Example 11 with IdmPasswordPolicyDto
use of eu.bcvsolutions.idm.core.api.dto.IdmPasswordPolicyDto in project CzechIdMng by bcvsolutions.
the class DefaultSysSystemServiceFilterTest method createPasswordPolicy.
/**
* Create {@link IdmPasswordPolicyDto}
*
* @param policyName
* @param type
* @return
*/
private IdmPasswordPolicyDto createPasswordPolicy(String policyName, IdmPasswordPolicyType type) {
IdmPasswordPolicyDto policy = new IdmPasswordPolicyDto();
policy.setName(policyName);
policy.setType(type);
return policyService.save(policy);
}
Also used :
IdmPasswordPolicyDto(eu.bcvsolutions.idm.core.api.dto.IdmPasswordPolicyDto)
Example 12 with IdmPasswordPolicyDto
use of eu.bcvsolutions.idm.core.api.dto.IdmPasswordPolicyDto in project CzechIdMng by bcvsolutions.
the class PasswordPreValidationIntegrationTest method testMinChar.
@Test
public void testMinChar() {
IdmIdentityDto identity = new IdmIdentityDto();
identity.setUsername("test" + System.currentTimeMillis());
identity.setFirstName("testFirst");
identity.setLastName("testSecond");
identity = idmIdentityService.save(identity);
//
SysSystemDto system = testHelper.createTestResourceSystem(true);
//
AccAccountDto acc = new AccAccountDto();
acc.setId(UUID.randomUUID());
acc.setUid(System.currentTimeMillis() + "");
acc.setAccountType(AccountType.PERSONAL);
acc.setSystem(system.getId());
//
acc = accountService.save(acc);
//
AccIdentityAccountDto account = testHelper.createIdentityAccount(system, identity);
account.setAccount(acc.getId());
account = accountIdentityService.save(account);
account.setOwnership(true);
List<String> accounts = new ArrayList<String>();
accounts.add(acc.getId() + "");
// password policy default
IdmPasswordPolicyDto policyDefault = new IdmPasswordPolicyDto();
policyDefault.setName(System.currentTimeMillis() + "test1");
policyDefault.setDefaultPolicy(true);
policyDefault.setMinUpperChar(6);
policyDefault.setMinLowerChar(10);
// password policy
IdmPasswordPolicyDto policy = new IdmPasswordPolicyDto();
policy.setName(System.currentTimeMillis() + "test2");
policy.setDefaultPolicy(false);
policy.setMinUpperChar(5);
policy.setMinLowerChar(11);
policyDefault = passwordPolicyService.save(policyDefault);
policy = passwordPolicyService.save(policy);
system.setPasswordPolicyValidate(policy.getId());
systemService.save(system);
PasswordChangeDto passwordChange = new PasswordChangeDto();
passwordChange.setIdm(true);
passwordChange.setAccounts(accounts);
passwordChange.setAll(true);
try {
idmIdentityService.validatePassword(passwordChange);
} catch (ResultCodeException ex) {
assertEquals(6, ex.getError().getError().getParameters().get("minUpperChar"));
assertEquals(11, ex.getError().getError().getParameters().get("minLowerChar"));
assertEquals(policy.getName() + ", " + policyDefault.getName(), ex.getError().getError().getParameters().get("policiesNamesPreValidation"));
assertEquals(3, ex.getError().getError().getParameters().size());
policyDefault.setDefaultPolicy(false);
passwordPolicyService.save(policyDefault);
}
}
Also used :
IdmPasswordPolicyDto(eu.bcvsolutions.idm.core.api.dto.IdmPasswordPolicyDto)
PasswordChangeDto(eu.bcvsolutions.idm.core.api.dto.PasswordChangeDto)
ArrayList(java.util.ArrayList)
ResultCodeException(eu.bcvsolutions.idm.core.api.exception.ResultCodeException)
AccAccountDto(eu.bcvsolutions.idm.acc.dto.AccAccountDto)
IdmIdentityDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityDto)
AccIdentityAccountDto(eu.bcvsolutions.idm.acc.dto.AccIdentityAccountDto)
SysSystemDto(eu.bcvsolutions.idm.acc.dto.SysSystemDto)
AbstractIntegrationTest(eu.bcvsolutions.idm.test.api.AbstractIntegrationTest)
Test(org.junit.Test)
Example 13 with IdmPasswordPolicyDto
use of eu.bcvsolutions.idm.core.api.dto.IdmPasswordPolicyDto in project CzechIdMng by bcvsolutions.
the class PasswordPreValidationIntegrationTest method testAdvancedEnabled.
