@Test
public void noActiveIdps_ReturnsEmptyResources() throws Exception {
when(provisioning.retrieveActive(anyString())).thenReturn(Collections.emptyList());
SearchResults<?> searchResults =
endpoints.findUsers("username eq \"foo\"", "ascending", 0, 100, false);
assertTrue(searchResults.getResources().isEmpty());
}
@SuppressWarnings("unchecked")
@Before
public void init() {
endpoints.setScimUserEndpoints(scimUserEndpoints);
endpoints.setEnabled(true);
when(securityContextAccessor.getAuthorities()).thenReturn(authorities);
when(securityContextAccessor.getAuthenticationInfo()).thenReturn("mock object");
when(provisioning.retrieveActive(anyString()))
.thenReturn(
Collections.singletonList(MultitenancyFixture.identityProvider("test-origin", "uaa")));
endpoints.setSecurityContextAccessor(securityContextAccessor);
}
@RequestMapping(
value = "/invite_users",
method = RequestMethod.POST,
consumes = "application/json")
public ResponseEntity<InvitationsResponse> inviteUsers(
@RequestBody InvitationsRequest invitations,
@RequestParam(value = "client_id", required = false) String clientId,
@RequestParam(value = "redirect_uri") String redirectUri) {
Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
if (authentication instanceof OAuth2Authentication) {
OAuth2Authentication oAuth2Authentication = (OAuth2Authentication) authentication;
if (clientId == null) {
clientId = oAuth2Authentication.getOAuth2Request().getClientId();
}
}
InvitationsResponse invitationsResponse = new InvitationsResponse();
DomainFilter filter = new DomainFilter();
List<IdentityProvider> activeProviders =
providers.retrieveActive(IdentityZoneHolder.get().getId());
ClientDetails client = clients.loadClientByClientId(clientId);
for (String email : invitations.getEmails()) {
try {
List<IdentityProvider> providers = filter.filter(activeProviders, client, email);
if (providers.size() == 1) {
ScimUser user = findOrCreateUser(email, providers.get(0).getOriginKey());
String accountsUrl = UaaUrlUtils.getUaaUrl("/invitations/accept");
Map<String, String> data = new HashMap<>();
data.put(InvitationConstants.USER_ID, user.getId());
data.put(InvitationConstants.EMAIL, user.getPrimaryEmail());
data.put(CLIENT_ID, clientId);
data.put(REDIRECT_URI, redirectUri);
data.put(ORIGIN, user.getOrigin());
Timestamp expiry =
new Timestamp(
System.currentTimeMillis() + (INVITATION_EXPIRY_DAYS * 24 * 60 * 60 * 1000));
ExpiringCode code =
expiringCodeStore.generateCode(JsonUtils.writeValueAsString(data), expiry, null);
String invitationLink = accountsUrl + "?code=" + code.getCode();
try {
URL inviteLink = new URL(invitationLink);
invitationsResponse
.getNewInvites()
.add(
InvitationsResponse.success(
user.getPrimaryEmail(), user.getId(), user.getOrigin(), inviteLink));
} catch (MalformedURLException mue) {
invitationsResponse
.getFailedInvites()
.add(
InvitationsResponse.failure(
email,
"invitation.exception.url",
String.format("Malformed url", invitationLink)));
}
} else if (providers.size() == 0) {
invitationsResponse
.getFailedInvites()
.add(
InvitationsResponse.failure(
email, "provider.non-existent", "No authentication provider found."));
} else {
invitationsResponse
.getFailedInvites()
.add(
InvitationsResponse.failure(
email, "provider.ambiguous", "Multiple authentication providers found."));
}
} catch (ScimResourceConflictException x) {
invitationsResponse
.getFailedInvites()
.add(
InvitationsResponse.failure(
email,
"user.ambiguous",
"Multiple users with the same origin matched to the email address."));
} catch (UaaException uaae) {
invitationsResponse
.getFailedInvites()
.add(InvitationsResponse.failure(email, "invitation.exception", uaae.getMessage()));
}
}
return new ResponseEntity<>(invitationsResponse, HttpStatus.OK);
}
