use of eu.bcvsolutions.idm.acc.dto.SysSystemMappingDto in project CzechIdMng by bcvsolutions.
the class AccountProtectionSystemTest method protectedIdentityDeleteTest.
/**
* On delete of the identity could deleted accounts in the protected mode too.
*/
@Test
public void protectedIdentityDeleteTest() {
IdmIdentityDto identity = helper.createIdentity();
SysSystemDto system = initSystem();
IdmRoleDto roleOne = roleService.getByCode(ROLE_ONE);
// Set system to protected mode
SysSystemMappingDto mapping = systemMappingService.findBySystem(system, SystemOperationType.PROVISIONING, SystemEntityType.IDENTITY).get(0);
mapping.setProtectionEnabled(Boolean.TRUE);
mapping.setProtectionInterval(null);
systemMappingService.save(mapping);
IdmIdentityRoleDto identityRole = helper.createIdentityRole(identity, roleOne);
AccAccountDto account = accountService.getAccount(identity.getUsername(), system.getId());
Assert.assertNotNull(account);
Assert.assertFalse(account.isInProtection());
TestResource createdAccount = helper.findResource(account.getUid());
Assert.assertNotNull(createdAccount);
// Remove role from identity
identityRoleService.deleteById(identityRole.getId());
AccIdentityAccountFilter identityAccountFilter = new AccIdentityAccountFilter();
identityAccountFilter.setAccountId(account.getId());
List<AccIdentityAccountDto> identityAccounts = identityAccountService.find(identityAccountFilter, null).getContent();
Assert.assertEquals(1, identityAccounts.size());
// On delete of the identity could deleted accounts in the protected mode too.
identityService.delete(identity);
// Identity have to be deleted
Assert.assertNull(identityService.get(identity.getId()));
// Force delete was used, so identity-account have to be deleted;
Assert.assertNull(identityAccountService.get(identityAccounts.get(0).getId()));
// Force delete does not delete the account. Account must exists and must be in
// the protection mode.
account = accountService.get(account.getId());
Assert.assertNotNull(account);
Assert.assertTrue(account.isInProtection());
}
use of eu.bcvsolutions.idm.acc.dto.SysSystemMappingDto in project CzechIdMng by bcvsolutions.
the class AccountProtectionSystemTest method forceIdentityDeleteAndRelinkOrphanAccountTest.
@Test
public void forceIdentityDeleteAndRelinkOrphanAccountTest() {
IdmIdentityDto identity = helper.createIdentity();
SysSystemDto system = initSystem();
IdmRoleDto roleOne = roleService.getByCode(ROLE_ONE);
// Set system to protected mode
SysSystemMappingDto mapping = systemMappingService.findBySystem(system, SystemOperationType.PROVISIONING, SystemEntityType.IDENTITY).get(0);
mapping.setProtectionEnabled(Boolean.TRUE);
mapping.setProtectionInterval(null);
systemMappingService.save(mapping);
helper.createIdentityRole(identity, roleOne);
AccAccountDto account = accountService.getAccount(identity.getUsername(), system.getId());
Assert.assertNotNull(account);
Assert.assertFalse(account.isInProtection());
TestResource createdAccount = helper.findResource(account.getUid());
Assert.assertNotNull(createdAccount);
Assert.assertEquals(identity.getFirstName(), createdAccount.getFirstname());
account = accountService.getAccount(identity.getUsername(), system.getId());
// Force delete of identity
identityService.delete(identity);
Assert.assertNull(identityService.get(identity.getId()));
// Orphan must exists
account = accountService.get(account.getId());
Assert.assertNotNull(account);
Assert.assertTrue(account.isInProtection());
Assert.assertNull(account.getEndOfProtection());
createdAccount = helper.findResource(account.getUid());
Assert.assertNotNull(createdAccount);
Assert.assertEquals(identity.getFirstName(), createdAccount.getFirstname());
// Create new identity with same username
identity = helper.createIdentity(identity.getUsername());
// Assign same role
helper.createIdentityRole(identity, roleOne);
// Same account must exist (same ID), but now must be not in protected mode.
