.scim.model;
+
+import javax.validation.constraints.NotBlank;
+
+import org.hibernate.validator.constraints.Length;
+
+import com.fasterxml.jackson.annotation.JsonCreator;
+import com.fasterxml.jackson.annotation.JsonProperty;
+
+public class ScimAttribute {
+
+  @NotBlank
+  @Length(max = 64)
+  private final String name;
+
+  @Length(max = 256)
+  private final String value;
+
+  @JsonCreator
+  private ScimAttribute(@JsonProperty("name") String name, @JsonProperty("value") String value) {
+    this.name = name;
+    this.value = value;
+  }
+
+  public String getName() {
+    return name;
+  }
+
+  public String getValue() {
+    return value;
+  }
+
+  private ScimAttribute(Builder builder) {
+    this(builder.name, builder.value);
+  }
+
+  public static Builder builder() {
+    return new Builder();
+  }
+
+  public static class Builder {
+    private String name;
+    private String value;
+
+    public Builder withName(String name) {
+      this.name = name;
+      return this;
+    }
+
+    public Builder withVaule(String value) {
+      this.value = value;
+      return this;
+    }
+
+    public ScimAttribute build() {
+      return new ScimAttribute(this);
+    }
+  }
+}

iam-login-service/src/main/java/it/infn/mw/iam/authn/CheckMultiFactorIsEnabledSuccessHandler.java

@@ -15,7 +15,6 @@
  */
 package it.infn.mw.iam.authn;
 
-import static it.infn.mw.iam.core.web.EnforceAupFilter.REQUESTING_SIGNATURE;
 import static it.infn.mw.iam.authn.multi_factor_authentication.MfaVerifyController.MFA_VERIFY_URL;
 
 import java.io.IOException;
@@ -33,10 +32,9 @@
 import org.springframework.security.web.savedrequest.HttpSessionRequestCache;
 
 import it.infn.mw.iam.api.account.AccountUtils;
-import it.infn.mw.iam.api.aup.AUPSignatureCheckService;
-import it.infn.mw.iam.persistence.repository.IamAccountRepository;
-
 import it.infn.mw.iam.authn.util.Authorities;
+import it.infn.mw.iam.persistence.repository.IamAccountRepository;
+import it.infn.mw.iam.service.aup.AUPSignatureCheckService;
 
 /**
  * Success handler for the normal login flow. This determines if MFA is enabled on an account and,

iam-login-service/src/main/java/it/infn/mw/iam/authn/multi_factor_authentication/MultiFactorVerificationSuccessHandler.java

@@ -33,7 +33,7 @@
 import org.springframework.security.web.savedrequest.HttpSessionRequestCache;
 
 import it.infn.mw.iam.api.account.AccountUtils;
-import it.infn.mw.iam.api.aup.AUPSignatureCheckService;
+import it.infn.mw.iam.service.aup.AUPSignatureCheckService;
 import it.infn.mw.iam.authn.EnforceAupSignatureSuccessHandler;
 import it.infn.mw.iam.authn.RootIsDashboardSuccessHandler;
 import it.infn.mw.iam.persistence.repository.IamAccountRepository;

iam-login-service/src/main/java/it/infn/mw/iam/authn/multi_factor_authentication/ResetOrSkipRecoveryCodesFilter.java

@@ -37,7 +37,7 @@
 
 import it.infn.mw.iam.api.account.AccountUtils;
 import it.infn.mw.iam.api.account.multi_factor_authentication.IamTotpRecoveryCodeResetService;
-import it.infn.mw.iam.api.aup.AUPSignatureCheckService;
+import it.infn.mw.iam.service.aup.AUPSignatureCheckService;
 import it.infn.mw.iam.api.common.error.NoAuthenticatedUserError;
 import it.infn.mw.iam.authn.EnforceAupSignatureSuccessHandler;
 import it.infn.mw.iam.authn.RootIsDashboardSuccessHandler;

iam-login-service/src/main/java/it/infn/mw/iam/authn/multi_factor_authentication/ViewRecoveryCodesFilter.java

@@ -35,7 +35,7 @@
 import org.springframework.web.filter.GenericFilterBean;
 
 import it.infn.mw.iam.api.account.AccountUtils;
-import it.infn.mw.iam.api.aup.AUPSignatureCheckService;
+import it.infn.mw.iam.service.aup.AUPSignatureCheckService;
 import it.infn.mw.iam.authn.EnforceAupSignatureSuccessHandler;
 import it.infn.mw.iam.authn.RootIsDashboardSuccessHandler;
 import it.infn.mw.iam.persistence.repository.IamAccountRepository;

iam-login-service/src/main/java/it/infn/mw/iam/config/IamProperties.java

@@ -642,11 +642,6 @@ public void setEnrollment(String enrollment) {
 
   private ClientProperties client = new ClientProperties();
 
