/** Remove initial and synchronized users to make test re-runnable. */
 protected void removeTestUsers() {
   for (int i = 0; i < 10; i++) {
     String cUserName = "******" + i;
     try {
       UserTO cUserTO = readUser(cUserName);
       userService.delete(cUserTO.getKey());
     } catch (Exception e) {
       // Ignore
     }
   }
 }
Beispiel #2
0
  @Test
  public void updateWithoutApproval() {
    // 1. create user as admin
    UserTO created =
        createUser(UserITCase.getUniqueSampleTO("*****@*****.**")).getEntity();
    assertNotNull(created);
    assertFalse(created.getUsername().endsWith("XX"));

    // 2. self-update (username) - works
    UserPatch userPatch = new UserPatch();
    userPatch.setKey(created.getKey());
    userPatch.setUsername(
        new StringReplacePatchItem.Builder().value(created.getUsername() + "XX").build());

    SyncopeClient authClient = clientFactory.create(created.getUsername(), "password123");
    UserTO updated =
        authClient
            .getService(UserSelfService.class)
            .update(userPatch)
            .readEntity(new GenericType<ProvisioningResult<UserTO>>() {})
            .getEntity();
    assertNotNull(updated);
    assertEquals(
        ActivitiDetector.isActivitiEnabledForUsers(syncopeService) ? "active" : "created",
        updated.getStatus());
    assertTrue(updated.getUsername().endsWith("XX"));
  }
Beispiel #3
0
  @Test
  public void createAndApprove() {
    Assume.assumeTrue(ActivitiDetector.isActivitiEnabledForUsers(syncopeService));

    // self-create user with membership: goes 'createApproval' with resources and membership but no
    // propagation
    UserTO userTO = UserITCase.getUniqueSampleTO("*****@*****.**");
    userTO
        .getMemberships()
        .add(new MembershipTO.Builder().group("29f96485-729e-4d31-88a1-6fc60e4677f3").build());
    userTO.getResources().add(RESOURCE_NAME_TESTDB);

    SyncopeClient anonClient = clientFactory.create();
    userTO =
        anonClient
            .getService(UserSelfService.class)
            .create(userTO, true)
            .readEntity(new GenericType<ProvisioningResult<UserTO>>() {})
            .getEntity();
    assertNotNull(userTO);
    assertEquals("createApproval", userTO.getStatus());
    assertFalse(userTO.getMemberships().isEmpty());
    assertFalse(userTO.getResources().isEmpty());

    try {
      resourceService.readConnObject(
          RESOURCE_NAME_TESTDB, AnyTypeKind.USER.name(), userTO.getKey());
      fail();
    } catch (SyncopeClientException e) {
      assertEquals(ClientExceptionType.NotFound, e.getType());
    }

    // now approve and verify that propagation has happened
    WorkflowFormTO form = userWorkflowService.getFormForUser(userTO.getKey());
    form = userWorkflowService.claimForm(form.getTaskId());
    Map<String, WorkflowFormPropertyTO> props = form.getPropertyMap();
    props.get("approve").setValue(Boolean.TRUE.toString());
    form.getProperties().clear();
    form.getProperties().addAll(props.values());
    userTO = userWorkflowService.submitForm(form);
    assertNotNull(userTO);
    assertEquals("active", userTO.getStatus());
    assertNotNull(
        resourceService.readConnObject(
            RESOURCE_NAME_TESTDB, AnyTypeKind.USER.name(), userTO.getKey()));
  }
Beispiel #4
0
  @Test
  public void delete() {
    UserTO created =
        createUser(UserITCase.getUniqueSampleTO("*****@*****.**")).getEntity();
    assertNotNull(created);

    SyncopeClient authClient = clientFactory.create(created.getUsername(), "password123");
    UserTO deleted =
        authClient
            .getService(UserSelfService.class)
            .delete()
            .readEntity(new GenericType<ProvisioningResult<UserTO>>() {})
            .getEntity();
    assertNotNull(deleted);
    assertEquals(
        ActivitiDetector.isActivitiEnabledForUsers(syncopeService) ? "deleteApproval" : null,
        deleted.getStatus());
  }
Beispiel #5
0
  @Test
  public void create() {
    Assume.assumeTrue(ActivitiDetector.isActivitiEnabledForUsers(syncopeService));

    // 1. self-registration as admin: failure
    try {
      userSelfService.create(UserITCase.getUniqueSampleTO("*****@*****.**"), true);
      fail();
    } catch (AccessControlException e) {
      assertNotNull(e);
    }

