Search in sources :

Example 6 with PasswordModifyExtendedResult

use of com.unboundid.ldap.sdk.extensions.PasswordModifyExtendedResult in project ldapsdk by pingidentity.

the class InMemoryDirectoryServerPasswordModifyTestCase method testAuthenticatedAsNormalUser.

/**
 * Provides test coverage for the password modify operation when requested
 * by a client authenticated as a normal user.
 *
 * @throws  Exception  If an unexpected problem occurs.
 */
@Test()
public void testAuthenticatedAsNormalUser() throws Exception {
    final InMemoryDirectoryServer ds = getTestDS(true, true);
    ds.add("dn: uid=another.user,ou=People,dc=example,dc=com", "objectClass: top", "objectClass: person", "objectClass: organizationalPerson", "objectClass: inetOrgPerson", "uid: another.user", "givenName: Another", "sn: User", "cn: Another User", "userPassword: password");
    final LDAPConnection conn = ds.getConnection();
    conn.bind("uid=test.user,ou=People,dc=example,dc=com", "password");
    // Verify that the attempt will succeed for the authenticated user when
    // supplied only with a new password.
    PasswordModifyExtendedResult result = (PasswordModifyExtendedResult) conn.processExtendedOperation(new PasswordModifyExtendedRequest("newPassword1"));
    assertEquals(result.getResultCode(), ResultCode.SUCCESS);
    assertNull(result.getGeneratedPassword());
    // Verify that the attempt will fail for the authenticated user when
    // supplied with both old and new passwords and the old password is wrong.
    result = (PasswordModifyExtendedResult) conn.processExtendedOperation(new PasswordModifyExtendedRequest("wrongPassword", "newPassword2"));
    assertEquals(result.getResultCode(), ResultCode.INVALID_CREDENTIALS);
    assertNull(result.getGeneratedPassword());
    // Verify that the attempt will succeed for the authenticated user when
    // supplied with both old and new passwords and the old password is correct.
    result = (PasswordModifyExtendedResult) conn.processExtendedOperation(new PasswordModifyExtendedRequest("newPassword1", "newPassword2"));
    assertEquals(result.getResultCode(), ResultCode.SUCCESS);
    assertNull(result.getGeneratedPassword());
    // Verify that the attempt to change the password for the authenticated
    // user can successfully generate a new password.
    result = (PasswordModifyExtendedResult) conn.processExtendedOperation(new PasswordModifyExtendedRequest((String) null));
    assertEquals(result.getResultCode(), ResultCode.SUCCESS);
    assertNotNull(result.getGeneratedPassword());
    // Verify that the attempt to change the password will succeed for a
    // different regular user when the identity is provided as a DN.
    result = (PasswordModifyExtendedResult) conn.processExtendedOperation(new PasswordModifyExtendedRequest("uid=another.user,ou=People,dc=example,dc=com", null, "newPassword1"));
    assertEquals(result.getResultCode(), ResultCode.SUCCESS);
    assertNull(result.getGeneratedPassword());
    // Verify that the attempt to change the password will succeed for a
    // different regular user when the identity is provided as an authzID.
    result = (PasswordModifyExtendedResult) conn.processExtendedOperation(new PasswordModifyExtendedRequest("u:another.user", null, "newPassword2"));
    assertEquals(result.getResultCode(), ResultCode.SUCCESS);
    assertNull(result.getGeneratedPassword());
    // Verify that the attempt to change the password will fail for a
    // different regular user when the identity is provided as a malformed
    // authzID.
    result = (PasswordModifyExtendedResult) conn.processExtendedOperation(new PasswordModifyExtendedRequest("dn:malformed", null, "newPassword2"));
    assertEquals(result.getResultCode(), ResultCode.INVALID_DN_SYNTAX);
    assertNull(result.getGeneratedPassword());
    // Verify that the attempt to change the password will fail for a target
    // user that is an additional bind user.
    result = (PasswordModifyExtendedResult) conn.processExtendedOperation(new PasswordModifyExtendedRequest("dn:cn=Directory Manager", null, "newPassword3"));
    assertEquals(result.getResultCode(), ResultCode.UNWILLING_TO_PERFORM);
    assertNull(result.getGeneratedPassword());
    // Verify that the attempt to change the password will fail for a target
    // user that does not exist.
    result = (PasswordModifyExtendedResult) conn.processExtendedOperation(new PasswordModifyExtendedRequest("cn=missing,dc=example,dc=com", null, "newPassword4"));
    assertEquals(result.getResultCode(), ResultCode.UNWILLING_TO_PERFORM);
    assertNull(result.getGeneratedPassword());
    conn.close();
}
Also used : PasswordModifyExtendedResult(com.unboundid.ldap.sdk.extensions.PasswordModifyExtendedResult) LDAPConnection(com.unboundid.ldap.sdk.LDAPConnection) ASN1OctetString(com.unboundid.asn1.ASN1OctetString) PasswordModifyExtendedRequest(com.unboundid.ldap.sdk.extensions.PasswordModifyExtendedRequest) Test(org.testng.annotations.Test)

