use of com.auth0.flickr2.domain.User in project che-server by eclipse-che.
the class WsMasterModule method configureMultiUserMode.
private void configureMultiUserMode(Map<String, String> persistenceProperties, String infrastructure) {
if (OpenShiftInfrastructure.NAME.equals(infrastructure) || KubernetesInfrastructure.NAME.equals(infrastructure)) {
install(new ReplicationModule(persistenceProperties));
bind(org.eclipse.che.multiuser.permission.workspace.infra.kubernetes.BrokerServicePermissionFilter.class);
configureJwtProxySecureProvisioner(infrastructure);
} else {
bind(RemoteSubscriptionStorage.class).to(org.eclipse.che.api.core.notification.InmemoryRemoteSubscriptionStorage.class);
bind(WorkspaceLockService.class).to(org.eclipse.che.api.workspace.server.DefaultWorkspaceLockService.class);
bind(WorkspaceStatusCache.class).to(org.eclipse.che.api.workspace.server.DefaultWorkspaceStatusCache.class);
}
if (Boolean.parseBoolean(System.getenv("CHE_AUTH_NATIVEUSER"))) {
bind(KubernetesClientConfigFactory.class).to(KubernetesOidcProviderConfigFactory.class);
} else if (OpenShiftInfrastructure.NAME.equals(infrastructure)) {
bind(KubernetesClientConfigFactory.class).to(KeycloakProviderConfigFactory.class);
}
persistenceProperties.put(PersistenceUnitProperties.EXCEPTION_HANDLER_CLASS, "org.eclipse.che.core.db.postgresql.jpa.eclipselink.PostgreSqlExceptionHandler");
bind(DataSource.class).toProvider(org.eclipse.che.core.db.JndiDataSourceProvider.class);
install(new org.eclipse.che.multiuser.api.permission.server.jpa.SystemPermissionsJpaModule());
install(new org.eclipse.che.multiuser.api.permission.server.PermissionsModule());
install(new org.eclipse.che.multiuser.permission.workspace.server.WorkspaceApiPermissionsModule());
install(new org.eclipse.che.multiuser.permission.workspace.server.jpa.MultiuserWorkspaceJpaModule());
install(new MultiUserWorkspaceActivityModule());
install(new org.eclipse.che.multiuser.permission.devfile.server.jpa.MultiuserUserDevfileJpaModule());
install(new org.eclipse.che.multiuser.permission.devfile.server.UserDevfileApiPermissionsModule());
// Permission filters
bind(org.eclipse.che.multiuser.permission.system.SystemServicePermissionsFilter.class);
bind(org.eclipse.che.multiuser.permission.system.JvmServicePermissionsFilter.class);
bind(org.eclipse.che.multiuser.permission.system.SystemEventsSubscriptionPermissionsCheck.class);
Multibinder<String> binder = Multibinder.newSetBinder(binder(), String.class, Names.named(SYSTEM_DOMAIN_ACTIONS));
binder.addBinding().toInstance(UserServicePermissionsFilter.MANAGE_USERS_ACTION);
bind(org.eclipse.che.multiuser.permission.user.UserProfileServicePermissionsFilter.class);
bind(org.eclipse.che.multiuser.permission.user.UserServicePermissionsFilter.class);
bind(org.eclipse.che.multiuser.permission.logger.LoggerServicePermissionsFilter.class);
bind(org.eclipse.che.multiuser.permission.workspace.activity.ActivityPermissionsFilter.class);
bind(org.eclipse.che.multiuser.permission.resource.filters.ResourceServicePermissionsFilter.class);
bind(org.eclipse.che.multiuser.permission.resource.filters.FreeResourcesLimitServicePermissionsFilter.class);
install(new ResourceModule());
install(new OrganizationApiModule());
install(new OrganizationJpaModule());
if (Boolean.parseBoolean(System.getenv("CHE_AUTH_NATIVEUSER"))) {
bind(RequestTokenExtractor.class).to(HeaderRequestTokenExtractor.class);
if (KubernetesInfrastructure.NAME.equals(infrastructure)) {
bind(OIDCInfo.class).toProvider(OIDCInfoProvider.class).asEagerSingleton();
bind(SigningKeyResolver.class).to(OIDCSigningKeyResolver.class);
