@Test
public void patch_user_to_inactive_then_login() throws Exception {
ScimUser user = setUpScimUser();
user.setVerified(true);
boolean active = true;
user.setActive(active);
getMockMvc()
.perform(
patch("/Users/" + user.getId())
.header("Authorization", "Bearer " + scimReadWriteToken)
.header("If-Match", "\"" + user.getVersion() + "\"")
.contentType(APPLICATION_JSON)
.content(JsonUtils.writeValueAsString(user)))
.andExpect(status().isOk())
.andExpect(jsonPath("$.active", equalTo(active)));
performAuthentication(user, true);
active = false;
user.setActive(active);
getMockMvc()
.perform(
patch("/Users/" + user.getId())
.header("Authorization", "Bearer " + scimReadWriteToken)
.header("If-Match", "\"" + (user.getVersion() + 1) + "\"")
.contentType(APPLICATION_JSON)
.content(JsonUtils.writeValueAsString(user)))
.andExpect(status().isOk())
.andExpect(jsonPath("$.active", equalTo(active)));
performAuthentication(user, false);
}
@Test
public void acceptInvitationWithInvalidRedirectUri() throws Exception {
ScimUser user = new ScimUser("user-id-001", "*****@*****.**", "first", "last");
user.setOrigin(UAA);
BaseClientDetails clientDetails =
new BaseClientDetails("client-id", null, null, null, null, "http://example.com/redirect");
when(scimUserProvisioning.verifyUser(anyString(), anyInt())).thenReturn(user);
when(scimUserProvisioning.update(anyString(), anyObject())).thenReturn(user);
when(scimUserProvisioning.retrieve(eq("user-id-001"))).thenReturn(user);
when(clientDetailsService.loadClientByClientId("acmeClientId")).thenReturn(clientDetails);
Map<String, String> userData = new HashMap<>();
userData.put(USER_ID, "user-id-001");
userData.put(EMAIL, "*****@*****.**");
userData.put(REDIRECT_URI, "http://someother/redirect");
userData.put(CLIENT_ID, "acmeClientId");
when(expiringCodeStore.retrieveCode(anyString()))
.thenReturn(
new ExpiringCode(
"code",
new Timestamp(System.currentTimeMillis()),
JsonUtils.writeValueAsString(userData)));
String redirectLocation =
emailInvitationsService.acceptInvitation("code", "password").getRedirectUri();
verify(scimUserProvisioning).verifyUser(user.getId(), user.getVersion());
verify(scimUserProvisioning).changePassword(user.getId(), null, "password");
assertEquals("/home", redirectLocation);
}
protected ScimUser updateUser(String token, int status, ScimUser user) throws Exception {
MockHttpServletRequestBuilder put =
put("/Users/" + user.getId())
.header("Authorization", "Bearer " + token)
.header("If-Match", "\"" + user.getVersion() + "\"")
.accept(APPLICATION_JSON)
.contentType(APPLICATION_JSON)
.content(JsonUtils.writeValueAsBytes(user));
if (status == HttpStatus.OK.value()) {
String json =
getMockMvc()
.perform(put)
.andExpect(status().isOk())
.andExpect(header().string("ETag", "\"1\""))
.andExpect(jsonPath("$.userName").value(user.getUserName()))
.andExpect(jsonPath("$.emails[0].value").value(user.getPrimaryEmail()))
.andExpect(jsonPath("$.name.givenName").value(user.getGivenName()))
.andExpect(jsonPath("$.name.familyName").value(user.getFamilyName()))
.andReturn()
.getResponse()
.getContentAsString();
return JsonUtils.readValue(json, ScimUser.class);
} else {
getMockMvc().perform(put).andExpect(status().is(status));
return null;
}
}
@Override
public ScimUser verifyUser(String id, int version)
throws ScimResourceNotFoundException, InvalidScimResourceException {
logger.debug("Verifying user: "******" and version=?",
true,
id,
IdentityZoneHolder.get().getId(),
version);
}
ScimUser user = retrieve(id);
if (updated == 0) {
throw new OptimisticLockingFailureException(
String.format(
"Attempt to update a user (%s) with wrong version: expected=%d but found=%d",
user.getId(), user.getVersion(), version));
}
if (updated > 1) {
throw new IncorrectResultSizeDataAccessException(1);
}
return user;
}
private ScimUser deactivateUser(ScimUser user, int version) {
logger.debug("Deactivating user: "******" and version=?",
false,
user.getId(),
IdentityZoneHolder.get().getId(),
version);
}
if (updated == 0) {
throw new OptimisticLockingFailureException(
String.format(
"Attempt to update a user (%s) with wrong version: expected=%d but found=%d",
user.getId(), user.getVersion(), version));
}
if (updated > 1) {
throw new IncorrectResultSizeDataAccessException(1);
}
user.setActive(false);
return user;
}
@Test
public void testUpdatedVersionedUserVerified() {
String tmpUserIdString = createUserForDelete();
ScimUser user = db.retrieve(tmpUserIdString);
assertFalse(user.isVerified());
