fix: admin-ui plugin should send appropriate message on expiry/ for inactive license. #10178 #10189

duttarnab · 2024-11-19T11:01:20Z

…nactive license. #10178 Signed-off-by: Arnab Dutta <arnab.bdutta@gmail.com>

dryrunsecurity · 2024-11-19T11:04:34Z

DryRun Security Summary

The pull request primarily focuses on enhancing the license management functionality of the application, including the addition of a new property to the LicenseResponse class, the introduction of new error responses related to license management, and various improvements to the LicenseDetailsService class to handle API responses, error scenarios, and the secure storage of license-related data.

Expand for full summary

Summary:

The code changes in this pull request are primarily focused on enhancing the license management functionality of the application. The changes include the addition of a new property called "licenseExpired" in the LicenseResponse class, the introduction of new error responses related to license management, and various improvements to the LicenseDetailsService class.

From an application security perspective, these changes do not appear to introduce any significant security vulnerabilities. The new property and error responses are related to the handling of license-related information, which is a common requirement in software applications that use licensing mechanisms. The changes in the LicenseDetailsService class also focus on improving the handling of API responses, error scenarios, and the secure storage of license-related data.

While the changes are not directly related to security-critical functionality, it's important to ensure that the overall license management process is implemented securely. This includes securing the storage of sensitive license data, validating the integrity and authenticity of license-related information, and gracefully handling expired or invalid licenses to prevent unauthorized access or functionality.

Files Changed:

jans-config-api/plugins/admin-ui-plugin/src/main/java/io/jans/ca/plugin/adminui/model/auth/LicenseResponse.java:
- Added a new property called "licenseExpired" to the LicenseResponse class, which is a boolean flag indicating whether the license has expired or not.
jans-config-api/plugins/docs/jans-admin-ui-plugin-swagger.yaml:
- Updated the "LicenseResponse" schema to include the new "licenseExpired" property.
jans-config-api/plugins/admin-ui-plugin/src/main/java/io/jans/ca/plugin/adminui/utils/ErrorResponse.java:
- Added two new error responses: "LICENSE_IS_EXPIRED" and "LICENSE_DATA_MISSING", which are related to license management.
jans-config-api/plugins/admin-ui-plugin/src/main/java/io/jans/ca/plugin/adminui/service/license/LicenseDetailsService.java:
- Introduced a new method handleMissingFieldsInResponse() to check for missing fields in the license API response.
- Improved error handling and logging for various license-related operations.
- Added methods for saving the license configuration, generating access tokens, activating licenses, generating trial licenses, and retrieving license details.

Overall, the changes in this pull request appear to be focused on enhancing the license management functionality of the application, with a focus on improving error handling and ensuring the secure storage and handling of license-related data.

Code Analysis

We ran 9 analyzers against 4 files and 1 analyzer had findings. 8 analyzers had no findings.

Analyzer	Findings
Authn/Authz Analyzer	1 finding

Riskiness

🟢 Risk threshold not exceeded.

View PR in the DryRun Dashboard.

sonarqubecloud · 2024-11-19T11:12:34Z

Quality Gate passed for 'jans-config-api-parent'

Issues
7 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

sonarqubecloud · 2024-11-19T15:04:57Z

Quality Gate passed for 'jans-pycloudlib'

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

fix: admin-ui plugin should send appropriate message on expiry/ for i…

de24d3c

…nactive license. #10178 Signed-off-by: Arnab Dutta <arnab.bdutta@gmail.com>

duttarnab requested review from pujavs, yuriyz and yurem as code owners November 19, 2024 11:01

mo-auto added comp-docs Touching folder /docs comp-jans-config-api Component affected by issue or PR kind-bug Issue or PR is a bug in existing functionality labels Nov 19, 2024

yuriyz approved these changes Nov 19, 2024

View reviewed changes

yuriyz enabled auto-merge (squash) November 19, 2024 14:48

Merge branch 'main' into jans-config-api-issue-10178

a436198

yuriyzz approved these changes Nov 19, 2024

View reviewed changes

yuriyz merged commit 7347e04 into main Nov 19, 2024
10 of 11 checks passed

yuriyz deleted the jans-config-api-issue-10178 branch November 19, 2024 14:48

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

fix: admin-ui plugin should send appropriate message on expiry/ for inactive license. #10178 #10189

fix: admin-ui plugin should send appropriate message on expiry/ for inactive license. #10178 #10189

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

fix: admin-ui plugin should send appropriate message on expiry/ for inactive license. #10178 #10189

fix: admin-ui plugin should send appropriate message on expiry/ for inactive license. #10178 #10189

Uh oh!

Conversation

Uh oh!

Uh oh!

DryRun Security Summary

Code Analysis

Riskiness

Uh oh!

Quality Gate passed for 'jans-config-api-parent'

Uh oh!

Uh oh!

Quality Gate passed for 'jans-pycloudlib'

Uh oh!

Uh oh!