@Test
public void testAdvancedEnabled() {
IdmIdentityDto identity = new IdmIdentityDto();
identity.setUsername("test" + System.currentTimeMillis());
identity.setFirstName("testFirst");
identity.setLastName("testSecond");
identity = idmIdentityService.save(identity);
//
SysSystemDto system = testHelper.createTestResourceSystem(true);
//
AccAccountDto acc = new AccAccountDto();
acc.setId(UUID.randomUUID());
acc.setUid(System.currentTimeMillis() + "");
acc.setAccountType(AccountType.PERSONAL);
acc.setSystem(system.getId());
//
acc = accountService.save(acc);
//
AccIdentityAccountDto account = testHelper.createIdentityAccount(system, identity);
account.setAccount(acc.getId());
account = accountIdentityService.save(account);
account.setOwnership(true);
List<String> accounts = new ArrayList<String>();
accounts.add(acc.getId() + "");
// password policy default
IdmPasswordPolicyDto policyDefault = new IdmPasswordPolicyDto();
policyDefault.setName(System.currentTimeMillis() + "test1");
policyDefault.setDefaultPolicy(true);
policyDefault.setMinPasswordLength(10);
policyDefault.setMaxPasswordLength(20);
policyDefault.setPasswordLengthRequired(true);
policyDefault.setMinUpperChar(5);
policyDefault.setUpperCharRequired(true);
policyDefault.setMinLowerChar(4);
policyDefault.setLowerCharRequired(true);
policyDefault.setEnchancedControl(true);
policyDefault.setMinRulesToFulfill(1);
policyDefault.setMinNumber(3);
policyDefault.setNumberRequired(false);
policyDefault.setMinSpecialChar(6);
policyDefault.setSpecialCharRequired(false);
policyDefault.setIdentityAttributeCheck("");
// password policy
IdmPasswordPolicyDto policy = new IdmPasswordPolicyDto();
policy.setName(System.currentTimeMillis() + "test2");
policy.setDefaultPolicy(false);
policy.setMinPasswordLength(9);
policy.setMaxPasswordLength(21);
policy.setPasswordLengthRequired(true);
policy.setMinUpperChar(4);
policy.setUpperCharRequired(true);
policy.setMinLowerChar(3);
policy.setLowerCharRequired(true);
policy.setEnchancedControl(true);
policy.setMinRulesToFulfill(1);
policy.setMinNumber(5);
policy.setNumberRequired(false);
policy.setMinSpecialChar(4);
policy.setSpecialCharRequired(false);
policy.setIdentityAttributeCheck("");
policyDefault = passwordPolicyService.save(policyDefault);
policy = passwordPolicyService.save(policy);
system.setPasswordPolicyValidate(policy.getId());
systemService.save(system);
PasswordChangeDto passwordChange = new PasswordChangeDto();
passwordChange.setIdm(true);
passwordChange.setAccounts(accounts);
passwordChange.setAll(true);
try {
idmIdentityService.validatePassword(passwordChange);
} catch (ResultCodeException ex) {
Map<String, Object> parametrs = new HashMap<String, Object>();
parametrs.put("minNumber", 3);
parametrs.put("minSpecialChar", 6);
assertEquals(10, ex.getError().getError().getParameters().get("minLength"));
assertEquals(20, ex.getError().getError().getParameters().get("maxLength"));
assertEquals(5, ex.getError().getError().getParameters().get("minUpperChar"));
assertEquals(4, ex.getError().getError().getParameters().get("minLowerChar"));
assertEquals(parametrs.toString(), ex.getError().getError().getParameters().get("minRulesToFulfill").toString());
;
assertEquals(policy.getName() + ", " + policyDefault.getName(), ex.getError().getError().getParameters().get("policiesNamesPreValidation"));
// special char base -> 8
assertEquals(8, ex.getError().getError().getParameters().size());
policyDefault.setDefaultPolicy(false);
passwordPolicyService.save(policyDefault);
}
}
Also used :
PasswordChangeDto(eu.bcvsolutions.idm.core.api.dto.PasswordChangeDto)
ArrayList(java.util.ArrayList)
ResultCodeException(eu.bcvsolutions.idm.core.api.exception.ResultCodeException)
AccAccountDto(eu.bcvsolutions.idm.acc.dto.AccAccountDto)
AccIdentityAccountDto(eu.bcvsolutions.idm.acc.dto.AccIdentityAccountDto)
SysSystemDto(eu.bcvsolutions.idm.acc.dto.SysSystemDto)
IdmPasswordPolicyDto(eu.bcvsolutions.idm.core.api.dto.IdmPasswordPolicyDto)
IdmIdentityDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityDto)
HashMap(java.util.HashMap)
Map(java.util.Map)
AbstractIntegrationTest(eu.bcvsolutions.idm.test.api.AbstractIntegrationTest)
Test(org.junit.Test)
Example 14 with IdmPasswordPolicyDto
use of eu.bcvsolutions.idm.core.api.dto.IdmPasswordPolicyDto in project CzechIdMng by bcvsolutions.
