@Test
 public void validateOriginAndExternalIDDuringCreateAndUpdate() {
   String origin = "test";
   String externalId = "testId";
   ScimUser user = new ScimUser(null, "*****@*****.**", "Jo", "User");
   user.setOrigin(origin);
   user.setExternalId(externalId);
   user.addEmail("*****@*****.**");
   ScimUser created = db.createUser(user, "j7hyqpassX");
   assertEquals("*****@*****.**", created.getUserName());
   assertNotNull(created.getId());
   assertNotSame(user.getId(), created.getId());
   Map<String, Object> map =
       template.queryForMap("select * from users where id=?", created.getId());
   assertEquals(user.getUserName(), map.get("userName"));
   assertEquals(user.getUserType(), map.get(UaaAuthority.UAA_USER.getUserType()));
   assertNull(created.getGroups());
   assertEquals(origin, created.getOrigin());
   assertEquals(externalId, created.getExternalId());
   String origin2 = "test2";
   String externalId2 = "testId2";
   created.setOrigin(origin2);
   created.setExternalId(externalId2);
   ScimUser updated = db.update(created.getId(), created);
   assertEquals(origin2, updated.getOrigin());
   assertEquals(externalId2, updated.getExternalId());
 }
  @Test
  public void acceptInvitationWithInvalidRedirectUri() throws Exception {
    ScimUser user = new ScimUser("user-id-001", "*****@*****.**", "first", "last");
    user.setOrigin(UAA);
    BaseClientDetails clientDetails =
        new BaseClientDetails("client-id", null, null, null, null, "http://example.com/redirect");
    when(scimUserProvisioning.verifyUser(anyString(), anyInt())).thenReturn(user);
    when(scimUserProvisioning.update(anyString(), anyObject())).thenReturn(user);
    when(scimUserProvisioning.retrieve(eq("user-id-001"))).thenReturn(user);
    when(clientDetailsService.loadClientByClientId("acmeClientId")).thenReturn(clientDetails);
    Map<String, String> userData = new HashMap<>();
    userData.put(USER_ID, "user-id-001");
    userData.put(EMAIL, "*****@*****.**");
    userData.put(REDIRECT_URI, "http://someother/redirect");
    userData.put(CLIENT_ID, "acmeClientId");
    when(expiringCodeStore.retrieveCode(anyString()))
        .thenReturn(
            new ExpiringCode(
                "code",
                new Timestamp(System.currentTimeMillis()),
                JsonUtils.writeValueAsString(userData)));

    String redirectLocation =
        emailInvitationsService.acceptInvitation("code", "password").getRedirectUri();

    verify(scimUserProvisioning).verifyUser(user.getId(), user.getVersion());
    verify(scimUserProvisioning).changePassword(user.getId(), null, "password");
    assertEquals("/home", redirectLocation);
  }
Пример #3
0
  @Test
  public void testCreateUserWithDuplicateUsernameInOtherIdp() throws Exception {
    addUser(
        "cba09242-aa43-4247-9aa0-b5c75c281f94",
        "*****@*****.**",
        "password",
        "*****@*****.**",
        "first",
        "user",
        "90438",
        defaultIdentityProviderId,
        "uaa");

    String origin = "test-origin";
    createOtherIdentityProvider(origin, IdentityZone.getUaa().getId());

