@Test
public void test_cannot_delete_uaa_zone_users() throws Exception {
ScimUser user = new ScimUser(null, "*****@*****.**", "Jo", "User");
user.addEmail("*****@*****.**");
user.setOrigin(UAA);
ScimUser created = db.createUser(user, "j7hyqpassX");
assertEquals("*****@*****.**", created.getUserName());
assertNotNull(created.getId());
assertEquals(UAA, created.getOrigin());
assertThat(
jdbcTemplate.queryForObject(
"select count(*) from users where origin=? and identity_zone_id=?",
new Object[] {UAA, IdentityZone.getUaa().getId()},
Integer.class),
is(3));
IdentityProvider loginServer =
new IdentityProvider().setOriginKey(UAA).setIdentityZoneId(IdentityZone.getUaa().getId());
db.onApplicationEvent(new EntityDeletedEvent<>(loginServer));
assertThat(
jdbcTemplate.queryForObject(
"select count(*) from users where origin=? and identity_zone_id=?",
new Object[] {UAA, IdentityZone.getUaa().getId()},
Integer.class),
is(3));
}
@Test
public void validateOriginAndExternalIDDuringCreateAndUpdate() {
String origin = "test";
String externalId = "testId";
ScimUser user = new ScimUser(null, "*****@*****.**", "Jo", "User");
user.setOrigin(origin);
user.setExternalId(externalId);
user.addEmail("*****@*****.**");
ScimUser created = db.createUser(user, "j7hyqpassX");
assertEquals("*****@*****.**", created.getUserName());
assertNotNull(created.getId());
assertNotSame(user.getId(), created.getId());
Map<String, Object> map =
template.queryForMap("select * from users where id=?", created.getId());
assertEquals(user.getUserName(), map.get("userName"));
assertEquals(user.getUserType(), map.get(UaaAuthority.UAA_USER.getUserType()));
assertNull(created.getGroups());
assertEquals(origin, created.getOrigin());
assertEquals(externalId, created.getExternalId());
String origin2 = "test2";
String externalId2 = "testId2";
created.setOrigin(origin2);
created.setExternalId(externalId2);
ScimUser updated = db.update(created.getId(), created);
assertEquals(origin2, updated.getOrigin());
assertEquals(externalId2, updated.getExternalId());
}
@Test
public void test_cannot_delete_uaa_provider_users_in_other_zone() throws Exception {
String id = generator.generate();
IdentityZone zone = MultitenancyFixture.identityZone(id, id);
IdentityZoneHolder.set(zone);
ScimUser user = new ScimUser(null, "*****@*****.**", "Jo", "User");
user.addEmail("*****@*****.**");
user.setOrigin(UAA);
ScimUser created = db.createUser(user, "j7hyqpassX");
assertEquals("*****@*****.**", created.getUserName());
assertNotNull(created.getId());
assertEquals(UAA, created.getOrigin());
assertEquals(zone.getId(), created.getZoneId());
assertThat(
jdbcTemplate.queryForObject(
"select count(*) from users where origin=? and identity_zone_id=?",
new Object[] {UAA, zone.getId()},
Integer.class),
is(1));
IdentityProvider loginServer =
new IdentityProvider().setOriginKey(UAA).setIdentityZoneId(zone.getId());
db.onApplicationEvent(new EntityDeletedEvent<>(loginServer));
assertThat(
jdbcTemplate.queryForObject(
"select count(*) from users where origin=? and identity_zone_id=?",
new Object[] {UAA, zone.getId()},
Integer.class),
is(1));
}
@Test(expected = InvalidScimResourceException.class)
public void updateWithBadUsernameIsError() {
ScimUser jo = new ScimUser(null, "jo$ephine", "Jo", "NewUser");
jo.addEmail("*****@*****.**");
jo.setVersion(1);
ScimUser joe = db.update(JOE_ID, jo);
assertEquals("joe", joe.getUserName());
}
@Test
public void updateWithEmptyPhoneNumberWorks() {
ScimUser jo = new ScimUser(null, "josephine", "Jo", "NewUser");