the class DefaultIdmPasswordPolicyService method validate.
private void validate(IdmPasswordValidationDto passwordValidationDto, List<IdmPasswordPolicyDto> passwordPolicyList, boolean prevalidation) {
Assert.notNull(passwordPolicyList);
Assert.notNull(passwordValidationDto);
// if list is empty, get default password policy
if (passwordPolicyList.isEmpty() && !prevalidation) {
IdmPasswordPolicyDto defaultPolicy = this.getDefaultPasswordPolicy(IdmPasswordPolicyType.VALIDATE);
if (defaultPolicy != null) {
passwordPolicyList.add(defaultPolicy);
}
}
// if list with password policies is empty, validate is always true
if (passwordPolicyList.isEmpty()) {
// this state means that system idm hasn't default password policy
return;
}
IdmPasswordDto oldPassword = passwordValidationDto.getOldPassword() != null ? passwordService.get(passwordValidationDto.getOldPassword()) : null;
String password = passwordValidationDto.getPassword().asString();
DateTime now = new DateTime();
Map<String, Object> errors = new HashMap<>();
Set<Character> prohibitedChar = new HashSet<>();
List<String> policyNames = new ArrayList<String>();
Map<String, Object> specialCharBase = new HashMap<>();
for (IdmPasswordPolicyDto passwordPolicy : passwordPolicyList) {
if (passwordPolicy.isDisabled()) {
continue;
}
boolean validateNotSuccess = false;
// if loged user is admin, skip this
if (oldPassword != null && !securityService.isAdmin() && !prevalidation) {
if (passwordPolicy.getMinPasswordAge() != null && oldPassword.getValidFrom().plusDays(passwordPolicy.getMinPasswordAge()).compareTo(now.toLocalDate()) >= 1) {
throw new ResultCodeException(CoreResultCode.PASSWORD_CANNOT_CHANGE, ImmutableMap.of(("date"), oldPassword.getValidFrom().plusDays(passwordPolicy.getMinPasswordAge())));
}
}
// minimum rules to fulfill
Map<String, Object> notPassRules = new HashMap<>();
int minRulesToFulfill = passwordPolicy.getMinRulesToFulfill() == null ? 0 : passwordPolicy.getMinRulesToFulfill().intValue();
// check to max password length
if (!isNull(passwordPolicy.getMaxPasswordLength()) && password.length() > passwordPolicy.getMaxPasswordLength() || !isNull(passwordPolicy.getMaxPasswordLength()) && prevalidation) {
if (!passwordPolicy.isPasswordLengthRequired() && passwordPolicy.isEnchancedControl()) {
notPassRules.put(MAX_LENGTH, Math.min(convertToInt(errors.get(MAX_LENGTH)), passwordPolicy.getMaxPasswordLength()));
} else if (!(errors.containsKey(MAX_LENGTH) && compareInt(passwordPolicy.getMaxPasswordLength(), errors.get(MAX_LENGTH)))) {
errors.put(MAX_LENGTH, passwordPolicy.getMaxPasswordLength());
}
validateNotSuccess = true;
}
// check to minimal password length
if (!isNull(passwordPolicy.getMinPasswordLength()) && password.length() < passwordPolicy.getMinPasswordLength()) {
if (!passwordPolicy.isPasswordLengthRequired() && passwordPolicy.isEnchancedControl()) {
notPassRules.put(MIN_LENGTH, Math.max(convertToInt(errors.get(MIN_LENGTH)), passwordPolicy.getMinPasswordLength()));
} else if (!(errors.containsKey(MIN_LENGTH) && compareInt(errors.get(MIN_LENGTH), passwordPolicy.getMinPasswordLength()))) {
errors.put(MIN_LENGTH, passwordPolicy.getMinPasswordLength());
}
validateNotSuccess = true;
}
// check to prohibited characters
if (!Strings.isNullOrEmpty(passwordPolicy.getProhibitedCharacters()) && !password.matches("[^" + passwordPolicy.getProhibitedCharacters() + "]*")) {
for (char character : passwordPolicy.getProhibitedCharacters().toCharArray()) {