bind(JwtParser.class).toProvider(OIDCJwtParserProvider.class);
bind(JwkProvider.class).toProvider(OIDCJwkProvider.class);
}
bind(TokenValidator.class).to(NotImplementedTokenValidator.class);
bind(ProfileDao.class).to(JpaProfileDao.class);
bind(OAuthAPI.class).to(EmbeddedOAuthAPI.class);
} else {
install(new KeycloakModule());
install(new KeycloakUserRemoverModule());
bind(AdminPermissionInitializer.class).asEagerSingleton();
bind(RequestTokenExtractor.class).to(ChainedTokenExtractor.class);
}
install(new MachineAuthModule());
// User and profile - use profile from keycloak and other stuff is JPA
bind(PasswordEncryptor.class).to(PBKDF2PasswordEncryptor.class);
bind(UserDao.class).to(JpaUserDao.class);
bind(PreferenceDao.class).to(JpaPreferenceDao.class);
bind(PermissionChecker.class).to(PermissionCheckerImpl.class);
bindConstant().annotatedWith(Names.named("che.agents.auth_enabled")).to(true);
install(new InfraProxyModule());
}
use of com.auth0.flickr2.domain.User in project gravitee-api-management by gravitee-io.
the class AbstractAuthenticationResource method connectUserInternal.
protected Response connectUserInternal(UserEntity user, final String state, final HttpServletResponse servletResponse, final String accessToken, final String idToken) {
final Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
final UserDetails userDetails = (UserDetails) authentication.getPrincipal();
// Manage authorities, initialize it with dynamic permissions from the IDP
List<Map<String, String>> authorities = userDetails.getAuthorities().stream().map(authority -> Maps.<String, String>builder().put("authority", authority.getAuthority()).build()).collect(Collectors.toList());
// We must also load permissions from repository for configured management or portal role
Set<RoleEntity> userRoles = membershipService.getRoles(MembershipReferenceType.ORGANIZATION, GraviteeContext.getCurrentOrganization(), MembershipMemberType.USER, userDetails.getId());
if (!userRoles.isEmpty()) {
userRoles.forEach(role -> authorities.add(Maps.<String, String>builder().put("authority", role.getScope().toString() + ':' + role.getName()).build()));
}
// JWT signer
Algorithm algorithm = Algorithm.HMAC256(environment.getProperty("jwt.secret"));
Date issueAt = new Date();
Instant expireAt = issueAt.toInstant().plus(Duration.ofSeconds(environment.getProperty("jwt.expire-after", Integer.class, DEFAULT_JWT_EXPIRE_AFTER)));
final String token = JWT.create().withIssuer(environment.getProperty("jwt.issuer", DEFAULT_JWT_ISSUER)).withIssuedAt(issueAt).withExpiresAt(Date.from(expireAt)).withSubject(user.getId()).withClaim(JWTHelper.Claims.PERMISSIONS, authorities).withClaim(JWTHelper.Claims.EMAIL, user.getEmail()).withClaim(JWTHelper.Claims.FIRSTNAME, user.getFirstname()).withClaim(JWTHelper.Claims.LASTNAME, user.getLastname()).withJWTId(UUID.randomUUID().toString()).sign(algorithm);
final TokenEntity tokenEntity = new TokenEntity();
tokenEntity.setType(BEARER);
tokenEntity.setToken(token);
if (idToken != null) {
tokenEntity.setAccessToken(accessToken);
tokenEntity.setIdToken(idToken);
}
if (state != null && !state.isEmpty()) {
tokenEntity.setState(state);
}
final Cookie bearerCookie = cookieGenerator.generate(TokenAuthenticationFilter.AUTH_COOKIE_NAME, "Bearer%20" + token);
servletResponse.addCookie(bearerCookie);
return Response.ok(tokenEntity).build();
}
use of com.auth0.flickr2.domain.User in project gravitee-api-management by gravitee-io.
the class UserServiceTest method shouldUpdateUserWithGroupMappingWithoutOverridingIfGroupDefined.
