| /* |
| * Licensed to the Apache Software Foundation (ASF) under one |
| * or more contributor license agreements. See the NOTICE file |
| * distributed with this work for additional information |
| * regarding copyright ownership. The ASF licenses this file |
| * to you under the Apache License, Version 2.0 (the |
| * "License"); you may not use this file except in compliance |
| * with the License. You may obtain a copy of the License at |
| * |
| * http://www.apache.org/licenses/LICENSE-2.0 |
| * |
| * Unless required by applicable law or agreed to in writing, |
| * software distributed under the License is distributed on an |
| * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY |
| * KIND, either express or implied. See the License for the |
| * specific language governing permissions and limitations |
| * under the License. |
| */ |
| package org.apache.syncope.core.rest; |
| |
| import static org.junit.Assert.assertEquals; |
| import static org.junit.Assert.assertFalse; |
| import static org.junit.Assert.assertNotEquals; |
| import static org.junit.Assert.assertNotNull; |
| import static org.junit.Assert.assertNull; |
| import static org.junit.Assert.assertTrue; |
| import static org.junit.Assert.fail; |
| |
| import java.security.AccessControlException; |
| import java.text.DateFormat; |
| import java.text.SimpleDateFormat; |
| import java.util.Collection; |
| import java.util.Collections; |
| import java.util.Date; |
| import java.util.List; |
| import java.util.Map; |
| import javax.naming.NamingException; |
| |
| import javax.ws.rs.core.Response; |
| |
| import org.apache.syncope.common.mod.AttributeMod; |
| import org.apache.syncope.common.mod.MembershipMod; |
| import org.apache.syncope.common.mod.UserMod; |
| import org.apache.syncope.common.services.UserService; |
| import org.apache.syncope.common.services.UserWorkflowService; |
| import org.apache.syncope.common.to.AttributeTO; |
| import org.apache.syncope.common.to.BulkAction; |
| import org.apache.syncope.common.to.BulkActionRes; |
| import org.apache.syncope.common.to.BulkActionRes.Status; |
| import org.apache.syncope.common.to.ConfigurationTO; |
| import org.apache.syncope.common.to.ConnObjectTO; |
| import org.apache.syncope.common.to.MappingItemTO; |
| import org.apache.syncope.common.to.MembershipTO; |
| import org.apache.syncope.common.to.PasswordPolicyTO; |
| import org.apache.syncope.common.to.PolicyTO; |
| import org.apache.syncope.common.to.PropagationRequestTO; |
| import org.apache.syncope.common.to.PropagationStatusTO; |
| import org.apache.syncope.common.to.PropagationTaskTO; |
| import org.apache.syncope.common.to.ResourceTO; |
| import org.apache.syncope.common.to.RoleTO; |
| import org.apache.syncope.common.to.UserTO; |
| import org.apache.syncope.common.to.WorkflowFormPropertyTO; |
| import org.apache.syncope.common.to.WorkflowFormTO; |
| import org.apache.syncope.common.types.AttributableType; |
| import org.apache.syncope.common.types.CipherAlgorithm; |
| import org.apache.syncope.common.types.PolicyType; |
| import org.apache.syncope.common.types.PropagationTaskExecStatus; |
| import org.apache.syncope.common.types.SyncopeClientExceptionType; |
| import org.apache.syncope.common.types.TaskType; |
| import org.apache.syncope.common.util.AttributableOperations; |
| import org.apache.syncope.common.validation.SyncopeClientCompositeErrorException; |
| import org.apache.syncope.common.validation.SyncopeClientException; |
| import org.apache.syncope.core.persistence.beans.user.SyncopeUser; |
| import org.apache.syncope.core.persistence.dao.NotFoundException; |
| import org.apache.syncope.core.workflow.ActivitiDetector; |
| import org.identityconnectors.framework.common.objects.Name; |
| import org.identityconnectors.framework.common.objects.OperationalAttributes; |
| import org.junit.Assume; |
| import org.junit.FixMethodOrder; |
| import org.junit.Test; |
| import org.junit.runners.MethodSorters; |
| import org.springframework.dao.EmptyResultDataAccessException; |
| import org.springframework.http.HttpStatus; |
| import org.springframework.jdbc.core.JdbcTemplate; |
| import org.springframework.util.StringUtils; |
| import org.springframework.web.client.HttpClientErrorException; |
| import org.springframework.web.client.HttpStatusCodeException; |
| |
| @FixMethodOrder(MethodSorters.JVM) |
| public class UserTestITCase extends AbstractTest { |
| |
| public static UserTO getUniqueSampleTO(final String email) { |
| return getSampleTO(getUUIDString() + email); |
| } |
| |
| public static UserTO getSampleTO(final String email) { |
| String uid = email; |
| UserTO userTO = new UserTO(); |
| userTO.setPassword("password123"); |
| userTO.setUsername(uid); |
| |
| userTO.addAttribute(attributeTO("fullname", uid)); |
| userTO.addAttribute(attributeTO("firstname", uid)); |
| userTO.addAttribute(attributeTO("surname", "surname")); |
| userTO.addAttribute(attributeTO("type", "a type")); |
| userTO.addAttribute(attributeTO("userId", uid)); |
| userTO.addAttribute(attributeTO("email", uid)); |
| DateFormat sdf = new SimpleDateFormat("yyyy-MM-dd"); |
| userTO.addAttribute(attributeTO("loginDate", sdf.format(new Date()))); |
| userTO.addDerivedAttribute(attributeTO("cn", null)); |
| userTO.addVirtualAttribute(attributeTO("virtualdata", "virtualvalue")); |
| return userTO; |
| } |
| |
| @Test |
| public void selfRead() { |
| UserService userService2 = setupCredentials(userService, UserService.class, "rossini", ADMIN_PWD); |
| |
| try { |
| userService2.read(1L); |
| fail(); |
| } catch (HttpClientErrorException e) { |
| assertEquals(HttpStatus.FORBIDDEN, e.getStatusCode()); |
| } catch (AccessControlException e) { |
| // Will be thrown by cxf service |
| assertNotNull(e); |
| } |
| |
| UserTO userTO = userService2.readSelf(); |
| assertEquals("rossini", userTO.getUsername()); |
| } |
| |
| @Test |
| @SuppressWarnings("unchecked") |
| public void createUserWithNoPropagation() { |
| // get task list |
| List<PropagationTaskTO> tasks = (List<PropagationTaskTO>) taskService.list(TaskType.PROPAGATION); |
| |
| assertNotNull(tasks); |
| assertFalse(tasks.isEmpty()); |
| |
| long maxId = getMaxTaskId(tasks); |
| |
| // create a new user |
| UserTO userTO = getUniqueSampleTO("xxx@xxx.xxx"); |
| |
| userTO.setPassword("password123"); |
| userTO.addResource(RESOURCE_NAME_NOPROPAGATION); |
| |
| createUser(userTO); |
| |
| // get the new task list |
| tasks = (List<PropagationTaskTO>) taskService.list(TaskType.PROPAGATION); |
| assertNotNull(tasks); |
| assertFalse(tasks.isEmpty()); |
| |
| long newMaxId = getMaxTaskId(tasks); |
| |
| assertTrue(newMaxId > maxId); |
| |
| // get last task |
| PropagationTaskTO taskTO = taskService.read(TaskType.PROPAGATION, newMaxId); |
| |
| assertNotNull(taskTO); |
| assertTrue(taskTO.getExecutions().isEmpty()); |
| } |
| |
| @Test |
| /* |
| * This test has been introduced to verify and solve the following issue: |
| * http://code.google.com/p/syncope/issues/detail?id=172. Creations of a new user without having a global password |
| * policy stored into the local repository used to fail with a null pointer exception. This bug has been fixed |
| * introducing a simple control. |
| */ |
| public void issue172() { |
| List<PasswordPolicyTO> policies = policyService.list(PolicyType.GLOBAL_PASSWORD); |
| for (PasswordPolicyTO policyTO : policies) { |
| policyService.delete(PolicyType.PASSWORD, policyTO.getId()); |
| } |
| |
| try { |
| UserTO userTO = getUniqueSampleTO("issue172@syncope.apache.org"); |
| createUser(userTO); |
| } finally { |
| for (PasswordPolicyTO policyTO : policies) { |
| Response response = policyService.create(PolicyType.GLOBAL_PASSWORD, policyTO); |
| PolicyTO cPolicyTO = getObject(response, PasswordPolicyTO.class, policyService); |
| assertNotNull(cPolicyTO); |
| } |
| } |
| } |
| |
| @Test |
| public void issue186() { |
| // 1. create an user with strict mandatory attributes only |
| UserTO userTO = new UserTO(); |
| String userId = getUUIDString() + "issue186@syncope.apache.org"; |
| userTO.setUsername(userId); |
| userTO.setPassword("password"); |
| |
| userTO.addAttribute(attributeTO("userId", userId)); |
| userTO.addAttribute(attributeTO("fullname", userId)); |
| userTO.addAttribute(attributeTO("surname", userId)); |
| |
| userTO = createUser(userTO); |
| assertNotNull(userTO); |
| assertTrue(userTO.getResources().isEmpty()); |
| |
| // 2. update assigning a resource forcing mandatory constraints: must fail with RequiredValuesMissing |
| UserMod userMod = new UserMod(); |
| userMod.setId(userTO.getId()); |
| userMod.setPassword("newPassword"); |
| userMod.addResourceToBeAdded(RESOURCE_NAME_WS2); |
| |
| SyncopeClientException sce = null; |
| try { |
| userTO = userService.update(userMod.getId(), userMod); |
| } catch (SyncopeClientCompositeErrorException scce) { |
| sce = scce.getException(SyncopeClientExceptionType.RequiredValuesMissing); |
| } |
| assertNotNull(sce); |
| |
| // 3. update assigning a resource NOT forcing mandatory constraints |
| // AND primary: must fail with PropagationException |
| userMod = new UserMod(); |
| userMod.setId(userTO.getId()); |
| userMod.setPassword("newPassword"); |
| userMod.addResourceToBeAdded(RESOURCE_NAME_WS1); |
| |
| userTO = userService.update(userMod.getId(), userMod); |
| assertNotNull(userTO.getPropagationStatusTOs().get(0).getFailureReason()); |
| |
| // 4. update assigning a resource NOT forcing mandatory constraints |
| // BUT not primary: must succeed |
| userMod = new UserMod(); |
| userMod.setId(userTO.getId()); |
| userMod.setPassword("newPassword"); |
| userMod.addResourceToBeAdded("resource-db"); |
| |
| sce = null; |
| try { |
| userService.update(userMod.getId(), userMod); |
| } catch (SyncopeClientCompositeErrorException scce) { |
| sce = scce.getException(SyncopeClientExceptionType.InvalidSyncopeUser); |
| } |
| assertNotNull(sce); |
| } |
| |
| @Test |