    ScimUser scimUser = new ScimUser(null, "*****@*****.**", "User", "Example");
    ScimUser.Email email = new ScimUser.Email();
    email.setValue("*****@*****.**");
    scimUser.setEmails(Arrays.asList(email));
    scimUser.setPassword("password");
    scimUser.setOrigin(origin);
    String userId2 = db.create(scimUser).getId();
    assertNotNull(userId2);
    assertNotEquals("cba09242-aa43-4247-9aa0-b5c75c281f94", userId2);
  }
Пример #4
0
 @Test
 public void test_cannot_delete_uaa_provider_users_in_other_zone() throws Exception {
   String id = generator.generate();
   IdentityZone zone = MultitenancyFixture.identityZone(id, id);
   IdentityZoneHolder.set(zone);
   ScimUser user = new ScimUser(null, "*****@*****.**", "Jo", "User");
   user.addEmail("*****@*****.**");
   user.setOrigin(UAA);
   ScimUser created = db.createUser(user, "j7hyqpassX");
   assertEquals("*****@*****.**", created.getUserName());
   assertNotNull(created.getId());
   assertEquals(UAA, created.getOrigin());
   assertEquals(zone.getId(), created.getZoneId());
   assertThat(
       jdbcTemplate.queryForObject(
           "select count(*) from users where origin=? and identity_zone_id=?",
           new Object[] {UAA, zone.getId()},
           Integer.class),
       is(1));
   IdentityProvider loginServer =
       new IdentityProvider().setOriginKey(UAA).setIdentityZoneId(zone.getId());
   db.onApplicationEvent(new EntityDeletedEvent<>(loginServer));
   assertThat(
       jdbcTemplate.queryForObject(
           "select count(*) from users where origin=? and identity_zone_id=?",
           new Object[] {UAA, zone.getId()},
           Integer.class),
       is(1));
 }
Пример #5
0
 @Test
 public void test_cannot_delete_uaa_zone_users() throws Exception {
   ScimUser user = new ScimUser(null, "*****@*****.**", "Jo", "User");
   user.addEmail("*****@*****.**");
   user.setOrigin(UAA);
   ScimUser created = db.createUser(user, "j7hyqpassX");
   assertEquals("*****@*****.**", created.getUserName());
   assertNotNull(created.getId());
   assertEquals(UAA, created.getOrigin());
   assertThat(
       jdbcTemplate.queryForObject(
           "select count(*) from users where origin=? and identity_zone_id=?",
           new Object[] {UAA, IdentityZone.getUaa().getId()},
           Integer.class),
       is(3));
   IdentityProvider loginServer =
       new IdentityProvider().setOriginKey(UAA).setIdentityZoneId(IdentityZone.getUaa().getId());
   db.onApplicationEvent(new EntityDeletedEvent<>(loginServer));
   assertThat(
       jdbcTemplate.queryForObject(
           "select count(*) from users where origin=? and identity_zone_id=?",
           new Object[] {UAA, IdentityZone.getUaa().getId()},
           Integer.class),
       is(3));
 }
Пример #6
0
  @Test
  public void test_can_delete_zone_users() throws Exception {
    String id = generator.generate();
    IdentityZone zone = MultitenancyFixture.identityZone(id, id);
    IdentityZoneHolder.set(zone);
    ScimUser user = new ScimUser(null, "*****@*****.**", "Jo", "User");
    user.addEmail("*****@*****.**");
    user.setOrigin(UAA);
    ScimUser created = db.createUser(user, "j7hyqpassX");
    assertEquals("*****@*****.**", created.getUserName());
    assertNotNull(created.getId());
    assertEquals(UAA, created.getOrigin());
    assertEquals(zone.getId(), created.getZoneId());
    assertThat(
        jdbcTemplate.queryForObject(
            "select count(*) from users where origin=? and identity_zone_id=?",
            new Object[] {UAA, zone.getId()},
            Integer.class),
        is(1));
    addApprovalAndMembership(created.getId(), created.getOrigin());
    assertThat(
        jdbcTemplate.queryForObject(
            "select count(*) from authz_approvals where user_id=?",
            new Object[] {created.getId()},
            Integer.class),
        is(1));
    assertThat(
        jdbcTemplate.queryForObject(
            "select count(*) from group_membership where member_id=?",
            new Object[] {created.getId()},
            Integer.class),
        is(1));

    db.onApplicationEvent(new EntityDeletedEvent<>(zone));
    assertThat(
        jdbcTemplate.queryForObject(
            "select count(*) from users where origin=? and identity_zone_id=?",
            new Object[] {UAA, zone.getId()},
            Integer.class),
        is(0));
    assertThat(
        jdbcTemplate.queryForObject(
            "select count(*) from authz_approvals where user_id=?",
            new Object[] {created.getId()},
            Integer.class),
        is(0));
    assertThat(
        jdbcTemplate.queryForObject(
            "select count(*) from group_membership where member_id=?",
            new Object[] {created.getId()},
            Integer.class),
        is(0));
  }
Пример #7
0
  @Test
  public void test_can_delete_provider_users_in_default_zone() throws Exception {
    ScimUser user = new ScimUser(null, "*****@*****.**", "Jo", "User");
    user.addEmail("*****@*****.**");
    user.setOrigin(LOGIN_SERVER);
    ScimUser created = db.createUser(user, "j7hyqpassX");
    assertEquals("*****@*****.**", created.getUserName());
    assertNotNull(created.getId());
    assertEquals(LOGIN_SERVER, created.getOrigin());
    assertThat(
        jdbcTemplate.queryForObject(
            "select count(*) from users where origin=? and identity_zone_id=?",
            new Object[] {LOGIN_SERVER, IdentityZone.getUaa().getId()},
            Integer.class),
        is(1));
    addApprovalAndMembership(created.getId(), created.getOrigin());
    assertThat(
        jdbcTemplate.queryForObject(
            "select count(*) from authz_approvals where user_id=?",
            new Object[] {created.getId()},
            Integer.class),
        is(1));
    assertThat(
        jdbcTemplate.queryForObject(
            "select count(*) from group_membership where member_id=?",
            new Object[] {created.getId()},
            Integer.class),
        is(1));