@Test
public void shouldUpdateUserWithGroupMappingWithoutOverridingIfGroupDefined() throws IOException, TechnicalException {
reset(identityProvider, userRepository, groupService, roleService, membershipService);
mockDefaultEnvironment();
mockGroupsMapping();
mockRolesMapping();
User createdUser = mockUser();
when(userRepository.create(any(User.class))).thenReturn(createdUser);
when(identityProvider.getId()).thenReturn("oauth2");
when(userRepository.findBySource("oauth2", "janedoe@example.com", ORGANIZATION)).thenReturn(Optional.empty());
// mock group search and association
when(groupService.findById(GraviteeContext.getCurrentEnvironment(), "Example group")).thenReturn(mockGroupEntity("group_id_1", "Example group"));
when(groupService.findById(GraviteeContext.getCurrentEnvironment(), "soft user")).thenReturn(mockGroupEntity("group_id_2", "soft user"));
when(groupService.findById(GraviteeContext.getCurrentEnvironment(), "Api consumer")).thenReturn(mockGroupEntity("group_id_4", "Api consumer"));
// mock role search
RoleEntity roleOrganizationAdmin = mockRoleEntity(RoleScope.ORGANIZATION, "ADMIN");
RoleEntity roleOrganizationUser = mockRoleEntity(RoleScope.ORGANIZATION, "USER");
RoleEntity roleEnvironmentAdmin = mockRoleEntity(RoleScope.ENVIRONMENT, "ADMIN");
RoleEntity roleApiUser = mockRoleEntity(RoleScope.API, "USER");
RoleEntity roleApplicationAdmin = mockRoleEntity(RoleScope.APPLICATION, "ADMIN");
when(roleService.findByScopeAndName(RoleScope.ORGANIZATION, "ADMIN")).thenReturn(Optional.of(roleOrganizationAdmin));
when(roleService.findByScopeAndName(RoleScope.ORGANIZATION, "USER")).thenReturn(Optional.of(roleOrganizationUser));
when(roleService.findDefaultRoleByScopes(RoleScope.API, RoleScope.APPLICATION)).thenReturn(Arrays.asList(roleApiUser, roleApplicationAdmin));
Membership membership = new Membership();
membership.setSource("oauth2");
membership.setReferenceId("membershipId");
membership.setReferenceType(io.gravitee.repository.management.model.MembershipReferenceType.GROUP);
final HashSet<Membership> memberships = new HashSet<>();
memberships.add(membership);
when(membershipRepository.findByMemberIdAndMemberTypeAndReferenceType("janedoe@example.com", io.gravitee.repository.management.model.MembershipMemberType.USER, io.gravitee.repository.management.model.MembershipReferenceType.GROUP)).thenReturn(memberships);
when(membershipService.updateRolesToMemberOnReferenceBySource(eq(GraviteeContext.getCurrentOrganization()), eq(GraviteeContext.getCurrentEnvironment()), eq(new MembershipService.MembershipReference(MembershipReferenceType.GROUP, "group_id_1")), eq(new MembershipService.MembershipMember("janedoe@example.com", null, MembershipMemberType.USER)), argThat(roles -> roles.contains(new MembershipService.MembershipRole(RoleScope.API, "USER")) && roles.contains(new MembershipService.MembershipRole(RoleScope.APPLICATION, "ADMIN"))), eq("oauth2"))).thenReturn(Collections.singletonList(mockMemberEntity()));
when(membershipService.updateRolesToMemberOnReferenceBySource(eq(GraviteeContext.getCurrentOrganization()), eq(GraviteeContext.getCurrentEnvironment()), eq(new MembershipService.MembershipReference(MembershipReferenceType.GROUP, "group_id_2")), eq(new MembershipService.MembershipMember("janedoe@example.com", null, MembershipMemberType.USER)), argThat(roles -> roles.contains(new MembershipService.MembershipRole(RoleScope.API, "USER")) && roles.contains(new MembershipService.MembershipRole(RoleScope.APPLICATION, "ADMIN"))), eq("oauth2"))).thenReturn(Collections.singletonList(mockMemberEntity()));
when(membershipService.updateRolesToMemberOnReferenceBySource(eq(GraviteeContext.getCurrentOrganization()), eq(GraviteeContext.getCurrentEnvironment()), eq(new MembershipService.MembershipReference(MembershipReferenceType.GROUP, "group_id_4")), eq(new MembershipService.MembershipMember("janedoe@example.com", null, MembershipMemberType.USER)), argThat(roles -> roles.contains(new MembershipService.MembershipRole(RoleScope.API, "USER")) && roles.contains(new MembershipService.MembershipRole(RoleScope.APPLICATION, "ADMIN"))), eq("oauth2"))).thenReturn(Collections.singletonList(mockMemberEntity()));
