use of eu.bcvsolutions.idm.acc.dto.AccIdentityAccountDto in project CzechIdMng by bcvsolutions.
the class DefaultSysProvisioningServiceTest method doIdentityProvisioningChangePasswordUnsupportSystem.
@Test
public void doIdentityProvisioningChangePasswordUnsupportSystem() {
IdmIdentityDto identity = identityService.getByUsername(IDENTITY_USERNAME);
AccIdentityAccountFilter filter = new AccIdentityAccountFilter();
filter.setIdentityId(identity.getId());
AccIdentityAccountDto accountIdentityOne = identityAccountService.find(filter, null).getContent().get(0);
SysSystemDto system = systemService.get(accountService.get(accountIdentityOne.getAccount()).getSystem());
EntityEvent<SysSystemDto> event = new SystemEvent(SystemEventType.DUPLICATE, system);
SysSystemDto clonedSystem = systemService.publish(event).getContent();
clonedSystem.setReadonly(false);
clonedSystem.setDisabled(false);
clonedSystem = systemService.save(clonedSystem);
SysSystemAttributeMappingFilter attributeMappingFilter = new SysSystemAttributeMappingFilter();
attributeMappingFilter.setSystemId(clonedSystem.getId());
SysSystemAttributeMappingDto passwordAttribute = systemAttributeMappingService.find(attributeMappingFilter, null).getContent().stream().filter(attribute -> {
return ProvisioningService.PASSWORD_SCHEMA_PROPERTY_NAME.equals(schemaAttributeService.get(attribute.getSchemaAttribute()).getName());
}).findFirst().orElse(null);
Assert.assertNotNull(passwordAttribute);
SysSystemAttributeMappingDto uidAttribute = systemAttributeMappingService.find(attributeMappingFilter, null).getContent().stream().filter(attribute -> {
return attribute.isUid();
}).findFirst().orElse(null);
Assert.assertNotNull(uidAttribute);
uidAttribute.setTransformToResourceScript("if(attributeValue){return \"y\"+ attributeValue;}");
uidAttribute = systemAttributeMappingService.save(uidAttribute);
SysSystemEntityDto sysEntity = new SysSystemEntityDto("y" + IDENTITY_USERNAME, SystemEntityType.IDENTITY);
sysEntity.setSystem(clonedSystem.getId());
sysEntity = systemEntityService.save(sysEntity);
AccAccountDto account = new AccAccountDto();
account.setSystem(clonedSystem.getId());
account.setUid("y" + IDENTITY_USERNAME);
account.setAccountType(AccountType.PERSONAL);
account.setEntityType(SystemEntityType.IDENTITY);
account.setSystemEntity(sysEntity.getId());
account = accountService.save(account);
AccIdentityAccountDto accountIdentity = new AccIdentityAccountDto();
accountIdentity.setIdentity(identity.getId());
accountIdentity.setOwnership(true);
accountIdentity.setAccount(account.getId());
accountIdentity = identityAccountService.save(accountIdentity);
provisioningService.doProvisioning(account);
TestResource createdAccount = entityManager.find(TestResource.class, accountService.get(accountIdentity.getAccount()).getUid());
Assert.assertNotNull(createdAccount);
Assert.assertEquals(identity.getFirstName(), createdAccount.getFirstname());
String password = createdAccount.getPassword();
AccAccountFilter accountFilter = new AccAccountFilter();
accountFilter.setIdentityId(identity.getId());
accountFilter.setOwnership(Boolean.TRUE);
accountFilter.setSupportChangePassword(Boolean.TRUE);
// Two accounts supported change password expects
Assert.assertEquals(2, accountService.find(accountFilter, null).getContent().size());
PasswordChangeDto passwordChange = new PasswordChangeDto();
passwordChange.setNewPassword(new GuardedString("newPWD12"));
passwordChange.getAccounts().add(account.getId().toString());
identityService.passwordChange(identity, passwordChange);
createdAccount = entityManager.find(TestResource.class, accountService.get(accountIdentity.getAccount()).getUid());
Assert.assertNotEquals(password, createdAccount.getPassword());
// After success password change, we delete password attribute.
