@Test public void patch_user_to_inactive_then_login() throws Exception { ScimUser user = setUpScimUser(); user.setVerified(true); boolean active = true; user.setActive(active); getMockMvc() .perform( patch("/Users/" + user.getId()) .header("Authorization", "Bearer " + scimReadWriteToken) .header("If-Match", "\"" + user.getVersion() + "\"") .contentType(APPLICATION_JSON) .content(JsonUtils.writeValueAsString(user))) .andExpect(status().isOk()) .andExpect(jsonPath("$.active", equalTo(active))); performAuthentication(user, true); active = false; user.setActive(active); getMockMvc() .perform( patch("/Users/" + user.getId()) .header("Authorization", "Bearer " + scimReadWriteToken) .header("If-Match", "\"" + (user.getVersion() + 1) + "\"") .contentType(APPLICATION_JSON) .content(JsonUtils.writeValueAsString(user))) .andExpect(status().isOk()) .andExpect(jsonPath("$.active", equalTo(active))); performAuthentication(user, false); }
@Test public void acceptInvitationWithInvalidRedirectUri() throws Exception { ScimUser user = new ScimUser("user-id-001", "*****@*****.**", "first", "last"); user.setOrigin(UAA); BaseClientDetails clientDetails = new BaseClientDetails("client-id", null, null, null, null, "http://example.com/redirect"); when(scimUserProvisioning.verifyUser(anyString(), anyInt())).thenReturn(user); when(scimUserProvisioning.update(anyString(), anyObject())).thenReturn(user); when(scimUserProvisioning.retrieve(eq("user-id-001"))).thenReturn(user); when(clientDetailsService.loadClientByClientId("acmeClientId")).thenReturn(clientDetails); Map<String, String> userData = new HashMap<>(); userData.put(USER_ID, "user-id-001"); userData.put(EMAIL, "*****@*****.**"); userData.put(REDIRECT_URI, "http://someother/redirect"); userData.put(CLIENT_ID, "acmeClientId"); when(expiringCodeStore.retrieveCode(anyString())) .thenReturn( new ExpiringCode( "code", new Timestamp(System.currentTimeMillis()), JsonUtils.writeValueAsString(userData))); String redirectLocation = emailInvitationsService.acceptInvitation("code", "password").getRedirectUri(); verify(scimUserProvisioning).verifyUser(user.getId(), user.getVersion()); verify(scimUserProvisioning).changePassword(user.getId(), null, "password"); assertEquals("/home", redirectLocation); }
protected ScimUser updateUser(String token, int status, ScimUser user) throws Exception { MockHttpServletRequestBuilder put = put("/Users/" + user.getId()) .header("Authorization", "Bearer " + token) .header("If-Match", "\"" + user.getVersion() + "\"") .accept(APPLICATION_JSON) .contentType(APPLICATION_JSON) .content(JsonUtils.writeValueAsBytes(user)); if (status == HttpStatus.OK.value()) { String json = getMockMvc() .perform(put) .andExpect(status().isOk()) .andExpect(header().string("ETag", "\"1\"")) .andExpect(jsonPath("$.userName").value(user.getUserName())) .andExpect(jsonPath("$.emails[0].value").value(user.getPrimaryEmail())) .andExpect(jsonPath("$.name.givenName").value(user.getGivenName())) .andExpect(jsonPath("$.name.familyName").value(user.getFamilyName())) .andReturn() .getResponse() .getContentAsString(); return JsonUtils.readValue(json, ScimUser.class); } else { getMockMvc().perform(put).andExpect(status().is(status)); return null; } }
@Override public ScimUser verifyUser(String id, int version) throws ScimResourceNotFoundException, InvalidScimResourceException { logger.debug("Verifying user: "******" and version=?", true, id, IdentityZoneHolder.get().getId(), version); } ScimUser user = retrieve(id); if (updated == 0) { throw new OptimisticLockingFailureException( String.format( "Attempt to update a user (%s) with wrong version: expected=%d but found=%d", user.getId(), user.getVersion(), version)); } if (updated > 1) { throw new IncorrectResultSizeDataAccessException(1); } return user; }
private ScimUser deactivateUser(ScimUser user, int version) { logger.debug("Deactivating user: "******" and version=?", false, user.getId(), IdentityZoneHolder.get().getId(), version); } if (updated == 0) { throw new OptimisticLockingFailureException( String.format( "Attempt to update a user (%s) with wrong version: expected=%d but found=%d", user.getId(), user.getVersion(), version)); } if (updated > 1) { throw new IncorrectResultSizeDataAccessException(1); } user.setActive(false); return user; }
@Test public void testUpdatedVersionedUserVerified() { String tmpUserIdString = createUserForDelete(); ScimUser user = db.retrieve(tmpUserIdString); assertFalse(user.isVerified()); user = db.verifyUser(tmpUserIdString, user.getVersion()); assertTrue(user.isVerified()); removeUser(tmpUserIdString); }