| public void testEnforceMandatoryCondition() { |
| UserTO userTO = getUniqueSampleTO("enforce@apache.org"); |
| userTO.addResource(RESOURCE_NAME_WS2); |
| userTO.setPassword("newPassword"); |
| |
| AttributeTO type = null; |
| for (AttributeTO attr : userTO.getAttributes()) { |
| if ("type".equals(attr.getSchema())) { |
| type = attr; |
| } |
| } |
| assertNotNull(type); |
| userTO.removeAttribute(type); |
| |
| SyncopeClientException sce = null; |
| try { |
| userTO = createUser(userTO); |
| } catch (SyncopeClientCompositeErrorException scce) { |
| sce = scce.getException(SyncopeClientExceptionType.RequiredValuesMissing); |
| } |
| assertNotNull(sce); |
| |
| userTO.addAttribute(type); |
| userTO = createUser(userTO); |
| assertNotNull(userTO); |
| } |
| |
| @Test |
| public void testEnforceMandatoryConditionOnDerived() { |
| ResourceTO resourceTO = resourceService.read(RESOURCE_NAME_CSV); |
| assertNotNull(resourceTO); |
| resourceTO.setName("resource-csv-enforcing"); |
| resourceTO.setEnforceMandatoryCondition(true); |
| |
| Response response = resourceService.create(resourceTO); |
| resourceTO = getObject(response, ResourceTO.class, resourceService); |
| assertNotNull(resourceTO); |
| |
| UserTO userTO = getUniqueSampleTO("syncope222@apache.org"); |
| userTO.addResource(resourceTO.getName()); |
| userTO.setPassword("newPassword"); |
| |
| SyncopeClientException sce = null; |
| try { |
| userTO = createUser(userTO); |
| } catch (SyncopeClientCompositeErrorException scce) { |
| sce = scce.getException(SyncopeClientExceptionType.RequiredValuesMissing); |
| } |
| assertNotNull(sce); |
| |
| userTO.addDerivedAttribute(attributeTO("csvuserid", null)); |
| |
| userTO = createUser(userTO); |
| assertNotNull(userTO); |
| assertEquals(Collections.singleton("resource-csv-enforcing"), userTO.getResources()); |
| } |
| |
| @Test |
| public void createUserWithDbPropagation() { |
| UserTO userTO = getUniqueSampleTO("yyy@yyy.yyy"); |
| userTO.addResource(RESOURCE_NAME_TESTDB); |
| userTO = createUser(userTO); |
| assertNotNull(userTO); |
| assertEquals(1, userTO.getPropagationStatusTOs().size()); |
| assertTrue(userTO.getPropagationStatusTOs().get(0).getStatus().isSuccessful()); |
| } |
| |
| @Test(expected = SyncopeClientCompositeErrorException.class) |
| public void createWithInvalidPassword() { |
| UserTO userTO = getSampleTO("invalidpasswd@syncope.apache.org"); |
| userTO.setPassword("pass"); |
| createUser(userTO); |
| } |
| |
| @Test(expected = SyncopeClientCompositeErrorException.class) |
| public void createWithInvalidUsername() { |
| UserTO userTO = getSampleTO("invalidusername@syncope.apache.org"); |
| userTO.setUsername("us"); |
| |
| MembershipTO membershipTO = new MembershipTO(); |
| membershipTO.setRoleId(7L); |
| |
| userTO.addMembership(membershipTO); |
| |
| createUser(userTO); |
| } |
| |
| @Test(expected = SyncopeClientCompositeErrorException.class) |
| public void createWithInvalidPasswordByRes() { |
| UserTO userTO = getSampleTO("invalidPwdByRes@passwd.com"); |
| |
| // configured to be minLength=16 |
| userTO.setPassword("password1"); |
| |
| userTO.setResources(Collections.singleton(RESOURCE_NAME_NOPROPAGATION)); |
| |
| createUser(userTO); |
| } |
| |
| @Test(expected = SyncopeClientCompositeErrorException.class) |
| public void createWithInvalidPasswordByRole() { |
| UserTO userTO = getSampleTO("invalidPwdByRole@passwd.com"); |
| |
| // configured to be minLength=16 |
| userTO.setPassword("password1"); |
| |
| final MembershipTO membership = new MembershipTO(); |
| membership.setRoleId(8L); |
| |
| userTO.addMembership(membership); |
| |
| createUser(userTO); |
| } |
| |
| @Test(expected = SyncopeClientCompositeErrorException.class) |
| public void createWithException() { |
| UserTO newUserTO = new UserTO(); |
| newUserTO.addAttribute(attributeTO("userId", "userId@nowhere.org")); |
| createUser(newUserTO); |
| } |
| |
| @Test |
| @SuppressWarnings("unchecked") |
| public void create() { |
| // get task list |
| List<PropagationTaskTO> tasks = (List<PropagationTaskTO>) taskService.list(TaskType.PROPAGATION); |
| |
| assertNotNull(tasks); |
| assertFalse(tasks.isEmpty()); |
| |
| long maxId = getMaxTaskId(tasks); |
| PropagationTaskTO taskTO = taskService.read(TaskType.PROPAGATION, maxId); |
| |
| assertNotNull(taskTO); |
| int maxTaskExecutions = taskTO.getExecutions().size(); |
| |
| UserTO userTO = getUniqueSampleTO("a.b@c.com"); |
| |
| // add a membership |
| MembershipTO membershipTO = new MembershipTO(); |
| membershipTO.setRoleId(8L); |
| userTO.addMembership(membershipTO); |
| |
| // add an attribute with no values: must be ignored |
| membershipTO.addAttribute(attributeTO("subscriptionDate", null)); |
| |
| // add an attribute with a non-existing schema: must be ignored |
| AttributeTO attrWithInvalidSchemaTO = attributeTO("invalid schema", "a value"); |
| userTO.addAttribute(attrWithInvalidSchemaTO); |
| |
| // add an attribute with null value: must be ignored |
| userTO.addAttribute(attributeTO("activationDate", null)); |
| |
| // 1. create user |
| UserTO newUserTO = createUser(userTO); |
| |
| assertNotNull(newUserTO); |
| assertFalse(newUserTO.getAttributes().contains(attrWithInvalidSchemaTO)); |
| |
| // check for changePwdDate |
| assertNotNull(newUserTO.getCreationDate()); |
| |
| // 2. check for virtual attribute value |
| newUserTO = userService.read(newUserTO.getId()); |
| assertNotNull(newUserTO); |
| |
| assertNotNull(newUserTO.getVirtualAttributeMap()); |
| assertNotNull(newUserTO.getVirtualAttributeMap().get("virtualdata").getValues()); |
| assertFalse(newUserTO.getVirtualAttributeMap().get("virtualdata").getValues().isEmpty()); |
| assertEquals("virtualvalue", newUserTO.getVirtualAttributeMap().get("virtualdata").getValues().get(0)); |
| |
| // get the new task list |
| tasks = (List<PropagationTaskTO>) taskService.list(TaskType.PROPAGATION); |
| |
| assertNotNull(tasks); |
| assertFalse(tasks.isEmpty()); |
| |
| long newMaxId = getMaxTaskId(tasks); |
| |
| // default configuration for ws-target-resource2: |
| // only failed executions have to be registered |
| // --> no more tasks/executions should be added |
| assertEquals(newMaxId, maxId); |
| |
| // get last task |
| taskTO = taskService.read(TaskType.PROPAGATION, newMaxId); |
| |
| assertNotNull(taskTO); |
| assertEquals(maxTaskExecutions, taskTO.getExecutions().size()); |
| |
| // 3. verify password |
| UserService userService1 = super.setupCredentials(userService, UserService.class, newUserTO.getUsername(), |
| "password123"); |
| try { |
| UserTO user = userService1.readSelf(); |
| assertNotNull(user); |
| } catch (AccessControlException e) { |
| fail("Credentials should be valid and not cause AccessControlException"); |
| } |
| |
| UserService userService2 = super.setupCredentials(userService, UserService.class, newUserTO.getUsername(), |
| "passwordXX"); |
| try { |
| userService2.readSelf(); |
| fail("Credentials are invalid, thus request should raise AccessControlException"); |
| } catch (AccessControlException e) { |
| assertNotNull(e); |
| } |
| resetRestTemplate(); |
| |
| // 4. try (and fail) to create another user with same (unique) values |
| userTO = getSampleTO(userTO.getUsername()); |
| AttributeTO userIdAttr = getManadatoryAttrByName(userTO.getAttributes(), "userId"); |
| userIdAttr.getValues().clear(); |
| userIdAttr.addValue("a.b@c.com"); |
| |
| SyncopeClientException sce = null; |
| try { |
| createUser(userTO); |
| } catch (SyncopeClientCompositeErrorException e) { |
| sce = e.getException(SyncopeClientExceptionType.DataIntegrityViolation); |
| } |
| assertNotNull(sce); |
| } |
| |
| private AttributeTO getManadatoryAttrByName(Collection<AttributeTO> attributes, String attrName) { |
| for (AttributeTO attr : attributes) { |
| if (attrName.equals(attr.getSchema())) { |
| return attr; |
| } |
| } |
| throw new NotFoundException("Mandatory attribute " + attrName + " not found"); |
| } |
| |
| @Test |
| public void createWithRequiredValueMissing() { |
| UserTO userTO = getSampleTO("a.b@c.it"); |
| |
| AttributeTO type = getManadatoryAttrByName(userTO.getAttributes(), "type"); |
| userTO.removeAttribute(type); |
| |
| MembershipTO membershipTO = new MembershipTO(); |
| membershipTO.setRoleId(8L); |
| userTO.addMembership(membershipTO); |
| |
| SyncopeClientCompositeErrorException ex = null; |
| try { |
| // 1. create user without type (mandatory by UserSchema) |
| createUser(userTO); |
| } catch (SyncopeClientCompositeErrorException e) { |
| ex = e; |
| } |
| assertNotNull(ex); |
| assertNotNull(ex.getException(SyncopeClientExceptionType.RequiredValuesMissing)); |
| |
| userTO.addAttribute(attributeTO("type", "F")); |
| |
| AttributeTO surname = getManadatoryAttrByName(userTO.getAttributes(), "surname"); |
| userTO.removeAttribute(surname); |
| |
| // 2. create user without surname (mandatory when type == 'F') |
| ex = null; |
| try { |
| createUser(userTO); |
| } catch (SyncopeClientCompositeErrorException e) { |
| ex = e; |
| } |
| assertNotNull(ex); |
| assertNotNull(ex.getException(SyncopeClientExceptionType.RequiredValuesMissing)); |
| } |
| |
| @Test |
| public void createWithReject() { |
| Assume.assumeTrue(ActivitiDetector.isActivitiEnabledForUsers()); |
| |
| UserTO userTO = getUniqueSampleTO("createWithReject@syncope.apache.org"); |
| userTO.addResource(RESOURCE_NAME_TESTDB); |
| |
| // User with role 9 are defined in workflow as subject to approval |
| MembershipTO membershipTO = new MembershipTO(); |
| membershipTO.setRoleId(9L); |
| userTO.addMembership(membershipTO); |
| |
| // 1. create user with role 9 |
| userTO = createUser(userTO); |
| assertNotNull(userTO); |
| assertEquals(1, userTO.getMemberships().size()); |
| assertEquals(9, userTO.getMemberships().get(0).getRoleId()); |
| assertEquals("createApproval", userTO.getStatus()); |
| |
| // 2. request if there is any pending task for user just created |
