use of eu.bcvsolutions.idm.acc.dto.AccIdentityAccountDto in project CzechIdMng by bcvsolutions.
the class IdentityPasswordValidateProcessor method validateDefinition.
/**
* Method returns password policy list for accounts
*
* @param identity
* @param passwordChangeDto
* @return
*/
public List<IdmPasswordPolicyDto> validateDefinition(IdmIdentityDto identity, PasswordChangeDto passwordChangeDto) {
List<IdmPasswordPolicyDto> passwordPolicyList = new ArrayList<>();
// Find user accounts
AccIdentityAccountFilter filter = new AccIdentityAccountFilter();
filter.setIdentityId(identity.getId());
List<AccIdentityAccountDto> identityAccounts = identityAccountService.find(filter, null).getContent();
//
// get default password policy
IdmPasswordPolicyDto defaultPasswordPolicy = this.passwordPolicyService.getDefaultPasswordPolicy(IdmPasswordPolicyType.VALIDATE);
//
if (passwordChangeDto.isIdm() && defaultPasswordPolicy != null) {
passwordPolicyList.add(defaultPasswordPolicy);
}
//
// get systems, only ownership
identityAccounts.stream().filter(identityAccount -> {
return identityAccount.isOwnership() && (passwordChangeDto.isAll() || passwordChangeDto.getAccounts().contains(identityAccount.getAccount().toString()));
}).forEach(identityAccount -> {
// get validate password policy from system
// TODO: change to DTO after refactoring
IdmPasswordPolicy passwordPolicyEntity = identityAccountRepository.findOne(identityAccount.getId()).getAccount().getSystem().getPasswordPolicyValidate();
IdmPasswordPolicyDto passwordPolicy = null;
if (passwordPolicyEntity != null) {
passwordPolicy = passwordPolicyService.get(passwordPolicyEntity.getId());
}
// validate
if (passwordPolicy == null) {
passwordPolicy = defaultPasswordPolicy;
}
if (!passwordPolicyList.contains(passwordPolicy) && passwordPolicy != null) {
passwordPolicyList.add(passwordPolicy);
}
});
return passwordPolicyList;
}
use of eu.bcvsolutions.idm.acc.dto.AccIdentityAccountDto in project CzechIdMng by bcvsolutions.
the class IdentityPasswordValidateProcessor method process.
@Override
public EventResult<IdmIdentityDto> process(EntityEvent<IdmIdentityDto> event) {
PasswordChangeDto passwordChangeDto = (PasswordChangeDto) event.getProperties().get(IdentityPasswordProcessor.PROPERTY_PASSWORD_CHANGE_DTO);
IdmIdentityDto identity = event.getContent();
//
Assert.notNull(passwordChangeDto);
Assert.notNull(identity);
//
LOG.debug("Call validate password for systems and default password policy for identity username [{}]", event.getContent().getUsername());
//
List<IdmPasswordPolicyDto> passwordPolicyList = validateDefinition(identity, passwordChangeDto);
//
// Find user accounts
AccIdentityAccountFilter filter = new AccIdentityAccountFilter();
filter.setIdentityId(identity.getId());
List<AccIdentityAccountDto> identityAccounts = identityAccountService.find(filter, null).getContent();
//
if (!securityService.isAdmin()) {
// check accounts and property all_only
PasswordChangeType passwordChangeType = identityConfiguration.getPasswordChangeType();
if (passwordChangeType == PasswordChangeType.ALL_ONLY) {
// get distinct account ids from identity accounts
List<String> accountIds = identityAccounts.stream().filter(identityAccount -> {
// filter by ownership
return (identityAccount.isOwnership());
}).map(AccIdentityAccountDto::getAccount).map(UUID::toString).collect(Collectors.toList());
//
if (!accountIds.isEmpty() && !passwordChangeDto.getAccounts().isEmpty()) {
// size of the found accounts must match the account size in the password change - ALL_ONLY
boolean containsAll = accountIds.size() == passwordChangeDto.getAccounts().size();
if (!containsAll) {
throw new ResultCodeException(CoreResultCode.PASSWORD_CHANGE_ALL_ONLY);
}
}
}
}
//
// validate TODO: validate for admin?