PhoneNumber emptyNumber = new PhoneNumber();
jo.addEmail("*****@*****.**");
jo.setPhoneNumbers(Arrays.asList(emptyNumber));
ScimUser joe = db.update(JOE_ID, jo);
}
private ScimUser getScimUser() {
String email = "joe@" + generator.generate().toLowerCase() + ".com";
ScimUser user = new ScimUser();
user.setUserName(email);
user.setName(new ScimUser.Name("Joe", "User"));
user.addEmail(email);
return user;
}
@Test
public void canCreateUserWithExclamationMarkInUsername() {
String userName = "******";
ScimUser user = new ScimUser(null, userName, "Jo", "User");
user.addEmail(userName);
ScimUser created = db.createUser(user, "j7hyqpassX");
assertEquals(userName, created.getUserName());
}
@Test(expected = OptimisticLockingFailureException.class)
public void updateWithWrongVersionIsError() {
ScimUser jo = new ScimUser(null, "josephine", "Jo", "NewUser");
jo.addEmail("*****@*****.**");
jo.setVersion(1);
ScimUser joe = db.update(JOE_ID, jo);
assertEquals("joe", joe.getUserName());
}
@Test
public void test_Create_User_More_Than_One_Email() throws Exception {
ScimUser scimUser = getScimUser();
String secondEmail = "joe@" + generator.generate().toLowerCase() + ".com";
scimUser.addEmail(secondEmail);
createUserAndReturnResult(scimUser, scimReadWriteToken, null, null)
.andExpect(status().isBadRequest());
}
private ResponseEntity<ScimUser> createUser(
String username, String firstName, String lastName, String email) {
ScimUser user = new ScimUser();
user.setUserName(username);
user.setName(new ScimUser.Name(firstName, lastName));
user.addEmail(email);
user.setPassword("pas5Word");
user.setVerified(true);
return client.postForEntity(serverRunning.getUrl(userEndpoint), user, ScimUser.class);
}
@Before
public void setup() {
JdbcTemplate jdbcTemplate = new JdbcTemplate(database);
JdbcScimUserProvisioning dao =
new JdbcScimUserProvisioning(
jdbcTemplate, new JdbcPagingListFactory(jdbcTemplate, new DefaultLimitSqlAdapter()));
dao.setPasswordEncoder(NoOpPasswordEncoder.getInstance());
endpoints = new PasswordChangeEndpoint();
endpoints.setScimUserProvisioning(dao);
joel = new ScimUser(null, "jdsa", "Joel", "D'sa");
joel.addEmail("*****@*****.**");
dale = new ScimUser(null, "olds", "Dale", "Olds");
dale.addEmail("*****@*****.**");
joel = dao.createUser(joel, "password");
dale = dao.createUser(dale, "password");
}
@Test
public void updateCannotModifyGroups() {
ScimUser jo = new ScimUser(null, "josephine", "Jo", "NewUser");
jo.addEmail("*****@*****.**");
jo.setGroups(Collections.singleton(new Group(null, "dash/user")));
ScimUser joe = db.update(JOE_ID, jo);
assertEquals(JOE_ID, joe.getId());
assertNull(joe.getGroups());
}
@Test
public void test_can_delete_zone_users() throws Exception {
String id = generator.generate();
IdentityZone zone = MultitenancyFixture.identityZone(id, id);
IdentityZoneHolder.set(zone);
ScimUser user = new ScimUser(null, "*****@*****.**", "Jo", "User");
user.addEmail("*****@*****.**");
user.setOrigin(UAA);
ScimUser created = db.createUser(user, "j7hyqpassX");
assertEquals("*****@*****.**", created.getUserName());
assertNotNull(created.getId());
assertEquals(UAA, created.getOrigin());
assertEquals(zone.getId(), created.getZoneId());
assertThat(
jdbcTemplate.queryForObject(
"select count(*) from users where origin=? and identity_zone_id=?",
new Object[] {UAA, zone.getId()},
Integer.class),
is(1));
addApprovalAndMembership(created.getId(), created.getOrigin());
assertThat(
jdbcTemplate.queryForObject(
