/** Remove initial and synchronized users to make test re-runnable. */ protected void removeTestUsers() { for (int i = 0; i < 10; i++) { String cUserName = "******" + i; try { UserTO cUserTO = readUser(cUserName); userService.delete(cUserTO.getKey()); } catch (Exception e) { // Ignore } } }
@Test public void updateWithoutApproval() { // 1. create user as admin UserTO created = createUser(UserITCase.getUniqueSampleTO("*****@*****.**")).getEntity(); assertNotNull(created); assertFalse(created.getUsername().endsWith("XX")); // 2. self-update (username) - works UserPatch userPatch = new UserPatch(); userPatch.setKey(created.getKey()); userPatch.setUsername( new StringReplacePatchItem.Builder().value(created.getUsername() + "XX").build()); SyncopeClient authClient = clientFactory.create(created.getUsername(), "password123"); UserTO updated = authClient .getService(UserSelfService.class) .update(userPatch) .readEntity(new GenericType<ProvisioningResult<UserTO>>() {}) .getEntity(); assertNotNull(updated); assertEquals( ActivitiDetector.isActivitiEnabledForUsers(syncopeService) ? "active" : "created", updated.getStatus()); assertTrue(updated.getUsername().endsWith("XX")); }
@Test public void createAndApprove() { Assume.assumeTrue(ActivitiDetector.isActivitiEnabledForUsers(syncopeService)); // self-create user with membership: goes 'createApproval' with resources and membership but no // propagation UserTO userTO = UserITCase.getUniqueSampleTO("*****@*****.**"); userTO .getMemberships() .add(new MembershipTO.Builder().group("29f96485-729e-4d31-88a1-6fc60e4677f3").build()); userTO.getResources().add(RESOURCE_NAME_TESTDB); SyncopeClient anonClient = clientFactory.create(); userTO = anonClient .getService(UserSelfService.class) .create(userTO, true) .readEntity(new GenericType<ProvisioningResult<UserTO>>() {}) .getEntity(); assertNotNull(userTO); assertEquals("createApproval", userTO.getStatus()); assertFalse(userTO.getMemberships().isEmpty()); assertFalse(userTO.getResources().isEmpty()); try { resourceService.readConnObject( RESOURCE_NAME_TESTDB, AnyTypeKind.USER.name(), userTO.getKey()); fail(); } catch (SyncopeClientException e) { assertEquals(ClientExceptionType.NotFound, e.getType()); } // now approve and verify that propagation has happened WorkflowFormTO form = userWorkflowService.getFormForUser(userTO.getKey()); form = userWorkflowService.claimForm(form.getTaskId()); Map<String, WorkflowFormPropertyTO> props = form.getPropertyMap(); props.get("approve").setValue(Boolean.TRUE.toString()); form.getProperties().clear(); form.getProperties().addAll(props.values()); userTO = userWorkflowService.submitForm(form); assertNotNull(userTO); assertEquals("active", userTO.getStatus()); assertNotNull( resourceService.readConnObject( RESOURCE_NAME_TESTDB, AnyTypeKind.USER.name(), userTO.getKey())); }
@Test public void delete() { UserTO created = createUser(UserITCase.getUniqueSampleTO("*****@*****.**")).getEntity(); assertNotNull(created); SyncopeClient authClient = clientFactory.create(created.getUsername(), "password123"); UserTO deleted = authClient .getService(UserSelfService.class) .delete() .readEntity(new GenericType<ProvisioningResult<UserTO>>() {}) .getEntity(); assertNotNull(deleted); assertEquals( ActivitiDetector.isActivitiEnabledForUsers(syncopeService) ? "deleteApproval" : null, deleted.getStatus()); }
@Test public void create() { Assume.assumeTrue(ActivitiDetector.isActivitiEnabledForUsers(syncopeService)); // 1. self-registration as admin: failure try { userSelfService.create(UserITCase.getUniqueSampleTO("*****@*****.**"), true); fail(); } catch (AccessControlException e) { assertNotNull(e); } // 2. self-registration as anonymous: works SyncopeClient anonClient = clientFactory.create(); UserTO self = anonClient .getService(UserSelfService.class) .create(UserITCase.getUniqueSampleTO("*****@*****.**"), true) .readEntity(new GenericType<ProvisioningResult<UserTO>>() {}) .getEntity(); assertNotNull(self); assertEquals("createApproval", self.getStatus()); }