@Override public ScimUser update(final String id, final ScimUser user) throws InvalidScimResourceException { validate(user); logger.debug("Updating user " + user.getUserName()); final String origin = StringUtils.hasText(user.getOrigin()) ? user.getOrigin() : OriginKeys.UAA; final String zoneId = IdentityZoneHolder.get().getId(); int updated = jdbcTemplate.update( UPDATE_USER_SQL, new PreparedStatementSetter() { @Override public void setValues(PreparedStatement ps) throws SQLException { int pos = 1; Timestamp t = new Timestamp(new Date().getTime()); ps.setInt(pos++, user.getVersion() + 1); ps.setTimestamp(pos++, t); ps.setString(pos++, user.getUserName()); ps.setString(pos++, user.getPrimaryEmail()); ps.setString(pos++, user.getName().getGivenName()); ps.setString(pos++, user.getName().getFamilyName()); ps.setBoolean(pos++, user.isActive()); ps.setString(pos++, extractPhoneNumber(user)); ps.setBoolean(pos++, user.isVerified()); ps.setString(pos++, origin); ps.setString( pos++, StringUtils.hasText(user.getExternalId()) ? user.getExternalId() : null); ps.setString(pos++, user.getSalt()); ps.setString(pos++, id); ps.setInt(pos++, user.getVersion()); ps.setString(pos++, zoneId); } }); ScimUser result = retrieve(id); if (updated == 0) { throw new OptimisticLockingFailureException( String.format( "Attempt to update a user (%s) with wrong version: expected=%d but found=%d", id, result.getVersion(), user.getVersion())); } if (updated > 1) { throw new IncorrectResultSizeDataAccessException(1); } return result; }
@Test(expected = OptimisticLockingFailureException.class) public void testUpdatedIncorrectVersionUserVerified() { String tmpUserIdString = createUserForDelete(); try { ScimUser user = db.retrieve(tmpUserIdString); assertFalse(user.isVerified()); user = db.verifyUser(tmpUserIdString, user.getVersion() + 50); assertTrue(user.isVerified()); } finally { removeUser(tmpUserIdString); } }
@Test public void updateModifiesExpectedData() { ScimUser jo = new ScimUser(null, "josephine", "Jo", "NewUser"); jo.addEmail("*****@*****.**"); jo.setUserType(UaaAuthority.UAA_ADMIN.getUserType()); ScimUser joe = db.update(JOE_ID, jo); // Can change username assertEquals("josephine", joe.getUserName()); assertEquals("*****@*****.**", joe.getPrimaryEmail()); assertEquals("Jo", joe.getGivenName()); assertEquals("NewUser", joe.getFamilyName()); assertEquals(1, joe.getVersion()); assertEquals(JOE_ID, joe.getId()); assertNull(joe.getGroups()); }
@Test public void testUpdateUserInOtherZoneWithUaaAdminToken() throws Exception { IdentityZone identityZone = getIdentityZone(); ScimUser user = setUpScimUser(identityZone); user.setName(new ScimUser.Name("changed", "name")); getMockMvc() .perform( put("/Users/" + user.getId()) .header("Authorization", "Bearer " + uaaAdminToken) .header(IdentityZoneSwitchingFilter.HEADER, identityZone.getId()) .header("If-Match", "\"" + user.getVersion() + "\"") .contentType(APPLICATION_JSON) .content(JsonUtils.writeValueAsBytes(user))) .andExpect(status().isOk()) .andExpect(header().string("ETag", "\"1\"")) .andExpect(jsonPath("$.userName").value(user.getUserName())) .andExpect(jsonPath("$.emails[0].value").value(user.getPrimaryEmail())) .andExpect(jsonPath("$.name.givenName").value(user.getGivenName())) .andExpect(jsonPath("$.name.familyName").value(user.getFamilyName())); }
@Test public void create_user_then_update_without_email() throws Exception { ScimUser user = setUpScimUser(); user.setEmails(null); getMockMvc() .perform( put("/Users/" + user.getId()) .header("Authorization", "Bearer " + scimReadWriteToken) .header("If-Match", "\"" + user.getVersion() + "\"") .contentType(APPLICATION_JSON) .content(JsonUtils.writeValueAsString(user))) .andExpect(status().isBadRequest()) .andExpect( content() .string( JsonObjectMatcherUtils.matchesJsonObject( new JSONObject() .put("error_description", "Exactly one email must be provided.") .put("message", "Exactly one email must be provided.") .put("error", "invalid_scim_resource")))); }
private ScimUser deleteUser(ScimUser user, int version) { logger.debug("Deleting user: "******" and version=?", user.getId(), IdentityZoneHolder.get().getId(), version); } if (updated == 0) { throw new OptimisticLockingFailureException( String.format( "Attempt to update a user (%s) with wrong version: expected=%d but found=%d", user.getId(), user.getVersion(), version)); } return user; }