@Test
public void test_cannot_delete_uaa_provider_users_in_other_zone() throws Exception {
String id = generator.generate();
IdentityZone zone = MultitenancyFixture.identityZone(id, id);
IdentityZoneHolder.set(zone);
ScimUser user = new ScimUser(null, "*****@*****.**", "Jo", "User");
user.addEmail("*****@*****.**");
user.setOrigin(UAA);
ScimUser created = db.createUser(user, "j7hyqpassX");
assertEquals("*****@*****.**", created.getUserName());
assertNotNull(created.getId());
assertEquals(UAA, created.getOrigin());
assertEquals(zone.getId(), created.getZoneId());
assertThat(
jdbcTemplate.queryForObject(
"select count(*) from users where origin=? and identity_zone_id=?",
new Object[] {UAA, zone.getId()},
Integer.class),
is(1));
IdentityProvider loginServer =
new IdentityProvider().setOriginKey(UAA).setIdentityZoneId(zone.getId());
db.onApplicationEvent(new EntityDeletedEvent<>(loginServer));
assertThat(
jdbcTemplate.queryForObject(
"select count(*) from users where origin=? and identity_zone_id=?",
new Object[] {UAA, zone.getId()},
Integer.class),
is(1));
}
@Test
public void test_can_delete_zone_users() throws Exception {
String id = generator.generate();
IdentityZone zone = MultitenancyFixture.identityZone(id, id);
IdentityZoneHolder.set(zone);
ScimUser user = new ScimUser(null, "*****@*****.**", "Jo", "User");
user.addEmail("*****@*****.**");
user.setOrigin(UAA);
ScimUser created = db.createUser(user, "j7hyqpassX");
assertEquals("*****@*****.**", created.getUserName());
assertNotNull(created.getId());
assertEquals(UAA, created.getOrigin());
assertEquals(zone.getId(), created.getZoneId());
assertThat(
jdbcTemplate.queryForObject(
"select count(*) from users where origin=? and identity_zone_id=?",
new Object[] {UAA, zone.getId()},
Integer.class),
is(1));
addApprovalAndMembership(created.getId(), created.getOrigin());
assertThat(
jdbcTemplate.queryForObject(
"select count(*) from authz_approvals where user_id=?",
new Object[] {created.getId()},
Integer.class),
is(1));
assertThat(
jdbcTemplate.queryForObject(
"select count(*) from group_membership where member_id=?",
new Object[] {created.getId()},
Integer.class),
is(1));
db.onApplicationEvent(new EntityDeletedEvent<>(zone));
assertThat(
jdbcTemplate.queryForObject(
"select count(*) from users where origin=? and identity_zone_id=?",
new Object[] {UAA, zone.getId()},
Integer.class),
is(0));
assertThat(
jdbcTemplate.queryForObject(
"select count(*) from authz_approvals where user_id=?",
new Object[] {created.getId()},
Integer.class),
is(0));
assertThat(
jdbcTemplate.queryForObject(
"select count(*) from group_membership where member_id=?",
new Object[] {created.getId()},
Integer.class),
is(0));
}
@Test
public void test_cannot_delete_uaa_provider() {
IdentityZoneHolder.set(zone);
addMembers(LOGIN_SERVER);
assertThat(
jdbcTemplate.queryForObject(
"select count(*) from group_membership where group_id in (select id from groups where identity_zone_id=?)",
new Object[] {IdentityZoneHolder.get().getId()},
Integer.class),
is(4));
assertThat(
jdbcTemplate.queryForObject(
"select count(*) from groups where identity_zone_id=?",
new Object[] {IdentityZoneHolder.get().getId()},
Integer.class),
is(3));
IdentityProvider loginServer =
new IdentityProvider().setOriginKey(UAA).setIdentityZoneId(zone.getId());
gdao.onApplicationEvent(new EntityDeletedEvent<>(loginServer, null));
assertThat(
jdbcTemplate.queryForObject(
"select count(*) from group_membership where group_id in (select id from groups where identity_zone_id=?)",
new Object[] {IdentityZoneHolder.get().getId()},
Integer.class),
is(4));
assertThat(
jdbcTemplate.queryForObject(
"select count(*) from groups where identity_zone_id=?",
new Object[] {IdentityZoneHolder.get().getId()},
Integer.class),
is(3));
}
@Before
public void initJdbcScimGroupMembershipManagerTests() {
JdbcTemplate template = new JdbcTemplate(dataSource);
JdbcPagingListFactory pagingListFactory = new JdbcPagingListFactory(template, limitSqlAdapter);
udao = new JdbcScimUserProvisioning(template, pagingListFactory);
gdao = new JdbcScimGroupProvisioning(template, pagingListFactory);
dao = new JdbcScimGroupMembershipManager(template, pagingListFactory);
dao.setScimGroupProvisioning(gdao);
dao.setScimUserProvisioning(udao);
dao.setDefaultUserGroups(Collections.singleton("uaa.user"));
for (String id : Arrays.asList(zone.getId(), IdentityZone.getUaa().getId())) {
