use of com.unboundid.ldap.sdk.extensions.PasswordModifyExtendedResult in project ldapsdk by pingidentity.
the class InMemoryDirectoryServerPasswordModifyTestCase method testAuthenticatedAsNormalUser.
/**
* Provides test coverage for the password modify operation when requested
* by a client authenticated as a normal user.
*
* @throws Exception If an unexpected problem occurs.
*/
@Test()
public void testAuthenticatedAsNormalUser() throws Exception {
final InMemoryDirectoryServer ds = getTestDS(true, true);
ds.add("dn: uid=another.user,ou=People,dc=example,dc=com", "objectClass: top", "objectClass: person", "objectClass: organizationalPerson", "objectClass: inetOrgPerson", "uid: another.user", "givenName: Another", "sn: User", "cn: Another User", "userPassword: password");
final LDAPConnection conn = ds.getConnection();
conn.bind("uid=test.user,ou=People,dc=example,dc=com", "password");
// Verify that the attempt will succeed for the authenticated user when
// supplied only with a new password.
PasswordModifyExtendedResult result = (PasswordModifyExtendedResult) conn.processExtendedOperation(new PasswordModifyExtendedRequest("newPassword1"));
assertEquals(result.getResultCode(), ResultCode.SUCCESS);
assertNull(result.getGeneratedPassword());
// Verify that the attempt will fail for the authenticated user when
// supplied with both old and new passwords and the old password is wrong.
result = (PasswordModifyExtendedResult) conn.processExtendedOperation(new PasswordModifyExtendedRequest("wrongPassword", "newPassword2"));
assertEquals(result.getResultCode(), ResultCode.INVALID_CREDENTIALS);
assertNull(result.getGeneratedPassword());
// Verify that the attempt will succeed for the authenticated user when
// supplied with both old and new passwords and the old password is correct.
result = (PasswordModifyExtendedResult) conn.processExtendedOperation(new PasswordModifyExtendedRequest("newPassword1", "newPassword2"));
assertEquals(result.getResultCode(), ResultCode.SUCCESS);
assertNull(result.getGeneratedPassword());
// Verify that the attempt to change the password for the authenticated
// user can successfully generate a new password.
result = (PasswordModifyExtendedResult) conn.processExtendedOperation(new PasswordModifyExtendedRequest((String) null));
assertEquals(result.getResultCode(), ResultCode.SUCCESS);
assertNotNull(result.getGeneratedPassword());
// Verify that the attempt to change the password will succeed for a
// different regular user when the identity is provided as a DN.
result = (PasswordModifyExtendedResult) conn.processExtendedOperation(new PasswordModifyExtendedRequest("uid=another.user,ou=People,dc=example,dc=com", null, "newPassword1"));
assertEquals(result.getResultCode(), ResultCode.SUCCESS);
assertNull(result.getGeneratedPassword());
// Verify that the attempt to change the password will succeed for a
// different regular user when the identity is provided as an authzID.
result = (PasswordModifyExtendedResult) conn.processExtendedOperation(new PasswordModifyExtendedRequest("u:another.user", null, "newPassword2"));
assertEquals(result.getResultCode(), ResultCode.SUCCESS);
assertNull(result.getGeneratedPassword());
// Verify that the attempt to change the password will fail for a
// different regular user when the identity is provided as a malformed
// authzID.
result = (PasswordModifyExtendedResult) conn.processExtendedOperation(new PasswordModifyExtendedRequest("dn:malformed", null, "newPassword2"));
assertEquals(result.getResultCode(), ResultCode.INVALID_DN_SYNTAX);
assertNull(result.getGeneratedPassword());
// Verify that the attempt to change the password will fail for a target
// user that is an additional bind user.
result = (PasswordModifyExtendedResult) conn.processExtendedOperation(new PasswordModifyExtendedRequest("dn:cn=Directory Manager", null, "newPassword3"));
assertEquals(result.getResultCode(), ResultCode.UNWILLING_TO_PERFORM);
assertNull(result.getGeneratedPassword());
// Verify that the attempt to change the password will fail for a target
// user that does not exist.
result = (PasswordModifyExtendedResult) conn.processExtendedOperation(new PasswordModifyExtendedRequest("cn=missing,dc=example,dc=com", null, "newPassword4"));
assertEquals(result.getResultCode(), ResultCode.UNWILLING_TO_PERFORM);
assertNull(result.getGeneratedPassword());
conn.close();
}
use of com.unboundid.ldap.sdk.extensions.PasswordModifyExtendedResult in project ldapsdk by pingidentity.
the class ExampleUsagesTestCase method testPurgePasswordRequestControlExample.
