diff --git a/components/org.wso2.carbon.identity.scim2.common/pom.xml b/components/org.wso2.carbon.identity.scim2.common/pom.xml index 84e19c1fd..4be83fd9d 100644 --- a/components/org.wso2.carbon.identity.scim2.common/pom.xml +++ b/components/org.wso2.carbon.identity.scim2.common/pom.xml @@ -131,6 +131,10 @@ org.wso2.carbon.identity.framework org.wso2.carbon.identity.application.authentication.framework + + org.wso2.carbon.identity.framework + org.wso2.carbon.idp.mgt + org.wso2.carbon.identity.governance org.wso2.carbon.identity.password.policy @@ -244,6 +248,7 @@ version="${org.wso2.carbon.identity.organization.management.core.version.range}", org.wso2.carbon.identity.handler.event.account.lock.*; version="${carbon.identity.account.lock.handler.imp.pkg.version.range}", + org.wso2.carbon.idp.mgt.*;version="${carbon.identity.framework.imp.pkg.version.range}", !org.wso2.carbon.identity.scim2.common.internal, diff --git a/components/org.wso2.carbon.identity.scim2.common/src/main/java/org/wso2/carbon/identity/scim2/common/impl/SCIMRoleManagerV2.java b/components/org.wso2.carbon.identity.scim2.common/src/main/java/org/wso2/carbon/identity/scim2/common/impl/SCIMRoleManagerV2.java index 0dfa1834f..1f34f36b3 100644 --- a/components/org.wso2.carbon.identity.scim2.common/src/main/java/org/wso2/carbon/identity/scim2/common/impl/SCIMRoleManagerV2.java +++ b/components/org.wso2.carbon.identity.scim2.common/src/main/java/org/wso2/carbon/identity/scim2/common/impl/SCIMRoleManagerV2.java @@ -25,6 +25,7 @@ import org.apache.commons.logging.LogFactory; import org.wso2.carbon.CarbonConstants; import org.wso2.carbon.context.PrivilegedCarbonContext; +import org.wso2.carbon.identity.application.common.model.IdPGroup; import org.wso2.carbon.identity.core.util.IdentityUtil; import org.wso2.carbon.identity.organization.management.service.exception.OrganizationManagementException; import org.wso2.carbon.identity.organization.management.service.util.OrganizationManagementUtil; @@ -33,13 +34,16 @@ import org.wso2.carbon.identity.role.v2.mgt.core.exception.IdentityRoleManagementException; import org.wso2.carbon.identity.role.v2.mgt.core.model.AssociatedApplication; import org.wso2.carbon.identity.role.v2.mgt.core.model.GroupBasicInfo; +import org.wso2.carbon.identity.role.v2.mgt.core.model.IdpGroup; import org.wso2.carbon.identity.role.v2.mgt.core.model.Permission; import org.wso2.carbon.identity.role.v2.mgt.core.model.Role; import org.wso2.carbon.identity.role.v2.mgt.core.model.RoleBasicInfo; import org.wso2.carbon.identity.role.v2.mgt.core.model.UserBasicInfo; import org.wso2.carbon.identity.role.v2.mgt.core.util.UserIDResolver; +import org.wso2.carbon.identity.scim2.common.internal.SCIMCommonComponentHolder; import org.wso2.carbon.identity.scim2.common.utils.SCIMCommonConstants; import org.wso2.carbon.identity.scim2.common.utils.SCIMCommonUtils; +import org.wso2.carbon.idp.mgt.IdentityProviderManagementException; import org.wso2.carbon.user.api.UserStoreException; import org.wso2.carbon.user.core.UserCoreConstants; import org.wso2.carbon.user.core.common.AbstractUserStoreManager; @@ -71,6 +75,7 @@ import java.util.List; import java.util.Map; import java.util.Set; +import java.util.function.Function; import java.util.stream.Collectors; import static org.apache.commons.collections.CollectionUtils.isNotEmpty; @@ -136,10 +141,26 @@ public RoleV2 createRole(RoleV2 role) LOG.debug("Creating role: " + role.getDisplayName() + " for organization."); } } + + List groupIds = role.getGroups(); + // Get valid IdP groups from the given group IDs. + List idpGroups = SCIMCommonComponentHolder.getIdpManagerService().getValidIdPGroupsByIdPGroupIds( + groupIds, tenantDomain); + List