use of eu.bcvsolutions.idm.acc.dto.AccIdentityAccountDto in project CzechIdMng by bcvsolutions.
the class IdentityPasswordValidateProcessor method validateDefinition.
/**
* Method returns password policy list for accounts
*
* @param identity
* @param passwordChangeDto
* @return
*/
public List<IdmPasswordPolicyDto> validateDefinition(IdmIdentityDto identity, PasswordChangeDto passwordChangeDto) {
List<IdmPasswordPolicyDto> passwordPolicyList = new ArrayList<>();
// Find user accounts
AccIdentityAccountFilter filter = new AccIdentityAccountFilter();
filter.setIdentityId(identity.getId());
List<AccIdentityAccountDto> identityAccounts = identityAccountService.find(filter, null).getContent();
//
// get default password policy
IdmPasswordPolicyDto defaultPasswordPolicy = this.passwordPolicyService.getDefaultPasswordPolicy(IdmPasswordPolicyType.VALIDATE);
//
if (passwordChangeDto.isIdm() && defaultPasswordPolicy != null) {
passwordPolicyList.add(defaultPasswordPolicy);
}
//
// get systems, only ownership
identityAccounts.stream().filter(identityAccount -> {
return identityAccount.isOwnership() && (passwordChangeDto.isAll() || passwordChangeDto.getAccounts().contains(identityAccount.getAccount().toString()));
}).forEach(identityAccount -> {
// get validate password policy from system
// TODO: change to DTO after refactoring
IdmPasswordPolicy passwordPolicyEntity = identityAccountRepository.findById(identityAccount.getId()).get().getAccount().getSystem().getPasswordPolicyValidate();
IdmPasswordPolicyDto passwordPolicy = null;
if (passwordPolicyEntity != null) {
passwordPolicy = passwordPolicyService.get(passwordPolicyEntity.getId());
}
// validate
if (passwordPolicy == null) {
passwordPolicy = defaultPasswordPolicy;
}
if (!passwordPolicyList.contains(passwordPolicy) && passwordPolicy != null) {
passwordPolicyList.add(passwordPolicy);
}
});
return passwordPolicyList;
}
use of eu.bcvsolutions.idm.acc.dto.AccIdentityAccountDto in project CzechIdMng by bcvsolutions.
the class AccountDeleteProcessor method process.
@Override
public EventResult<AccAccountDto> process(EntityEvent<AccAccountDto> event) {
AccAccountDto account = event.getContent();
UUID entityId = null;
Object entityIdObj = event.getProperties().get(AccAccountService.ENTITY_ID_PROPERTY);
if (entityIdObj instanceof UUID) {
entityId = (UUID) entityIdObj;
}
boolean deleteTargetAccount = false;
Object deleteTargetAccountObj = event.getProperties().get(AccAccountService.DELETE_TARGET_ACCOUNT_PROPERTY);
if (deleteTargetAccountObj instanceof Boolean) {
deleteTargetAccount = (boolean) deleteTargetAccountObj;
}
Assert.notNull(account, "Account cannot be null!");
// We do not allow delete account in protection
if (account.isAccountProtectedAndValid()) {
throw new ResultCodeException(AccResultCode.ACCOUNT_CANNOT_BE_DELETED_IS_PROTECTED, ImmutableMap.of("uid", account.getUid()));
}
// delete all identity accounts
AccIdentityAccountFilter identityAccountFilter = new AccIdentityAccountFilter();
identityAccountFilter.setAccountId(account.getId());
List<AccIdentityAccountDto> identityAccounts = identityAccountService.find(identityAccountFilter, null).getContent();
identityAccounts.forEach(identityAccount -> {
identityAccountService.delete(identityAccount);
});
// delete all role accounts
AccRoleAccountFilter roleAccountFilter = new AccRoleAccountFilter();
roleAccountFilter.setAccountId(account.getId());
List<AccRoleAccountDto> roleAccounts = roleAccountService.find(roleAccountFilter, null).getContent();
roleAccounts.forEach(roleAccount -> {
roleAccountService.delete(roleAccount);
});
// delete all roleCatalogue accounts
AccRoleCatalogueAccountFilter roleCatalogueAccountFilter = new AccRoleCatalogueAccountFilter();
roleCatalogueAccountFilter.setAccountId(account.getId());
List<AccRoleCatalogueAccountDto> roleCatalogueAccounts = roleCatalogueAccountService.find(roleCatalogueAccountFilter, null).getContent();
roleCatalogueAccounts.forEach(roleCatalogueAccount -> {
roleCatalogueAccountService.delete(roleCatalogueAccount);
});
// delete all tree accounts
AccTreeAccountFilter treeAccountFilter = new AccTreeAccountFilter();
treeAccountFilter.setAccountId(account.getId());
List<AccTreeAccountDto> treeAccounts = treeAccountService.find(treeAccountFilter, null).getContent();
treeAccounts.forEach(treeAccount -> {
treeAccountService.delete(treeAccount);
});
// delete all contract accounts
AccContractAccountFilter contractAccountFilter = new AccContractAccountFilter();
contractAccountFilter.setAccountId(account.getId());
List<AccContractAccountDto> contractAccounts = contractAccountService.find(contractAccountFilter, null).getContent();
contractAccounts.forEach(contractAccount -> {
contractAccountService.delete(contractAccount);
});
// delete all contract slice accounts
AccContractSliceAccountFilter contractSliceAccountFilter = new AccContractSliceAccountFilter();
contractSliceAccountFilter.setAccountId(account.getId());
contractAccountSliceService.find(contractSliceAccountFilter, null).forEach(contractAccount -> {
contractAccountSliceService.delete(contractAccount);
});
//
AccAccountDto refreshAccount = accountService.get(account.getId());
// directly now
if (refreshAccount != null) {
accountService.deleteInternal(refreshAccount);
}
if (deleteTargetAccount && account.getEntityType() != null) {
SystemEntityType entityType = account.getEntityType();
if (!entityType.isSupportsProvisioning()) {
LOG.warn(MessageFormat.format("Provisioning is not supported for [{1}] now [{0}]!", account.getUid(), entityType));
return new DefaultEventResult<>(event, this);
}
LOG.debug(MessageFormat.format("Call delete provisioning for account with UID [{0}] and entity ID [{1}].", account.getUid(), entityId));
// Create context for systemEntity in account DTO and set ID of role-request to it.