"select count(*) from authz_approvals where user_id=?",
new Object[] {created.getId()},
Integer.class),
is(1));
assertThat(
jdbcTemplate.queryForObject(
"select count(*) from group_membership where member_id=?",
new Object[] {created.getId()},
Integer.class),
is(1));
db.onApplicationEvent(new EntityDeletedEvent<>(zone));
assertThat(
jdbcTemplate.queryForObject(
"select count(*) from users where origin=? and identity_zone_id=?",
new Object[] {UAA, zone.getId()},
Integer.class),
is(0));
assertThat(
jdbcTemplate.queryForObject(
"select count(*) from authz_approvals where user_id=?",
new Object[] {created.getId()},
Integer.class),
is(0));
assertThat(
jdbcTemplate.queryForObject(
"select count(*) from group_membership where member_id=?",
new Object[] {created.getId()},
Integer.class),
is(0));
}
@Test
public void test_can_delete_provider_users_in_default_zone() throws Exception {
ScimUser user = new ScimUser(null, "*****@*****.**", "Jo", "User");
user.addEmail("*****@*****.**");
user.setOrigin(LOGIN_SERVER);
ScimUser created = db.createUser(user, "j7hyqpassX");
assertEquals("*****@*****.**", created.getUserName());
assertNotNull(created.getId());
assertEquals(LOGIN_SERVER, created.getOrigin());
assertThat(
jdbcTemplate.queryForObject(
"select count(*) from users where origin=? and identity_zone_id=?",
new Object[] {LOGIN_SERVER, IdentityZone.getUaa().getId()},
Integer.class),
is(1));
addApprovalAndMembership(created.getId(), created.getOrigin());
assertThat(
jdbcTemplate.queryForObject(
"select count(*) from authz_approvals where user_id=?",
new Object[] {created.getId()},
Integer.class),
is(1));
assertThat(
jdbcTemplate.queryForObject(
"select count(*) from group_membership where member_id=?",
new Object[] {created.getId()},
Integer.class),
is(1));
IdentityProvider loginServer =
new IdentityProvider()
.setOriginKey(LOGIN_SERVER)
.setIdentityZoneId(IdentityZone.getUaa().getId());
db.onApplicationEvent(new EntityDeletedEvent<>(loginServer));
assertThat(
jdbcTemplate.queryForObject(
"select count(*) from users where origin=? and identity_zone_id=?",
new Object[] {LOGIN_SERVER, IdentityZone.getUaa().getId()},
Integer.class),
is(0));
assertThat(
jdbcTemplate.queryForObject(
"select count(*) from authz_approvals where user_id=?",
new Object[] {created.getId()},
Integer.class),
is(0));
assertThat(
jdbcTemplate.queryForObject(
"select count(*) from group_membership where member_id=?",
new Object[] {created.getId()},
Integer.class),
is(0));
}
@Test
public void canCreateUserWithoutGivenNameAndFamilyName() {
ScimUser user = new ScimUser(null, "*****@*****.**", null, null);
user.addEmail("*****@*****.**");
ScimUser created = db.createUser(user, "j7hyqpassX");
assertEquals("*****@*****.**", created.getUserName());
assertNotNull(created.getId());
assertNotSame(user.getId(), created.getId());
Map<String, Object> map =
template.queryForMap("select * from users where id=?", created.getId());
assertEquals(user.getUserName(), map.get("userName"));
assertEquals(user.getUserType(), map.get(UaaAuthority.UAA_USER.getUserType()));
assertNull(created.getGroups());
}
private ScimUser setUpScimUser(IdentityZone zone) {
IdentityZone original = IdentityZoneHolder.get();
try {
IdentityZoneHolder.set(zone);
String email = "joe@" + generator.generate().toLowerCase() + ".com";
ScimUser joel = new ScimUser(null, email, "Joel", "D'sa");
joel.setVerified(false);
joel.addEmail(email);
joel = usersRepository.createUser(joel, USER_PASSWORD);
return joel;
} finally {
IdentityZoneHolder.set(original);
