protected ScimUser updateUser(String token, int status, ScimUser user) throws Exception { MockHttpServletRequestBuilder put = put("/Users/" + user.getId()) .header("Authorization", "Bearer " + token) .header("If-Match", "\"" + user.getVersion() + "\"") .accept(APPLICATION_JSON) .contentType(APPLICATION_JSON) .content(JsonUtils.writeValueAsBytes(user)); if (status == HttpStatus.OK.value()) { String json = getMockMvc() .perform(put) .andExpect(status().isOk()) .andExpect(header().string("ETag", "\"1\"")) .andExpect(jsonPath("$.userName").value(user.getUserName())) .andExpect(jsonPath("$.emails[0].value").value(user.getPrimaryEmail())) .andExpect(jsonPath("$.name.givenName").value(user.getGivenName())) .andExpect(jsonPath("$.name.familyName").value(user.getFamilyName())) .andReturn() .getResponse() .getContentAsString(); return JsonUtils.readValue(json, ScimUser.class); } else { getMockMvc().perform(put).andExpect(status().is(status)); return null; } }
@Test public void createUserInOtherZoneWithUaaAdminTokenFromNonDefaultZone() throws Exception { IdentityZone identityZone = getIdentityZone(); String authorities = "uaa.admin"; clientDetails = utils() .createClient( this.getMockMvc(), uaaAdminToken, "testClientId", "testClientSecret", null, null, Collections.singletonList("client_credentials"), authorities, null, identityZone); String uaaAdminTokenFromOtherZone = testClient.getClientCredentialsOAuthAccessToken( "testClientId", "testClientSecret", "uaa.admin", identityZone.getSubdomain()); byte[] requestBody = JsonUtils.writeValueAsBytes(getScimUser()); MockHttpServletRequestBuilder post = post("/Users") .header("Authorization", "Bearer " + uaaAdminTokenFromOtherZone) .contentType(APPLICATION_JSON) .content(requestBody); post.with(new SetServerNameRequestPostProcessor(identityZone.getSubdomain() + ".localhost")); post.header(IdentityZoneSwitchingFilter.HEADER, IdentityZone.getUaa().getId()); getMockMvc().perform(post).andExpect(status().isForbidden()); }
private ResultActions createUserAndReturnResult( ScimUser user, String token, String subdomain, String switchZone) throws Exception { byte[] requestBody = JsonUtils.writeValueAsBytes(user); MockHttpServletRequestBuilder post = post("/Users") .header("Authorization", "Bearer " + token) .contentType(APPLICATION_JSON) .content(requestBody); if (subdomain != null && !subdomain.equals("")) post.with(new SetServerNameRequestPostProcessor(subdomain + ".localhost")); if (switchZone != null) post.header(IdentityZoneSwitchingFilter.HEADER, switchZone); return getMockMvc().perform(post); }
@Test public void testDeleteUserWithUaaAdminToken() throws Exception { ScimUser user = setUpScimUser(); getMockMvc() .perform( (delete("/Users/" + user.getId())) .header("Authorization", "Bearer " + uaaAdminToken) .contentType(APPLICATION_JSON) .content(JsonUtils.writeValueAsBytes(user))) .andExpect(status().isOk()) .andExpect(jsonPath("$.userName").value(user.getUserName())) .andExpect(jsonPath("$.emails[0].value").value(user.getPrimaryEmail())) .andExpect(jsonPath("$.name.givenName").value(user.getGivenName())) .andExpect(jsonPath("$.name.familyName").value(user.getFamilyName())); }
@Test public void cannotCreateUserWithInvalidPasswordInDefaultZone() throws Exception { ScimUser user = getScimUser(); user.setPassword(new RandomValueStringGenerator(260).generate()); byte[] requestBody = JsonUtils.writeValueAsBytes(user); MockHttpServletRequestBuilder post = post("/Users") .header("Authorization", "Bearer " + scimCreateToken) .contentType(APPLICATION_JSON) .content(requestBody); getMockMvc() .perform(post) .andExpect(status().isBadRequest()) .andExpect(jsonPath("$.error").value("invalid_password")) .andExpect( jsonPath("$.message").value("Password must be no more than 255 characters in length.")); }
@Test public void testUpdateUserInOtherZoneWithUaaAdminToken() throws Exception { IdentityZone identityZone = getIdentityZone(); ScimUser user = setUpScimUser(identityZone); user.setName(new ScimUser.Name("changed", "name")); getMockMvc() .perform( put("/Users/" + user.getId()) .header("Authorization", "Bearer " + uaaAdminToken) .header(IdentityZoneSwitchingFilter.HEADER, identityZone.getId()) .header("If-Match", "\"" + user.getVersion() + "\"") .contentType(APPLICATION_JSON) .content(JsonUtils.writeValueAsBytes(user))) .andExpect(status().isOk()) .andExpect(header().string("ETag", "\"1\"")) .andExpect(jsonPath("$.userName").value(user.getUserName())) .andExpect(jsonPath("$.emails[0].value").value(user.getPrimaryEmail())) .andExpect(jsonPath("$.name.givenName").value(user.getGivenName())) .andExpect(jsonPath("$.name.familyName").value(user.getFamilyName())); }
@Test public void testCreateUserInOtherZoneIsUnauthorized() throws Exception { String subdomain = generator.generate(); mockMvcUtils.createOtherIdentityZone(subdomain, getMockMvc(), getWebApplicationContext()); String otherSubdomain = generator.generate(); mockMvcUtils.createOtherIdentityZone(otherSubdomain, getMockMvc(), getWebApplicationContext()); String zoneAdminToken = testClient.getClientCredentialsOAuthAccessToken( "admin", "admin-secret", "scim.write", subdomain); ScimUser user = getScimUser(); byte[] requestBody = JsonUtils.writeValueAsBytes(user); MockHttpServletRequestBuilder post = post("/Users") .with(new SetServerNameRequestPostProcessor(otherSubdomain + ".localhost")) .header("Authorization", "Bearer " + zoneAdminToken) .contentType(APPLICATION_JSON) .content(requestBody); getMockMvc().perform(post).andExpect(status().isUnauthorized()); }