Examples with IdmAccountDto eu.bcvsolutions.idm.core.api.dto.IdmAccountDto used on opensource projects

Example 1 with IdmAccountDto

use of eu.bcvsolutions.idm.core.api.dto.IdmAccountDto in project CzechIdMng by bcvsolutions.

the class AbstractIdentityPasswordProcessor method process.

@Override
public EventResult<IdmIdentityDto> process(EntityEvent<IdmIdentityDto> event) {
    IdmIdentityDto identity = event.getContent();
    PasswordChangeDto passwordChangeDto = (PasswordChangeDto) event.getProperties().get(PROPERTY_PASSWORD_CHANGE_DTO);
    Assert.notNull(passwordChangeDto);
    // 
    if (passwordChangeDto.isIdm()) {
        // change identity's password
        savePassword(identity, passwordChangeDto);
        Map<String, Object> parameters = new LinkedHashMap<>();
        parameters.put("account", new IdmAccountDto(identity.getId(), true, identity.getUsername()));
        return new DefaultEventResult.Builder<>(event, this).setResult(new OperationResult.Builder(OperationState.EXECUTED).setModel(new DefaultResultModel(CoreResultCode.PASSWORD_CHANGE_ACCOUNT_SUCCESS, parameters)).build()).build();
    }
    return new DefaultEventResult<>(event, this);
}

Example 2 with IdmAccountDto

use of eu.bcvsolutions.idm.core.api.dto.IdmAccountDto in project CzechIdMng by bcvsolutions.

the class IdentitySetPasswordProcessor method process.

@Override
public EventResult<IdmIdentityDto> process(EntityEvent<IdmIdentityDto> event) {
    IdmIdentityDto previousIdentity = event.getOriginalSource();
    IdmIdentityDto newIdentity = event.getContent();
    if (stateStarting(previousIdentity, newIdentity) && hasAccount(newIdentity)) {
        // change password for all systems
        PasswordChangeDto passwordChangeDto = new PasswordChangeDto();
        // 
        // public password change password for all system including idm
        passwordChangeDto.setAll(true);
        passwordChangeDto.setIdm(true);
        // TODO: how to generate password for all system policies
        GuardedString password = new GuardedString(passwordPolicyService.generatePasswordByDefault());
        passwordChangeDto.setNewPassword(password);
        // 
        List<OperationResult> results = identityService.passwordChange(newIdentity, passwordChangeDto);
        // 
        List<IdmAccountDto> successAccounts = new ArrayList<>();
        List<OperationResult> failureResults = new ArrayList<>();
        List<String> systemNames = new ArrayList<>();
        results.forEach(result -> {
            if (result.getModel() != null) {
                boolean success = result.getModel().getStatusEnum().equals(CoreResultCode.PASSWORD_CHANGE_ACCOUNT_SUCCESS.name());
                if (success) {
                    IdmAccountDto account = (IdmAccountDto) result.getModel().getParameters().get(IdmAccountDto.PARAMETER_NAME);
                    systemNames.add(account.getSystemName());
                    successAccounts.add(account);
                } else {
                    // exception is logged before
                    failureResults.add(result);
                }
            }
        });
        // send notification if at least one system success
        if (!successAccounts.isEmpty()) {
            notificationManager.send(CoreModuleDescriptor.TOPIC_PASSWORD_CHANGED, new IdmMessageDto.Builder().setLevel(NotificationLevel.SUCCESS).addParameter("successSystemNames", StringUtils.join(systemNames, ", ")).addParameter("successAccounts", successAccounts).addParameter("failureResults", failureResults).addParameter("name", identityService.getNiceLabel(newIdentity)).addParameter("password", password).build(), newIdentity);
        }
    }
    return new DefaultEventResult<>(event, this);
}

Example 3 with IdmAccountDto

use of eu.bcvsolutions.idm.core.api.dto.IdmAccountDto in project CzechIdMng by bcvsolutions.

the class AbstractProvisioningExecutor method changePassword.