}
}
@Test
public void updateModifiesExpectedData() {
ScimUser jo = new ScimUser(null, "josephine", "Jo", "NewUser");
jo.addEmail("*****@*****.**");
jo.setUserType(UaaAuthority.UAA_ADMIN.getUserType());
ScimUser joe = db.update(JOE_ID, jo);
// Can change username
assertEquals("josephine", joe.getUserName());
assertEquals("*****@*****.**", joe.getPrimaryEmail());
assertEquals("Jo", joe.getGivenName());
assertEquals("NewUser", joe.getFamilyName());
assertEquals(1, joe.getVersion());
assertEquals(JOE_ID, joe.getId());
assertNull(joe.getGroups());
}
protected ScimUser updateUser(String token, int status) throws Exception {
ScimUserProvisioning usersRepository =
getWebApplicationContext().getBean(ScimUserProvisioning.class);
String email = "otheruser@" + generator.generate().toLowerCase() + ".com";
ScimUser user = new ScimUser(null, email, "Other", "User");
user.addEmail(email);
user = usersRepository.createUser(user, "pas5Word");
if (status == HttpStatus.BAD_REQUEST.value()) {
user.setUserName(null);
} else {
String username2 = "ou" + generator.generate().toLowerCase();
user.setUserName(username2);
}
user.setName(new ScimUser.Name("Joe", "Smith"));
return updateUser(token, status, user);
}
private ScimUser createUnapprovedUser() throws Exception {
String userName = "******" + new RandomValueStringGenerator().generate();
String userEmail = userName + "@example.com";
RestOperations restTemplate = serverRunning.getRestTemplate();
ScimUser user = new ScimUser();
user.setUserName(userName);
user.setPassword("s3Cretsecret");
user.addEmail(userEmail);
user.setActive(true);
user.setVerified(true);
ResponseEntity<ScimUser> result =
restTemplate.postForEntity(serverRunning.getUrl("/Users"), user, ScimUser.class);
assertEquals(HttpStatus.CREATED, result.getStatusCode());
return user;
}
@Test
public void canCreateUserInOtherIdentityZone() {
String otherZoneId = "my-zone-id";
createOtherIdentityZone(otherZoneId);
String idpId = createOtherIdentityProvider(OriginKeys.UAA, otherZoneId);
ScimUser user = new ScimUser(null, "*****@*****.**", "Jo", "User");
user.addEmail("*****@*****.**");
ScimUser created = db.createUser(user, "j7hyqpassX");
assertEquals("*****@*****.**", created.getUserName());
assertNotNull(created.getId());
assertNotSame(user.getId(), created.getId());
Map<String, Object> map =
jdbcTemplate.queryForMap("select * from users where id=?", created.getId());
assertEquals(user.getUserName(), map.get("userName"));
assertEquals(user.getUserType(), map.get(UaaAuthority.UAA_USER.getUserType()));
assertNull(created.getGroups());
assertEquals(OriginKeys.UAA, created.getOrigin());
assertEquals("my-zone-id", map.get("identity_zone_id"));
}
@Override
public ScimUser mapRow(ResultSet rs, int rowNum) throws SQLException {
String id = rs.getString(1);
int version = rs.getInt(2);
Date created = rs.getTimestamp(3);
Date lastModified = rs.getTimestamp(4);
String userName = rs.getString(5);
String email = rs.getString(6);
String givenName = rs.getString(7);
String familyName = rs.getString(8);
boolean active = rs.getBoolean(9);
String phoneNumber = rs.getString(10);
boolean verified = rs.getBoolean(11);
String origin = rs.getString(12);
String externalId = rs.getString(13);
String zoneId = rs.getString(14);
String salt = rs.getString(15);
Date passwordLastModified = rs.getTimestamp(16);
ScimUser user = new ScimUser();
user.setId(id);
ScimMeta meta = new ScimMeta();
meta.setVersion(version);
meta.setCreated(created);
meta.setLastModified(lastModified);