UUID roleRequestId = this.getRoleRequestIdProperty(event.getProperties());
this.initContext(account, roleRequestId);
this.provisioningService.doDeleteProvisioning(account, account.getEntityType(), entityId);
}
return new DefaultEventResult<>(event, this);
}
use of eu.bcvsolutions.idm.acc.dto.AccIdentityAccountDto in project CzechIdMng by bcvsolutions.
the class CrossDomainAdUserConnectorTypeTest method testGetConnectorObjectWithCrossDomainValues.
@Test
public void testGetConnectorObjectWithCrossDomainValues() {
ConnectorType connectorType = connectorManager.getConnectorType(MockCrossDomainAdUserConnectorType.NAME);
SysSystemDto systemDto = initSystem(connectorType);
SysSystemAttributeMappingFilter filter = new SysSystemAttributeMappingFilter();
filter.setSystemId(systemDto.getId());
filter.setName(MockCrossDomainAdUserConnectorType.LDAP_GROUPS_ATTRIBUTE);
List<SysSystemAttributeMappingDto> attributes = attributeMappingService.find(filter, null).getContent();
assertEquals(1, attributes.size());
SysSystemAttributeMappingDto ldapGroupsAttribute = attributes.stream().findFirst().get();
// Creates cross-domain group.
SysSystemGroupDto groupSystemDto = new SysSystemGroupDto();
groupSystemDto.setCode(getHelper().createName());
groupSystemDto.setType(SystemGroupType.CROSS_DOMAIN);
groupSystemDto = systemGroupService.save(groupSystemDto);
SysSystemGroupSystemDto systemGroupSystemOne = new SysSystemGroupSystemDto();
systemGroupSystemOne.setSystemGroup(groupSystemDto.getId());
systemGroupSystemOne.setMergeAttribute(ldapGroupsAttribute.getId());
systemGroupSystemOne.setSystem(systemDto.getId());
systemGroupSystemService.save(systemGroupSystemOne);
// Creates the login role.
IdmRoleDto loginRole = helper.createRole();
helper.createRoleSystem(loginRole, systemDto);
// Creates cross-domain no-login role.
IdmRoleDto roleInCrossDomainGroup = helper.createRole();
SysRoleSystemDto roleSystem = helper.createRoleSystem(roleInCrossDomainGroup, systemDto);
SysRoleSystemFilter roleSystemFilter = new SysRoleSystemFilter();
roleSystemFilter.setIsInCrossDomainGroupRoleId(roleInCrossDomainGroup.getId());
roleSystemFilter.setCheckIfIsInCrossDomainGroup(Boolean.TRUE);
roleSystemFilter.setId(roleSystem.getId());
List<SysRoleSystemDto> roleSystemDtos = roleSystemService.find(roleSystemFilter, null).getContent();
assertEquals(0, roleSystemDtos.size());
// Creates overridden ldapGroup merge attribute.
createOverriddenLdapGroupAttribute(ldapGroupsAttribute, roleSystem);
// Role-system should be in cross-domain group now.