| WorkflowFormTO form = userWorkflowService.getFormForUser(userTO.getId()); |
| assertNotNull(form); |
| assertNotNull(form.getUserId()); |
| assertEquals(userTO.getId(), form.getUserId()); |
| assertNotNull(form.getTaskId()); |
| assertNull(form.getOwner()); |
| |
| // 3. claim task from rossini, not in role 7 (designated for approval in workflow definition): fail |
| UserWorkflowService userService2 = setupCredentials( |
| userWorkflowService, UserWorkflowService.class, "rossini", ADMIN_PWD); |
| |
| try { |
| userService2.claimForm(form.getTaskId()); |
| fail(); |
| } catch (SyncopeClientCompositeErrorException scce) { |
| assertNotNull(scce.getException(SyncopeClientExceptionType.Workflow)); |
| } |
| |
| // 4. claim task from bellini, in role 7 |
| UserWorkflowService userService3 = setupCredentials(userWorkflowService, UserWorkflowService.class, "bellini", |
| ADMIN_PWD); |
| |
| form = userService3.claimForm(form.getTaskId()); |
| assertNotNull(form); |
| assertNotNull(form.getTaskId()); |
| assertNotNull(form.getOwner()); |
| |
| // 5. reject user |
| Map<String, WorkflowFormPropertyTO> props = form.getPropertyMap(); |
| props.get("approve").setValue(Boolean.FALSE.toString()); |
| props.get("rejectReason").setValue("I don't like him."); |
| form.setProperties(props.values()); |
| userTO = userService3.submitForm(form); |
| assertNotNull(userTO); |
| assertEquals("rejected", userTO.getStatus()); |
| |
| // 6. check that rejected user was not propagated to external resource (SYNCOPE-364) |
| JdbcTemplate jdbcTemplate = new JdbcTemplate(testDataSource); |
| Exception exception = null; |
| try { |
| jdbcTemplate.queryForObject("SELECT id FROM test WHERE id=?", |
| new String[] { userTO.getUsername() }, Integer.class); |
| } catch (EmptyResultDataAccessException e) { |
| exception = e; |
| } |
| assertNotNull(exception); |
| |
| // reset admin credentials for restTemplate |
| super.resetRestTemplate(); |
| } |
| |
| @Test |
| public void createWithApproval() { |
| Assume.assumeTrue(ActivitiDetector.isActivitiEnabledForUsers()); |
| |
| UserTO userTO = getUniqueSampleTO("createWithApproval@syncope.apache.org"); |
| userTO.addResource(RESOURCE_NAME_TESTDB); |
| |
| // User with role 9 are defined in workflow as subject to approval |
| MembershipTO membershipTO = new MembershipTO(); |
| membershipTO.setRoleId(9L); |
| userTO.addMembership(membershipTO); |
| |
| // 1. create user with role 9 (and verify that no propagation occurred) |
| userTO = createUser(userTO); |
| assertNotNull(userTO); |
| assertEquals(1, userTO.getMemberships().size()); |
| assertEquals(9, userTO.getMemberships().get(0).getRoleId()); |
| assertEquals("createApproval", userTO.getStatus()); |
| assertEquals(Collections.singleton(RESOURCE_NAME_TESTDB), userTO.getResources()); |
| |
| assertTrue(userTO.getPropagationStatusTOs().isEmpty()); |
| |
| JdbcTemplate jdbcTemplate = new JdbcTemplate(testDataSource); |
| |
| Exception exception = null; |
| try { |
| jdbcTemplate.queryForObject("SELECT id FROM test WHERE id=?", |
| new String[] { userTO.getUsername() }, Integer.class); |
| } catch (EmptyResultDataAccessException e) { |
| exception = e; |
| } |
| assertNotNull(exception); |
| |
| // 2. request if there is any pending form for user just created |
| List<WorkflowFormTO> forms = userWorkflowService.getForms(); |
| assertNotNull(forms); |
| assertEquals(1, forms.size()); |
| |
| WorkflowFormTO form = userWorkflowService.getFormForUser(userTO.getId()); |
| assertNotNull(form); |
| assertNotNull(form.getTaskId()); |
| assertNull(form.getOwner()); |
| |
| // 4. claim task (from admin) |
| form = userWorkflowService.claimForm(form.getTaskId()); |
| assertNotNull(form); |
| assertNotNull(form.getTaskId()); |
| assertNotNull(form.getOwner()); |
| |
| // 5. approve user (and verify that propagation occurred) |
| Map<String, WorkflowFormPropertyTO> props = form.getPropertyMap(); |
| props.get("approve").setValue(Boolean.TRUE.toString()); |
| form.setProperties(props.values()); |
| userTO = userWorkflowService.submitForm(form); |
| assertNotNull(userTO); |
| assertEquals("active", userTO.getStatus()); |
| assertEquals(Collections.singleton(RESOURCE_NAME_TESTDB), userTO.getResources()); |
| |
| exception = null; |
| try { |
| final String username = jdbcTemplate.queryForObject("SELECT id FROM test WHERE id=?", String.class, |
| userTO.getUsername()); |
| assertEquals(userTO.getUsername(), username); |
| } catch (EmptyResultDataAccessException e) { |
| exception = e; |
| } |
| assertNull(exception); |
| |
| // 6. update user |
| UserMod userMod = new UserMod(); |
| userMod.setId(userTO.getId()); |
| userMod.setPassword("anotherPassword123"); |
| |
| userTO = userService.update(userMod.getId(), userMod); |
| assertNotNull(userTO); |
| } |
| |
| @Test |
| public void delete() { |
| try { |
| userService.delete(0L); |
| } catch (HttpStatusCodeException e) { |
| assertEquals(HttpStatus.NOT_FOUND, e.getStatusCode()); |
| } |
| |
| UserTO userTO = getSampleTO("qqgf.z@nn.com"); |
| |
| // specify a propagation |
| userTO.addResource(RESOURCE_NAME_TESTDB); |
| |
| userTO = createUser(userTO); |
| |
| long id = userTO.getId(); |
| |
| userTO = userService.delete(id); |
| |
| assertNotNull(userTO); |
| assertEquals(id, userTO.getId()); |
| assertTrue(userTO.getAttributes().isEmpty()); |
| |
| // check for propagation result |
| assertFalse(userTO.getPropagationStatusTOs().isEmpty()); |
| assertTrue(userTO.getPropagationStatusTOs().get(0).getStatus().isSuccessful()); |
| |
| try { |
| userService.delete(userTO.getId()); |
| } catch (HttpStatusCodeException e) { |
| assertEquals(HttpStatus.NOT_FOUND, e.getStatusCode()); |
| } |
| } |
| |
| @Test |
| public void deleteByUsername() { |
| UserTO userTO = getSampleTO("delete.by.username@apache.org"); |
| |
| // specify a propagation |
| userTO.addResource(RESOURCE_NAME_TESTDB); |
| |
| userTO = createUser(userTO); |
| |
| long id = userTO.getId(); |
| userTO = userService.read(id); |
| userTO = userService.delete(userTO.getId()); |
| |
| assertNotNull(userTO); |
| assertEquals(id, userTO.getId()); |
| assertTrue(userTO.getAttributes().isEmpty()); |
| |
| // check for propagation result |
| assertFalse(userTO.getPropagationStatusTOs().isEmpty()); |
| assertTrue(userTO.getPropagationStatusTOs().get(0).getStatus().isSuccessful()); |
| |
| try { |
| userService.read(userTO.getId()); |
| } catch (HttpStatusCodeException e) { |
| assertEquals(HttpStatus.NOT_FOUND, e.getStatusCode()); |
| } |
| } |
| |
| @Test |
| public void count() { |
| Integer count = userService.count(); |
| assertNotNull(count); |
| assertTrue(count > 0); |
| } |
| |
| @Test |
| public void list() { |
| List<UserTO> users = userService.list(); |
| assertNotNull(users); |
| assertFalse(users.isEmpty()); |
| for (UserTO user : users) { |
| assertNotNull(user); |
| } |
| } |
| |
| @Test |
| public void paginatedList() { |
| List<UserTO> users = userService.list(1, 2); |
| |
| assertNotNull(users); |
| assertFalse(users.isEmpty()); |
| assertEquals(2, users.size()); |
| |
| for (UserTO user : users) { |
| assertNotNull(user); |
| } |
| |
| users = userService.list(2, 2); |
| |
| assertNotNull(users); |
| assertFalse(users.isEmpty()); |
| assertEquals(2, users.size()); |
| |
| users = userService.list(100, 2); |
| |
| assertNotNull(users); |
| assertTrue(users.isEmpty()); |
| } |
| |
| @Test |
| public void read() { |
| UserTO userTO = userService.read(1L); |
| |
| assertNotNull(userTO); |
| assertNotNull(userTO.getAttributes()); |
| assertFalse(userTO.getAttributes().isEmpty()); |
| } |
| |
| @Test |
| public void readWithMailAddressAsUserName() { |
| UserTO userTO = createUser(getUniqueSampleTO("mail@domain.org")); |
| userTO = userService.read(userTO.getUsername()); |
| assertNotNull(userTO); |
| } |
| |
| @Test |
| public void updateWithouPassword() { |
| UserTO userTO = getUniqueSampleTO("updatewithout@password.com"); |
| |
| userTO = createUser(userTO); |
| |
| assertNotNull(userTO); |
| |
| UserMod userMod = new UserMod(); |
| userMod.setId(userTO.getId()); |
| userMod.addDerivedAttributeToBeRemoved("cn"); |
| |
| userTO = userService.update(userMod.getId(), userMod); |
| |
| assertNotNull(userTO); |
| assertNotNull(userTO.getDerivedAttributeMap()); |
| assertFalse(userTO.getDerivedAttributeMap().containsKey("cn")); |
| } |
| |
| @Test(expected = SyncopeClientCompositeErrorException.class) |
| public void updateInvalidPassword() { |
| UserTO userTO = getSampleTO("updateinvalid@password.com"); |
| |
| userTO = createUser(userTO); |
| assertNotNull(userTO); |
| |
| UserMod userMod = new UserMod(); |
| userMod.setId(userTO.getId()); |
| userMod.setPassword("pass"); |
| |
| userService.update(userMod.getId(), userMod); |
| } |
| |
| @Test(expected = SyncopeClientCompositeErrorException.class) |
| public void updateSamePassword() { |
| UserTO userTO = getSampleTO("updatesame@password.com"); |
| |
| userTO = createUser(userTO); |
| assertNotNull(userTO); |
| |
| UserMod userMod = new UserMod(); |
| userMod.setId(userTO.getId()); |
| userMod.setPassword("password123"); |
| |
| userService.update(userMod.getId(), userMod); |
| } |
| |
| @Test |
| public void update() { |
| UserTO userTO = getUniqueSampleTO("g.h@t.com"); |
| |
| MembershipTO membershipTO = new MembershipTO(); |
| membershipTO.setRoleId(8L); |
| membershipTO.addAttribute(attributeTO("subscriptionDate", "2009-08-18T16:33:12.203+0200")); |
| userTO.addMembership(membershipTO); |
| |
| userTO = createUser(userTO); |
| |
| assertFalse(userTO.getDerivedAttributes().isEmpty()); |
| assertEquals(1, userTO.getMemberships().size()); |
| |
| MembershipMod membershipMod = new MembershipMod(); |
| membershipMod.setRole(8L); |
| membershipMod.addAttributeToBeUpdated(attributeMod("subscriptionDate", "2010-08-18T16:33:12.203+0200")); |
| |
| UserMod userMod = new UserMod(); |
| userMod.setId(userTO.getId()); |
| userMod.setPassword("new2Password"); |
| |