systemAttributeMappingService.delete(passwordAttribute);
// One account supported change password expects
Assert.assertEquals(1, accountService.find(accountFilter, null).getContent().size());
// Change password .. now this doesn't end with exception but with failed state
passwordChange = new PasswordChangeDto();
passwordChange.setNewPassword(new GuardedString("newPWDUnsupported"));
passwordChange.getAccounts().add(account.getId().toString());
List<OperationResult> results = identityService.passwordChange(identity, passwordChange);
// for idm will be password changed executed with success state for system doesn't
for (OperationResult result : results) {
IdmAccountDto idmAccount = (IdmAccountDto) result.getModel().getParameters().get(IdmAccountDto.PARAMETER_NAME);
String statusEnum = result.getModel().getStatusEnum();
assertNotNull(statusEnum);
assertNotNull(idmAccount);
if (statusEnum.equals(CoreResultCode.PASSWORD_CHANGE_ACCOUNT_SUCCESS.name())) {
// idm
assertNull(idmAccount.getSystemId());
assertNull(idmAccount.getSystemName());
continue;
} else if (statusEnum.equals(CoreResultCode.PASSWORD_CHANGE_ACCOUNT_FAILED.name())) {
assertEquals(clonedSystem.getId(), idmAccount.getSystemId());
assertEquals(clonedSystem.getName(), idmAccount.getSystemName());
continue;
}
fail("Different result!");
}
}
use of eu.bcvsolutions.idm.acc.dto.AccIdentityAccountDto in project CzechIdMng by bcvsolutions.
the class DefaultAccAccountManagementService method resolveIdentityAccounts.
@Override
public boolean resolveIdentityAccounts(IdmIdentityDto identity) {
Assert.notNull(identity, "Identity is required.");
// find not deleted identity accounts
AccIdentityAccountFilter filter = new AccIdentityAccountFilter();
filter.setIdentityId(identity.getId());
List<AccIdentityAccountDto> allIdentityAccountList = identityAccountService.find(filter, null).getContent();
List<IdmIdentityRoleDto> identityRoles = identityRoleService.findAllByIdentity(identity.getId());
if (CollectionUtils.isEmpty(identityRoles) && CollectionUtils.isEmpty(allIdentityAccountList)) {
// No roles and accounts ... we don't have anything to do
return false;
}
// account with delete accepted states will be removed on the end
IdmEntityStateFilter identityAccountStatesFilter = new IdmEntityStateFilter();
identityAccountStatesFilter.setSuperOwnerId(identity.getId());
identityAccountStatesFilter.setOwnerType(entityStateManager.getOwnerType(AccIdentityAccountDto.class));
identityAccountStatesFilter.setResultCode(CoreResultCode.DELETED.getCode());
List<IdmEntityStateDto> identityAccountStates = entityStateManager.findStates(identityAccountStatesFilter, null).getContent();
List<AccIdentityAccountDto> identityAccountList = //
allIdentityAccountList.stream().filter(ia -> {
return !//
identityAccountStates.stream().anyMatch(state -> {
return ia.getId().equals(state.getOwnerId());
});
}).collect(Collectors.toList());
// create / remove accounts
if (!CollectionUtils.isEmpty(identityRoles) || !CollectionUtils.isEmpty(identityAccountList)) {
List<AccIdentityAccountDto> identityAccountsToCreate = new ArrayList<>();
List<AccIdentityAccountDto> identityAccountsToDelete = new ArrayList<>();
// Is role valid in this moment
resolveIdentityAccountForCreate(identity, identityAccountList, identityRoles, identityAccountsToCreate, identityAccountsToDelete, false, null);
// Is role invalid in this moment
resolveIdentityAccountForDelete(identityAccountList, identityRoles, identityAccountsToDelete);
// Create new identity accounts
identityAccountsToCreate.forEach(identityAccount -> identityAccountService.save(identityAccount));
// Delete invalid identity accounts
identityAccountsToDelete.forEach(identityAccount -> identityAccountService.deleteById(identityAccount.getId()));
}
// clear identity accounts marked to be deleted
//
identityAccountStates.stream().forEach(state -> {
//
AccIdentityAccountDto deleteIdentityAccount = identityAccountService.get(state.getOwnerId());
if (deleteIdentityAccount != null) {
// identity account can be deleted manually.
identityAccountService.delete(deleteIdentityAccount);
}
entityStateManager.deleteState(state);
});
// Return value is deprecated since version 9.5.0 (is useless)
return true;
}
use of eu.bcvsolutions.idm.acc.dto.AccIdentityAccountDto in project CzechIdMng by bcvsolutions.
the class DefaultAccAccountManagementService method createAccountByRoleSystem.