@Override
public List<OperationResult> changePassword(DTO dto, PasswordChangeDto passwordChange) {
    Assert.notNull(dto);
    Assert.notNull(dto.getId(), "Password can be changed, when dto is already persisted.");
    Assert.notNull(passwordChange);
    List<SysProvisioningOperationDto> preparedOperations = new ArrayList<>();
    // 
    EntityAccountFilter filter = this.createEntityAccountFilter();
    filter.setEntityId(dto.getId());
    List<? extends EntityAccountDto> entityAccountList = getEntityAccountService().find(filter, null).getContent();
    if (entityAccountList == null) {
        return Collections.<OperationResult>emptyList();
    }
    // Distinct by accounts
    List<UUID> accountIds = new ArrayList<>();
    entityAccountList.stream().filter(entityAccount -> {
        if (!entityAccount.isOwnership()) {
            return false;
        }
        if (passwordChange.isAll()) {
            // Add all account supports change password
            if (entityAccount.getAccount() == null) {
                return false;
            }
            // Check if system for this account support change password
            AccAccountFilter accountFilter = new AccAccountFilter();
            accountFilter.setSupportChangePassword(Boolean.TRUE);
            accountFilter.setId(entityAccount.getAccount());
            List<AccAccountDto> accountsChecked = accountService.find(accountFilter, null).getContent();
            if (accountsChecked.size() == 1) {
                return true;
            }
            return false;
        } else {
            return passwordChange.getAccounts().contains(entityAccount.getAccount().toString());
        }
    }).forEach(entityAccount -> {
        if (!accountIds.contains(entityAccount.getAccount())) {
            accountIds.add(entityAccount.getAccount());
        }
    });
    // 
    List<AccAccountDto> accounts = new ArrayList<>();
    accountIds.forEach(accountId -> {
        AccAccountDto account = accountService.get(accountId);
        accounts.add(account);
        // find uid from system entity or from account
        String uid = account.getUid();
        SysSystemDto system = DtoUtils.getEmbedded(account, AccAccount_.system, SysSystemDto.class);
        SysSystemEntityDto systemEntity = systemEntityService.get(account.getSystemEntity());
        // 
        // Find mapped attributes (include overloaded attributes)
        List<AttributeMapping> finalAttributes = resolveMappedAttributes(account, dto, system, systemEntity.getEntityType());
        if (CollectionUtils.isEmpty(finalAttributes)) {
            return;
        }
        // We try find __PASSWORD__ attribute in mapped attributes
        Optional<? extends AttributeMapping> attriubuteHandlingOptional = finalAttributes.stream().filter((attribute) -> {
            SysSchemaAttributeDto schemaAttributeDto = getSchemaAttribute(attribute);
            return ProvisioningService.PASSWORD_SCHEMA_PROPERTY_NAME.equals(schemaAttributeDto.getName());
        }).findFirst();
        if (!attriubuteHandlingOptional.isPresent()) {
            throw new ProvisioningException(AccResultCode.PROVISIONING_PASSWORD_FIELD_NOT_FOUND, ImmutableMap.of("uid", uid, "system", system.getName()));
        }
        AttributeMapping mappedAttribute = attriubuteHandlingOptional.get();
        // 
        // add all account attributes => standard provisioning
        SysProvisioningOperationDto additionalProvisioningOperation = null;
        List<AttributeMapping> additionalPasswordChangeAttributes = resolveAdditionalPasswordChangeAttributes(account, dto, system, systemEntity.getEntityType());
        if (!additionalPasswordChangeAttributes.isEmpty()) {
            additionalProvisioningOperation = prepareProvisioning(systemEntity, dto, dto.getId(), ProvisioningOperationType.UPDATE, additionalPasswordChangeAttributes);
        }
        // 
        // password change operation
        SysProvisioningOperationDto operation;
        if (provisioningExecutor.getConfiguration().isSendPasswordAttributesTogether() && additionalProvisioningOperation != null) {
            // all attributes as start
            operation = additionalProvisioningOperation;
            // 
            // add wish for password
            ProvisioningAttributeDto passwordAttribute = ProvisioningAttributeDto.createProvisioningAttributeKey(mappedAttribute, schemaAttributeService.get(mappedAttribute.getSchemaAttribute()).getName());
            Object value = passwordChange.getNewPassword();
            if (!mappedAttribute.isEntityAttribute() && !mappedAttribute.isExtendedAttribute()) {
            // If is attribute handling resolve as constant, then we
            // don't want
            // do transformation again (was did in getAttributeValue)
            } else {
                value = attributeMappingService.transformValueToResource(systemEntity.getUid(), value, mappedAttribute, dto);
            }
            operation.getProvisioningContext().getAccountObject().put(passwordAttribute, value);
            // 
            // do provisioning for additional attributes and password
            // together
            preparedOperations.add(operation);
        } else {
            // Change password on target system - only
            // TODO: refactor password change - use account wish instead
            // filling connector object attributes directly
            operation = prepareProvisioningForAttribute(systemEntity, mappedAttribute, passwordChange.getNewPassword(), ProvisioningOperationType.UPDATE, dto);
            preparedOperations.add(operation);
            // do provisioning for additional attributes in second
            if (additionalProvisioningOperation != null) {
                preparedOperations.add(additionalProvisioningOperation);
            }
        }
    });
    // execute prepared operations
    return preparedOperations.stream().map(operation -> {
        SysProvisioningOperationDto result = provisioningExecutor.executeSync(operation);
        Map<String, Object> parameters = new LinkedHashMap<String, Object>();
        AccAccountDto account = accounts.stream().filter(a -> {
            return a.getUid().equals(result.getSystemEntityUid()) && a.getSystem().equals(operation.getSystem());
        }).findFirst().get();
        SysSystemDto system = DtoUtils.getEmbedded(account, AccAccount_.system, SysSystemDto.class);
        // 
        IdmAccountDto resultAccountDto = new IdmAccountDto();
        resultAccountDto.setId(account.getId());
        resultAccountDto.setUid(account.getUid());
        resultAccountDto.setRealUid(account.getRealUid());
        resultAccountDto.setSystemId(system.getId());
        resultAccountDto.setSystemName(system.getName());
        parameters.put(IdmAccountDto.PARAMETER_NAME, resultAccountDto);
        // 
        if (result.getResult().getState() == OperationState.EXECUTED) {
            // Add success changed password account
            return new OperationResult.Builder(OperationState.EXECUTED).setModel(new DefaultResultModel(CoreResultCode.PASSWORD_CHANGE_ACCOUNT_SUCCESS, parameters)).build();
        }
        OperationResult changeResult = new OperationResult.Builder(result.getResult().getState()).setModel(new DefaultResultModel(CoreResultCode.PASSWORD_CHANGE_ACCOUNT_FAILED, parameters)).build();
        changeResult.setCause(result.getResult().getCause());
        changeResult.setCode(result.getResult().getCode());
        return changeResult;
    }).collect(Collectors.toList());
}

