search

wso2 / product-is

Welcome to the WSO2 Identity Server source code! For info on working with the WSO2 Identity Server repository and contributing code, click the link below.
http://wso2.github.io/
Apache License 2.0
732 stars 713 forks source link

[Secondary User Store][ApacheDS 2.0] The connection modification is neither populated to the page if not refreshed, nor error information displayed #19380

Open indeewari opened 5 months ago

indeewari commented 5 months ago

Describe the issue: When a user makes connection modifications to the secondary user store and tap Update button, the page populates the n-1 th values, which shows like user's modification is not applied. User have to refresh the page to see the real values applied to the connection.

  1. Initial values
image
  1. User's modifications before tapping the update button, (Modifying the "Connection Name" from "ou=users,ou=system" --> to "ou=users,ou=sys".
image
  1. User's modifications after tapping the update button
image

Update Curl curl 'https://localhost:9443/t/carbon.super/api/server/v1/userstores/QXBhY2hlRFMgMi4wLjA' \ -X 'PATCH' \ -H 'Access-Control-Allow-Origin: https://localhost:9443/t/carbon.super/console' \ -H 'Accept: application/json' \ -H 'Referer;' \ -H 'Authorization: Bearer 297f1364-e780-3728-8c69-9d32a6211f8e' \ -H 'User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.0.0 Safari/537.36' \ -H 'Content-Type: application/json' \ --data-raw '[{"operation":"REPLACE","path":"/properties/StartTLSEnabled","value":"false"},{"operation":"REPLACE","path":"/properties/ConnectionURL","value":"ldap://localhost:10389"},{"operation":"REPLACE","path":"/properties/ConnectionName","value":"uid=admin,ou=sys"}]' \ --compressed \ --insecure

PATCH response { "name": "ConnectionName", "value": "uid=admin,ou=sys" }

GET (https://localhost:9443/t/carbon.super/api/server/v1/userstores/QXBhY2hlRFMgMi4wLjA) response of after the update { "name": "ConnectionName", "value": "uid=admin,ou=system" },

Log

image
  1. After page refresh
image

GET response after page refresh { "name": "ConnectionName", "value": "uid=admin,ou=sys" }

  1. Console logs

How to reproduce:

  1. Start IS 7 server
  2. Start Apache LDAP
image
  1. Connect LDAP to the super org in the IS
  2. Follow the above steps from 1 - 5 described in the issue description.

Expected behavior:

  1. The GET response should return the PATCH request values as GET is called soon after the PATCH is requested. If a manual page refresh is mandatory, that should be notified/enforced to the user
  2. The backend status should be communicated to the user properly, since even the connection credentials are invalid and LDAP connection is failed, user is not informed, and he does not have any clue on what happened. If not the console errors, user is blocked.

Environment information (Please complete the following information; remove any unnecessary fields) :

Optional Fields

Related issues:

Suggested labels:

madurangasiriwardena commented 5 months ago

@indeewari, thank you for reporting the issue.

With the current user store deployment architecture, user store deployment is happening asynchronously. Hence there is no way to validate the connection at the time of add/updating the userstore. We will have to revamp the userstore architecture to properly fix this issue.

However, for JDBC userstores, there is a test connection button in the UI. This mitigate the concern you have mentioned. Hence we can consider onboarding similar capability for the LDAP based userstores as well.

Considering the IS 7.0 timelines, we are not adding this for the IS 7.0 release.