account = accountService.get(account.getId());
Assert.assertNotNull(account);
Assert.assertFalse(account.isInProtection());
createdAccount = helper.findResource(account.getUid());
Assert.assertNotNull(createdAccount);
Assert.assertEquals(identity.getFirstName(), createdAccount.getFirstname());
}
use of eu.bcvsolutions.idm.acc.dto.SysSystemMappingDto in project CzechIdMng by bcvsolutions.
the class IdentityAccountManagementTest method overloadedAttributeChangePassword.
@Test(expected = ResultCodeException.class)
public void overloadedAttributeChangePassword() {
IdmIdentityDto identity = identityService.getByUsername(IDENTITY_USERNAME);
AccIdentityAccountFilter filter = new AccIdentityAccountFilter();
filter.setIdentityId(identity.getId());
filter.setSystemId(systemService.getByCode(SYSTEM_NAME).getId());
List<AccIdentityAccountDto> identityAccounts = identityAccountService.find(filter, PageRequest.of(0, 1, new Sort(Sort.Direction.ASC, AccIdentityAccount_.created.getName()))).getContent();
TestResource resourceAccount = helper.findResource("x" + IDENTITY_USERNAME);
// Create new password two
PasswordChangeDto passwordChange = new PasswordChangeDto();
passwordChange.setAccounts(ImmutableList.of(identityAccounts.get(0).getAccount().toString()));
passwordChange.setNewPassword(new GuardedString(IDENTITY_PASSWORD_TWO));
passwordChange.setIdm(true);
// Do change of password for selected accounts
identityService.passwordChange(identity, passwordChange);
// Check correct password two
resourceAccount = helper.findResource("x" + IDENTITY_USERNAME);
Assert.assertEquals("Check same password on target system", IDENTITY_PASSWORD_TWO, resourceAccount.getPassword());
// Add overloaded password attribute
IdmRoleDto rolePassword = roleService.getByCode(ROLE_OVERLOADING_PASSWORD);
SysSystemDto systemDto = systemService.getByCode(SYSTEM_NAME);
assertNotNull(systemDto);
SysRoleSystemFilter roleSystemFilter = new SysRoleSystemFilter();
roleSystemFilter.setRoleId(rolePassword.getId());
roleSystemFilter.setSystemId(systemDto.getId());
List<SysRoleSystemDto> roleSystems = roleSystemService.find(roleSystemFilter, null).getContent();
assertEquals(1, roleSystems.size());
SysRoleSystemDto roleSystemDto = roleSystems.get(0);
SysSystemMappingDto systemMapping = helper.getDefaultMapping(systemDto);
SysSystemAttributeMappingDto attributeHandlingPassword = schemaAttributeHandlingService.findBySystemMappingAndName(systemMapping.getId(), TestHelper.ATTRIBUTE_MAPPING_PASSWORD);
// Attribute for overloading last name attribute
SysRoleSystemAttributeDto attributePassword = new SysRoleSystemAttributeDto();
attributePassword.setEntityAttribute(true);
attributePassword.setIdmPropertyName("password");
attributePassword.setConfidentialAttribute(true);
attributePassword.setName("Overloaded password - add x");
attributePassword.setRoleSystem(roleSystemDto.getId());
attributePassword.setSystemAttributeMapping(attributeHandlingPassword.getId());
attributePassword.setTransformScript("return new " + GuardedString.class.getName() + "(\"x\"+attributeValue.asString());");
// Since 9.3.0 is not possible override password in role mapping exception will be thrown
attributePassword = roleSystemAttributeService.save(attributePassword);
}
use of eu.bcvsolutions.idm.acc.dto.SysSystemMappingDto in project CzechIdMng by bcvsolutions.
the class IdentityProvisioningTest method testIdentityState.
