@Test
public void testCreateUserWithDuplicateUsernameInOtherIdp() throws Exception {
addUser(
"cba09242-aa43-4247-9aa0-b5c75c281f94",
"*****@*****.**",
"password",
"*****@*****.**",
"first",
"user",
"90438",
defaultIdentityProviderId,
"uaa");
String origin = "test-origin";
createOtherIdentityProvider(origin, IdentityZone.getUaa().getId());
ScimUser scimUser = new ScimUser(null, "*****@*****.**", "User", "Example");
ScimUser.Email email = new ScimUser.Email();
email.setValue("*****@*****.**");
scimUser.setEmails(Arrays.asList(email));
scimUser.setPassword("password");
scimUser.setOrigin(origin);
String userId2 = db.create(scimUser).getId();
assertNotNull(userId2);
assertNotEquals("cba09242-aa43-4247-9aa0-b5c75c281f94", userId2);
}
@Test
public void testCreateUserWithDuplicateUsername() throws Exception {
addUser(
"cba09242-aa43-4247-9aa0-b5c75c281f94",
"*****@*****.**",
"password",
"*****@*****.**",
"first",
"user",
"90438",
defaultIdentityProviderId,
"uaa");
ScimUser scimUser = new ScimUser("user-id-2", "*****@*****.**", "User", "Example");
ScimUser.Email email = new ScimUser.Email();
email.setValue("*****@*****.**");
scimUser.setEmails(Arrays.asList(email));
scimUser.setPassword("password");
try {
db.create(scimUser);
fail("Should have thrown an exception");
} catch (ScimResourceAlreadyExistsException e) {
Map<String, Object> userDetails = new HashMap<>();
userDetails.put("active", true);
userDetails.put("verified", false);
userDetails.put("user_id", "cba09242-aa43-4247-9aa0-b5c75c281f94");
assertEquals(HttpStatus.CONFLICT, e.getStatus());
assertEquals("Username already in use: [email protected]", e.getMessage());
assertEquals(userDetails, e.getExtraInfo());
}
}
private ScimUser createUser(ScimUser user, String token, String subdomain, String switchZone)
throws Exception {
String password = hasText(user.getPassword()) ? user.getPassword() : "pas5word";
user.setPassword(password);
MvcResult result =
createUserAndReturnResult(user, token, subdomain, switchZone)
.andExpect(status().isCreated())
.andExpect(header().string("ETag", "\"0\""))
.andExpect(jsonPath("$.userName").value(user.getUserName()))
.andExpect(jsonPath("$.emails[0].value").value(user.getUserName()))
.andExpect(jsonPath("$.name.familyName").value(user.getFamilyName()))
.andExpect(jsonPath("$.name.givenName").value(user.getGivenName()))
.andReturn();
user = JsonUtils.readValue(result.getResponse().getContentAsString(), ScimUser.class);
user.setPassword(password);
return user;
}
private ResponseEntity<ScimUser> createUser(
String username, String firstName, String lastName, String email) {
ScimUser user = new ScimUser();
user.setUserName(username);
user.setName(new ScimUser.Name(firstName, lastName));
user.addEmail(email);
user.setPassword("pas5Word");
user.setVerified(true);
return client.postForEntity(serverRunning.getUrl(userEndpoint), user, ScimUser.class);
}
@Test
public void testUserSelfAccess_Get_and_Post() throws Exception {
ScimUser user = getScimUser();
user.setPassword("secret");
user = createUser(user, scimReadWriteToken, IdentityZone.getUaa().getSubdomain());
String selfToken =
testClient.getUserOAuthAccessToken("cf", "", user.getUserName(), "secret", "");
user.setName(new ScimUser.Name("Given1", "Family1"));
user = updateUser(selfToken, HttpStatus.OK.value(), user);
user = getAndReturnUser(HttpStatus.OK.value(), user, selfToken);
}
@Test
public void testCreateUserCheckSalt() throws Exception {
ScimUser scimUser = new ScimUser("user-id-3", "*****@*****.**", "User", "Example");
ScimUser.Email email = new ScimUser.Email();
email.setValue("*****@*****.**");
scimUser.setEmails(Arrays.asList(email));
scimUser.setPassword("password");
scimUser.setSalt("salt");
scimUser = db.create(scimUser);
assertNotNull(scimUser);
assertEquals("salt", scimUser.getSalt());
scimUser.setSalt("newsalt");
scimUser = db.update(scimUser.getId(), scimUser);
assertNotNull(scimUser);
assertEquals("newsalt", scimUser.getSalt());
}
@Test
public void test_Create_User_Too_Long_Password() throws Exception {
String email = "joe@" + generator.generate().toLowerCase() + ".com";
ScimUser user = getScimUser();
user.setUserName(email);
user.setPrimaryEmail(email);
user.setPassword(new RandomValueStringGenerator(300).generate());
ResultActions result = createUserAndReturnResult(user, scimReadWriteToken, null, null);
result
.andExpect(status().isBadRequest())
.andExpect(jsonPath("$.error").value("invalid_password"))
.andExpect(
jsonPath("$.message").value("Password must be no more than 255 characters in length."))
.andExpect(
jsonPath("$.error_description")
.value("Password must be no more than 255 characters in length."));
}
@Test
public void cannotCreateUserWithInvalidPasswordInDefaultZone() throws Exception {
ScimUser user = getScimUser();
user.setPassword(new RandomValueStringGenerator(260).generate());
byte[] requestBody = JsonUtils.writeValueAsBytes(user);
MockHttpServletRequestBuilder post =
post("/Users")
.header("Authorization", "Bearer " + scimCreateToken)
.contentType(APPLICATION_JSON)
.content(requestBody);
getMockMvc()
.perform(post)
.andExpect(status().isBadRequest())
.andExpect(jsonPath("$.error").value("invalid_password"))
.andExpect(
jsonPath("$.message").value("Password must be no more than 255 characters in length."));
}
private ScimUser createUnapprovedUser() throws Exception {
String userName = "******" + new RandomValueStringGenerator().generate();
String userEmail = userName + "@example.com";
RestOperations restTemplate = serverRunning.getRestTemplate();
ScimUser user = new ScimUser();
user.setUserName(userName);
user.setPassword("s3Cretsecret");
user.addEmail(userEmail);
user.setActive(true);
user.setVerified(true);
ResponseEntity<ScimUser> result =
restTemplate.postForEntity(serverRunning.getUrl("/Users"), user, ScimUser.class);
assertEquals(HttpStatus.CREATED, result.getStatusCode());
return user;
}
@Override
public ScimUser createUser(ScimUser user, final String password)
throws InvalidPasswordException, InvalidScimResourceException {
user.setPassword(passwordEncoder.encode(password));
return create(user);
}