IdmPasswordValidationDto passwordValidationDto = new IdmPasswordValidationDto();
// get old password for validation - til, from and password history
IdmPasswordDto oldPassword = this.passwordService.findOneByIdentity(identity.getId());
passwordValidationDto.setOldPassword(oldPassword == null ? null : oldPassword.getId());
passwordValidationDto.setIdentity(identity);
passwordValidationDto.setPassword(passwordChangeDto.getNewPassword());
this.passwordPolicyService.validate(passwordValidationDto, passwordPolicyList);
//
return new DefaultEventResult<>(event, this);
}
use of eu.bcvsolutions.idm.acc.dto.AccIdentityAccountDto in project CzechIdMng by bcvsolutions.
the class PasswordPreValidationIntegrationTest method testMinChar.
@Test
public void testMinChar() {
IdmIdentityDto identity = new IdmIdentityDto();
identity.setUsername("test" + System.currentTimeMillis());
identity.setFirstName("testFirst");
identity.setLastName("testSecond");
identity = idmIdentityService.save(identity);
//
SysSystemDto system = testHelper.createTestResourceSystem(true);
//
AccAccountDto acc = new AccAccountDto();
acc.setId(UUID.randomUUID());
acc.setUid(System.currentTimeMillis() + "");
acc.setAccountType(AccountType.PERSONAL);
acc.setSystem(system.getId());
//
acc = accountService.save(acc);
//
AccIdentityAccountDto account = testHelper.createIdentityAccount(system, identity);
account.setAccount(acc.getId());
account = accountIdentityService.save(account);
account.setOwnership(true);
List<String> accounts = new ArrayList<String>();
accounts.add(acc.getId() + "");
// password policy default
IdmPasswordPolicyDto policyDefault = new IdmPasswordPolicyDto();
policyDefault.setName(System.currentTimeMillis() + "test1");
policyDefault.setDefaultPolicy(true);
policyDefault.setMinUpperChar(6);
policyDefault.setMinLowerChar(10);
// password policy
IdmPasswordPolicyDto policy = new IdmPasswordPolicyDto();
policy.setName(System.currentTimeMillis() + "test2");
policy.setDefaultPolicy(false);
policy.setMinUpperChar(5);
policy.setMinLowerChar(11);
policyDefault = passwordPolicyService.save(policyDefault);
policy = passwordPolicyService.save(policy);
system.setPasswordPolicyValidate(policy.getId());
systemService.save(system);
PasswordChangeDto passwordChange = new PasswordChangeDto();
passwordChange.setIdm(true);
passwordChange.setAccounts(accounts);
passwordChange.setAll(true);
try {
idmIdentityService.validatePassword(passwordChange);
} catch (ResultCodeException ex) {
assertEquals(6, ex.getError().getError().getParameters().get("minUpperChar"));
assertEquals(11, ex.getError().getError().getParameters().get("minLowerChar"));
assertEquals(policy.getName() + ", " + policyDefault.getName(), ex.getError().getError().getParameters().get("policiesNamesPreValidation"));
assertEquals(3, ex.getError().getError().getParameters().size());
policyDefault.setDefaultPolicy(false);
passwordPolicyService.save(policyDefault);
}
}
use of eu.bcvsolutions.idm.acc.dto.AccIdentityAccountDto in project CzechIdMng by bcvsolutions.
the class PasswordPreValidationIntegrationTest method testAdvancedEnabled.
@Test
public void testAdvancedEnabled() {
IdmIdentityDto identity = new IdmIdentityDto();
identity.setUsername("test" + System.currentTimeMillis());
identity.setFirstName("testFirst");
identity.setLastName("testSecond");
identity = idmIdentityService.save(identity);
//
SysSystemDto system = testHelper.createTestResourceSystem(true);
//
AccAccountDto acc = new AccAccountDto();
acc.setId(UUID.randomUUID());
acc.setUid(System.currentTimeMillis() + "");
acc.setAccountType(AccountType.PERSONAL);
acc.setSystem(system.getId());
//
acc = accountService.save(acc);
//
AccIdentityAccountDto account = testHelper.createIdentityAccount(system, identity);
account.setAccount(acc.getId());
account = accountIdentityService.save(account);
account.setOwnership(true);
List<String> accounts = new ArrayList<String>();
accounts.add(acc.getId() + "");
// password policy default
IdmPasswordPolicyDto policyDefault = new IdmPasswordPolicyDto();
policyDefault.setName(System.currentTimeMillis() + "test1");
policyDefault.setDefaultPolicy(true);
policyDefault.setMinPasswordLength(10);
policyDefault.setMaxPasswordLength(20);
policyDefault.setPasswordLengthRequired(true);
policyDefault.setMinUpperChar(5);
policyDefault.setUpperCharRequired(true);