Example 7 with PasswordModifyExtendedResult

use of com.unboundid.ldap.sdk.extensions.PasswordModifyExtendedResult in project ldapsdk by pingidentity.

the class ExampleUsagesTestCase method testPurgePasswordRequestControlExample.

/**
 * Tests the example in the {@code PurgePasswordRequestControl} class.
 *
 * @throws  Exception  If an unexpected problem occurs.
 */
@Test(enabled = false)
public void testPurgePasswordRequestControlExample() throws Exception {
    // NOTE:  The in-memory directory server doesn't currently support this
    // capability, so this test won't actually do anything except verify that
    // the code compiles.  That's why this test is disabled.
    /* ----- BEGIN PRE-EXAMPLE SETUP ----- */
    final LDAPConnection connection = null;
    /* ----- BEGIN EXAMPLE CODE ----- */
    Control[] requestControls = { new PurgePasswordRequestControl(true) };
    PasswordModifyExtendedRequest passwordModifyRequest = new PasswordModifyExtendedRequest(// The user to update
    "uid=test.user,ou=People,dc=example,dc=com", // The current password -- we don't know it.
    null, // The new password to assign to the user.
    "newPassword", // The controls to include in the request.
    requestControls);
    PasswordModifyExtendedResult passwordModifyResult = (PasswordModifyExtendedResult) connection.processExtendedOperation(passwordModifyRequest);
/* ----- END EXAMPLE CODE ----- */
/* ----- BEGIN POST-EXAMPLE CLEANUP ----- */
// No cleanup is required.
}
Also used : Control(com.unboundid.ldap.sdk.Control) PasswordModifyExtendedResult(com.unboundid.ldap.sdk.extensions.PasswordModifyExtendedResult) LDAPConnection(com.unboundid.ldap.sdk.LDAPConnection) PasswordModifyExtendedRequest(com.unboundid.ldap.sdk.extensions.PasswordModifyExtendedRequest) Test(org.testng.annotations.Test)

Example 8 with PasswordModifyExtendedResult

use of com.unboundid.ldap.sdk.extensions.PasswordModifyExtendedResult in project ldapsdk by pingidentity.

the class ExampleUsagesTestCase method testRetirePasswordRequestControlExample.

/**
 * Tests the example in the {@code RetirePasswordRequestControl} class.
 *
 * @throws  Exception  If an unexpected problem occurs.
 */
@Test(enabled = false)
public void testRetirePasswordRequestControlExample() throws Exception {
    // NOTE:  The in-memory directory server doesn't currently support this
    // capability, so this test won't actually do anything except verify that
    // the code compiles.  That's why this test is disabled.
    /* ----- BEGIN PRE-EXAMPLE SETUP ----- */
    final LDAPConnection connection = null;
    /* ----- BEGIN EXAMPLE CODE ----- */
    Control[] requestControls = { new RetirePasswordRequestControl(true) };
    PasswordModifyExtendedRequest passwordModifyRequest = new PasswordModifyExtendedRequest(// The user to update
    "uid=test.user,ou=People,dc=example,dc=com", // The current password -- we don't know it.
    null, // The new password to assign to the user.
    "newPassword", // The controls to include in the request.
    requestControls);
    PasswordModifyExtendedResult passwordModifyResult = (PasswordModifyExtendedResult) connection.processExtendedOperation(passwordModifyRequest);
/* ----- END EXAMPLE CODE ----- */
/* ----- BEGIN POST-EXAMPLE CLEANUP ----- */
// No cleanup is required.
}
Also used : Control(com.unboundid.ldap.sdk.Control) PasswordModifyExtendedResult(com.unboundid.ldap.sdk.extensions.PasswordModifyExtendedResult) LDAPConnection(com.unboundid.ldap.sdk.LDAPConnection) PasswordModifyExtendedRequest(com.unboundid.ldap.sdk.extensions.PasswordModifyExtendedRequest) Test(org.testng.annotations.Test)

Example 9 with PasswordModifyExtendedResult

use of com.unboundid.ldap.sdk.extensions.PasswordModifyExtendedResult in project ssam by pingidentity.

the class SSAMController method updatePassword.