user.setMeta(meta);
user.setUserName(userName);
user.addEmail(email);
if (phoneNumber != null) {
user.addPhoneNumber(phoneNumber);
}
Name name = new Name();
name.setGivenName(givenName);
name.setFamilyName(familyName);
user.setName(name);
user.setActive(active);
user.setVerified(verified);
user.setOrigin(origin);
user.setExternalId(externalId);
user.setZoneId(zoneId);
user.setSalt(salt);
user.setPasswordLastModified(passwordLastModified);
return user;
}
@Test
public void canModifyPassword() throws Exception {
ScimUser user = new ScimUser(null, generator.generate() + "@foo.com", "Jo", "User");
user.addEmail(user.getUserName());
ScimUser created = db.createUser(user, "j7hyqpassX");
assertNull(user.getPasswordLastModified());
assertNotNull(created.getPasswordLastModified());
assertEquals(
(created.getMeta().getCreated().getTime() / 1000l) * 1000l,
created.getPasswordLastModified().getTime());
Thread.sleep(10);
db.changePassword(created.getId(), "j7hyqpassX", "j7hyqpassXXX");
user = db.retrieve(created.getId());
assertNotNull(user.getPasswordLastModified());
assertEquals(
(user.getMeta().getLastModified().getTime() / 1000l) * 1000l,
user.getPasswordLastModified().getTime());
}
@Test
public void canCreateUserInDefaultIdentityZone() {
ScimUser user = new ScimUser(null, "*****@*****.**", "Jo", "User");
user.addEmail("*****@*****.**");
ScimUser created = db.createUser(user, "j7hyqpassX");
assertEquals("*****@*****.**", created.getUserName());
assertNotNull(created.getId());
assertNotSame(user.getId(), created.getId());
Map<String, Object> map =
jdbcTemplate.queryForMap("select * from users where id=?", created.getId());
assertEquals(user.getUserName(), map.get("userName"));
assertEquals(user.getUserType(), map.get(UaaAuthority.UAA_USER.getUserType()));
assertNull(created.getGroups());
assertEquals(OriginKeys.UAA, created.getOrigin());
assertEquals("uaa", map.get("identity_zone_id"));
assertNull(user.getPasswordLastModified());
assertNotNull(created.getPasswordLastModified());
assertEquals(
(created.getMeta().getCreated().getTime() / 1000l) * 1000l,
created.getPasswordLastModified().getTime());
}
private void verifyUser(String token) throws Exception {
ScimUserProvisioning usersRepository =
getWebApplicationContext().getBean(ScimUserProvisioning.class);
String email = "joe@" + generator.generate().toLowerCase() + ".com";
ScimUser joel = new ScimUser(null, email, "Joel", "D'sa");
joel.addEmail(email);
joel = usersRepository.createUser(joel, "pas5Word");
MockHttpServletRequestBuilder get =
MockMvcRequestBuilders.get("/Users/" + joel.getId() + "/verify")
.header("Authorization", "Bearer " + token)
.accept(APPLICATION_JSON);
getMockMvc()
.perform(get)
.andExpect(status().isOk())
.andExpect(header().string("ETag", "\"0\""))
.andExpect(jsonPath("$.userName").value(email))
.andExpect(jsonPath("$.emails[0].value").value(email))
.andExpect(jsonPath("$.name.familyName").value("D'sa"))
.andExpect(jsonPath("$.name.givenName").value("Joel"))
.andExpect(jsonPath("$.verified").value(true));
}
@Test
public void canCreateUserWithSingleQuoteInEmailAndUsername() {
ScimUser user = new ScimUser(null, "ro'*****@*****.**", "Rob", "O'Gallagher");
user.addEmail("ro'*****@*****.**");
db.createUser(user, "j7hyqpassX");
}
@Test(expected = InvalidScimResourceException.class)
public void cannotCreateUserWithNonAsciiUsername() {
ScimUser user = new ScimUser(null, "joe$eph", "Jo", "User");
user.addEmail("*****@*****.**");
db.createUser(user, "j7hyqpassX");
}