idpGroupList = idpGroups.stream() + .map(this::convertToIdpGroup) + .collect(Collectors.toList()); + List validIdpGroupIds = idpGroupList.stream() + .map(IdpGroup::getGroupId) + .collect(Collectors.toList()); + // Exclude the valid Idp groups from the given group IDs for role creation. + List localGroupIds = groupIds.stream() + .filter(groupId -> !validIdpGroupIds.contains(groupId)) + .collect(Collectors.toList()); RoleBasicInfo roleBasicInfo = - roleManagementService.addRole(role.getDisplayName(), role.getUsers(), role.getGroups(), + roleManagementService.addRole(role.getDisplayName(), role.getUsers(), localGroupIds, permissionList, audienceType, role.getAudienceValue(), tenantDomain); - + roleManagementService.updateIdpGroupListOfRole(roleBasicInfo.getId(), idpGroupList, new ArrayList<>(), + tenantDomain); RoleV2 createdRole = new RoleV2(); createdRole.setId(roleBasicInfo.getId()); String locationURI = SCIMCommonUtils.getSCIMRoleV2URL(roleBasicInfo.getId()); @@ -160,6 +181,10 @@ public RoleV2 createRole(RoleV2 role) } throw new CharonException( String.format("Error occurred while adding a new role: %s", role.getDisplayName()), e); + } catch (IdentityProviderManagementException e) { + throw new CharonException( + String.format("Error occurred while retrieving IdP groups for role: %s", role.getDisplayName()), + e); } } @@ -202,20 +227,34 @@ public RoleV2 getRole(String roleID, Map requiredAttributes) } } - // Set role's assigned groups. - List assignedGroups = role.getGroups(); - if (assignedGroups != null) { - for (GroupBasicInfo groupInfo : assignedGroups) { - groupInfo.getId(); - String groupLocationURI = SCIMCommonUtils.getSCIMGroupURL(groupInfo.getId()); + // Set role's assigned userstore groups. + List assignedUserstoreGroups = role.getGroups(); + if (assignedUserstoreGroups != null) { + for (GroupBasicInfo groupInfo : assignedUserstoreGroups) { + String groupId = groupInfo.getId(); + String groupLocationURI = SCIMCommonUtils.getSCIMGroupURL(groupId); Group group = new Group(); group.setDisplayName(groupInfo.getName()); - group.setId(groupInfo.getId()); + group.setId(groupId); group.setLocation(groupLocationURI); scimRole.setGroup(group); } } + // Set role's assigned idp groups. + List assignedIdpGroups = role.getIdpGroups(); + if (assignedIdpGroups != null) { + for (IdpGroup idpGroup : assignedIdpGroups) { + String idpGroupId = idpGroup.getGroupId(); + String idpGroupLocationURI = SCIMCommonUtils.getIdpGroupURL(idpGroup.getIdpId(), idpGroupId); + Group group = new Group(); + group.setDisplayName(idpGroup.getGroupName()); + group.setId(idpGroupId); + group.setLocation(idpGroupLocationURI); + scimRole.setGroup(group); + } + } + // Set associated applications. List associatedApps = convertAssociatedAppsToMultivaluedComplexType(role.getAssociatedApplications()); @@ -866,17 +905,25 @@ private void updateGroups(String roleId, List groupOperations) try { Collections.sort(groupOperations); + + Set givenAddedGroupIds = new HashSet<>(); + Set givenDeletedGroupIds = new HashSet<>(); + Set givenReplaceGroupsIds = new HashSet<>(); + Set addedGroupIds = new HashSet<>(); Set deletedGroupIds = new HashSet<>(); - Set replaceGroupsIds = new HashSet<>(); + Set replaceGroupIds = new HashSet<>(); - List groupListOfRole = roleManagementService.getGroupListOfRole(roleId, tenantDomain); + Set addedIdpGroupIds = new HashSet<>(); + Set deletedIdpGroupIds = new HashSet<>(); + Set replaceIdpGroupIds = new HashSet<>(); + List groupListOfRole = roleManagementService.getGroupListOfRole(roleId, tenantDomain); for (PatchOperation groupOperation : groupOperations) { if (groupOperation.getValues() instanceof Map) { Map groupObject = (Map) groupOperation.getValues(); - prepareAddedRemovedGroupLists(addedGroupIds, deletedGroupIds, replaceGroupsIds, - groupOperation, groupObject, groupListOfRole); + prepareInitialGroupLists(givenAddedGroupIds, givenDeletedGroupIds, givenReplaceGroupsIds, + groupOperation, groupObject); } else if (groupOperation.getValues() instanceof List) { List> groupOperationValues = (List>) groupOperation.getValues(); @@ -886,19 +933,58 @@ private void updateGroups(String roleId, List groupOperations) collect(Collectors.toList())); } for (Map groupObject : groupOperationValues) { - prepareAddedRemovedGroupLists(addedGroupIds, deletedGroupIds, replaceGroupsIds, - groupOperation, groupObject, groupListOfRole); + prepareInitialGroupLists(givenAddedGroupIds, givenDeletedGroupIds, givenReplaceGroupsIds, + groupOperation, groupObject); } } - prepareReplacedGroupLists(groupListOfRole, addedGroupIds, deletedGroupIds, replaceGroupsIds); } + Set givenUniqueGroupIds = new HashSet<>(); + givenUniqueGroupIds.addAll(givenAddedGroupIds); + givenUniqueGroupIds.addAll(givenDeletedGroupIds); + givenUniqueGroupIds.addAll(givenReplaceGroupsIds); + + List idpGroups = SCIMCommonComponentHolder.getIdpManagerService().getValidIdPGroupsByIdPGroupIds( + new ArrayList<>(givenUniqueGroupIds), tenantDomain); + Set idpGroupIds = idpGroups.stream().map(IdPGroup::getIdpGroupId).collect(Collectors.toSet()); + + Set groupIdListOfRole = + groupListOfRole.stream().map(GroupBasicInfo::getId).collect(Collectors.toSet()); + List idpGroupListOfRole = roleManagementService.getIdpGroupListOfRole(roleId, tenantDomain); + Set idpGroupIdListOfRole = + idpGroupListOfRole.stream().map(IdpGroup::getGroupId).collect(Collectors.toSet()); + + seperatedAddedGroupLists(givenAddedGroupIds, idpGroupIds, idpGroupIdListOfRole, groupIdListOfRole, + addedIdpGroupIds, addedGroupIds); + seperateRemovedGroupLists(givenDeletedGroupIds, idpGroupIds, deletedIdpGroupIds, deletedGroupIds); + + seperateReplacedGroupLists(givenReplaceGroupsIds, idpGroupIds, replaceIdpGroupIds, replaceGroupIds); + prepareReplacedGroupLists(groupListOfRole, addedGroupIds, deletedGroupIds, replaceGroupIds); + prepareReplacedIdPGroupLists(idpGroupListOfRole, addedIdpGroupIds, deletedIdpGroupIds, replaceIdpGroupIds); + if (isNotEmpty(addedGroupIds) || isNotEmpty(deletedGroupIds)) { doUpdateGroups(roleId, addedGroupIds, deletedGroupIds); } + if (isNotEmpty(addedIdpGroupIds) || isNotEmpty(deletedIdpGroupIds)) { + Map idpGroupMap = idpGroups.stream() + .collect(Collectors.toMap(IdPGroup::getIdpGroupId, Function.identity())); + List addedIdpGroups = addedIdpGroupIds.stream() + .map(idpGroupMap::get) + .map(this::convertToIdpGroup) + .collect(Collectors.toList()); + List deletedIdpGroups = deletedIdpGroupIds.stream() + .map(idpGroupMap::get) + .map(this::convertToIdpGroup) + .collect(Collectors.toList()); + doUpdateIdPGroups(roleId, addedIdpGroups, deletedIdpGroups); + } } catch (IdentityRoleManagementException e) { throw new CharonException( String.format("Error occurred while retrieving the group list for role with ID: %s", roleId), e); + } catch (IdentityProviderManagementException e) { + throw new CharonException( + String.format("Error occurred while retrieving the IDP group list for role with ID: %s", roleId), + e); } } @@ -974,6 +1060,23 @@ private void doUpdateGroups(String roleId, Set newGroupIDList, Set newGroupIDList, List deleteGroupIDList) + throws CharonException, BadRequestException { + + // Update the role with added groups and deleted groups. + if (isNotEmpty(newGroupIDList) || isNotEmpty(deleteGroupIDList)) { + try { + roleManagementService.updateIdpGroupListOfRole(roleId, newGroupIDList, deleteGroupIDList, tenantDomain); + } catch (IdentityRoleManagementException e) { + if (RoleConstants.Error.INVALID_REQUEST.getCode().equals(e.getErrorCode())) { + throw new BadRequestException(e.getMessage()); + } + throw new CharonException( + String.format("Error occurred while updating groups in the role with ID: %s", roleId), e); + } + } + } + private void doUpdateUsers(Set newUserList, Set deletedUserList, Set newlyAddedMemberIds, String roleId) throws CharonException, BadRequestException, ForbiddenException { @@ -1036,27 +1139,64 @@ private List getUserIDList(List userList, String tenantDomain) t return userIDList; } - private void prepareAddedRemovedGroupLists(Set addedGroupsIds, Set removedGroupsIds, - Set replacedGroupsIds, PatchOperation groupOperation, - Map groupObject, List groupListOfRole) { + private void prepareInitialGroupLists(Set givenAddedGroupsIds, Set givenRemovedGroupsIds, + Set givenReplacedGroupsIds, PatchOperation groupOperation, + Map groupObject) { switch (groupOperation.getOperation()) { case (SCIMConstants.OperationalConstants.ADD): - removedGroupsIds.remove(groupObject.get(SCIMConstants.CommonSchemaConstants.VALUE)); - if (!isGroupExist(groupObject.get(SCIMConstants.CommonSchemaConstants.VALUE), groupListOfRole)) { - addedGroupsIds.add(groupObject.get(SCIMConstants.CommonSchemaConstants.VALUE)); - } + givenRemovedGroupsIds.remove(groupObject.get(SCIMConstants.CommonSchemaConstants.VALUE)); + givenAddedGroupsIds.add(groupObject.get(SCIMConstants.CommonSchemaConstants.VALUE)); break; case (SCIMConstants.OperationalConstants.REMOVE): - addedGroupsIds.remove(groupObject.get(SCIMConstants.CommonSchemaConstants.VALUE)); - removedGroupsIds.add(groupObject.get(SCIMConstants.CommonSchemaConstants.VALUE)); + givenAddedGroupsIds.remove(groupObject.get(SCIMConstants.CommonSchemaConstants.VALUE)); + givenRemovedGroupsIds.add(groupObject.get(SCIMConstants.CommonSchemaConstants.VALUE)); break; case (SCIMConstants.OperationalConstants.REPLACE): - replacedGroupsIds.add(groupObject.get(SCIMConstants.CommonSchemaConstants.VALUE)); + givenReplacedGroupsIds.add(groupObject.get(SCIMConstants.CommonSchemaConstants.VALUE)); + break; + default: break; } } + private void seperatedAddedGroupLists(Set givenAddedGroupIds, Set idpGroupIds, + Set idpGroupIdListOfRole,Set groupIdListOfRole, + Set addedIdpGroupIds, Set addedGroupIds) { + + for (String groupId : givenAddedGroupIds) { + if (idpGroupIds.contains(groupId) && !idpGroupIdListOfRole.contains(groupId)) { + addedIdpGroupIds.add(groupId); + } else if (!groupIdListOfRole.contains(groupId)) { + addedGroupIds.add(groupId); + } + } + } + + private void seperateRemovedGroupLists(Set givenDeletedGroupIds, Set idpGroupIds, + Set deletedIdpGroupIds, Set deletedGroupIds) { + + for (String groupId : givenDeletedGroupIds) { + if (idpGroupIds.contains(groupId)) { + deletedIdpGroupIds.add(groupId); + } else { + deletedGroupIds.add(groupId); + } + } + } + + private void seperateReplacedGroupLists(Set givenReplaceGroupsIds, Set idpGroupIds, + Set replaceIdpGroupIds, Set replaceGroupIds) { + + for (String groupId : givenReplaceGroupsIds) { + if (idpGroupIds.contains(groupId)) { + replaceIdpGroupIds.add(groupId); + } else { + replaceGroupIds.add(groupId); + } + } + } + private void prepareAddedRemovedUserLists(Set addedMembers, Set removedMembers, Set newlyAddedMemberIds, PatchOperation memberOperation, Map memberObject, String roleId) @@ -1129,6 +1269,25 @@ private void prepareReplacedGroupLists(List groupListOfRole, Set addedGroupIds.addAll(replacedGroupsIds); } + private