SONAR-18805 improve validation of the SAML authentication when login or name is empty

diff --git a/server/sonar-auth-saml/src/main/java/org/sonar/auth/saml/SamlStatusChecker.java b/server/sonar-auth-saml/src/main/java/org/sonar/auth/saml/SamlStatusChecker.java
index 4ed1f7967dae33451e4a929b6a4b7e93e6d5ad93..ec96d2aaa0bee084366e202589a19e96e21bc0fe 100644 (file)
--- a/server/sonar-auth-saml/src/main/java/org/sonar/auth/saml/SamlStatusChecker.java
+++ b/server/sonar-auth-saml/src/main/java/org/sonar/auth/saml/SamlStatusChecker.java
@@ -113,7 +113,12 @@ public final class SamlStatusChecker {
       USER_NAME_ATTRIBUTE, samlSettings.getUserName(),
       USER_LOGIN_ATTRIBUTE, samlSettings.getUserLogin());
 
-    return generateMissingMappingMessages(mappings, auth);
+    List<String> mappingErrors = generateMissingMappingMessages(mappings, auth);
+    if (mappingErrors.isEmpty()) {
+      mappingErrors = generateEmptyMappingsMessages(mappings, auth);
+    }
+
+    return mappingErrors;
   }
 
   private static List<String> generateMissingMappingMessages(Map<String, String> mappings, Auth auth) {
@@ -124,4 +129,11 @@ public final class SamlStatusChecker {
       .toList();
   }
 
+  private static List<String> generateEmptyMappingsMessages(Map<String, String> mappings, Auth auth) {
+    return mappings.entrySet()
+      .stream()
+      .filter(entry -> (auth.getAttribute(entry.getValue()).size() == 1 && auth.getAttribute(entry.getValue()).contains("")))
+      .map(entry -> String.format("Mapping found for the property %s, but the field %s is empty in the SAML response.", entry.getKey(), entry.getValue()))
+      .toList();
+  }
 }

diff --git a/server/sonar-auth-saml/src/test/java/org/sonar/auth/saml/SamlStatusCheckerTest.java b/server/sonar-auth-saml/src/test/java/org/sonar/auth/saml/SamlStatusCheckerTest.java
index f7e23f3edd4e4ae77c74be3504338c7b8f636ae9..74c93afe70b7b9e1f2ce332e6f34be8ce4b18c0c 100644 (file)
--- a/server/sonar-auth-saml/src/test/java/org/sonar/auth/saml/SamlStatusCheckerTest.java
+++ b/server/sonar-auth-saml/src/test/java/org/sonar/auth/saml/SamlStatusCheckerTest.java
@@ -59,7 +59,7 @@ public class SamlStatusCheckerTest {
 
   @Before
   public void setUp() {
-    when(auth.getErrors()).thenReturn(new ArrayList<String>());
+    when(auth.getErrors()).thenReturn(new ArrayList<>());
     when(auth.getSettings()).thenReturn(new Saml2Settings());
     when(auth.getAttributes()).thenReturn(getResponseAttributes());
   }
@@ -158,6 +158,23 @@ public class SamlStatusCheckerTest {
       .contains(String.format("Mapping not found for the property %s, the field %s is not available in the SAML response.", USER_NAME_ATTRIBUTE, "wrongNameField")));
   }
 
+  @Test
+  public void authentication_has_errors_when_login_and_name_are_empty() {
+    setSettings();
+    when(auth.getAttributes()).thenReturn(getEmptyAttributes());
+    getEmptyAttributes().forEach((key, value) -> when(auth.getAttribute(key)).thenReturn(value));
+
+    samlAuthenticationStatus = getSamlAuthenticationStatus(auth, new SamlSettings(settings.asConfig()));
+
+    assertEquals("error", samlAuthenticationStatus.getStatus());
+    assertTrue(samlAuthenticationStatus.getWarnings().isEmpty());
+    assertEquals(2, samlAuthenticationStatus.getErrors().size());
+    assertTrue(samlAuthenticationStatus.getErrors()
+      .contains(String.format("Mapping found for the property %s, but the field %s is empty in the SAML response.", USER_LOGIN_ATTRIBUTE, "login")));
+    assertTrue(samlAuthenticationStatus.getErrors()
+      .contains(String.format("Mapping found for the property %s, but the field %s is empty in the SAML response.", USER_NAME_ATTRIBUTE, "name")));
+  }
+
   @Test
   public void authentication_has_no_warnings_when_optional_mappings_are_not_provided() {
     setSettings();