| userMod.addAttributeToBeRemoved("userId"); |
| String newUserId = getUUIDString() + "t.w@spre.net"; |
| userMod.addAttributeToBeUpdated(attributeMod("userId", newUserId)); |
| |
| userMod.addAttributeToBeRemoved("fullname"); |
| String newFullName = getUUIDString() + "g.h@t.com"; |
| userMod.addAttributeToBeUpdated(attributeMod("fullname", newFullName)); |
| |
| userMod.addDerivedAttributeToBeAdded("cn"); |
| userMod.addMembershipToBeAdded(membershipMod); |
| userMod.addMembershipToBeRemoved(userTO.getMemberships().iterator().next().getId()); |
| |
| userTO = userService.update(userMod.getId(), userMod); |
| assertNotNull(userTO); |
| |
| SyncopeUser passwordTestUser = new SyncopeUser(); |
| passwordTestUser.setPassword("new2Password", CipherAlgorithm.SHA1, 0); |
| assertEquals(passwordTestUser.getPassword(), userTO.getPassword()); |
| |
| assertEquals(1, userTO.getMemberships().size()); |
| assertEquals(1, userTO.getMemberships().iterator().next().getAttributes().size()); |
| assertFalse(userTO.getDerivedAttributes().isEmpty()); |
| |
| AttributeTO userIdAttr = getManadatoryAttrByName(userTO.getAttributes(), "userId"); |
| assertEquals(Collections.singletonList(newUserId), userIdAttr.getValues()); |
| |
| AttributeTO fullNameAttr = getManadatoryAttrByName(userTO.getAttributes(), "fullname"); |
| assertEquals(Collections.singletonList(newFullName), fullNameAttr.getValues()); |
| } |
| |
| @Test |
| @SuppressWarnings("unchecked") |
| public void updatePasswordOnly() { |
| List<PropagationTaskTO> beforeTasks = (List<PropagationTaskTO>) taskService.list(TaskType.PROPAGATION); |
| assertNotNull(beforeTasks); |
| assertFalse(beforeTasks.isEmpty()); |
| |
| UserTO userTO = getUniqueSampleTO("pwdonly@t.com"); |
| MembershipTO membershipTO = new MembershipTO(); |
| membershipTO.setRoleId(8L); |
| membershipTO.addAttribute(attributeTO("subscriptionDate", "2009-08-18T16:33:12.203+0200")); |
| userTO.addMembership(membershipTO); |
| |
| userTO = createUser(userTO); |
| |
| UserMod userMod = new UserMod(); |
| userMod.setId(userTO.getId()); |
| userMod.setPassword("newPassword123"); |
| |
| userTO = userService.update(userMod.getId(), userMod); |
| |
| // check for changePwdDate |
| assertNotNull(userTO.getChangePwdDate()); |
| |
| SyncopeUser passwordTestUser = new SyncopeUser(); |
| passwordTestUser.setPassword("newPassword123", CipherAlgorithm.SHA1, 0); |
| assertEquals(passwordTestUser.getPassword(), userTO.getPassword()); |
| |
| List<PropagationTaskTO> afterTasks = (List<PropagationTaskTO>) taskService.list(TaskType.PROPAGATION); |
| assertNotNull(afterTasks); |
| assertFalse(afterTasks.isEmpty()); |
| |
| assertTrue(beforeTasks.size() < afterTasks.size()); |
| } |
| |
| @SuppressWarnings("unchecked") |
| @Test |
| public void verifyTaskRegistration() { |
| // get task list |
| List<PropagationTaskTO> tasks = (List<PropagationTaskTO>) taskService.list(TaskType.PROPAGATION); |
| |
| assertNotNull(tasks); |
| assertFalse(tasks.isEmpty()); |
| |
| long maxId = getMaxTaskId(tasks); |
| |
| // -------------------------------------- |
| // Create operation |
| // -------------------------------------- |
| UserTO userTO = getUniqueSampleTO("t@p.mode"); |
| |
| // add a membership |
| MembershipTO membershipTO = new MembershipTO(); |
| membershipTO.setRoleId(8L); |
| userTO.addMembership(membershipTO); |
| |
| // 1. create user |
| userTO = createUser(userTO); |
| assertNotNull(userTO); |
| |
| // get the new task list |
| tasks = (List<PropagationTaskTO>) taskService.list(TaskType.PROPAGATION); |
| |
| assertNotNull(tasks); |
| assertFalse(tasks.isEmpty()); |
| |
| long newMaxId = getMaxTaskId(tasks); |
| |
| // default configuration for ws-target-resource2: |
| // only failed executions have to be registered |
| // --> no more tasks/executions should be added |
| assertEquals(newMaxId, maxId); |
| |
| // -------------------------------------- |
| // Update operation |
| // -------------------------------------- |
| UserMod userMod = new UserMod(); |
| userMod.setId(userTO.getId()); |
| |
| userMod.addAttributeToBeUpdated(attributeMod("surname", "surname")); |
| |
| userTO = userService.update(userMod.getId(), userMod); |
| |
| assertNotNull(userTO); |
| |
| // get the new task list |
| tasks = (List<PropagationTaskTO>) taskService.list(TaskType.PROPAGATION); |
| |
| maxId = newMaxId; |
| newMaxId = getMaxTaskId(tasks); |
| |
| // default configuration for ws-target-resource2: |
| // all update executions have to be registered |
| assertTrue(newMaxId > maxId); |
| |
| final PropagationTaskTO taskTO = taskService.read(TaskType.PROPAGATION, newMaxId); |
| |
| assertNotNull(taskTO); |
| assertEquals(1, taskTO.getExecutions().size()); |
| |
| // -------------------------------------- |
| // Delete operation |
| // -------------------------------------- |
| userService.delete(userTO.getId()); |
| |
| // get the new task list |
| tasks = (List<PropagationTaskTO>) taskService.list(TaskType.PROPAGATION); |
| |
| maxId = newMaxId; |
| newMaxId = getMaxTaskId(tasks); |
| |
| // default configuration for ws-target-resource2: no delete executions have to be registered |
| // --> no more tasks/executions should be added |
| assertEquals(newMaxId, maxId); |
| } |
| |
| @Test |
| public void createActivate() { |
| Assume.assumeTrue(ActivitiDetector.isActivitiEnabledForUsers()); |
| |
| UserTO userTO = getUniqueSampleTO("createActivate@syncope.apache.org"); |
| |
| MembershipTO membershipTO = new MembershipTO(); |
| membershipTO.setRoleId(11L); |
| userTO.addMembership(membershipTO); |
| |
| userTO = createUser(userTO); |
| |
| assertNotNull(userTO); |
| assertNotNull(userTO.getToken()); |
| assertNotNull(userTO.getTokenExpireTime()); |
| |
| assertEquals("created", userTO.getStatus()); |
| |
| userTO = userService.activate(userTO.getId(), userTO.getToken()); |
| |
| assertNotNull(userTO); |
| assertNull(userTO.getToken()); |
| assertNull(userTO.getTokenExpireTime()); |
| |
| assertEquals("active", userTO.getStatus()); |
| } |
| |
| @Test |
| public void createActivateByUsername() { |
| Assume.assumeTrue(ActivitiDetector.isActivitiEnabledForUsers()); |
| |
| UserTO userTO = getUniqueSampleTO("createActivateByUsername@syncope.apache.org"); |
| |
| MembershipTO membershipTO = new MembershipTO(); |
| membershipTO.setRoleId(11L); |
| userTO.addMembership(membershipTO); |
| |
| userTO = createUser(userTO); |
| |
| assertNotNull(userTO); |
| assertNotNull(userTO.getToken()); |
| assertNotNull(userTO.getTokenExpireTime()); |
| |
| assertEquals("created", userTO.getStatus()); |
| |
| userTO = userService.activateByUsername(userTO.getUsername(), userTO.getToken()); |
| |
| assertNotNull(userTO); |
| assertNull(userTO.getToken()); |
| assertNull(userTO.getTokenExpireTime()); |
| |
| assertEquals("active", userTO.getStatus()); |
| } |
| |
| @Test |
| public void suspendReactivate() { |
| UserTO userTO = getUniqueSampleTO("suspendReactivate@syncope.apache.org"); |
| |
| MembershipTO membershipTO = new MembershipTO(); |
| membershipTO.setRoleId(7L); |
| userTO.addMembership(membershipTO); |
| |
| userTO = createUser(userTO); |
| |
| assertNotNull(userTO); |
| assertEquals(ActivitiDetector.isActivitiEnabledForUsers() |
| ? "active" |
| : "created", userTO.getStatus()); |
| |
| userTO = userService.suspend(userTO.getId()); |
| |
| assertNotNull(userTO); |
| assertEquals("suspended", userTO.getStatus()); |
| |
| userTO = userService.reactivate(userTO.getId()); |
| |
| assertNotNull(userTO); |
| assertEquals("active", userTO.getStatus()); |
| } |
| |
| @Test |
| public void suspendReactivateByUsername() { |
| UserTO userTO = getUniqueSampleTO("suspendReactivateByUsername@syncope.apache.org"); |
| |
| MembershipTO membershipTO = new MembershipTO(); |
| membershipTO.setRoleId(7L); |
| userTO.addMembership(membershipTO); |
| |
| userTO = createUser(userTO); |
| |
| assertNotNull(userTO); |
| assertEquals(ActivitiDetector.isActivitiEnabledForUsers() |
| ? "active" |
| : "created", userTO.getStatus()); |
| |
| userTO = userService.suspendByUsername(userTO.getUsername()); |
| |
| assertNotNull(userTO); |
| assertEquals("suspended", userTO.getStatus()); |
| |
| userTO = userService.reactivateByUsername(userTO.getUsername()); |
| |
| assertNotNull(userTO); |
| assertEquals("active", userTO.getStatus()); |
| } |
| |
| @Test |
| public void suspendReactivateOnResource() { |
| // Assert resources are present |
| ResourceTO dbTable = resourceService.read(RESOURCE_NAME_TESTDB); |
| assertNotNull(dbTable); |
| ResourceTO ldap = resourceService.read(RESOURCE_NAME_LDAP); |
| assertNotNull(ldap); |
| |
| // Create user with reference to resources |
| UserTO userTO = getUniqueSampleTO("suspreactonresource@syncope.apache.org"); |
| userTO.getMemberships().clear(); |
| userTO.getResources().clear(); |
| userTO.addResource(RESOURCE_NAME_TESTDB); |
| userTO.addResource(RESOURCE_NAME_LDAP); |
| userTO = createUser(userTO); |
| assertNotNull(userTO); |
| assertEquals(ActivitiDetector.isActivitiEnabledForUsers() |
| ? "active" |
| : "created", userTO.getStatus()); |
| long userId = userTO.getId(); |
| |
| // Suspend with effect on syncope, ldap and db => user should be suspended in syncope and all resources |
| PropagationRequestTO propagationRequestTO = new PropagationRequestTO(); |
| propagationRequestTO.setOnSyncope(true); |
| propagationRequestTO.addResource(RESOURCE_NAME_TESTDB); |
| propagationRequestTO.addResource(RESOURCE_NAME_LDAP); |
| userTO = userService.suspend(userId, propagationRequestTO); |
| assertNotNull(userTO); |
| assertEquals("suspended", userTO.getStatus()); |
| |
| ConnObjectTO connObjectTO = |
| resourceService.getConnectorObject(RESOURCE_NAME_TESTDB, AttributableType.USER, userId); |
| assertFalse(getBooleanAttribute(connObjectTO, OperationalAttributes.ENABLE_NAME)); |
| |
| connObjectTO = resourceService.getConnectorObject(RESOURCE_NAME_LDAP, AttributableType.USER, userId); |