Example 4 with IdmAccountDto

use of eu.bcvsolutions.idm.core.api.dto.IdmAccountDto in project CzechIdMng by bcvsolutions.

the class IdentityPasswordChangeNotificationProcessor method process.

@Override
public EventResult<IdmIdentityDto> process(EntityEvent<IdmIdentityDto> event) {
    IdmIdentityDto identity = event.getContent();
    List<EventResult<IdmIdentityDto>> results = event.getContext().getResults();
    // 
    List<IdmAccountDto> successAccounts = new ArrayList<>();
    List<OperationResult> failureResults = new ArrayList<>();
    List<String> systemNames = new ArrayList<>();
    for (EventResult<IdmIdentityDto> eventResult : results) {
        eventResult.getResults().forEach(result -> {
            if (result.getModel() != null) {
                boolean success = result.getModel().getStatusEnum().equals(CoreResultCode.PASSWORD_CHANGE_ACCOUNT_SUCCESS.name());
                if (success) {
                    IdmAccountDto account = (IdmAccountDto) result.getModel().getParameters().get(IdmAccountDto.PARAMETER_NAME);
                    systemNames.add(account.getSystemName());
                    successAccounts.add(account);
                } else {
                    // exception is logged before
                    failureResults.add(result);
                }
            }
        });
    }
    // send notification if at least one system success
    if (!successAccounts.isEmpty()) {
        notificationManager.send(CoreModuleDescriptor.TOPIC_PASSWORD_CHANGED, new IdmMessageDto.Builder().setLevel(NotificationLevel.SUCCESS).addParameter("successSystemNames", StringUtils.join(systemNames, ", ")).addParameter("successAccounts", successAccounts).addParameter("failureResults", failureResults).addParameter("name", identityService.getNiceLabel(identity)).addParameter("username", identity.getUsername()).build(), identity);
    }
    // 
    return new DefaultEventResult<>(event, this);
}

Example 5 with IdmAccountDto

use of eu.bcvsolutions.idm.core.api.dto.IdmAccountDto in project CzechIdMng by bcvsolutions.

the class DefaultIdmIdentityService method passwordChange.

/**
 * Changes given identity's password
 *
 * @param identity
 * @param passwordChangeDto
 */
@Override
@Transactional
public List<OperationResult> passwordChange(IdmIdentityDto identity, PasswordChangeDto passwordChangeDto) {
    Assert.notNull(identity);
    // 
    LOG.debug("Changing password for identity [{}]", identity.getUsername());
    EventContext<IdmIdentityDto> context = entityEventManager.process(new IdentityEvent(IdentityEventType.PASSWORD, identity, ImmutableMap.of(IdentityPasswordProcessor.PROPERTY_PASSWORD_CHANGE_DTO, passwordChangeDto)));
    // get all password change results
    // more provisioning operation can be executed for one password change - we need to distinct them by account id
    // accountId / result
    Map<UUID, OperationResult> passwordChangeResults = new HashMap<>();
    context.getResults().forEach(eventResult -> {
        eventResult.getResults().forEach(result -> {
            if (result.getModel() != null) {
                boolean success = result.getModel().getStatusEnum().equals(CoreResultCode.PASSWORD_CHANGE_ACCOUNT_SUCCESS.name());
                boolean failure = result.getModel().getStatusEnum().equals(CoreResultCode.PASSWORD_CHANGE_ACCOUNT_FAILED.name());
                if (success || failure) {
                    IdmAccountDto resultAccount = (IdmAccountDto) result.getModel().getParameters().get(IdmAccountDto.PARAMETER_NAME);
                    if (!passwordChangeResults.containsKey(resultAccount.getId())) {
                        passwordChangeResults.put(resultAccount.getId(), result);
                    } else if (failure) {
                        // failure has higher priority
                        passwordChangeResults.put(resultAccount.getId(), result);
                    }
                }
            }
        });
    });
    return new ArrayList<>(passwordChangeResults.values());
}