when(membershipService.updateRolesToMemberOnReferenceBySource(eq(GraviteeContext.getCurrentOrganization()), eq(GraviteeContext.getCurrentEnvironment()), eq(new MembershipService.MembershipReference(MembershipReferenceType.ORGANIZATION, "DEFAULT")), eq(new MembershipService.MembershipMember("janedoe@example.com", null, MembershipMemberType.USER)), argThat(roles -> roles.contains(new MembershipService.MembershipRole(RoleScope.ORGANIZATION, "ADMIN")) && roles.contains(new MembershipService.MembershipRole(RoleScope.ORGANIZATION, "USER"))), eq("oauth2"))).thenReturn(Collections.singletonList(mockMemberEntity()));
String userInfo = IOUtils.toString(read("/oauth2/json/user_info_response_body.json"), Charset.defaultCharset());
userService.createOrUpdateUserFromSocialIdentityProvider(identityProvider, userInfo);
// verify group creations
verify(membershipService, times(1)).updateRolesToMemberOnReferenceBySource(eq(GraviteeContext.getCurrentOrganization()), eq(GraviteeContext.getCurrentEnvironment()), eq(new MembershipService.MembershipReference(MembershipReferenceType.GROUP, "group_id_1")), eq(new MembershipService.MembershipMember("janedoe@example.com", null, MembershipMemberType.USER)), argThat(roles -> roles.contains(new MembershipService.MembershipRole(RoleScope.API, "USER")) && roles.contains(new MembershipService.MembershipRole(RoleScope.APPLICATION, "ADMIN"))), eq("oauth2"));
verify(membershipService, times(1)).updateRolesToMemberOnReferenceBySource(eq(GraviteeContext.getCurrentOrganization()), eq(GraviteeContext.getCurrentEnvironment()), eq(new MembershipService.MembershipReference(MembershipReferenceType.GROUP, "group_id_2")), eq(new MembershipService.MembershipMember("janedoe@example.com", null, MembershipMemberType.USER)), argThat(roles -> roles.contains(new MembershipService.MembershipRole(RoleScope.API, "USER")) && roles.contains(new MembershipService.MembershipRole(RoleScope.APPLICATION, "ADMIN"))), eq("oauth2"));
verify(membershipService, times(0)).updateRolesToMemberOnReferenceBySource(eq(GraviteeContext.getCurrentOrganization()), eq(GraviteeContext.getCurrentEnvironment()), eq(new MembershipService.MembershipReference(MembershipReferenceType.GROUP, "group_id_3")), eq(new MembershipService.MembershipMember("janedoe@example.com", null, MembershipMemberType.USER)), argThat(roles -> roles.contains(new MembershipService.MembershipRole(RoleScope.API, "USER")) && roles.contains(new MembershipService.MembershipRole(RoleScope.APPLICATION, "ADMIN"))), eq("oauth2"));
verify(membershipService, times(1)).updateRolesToMemberOnReferenceBySource(eq(GraviteeContext.getCurrentOrganization()), eq(GraviteeContext.getCurrentEnvironment()), eq(new MembershipService.MembershipReference(MembershipReferenceType.GROUP, "group_id_4")), eq(new MembershipService.MembershipMember("janedoe@example.com", null, MembershipMemberType.USER)), argThat(roles -> roles.contains(new MembershipService.MembershipRole(RoleScope.API, "USER")) && roles.contains(new MembershipService.MembershipRole(RoleScope.APPLICATION, "ADMIN"))), eq("oauth2"));
verify(membershipService, times(1)).updateRolesToMemberOnReferenceBySource(eq(GraviteeContext.getCurrentOrganization()), eq(GraviteeContext.getCurrentEnvironment()), eq(new MembershipService.MembershipReference(MembershipReferenceType.ORGANIZATION, "DEFAULT")), eq(new MembershipService.MembershipMember("janedoe@example.com", null, MembershipMemberType.USER)), argThat(roles -> roles.contains(new MembershipService.MembershipRole(RoleScope.ORGANIZATION, "ADMIN")) && roles.contains(new MembershipService.MembershipRole(RoleScope.ORGANIZATION, "USER"))), eq("oauth2"));
verify(membershipService, times(1)).deleteReferenceMemberBySource(eq(GraviteeContext.getCurrentOrganization()), eq(GraviteeContext.getCurrentEnvironment()), eq(MembershipReferenceType.GROUP), eq("membershipId"), eq(MembershipMemberType.USER), eq("janedoe@example.com"), eq("oauth2"));
}
use of com.auth0.flickr2.domain.User in project gravitee-api-management by gravitee-io.