if (password.indexOf(character) >= 0) {
prohibitedChar.add(character);
}
}
validateNotSuccess = true;
}
// check to minimal numbers
if (!isNull(passwordPolicy.getMinNumber()) && !password.matches("(.*[" + Pattern.quote(passwordPolicy.getNumberBase()) + "].*){" + passwordPolicy.getMinNumber() + ",}")) {
if (!passwordPolicy.isNumberRequired() && passwordPolicy.isEnchancedControl()) {
notPassRules.put(MIN_NUMBER, Math.max(convertToInt(errors.get(MIN_NUMBER)), passwordPolicy.getMinNumber()));
} else if (!(errors.containsKey(MIN_NUMBER) && compareInt(errors.get(MIN_NUMBER), passwordPolicy.getMinNumber()))) {
errors.put(MIN_NUMBER, passwordPolicy.getMinNumber());
}
validateNotSuccess = true;
}
// check to minimal lower characters
if (!isNull(passwordPolicy.getMinLowerChar()) && !password.matches("(.*[" + Pattern.quote(passwordPolicy.getLowerCharBase()) + "].*){" + passwordPolicy.getMinLowerChar() + ",}")) {
if (!passwordPolicy.isLowerCharRequired() && passwordPolicy.isEnchancedControl()) {
notPassRules.put(MIN_LOWER_CHAR, Math.max(convertToInt(errors.get(MIN_LOWER_CHAR)), passwordPolicy.getMinLowerChar()));
} else if (!(errors.containsKey(MIN_LOWER_CHAR) && compareInt(errors.get(MIN_LOWER_CHAR), passwordPolicy.getMinLowerChar()))) {
errors.put(MIN_LOWER_CHAR, passwordPolicy.getMinLowerChar());
}
validateNotSuccess = true;
}
// check to minimal upper character
if (!isNull(passwordPolicy.getMinUpperChar()) && !password.matches("(.*[" + Pattern.quote(passwordPolicy.getUpperCharBase()) + "].*){" + passwordPolicy.getMinUpperChar() + ",}")) {
if (!passwordPolicy.isUpperCharRequired() && passwordPolicy.isEnchancedControl()) {
notPassRules.put(MIN_UPPER_CHAR, Math.max(convertToInt(errors.get(MIN_UPPER_CHAR)), passwordPolicy.getMinUpperChar()));
} else if (!(errors.containsKey(MIN_UPPER_CHAR) && compareInt(errors.get(MIN_UPPER_CHAR), passwordPolicy.getMinUpperChar()))) {
errors.put(MIN_UPPER_CHAR, passwordPolicy.getMinUpperChar());
}
}
// check to minimal special character and add special character base
if (!isNull(passwordPolicy.getMinSpecialChar()) && !password.matches("(.*[" + Pattern.quote(passwordPolicy.getSpecialCharBase()) + "].*){" + passwordPolicy.getMinSpecialChar() + ",}")) {
if (!passwordPolicy.isSpecialCharRequired() && passwordPolicy.isEnchancedControl()) {
notPassRules.put(MIN_SPECIAL_CHAR, Math.max(convertToInt(errors.get(MIN_SPECIAL_CHAR)), passwordPolicy.getMinSpecialChar()));
specialCharBase.put(passwordPolicy.getName(), passwordPolicy.getSpecialCharBase());
} else if (!(errors.containsKey(MIN_SPECIAL_CHAR) && compareInt(errors.get(MIN_SPECIAL_CHAR), passwordPolicy.getMinSpecialChar()))) {
errors.put(MIN_SPECIAL_CHAR, passwordPolicy.getMinSpecialChar());
specialCharBase.put(passwordPolicy.getName(), passwordPolicy.getSpecialCharBase());
}
validateNotSuccess = true;
}
if (!notPassRules.isEmpty() && passwordPolicy.isEnchancedControl()) {
int notRequiredRules = passwordPolicy.getNotRequiredRules();
int missingRules = notRequiredRules - notPassRules.size();
if (missingRules - minRulesToFulfill < 0) {
errors.put(MIN_RULES_TO_FULFILL_COUNT, minRulesToFulfill - missingRules);
errors.put(MIN_RULES_TO_FULFILL, notPassRules);
}
}
// if not success we want password policy name
if (validateNotSuccess && !errors.isEmpty()) {
policyNames.add(passwordPolicy.getName());
}
// check to similar identity attributes, enhanced control