/**
* Create Account by given roleSystem
*
* @param identity
* @param roleSystem
* @param identityAccountsToCreate
* @return
*/
private AccAccountDto createAccountByRoleSystem(String uid, IdmIdentityDto identity, SysRoleSystemDto roleSystem, List<AccIdentityAccountDto> identityAccountsToCreate) {
// We try find account for same UID on same system
// First we try to search same account in list for create new accounts
AccIdentityAccountDto sameAccount = //
identityAccountsToCreate.stream().filter(identityAccountToCreate -> {
AccAccountDto account = DtoUtils.getEmbedded(identityAccountToCreate, AccIdentityAccount_.account.getName(), AccAccountDto.class);
return account.getUid().equals(uid) && roleSystem.getId().equals(identityAccountToCreate.getRoleSystem());
}).findFirst().orElse(//
null);
if (sameAccount != null) {
return DtoUtils.getEmbedded(sameAccount, AccIdentityAccount_.account.getName(), AccAccountDto.class);
}
// If account is not in the list accounts to create, then we will search in
// database
// Account management - can be the account created? - execute the script on the
// system mapping
SysSystemDto system = DtoUtils.getEmbedded(roleSystem, SysRoleSystem_.system);
SysSystemMappingDto mapping = systemMappingService.findProvisioningMapping(system.getId(), SystemEntityType.IDENTITY);
if (mapping == null) {
return null;
}
if (!this.canBeAccountCreated(uid, identity, mapping, system)) {
LOG.info(MessageFormat.format("For entity [{0}] and entity type [{1}] cannot be created the account (on system [{2}])," + " because script \"Can be account created\" on the mapping returned \"false\"!", identity.getCode(), SystemEntityType.IDENTITY, system.getName()));
return null;
}
AccAccountFilter accountFilter = new AccAccountFilter();
accountFilter.setUid(uid);
accountFilter.setSystemId(roleSystem.getSystem());
List<AccAccountDto> sameAccounts = accountService.find(accountFilter, null).getContent();
if (CollectionUtils.isEmpty(sameAccounts)) {
// Create and persist new account
return createAccount(uid, roleSystem);
} else {
// We use existed account
return sameAccounts.get(0);
}
}
use of eu.bcvsolutions.idm.acc.dto.AccIdentityAccountDto in project CzechIdMng by bcvsolutions.
the class IdentityRoleValidRequestSchedulerTest method createValidRole.
@Test
public void createValidRole() {
IdmIdentityDto identity = createAndSaveIdentity();
IdmRoleDto role = createAndSaveRole();
createAndSaveRoleSystem(role, system);
IdmTreeTypeDto treeType = createAndSaveTreeType();
IdmTreeNodeDto treeNode = createAndSaveTreeNode(treeType);
IdmIdentityContractDto identityContract = createAndSaveIdentityContract(identity, treeNode);
LocalDate validFrom = LocalDate.now();
// set minus days
validFrom = validFrom.minusDays(5);
// provisioning is not executed
createAndSaveIdentityRole(identityContract, role, null, validFrom);
AccIdentityAccountFilter filter = new AccIdentityAccountFilter();
filter.setIdentityId(identity.getId());
AccIdentityAccountDto accountIdentity = identityAccountService.find(filter, null).getContent().get(0);
// it must exists
assertNotNull(accountIdentity);
}
use of eu.bcvsolutions.idm.acc.dto.AccIdentityAccountDto in project CzechIdMng by bcvsolutions.
the class IdentityRoleValidRequestSchedulerTest method createNonValidRole.
@Test
public void createNonValidRole() {
IdmIdentityDto identity = createAndSaveIdentity();
IdmRoleDto role = createAndSaveRole();
createAndSaveRoleSystem(role, system);
IdmTreeTypeDto treeType = createAndSaveTreeType();
IdmTreeNodeDto treeNode = createAndSaveTreeNode(treeType);
IdmIdentityContractDto identityContract = createAndSaveIdentityContract(identity, treeNode);
LocalDate validFrom = LocalDate.now();
// set plus days
validFrom = validFrom.plusDays(5);
// provisioning is not executed
createAndSaveIdentityRole(identityContract, role, null, validFrom);
AccIdentityAccountFilter filter = new AccIdentityAccountFilter();
filter.setIdentityId(identity.getId());
List<AccIdentityAccountDto> list = identityAccountService.find(filter, null).getContent();
// it must not exists
assertEquals(true, list.isEmpty());
}
Aggregations