the class UserServiceTest method shouldUpdateUser_butNotEmail.
@Test
public void shouldUpdateUser_butNotEmail() throws TechnicalException {
final String USER_ID = "myuserid";
final String USER_EMAIL = "my.user@acme.fr";
final String SOURCE = "gravitee-no-email-update";
User user = new User();
user.setId(USER_ID);
user.setEmail(EMAIL);
user.setFirstname(FIRST_NAME);
user.setLastname(LAST_NAME);
user.setSource(SOURCE);
user.setSourceId(USER_ID);
user.setOrganizationId(ORGANIZATION);
when(userRepository.update(any(User.class))).thenAnswer(new Answer<User>() {
@Override
public User answer(InvocationOnMock invocation) throws Throwable {
Object[] args = invocation.getArguments();
return (User) args[0];
}
});
when(userRepository.findById(USER_ID)).thenReturn(Optional.of(user));
when(updateUser.getEmail()).thenReturn(USER_EMAIL);
String UPDATED_LAST_NAME = LAST_NAME + "updated";
String UPDATED_FIRST_NAME = FIRST_NAME + "updated";
when(updateUser.getFirstname()).thenReturn(UPDATED_FIRST_NAME);
when(updateUser.getLastname()).thenReturn(UPDATED_LAST_NAME);
userService.update(user.getId(), updateUser);
verify(userRepository).update(argThat(userToUpdate -> USER_ID.equals(userToUpdate.getId()) && SOURCE.equals(userToUpdate.getSource()) && USER_EMAIL.equals(userToUpdate.getEmail()) && // sourceId shouldn't be updated in this case
USER_ID.equals(userToUpdate.getSourceId()) && UPDATED_FIRST_NAME.equals(userToUpdate.getFirstname()) && UPDATED_LAST_NAME.equals(userToUpdate.getLastname())));
}
use of com.auth0.flickr2.domain.User in project gravitee-api-management by gravitee-io.
the class UserServiceTest method shouldResetPassword_auditEventNotMatch.
@Test
public void shouldResetPassword_auditEventNotMatch() throws TechnicalException {
when(environment.getProperty("jwt.secret")).thenReturn(JWT_SECRET);
when(environment.getProperty("user.creation.token.expire-after", Integer.class, DEFAULT_JWT_EMAIL_REGISTRATION_EXPIRE_AFTER)).thenReturn(1000);
when(user.getId()).thenReturn(USER_NAME);
when(user.getSource()).thenReturn("gravitee");
when(userRepository.findById(USER_NAME)).thenReturn(of(user));
MetadataPage mdPage = mock(MetadataPage.class);
AuditEntity entity1 = new AuditEntity();
entity1.setProperties(Collections.singletonMap("USER", "unknown"));
when(mdPage.getContent()).thenReturn(Arrays.asList(entity1));
when(auditService.search(argThat(arg -> arg.getEvents().contains(User.AuditEvent.PASSWORD_RESET.name())))).thenReturn(mdPage);
userService.resetPassword(USER_NAME);
verify(user, never()).setPassword(null);
verify(userRepository, never()).update(user);
verify(emailService).sendAsyncEmailNotification(any(), any());
}
Aggregations