From e0ef6d4a6b5c12a49946bd00d972c3c1a37b4b2a Mon Sep 17 00:00:00 2001
From: Enrico Vianello <enrico.vianello@cnaf.infn.it>
Date: Fri, 20 Dec 2024 16:57:39 +0100
Subject: [PATCH] Fix infinite recursion on object serialization

---
 .../MultiFactorEvent.java                     |  5 +++
 .../iam/audit/utils/IamTotpMfaSerializer.java | 40 +++++++++++++++++++
 .../mw/iam/persistence/model/IamAccount.java  |  6 ---
 .../mw/iam/persistence/model/IamTotpMfa.java  |  4 +-
 4 files changed, 48 insertions(+), 7 deletions(-)
 create mode 100644 iam-login-service/src/main/java/it/infn/mw/iam/audit/utils/IamTotpMfaSerializer.java

diff --git a/iam-login-service/src/main/java/it/infn/mw/iam/audit/events/account/multi_factor_authentication/MultiFactorEvent.java b/iam-login-service/src/main/java/it/infn/mw/iam/audit/events/account/multi_factor_authentication/MultiFactorEvent.java
index 61008b65f..b22207c95 100644
--- a/iam-login-service/src/main/java/it/infn/mw/iam/audit/events/account/multi_factor_authentication/MultiFactorEvent.java
+++ b/iam-login-service/src/main/java/it/infn/mw/iam/audit/events/account/multi_factor_authentication/MultiFactorEvent.java
@@ -15,13 +15,18 @@
  */
 package it.infn.mw.iam.audit.events.account.multi_factor_authentication;
 
+import com.fasterxml.jackson.databind.annotation.JsonSerialize;
+
 import it.infn.mw.iam.audit.events.account.AccountEvent;
+import it.infn.mw.iam.audit.utils.IamTotpMfaSerializer;
 import it.infn.mw.iam.persistence.model.IamAccount;
 import it.infn.mw.iam.persistence.model.IamTotpMfa;
 
 public class MultiFactorEvent extends AccountEvent {
 
   private static final long serialVersionUID = 1L;
+
+  @JsonSerialize(using=IamTotpMfaSerializer.class)
   private final IamTotpMfa totpMfa;
 
   protected MultiFactorEvent(Object source, IamAccount account, IamTotpMfa totpMfa,
diff --git a/iam-login-service/src/main/java/it/infn/mw/iam/audit/utils/IamTotpMfaSerializer.java b/iam-login-service/src/main/java/it/infn/mw/iam/audit/utils/IamTotpMfaSerializer.java
new file mode 100644
index 000000000..85a91a2fb
--- /dev/null
+++ b/iam-login-service/src/main/java/it/infn/mw/iam/audit/utils/IamTotpMfaSerializer.java
@@ -0,0 +1,40 @@
+/**
+ * Copyright (c) Istituto Nazionale di Fisica Nucleare (INFN). 2016-2021
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package it.infn.mw.iam.audit.utils;
+
+import java.io.IOException;
+
+import com.fasterxml.jackson.core.JsonGenerator;
+import com.fasterxml.jackson.databind.JsonSerializer;
+import com.fasterxml.jackson.databind.SerializerProvider;
+
+import it.infn.mw.iam.persistence.model.IamTotpMfa;
+
+public class IamTotpMfaSerializer extends JsonSerializer<IamTotpMfa> {
+
+  @Override
+  public void serialize(IamTotpMfa value, JsonGenerator gen, SerializerProvider serializers)
+      throws IOException {
+
+    gen.writeStartObject();
+    gen.writeStringField("account", value.getAccount().getUsername());
+    gen.writeStringField("creationTime", value.getCreationTime().toString());
+    gen.writeStringField("lastUpdateTime", value.getLastUpdateTime().toString());
+    gen.writeStringField("active", String.valueOf(value.isActive()));
+    gen.writeEndObject();
+  }
+
+}
diff --git a/iam-persistence/src/main/java/it/infn/mw/iam/persistence/model/IamAccount.java b/iam-persistence/src/main/java/it/infn/mw/iam/persistence/model/IamAccount.java
index 78c656892..6a90392c4 100644
--- a/iam-persistence/src/main/java/it/infn/mw/iam/persistence/model/IamAccount.java
+++ b/iam-persistence/src/main/java/it/infn/mw/iam/persistence/model/IamAccount.java
@@ -48,7 +48,6 @@
 import javax.persistence.TemporalType;
 import javax.validation.constraints.NotNull;
 
-import com.fasterxml.jackson.annotation.JsonIgnore;
 import com.google.common.base.Preconditions;
 
 @Entity
@@ -91,7 +90,6 @@ public class IamAccount implements Serializable {
 
   @OneToOne(cascade = CascadeType.ALL)
   @JoinColumn(name = "user_info_id")
-  @JsonIgnore
   private IamUserInfo userInfo;
 
   @Temporal(TemporalType.TIMESTAMP)
@@ -105,17 +103,14 @@ public class IamAccount implements Serializable {
   private Set<IamAuthority> authorities = new HashSet<>();
 
   @OneToMany(mappedBy = "account", cascade = CascadeType.ALL, orphanRemoval = true)
-  @JsonIgnore
   private Set<IamAccountGroupMembership> groups = new HashSet<>();
 
   @OneToMany(mappedBy = "account", cascade = CascadeType.ALL, fetch = FetchType.EAGER,
       orphanRemoval = true)
-  @JsonIgnore
   private Set<IamSamlId> samlIds = new HashSet<>();
 
   @OneToMany(mappedBy = "account", cascade = CascadeType.ALL, fetch = FetchType.EAGER,
       orphanRemoval = true)
-  @JsonIgnore
   private Set<IamOidcId> oidcIds = new HashSet<>();
 
   @OneToMany(mappedBy = "account", cascade = CascadeType.ALL, fetch = FetchType.EAGER,
@@ -124,7 +119,6 @@ public class IamAccount implements Serializable {
 
   @OneToMany(mappedBy = "account", cascade = CascadeType.ALL, fetch = FetchType.EAGER,
       orphanRemoval = true)
-  @JsonIgnore
   private Set<IamX509Certificate> x509Certificates = new HashSet<>();
 
   @Column(name = "confirmation_key", unique = true, length = 36)
diff --git a/iam-persistence/src/main/java/it/infn/mw/iam/persistence/model/IamTotpMfa.java b/iam-persistence/src/main/java/it/infn/mw/iam/persistence/model/IamTotpMfa.java
index f6d97f4d5..a15d4829c 100644
--- a/iam-persistence/src/main/java/it/infn/mw/iam/persistence/model/IamTotpMfa.java
+++ b/iam-persistence/src/main/java/it/infn/mw/iam/persistence/model/IamTotpMfa.java
@@ -23,6 +23,7 @@
 import javax.persistence.GeneratedValue;
 import javax.persistence.GenerationType;
 import javax.persistence.Id;
+import javax.persistence.JoinColumn;
 import javax.persistence.OneToOne;
 import javax.persistence.Table;
 import javax.persistence.Temporal;
@@ -38,7 +39,8 @@ public class IamTotpMfa implements Serializable {
   @GeneratedValue(strategy = GenerationType.IDENTITY)
   private Long id;
 
-  @OneToOne()
+  @OneToOne
+  @JoinColumn(name = "account_id")
   private IamAccount account;
 
   @Column(name = "secret", nullable = false)