    // 2. self-registration as anonymous: works
    SyncopeClient anonClient = clientFactory.create();
    UserTO self =
        anonClient
            .getService(UserSelfService.class)
            .create(UserITCase.getUniqueSampleTO("*****@*****.**"), true)
            .readEntity(new GenericType<ProvisioningResult<UserTO>>() {})
            .getEntity();
    assertNotNull(self);
    assertEquals("createApproval", self.getStatus());
  }
Beispiel #6
0
  @Test
  public void mustChangePassword() {
    // PRE: reset vivaldi's password
    UserPatch userPatch = new UserPatch();
    userPatch.setKey("b3cbc78d-32e6-4bd4-92e0-bbe07566a2ee");
    userPatch.setPassword(new PasswordPatch.Builder().value("password321").build());
    userService.update(userPatch);

    // 0. access as vivaldi -> succeed
    SyncopeClient vivaldiClient = clientFactory.create("vivaldi", "password321");
    Pair<Map<String, Set<String>>, UserTO> self = vivaldiClient.self();
    assertFalse(self.getRight().isMustChangePassword());

    // 1. update user vivaldi (3) requirig password update
    userPatch = new UserPatch();
    userPatch.setKey("b3cbc78d-32e6-4bd4-92e0-bbe07566a2ee");
    userPatch.setMustChangePassword(new BooleanReplacePatchItem.Builder().value(true).build());
    UserTO vivaldi = updateUser(userPatch).getEntity();
    assertTrue(vivaldi.isMustChangePassword());

    // 2. attempt to access -> fail
    try {
      vivaldiClient.getService(ResourceService.class).list();
      fail();
    } catch (AccessControlException e) {
      assertNotNull(e);
      assertEquals("Please change your password first", e.getMessage());
    }

    // 3. change password
    vivaldiClient.getService(UserSelfService.class).changePassword("password123");

    // 4. verify it worked
    self = clientFactory.create("vivaldi", "password123").self();
    assertFalse(self.getRight().isMustChangePassword());
  }
Beispiel #7
0
  @Test
  public void passwordResetWithoutSecurityQuestion() {
    // 0. disable security question for password reset
    configurationService.set(attrTO("passwordReset.securityQuestion", "false"));

    // 1. create an user with security question and answer
    UserTO user = UserITCase.getUniqueSampleTO("*****@*****.**");
    createUser(user);

    // 2. verify that new user is able to authenticate
    SyncopeClient authClient = clientFactory.create(user.getUsername(), "password123");
    UserTO read = authClient.self().getValue();
    assertNotNull(read);

    // 3. request password reset (as anonymous) with no security answer
    SyncopeClient anonClient = clientFactory.create();
    anonClient.getService(UserSelfService.class).requestPasswordReset(user.getUsername(), null);

    // 4. get token (normally sent via e-mail, now reading as admin)
    String token = userService.read(read.getKey()).getToken();
    assertNotNull(token);

    // 5. confirm password reset
    try {
      anonClient
          .getService(UserSelfService.class)
          .confirmPasswordReset("WRONG TOKEN", "newPassword");
      fail();
    } catch (SyncopeClientException e) {
      assertEquals(ClientExceptionType.NotFound, e.getType());
      assertTrue(e.getMessage().contains("WRONG TOKEN"));
    }
    anonClient.getService(UserSelfService.class).confirmPasswordReset(token, "newPassword123");

    // 6. verify that password was reset and token removed
    authClient = clientFactory.create(user.getUsername(), "newPassword123");
    read = authClient.self().getValue();
    assertNotNull(read);
    assertNull(read.getToken());

    // 7. re-enable security question for password reset
    configurationService.set(attrTO("passwordReset.securityQuestion", "true"));
  }
Beispiel #8
0
  @Test
  public void passwordReset() {
    // 0. ensure that password request DOES require security question
    configurationService.set(attrTO("passwordReset.securityQuestion", "true"));

    // 1. create an user with security question and answer
    UserTO user = UserITCase.getUniqueSampleTO("*****@*****.**");
    user.setSecurityQuestion("887028ea-66fc-41e7-b397-620d7ea6dfbb");
    user.setSecurityAnswer("Rossi");
    user.getResources().add(RESOURCE_NAME_TESTDB);
    createUser(user);

    // verify propagation (including password) on external db
    JdbcTemplate jdbcTemplate = new JdbcTemplate(testDataSource);
    String pwdOnResource =
        jdbcTemplate.queryForObject(
            "SELECT password FROM test WHERE id=?", String.class, user.getUsername());
    assertTrue(StringUtils.isNotBlank(pwdOnResource));

    // 2. verify that new user is able to authenticate
    SyncopeClient authClient = clientFactory.create(user.getUsername(), "password123");
    UserTO read = authClient.self().getValue();
    assertNotNull(read);