if (prevalidation) {
enhancedControlForSimilar(passwordPolicy, prevalidation, errors);
} else {
enhancedControlForSimilar(passwordPolicy, passwordValidationDto, errors);
}
// TODO: weak words
// TODO: history similar
}
if (!specialCharBase.isEmpty()) {
errors.put(SPECIAL_CHARACTER_BASE, specialCharBase);
}
if (!policyNames.isEmpty()) {
String name = prevalidation ? POLICY_NAME_PREVALIDATION : POLICY_NAME;
errors.put(name, String.join(", ", policyNames));
}
if (!prohibitedChar.isEmpty()) {
errors.put(COINTAIN_PROHIBITED, prohibitedChar.toString());
}
if (!errors.isEmpty()) {
// TODO: password policy audit
throw new ResultCodeException(CoreResultCode.PASSWORD_DOES_NOT_MEET_POLICY, errors);
}
}
Also used :
HashMap(java.util.HashMap)
ArrayList(java.util.ArrayList)
ResultCodeException(eu.bcvsolutions.idm.core.api.exception.ResultCodeException)
DateTime(org.joda.time.DateTime)
IdmPasswordPolicyDto(eu.bcvsolutions.idm.core.api.dto.IdmPasswordPolicyDto)
IdmPasswordDto(eu.bcvsolutions.idm.core.api.dto.IdmPasswordDto)
HashSet(java.util.HashSet)
Example 15 with IdmPasswordPolicyDto
use of eu.bcvsolutions.idm.core.api.dto.IdmPasswordPolicyDto in project CzechIdMng by bcvsolutions.
the class DefaultIdmPasswordPolicyIntegrationTest method testGenerateOnlyOneSpecial.
@Test
public void testGenerateOnlyOneSpecial() {
IdmPasswordPolicyDto policy = new IdmPasswordPolicyDto();
policy.setName("test_08");
policy.setType(IdmPasswordPolicyType.GENERATE);
policy.setGenerateType(IdmPasswordPolicyGenerateType.RANDOM);
policy.setMaxPasswordLength(1);
policy.setMinPasswordLength(1);
policy.setSpecialCharBase("@");
policy.setNumberBase("");
policy.setLowerCharBase("");
policy.setUpperCharBase("");
for (int index = 0; index < ATTEMPTS; index++) {
String password = passwordPolicyService.generatePassword(policy);
if (!password.equals("@")) {
fail("Password must cointain only @ character, password: " + password);
}
}
}
Also used :
IdmPasswordPolicyDto(eu.bcvsolutions.idm.core.api.dto.IdmPasswordPolicyDto)
Test(org.junit.Test)
AbstractIntegrationTest(eu.bcvsolutions.idm.test.api.AbstractIntegrationTest)
Aggregations
IdmPasswordPolicyDto (eu.bcvsolutions.idm.core.api.dto.IdmPasswordPolicyDto)49
AbstractIntegrationTest (eu.bcvsolutions.idm.test.api.AbstractIntegrationTest)33
Test (org.junit.Test)33
ResultCodeException (eu.bcvsolutions.idm.core.api.exception.ResultCodeException)14
IdmIdentityDto (eu.bcvsolutions.idm.core.api.dto.IdmIdentityDto)13
PasswordChangeDto (eu.bcvsolutions.idm.core.api.dto.PasswordChangeDto)13
ArrayList (java.util.ArrayList)11
SysSystemDto (eu.bcvsolutions.idm.acc.dto.SysSystemDto)9
IdmPasswordValidationDto (eu.bcvsolutions.idm.core.api.dto.IdmPasswordValidationDto)9
AccIdentityAccountDto (eu.bcvsolutions.idm.acc.dto.AccIdentityAccountDto)8
IdmPasswordDto (eu.bcvsolutions.idm.core.api.dto.IdmPasswordDto)7
AccAccountDto (eu.bcvsolutions.idm.acc.dto.AccAccountDto)6
DefaultEventResult (eu.bcvsolutions.idm.core.api.event.DefaultEventResult)6
HashMap (java.util.HashMap)4
Map (java.util.Map)3
AccModuleDescriptor (eu.bcvsolutions.idm.acc.AccModuleDescriptor)2
AccIdentityAccountFilter (eu.bcvsolutions.idm.acc.dto.filter.AccIdentityAccountFilter)2
SysSystemFilter (eu.bcvsolutions.idm.acc.dto.filter.SysSystemFilter)2
ProvisioningEvent (eu.bcvsolutions.idm.acc.event.ProvisioningEvent)2
AccIdentityAccountRepository (eu.bcvsolutions.idm.acc.repository.AccIdentityAccountRepository)2
