protected ScimUser updateUser(String token, int status, ScimUser user) throws Exception {
MockHttpServletRequestBuilder put =
put("/Users/" + user.getId())
.header("Authorization", "Bearer " + token)
.header("If-Match", "\"" + user.getVersion() + "\"")
.accept(APPLICATION_JSON)
.contentType(APPLICATION_JSON)
.content(JsonUtils.writeValueAsBytes(user));
if (status == HttpStatus.OK.value()) {
String json =
getMockMvc()
.perform(put)
.andExpect(status().isOk())
.andExpect(header().string("ETag", "\"1\""))
.andExpect(jsonPath("$.userName").value(user.getUserName()))
.andExpect(jsonPath("$.emails[0].value").value(user.getPrimaryEmail()))
.andExpect(jsonPath("$.name.givenName").value(user.getGivenName()))
.andExpect(jsonPath("$.name.familyName").value(user.getFamilyName()))
.andReturn()
.getResponse()
.getContentAsString();
return JsonUtils.readValue(json, ScimUser.class);
} else {
getMockMvc().perform(put).andExpect(status().is(status));
return null;
}
}
@Test
public void createUserInOtherZoneWithUaaAdminTokenFromNonDefaultZone() throws Exception {
IdentityZone identityZone = getIdentityZone();
String authorities = "uaa.admin";
clientDetails =
utils()
.createClient(
this.getMockMvc(),
uaaAdminToken,
"testClientId",
"testClientSecret",
null,
null,
Collections.singletonList("client_credentials"),
authorities,
null,
identityZone);
String uaaAdminTokenFromOtherZone =
testClient.getClientCredentialsOAuthAccessToken(
"testClientId", "testClientSecret", "uaa.admin", identityZone.getSubdomain());
byte[] requestBody = JsonUtils.writeValueAsBytes(getScimUser());
MockHttpServletRequestBuilder post =
post("/Users")
.header("Authorization", "Bearer " + uaaAdminTokenFromOtherZone)
.contentType(APPLICATION_JSON)
.content(requestBody);
post.with(new SetServerNameRequestPostProcessor(identityZone.getSubdomain() + ".localhost"));
post.header(IdentityZoneSwitchingFilter.HEADER, IdentityZone.getUaa().getId());
getMockMvc().perform(post).andExpect(status().isForbidden());
}
private ResultActions createUserAndReturnResult(
ScimUser user, String token, String subdomain, String switchZone) throws Exception {
byte[] requestBody = JsonUtils.writeValueAsBytes(user);
MockHttpServletRequestBuilder post =
post("/Users")
.header("Authorization", "Bearer " + token)
.contentType(APPLICATION_JSON)
.content(requestBody);
if (subdomain != null && !subdomain.equals(""))
post.with(new SetServerNameRequestPostProcessor(subdomain + ".localhost"));
if (switchZone != null) post.header(IdentityZoneSwitchingFilter.HEADER, switchZone);
return getMockMvc().perform(post);
}
@Test
public void testDeleteUserWithUaaAdminToken() throws Exception {
ScimUser user = setUpScimUser();
getMockMvc()
.perform(
(delete("/Users/" + user.getId()))
.header("Authorization", "Bearer " + uaaAdminToken)
.contentType(APPLICATION_JSON)
.content(JsonUtils.writeValueAsBytes(user)))
.andExpect(status().isOk())
.andExpect(jsonPath("$.userName").value(user.getUserName()))
.andExpect(jsonPath("$.emails[0].value").value(user.getPrimaryEmail()))
.andExpect(jsonPath("$.name.givenName").value(user.getGivenName()))
.andExpect(jsonPath("$.name.familyName").value(user.getFamilyName()));
}
@Test
public void cannotCreateUserWithInvalidPasswordInDefaultZone() throws Exception {
ScimUser user = getScimUser();
user.setPassword(new RandomValueStringGenerator(260).generate());
byte[] requestBody = JsonUtils.writeValueAsBytes(user);
MockHttpServletRequestBuilder post =
post("/Users")
.header("Authorization", "Bearer " + scimCreateToken)
.contentType(APPLICATION_JSON)
.content(requestBody);
getMockMvc()
.perform(post)
.andExpect(status().isBadRequest())
.andExpect(jsonPath("$.error").value("invalid_password"))
.andExpect(
jsonPath("$.message").value("Password must be no more than 255 characters in length."));
}
@Test
public void testUpdateUserInOtherZoneWithUaaAdminToken() throws Exception {
IdentityZone identityZone = getIdentityZone();
ScimUser user = setUpScimUser(identityZone);
user.setName(new ScimUser.Name("changed", "name"));
getMockMvc()
.perform(
put("/Users/" + user.getId())
.header("Authorization", "Bearer " + uaaAdminToken)
.header(IdentityZoneSwitchingFilter.HEADER, identityZone.getId())
.header("If-Match", "\"" + user.getVersion() + "\"")
.contentType(APPLICATION_JSON)
.content(JsonUtils.writeValueAsBytes(user)))
.andExpect(status().isOk())
.andExpect(header().string("ETag", "\"1\""))
.andExpect(jsonPath("$.userName").value(user.getUserName()))
.andExpect(jsonPath("$.emails[0].value").value(user.getPrimaryEmail()))
.andExpect(jsonPath("$.name.givenName").value(user.getGivenName()))
.andExpect(jsonPath("$.name.familyName").value(user.getFamilyName()));
}
@Test
public void testCreateUserInOtherZoneIsUnauthorized() throws Exception {
String subdomain = generator.generate();
mockMvcUtils.createOtherIdentityZone(subdomain, getMockMvc(), getWebApplicationContext());
String otherSubdomain = generator.generate();
mockMvcUtils.createOtherIdentityZone(otherSubdomain, getMockMvc(), getWebApplicationContext());
String zoneAdminToken =
testClient.getClientCredentialsOAuthAccessToken(
"admin", "admin-secret", "scim.write", subdomain);
ScimUser user = getScimUser();
byte[] requestBody = JsonUtils.writeValueAsBytes(user);
MockHttpServletRequestBuilder post =
post("/Users")
.with(new SetServerNameRequestPostProcessor(otherSubdomain + ".localhost"))
.header("Authorization", "Bearer " + zoneAdminToken)
.contentType(APPLICATION_JSON)
.content(requestBody);
getMockMvc().perform(post).andExpect(status().isUnauthorized());
}