| assertNotNull(connObjectTO); |
| |
| // Suspend and reactivate only on ldap => db and syncope should still show suspended |
| propagationRequestTO = new PropagationRequestTO(); |
| propagationRequestTO.setOnSyncope(false); |
| propagationRequestTO.addResource(RESOURCE_NAME_LDAP); |
| userService.suspend(userId, propagationRequestTO); |
| userTO = userService.reactivate(userId, propagationRequestTO); |
| assertNotNull(userTO); |
| assertEquals("suspended", userTO.getStatus()); |
| |
| connObjectTO = resourceService.getConnectorObject(RESOURCE_NAME_TESTDB, AttributableType.USER, userId); |
| assertFalse(getBooleanAttribute(connObjectTO, OperationalAttributes.ENABLE_NAME)); |
| |
| // Reactivate on syncope and db => syncope and db should show the user as active |
| propagationRequestTO = new PropagationRequestTO(); |
| propagationRequestTO.setOnSyncope(true); |
| propagationRequestTO.addResource(RESOURCE_NAME_TESTDB); |
| |
| userTO = userService.reactivate(userId, propagationRequestTO); |
| assertNotNull(userTO); |
| assertEquals("active", userTO.getStatus()); |
| |
| connObjectTO = resourceService.getConnectorObject(RESOURCE_NAME_TESTDB, AttributableType.USER, userId); |
| assertTrue(getBooleanAttribute(connObjectTO, OperationalAttributes.ENABLE_NAME)); |
| } |
| |
| public void updateMultivalueAttribute() { |
| UserTO userTO = getSampleTO("multivalue@syncope.apache.org"); |
| userTO.getResources().clear(); |
| userTO.getDerivedAttributes().clear(); |
| userTO.getVirtualAttributes().clear(); |
| |
| userTO = createUser(userTO); |
| assertNotNull(userTO); |
| |
| AttributeTO loginDate = userTO.getAttributeMap().get("loginDate"); |
| assertNotNull(loginDate); |
| assertEquals(1, loginDate.getValues().size()); |
| |
| UserMod userMod = new UserMod(); |
| |
| AttributeMod loginDateMod = new AttributeMod(); |
| loginDateMod.addValueToBeAdded("2000-01-01"); |
| |
| userMod.setId(userTO.getId()); |
| userMod.addAttributeToBeUpdated(loginDateMod); |
| |
| userTO = userService.update(userMod.getId(), userMod); |
| assertNotNull(userTO); |
| |
| loginDate = userTO.getAttributeMap().get("loginDate"); |
| assertNotNull(loginDate); |
| assertEquals(2, loginDate.getValues().size()); |
| } |
| |
| @Test(expected = EmptyResultDataAccessException.class) |
| public void issue213() { |
| UserTO userTO = getUniqueSampleTO("issue213@syncope.apache.org"); |
| userTO.addResource(RESOURCE_NAME_TESTDB); |
| |
| userTO = createUser(userTO); |
| assertNotNull(userTO); |
| assertEquals(1, userTO.getResources().size()); |
| |
| JdbcTemplate jdbcTemplate = new JdbcTemplate(testDataSource); |
| |
| String username = jdbcTemplate.queryForObject("SELECT id FROM test WHERE id=?", String.class, |
| userTO.getUsername()); |
| |
| assertEquals(userTO.getUsername(), username); |
| |
| UserMod userMod = new UserMod(); |
| |
| userMod.setId(userTO.getId()); |
| userMod.addResourceToBeRemoved(RESOURCE_NAME_TESTDB); |
| |
| userTO = userService.update(userMod.getId(), userMod); |
| |
| assertTrue(userTO.getResources().isEmpty()); |
| |
| jdbcTemplate.queryForObject("SELECT id FROM test WHERE id=?", String.class, userTO.getUsername()); |
| } |
| |
| @Test |
| public void issue234() { |
| UserTO inUserTO = getUniqueSampleTO("issue234@syncope.apache.org"); |
| inUserTO.addResource(RESOURCE_NAME_LDAP); |
| |
| UserTO userTO = createUser(inUserTO); |
| assertNotNull(userTO); |
| |
| UserMod userMod = new UserMod(); |
| |
| userMod.setId(userTO.getId()); |
| userMod.setUsername("1" + userTO.getUsername()); |
| |
| userTO = userService.update(userMod.getId(), userMod); |
| |
| assertNotNull(userTO); |
| |
| assertEquals("1" + inUserTO.getUsername(), userTO.getUsername()); |
| } |
| |
| @Test |
| public void issue270() { |
| // 1. create a new user without virtual attributes |
| UserTO original = getUniqueSampleTO("issue270@syncope.apache.org"); |
| // be sure to remove all virtual attributes |
| original.getVirtualAttributes().clear(); |
| |
| original = createUser(original); |
| |
| assertNotNull(original); |
| |
| assertTrue(original.getVirtualAttributes().isEmpty()); |
| |
| UserTO toBeUpdated = userService.read(original.getId()); |
| |
| AttributeTO virtual = attributeTO("virtualdata", "virtualvalue"); |
| toBeUpdated.addVirtualAttribute(virtual); |
| |
| // 2. try to update by adding a resource, but no password: must fail |
| UserMod userMod = AttributableOperations.diff(toBeUpdated, original); |
| assertNotNull(userMod); |
| |
| toBeUpdated = userService.update(userMod.getId(), userMod); |
| assertNotNull(toBeUpdated); |
| |
| assertFalse(toBeUpdated.getVirtualAttributes().isEmpty()); |
| assertNotNull(toBeUpdated.getVirtualAttributes().get(0)); |
| |
| assertEquals(virtual.getSchema(), toBeUpdated.getVirtualAttributes().get(0).getSchema()); |
| } |
| |
| @Test |
| public final void issue280() { |
| UserTO userTO = getUniqueSampleTO("issue280@syncope.apache.org"); |
| userTO.getResources().clear(); |
| userTO.getMemberships().clear(); |
| userTO.getDerivedAttributes().clear(); |
| |
| userTO = createUser(userTO); |
| assertNotNull(userTO); |
| |
| UserMod userMod = new UserMod(); |
| userMod.setId(userTO.getId()); |
| userMod.setPassword("123password"); |
| userMod.addResourceToBeAdded(RESOURCE_NAME_TESTDB); |
| |
| userTO = userService.update(userMod.getId(), userMod); |
| assertNotNull(userTO); |
| |
| final List<PropagationStatusTO> propagations = userTO.getPropagationStatusTOs(); |
| |
| assertNotNull(propagations); |
| assertEquals(1, propagations.size()); |
| |
| final PropagationTaskExecStatus status = propagations.get(0).getStatus(); |
| final String resource = propagations.get(0).getResource(); |
| |
| assertNotNull(status); |
| assertEquals(RESOURCE_NAME_TESTDB, resource); |
| assertTrue(status.isSuccessful()); |
| } |
| |
| @Test |
| public void issue281() { |
| UserTO userTO = getUniqueSampleTO("issue281@syncope.apache.org"); |
| userTO.getResources().clear(); |
| userTO.getMemberships().clear(); |
| userTO.getDerivedAttributes().clear(); |
| userTO.addResource(RESOURCE_NAME_CSV); |
| |
| userTO = createUser(userTO); |
| assertNotNull(userTO); |
| |
| final List<PropagationStatusTO> propagations = userTO.getPropagationStatusTOs(); |
| |
| assertNotNull(propagations); |
| assertEquals(1, propagations.size()); |
| |
| final PropagationTaskExecStatus status = propagations.get(0).getStatus(); |
| final String resource = propagations.get(0).getResource(); |
| |
| assertNotNull(status); |
| assertEquals(RESOURCE_NAME_CSV, resource); |
| assertFalse(status.isSuccessful()); |
| } |
| |
| @Test |
| public void issue288() { |
| UserTO userTO = getSampleTO("issue288@syncope.apache.org"); |
| userTO.addAttribute(attributeTO("aLong", "STRING")); |
| |
| try { |
| createUser(userTO); |
| fail(); |
| } catch (SyncopeClientCompositeErrorException sccee) { |
| assertNotNull(sccee.getException(SyncopeClientExceptionType.InvalidValues)); |
| } |
| } |
| |
| @Test |
| public void roleAttrPropagation() { |
| UserTO userTO = getUniqueSampleTO("checkRoleAttrPropagation@syncope.apache.org"); |
| userTO.getResources().clear(); |
| userTO.getMemberships().clear(); |
| userTO.getDerivedAttributes().clear(); |
| userTO.getVirtualAttributes().clear(); |
| |
| userTO.addDerivedAttribute(attributeTO("csvuserid", null)); |
| |
| MembershipTO membershipTO = new MembershipTO(); |
| membershipTO.setRoleId(1L); |
| |
| userTO.addMembership(membershipTO); |
| |
| userTO.addResource(RESOURCE_NAME_CSV); |
| |
| UserTO actual = createUser(userTO); |
| assertNotNull(actual); |
| assertNotNull(actual.getDerivedAttributeMap().get("csvuserid")); |
| |
| ConnObjectTO connObjectTO = |
| resourceService.getConnectorObject(RESOURCE_NAME_CSV, AttributableType.USER, actual.getId()); |
| assertNotNull(connObjectTO); |
| assertEquals("sx-dx", connObjectTO.getAttributeMap().get("ROLE").getValues().get(0)); |
| } |
| |
| @Test |
| public void membershipAttrPropagation() { |
| UserTO userTO = getUniqueSampleTO("checkMembAttrPropagation@syncope.apache.org"); |
| userTO.getResources().clear(); |
| userTO.getMemberships().clear(); |
| userTO.getDerivedAttributes().clear(); |
| userTO.getVirtualAttributes().clear(); |
| userTO.addDerivedAttribute(attributeTO("csvuserid", null)); |
| |
| MembershipTO membershipTO = new MembershipTO(); |
| membershipTO.setRoleId(1L); |
| membershipTO.addAttribute(attributeTO("mderived_sx", "sx")); |
| membershipTO.addAttribute(attributeTO("mderived_dx", "dx")); |
| membershipTO.addDerivedAttribute(attributeTO("mderToBePropagated", null)); |
| userTO.addMembership(membershipTO); |
| |
| userTO.addResource(RESOURCE_NAME_CSV); |
| |
| UserTO actual = createUser(userTO); |
| assertNotNull(actual); |
| assertNotNull(actual.getDerivedAttributeMap().get("csvuserid")); |
| |
| ConnObjectTO connObjectTO = |
| resourceService.getConnectorObject(RESOURCE_NAME_CSV, AttributableType.USER, actual.getId()); |
| assertNotNull(connObjectTO); |
| assertEquals("sx-dx", connObjectTO.getAttributeMap().get("MEMBERSHIP").getValues().get(0)); |
| } |
| |
| @Test |
| public void issueSYNCOPE108() { |
| UserTO userTO = getUniqueSampleTO("syncope108@syncope.apache.org"); |
| userTO.getResources().clear(); |
| userTO.getMemberships().clear(); |
| userTO.getDerivedAttributes().clear(); |
| userTO.getVirtualAttributes().clear(); |
| userTO.addDerivedAttribute(attributeTO("csvuserid", null)); |
| |
| MembershipTO memb12 = new MembershipTO(); |
| memb12.setRoleId(12L); |
| |
| userTO.addMembership(memb12); |
| |
| MembershipTO memb13 = new MembershipTO(); |
| memb13.setRoleId(13L); |
| |
| userTO.addMembership(memb13); |
| |
| userTO.addResource(RESOURCE_NAME_CSV); |
| |
| UserTO actual = createUser(userTO); |
| assertNotNull(actual); |
| assertEquals(2, actual.getMemberships().size()); |
| assertEquals(1, actual.getResources().size()); |
| |
| ConnObjectTO connObjectTO = |
| resourceService.getConnectorObject(RESOURCE_NAME_CSV, AttributableType.USER, actual.getId()); |