String g1 = id.equals(zone.getId()) ? zone.getId() + "-" + "g1" : "g1";
String g2 = id.equals(zone.getId()) ? zone.getId() + "-" + "g2" : "g2";
String g3 = id.equals(zone.getId()) ? zone.getId() + "-" + "g3" : "g3";
String m1 = id.equals(zone.getId()) ? zone.getId() + "-" + "m1" : "m1";
String m2 = id.equals(zone.getId()) ? zone.getId() + "-" + "m2" : "m2";
String m3 = id.equals(zone.getId()) ? zone.getId() + "-" + "m3" : "m3";
addGroup(g1, "test1", id);
addGroup(g2, "test2", id);
addGroup(g3, "test3", id);
addUser(m1, "test", id);
addUser(m2, "test", id);
addUser(m3, "test", id);
mapExternalGroup(g1, g1 + "-external", UAA);
mapExternalGroup(g2, g2 + "-external", LOGIN_SERVER);
mapExternalGroup(g3, g3 + "-external", UAA);
}
validateCount(0);
}
@Test
public void createUserInOtherZoneWithUaaAdminToken() throws Exception {
IdentityZone otherIdentityZone = getIdentityZone();
createUser(
getScimUser(),
uaaAdminToken,
IdentityZone.getUaa().getSubdomain(),
otherIdentityZone.getId());
}
@Test
public void testDeleteUserInOtherZoneWithUaaAdminToken() throws Exception {
IdentityZone identityZone = getIdentityZone();
ScimUser user = setUpScimUser(identityZone);
getMockMvc()
.perform(
(delete("/Users/" + user.getId()))
.header("Authorization", "Bearer " + uaaAdminToken)
.header(IdentityZoneSwitchingFilter.HEADER, identityZone.getId())
.contentType(APPLICATION_JSON)
.content(JsonUtils.writeValueAsBytes(user)))
.andExpect(status().isOk())
.andExpect(jsonPath("$.userName").value(user.getUserName()))
.andExpect(jsonPath("$.emails[0].value").value(user.getPrimaryEmail()))
.andExpect(jsonPath("$.name.givenName").value(user.getGivenName()))
.andExpect(jsonPath("$.name.familyName").value(user.getFamilyName()));
}
@Test
public void test_zone_deleted() {
String zoneAdminId = generator.generate();
addGroup(zoneAdminId, "zones." + zone.getId() + ".admin", IdentityZone.getUaa().getId());
addMember(zoneAdminId, "m1", "USER", "MEMBER", OriginKeys.UAA);
IdentityZoneHolder.set(zone);
addMembers();
assertThat(
jdbcTemplate.queryForObject(
"select count(*) from group_membership where group_id in (select id from groups where identity_zone_id=?)",
new Object[] {IdentityZoneHolder.get().getId()},
Integer.class),
is(4));
assertThat(
jdbcTemplate.queryForObject(
"select count(*) from groups where identity_zone_id=?",
new Object[] {IdentityZoneHolder.get().getId()},
Integer.class),
is(3));
assertThat(
jdbcTemplate.queryForObject(
"select count(*) from external_group_mapping where group_id in (select id from groups where identity_zone_id=?)",
new Object[] {IdentityZoneHolder.get().getId()},
Integer.class),
is(3));
assertThat(
jdbcTemplate.queryForObject(
"select count(*) from group_membership where group_id in (select id from groups where identity_zone_id=? and displayName like ?)",
new Object[] {
IdentityZone.getUaa().getId(), "zones." + IdentityZoneHolder.get().getId() + ".%"
},
Integer.class),
is(1));
assertThat(
jdbcTemplate.queryForObject(
"select count(*) from groups where identity_zone_id=? and displayName like ?",
new Object[] {
IdentityZone.getUaa().getId(), "zones." + IdentityZoneHolder.get().getId() + ".%"
},
Integer.class),
is(1));
gdao.onApplicationEvent(new EntityDeletedEvent<>(zone, null));
assertThat(
jdbcTemplate.queryForObject(
"select count(*) from group_membership where group_id in (select id from groups where identity_zone_id=?)",
new Object[] {IdentityZoneHolder.get().getId()},
Integer.class),
is(0));
assertThat(
jdbcTemplate.queryForObject(
"select count(*) from groups where identity_zone_id=?",
new Object[] {IdentityZoneHolder.get().getId()},
Integer.class),
is(0));
assertThat(
jdbcTemplate.queryForObject(
"select count(*) from external_group_mapping where group_id in (select id from groups where identity_zone_id=?)",
new Object[] {IdentityZoneHolder.get().getId()},
Integer.class),
is(0));
assertThat(
jdbcTemplate.queryForObject(
"select count(*) from group_membership where group_id in (select id from groups where identity_zone_id=? and displayName like ?)",
new Object[] {
IdentityZone.getUaa().getId(), "zones." + IdentityZoneHolder.get().getId() + ".%"
},
Integer.class),
is(0));
assertThat(
jdbcTemplate.queryForObject(
"select count(*) from groups where identity_zone_id=? and displayName like ?",
new Object[] {
IdentityZone.getUaa().getId(), "zones." + IdentityZoneHolder.get().getId() + ".%"
},
Integer.class),
is(0));
}