    // 3. request password reset (as anonymous) providing the expected security answer
    SyncopeClient anonClient = clientFactory.create();
    try {
      anonClient
          .getService(UserSelfService.class)
          .requestPasswordReset(user.getUsername(), "WRONG");
      fail();
    } catch (SyncopeClientException e) {
      assertEquals(ClientExceptionType.InvalidSecurityAnswer, e.getType());
    }
    anonClient.getService(UserSelfService.class).requestPasswordReset(user.getUsername(), "Rossi");

    // 4. get token (normally sent via e-mail, now reading as admin)
    String token = userService.read(read.getKey()).getToken();
    assertNotNull(token);

    // 5. confirm password reset
    try {
      anonClient
          .getService(UserSelfService.class)
          .confirmPasswordReset("WRONG TOKEN", "newPassword");
      fail();
    } catch (SyncopeClientException e) {
      assertEquals(ClientExceptionType.NotFound, e.getType());
      assertTrue(e.getMessage().contains("WRONG TOKEN"));
    }
    anonClient.getService(UserSelfService.class).confirmPasswordReset(token, "newPassword123");

    // 6. verify that password was reset and token removed
    authClient = clientFactory.create(user.getUsername(), "newPassword123");
    read = authClient.self().getValue();
    assertNotNull(read);
    assertNull(read.getToken());

    // 7. verify that password was changed on external resource
    String newPwdOnResource =
        jdbcTemplate.queryForObject(
            "SELECT password FROM test WHERE id=?", String.class, user.getUsername());
    assertTrue(StringUtils.isNotBlank(newPwdOnResource));
    assertNotEquals(pwdOnResource, newPwdOnResource);
  }
Beispiel #9
0
 @Test
 public void issueSYNCOPE373() {
   UserTO userTO = adminClient.self().getValue();
   assertEquals(ADMIN_UNAME, userTO.getUsername());
 }
Beispiel #10
0
  @Test
  public void updateWithApproval() {
    Assume.assumeTrue(ActivitiDetector.isActivitiEnabledForUsers(syncopeService));

    // 1. create user as admin
    UserTO created =
        createUser(UserITCase.getUniqueSampleTO("*****@*****.**")).getEntity();
    assertNotNull(created);
    assertFalse(created.getUsername().endsWith("XX"));

    // 2. self-update (username + memberships + resource) - works but needs approval
    UserPatch userPatch = new UserPatch();
    userPatch.setKey(created.getKey());
    userPatch.setUsername(
        new StringReplacePatchItem.Builder().value(created.getUsername() + "XX").build());
    userPatch
        .getMemberships()
        .add(
            new MembershipPatch.Builder()
                .operation(PatchOperation.ADD_REPLACE)
                .group("bf825fe1-7320-4a54-bd64-143b5c18ab97")
                .build());
    userPatch
        .getResources()
        .add(
            new StringPatchItem.Builder()
                .operation(PatchOperation.ADD_REPLACE)
                .value(RESOURCE_NAME_TESTDB)
                .build());
    userPatch.setPassword(
        new PasswordPatch.Builder()
            .value("newPassword123")
            .onSyncope(false)
            .resource(RESOURCE_NAME_TESTDB)
            .build());

    SyncopeClient authClient = clientFactory.create(created.getUsername(), "password123");
    UserTO updated =
        authClient
            .getService(UserSelfService.class)
            .update(userPatch)
            .readEntity(new GenericType<ProvisioningResult<UserTO>>() {})
            .getEntity();
    assertNotNull(updated);
    assertEquals("updateApproval", updated.getStatus());
    assertFalse(updated.getUsername().endsWith("XX"));
    assertTrue(updated.getMemberships().isEmpty());

    // no propagation happened
    assertTrue(updated.getResources().isEmpty());
    try {
      resourceService.readConnObject(
          RESOURCE_NAME_TESTDB, AnyTypeKind.USER.name(), updated.getKey());
      fail();
    } catch (SyncopeClientException e) {
      assertEquals(ClientExceptionType.NotFound, e.getType());
    }

    // 3. approve self-update as admin
    WorkflowFormTO form = userWorkflowService.getFormForUser(updated.getKey());
    form = userWorkflowService.claimForm(form.getTaskId());
    Map<String, WorkflowFormPropertyTO> props = form.getPropertyMap();
    props.get("approve").setValue(Boolean.TRUE.toString());
    form.getProperties().clear();
    form.getProperties().addAll(props.values());
    updated = userWorkflowService.submitForm(form);
    assertNotNull(updated);
    assertEquals("active", updated.getStatus());
    assertTrue(updated.getUsername().endsWith("XX"));
    assertEquals(1, updated.getMemberships().size());

    // check that propagation also happened
    assertTrue(updated.getResources().contains(RESOURCE_NAME_TESTDB));
    assertNotNull(
        resourceService.readConnObject(
            RESOURCE_NAME_TESTDB, AnyTypeKind.USER.name(), updated.getKey()));
  }