user = db.verifyUser(tmpUserIdString, user.getVersion());
assertTrue(user.isVerified());
removeUser(tmpUserIdString);
}
@Override
public ScimUser update(final String id, final ScimUser user) throws InvalidScimResourceException {
validate(user);
logger.debug("Updating user " + user.getUserName());
final String origin = StringUtils.hasText(user.getOrigin()) ? user.getOrigin() : OriginKeys.UAA;
final String zoneId = IdentityZoneHolder.get().getId();
int updated =
jdbcTemplate.update(
UPDATE_USER_SQL,
new PreparedStatementSetter() {
@Override
public void setValues(PreparedStatement ps) throws SQLException {
int pos = 1;
Timestamp t = new Timestamp(new Date().getTime());
ps.setInt(pos++, user.getVersion() + 1);
ps.setTimestamp(pos++, t);
ps.setString(pos++, user.getUserName());
ps.setString(pos++, user.getPrimaryEmail());
ps.setString(pos++, user.getName().getGivenName());
ps.setString(pos++, user.getName().getFamilyName());
ps.setBoolean(pos++, user.isActive());
ps.setString(pos++, extractPhoneNumber(user));
ps.setBoolean(pos++, user.isVerified());
ps.setString(pos++, origin);
ps.setString(
pos++, StringUtils.hasText(user.getExternalId()) ? user.getExternalId() : null);
ps.setString(pos++, user.getSalt());
ps.setString(pos++, id);
ps.setInt(pos++, user.getVersion());
ps.setString(pos++, zoneId);
}
});
ScimUser result = retrieve(id);
if (updated == 0) {
throw new OptimisticLockingFailureException(
String.format(
"Attempt to update a user (%s) with wrong version: expected=%d but found=%d",
id, result.getVersion(), user.getVersion()));
}
if (updated > 1) {
throw new IncorrectResultSizeDataAccessException(1);
}
return result;
}
@Test(expected = OptimisticLockingFailureException.class)
public void testUpdatedIncorrectVersionUserVerified() {
String tmpUserIdString = createUserForDelete();
try {
ScimUser user = db.retrieve(tmpUserIdString);
assertFalse(user.isVerified());
user = db.verifyUser(tmpUserIdString, user.getVersion() + 50);
assertTrue(user.isVerified());
} finally {
removeUser(tmpUserIdString);
}
}
@Test
public void updateModifiesExpectedData() {
ScimUser jo = new ScimUser(null, "josephine", "Jo", "NewUser");
jo.addEmail("*****@*****.**");
jo.setUserType(UaaAuthority.UAA_ADMIN.getUserType());
ScimUser joe = db.update(JOE_ID, jo);
// Can change username
assertEquals("josephine", joe.getUserName());
assertEquals("*****@*****.**", joe.getPrimaryEmail());
assertEquals("Jo", joe.getGivenName());
assertEquals("NewUser", joe.getFamilyName());
assertEquals(1, joe.getVersion());
assertEquals(JOE_ID, joe.getId());
assertNull(joe.getGroups());
}
@Test
public void testUpdateUserInOtherZoneWithUaaAdminToken() throws Exception {
IdentityZone identityZone = getIdentityZone();
ScimUser user = setUpScimUser(identityZone);
user.setName(new ScimUser.Name("changed", "name"));
getMockMvc()
.perform(
put("/Users/" + user.getId())
.header("Authorization", "Bearer " + uaaAdminToken)
.header(IdentityZoneSwitchingFilter.HEADER, identityZone.getId())
.header("If-Match", "\"" + user.getVersion() + "\"")
.contentType(APPLICATION_JSON)
.content(JsonUtils.writeValueAsBytes(user)))
.andExpect(status().isOk())
.andExpect(header().string("ETag", "\"1\""))
.andExpect(jsonPath("$.userName").value(user.getUserName()))
.andExpect(jsonPath("$.emails[0].value").value(user.getPrimaryEmail()))
.andExpect(jsonPath("$.name.givenName").value(user.getGivenName()))
.andExpect(jsonPath("$.name.familyName").value(user.getFamilyName()));
}
@Test
public void create_user_then_update_without_email() throws Exception {
ScimUser user = setUpScimUser();
user.setEmails(null);
getMockMvc()
.perform(
put("/Users/" + user.getId())
.header("Authorization", "Bearer " + scimReadWriteToken)
.header("If-Match", "\"" + user.getVersion() + "\"")
.contentType(APPLICATION_JSON)
.content(JsonUtils.writeValueAsString(user)))
.andExpect(status().isBadRequest())
.andExpect(
content()
.string(
JsonObjectMatcherUtils.matchesJsonObject(
new JSONObject()
.put("error_description", "Exactly one email must be provided.")
.put("message", "Exactly one email must be provided.")
.put("error", "invalid_scim_resource"))));
}
private ScimUser deleteUser(ScimUser user, int version) {
logger.debug("Deleting user: "******" and version=?",
user.getId(),
IdentityZoneHolder.get().getId(),
version);
}
if (updated == 0) {
throw new OptimisticLockingFailureException(
String.format(
"Attempt to update a user (%s) with wrong version: expected=%d but found=%d",
user.getId(), user.getVersion(), version));
}
return user;
}