    IdentityProvider loginServer =
        new IdentityProvider()
            .setOriginKey(LOGIN_SERVER)
            .setIdentityZoneId(IdentityZone.getUaa().getId());
    db.onApplicationEvent(new EntityDeletedEvent<>(loginServer));
    assertThat(
        jdbcTemplate.queryForObject(
            "select count(*) from users where origin=? and identity_zone_id=?",
            new Object[] {LOGIN_SERVER, IdentityZone.getUaa().getId()},
            Integer.class),
        is(0));
    assertThat(
        jdbcTemplate.queryForObject(
            "select count(*) from authz_approvals where user_id=?",
            new Object[] {created.getId()},
            Integer.class),
        is(0));
    assertThat(
        jdbcTemplate.queryForObject(
            "select count(*) from group_membership where member_id=?",
            new Object[] {created.getId()},
            Integer.class),
        is(0));
  }
  // TODO: add cases for username no existing external user with username not email
  @Test
  public void accept_invitation_with_external_user_that_does_not_have_email_as_their_username() {
    String userId = "user-id-001";
    String email = "*****@*****.**";
    String actualUsername = "******";
    ScimUser userBeforeAccept = new ScimUser(userId, email, "first", "last");
    userBeforeAccept.setPrimaryEmail(email);
    userBeforeAccept.setOrigin(Origin.SAML);

    when(scimUserProvisioning.verifyUser(eq(userId), anyInt())).thenReturn(userBeforeAccept);
    when(scimUserProvisioning.retrieve(eq(userId))).thenReturn(userBeforeAccept);

    BaseClientDetails clientDetails =
        new BaseClientDetails("client-id", null, null, null, null, "http://example.com/redirect");
    when(clientDetailsService.loadClientByClientId("acmeClientId")).thenReturn(clientDetails);

    Map<String, String> userData = new HashMap<>();
    userData.put(USER_ID, userBeforeAccept.getId());
    userData.put(EMAIL, userBeforeAccept.getPrimaryEmail());
    userData.put(REDIRECT_URI, "http://someother/redirect");
    userData.put(CLIENT_ID, "acmeClientId");
    when(expiringCodeStore.retrieveCode(anyString()))
        .thenReturn(
            new ExpiringCode(
                "code",
                new Timestamp(System.currentTimeMillis()),
                JsonUtils.writeValueAsString(userData)));

    ScimUser userAfterAccept =
        new ScimUser(
            userId,
            actualUsername,
            userBeforeAccept.getGivenName(),
            userBeforeAccept.getFamilyName());
    userAfterAccept.setPrimaryEmail(email);

    when(scimUserProvisioning.verifyUser(eq(userId), anyInt())).thenReturn(userAfterAccept);

    ScimUser acceptedUser = emailInvitationsService.acceptInvitation("code", "password").getUser();
    assertEquals(userAfterAccept.getUserName(), acceptedUser.getUserName());
    assertEquals(userAfterAccept.getName(), acceptedUser.getName());
    assertEquals(userAfterAccept.getPrimaryEmail(), acceptedUser.getPrimaryEmail());

    verify(scimUserProvisioning).verifyUser(eq(userId), anyInt());
  }
Пример #9
0
 protected ScimUser findOrCreateUser(String email, String origin) {
   email = email.trim().toLowerCase();
   List<ScimUser> results =
       users.query(String.format("email eq \"%s\" and origin eq \"%s\"", email, origin));
   if (results == null || results.size() == 0) {
     ScimUser user = new ScimUser(null, email, "", "");
     user.setPrimaryEmail(email.toLowerCase());
     user.setOrigin(origin);
     user.setVerified(false);
     user.setActive(true);
     return users.createUser(user, new RandomValueStringGenerator(12).generate());
   } else if (results.size() == 1) {
     return results.get(0);
   } else {
     throw new ScimResourceConflictException(
         String.format("Ambiguous users found for email:%s with origin:%s", email, origin));
   }
 }
Пример #10
0
 @Override
 public ScimUser mapRow(ResultSet rs, int rowNum) throws SQLException {
   String id = rs.getString(1);
   int version = rs.getInt(2);
   Date created = rs.getTimestamp(3);
   Date lastModified = rs.getTimestamp(4);
   String userName = rs.getString(5);
   String email = rs.getString(6);
   String givenName = rs.getString(7);
   String familyName = rs.getString(8);
   boolean active = rs.getBoolean(9);
   String phoneNumber = rs.getString(10);
   boolean verified = rs.getBoolean(11);
   String origin = rs.getString(12);
   String externalId = rs.getString(13);
   String zoneId = rs.getString(14);
   String salt = rs.getString(15);
   Date passwordLastModified = rs.getTimestamp(16);
   ScimUser user = new ScimUser();
   user.setId(id);
   ScimMeta meta = new ScimMeta();
   meta.setVersion(version);
   meta.setCreated(created);
   meta.setLastModified(lastModified);
   user.setMeta(meta);
   user.setUserName(userName);
   user.addEmail(email);
   if (phoneNumber != null) {
     user.addPhoneNumber(phoneNumber);
   }
   Name name = new Name();
   name.setGivenName(givenName);
   name.setFamilyName(familyName);
   user.setName(name);
   user.setActive(active);
   user.setVerified(verified);
   user.setOrigin(origin);
   user.setExternalId(externalId);
   user.setZoneId(zoneId);
   user.setSalt(salt);
   user.setPasswordLastModified(passwordLastModified);
   return user;
 }