private void initializeUserAccount(RestOperations client) {
if (this.user == null) {
UaaUser user = testAccounts.getUser();
@SuppressWarnings("rawtypes")
ResponseEntity<Map> results =
client.getForEntity(
serverRunning.getUserUri() + "?filter=userName eq '" + user.getUsername() + "'",
Map.class);
assertEquals(HttpStatus.OK, results.getStatusCode());
@SuppressWarnings("unchecked")
List<Map<String, ?>> resources = (List<Map<String, ?>>) results.getBody().get("resources");
Map<String, ?> map;
if (!resources.isEmpty()) {
map = resources.get(0);
} else {
map = getUserAsMap(user);
@SuppressWarnings("rawtypes")
ResponseEntity<Map> response =
client.postForEntity(serverRunning.getUserUri(), map, Map.class);
Assert.state(
response.getStatusCode() == HttpStatus.CREATED,
"User account not created: status was " + response.getStatusCode());
@SuppressWarnings("unchecked")
Map<String, ?> value = response.getBody();
map = value;
}
this.user = getUserFromMap(map);
}
}
@Test
public void addUsersWithSameUsername() throws Exception {
String origin = "testOrigin";
String email = "*****@*****.**";
String firstName = "FirstName";
String lastName = "LastName";
String password = "";
String externalId = null;
String userId = new RandomValueStringGenerator().generate();
String username = new RandomValueStringGenerator().generate();
UaaUser user =
getUaaUser(
new String[0],
origin,
email,
firstName,
lastName,
password,
externalId,
userId,
username);
ScimUserBootstrap bootstrap = new ScimUserBootstrap(db, gdb, mdb, Arrays.asList(user));
bootstrap.afterPropertiesSet();
user = user.modifySource("newOrigin", "");
bootstrap.addUser(user);
assertEquals(2, db.retrieveAll().size());
}
@Override
public void userAuthenticationSuccess(UaaUser user, UaaAuthenticationDetails details) {
Assert.notNull(user, "UaaUser cannot be null");
createAuditRecord(
user.getId(),
AuditEventType.UserAuthenticationSuccess,
getOrigin(details),
user.getUsername());
}
@Override
public Authentication authenticate(Authentication req) throws AuthenticationException {
logger.debug("Processing authentication request for " + req.getName());
if (req.getCredentials() == null) {
BadCredentialsException e = new BadCredentialsException("No password supplied");
publish(new AuthenticationFailureBadCredentialsEvent(req, e));
throw e;
}
UaaUser user;
try {
user = userDatabase.retrieveUserByName(req.getName().toLowerCase(Locale.US));
} catch (UsernameNotFoundException e) {
user = dummyUser;
}
final boolean passwordMatches =
encoder.matches((CharSequence) req.getCredentials(), user.getPassword());
if (!accountLoginPolicy.isAllowed(user, req)) {
logger.warn(
"Login policy rejected authentication for "
+ user.getUsername()
+ ", "
+ user.getId()
+ ". Ignoring login request.");
BadCredentialsException e =
new BadCredentialsException("Login policy rejected authentication");
publish(new AuthenticationFailureLockedEvent(req, e));
throw e;
}
if (passwordMatches) {
logger.debug("Password successfully matched");
Authentication success =
new UaaAuthentication(
new UaaPrincipal(user),
user.getAuthorities(),
(UaaAuthenticationDetails) req.getDetails());
publish(new UserAuthenticationSuccessEvent(user, success));
return success;
}
if (user == dummyUser) {
logger.debug("No user named '" + req.getName() + "' was found");
publish(new UserNotFoundEvent(req));
} else {
logger.debug("Password did not match for user " + req.getName());
publish(new UserAuthenticationFailureEvent(user, req));
}
BadCredentialsException e = new BadCredentialsException("Bad credentials");
publish(new AuthenticationFailureBadCredentialsEvent(req, e));
throw e;
}
@Override
public void userAuthenticationFailure(UaaUser user, UaaAuthenticationDetails details) {
if (user == null) {
userNotFound("<UNKNOWN>", details);
return;
}
createAuditRecord(
user.getId(),
