Skip to content

Refresh instead of reload page #78

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
phrocker merged 5 commits into from
Jul 7, 2025
Merged

Refresh instead of reload page #78

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
495dea2
Refresh instead of reload page
phrocker Jul 7, 2025
8244f06
Update api/src/main/resources/templates/sso/ztats/view_ztats.html
phrocker Jul 7, 2025
da1446d
Update api/src/main/resources/templates/sso/ztats/view_ztats.html
phrocker Jul 7, 2025
43e457b
Fix issue with ztats not reloading
phrocker Jul 7, 2025
798c6af
Fix issue with negative counts
phrocker Jul 7, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
139 changes: 123 additions & 16 deletions api/src/main/java/io/sentrius/sso/controllers/api/ZeroTrustATApiController.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -33,6 +33,7 @@
import io.sentrius.sso.core.services.security.KeycloakService;
import io.sentrius.sso.core.services.security.ZeroTrustAccessTokenService;
import io.sentrius.sso.core.services.security.ZtatTokenService;
import io.sentrius.sso.core.utils.AccessUtil;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import lombok.extern.slf4j.Slf4j;
Expand Down Expand Up @@ -273,28 +274,27 @@ public ResponseEntity<?> getRequest(HttpServletRequest request, HttpServletRespo

@GetMapping("/list/{type}")
@LimitAccess(ztatAccess = {ZeroTrustAccessTokenEnum.CAN_VIEW_ZTATS})
public ResponseEntity<?> listZtatRequests(@RequestHeader("Authorization") String token,
public ResponseEntity<?> listZtatRequests(@RequestHeader(name= "Authorization", required=false) String token,
@PathVariable("type") String type,
HttpServletRequest request, HttpServletResponse response) {
String compactJwt = token.startsWith("Bearer ") ? token.substring(7) : token;
var operatingUser = getOperatingUser(request, response );
if (null != token) {
String compactJwt = token.startsWith("Bearer ") ? token.substring(7) : token;


log.info("Received ZTAT request from agent: {}", compactJwt);
if (!keycloakService.validateJwt(compactJwt)) {
log.warn("Invalid Keycloak token");
return ResponseEntity.status(HttpStatus.SC_UNAUTHORIZED).body("Invalid Keycloak token");
}

// Extract agent identity from the JWT
var operatingUser = getOperatingUser(request, response );
log.info("Received ZTAT request from agent: {}", compactJwt);
if (!keycloakService.validateJwt(compactJwt)) {
log.warn("Invalid Keycloak token");
return ResponseEntity.status(HttpStatus.SC_UNAUTHORIZED).body("Invalid Keycloak token");
}
String agentId = keycloakService.extractAgentId(compactJwt);

// Extract agent identity from the JWT
String agentId = keycloakService.extractAgentId(compactJwt);
if (null == operatingUser) {
log.warn("No operating user found for agent: {}", agentId);
var username = keycloakService.extractUsername(compactJwt);
operatingUser = userService.getUserByUsername(username);

if (null == operatingUser) {
log.warn("No operating user found for agent: {}", agentId);
var username = keycloakService.extractUsername(compactJwt);
operatingUser = userService.getUserByUsername(username);
}

}
List<ZtatDTO> ztatTracker = new ArrayList<ZtatDTO>();
Expand Down Expand Up @@ -324,6 +324,88 @@ public ResponseEntity<?> listZtatRequests(@RequestHeader("Authorization") String
default:
log.warn("Invalid type: {}", type);
}
ztatTracker = decorateTats(ztatTracker, operatingUser);
return ResponseEntity.ok(ztatTracker);
}

@GetMapping("/list/{state}/{type}")
@LimitAccess(ztatAccess = {ZeroTrustAccessTokenEnum.CAN_VIEW_ZTATS})
public ResponseEntity<?> listTypedZtatRequests(@RequestHeader(name= "Authorization", required=false) String token,
@PathVariable("type") String type,
@PathVariable("state") String state,
HttpServletRequest request, HttpServletResponse response) {

var operatingUser = getOperatingUser(request, response );
if (null != token) {
String compactJwt = token.startsWith("Bearer ") ? token.substring(7) : token;


log.info("Received ZTAT request from agent: {}", compactJwt);
if (!keycloakService.validateJwt(compactJwt)) {
log.warn("Invalid Keycloak token");
return ResponseEntity.status(HttpStatus.SC_UNAUTHORIZED).body("Invalid Keycloak token");
}
String agentId = keycloakService.extractAgentId(compactJwt);

if (null == operatingUser) {
log.warn("No operating user found for agent: {}", agentId);
var username = keycloakService.extractUsername(compactJwt);
operatingUser = userService.getUserByUsername(username);

}

}
// Extract agent identity from the JWT


// Extract agent identity from the JWT

List<ZtatDTO> ztatTracker = new ArrayList<ZtatDTO>();
switch(type){
case "terminal":
if ("denied".equalsIgnoreCase(state)) {
ztatTracker = ztatService.getDeniedJITRequests(operatingUser);
} else if ("approved".equalsIgnoreCase(state)) {
ztatTracker = ztatService.getApprovedJITRequests(operatingUser);
} else {
ztatTracker = ztatService.getOpenJITRequests(operatingUser);
}
break;
case "ops":
if ("denied".equalsIgnoreCase(state)) {
ztatTracker = ztatService.getDeniedOpsJITRequests(operatingUser);
} else if ("approved".equalsIgnoreCase(state)) {
ztatTracker = ztatService.getApprovedOpsJITRequests(operatingUser);
} else {
ztatTracker = ztatService.getOpenOpsRequests(operatingUser);
}
break;
case "atat":
if ("denied".equalsIgnoreCase(state)) {
ztatTracker = ztatService.getDeniedOpsJITRequests(operatingUser);
} else if ("approved".equalsIgnoreCase(state)) {
ztatTracker = ztatService.getApprovedOpsJITRequests(operatingUser);
} else {
ztatTracker = ztatService.getOpenOpsRequests(operatingUser);
}
ztatTracker = ztatTracker.stream().filter(dto -> {
if (dto.getCommand().equals("register")) {
return false;
}
try {
if (userService.isNPE(dto.getUserName())){
return true;
}
} catch (Exception e) {
throw new RuntimeException(e);
}
return false;
}).toList();
break;
default:
log.warn("Invalid type: {}", type);
}
ztatTracker = decorateTats(ztatTracker, operatingUser);
return ResponseEntity.ok(ztatTracker);
}

Expand Down Expand Up @@ -364,4 +446,29 @@ public ResponseEntity<Boolean> verifyZtat(@RequestBody ZtatChallengeRequest requ
}
}

List<ZtatDTO> decorateTats(List<ZtatDTO> tats, User operatingUser){
boolean canApprove = AccessUtil.canAccess(operatingUser, ZeroTrustAccessTokenEnum.CAN_APPROVE_ZTATS);
boolean canDeny = AccessUtil.canAccess(operatingUser, ZeroTrustAccessTokenEnum.CAN_DENY_ZTATS);
if (canApprove || canDeny) {
for (var tat : tats) {

if (tat.getUserName().equals(operatingUser.getUsername())) {
tat.setCurrentUser(true);
if (systemOptions.getCanApproveOwnZtat()) {
if (tat.getUsesRemaining() > 0) {
tat.setCanApprove(canApprove);
}
tat.setCanDeny(canDeny);
}
}
else {
if (tat.getUsesRemaining() > 0) {
tat.setCanApprove(canApprove);
}
tat.setCanDeny(canDeny);
}
}
}
return tats;
}
}
Loading