| assertNotNull(connObjectTO); |
| |
| // ----------------------------------- |
| // Remove the first membership: de-provisioning shouldn't happen |
| // ----------------------------------- |
| UserMod userMod = new UserMod(); |
| userMod.setId(actual.getId()); |
| |
| userMod.addMembershipToBeRemoved(actual.getMemberships().get(0).getId()); |
| |
| actual = userService.update(userMod.getId(), userMod); |
| assertNotNull(actual); |
| assertEquals(1, actual.getMemberships().size()); |
| |
| connObjectTO = resourceService.getConnectorObject(RESOURCE_NAME_CSV, AttributableType.USER, actual.getId()); |
| assertNotNull(connObjectTO); |
| // ----------------------------------- |
| |
| // ----------------------------------- |
| // Remove the resource assigned directly: de-provisioning shouldn't happen |
| // ----------------------------------- |
| userMod = new UserMod(); |
| userMod.setId(actual.getId()); |
| |
| userMod.addResourceToBeRemoved(actual.getResources().iterator().next()); |
| |
| actual = userService.update(userMod.getId(), userMod); |
| assertNotNull(actual); |
| assertEquals(1, actual.getMemberships().size()); |
| assertFalse(actual.getResources().isEmpty()); |
| |
| connObjectTO = resourceService.getConnectorObject(RESOURCE_NAME_CSV, AttributableType.USER, actual.getId()); |
| assertNotNull(connObjectTO); |
| // ----------------------------------- |
| |
| // ----------------------------------- |
| // Remove the first membership: de-provisioning should happen |
| // ----------------------------------- |
| userMod = new UserMod(); |
| userMod.setId(actual.getId()); |
| |
| userMod.addMembershipToBeRemoved(actual.getMemberships().get(0).getId()); |
| |
| actual = userService.update(userMod.getId(), userMod); |
| assertNotNull(actual); |
| assertTrue(actual.getMemberships().isEmpty()); |
| assertTrue(actual.getResources().isEmpty()); |
| |
| try { |
| resourceService.getConnectorObject(RESOURCE_NAME_CSV, AttributableType.USER, actual.getId()); |
| fail("Read should not succeeed"); |
| } catch (SyncopeClientCompositeErrorException e) { |
| assertNotNull(e.getException(SyncopeClientExceptionType.NotFound)); |
| } |
| } |
| |
| @Test |
| public void issueSYNCOPE111() { |
| UserTO userTO = getUniqueSampleTO("syncope111@syncope.apache.org"); |
| userTO.getResources().clear(); |
| userTO.getMemberships().clear(); |
| userTO.getDerivedAttributes().clear(); |
| userTO.getVirtualAttributes().clear(); |
| userTO.addDerivedAttribute(attributeTO("csvuserid", null)); |
| |
| MembershipTO memb12 = new MembershipTO(); |
| memb12.setRoleId(12L); |
| memb12.addAttribute(attributeTO("postalAddress", "postalAddress")); |
| userTO.addMembership(memb12); |
| |
| MembershipTO memb13 = new MembershipTO(); |
| memb13.setRoleId(13L); |
| userTO.addMembership(memb13); |
| |
| userTO.addResource(RESOURCE_NAME_LDAP); |
| |
| UserTO actual = createUser(userTO); |
| assertNotNull(actual); |
| assertEquals(2, actual.getMemberships().size()); |
| |
| ConnObjectTO connObjectTO = |
| resourceService.getConnectorObject(RESOURCE_NAME_LDAP, AttributableType.USER, actual.getId()); |
| assertNotNull(connObjectTO); |
| |
| AttributeTO postalAddress = connObjectTO.getAttributeMap().get("postalAddress"); |
| assertNotNull(postalAddress); |
| assertEquals(1, postalAddress.getValues().size()); |
| assertEquals("postalAddress", postalAddress.getValues().get(0)); |
| |
| AttributeTO title = connObjectTO.getAttributeMap().get("title"); |
| assertNotNull(title); |
| assertEquals(2, title.getValues().size()); |
| assertTrue(title.getValues().contains("r12") && title.getValues().contains("r13")); |
| |
| // ----------------------------------- |
| // Remove the first membership and check for membership attr propagation and role attr propagation |
| // ----------------------------------- |
| UserMod userMod = new UserMod(); |
| userMod.setId(actual.getId()); |
| |
| MembershipTO membershipTO = actual.getMemberships().get(0).getRoleId() == 12L |
| ? actual.getMemberships().get(0) |
| : actual.getMemberships().get(1); |
| |
| userMod.addMembershipToBeRemoved(membershipTO.getId()); |
| |
| actual = userService.update(userMod.getId(), userMod); |
| assertNotNull(actual); |
| assertEquals(1, actual.getMemberships().size()); |
| |
| connObjectTO = resourceService.getConnectorObject(RESOURCE_NAME_LDAP, AttributableType.USER, actual.getId()); |
| assertNotNull(connObjectTO); |
| |
| postalAddress = connObjectTO.getAttributeMap().get("postalAddress"); |
| assertTrue(postalAddress == null || postalAddress.getValues().isEmpty() |
| || StringUtils.hasText(postalAddress.getValues().get(0))); |
| |
| title = connObjectTO.getAttributeMap().get("title"); |
| assertNotNull(title); |
| assertEquals(1, title.getValues().size()); |
| assertTrue(title.getValues().contains("r13")); |
| // ----------------------------------- |
| } |
| |
| @Test |
| public void issueSYNCOPE185() { |
| // 1. create user with LDAP resource, succesfully propagated |
| UserTO userTO = getSampleTO("syncope185@syncope.apache.org"); |
| userTO.getVirtualAttributes().clear(); |
| userTO.addResource(RESOURCE_NAME_LDAP); |
| |
| userTO = createUser(userTO); |
| assertNotNull(userTO); |
| assertFalse(userTO.getPropagationStatusTOs().isEmpty()); |
| assertEquals(RESOURCE_NAME_LDAP, userTO.getPropagationStatusTOs().get(0).getResource()); |
| assertEquals(PropagationTaskExecStatus.SUCCESS, userTO.getPropagationStatusTOs().get(0).getStatus()); |
| |
| // 2. delete this user |
| userService.delete(userTO.getId()); |
| |
| // 3. try (and fail) to find this user on the external LDAP resource |
| try { |
| resourceService.getConnectorObject(RESOURCE_NAME_LDAP, AttributableType.USER, userTO.getId()); |
| fail("This entry should not be present on this resource"); |
| } catch (SyncopeClientCompositeErrorException sccee) { |
| SyncopeClientException sce = sccee.getException(SyncopeClientExceptionType.NotFound); |
| assertNotNull(sce); |
| } |
| } |
| |
| @Test() |
| public void issueSYNCOPE51() { |
| ConfigurationTO defaultConfigurationTO = configurationService.read("password.cipher.algorithm"); |
| |
| ConfigurationTO configurationTO = new ConfigurationTO(); |
| configurationTO.setKey("password.cipher.algorithm"); |
| configurationTO.setValue("MD5"); |
| |
| configurationService.update(configurationTO.getKey(), configurationTO); |
| ConfigurationTO newConfTO = configurationService.read(configurationTO.getKey()); |
| |
| assertEquals(configurationTO, newConfTO); |
| |
| UserTO userTO = getSampleTO("syncope51@syncope.apache.org"); |
| userTO.setPassword("password"); |
| |
| try { |
| createUser(userTO); |
| fail("Create user should not succeed"); |
| } catch (SyncopeClientCompositeErrorException e) { |
| assertTrue(e.getException(SyncopeClientExceptionType.NotFound).getElements().iterator().next() |
| .contains("MD5")); |
| } |
| |
| configurationService.update(defaultConfigurationTO.getKey(), defaultConfigurationTO); |
| ConfigurationTO oldConfTO = configurationService.read(defaultConfigurationTO.getKey()); |
| |
| assertEquals(defaultConfigurationTO, oldConfTO); |
| } |
| |
| @Test |
| public void issueSYNCOPE267() { |
| // ---------------------------------- |
| // create user and check virtual attribute value propagation |
| // ---------------------------------- |
| UserTO userTO = getUniqueSampleTO("syncope267@apache.org"); |
| userTO.getResources().clear(); |
| userTO.addResource(RESOURCE_NAME_DBVIRATTR); |
| |
| userTO = createUser(userTO); |
| assertNotNull(userTO); |
| assertFalse(userTO.getPropagationStatusTOs().isEmpty()); |
| assertEquals(RESOURCE_NAME_DBVIRATTR, userTO.getPropagationStatusTOs().get(0).getResource()); |
| assertEquals(PropagationTaskExecStatus.SUBMITTED, userTO.getPropagationStatusTOs().get(0).getStatus()); |
| |
| ConnObjectTO connObjectTO = |
| resourceService.getConnectorObject(RESOURCE_NAME_DBVIRATTR, AttributableType.USER, userTO.getId()); |
| assertNotNull(connObjectTO); |
| assertEquals("virtualvalue", connObjectTO.getAttributeMap().get("USERNAME").getValues().get(0)); |
| // ---------------------------------- |
| |
| userTO = userService.read(userTO.getId()); |
| |
| assertNotNull(userTO); |
| assertEquals(1, userTO.getVirtualAttributes().size()); |
| assertEquals("virtualvalue", userTO.getVirtualAttributes().get(0).getValues().get(0)); |
| } |
| |
| @Test |
| public void issueSYNCOPE266() { |
| UserTO userTO = getUniqueSampleTO("syncope266@apache.org"); |
| userTO.getResources().clear(); |
| |
| userTO = createUser(userTO); |
| assertNotNull(userTO); |
| |
| UserMod userMod = new UserMod(); |
| userMod.setId(userTO.getId()); |
| |
| // this resource has not a mapping for Password |
| userMod.addResourceToBeAdded(RESOURCE_NAME_UPDATE); |
| |
| userTO = userService.update(userTO.getId(), userMod); |
| assertNotNull(userTO); |
| } |
| |
| @Test |
| public void issueSYNCOPE279() { |
| UserTO userTO = getUniqueSampleTO("syncope279@apache.org"); |
| userTO.getResources().clear(); |
| userTO.addResource(RESOURCE_NAME_TIMEOUT); |
| userTO = createUser(userTO); |
| assertEquals(RESOURCE_NAME_TIMEOUT, userTO.getPropagationStatusTOs().get(0).getResource()); |
| assertNotNull(userTO.getPropagationStatusTOs().get(0).getFailureReason()); |
| assertEquals(PropagationTaskExecStatus.UNSUBMITTED, userTO.getPropagationStatusTOs().get(0).getStatus()); |
| } |
| |
| @Test |
| public void issueSYNCOPE122() { |
| // 1. create user on testdb and testdb2 |
| UserTO userTO = getUniqueSampleTO("syncope122@apache.org"); |
| userTO.getResources().clear(); |
| userTO.addResource(RESOURCE_NAME_TESTDB); |
| userTO.addResource(RESOURCE_NAME_TESTDB2); |
| try { |
| userTO = createUser(userTO); |
| } catch (SyncopeClientCompositeErrorException scce) { |
| // TODO Dirty workaround for AUTO generation Id strategy problem in AbstractVirAttr. |
| // Must be removed after fix of SYNCOPE-298 |