/**
 * Handles password update AJAX requests, changing the currently authenticated
 * user's password to the specified value.
 *
 * @param currentPassword
 *          The user's current password
 * @param password
 *          The new password for the user
 *
 * @return Returns a 200 status code and empty response upon success, or an
 *         error status code and error message if there is an error
 */
@RequestMapping(value = "/updatePassword", method = RequestMethod.POST, consumes = APPLICATION_FORM_URLENCODED_VALUE, produces = TEXT_PLAIN_VALUE)
public ResponseEntity<String> updatePassword(@RequestParam("currentPassword") String currentPassword, @RequestParam("password") String password) {
    Control[] controls = { getIntermediateClientRequestControl(), new PasswordPolicyRequestControl() };
    PasswordModifyExtendedRequest request = new PasswordModifyExtendedRequest(null, currentPassword, password, controls);
    try {
        PasswordModifyExtendedResult extendedResult = (PasswordModifyExtendedResult) pool.processExtendedOperation(request);
        ResultCode resultCode = extendedResult.getResultCode();
        if (resultCode == ResultCode.SUCCESS) {
            return new ResponseEntity<>(HttpStatus.OK);
        } else if (resultCode == ResultCode.INVALID_CREDENTIALS) {
            String additionalInfo = "";
            if (extendedResult.hasResponseControl(PasswordPolicyResponseControl.PASSWORD_POLICY_RESPONSE_OID)) {
                additionalInfo += "Reason: ";
                Control[] responseControls = extendedResult.getResponseControls();
                String separator = "";
                for (final Control control : responseControls) {
                    if (control.getOID().equals(PasswordPolicyResponseControl.PASSWORD_POLICY_RESPONSE_OID)) {
                        final PasswordPolicyResponseControl responseControl = (PasswordPolicyResponseControl) control;
                        additionalInfo += String.format("%s%s", separator, getPasswordPolicyErrorTypeMessage(responseControl.getErrorType()));
                        separator = ", ";
                    }
                }
            } else {
                additionalInfo = (extendedResult.getDiagnosticMessage() == null) ? "Please verify that your old password is correct." : extendedResult.getDiagnosticMessage();
            }
            // This will be returned if the "current password" is incorrect.
            return new ResponseEntity<>("Your password could not be updated. " + additionalInfo, HttpStatus.BAD_REQUEST);
        } else {
            return new ResponseEntity<>(resultCode + " - " + extendedResult.getDiagnosticMessage(), HttpStatus.BAD_REQUEST);
        }
    } catch (LDAPException e) {
        return new ResponseEntity<>(e.getMessage(), HttpStatus.INTERNAL_SERVER_ERROR);
    }
}
Also used : Control(com.unboundid.ldap.sdk.Control) IntermediateClientRequestControl(com.unboundid.ldap.sdk.unboundidds.controls.IntermediateClientRequestControl) PasswordPolicyRequestControl(com.unboundid.ldap.sdk.unboundidds.controls.PasswordPolicyRequestControl) PasswordPolicyResponseControl(com.unboundid.ldap.sdk.unboundidds.controls.PasswordPolicyResponseControl) ResponseEntity(org.springframework.http.ResponseEntity) PasswordPolicyRequestControl(com.unboundid.ldap.sdk.unboundidds.controls.PasswordPolicyRequestControl) LDAPException(com.unboundid.ldap.sdk.LDAPException) PasswordModifyExtendedResult(com.unboundid.ldap.sdk.extensions.PasswordModifyExtendedResult) PasswordPolicyResponseControl(com.unboundid.ldap.sdk.unboundidds.controls.PasswordPolicyResponseControl) PasswordModifyExtendedRequest(com.unboundid.ldap.sdk.extensions.PasswordModifyExtendedRequest) ResultCode(com.unboundid.ldap.sdk.ResultCode) RequestMapping(org.springframework.web.bind.annotation.RequestMapping)

Example 10 with PasswordModifyExtendedResult

use of com.unboundid.ldap.sdk.extensions.PasswordModifyExtendedResult in project ldapsdk by pingidentity.

the class InMemoryDirectoryServerPasswordModifyTestCase method testUnauthenticated.