/**
* Tests the example in the {@code PurgePasswordRequestControl} class.
*
* @throws Exception If an unexpected problem occurs.
*/
@Test(enabled = false)
public void testPurgePasswordRequestControlExample() throws Exception {
// NOTE: The in-memory directory server doesn't currently support this
// capability, so this test won't actually do anything except verify that
// the code compiles. That's why this test is disabled.
/* ----- BEGIN PRE-EXAMPLE SETUP ----- */
final LDAPConnection connection = null;
/* ----- BEGIN EXAMPLE CODE ----- */
Control[] requestControls = { new PurgePasswordRequestControl(true) };
PasswordModifyExtendedRequest passwordModifyRequest = new PasswordModifyExtendedRequest(// The user to update
"uid=test.user,ou=People,dc=example,dc=com", // The current password -- we don't know it.
null, // The new password to assign to the user.
"newPassword", // The controls to include in the request.
requestControls);
PasswordModifyExtendedResult passwordModifyResult = (PasswordModifyExtendedResult) connection.processExtendedOperation(passwordModifyRequest);
/* ----- END EXAMPLE CODE ----- */
/* ----- BEGIN POST-EXAMPLE CLEANUP ----- */
// No cleanup is required.
}
use of com.unboundid.ldap.sdk.extensions.PasswordModifyExtendedResult in project ldapsdk by pingidentity.
the class ExampleUsagesTestCase method testRetirePasswordRequestControlExample.
/**
* Tests the example in the {@code RetirePasswordRequestControl} class.
*
* @throws Exception If an unexpected problem occurs.
*/
@Test(enabled = false)
public void testRetirePasswordRequestControlExample() throws Exception {
// NOTE: The in-memory directory server doesn't currently support this
// capability, so this test won't actually do anything except verify that
// the code compiles. That's why this test is disabled.
/* ----- BEGIN PRE-EXAMPLE SETUP ----- */
final LDAPConnection connection = null;
/* ----- BEGIN EXAMPLE CODE ----- */
Control[] requestControls = { new RetirePasswordRequestControl(true) };
PasswordModifyExtendedRequest passwordModifyRequest = new PasswordModifyExtendedRequest(// The user to update
"uid=test.user,ou=People,dc=example,dc=com", // The current password -- we don't know it.
null, // The new password to assign to the user.
"newPassword", // The controls to include in the request.
requestControls);
PasswordModifyExtendedResult passwordModifyResult = (PasswordModifyExtendedResult) connection.processExtendedOperation(passwordModifyRequest);
/* ----- END EXAMPLE CODE ----- */
/* ----- BEGIN POST-EXAMPLE CLEANUP ----- */
// No cleanup is required.
}
use of com.unboundid.ldap.sdk.extensions.PasswordModifyExtendedResult in project ssam by pingidentity.
the class SSAMController method updatePassword.
/**
* Handles password update AJAX requests, changing the currently authenticated
* user's password to the specified value.