| SyncopeClientException sce = scce.getException(SyncopeClientExceptionType.DataIntegrityViolation); |
| assertNotNull(sce); |
| return; |
| } |
| assertNotNull(userTO); |
| assertTrue(userTO.getResources().contains(RESOURCE_NAME_TESTDB)); |
| assertTrue(userTO.getResources().contains(RESOURCE_NAME_TESTDB2)); |
| |
| final String pwdOnSyncope = userTO.getPassword(); |
| |
| ConnObjectTO userOnDb = resourceService.getConnectorObject( |
| RESOURCE_NAME_TESTDB, AttributableType.USER, userTO.getId()); |
| final AttributeTO pwdOnTestDbAttr = userOnDb.getAttributeMap().get(OperationalAttributes.PASSWORD_NAME); |
| assertNotNull(pwdOnTestDbAttr); |
| assertNotNull(pwdOnTestDbAttr.getValues()); |
| assertFalse(pwdOnTestDbAttr.getValues().isEmpty()); |
| final String pwdOnTestDb = pwdOnTestDbAttr.getValues().iterator().next(); |
| |
| ConnObjectTO userOnDb2 = resourceService.getConnectorObject( |
| RESOURCE_NAME_TESTDB2, AttributableType.USER, userTO.getId()); |
| final AttributeTO pwdOnTestDb2Attr = userOnDb2.getAttributeMap().get(OperationalAttributes.PASSWORD_NAME); |
| assertNotNull(pwdOnTestDb2Attr); |
| assertNotNull(pwdOnTestDb2Attr.getValues()); |
| assertFalse(pwdOnTestDb2Attr.getValues().isEmpty()); |
| final String pwdOnTestDb2 = pwdOnTestDb2Attr.getValues().iterator().next(); |
| |
| // 2. request to change password only on testdb (no Syncope, no testdb2) |
| UserMod userMod = new UserMod(); |
| userMod.setId(userTO.getId()); |
| userMod.setPassword(getUUIDString()); |
| PropagationRequestTO pwdPropRequest = new PropagationRequestTO(); |
| pwdPropRequest.addResource(RESOURCE_NAME_TESTDB); |
| userMod.setPwdPropRequest(pwdPropRequest); |
| |
| userTO = userService.update(userMod.getId(), userMod); |
| |
| // 3a. Chech that only a single propagation took place |
| assertNotNull(userTO.getPropagationStatusTOs()); |
| assertEquals(1, userTO.getPropagationStatusTOs().size()); |
| assertEquals(RESOURCE_NAME_TESTDB, userTO.getPropagationStatusTOs().iterator().next().getResource()); |
| |
| // 3b. verify that password hasn't changed on Syncope |
| assertEquals(pwdOnSyncope, userTO.getPassword()); |
| |
| // 3c. verify that password *has* changed on testdb |
| userOnDb = resourceService.getConnectorObject(RESOURCE_NAME_TESTDB, AttributableType.USER, userTO.getId()); |
| final AttributeTO pwdOnTestDbAttrAfter = userOnDb.getAttributeMap().get(OperationalAttributes.PASSWORD_NAME); |
| assertNotNull(pwdOnTestDbAttrAfter); |
| assertNotNull(pwdOnTestDbAttrAfter.getValues()); |
| assertFalse(pwdOnTestDbAttrAfter.getValues().isEmpty()); |
| assertNotEquals(pwdOnTestDb, pwdOnTestDbAttrAfter.getValues().iterator().next()); |
| |
| // 3d. verify that password hasn't changed on testdb2 |
| userOnDb2 = resourceService.getConnectorObject(RESOURCE_NAME_TESTDB2, AttributableType.USER, userTO.getId()); |
| final AttributeTO pwdOnTestDb2AttrAfter = userOnDb2.getAttributeMap().get(OperationalAttributes.PASSWORD_NAME); |
| assertNotNull(pwdOnTestDb2AttrAfter); |
| assertNotNull(pwdOnTestDb2AttrAfter.getValues()); |
| assertFalse(pwdOnTestDb2AttrAfter.getValues().isEmpty()); |
| assertEquals(pwdOnTestDb2, pwdOnTestDb2AttrAfter.getValues().iterator().next()); |
| } |
| |
| @Test |
| public void isseSYNCOPE136AES() { |
| // 1. read configured cipher algorithm in order to be able to restore it at the end of test |
| ConfigurationTO pwdCipherAlgo = configurationService.read("password.cipher.algorithm"); |
| final String origpwdCipherAlgo = pwdCipherAlgo.getValue(); |
| |
| // 2. set AES password cipher algorithm |
| pwdCipherAlgo.setValue("AES"); |
| configurationService.update(pwdCipherAlgo.getKey(), pwdCipherAlgo); |
| |
| // 3. create user with no resources |
| UserTO userTO = getUniqueSampleTO("syncope136_AES@apache.org"); |
| userTO.getResources().clear(); |
| |
| userTO = userService.create(userTO).readEntity(UserTO.class); |
| assertNotNull(userTO); |
| |
| // 4. update user, assign a propagation primary resource but don't provide any password |
| UserMod userMod = new UserMod(); |
| userMod.setId(userTO.getId()); |
| userMod.addResourceToBeAdded(RESOURCE_NAME_WS1); |
| |
| userTO = userService.update(userMod.getId(), userMod); |
| assertNotNull(userTO); |
| |
| // 5. verify that propagation was successful |
| List<PropagationStatusTO> props = userTO.getPropagationStatusTOs(); |
| assertNotNull(props); |
| assertEquals(1, props.size()); |
| PropagationStatusTO prop = props.iterator().next(); |
| assertNotNull(prop); |
| assertEquals(RESOURCE_NAME_WS1, prop.getResource()); |
| assertEquals(PropagationTaskExecStatus.SUBMITTED, prop.getStatus()); |
| |
| // 6. restore initial cipher algorithm |
| pwdCipherAlgo.setValue(origpwdCipherAlgo); |
| configurationService.update(pwdCipherAlgo.getKey(), pwdCipherAlgo); |
| } |
| |
| @Test |
| public void isseSYNCOPE136Random() { |
| // 1. create user with no resources |
| UserTO userTO = getUniqueSampleTO("syncope136_Random@apache.org"); |
| userTO.getResources().clear(); |
| |
| userTO = userService.create(userTO).readEntity(UserTO.class); |
| assertNotNull(userTO); |
| |
| // 2. update user, assign a propagation primary resource but don't provide any password |
| UserMod userMod = new UserMod(); |
| userMod.setId(userTO.getId()); |
| userMod.addResourceToBeAdded(RESOURCE_NAME_LDAP); |
| |
| userTO = userService.update(userMod.getId(), userMod); |
| assertNotNull(userTO); |
| |
| // 3. verify that propagation was successful |
| List<PropagationStatusTO> props = userTO.getPropagationStatusTOs(); |
| assertNotNull(props); |
| assertEquals(1, props.size()); |
| PropagationStatusTO prop = props.iterator().next(); |
| assertNotNull(prop); |
| assertEquals(RESOURCE_NAME_LDAP, prop.getResource()); |
| assertEquals(PropagationTaskExecStatus.SUCCESS, prop.getStatus()); |
| } |
| |
| @Test |
| public void mappingPurpose() { |
| UserTO userTO = getUniqueSampleTO("mpurpose@apache.org"); |
| |
| AttributeTO csvuserid = new AttributeTO(); |
| csvuserid.setSchema("csvuserid"); |
| userTO.addDerivedAttribute(csvuserid); |
| |
| userTO.getResources().clear(); |
| userTO.addResource(RESOURCE_NAME_CSV); |
| |
| UserTO actual = createUser(userTO); |
| assertNotNull(actual); |
| |
| ConnObjectTO connObjectTO = |
| resourceService.getConnectorObject(RESOURCE_NAME_CSV, AttributableType.USER, actual.getId()); |
| assertNull(connObjectTO.getAttributeMap().get("email")); |
| } |
| |
| @Test |
| public void issueSYNCOPE265() { |
| for (long i = 1; i <= 5; i++) { |
| UserMod userMod = new UserMod(); |
| userMod.setId(i); |
| |
| AttributeMod attributeMod = new AttributeMod(); |
| attributeMod.setSchema("type"); |
| attributeMod.addValueToBeAdded("a type"); |
| |
| userMod.addAttributeToBeRemoved("type"); |
| userMod.addAttributeToBeUpdated(attributeMod); |
| |
| UserTO userTO = userService.update(i, userMod); |
| assertEquals("a type", userTO.getAttributeMap().get("type").getValues().get(0)); |
| } |
| } |
| |
| @Test |
| public void bulkActions() { |
| final BulkAction bulkAction = new BulkAction(); |
| |
| for (int i = 0; i < 10; i++) { |
| UserTO userTO = getUniqueSampleTO("bulk_" + i + "@apache.org"); |
| bulkAction.addTarget(String.valueOf(createUser(userTO).getId())); |
| } |
| |
| // check for a fail |
| bulkAction.addTarget(String.valueOf(Long.MAX_VALUE)); |
| |
| assertEquals(11, bulkAction.size()); |
| |
| bulkAction.setOperation(BulkAction.Type.SUSPEND); |
| BulkActionRes res = userService.bulkAction(bulkAction); |
| assertEquals(10, res.getResultByStatus(Status.SUCCESS).size()); |
| assertEquals(1, res.getResultByStatus(Status.FAILURE).size()); |
| assertEquals("suspended", userService.read( |
| Long.parseLong(res.getResultByStatus(Status.SUCCESS).get(3).toString())).getStatus()); |
| |
| bulkAction.setOperation(BulkAction.Type.REACTIVATE); |
| res = userService.bulkAction(bulkAction); |
| assertEquals(10, res.getResultByStatus(Status.SUCCESS).size()); |
| assertEquals(1, res.getResultByStatus(Status.FAILURE).size()); |
| assertEquals("active", userService.read( |
| Long.parseLong(res.getResultByStatus(Status.SUCCESS).get(3).toString())).getStatus()); |
| |
| bulkAction.setOperation(BulkAction.Type.DELETE); |
| res = userService.bulkAction(bulkAction); |
| assertEquals(10, res.getResultByStatus(Status.SUCCESS).size()); |
| assertEquals(1, res.getResultByStatus(Status.FAILURE).size()); |
| } |
| |
| @Test |
| public void issueSYNCOPE354() { |
| // change resource-ldap role mapping for including uniqueMember (need for assertions below) |
| ResourceTO ldap = resourceService.read(RESOURCE_NAME_LDAP); |
| for (MappingItemTO item : ldap.getRmapping().getItems()) { |
| if ("description".equals(item.getExtAttrName())) { |
| item.setExtAttrName("uniqueMember"); |
| } |
| } |
| resourceService.update(ldap.getName(), ldap); |
| |
| // 1. create role with LDAP resource |
| RoleTO roleTO = new RoleTO(); |
| roleTO.setName("SYNCOPE354-" + getUUIDString()); |
| roleTO.setParent(8L); |
| roleTO.addResource(RESOURCE_NAME_LDAP); |
| |
| roleTO = createRole(roleService, roleTO); |
| assertNotNull(roleTO); |
| |
| // 2. create user with LDAP resource and membership of the above role |
| UserTO userTO = getUniqueSampleTO("syncope354@syncope.apache.org"); |
| userTO.addResource(RESOURCE_NAME_LDAP); |
| MembershipTO membershipTO = new MembershipTO(); |
| membershipTO.setRoleId(roleTO.getId()); |
| userTO.addMembership(membershipTO); |
| |
| userTO = createUser(userTO); |
| assertTrue(userTO.getResources().contains(RESOURCE_NAME_LDAP)); |
| |
| // 3. read role on resource, check that user DN is included in uniqueMember |
| ConnObjectTO connObj = resourceService.getConnectorObject( |
| RESOURCE_NAME_LDAP, AttributableType.ROLE, roleTO.getId()); |
| assertNotNull(connObj); |
| assertTrue(connObj.getAttributeMap().get("uniqueMember").getValues(). |
| contains("uid=" + userTO.getUsername() + ",ou=people,o=isp")); |
| |
| // 4. remove membership |
| UserMod userMod = new UserMod(); |
| userMod.setId(userTO.getId()); |
