feat: add vendor auth policy REST endpoints

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-27 08:42:59 +02:00
parent 02be1d9264
commit 25f4afcddc
1 changed files with 59 additions and 0 deletions
--- a/src/main/java/net/siegeln/cameleer/saas/vendor/VendorAuthPolicyController.java
+++ b/src/main/java/net/siegeln/cameleer/saas/vendor/VendorAuthPolicyController.java
@@ -0,0 +1,59 @@
+package net.siegeln.cameleer.saas.vendor;
+
+import org.springframework.http.ResponseEntity;
+import org.springframework.security.access.prepost.PreAuthorize;
+import org.springframework.web.bind.annotation.*;
+
+import java.util.Set;
+
+@RestController
+@RequestMapping("/api/vendor/auth-policy")
+@PreAuthorize("hasAuthority('SCOPE_platform:admin')")
+public class VendorAuthPolicyController {
+
+    private static final Set<String> VALID_MFA_MODES = Set.of("off", "optional", "required");
+    private static final Set<String> VALID_PASSKEY_MODES = Set.of("optional", "preferred", "required");
+
+    private final VendorAuthPolicyRepository repository;
+
+    public VendorAuthPolicyController(VendorAuthPolicyRepository repository) {
+        this.repository = repository;
+    }
+
+    public record AuthPolicyResponse(String mfaMode, boolean passkeyEnabled, String passkeyMode) {
+        static AuthPolicyResponse from(VendorAuthPolicyEntity entity) {
+            return new AuthPolicyResponse(entity.getMfaMode(), entity.isPasskeyEnabled(), entity.getPasskeyMode());
+        }
+    }
+
+    public record AuthPolicyUpdateRequest(String mfaMode, Boolean passkeyEnabled, String passkeyMode) {}
+
+    @GetMapping
+    public ResponseEntity<AuthPolicyResponse> getPolicy() {
+        return ResponseEntity.ok(AuthPolicyResponse.from(repository.getPolicy()));
+    }
+
+    @PutMapping
+    public ResponseEntity<AuthPolicyResponse> updatePolicy(@RequestBody AuthPolicyUpdateRequest request) {
+        var policy = repository.getPolicy();
+
+        if (request.mfaMode() != null) {
+            if (!VALID_MFA_MODES.contains(request.mfaMode())) {
+                return ResponseEntity.badRequest().build();
+            }
+            policy.setMfaMode(request.mfaMode());
+        }
+        if (request.passkeyEnabled() != null) {
+            policy.setPasskeyEnabled(request.passkeyEnabled());
+        }
+        if (request.passkeyMode() != null) {
+            if (!VALID_PASSKEY_MODES.contains(request.passkeyMode())) {
+                return ResponseEntity.badRequest().build();
+            }
+            policy.setPasskeyMode(request.passkeyMode());
+        }
+
+        repository.save(policy);
+        return ResponseEntity.ok(AuthPolicyResponse.from(policy));
+    }
+}