@Test public void mustChangePassword() { // PRE: reset vivaldi's password UserPatch userPatch = new UserPatch(); userPatch.setKey("b3cbc78d-32e6-4bd4-92e0-bbe07566a2ee"); userPatch.setPassword(new PasswordPatch.Builder().value("password321").build()); userService.update(userPatch); // 0. access as vivaldi -> succeed SyncopeClient vivaldiClient = clientFactory.create("vivaldi", "password321"); Pair<Map<String, Set<String>>, UserTO> self = vivaldiClient.self(); assertFalse(self.getRight().isMustChangePassword()); // 1. update user vivaldi (3) requirig password update userPatch = new UserPatch(); userPatch.setKey("b3cbc78d-32e6-4bd4-92e0-bbe07566a2ee"); userPatch.setMustChangePassword(new BooleanReplacePatchItem.Builder().value(true).build()); UserTO vivaldi = updateUser(userPatch).getEntity(); assertTrue(vivaldi.isMustChangePassword()); // 2. attempt to access -> fail try { vivaldiClient.getService(ResourceService.class).list(); fail(); } catch (AccessControlException e) { assertNotNull(e); assertEquals("Please change your password first", e.getMessage()); } // 3. change password vivaldiClient.getService(UserSelfService.class).changePassword("password123"); // 4. verify it worked self = clientFactory.create("vivaldi", "password123").self(); assertFalse(self.getRight().isMustChangePassword()); }
@Test public void passwordResetWithoutSecurityQuestion() { // 0. disable security question for password reset configurationService.set(attrTO("passwordReset.securityQuestion", "false")); // 1. create an user with security question and answer UserTO user = UserITCase.getUniqueSampleTO("*****@*****.**"); createUser(user); // 2. verify that new user is able to authenticate SyncopeClient authClient = clientFactory.create(user.getUsername(), "password123"); UserTO read = authClient.self().getValue(); assertNotNull(read); // 3. request password reset (as anonymous) with no security answer SyncopeClient anonClient = clientFactory.create(); anonClient.getService(UserSelfService.class).requestPasswordReset(user.getUsername(), null); // 4. get token (normally sent via e-mail, now reading as admin) String token = userService.read(read.getKey()).getToken(); assertNotNull(token); // 5. confirm password reset try { anonClient .getService(UserSelfService.class) .confirmPasswordReset("WRONG TOKEN", "newPassword"); fail(); } catch (SyncopeClientException e) { assertEquals(ClientExceptionType.NotFound, e.getType()); assertTrue(e.getMessage().contains("WRONG TOKEN")); } anonClient.getService(UserSelfService.class).confirmPasswordReset(token, "newPassword123"); // 6. verify that password was reset and token removed authClient = clientFactory.create(user.getUsername(), "newPassword123"); read = authClient.self().getValue(); assertNotNull(read); assertNull(read.getToken()); // 7. re-enable security question for password reset configurationService.set(attrTO("passwordReset.securityQuestion", "true")); }
@Test public void passwordReset() { // 0. ensure that password request DOES require security question configurationService.set(attrTO("passwordReset.securityQuestion", "true")); // 1. create an user with security question and answer UserTO user = UserITCase.getUniqueSampleTO("*****@*****.**"); user.setSecurityQuestion("887028ea-66fc-41e7-b397-620d7ea6dfbb"); user.setSecurityAnswer("Rossi"); user.getResources().add(RESOURCE_NAME_TESTDB); createUser(user); // verify propagation (including password) on external db JdbcTemplate jdbcTemplate = new JdbcTemplate(testDataSource); String pwdOnResource = jdbcTemplate.queryForObject( "SELECT password FROM test WHERE id=?", String.class, user.getUsername()); assertTrue(StringUtils.isNotBlank(pwdOnResource)); // 2. verify that new user is able to authenticate SyncopeClient authClient = clientFactory.create(user.getUsername(), "password123"); UserTO read = authClient.self().getValue(); assertNotNull(read); // 3. request password reset (as anonymous) providing the expected security answer SyncopeClient anonClient = clientFactory.create(); try { anonClient .getService(UserSelfService.class) .requestPasswordReset(user.getUsername(), "WRONG"); fail(); } catch (SyncopeClientException e) { assertEquals(ClientExceptionType.InvalidSecurityAnswer, e.getType()); } anonClient.getService(UserSelfService.class).requestPasswordReset(user.getUsername(), "Rossi"); // 4. get token (normally sent via e-mail, now reading as admin) String token = userService.read(read.getKey()).getToken(); assertNotNull(token); // 5. confirm password reset try { anonClient .getService(UserSelfService.class) .confirmPasswordReset("WRONG TOKEN", "newPassword"); fail(); } catch (SyncopeClientException e) { assertEquals(ClientExceptionType.NotFound, e.getType()); assertTrue(e.getMessage().contains("WRONG TOKEN")); } anonClient.getService(UserSelfService.class).confirmPasswordReset(token, "newPassword123"); // 6. verify that password was reset and token removed authClient = clientFactory.create(user.getUsername(), "newPassword123"); read = authClient.self().getValue(); assertNotNull(read); assertNull(read.getToken()); // 7. verify that password was changed on external resource String newPwdOnResource = jdbcTemplate.queryForObject( "SELECT password FROM test WHERE id=?", String.class, user.getUsername()); assertTrue(StringUtils.isNotBlank(newPwdOnResource)); assertNotEquals(pwdOnResource, newPwdOnResource); }
@Test public void issueSYNCOPE373() { UserTO userTO = adminClient.self().getValue(); assertEquals(ADMIN_UNAME, userTO.getUsername()); }
@Test public void updateWithApproval() { Assume.assumeTrue(ActivitiDetector.isActivitiEnabledForUsers(syncopeService)); // 1. create user as admin UserTO created = createUser(UserITCase.getUniqueSampleTO("*****@*****.**")).getEntity(); assertNotNull(created); assertFalse(created.getUsername().endsWith("XX")); // 2. self-update (username + memberships + resource) - works but needs approval UserPatch userPatch = new UserPatch(); userPatch.setKey(created.getKey()); userPatch.setUsername( new StringReplacePatchItem.Builder().value(created.getUsername() + "XX").build()); userPatch .getMemberships() .add( new MembershipPatch.Builder() .operation(PatchOperation.ADD_REPLACE) .group("bf825fe1-7320-4a54-bd64-143b5c18ab97") .build()); userPatch .getResources() .add( new StringPatchItem.Builder() .operation(PatchOperation.ADD_REPLACE) .value(RESOURCE_NAME_TESTDB) .build()); userPatch.setPassword( new PasswordPatch.Builder() .value("newPassword123") .onSyncope(false) .resource(RESOURCE_NAME_TESTDB) .build()); SyncopeClient authClient = clientFactory.create(created.getUsername(), "password123"); UserTO updated = authClient .getService(UserSelfService.class) .update(userPatch) .readEntity(new GenericType<ProvisioningResult<UserTO>>() {}) .getEntity(); assertNotNull(updated); assertEquals("updateApproval", updated.getStatus()); assertFalse(updated.getUsername().endsWith("XX")); assertTrue(updated.getMemberships().isEmpty()); // no propagation happened assertTrue(updated.getResources().isEmpty()); try { resourceService.readConnObject( RESOURCE_NAME_TESTDB, AnyTypeKind.USER.name(), updated.getKey()); fail(); } catch (SyncopeClientException e) { assertEquals(ClientExceptionType.NotFound, e.getType()); } // 3. approve self-update as admin WorkflowFormTO form = userWorkflowService.getFormForUser(updated.getKey()); form = userWorkflowService.claimForm(form.getTaskId()); Map<String, WorkflowFormPropertyTO> props = form.getPropertyMap(); props.get("approve").setValue(Boolean.TRUE.toString()); form.getProperties().clear(); form.getProperties().addAll(props.values()); updated = userWorkflowService.submitForm(form); assertNotNull(updated); assertEquals("active", updated.getStatus()); assertTrue(updated.getUsername().endsWith("XX")); assertEquals(1, updated.getMemberships().size()); // check that propagation also happened assertTrue(updated.getResources().contains(RESOURCE_NAME_TESTDB)); assertNotNull( resourceService.readConnObject( RESOURCE_NAME_TESTDB, AnyTypeKind.USER.name(), updated.getKey())); }