policyDefault.setMinLowerChar(4);
policyDefault.setLowerCharRequired(true);
policyDefault.setEnchancedControl(true);
policyDefault.setMinRulesToFulfill(1);
policyDefault.setMinNumber(3);
policyDefault.setNumberRequired(false);
policyDefault.setMinSpecialChar(6);
policyDefault.setSpecialCharRequired(false);
policyDefault.setIdentityAttributeCheck("");
// password policy
IdmPasswordPolicyDto policy = new IdmPasswordPolicyDto();
policy.setName(System.currentTimeMillis() + "test2");
policy.setDefaultPolicy(false);
policy.setMinPasswordLength(9);
policy.setMaxPasswordLength(21);
policy.setPasswordLengthRequired(true);
policy.setMinUpperChar(4);
policy.setUpperCharRequired(true);
policy.setMinLowerChar(3);
policy.setLowerCharRequired(true);
policy.setEnchancedControl(true);
policy.setMinRulesToFulfill(1);
policy.setMinNumber(5);
policy.setNumberRequired(false);
policy.setMinSpecialChar(4);
policy.setSpecialCharRequired(false);
policy.setIdentityAttributeCheck("");
policyDefault = passwordPolicyService.save(policyDefault);
policy = passwordPolicyService.save(policy);
system.setPasswordPolicyValidate(policy.getId());
systemService.save(system);
PasswordChangeDto passwordChange = new PasswordChangeDto();
passwordChange.setIdm(true);
passwordChange.setAccounts(accounts);
passwordChange.setAll(true);
try {
idmIdentityService.validatePassword(passwordChange);
} catch (ResultCodeException ex) {
Map<String, Object> parametrs = new HashMap<String, Object>();
parametrs.put("minNumber", 3);
parametrs.put("minSpecialChar", 6);
assertEquals(10, ex.getError().getError().getParameters().get("minLength"));
assertEquals(20, ex.getError().getError().getParameters().get("maxLength"));
assertEquals(5, ex.getError().getError().getParameters().get("minUpperChar"));
assertEquals(4, ex.getError().getError().getParameters().get("minLowerChar"));
assertEquals(parametrs.toString(), ex.getError().getError().getParameters().get("minRulesToFulfill").toString());
;
assertEquals(policy.getName() + ", " + policyDefault.getName(), ex.getError().getError().getParameters().get("policiesNamesPreValidation"));
// special char base -> 8
assertEquals(8, ex.getError().getError().getParameters().size());
policyDefault.setDefaultPolicy(false);
passwordPolicyService.save(policyDefault);
}
}
use of eu.bcvsolutions.idm.acc.dto.AccIdentityAccountDto in project CzechIdMng by bcvsolutions.
the class IdentitySetPasswordProcessorIntegrationTest method testGeneratePassword.
@Test
public void testGeneratePassword() {
SysSystemDto system = helper.createTestResourceSystem(true);
//
IdmRoleDto role = helper.createRole();
helper.createRoleSystem(role, system);
IdmIdentityDto identity = helper.createIdentity();
IdmIdentityContractDto contract = helper.getPrimeContract(identity.getId());
contract.setValidFrom(new LocalDate().plusDays(1));
identityContractService.save(contract);
identity = identityService.get(identity.getId());
Assert.assertEquals(IdentityState.FUTURE_CONTRACT, identity.getState());
helper.createIdentityRole(identity, role);
//
AccIdentityAccountFilter filter = new AccIdentityAccountFilter();
filter.setIdentityId(identity.getId());
AccIdentityAccountDto accountIdentityOne = identityAccountService.find(filter, null).getContent().get(0);
AccAccountDto account = accountService.get(accountIdentityOne.getAccount());
// Create new password one
PasswordChangeDto passwordChange = new PasswordChangeDto();
passwordChange.setAccounts(ImmutableList.of(account.getId().toString()));
passwordChange.setNewPassword(new GuardedString(IDENTITY_PASSWORD_ONE));
passwordChange.setIdm(true);
//
// Do change of password for selected accounts
identityService.passwordChange(identity, passwordChange);
//
// Check correct password One
TestResource resource = helper.findResource(account.getRealUid());
Assert.assertNotNull(resource);
Assert.assertEquals(IDENTITY_PASSWORD_ONE, resource.getPassword());
//
// set contract to valid
contract.setValidFrom(new LocalDate());
identityContractService.save(contract);
identity = identityService.get(identity.getId());
Assert.assertEquals(IdentityState.VALID, identity.getState());
//
// check password on target system was changed
resource = helper.findResource(account.getRealUid());
Assert.assertNotNull(resource);
Assert.assertNotEquals(IDENTITY_PASSWORD_ONE, resource.getPassword());
}
Aggregations