*
* @param currentPassword
* The user's current password
* @param password
* The new password for the user
*
* @return Returns a 200 status code and empty response upon success, or an
* error status code and error message if there is an error
*/
@RequestMapping(value = "/updatePassword", method = RequestMethod.POST, consumes = APPLICATION_FORM_URLENCODED_VALUE, produces = TEXT_PLAIN_VALUE)
public ResponseEntity<String> updatePassword(@RequestParam("currentPassword") String currentPassword, @RequestParam("password") String password) {
Control[] controls = { getIntermediateClientRequestControl(), new PasswordPolicyRequestControl() };
PasswordModifyExtendedRequest request = new PasswordModifyExtendedRequest(null, currentPassword, password, controls);
try {
PasswordModifyExtendedResult extendedResult = (PasswordModifyExtendedResult) pool.processExtendedOperation(request);
ResultCode resultCode = extendedResult.getResultCode();
if (resultCode == ResultCode.SUCCESS) {
return new ResponseEntity<>(HttpStatus.OK);
} else if (resultCode == ResultCode.INVALID_CREDENTIALS) {
String additionalInfo = "";
if (extendedResult.hasResponseControl(PasswordPolicyResponseControl.PASSWORD_POLICY_RESPONSE_OID)) {
additionalInfo += "Reason: ";
Control[] responseControls = extendedResult.getResponseControls();
String separator = "";
for (final Control control : responseControls) {
if (control.getOID().equals(PasswordPolicyResponseControl.PASSWORD_POLICY_RESPONSE_OID)) {
final PasswordPolicyResponseControl responseControl = (PasswordPolicyResponseControl) control;
additionalInfo += String.format("%s%s", separator, getPasswordPolicyErrorTypeMessage(responseControl.getErrorType()));
separator = ", ";
}
}
} else {
additionalInfo = (extendedResult.getDiagnosticMessage() == null) ? "Please verify that your old password is correct." : extendedResult.getDiagnosticMessage();
}
// This will be returned if the "current password" is incorrect.
return new ResponseEntity<>("Your password could not be updated. " + additionalInfo, HttpStatus.BAD_REQUEST);
} else {
return new ResponseEntity<>(resultCode + " - " + extendedResult.getDiagnosticMessage(), HttpStatus.BAD_REQUEST);
}
} catch (LDAPException e) {
return new ResponseEntity<>(e.getMessage(), HttpStatus.INTERNAL_SERVER_ERROR);
}
}
use of com.unboundid.ldap.sdk.extensions.PasswordModifyExtendedResult in project ldapsdk by pingidentity.
the class InMemoryDirectoryServerPasswordModifyTestCase method testUnauthenticated.
/**
* Provides test coverage for the password modify operation when requested
* by an unauthenticated client.
*
* @throws Exception If an unexpected problem occurs.
*/
@Test()
public void testUnauthenticated() throws Exception {
final InMemoryDirectoryServer ds = getTestDS(true, true);
final LDAPConnection conn = ds.getConnection();
// Verify that an unauthenticated attempt will fail without a user identity.
PasswordModifyExtendedResult result = (PasswordModifyExtendedResult) conn.processExtendedOperation(new PasswordModifyExtendedRequest(null, null, "pw1"));
assertEquals(result.getResultCode(), ResultCode.UNWILLING_TO_PERFORM);
// Verify that an unauthenticated attempt will fail without an old password.
result = (PasswordModifyExtendedResult) conn.processExtendedOperation(new PasswordModifyExtendedRequest("uid=test.user,ou=People,dc=example,dc=com", null, "pw1"));
assertEquals(result.getResultCode(), ResultCode.UNWILLING_TO_PERFORM);
// Verify that an unauthenticated attempt will fail with the wrong old
// password.
result = (PasswordModifyExtendedResult) conn.processExtendedOperation(new PasswordModifyExtendedRequest("uid=test.user,ou=People,dc=example,dc=com", "wrongPassword", "newPassword"));
assertEquals(result.getResultCode(), ResultCode.INVALID_CREDENTIALS);
// Verify that an unauthenticated attempt will succeed with the right old
// password.
result = (PasswordModifyExtendedResult) conn.processExtendedOperation(new PasswordModifyExtendedRequest("uid=test.user,ou=People,dc=example,dc=com", "password", "newPassword"));
assertEquals(result.getResultCode(), ResultCode.SUCCESS);
assertNull(result.getGeneratedPassword());
// Verify that it is possible to generate a new password.
result = (PasswordModifyExtendedResult) conn.processExtendedOperation(new PasswordModifyExtendedRequest("uid=test.user,ou=People,dc=example,dc=com", "newPassword", null));
assertEquals(result.getResultCode(), ResultCode.SUCCESS);
assertNotNull(result.getGeneratedPassword());
conn.close();
}
Aggregations