-  private ExternalConnectivityProbeProperties externalConnectivityProbe =
-      new ExternalConnectivityProbeProperties();
-
-  private AccountLinkingProperties accountLinking = new AccountLinkingProperties();
-
   public String getBaseUrl() {
     return baseUrl;
   }

iam-login-service/src/main/java/it/infn/mw/iam/config/IamTotpMfaConfig.java

@@ -42,7 +42,7 @@
 import it.infn.mw.iam.api.account.AccountUtils;
 import it.infn.mw.iam.api.account.multi_factor_authentication.IamTotpMfaService;
 import it.infn.mw.iam.api.account.multi_factor_authentication.IamTotpRecoveryCodeResetService;
-import it.infn.mw.iam.api.aup.AUPSignatureCheckService;
+import it.infn.mw.iam.service.aup.AUPSignatureCheckService;
 import it.infn.mw.iam.authn.multi_factor_authentication.MultiFactorRecoveryCodeCheckProvider;
 import it.infn.mw.iam.authn.multi_factor_authentication.MultiFactorTotpCheckProvider;
 import it.infn.mw.iam.authn.multi_factor_authentication.MultiFactorVerificationFilter;

iam-login-service/src/main/java/it/infn/mw/iam/config/security/IamWebSecurityConfig.java

@@ -17,9 +17,9 @@
 
 import static it.infn.mw.iam.authn.ExternalAuthenticationHandlerSupport.EXT_AUTHN_UNREGISTERED_USER_AUTH;
 import static it.infn.mw.iam.authn.ExternalAuthenticationRegistrationInfo.ExternalAuthenticationType.OIDC;
+import static it.infn.mw.iam.authn.multi_factor_authentication.MfaVerifyController.MFA_VERIFY_URL;
 import static it.infn.mw.iam.authn.multi_factor_authentication.authenticator_app.RecoveryCodeManagementController.RECOVERY_CODE_RESET_URL;
 import static it.infn.mw.iam.authn.multi_factor_authentication.authenticator_app.RecoveryCodeManagementController.RECOVERY_CODE_VIEW_URL;
-import static it.infn.mw.iam.authn.multi_factor_authentication.MfaVerifyController.MFA_VERIFY_URL;
 
 import javax.servlet.RequestDispatcher;
 
@@ -54,10 +54,9 @@
 import org.springframework.web.filter.GenericFilterBean;
 
 import it.infn.mw.iam.api.account.AccountUtils;
-import it.infn.mw.iam.authn.EnforceAupSignatureSuccessHandler;
+import it.infn.mw.iam.authn.CheckMultiFactorIsEnabledSuccessHandler;
 import it.infn.mw.iam.authn.ExternalAuthenticationHintService;
 import it.infn.mw.iam.authn.HintAwareAuthenticationEntryPoint;
-import it.infn.mw.iam.authn.CheckMultiFactorIsEnabledSuccessHandler;
 import it.infn.mw.iam.authn.multi_factor_authentication.ExtendedAuthenticationFilter;
 import it.infn.mw.iam.authn.multi_factor_authentication.ExtendedHttpServletRequestFilter;
 import it.infn.mw.iam.authn.multi_factor_authentication.MultiFactorVerificationFilter;
@@ -72,6 +71,7 @@
 import it.infn.mw.iam.config.IamProperties;
 import it.infn.mw.iam.core.IamLocalAuthenticationProvider;
 import it.infn.mw.iam.persistence.repository.IamAccountRepository;
+import it.infn.mw.iam.persistence.repository.IamTotpMfaRepository;
 import it.infn.mw.iam.service.aup.AUPSignatureCheckService;
 
 @SuppressWarnings("deprecation")
@@ -113,6 +113,9 @@ public static class UserLoginConfig extends WebSecurityConfigurerAdapter {
 
     @Autowired
     private IamAccountRepository accountRepo;
+
+    @Autowired
+    private IamTotpMfaRepository totpMfaRepository;
 
     @Autowired
     private AUPSignatureCheckService aupSignatureCheckService;
@@ -129,7 +132,7 @@ public static class UserLoginConfig extends WebSecurityConfigurerAdapter {
     @Autowired
     public void configureGlobal(final AuthenticationManagerBuilder auth) throws Exception {
       // @formatter:off
-      auth.authenticationProvider(new IamLocalAuthenticationProvider(iamProperties, iamUserDetailsService, passwordEncoder, accountRepo));
+      auth.authenticationProvider(new IamLocalAuthenticationProvider(iamProperties, iamUserDetailsService, passwordEncoder, accountRepo, totpMfaRepository));
       // @formatter:on
     }
 

iam-login-service/src/main/java/it/infn/mw/iam/core/oauth/profile/aarc/AarcClaimValueHelper.java

@@ -21,6 +21,9 @@
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.stereotype.Component;
 
+import com.google.common.base.Strings;
+import com.google.common.collect.Sets;
+
 import it.infn.mw.iam.persistence.model.IamGroup;
 import it.infn.mw.iam.persistence.model.IamUserInfo;