roleSystemDtos = roleSystemService.find(roleSystemFilter, null).getContent();
assertEquals(1, roleSystemDtos.size());
SysRoleSystemDto roleSystemDto = roleSystemDtos.stream().findFirst().get();
assertTrue(roleSystemDto.isInCrossDomainGroup());
IdmIdentityDto identity = getHelper().createIdentity();
IdmIdentityContractDto contract = getHelper().createContract(identity);
mockCrossDomainAdUserConnectorType.setReadConnectorObjectCallBack((system, uid, objectClass) -> {
IcConnectorObjectImpl connectorObject = new IcConnectorObjectImpl(identity.getUsername(), null, null);
connectorObject.getAttributes().add(new IcAttributeImpl(MockCrossDomainAdUserConnectorType.LDAP_GROUPS_ATTRIBUTE, "TWO"));
return mockCrossDomainAdUserConnectorType.getCrossDomainConnectorObject(system, uid, objectClass, connectorObject);
});
IdmRoleRequestDto roleRequestDto = getHelper().assignRoles(contract, roleInCrossDomainGroup, loginRole);
assertEquals(RoleRequestState.EXECUTED, roleRequestDto.getState());
assertNotNull(roleRequestDto.getSystemState());
AccIdentityAccountFilter identityAccountFilter = new AccIdentityAccountFilter();
identityAccountFilter.setIdentityId(identity.getId());
identityAccountFilter.setSystemId(systemDto.getId());
List<AccIdentityAccountDto> identityAccountDtos = identityAccountService.find(identityAccountFilter, null).getContent();
assertEquals(1, identityAccountDtos.size());
UUID accountId = identityAccountDtos.get(0).getAccount();
IcConnectorObject connectorObject = accountService.getConnectorObject(accountService.get(accountId));
assertNotNull(connectorObject);
IcAttribute ldapGroupsAtt = connectorObject.getAttributeByName(MockCrossDomainAdUserConnectorType.LDAP_GROUPS_ATTRIBUTE);
assertEquals(1, ldapGroupsAtt.getValues().size());
assertTrue(ldapGroupsAtt.getValues().stream().anyMatch(value -> value.equals("TWO")));
// Clean
provisioningOperationService.deleteOperations(systemDto.getId());
systemGroupService.delete(groupSystemDto);
getHelper().deleteIdentity(identity.getId());
mockCrossDomainAdUserConnectorType.setReadConnectorObjectCallBack(null);
}
use of eu.bcvsolutions.idm.acc.dto.AccIdentityAccountDto in project CzechIdMng by bcvsolutions.
the class DefaultAccAccountServiceFilterTest method createAccount.
private AccAccountDto createAccount(UUID systemId, UUID identityId, String uid, AccountType accountType, Boolean ownership) {
AccAccountDto account = new AccAccountDto();
account.setSystem(systemId);
account.setUid(uid);
account.setAccountType(accountType);
account = accAccountService.save(account);
AccIdentityAccountDto accountIdentity = new AccIdentityAccountDto();
accountIdentity.setIdentity(identityId);
accountIdentity.setOwnership(ownership);
accountIdentity.setAccount(account.getId());
identityAccoutnService.save(accountIdentity);
return account;
}
use of eu.bcvsolutions.idm.acc.dto.AccIdentityAccountDto in project CzechIdMng by bcvsolutions.
the class DefaultAccAccountServiceTest method getConnectorObjectNotFullTest.
@Test
public void getConnectorObjectNotFullTest() {
String userOneName = "UserOne";
String eavAttributeName = "EAV_ATTRIBUTE";
SysSystemDto system = initData();
SysSchemaAttributeFilter schemaAttributeFilter = new SysSchemaAttributeFilter();
schemaAttributeFilter.setSystemId(system.getId());
// Find and delete EAV schema attribute.
SysSchemaAttributeDto eavAttribute = schemaAttributeService.find(schemaAttributeFilter, null).getContent().stream().filter(attribute -> attribute.getName().equalsIgnoreCase(eavAttributeName)).findFirst().orElse(null);
Assert.assertNotNull(eavAttribute);
schemaAttributeService.delete(eavAttribute);
Assert.assertNotNull(system);
// Change resources (set state on exclude) .. must be call in transaction
this.getBean().persistResource(createResource(userOneName, ZonedDateTime.now()));
AccAccountDto account = new AccAccountDto();
account.setEntityType(SystemEntityType.IDENTITY);
account.setSystem(system.getId());
account.setAccountType(AccountType.PERSONAL);
account.setUid(userOneName);
account = accountService.save(account);
IdmIdentityDto identity = helper.createIdentity();
AccIdentityAccountDto accountIdentityOne = new AccIdentityAccountDto();
accountIdentityOne.setIdentity(identity.getId());
accountIdentityOne.setOwnership(true);
accountIdentityOne.setAccount(account.getId());
accountIdentityOne = identityAccountService.save(accountIdentityOne);
// Create role with evaluator
IdmRoleDto role = helper.createRole();
IdmAuthorizationPolicyDto policyAccount = new IdmAuthorizationPolicyDto();
policyAccount.setRole(role.getId());
policyAccount.setGroupPermission(AccGroupPermission.ACCOUNT.getName());
policyAccount.setAuthorizableType(AccAccount.class.getCanonicalName());
policyAccount.setEvaluator(ReadAccountByIdentityEvaluator.class);
authorizationPolicyService.save(policyAccount);
// Assign role with evaluator
helper.createIdentityRole(identity, role);
logout();
loginService.login(new LoginDto(identity.getUsername(), identity.getPassword()));
IcConnectorObject connectorObject = accountService.getConnectorObject(account, IdmBasePermission.READ);
Assert.assertNotNull(connectorObject);
Assert.assertEquals(userOneName, connectorObject.getUidValue());
// EAV attribute must be null, because we deleted the schema definition
Assert.assertNull(connectorObject.getAttributeByName(eavAttributeName));
}
Aggregations