void prepareReplacedIdPGroupLists(List idpGroupListOfRole, Set addedGroupIds, + Set removedGroupsIds, Set replacedGroupsIds) { + + if (replacedGroupsIds.isEmpty()) { + return; + } + + if (!idpGroupListOfRole.isEmpty()) { + for (IdpGroup idpGroupInfo : idpGroupListOfRole) { + if (!replacedGroupsIds.contains(idpGroupInfo.getGroupId())) { + removedGroupsIds.add(idpGroupInfo.getGroupId()); + } else { + replacedGroupsIds.remove(idpGroupInfo.getGroupId()); + } + } + } + addedGroupIds.addAll(replacedGroupsIds); + } + private boolean isGroupExist(String groupId, List groupListOfRole) { return groupListOfRole != null && @@ -1164,4 +1323,11 @@ private boolean isRoleModificationAllowedForTenant(String tenantDomain) throws C throw new CharonException("Error while checking whether the tenant is an organization.", e); } } + + private IdpGroup convertToIdpGroup(IdPGroup idpGroup) { + + IdpGroup convertedGroup = new IdpGroup(idpGroup.getIdpGroupId(), idpGroup.getIdpId()); + convertedGroup.setGroupName(idpGroup.getIdpGroupName()); + return convertedGroup; + } } diff --git a/components/org.wso2.carbon.identity.scim2.common/src/main/java/org/wso2/carbon/identity/scim2/common/internal/SCIMCommonComponent.java b/components/org.wso2.carbon.identity.scim2.common/src/main/java/org/wso2/carbon/identity/scim2/common/internal/SCIMCommonComponent.java index 6c8991f90..50b59bb77 100644 --- a/components/org.wso2.carbon.identity.scim2.common/src/main/java/org/wso2/carbon/identity/scim2/common/internal/SCIMCommonComponent.java +++ b/components/org.wso2.carbon.identity.scim2.common/src/main/java/org/wso2/carbon/identity/scim2/common/internal/SCIMCommonComponent.java @@ -56,6 +56,7 @@ import org.wso2.charon3.core.config.SCIMUserSchemaExtensionBuilder; import org.wso2.charon3.core.exceptions.CharonException; import org.wso2.charon3.core.exceptions.InternalErrorException; +import org.wso2.carbon.idp.mgt.IdpManager; import java.io.File; import java.util.concurrent.ExecutorService; @@ -296,6 +297,34 @@ protected void unsetRoleManagementServiceV2(org.wso2.carbon.identity.role.v2.mgt logger.debug("RoleManagementServiceV2 unset in SCIMCommonComponent bundle."); } + /** + * Set idp manager service implementation. + * + * @param idpManager Idp manager service. + */ + @Reference( + name = "org.wso2.carbon.idp.mgt.IdpManager", + service = org.wso2.carbon.idp.mgt.IdpManager.class, + cardinality = ReferenceCardinality.MANDATORY, + policy = ReferencePolicy.DYNAMIC, + unbind = "unsetIdPManagerService") + protected void setIdPManagerService(IdpManager idpManager) { + + SCIMCommonComponentHolder.setIdpManagerService(idpManager); + logger.debug("IdPManagerService set in SCIMCommonComponent bundle."); + } + + /** + * Unset idp manager service implementation. + * + * @param idpManager Idp manager service. + */ + protected void unsetIdPManagerService(IdpManager idpManager) { + + SCIMCommonComponentHolder.setIdpManagerService(null); + logger.debug("IdPManagerService unset in SCIMCommonComponent bundle."); + } + /** * Set SCIMUserStoreErrorResolver implementation * diff --git a/components/org.wso2.carbon.identity.scim2.common/src/main/java/org/wso2/carbon/identity/scim2/common/internal/SCIMCommonComponentHolder.java b/components/org.wso2.carbon.identity.scim2.common/src/main/java/org/wso2/carbon/identity/scim2/common/internal/SCIMCommonComponentHolder.java index b78fe93a4..b8f803b28 100644 --- a/components/org.wso2.carbon.identity.scim2.common/src/main/java/org/wso2/carbon/identity/scim2/common/internal/SCIMCommonComponentHolder.java +++ b/components/org.wso2.carbon.identity.scim2.common/src/main/java/org/wso2/carbon/identity/scim2/common/internal/SCIMCommonComponentHolder.java @@ -21,6 +21,7 @@ import org.wso2.carbon.identity.claim.metadata.mgt.ClaimMetadataManagementService; import org.wso2.carbon.identity.organization.management.service.OrganizationManager; import org.wso2.carbon.identity.scim2.common.extenstion.SCIMUserStoreErrorResolver; +import org.wso2.carbon.idp.mgt.IdpManager; import org.wso2.carbon.user.core.service.RealmService; import org.wso2.carbon.user.mgt.RolePermissionManagementService; import org.wso2.carbon.identity.role.mgt.core.RoleManagementService; @@ -41,6 +42,7 @@ public class SCIMCommonComponentHolder { private static RoleManagementService roleManagementService; private static org.wso2.carbon.identity.role.v2.mgt.core.RoleManagementService roleManagementServiceV2; private static OrganizationManager organizationManager; + private static IdpManager idpManager; private static final List scimUserStoreErrorResolvers = new ArrayList<>(); /** @@ -170,6 +172,26 @@ public static List getScimUserStoreErrorResolverList return scimUserStoreErrorResolvers; } + /** + * Set IdpManager service. + * + * @param idpManager Idp Manager. + */ + public static void setIdpManagerService(IdpManager idpManager) { + + SCIMCommonComponentHolder.idpManager = idpManager; + } + + /** + * Get IdpManager service. + * + * @return Idp Manager. + */ + public static IdpManager getIdpManagerService() { + + return idpManager; + } + public static void addScimUserStoreErrorResolver(SCIMUserStoreErrorResolver scimUserStoreErrorResolver) { scimUserStoreErrorResolvers.add(scimUserStoreErrorResolver); diff --git a/components/org.wso2.carbon.identity.scim2.common/src/main/java/org/wso2/carbon/identity/scim2/common/utils/SCIMCommonUtils.java b/components/org.wso2.carbon.identity.scim2.common/src/main/java/org/wso2/carbon/identity/scim2/common/utils/SCIMCommonUtils.java index 5cc3d7522..345d18a03 100644 --- a/components/org.wso2.carbon.identity.scim2.common/src/main/java/org/wso2/carbon/identity/scim2/common/utils/SCIMCommonUtils.java +++ b/components/org.wso2.carbon.identity.scim2.common/src/main/java/org/wso2/carbon/identity/scim2/common/utils/SCIMCommonUtils.java @@ -154,6 +154,29 @@ public static String getApplicationRefURL(String id) { } } + public static String getIdpGroupURL(String idpId, String groupId) { + + String idpGroupURL; + String path = "/api/server/v1/identity-providers"; + try { + if (IdentityTenantUtil.isTenantQualifiedUrlsEnabled()) { + idpGroupURL = ServiceURLBuilder.create().addPath(path).build() + .getAbsolutePublicURL(); + } else { + idpGroupURL = getURLIfTenantQualifiedURLDisabled(path); + } + return StringUtils.isNotBlank(idpId) && StringUtils.isNotBlank(groupId) ? + new StringBuilder().append(idpGroupURL).append(SCIMCommonConstants.URL_SEPERATOR).append(idpId) + .append(SCIMCommonConstants.URL_SEPERATOR).append(groupId).toString() : null; + } catch (URLBuilderException e) { + if (log.isDebugEnabled()) { + log.debug("Error occurred while building the identity provider's group endpoint with " + + "tenant/organization qualified URL.", e); + } + return null; + } + } + public static String getPermissionRefURL(String apiId, String permissionName) { String apiResourceURL; diff --git a/pom.xml b/pom.xml index 6175adaf3..250505e96 100644 --- a/pom.xml +++ b/pom.xml @@ -166,6 +166,12 @@ ${identity.framework.version} provided + + org.wso2.carbon.identity.framework + org.wso2.carbon.idp.mgt + ${identity.framework.version} + provided + org.wso2.carbon.identity.organization.management.core org.wso2.carbon.identity.organization.management.service @@ -279,7 +285,7 @@ 6.5.3 3.2.0.wso2v1 4.9.15 - 5.25.462 + 5.25.509 4.13.1 20030203.000129 1.8.12