| userMod.addMembershipToBeRemoved(userTO.getMemberships().iterator().next().getId()); |
| |
| userTO = userService.update(userMod.getId(), userMod); |
| assertTrue(userTO.getResources().contains(RESOURCE_NAME_LDAP)); |
| |
| // 5. read role on resource, check that user DN was removed from uniqueMember |
| connObj = resourceService.getConnectorObject(RESOURCE_NAME_LDAP, AttributableType.ROLE, roleTO.getId()); |
| assertNotNull(connObj); |
| assertFalse(connObj.getAttributeMap().get("uniqueMember").getValues(). |
| contains("uid=" + userTO.getUsername() + ",ou=people,o=isp")); |
| |
| // 6. restore original resource-ldap role mapping |
| for (MappingItemTO item : ldap.getRmapping().getItems()) { |
| if ("uniqueMember".equals(item.getExtAttrName())) { |
| item.setExtAttrName("description"); |
| } |
| } |
| resourceService.update(ldap.getName(), ldap); |
| } |
| |
| @Test |
| public void issueSYNCOPE357() { |
| // 1. create role with LDAP resource |
| RoleTO roleTO = new RoleTO(); |
| roleTO.setName("SYNCOPE357-" + getUUIDString()); |
| roleTO.setParent(8L); |
| roleTO.addResource(RESOURCE_NAME_LDAP); |
| |
| roleTO = createRole(roleService, roleTO); |
| assertNotNull(roleTO); |
| |
| // 2. create user with membership of the above role |
| UserTO userTO = getUniqueSampleTO("syncope357@syncope.apache.org"); |
| MembershipTO membershipTO = new MembershipTO(); |
| membershipTO.setRoleId(roleTO.getId()); |
| userTO.addMembership(membershipTO); |
| |
| userTO = createUser(userTO); |
| assertTrue(userTO.getResources().contains(RESOURCE_NAME_LDAP)); |
| |
| // 3. read user on resource |
| ConnObjectTO connObj = resourceService.getConnectorObject( |
| RESOURCE_NAME_LDAP, AttributableType.USER, userTO.getId()); |
| assertNotNull(connObj); |
| |
| // 4. remove role |
| roleService.delete(roleTO.getId()); |
| |
| // 5. try to read user on resource: fail |
| try { |
| resourceService.getConnectorObject(RESOURCE_NAME_LDAP, AttributableType.USER, userTO.getId()); |
| fail(); |
| } catch (SyncopeClientCompositeErrorException scce) { |
| assertNotNull(scce.getException(SyncopeClientExceptionType.NotFound)); |
| } |
| } |
| |
| @Test |
| public void issueSYNCOPE373() { |
| UserTO userTO = userService.readSelf(); |
| assertEquals(ADMIN_UNAME, userTO.getUsername()); |
| } |
| |
| @Test |
| public void issueSYNCOPE383() { |
| // 1. create user without resources |
| UserTO userTO = getUniqueSampleTO("syncope383@apache.org"); |
| userTO.getResources().clear(); |
| userTO = createUser(userTO); |
| assertNotNull(userTO); |
| |
| // 2. assign resource without specifying a new pwd and check propagation failure |
| UserMod userMod = new UserMod(); |
| userMod.setId(userTO.getId()); |
| userMod.addResourceToBeAdded(RESOURCE_NAME_TESTDB); |
| userTO = userService.update(userMod.getId(), userMod); |
| assertEquals(RESOURCE_NAME_TESTDB, userTO.getResources().iterator().next()); |
| assertFalse(userTO.getPropagationStatusTOs().get(0).getStatus().isSuccessful()); |
| assertNotNull(userTO.getPropagationStatusTOs().get(0).getFailureReason()); |
| |
| // 3. request to change password only on testdb |
| userMod = new UserMod(); |
| userMod.setId(userTO.getId()); |
| userMod.setPassword(getUUIDString()); |
| PropagationRequestTO pwdPropRequest = new PropagationRequestTO(); |
| pwdPropRequest.addResource(RESOURCE_NAME_TESTDB); |
| userMod.setPwdPropRequest(pwdPropRequest); |
| |
| userTO = userService.update(userMod.getId(), userMod); |
| assertEquals(RESOURCE_NAME_TESTDB, userTO.getResources().iterator().next()); |
| assertTrue(userTO.getPropagationStatusTOs().get(0).getStatus().isSuccessful()); |
| } |
| |
| @Test |
| public void issueSYNCOPE402() { |
| // 1. create an user with strict mandatory attributes only |
| UserTO userTO = new UserTO(); |
| String userId = getUUIDString() + "syncope402@syncope.apache.org"; |
| userTO.setUsername(userId); |
| userTO.setPassword("password"); |
| |
| userTO.addAttribute(attributeTO("userId", userId)); |
| userTO.addAttribute(attributeTO("fullname", userId)); |
| userTO.addAttribute(attributeTO("surname", userId)); |
| |
| userTO = createUser(userTO); |
| assertNotNull(userTO); |
| assertTrue(userTO.getResources().isEmpty()); |
| |
| //2. update assigning a resource NOT forcing mandatory constraints |
| // AND primary: must fail with PropagationException |
| UserMod userMod = new UserMod(); |
| userMod.setId(userTO.getId()); |
| userMod.setPassword("newPassword"); |
| userMod.addResourceToBeAdded(RESOURCE_NAME_WS1); |
| userMod.addResourceToBeAdded(RESOURCE_NAME_TESTDB); |
| userTO = userService.update(userMod.getId(), userMod); |
| assertEquals(RESOURCE_NAME_WS1, userTO.getPropagationStatusTOs().get(1).getResource()); |
| assertNotNull(userTO.getPropagationStatusTOs().get(1).getFailureReason()); |
| assertEquals(PropagationTaskExecStatus.UNSUBMITTED, userTO.getPropagationStatusTOs().get(1).getStatus()); |
| } |
| |
| @Test |
| public void issueSYNCOPE420() { |
| UserTO userTO = getUniqueSampleTO("syncope420@syncope.apache.org"); |
| userTO.getAttributes().add(attributeTO("makeItDouble", "3")); |
| |
| userTO = createUser(userTO); |
| assertEquals("6", userTO.getAttributeMap().get("makeItDouble").getValues().get(0)); |
| |
| UserMod userMod = new UserMod(); |
| userMod.setId(userTO.getId()); |
| userMod.getAttributesToBeRemoved().add("makeItDouble"); |
| userMod.getAttributesToBeUpdated().add(attributeMod("makeItDouble", "7")); |
| |
| userTO = userService.update(userMod.getId(), userMod); |
| assertEquals("14", userTO.getAttributeMap().get("makeItDouble").getValues().get(0)); |
| } |
| |
| @Test |
| public void issueSYNCOPE426() { |
| UserTO userTO = getUniqueSampleTO("syncope426@syncope.apache.org"); |
| userTO = createUser(userTO); |
| assertNotNull(userTO); |
| |
| UserMod userMod = new UserMod(); |
| userMod.setPassword("anotherPassword123"); |
| userTO = userService.update(userTO.getId(), userMod); |
| assertNotNull(userTO); |
| } |
| |
| @Test |
| public void issueSYNCOPE435() { |
| // 1. try to create user without password - fail |
| UserTO userTO = getUniqueSampleTO("syncope435@syncope.apache.org"); |
| userTO.setPassword(null); |
| userTO.getMemberships().clear(); |
| |
| try { |
| createUser(userTO); |
| fail(); |
| } catch (SyncopeClientCompositeErrorException e) { |
| assertNotNull(e.getException(SyncopeClientExceptionType.InvalidSyncopeUser)); |
| } |
| |
| userTO.setPassword("password123"); |
| userTO = createUser(userTO); |
| assertNotNull(userTO); |
| |
| // 2. try to update user by subscribing a resource - works but propagation is not even attempted |
| UserMod userMod = new UserMod(); |
| userMod.getResourcesToBeAdded().add(RESOURCE_NAME_WS1); |
| |
| userTO = userService.update(userTO.getId(), userMod); |
| assertEquals(Collections.singleton(RESOURCE_NAME_WS1), userTO.getResources()); |
| assertFalse(userTO.getPropagationStatusTOs().get(0).getStatus().isSuccessful()); |
| assertTrue(userTO.getPropagationStatusTOs().get(0).getFailureReason(). |
| startsWith("Not attempted because there are mandatory attributes without value(s): [__PASSWORD__]")); |
| } |
| |
| @Test |
| public void issueSYNCOPE454() throws NamingException { |
| // 1. create user with LDAP resource (with 'Generate password if missing' enabled) |
| UserTO userTO = getUniqueSampleTO("syncope454@syncope.apache.org"); |
| userTO.getResources().add(RESOURCE_NAME_LDAP); |
| userTO = createUser(userTO); |
| assertNotNull(userTO); |
| |
| // 2. read resource configuration for LDAP binding |
| ConnObjectTO connObject = |
| resourceService.getConnectorObject(RESOURCE_NAME_LDAP, AttributableType.USER, userTO.getId()); |
| |
| // 3. try (and succeed) to perform simple LDAP binding with provided password ('password123') |
| assertNotNull(getLdapRemoteObject( |
| connObject.getAttributeMap().get(Name.NAME).getValues().get(0), |
| "password123", |
| connObject.getAttributeMap().get(Name.NAME).getValues().get(0))); |
| |
| // 4. update user without any password change request |
| UserMod userMod = new UserMod(); |
| userMod.setId(userTO.getId()); |
| userMod.setPwdPropRequest(new PropagationRequestTO()); |
| userMod.getAttributesToBeUpdated().add(attributeMod("surname", "surname2")); |
| |
| userService.update(userTO.getId(), userMod); |
| |
| // 5. try (and succeed again) to perform simple LDAP binding: password has not changed |
| assertNotNull(getLdapRemoteObject( |
| connObject.getAttributeMap().get(Name.NAME).getValues().get(0), |
| "password123", |
| connObject.getAttributeMap().get(Name.NAME).getValues().get(0))); |
| } |
| |
| private boolean getBooleanAttribute(final ConnObjectTO connObjectTO, final String attrName) { |
| return Boolean.parseBoolean(getStringAttribute(connObjectTO, attrName)); |
| } |
| |
| private String getStringAttribute(final ConnObjectTO connObjectTO, final String attrName) { |
| return connObjectTO.getAttributeMap().get(attrName).getValues().get(0); |
| } |
| |
| private long getMaxTaskId(final List<PropagationTaskTO> tasks) { |
| long newMaxId = Long.MIN_VALUE; |
| for (PropagationTaskTO task : tasks) { |
| if (task.getId() > newMaxId) { |
| newMaxId = task.getId(); |
| } |
| } |
| return newMaxId; |
| } |
| |
| @Test |
| public void issueSYNCOPE1102() { |
| UserTO userTO = getUniqueSampleTO("a@gmail.com"); |
| userTO = createUser(userTO); |
| assertNotNull(userTO.getId()); |
| |
| UserMod userMod = new UserMod(); |
| userMod.setId(userTO.getId()); |
| |
| AttributeMod userIdMod = new AttributeMod(); |
| userIdMod.setSchema("userId"); |
| userIdMod.getValuesToBeAdded().add("b" + userTO.getUsername()); |
| userIdMod.getValuesToBeRemoved().add(userTO.getUsername()); |
| userMod.getAttributesToBeUpdated().add(userIdMod); |
| |
| userTO = userService.update(userMod.getId(), userMod); |
| assertEquals("b" + userTO.getUsername(), userTO.getAttributeMap().get("userId").getValues().get(0)); |
| |
| userService.delete(100L); |
| } |
| } |