AuditEventType.UserAuthenticationFailure,
getOrigin(details),
user.getUsername());
}
private Map<String, ?> getUserAsMap(UaaUser user) {
HashMap<String, Object> result = new HashMap<String, Object>();
if (user.getId() != null) {
result.put("id", user.getId());
}
if (user.getUsername() != null) {
result.put("userName", user.getUsername());
}
String email = user.getEmail();
if (email != null) {
@SuppressWarnings("unchecked")
List<Map<String, String>> emails = Arrays.asList(Collections.singletonMap("value", email));
result.put("emails", emails);
}
String givenName = user.getGivenName();
if (givenName != null) {
Map<String, String> name = new HashMap<String, String>();
name.put("givenName", givenName);
if (user.getFamilyName() != null) {
name.put("familyName", user.getFamilyName());
}
result.put("name", name);
}
return result;
}
@Test
public void canAddUserWithAuthorities() throws Exception {
UaaUser joe = new UaaUser("joe", "password", "*****@*****.**", "Joe", "User");
joe = joe.authorities(AuthorityUtils.commaSeparatedStringToAuthorityList("openid,read"));
ScimUserBootstrap bootstrap = new ScimUserBootstrap(db, gdb, mdb, Arrays.asList(joe));
bootstrap.afterPropertiesSet();
@SuppressWarnings("unchecked")
Collection<Map<String, Object>> users =
(Collection<Map<String, Object>>)
userEndpoints.findUsers("id", "id pr", "id", "ascending", 1, 100).getResources();
assertEquals(1, users.size());
String id = (String) users.iterator().next().get("id");
ScimUser user = userEndpoints.getUser(id, new MockHttpServletResponse());
// uaa.user is always added
assertEquals(3, user.getGroups().size());
}
@Test
public void canRemoveAuthorities() throws Exception {
UaaUser joe = new UaaUser("joe", "password", "*****@*****.**", "Joe", "User");
joe = joe.authorities(AuthorityUtils.commaSeparatedStringToAuthorityList("openid,read"));
ScimUserBootstrap bootstrap = new ScimUserBootstrap(db, gdb, mdb, Arrays.asList(joe));
bootstrap.afterPropertiesSet();
joe = joe.authorities(AuthorityUtils.commaSeparatedStringToAuthorityList("openid"));
JdbcTemplate jdbcTemplate = new JdbcTemplate(database);
System.err.println(jdbcTemplate.queryForList("SELECT * FROM group_membership"));
bootstrap = new ScimUserBootstrap(db, gdb, mdb, Arrays.asList(joe));
bootstrap.setOverride(true);
bootstrap.afterPropertiesSet();
@SuppressWarnings("unchecked")
Collection<Map<String, Object>> users =
(Collection<Map<String, Object>>)
userEndpoints.findUsers("id", "id pr", "id", "ascending", 1, 100).getResources();
assertEquals(1, users.size());
String id = (String) users.iterator().next().get("id");
ScimUser user = userEndpoints.getUser(id, new MockHttpServletResponse());
// uaa.user is always added
assertEquals(2, user.getGroups().size());
}
@Before
public void createDatasource() {
template = new JdbcTemplate(dataSource);
marissa = userDao.retrieveUserByName("marissa");
dao = new JdbcApprovalStore(template, new SimpleSearchQueryConverter());
endpoints = new ApprovalsAdminEndpoints();
endpoints.setApprovalStore(dao);
endpoints.setUaaUserDatabase(userDao);
InMemoryClientDetailsService clientDetailsService = new InMemoryClientDetailsService();
BaseClientDetails details =
new BaseClientDetails(
"c1",
"scim,clients",
"read,write",
"authorization_code, password, implicit, client_credentials",
"update");
details.addAdditionalInformation("autoapprove", "true");
clientDetailsService.setClientDetailsStore(Collections.singletonMap("c1", details));
endpoints.setClientDetailsService(clientDetailsService);
endpoints.setSecurityContextAccessor(mockSecurityContextAccessor(marissa.getUsername()));
}
@Test(expected = InvalidTokenException.class)
public void revokingScopesFromUser_invalidatesToken() throws Exception {
user = user.authorities(UaaAuthority.NONE_AUTHORITIES);
mockUserDatabase(userId, user);
endpoint.checkToken(accessToken.getValue());
}