Merge pull request #2 from Staffbase/delete-call-interface

Support sso delete calls

Author: staust

README.md

@@ -44,7 +44,13 @@ You can try to create a token from the received jwt.
  	try {
 		final SSOFacade ssoFac = SSOFacade.create(rsaPublicKey);
 		final SSOData ssoData = ssoFac.verify(jwToken);
-
+		
+		// If the plugin instance was deleted in Staffbase
+		if(ssoData.isDeleteInstanceCall()){
+		    this.handleSsoDeletionCall();
+		    return;
+		}
+		
 		request.setAttribute("instanceID", ssoData.getInstanceID());
 
 		return this.forward("/index.jsp");

pom.xml

@@ -182,6 +182,14 @@
                     <autoReleaseAfterClose>true</autoReleaseAfterClose>
                 </configuration>
             </plugin>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-compiler-plugin</artifactId>
+                <configuration>
+                    <source>8</source>
+                    <target>8</target>
+                </configuration>
+            </plugin>
         </plugins>
     </build>
     <profiles>

src/main/java/com/staffbase/plugins/sdk/sso/SSOData.java

@@ -37,6 +37,11 @@ public class SSOData {
    */
   public static final String ROLE_EDITOR = "editor";
 
+  /**
+   * The user id/subject to identify if the SSO call is an instance deletion call.
+   */
+  public static final String REMOTE_CALL_DELETE = "delete";
+
   /**
    * The key in the JWT claims for fetching the requested plugin instance's
    * unique id.
@@ -410,6 +415,18 @@ public boolean isEditor() {
     return ROLE_EDITOR.equals(this.userRole);
   }
 
+  /**
+   * Check if the SSO call is an instance deletion call.
+   *
+   * If an editor deletes a plugin instance in Staffbase,
+   * this will be true.
+   *
+   * @return <code>true</code> if the SSO call is an instance deletion call
+   */
+  public boolean isDeleteInstanceCall() {
+    return REMOTE_CALL_DELETE.equals(this.userID);
+  }
+
   /**
    * Get the tags of the user in regards of the requested {@link #instanceID}.
    * If the requesting user does have admin permissions, this value is set to

src/main/java/com/staffbase/plugins/sdk/sso/SSOFacade.java

@@ -67,7 +67,6 @@ public static SSOFacade create(final RSAPublicKey rsaPublicKey) {
    */
   private JwtConsumer jwtConsumer;
 
-
   /**********************************************
    * Constructors
    **********************************************/
@@ -88,7 +87,6 @@ public static SSOFacade create(final RSAPublicKey rsaPublicKey) {
    * pre-configured secret
    *
    * @param rsaPublicKey the RSA public key to be used for verification.
-   *
    * @return Fluent interface.
    */
   SSOFacade initialize(final RSAPublicKey rsaPublicKey) {
@@ -111,11 +109,9 @@ SSOFacade initialize(final RSAPublicKey rsaPublicKey) {
       .setRequireNotBefore()
       .setRequireIssuedAt() 
       .build();
-
     return this;
   }
 
-
   /**********************************************
    * Methods
    **********************************************/
@@ -152,7 +148,7 @@ public SSOData verify(final String raw) throws SSOException {
               + "[instance_id=" + instanceId + "]");
         }
 
-        throw new SSOException("Missing or malformed instnance_id.");
+        throw new SSOException("Missing or malformed instance_id.");
       }
 
       if (logger.isDebugEnabled()) {

src/test/java/com/staffbase/plugins/sdk/sso/SSODataTest.java

@@ -11,6 +11,7 @@
 
 package com.staffbase.plugins.sdk.sso;
 
+import static org.junit.Assert.assertTrue;
 import static org.junit.Assert.fail;
 import static org.junit.Assert.assertEquals;
 import static org.mockito.Mockito.mock;
@@ -28,6 +29,7 @@
 public class SSODataTest {
 
   private static final String ROLE_EDITOR = "editor";
+  private static final String REMOTE_CALL_DELETE = "delete";
 
   public static final String DATA_INSTANCE_ID = "55c79b6ee4b06c6fb19bd1e2";
   public static final String DATA_USER_ID = "541954c3e4b08bbdce1a340a";
@@ -104,4 +106,20 @@ public void createWithJwtClaims() throws MalformedClaimException {
 
     assertEquals(Locale.US, ssoData.getUserLocale().get());
   }
+
+  /**
+   * Test deletion claim accessor.
+   * @throws MalformedClaimException
+   */
+  @Test
+  public void testWithDeleteJWTClaims() throws MalformedClaimException {
+
+    final JwtClaims claims = mock(JwtClaims.class);
+
+    when(claims.getClaimValue(SSOData.KEY_INSTANCE_ID, String.class)).thenReturn(DATA_INSTANCE_ID);
+    when(claims.getClaimValue(SSOData.KEY_USER_ID, String.class)).thenReturn(REMOTE_CALL_DELETE);
+
+    final SSOData ssoData = new SSOData(claims);
+    assertTrue(ssoData.isDeleteInstanceCall());
+  }
 }