/**
 * Provides test coverage for the password modify operation when requested
 * by an unauthenticated client.
 *
 * @throws  Exception  If an unexpected problem occurs.
 */
@Test()
public void testUnauthenticated() throws Exception {
    final InMemoryDirectoryServer ds = getTestDS(true, true);
    final LDAPConnection conn = ds.getConnection();
    // Verify that an unauthenticated attempt will fail without a user identity.
    PasswordModifyExtendedResult result = (PasswordModifyExtendedResult) conn.processExtendedOperation(new PasswordModifyExtendedRequest(null, null, "pw1"));
    assertEquals(result.getResultCode(), ResultCode.UNWILLING_TO_PERFORM);
    // Verify that an unauthenticated attempt will fail without an old password.
    result = (PasswordModifyExtendedResult) conn.processExtendedOperation(new PasswordModifyExtendedRequest("uid=test.user,ou=People,dc=example,dc=com", null, "pw1"));
    assertEquals(result.getResultCode(), ResultCode.UNWILLING_TO_PERFORM);
    // Verify that an unauthenticated attempt will fail with the wrong old
    // password.
    result = (PasswordModifyExtendedResult) conn.processExtendedOperation(new PasswordModifyExtendedRequest("uid=test.user,ou=People,dc=example,dc=com", "wrongPassword", "newPassword"));
    assertEquals(result.getResultCode(), ResultCode.INVALID_CREDENTIALS);
    // Verify that an unauthenticated attempt will succeed with the right old
    // password.
    result = (PasswordModifyExtendedResult) conn.processExtendedOperation(new PasswordModifyExtendedRequest("uid=test.user,ou=People,dc=example,dc=com", "password", "newPassword"));
    assertEquals(result.getResultCode(), ResultCode.SUCCESS);
    assertNull(result.getGeneratedPassword());
    // Verify that it is possible to generate a new password.
    result = (PasswordModifyExtendedResult) conn.processExtendedOperation(new PasswordModifyExtendedRequest("uid=test.user,ou=People,dc=example,dc=com", "newPassword", null));
    assertEquals(result.getResultCode(), ResultCode.SUCCESS);
    assertNotNull(result.getGeneratedPassword());
    conn.close();
}
Also used : PasswordModifyExtendedResult(com.unboundid.ldap.sdk.extensions.PasswordModifyExtendedResult) LDAPConnection(com.unboundid.ldap.sdk.LDAPConnection) PasswordModifyExtendedRequest(com.unboundid.ldap.sdk.extensions.PasswordModifyExtendedRequest) Test(org.testng.annotations.Test)

Aggregations

PasswordModifyExtendedResult (com.unboundid.ldap.sdk.extensions.PasswordModifyExtendedResult)13 PasswordModifyExtendedRequest (com.unboundid.ldap.sdk.extensions.PasswordModifyExtendedRequest)10 Control (com.unboundid.ldap.sdk.Control)9 LDAPConnection (com.unboundid.ldap.sdk.LDAPConnection)8 Test (org.testng.annotations.Test)6 ASN1OctetString (com.unboundid.asn1.ASN1OctetString)4 ExtendedResult (com.unboundid.ldap.sdk.ExtendedResult)4 LDAPException (com.unboundid.ldap.sdk.LDAPException)3 LDAPResult (com.unboundid.ldap.sdk.LDAPResult)3 OperationType (com.unboundid.ldap.sdk.OperationType)3 PasswordPolicyResponseControl (com.unboundid.ldap.sdk.unboundidds.controls.PasswordPolicyResponseControl)3 ArrayList (java.util.ArrayList)3 AuthorizationIdentityResponseControl (com.unboundid.ldap.sdk.controls.AuthorizationIdentityResponseControl)2 ContentSyncDoneControl (com.unboundid.ldap.sdk.controls.ContentSyncDoneControl)2 ContentSyncStateControl (com.unboundid.ldap.sdk.controls.ContentSyncStateControl)2 EntryChangeNotificationControl (com.unboundid.ldap.sdk.controls.EntryChangeNotificationControl)2 PasswordExpiredControl (com.unboundid.ldap.sdk.controls.PasswordExpiredControl)2 PasswordExpiringControl (com.unboundid.ldap.sdk.controls.PasswordExpiringControl)2 PostReadResponseControl (com.unboundid.ldap.sdk.controls.PostReadResponseControl)2 PreReadResponseControl (com.unboundid.ldap.sdk.controls.PreReadResponseControl)2