@Test
public void testIdentityState() {
SysSystemDto systemDto = helper.createTestResourceSystem(true);
SysSystemMappingDto defaultMapping = helper.getDefaultMapping(systemDto);
SysSchemaAttributeFilter schemaAttributeFilter = new SysSchemaAttributeFilter();
schemaAttributeFilter.setSystemId(systemDto.getId());
List<SysSchemaAttributeDto> schemaAttributes = schemaAttributeService.find(schemaAttributeFilter, null).getContent();
SysSchemaAttributeDto descriptionSchemaAttribute = schemaAttributes.stream().filter(attribute -> TestHelper.ATTRIBUTE_MAPPING_DESCRIPTION.equalsIgnoreCase(attribute.getName())).findFirst().get();
SysSystemAttributeMappingDto attributeMapping = new SysSystemAttributeMappingDto();
attributeMapping.setUid(false);
attributeMapping.setEntityAttribute(true);
attributeMapping.setIdmPropertyName(IdentityProvisioningExecutor.IDENTITY_STATE_IDM_NAME);
attributeMapping.setName(descriptionSchemaAttribute.getName());
attributeMapping.setSchemaAttribute(descriptionSchemaAttribute.getId());
attributeMapping.setSystemMapping(defaultMapping.getId());
attributeMapping = schemaAttributeMappingService.save(attributeMapping);
IdmRoleDto roleWithSystem = helper.createRole();
helper.createRoleSystem(roleWithSystem, systemDto);
IdmIdentityDto identity = helper.createIdentity();
helper.createIdentityRole(identity, roleWithSystem, null, null);
// the default state after identity creation
TestResource resource = helper.findResource(identity.getUsername());
assertNotNull(resource);
String valueOnResource = resource.getDescrip();
Assert.assertEquals(IdentityState.VALID.toString(), valueOnResource);
// the identity state is changed manually
identity.setState(IdentityState.DISABLED);
identityService.save(identity);
resource = helper.findResource(identity.getUsername());
assertNotNull(resource);
valueOnResource = resource.getDescrip();
Assert.assertEquals(IdentityState.DISABLED.toString(), valueOnResource);
// test transformation still works
attributeMapping.setTransformToResourceScript("return \"DELIBERATE_NONSENSE\";");
attributeMapping = schemaAttributeMappingService.save(attributeMapping);
identity.setState(IdentityState.LEFT);
identityService.save(identity);
resource = helper.findResource(identity.getUsername());
assertNotNull(resource);
valueOnResource = resource.getDescrip();
Assert.assertEquals("DELIBERATE_NONSENSE", valueOnResource);
}
use of eu.bcvsolutions.idm.acc.dto.SysSystemMappingDto in project CzechIdMng by bcvsolutions.
the class IdentityProvisioningTest method testUserType.
@Test
public void testUserType() {
SysSystemDto systemDto = helper.createTestResourceSystem(true);
SysSystemMappingDto defaultMapping = helper.getDefaultMapping(systemDto);
SysSchemaAttributeFilter schemaAttributeFilter = new SysSchemaAttributeFilter();
schemaAttributeFilter.setSystemId(systemDto.getId());
List<SysSchemaAttributeDto> schemaAttributes = schemaAttributeService.find(schemaAttributeFilter, null).getContent();
SysSchemaAttributeDto descriptionSchemaAttribute = schemaAttributes.stream().filter(attribute -> TestHelper.ATTRIBUTE_MAPPING_DESCRIPTION.equalsIgnoreCase(attribute.getName())).findFirst().get();
SysSystemAttributeMappingDto attributeAssignedRoles = new SysSystemAttributeMappingDto();
attributeAssignedRoles.setUid(false);
attributeAssignedRoles.setEntityAttribute(true);
attributeAssignedRoles.setIdmPropertyName(IdmIdentity_.formProjection.getName());
attributeAssignedRoles.setTransformToResourceScript("if(attributeValue != null) " + System.lineSeparator() + "{return attributeValue.getCode();}");
attributeAssignedRoles.setName(descriptionSchemaAttribute.getName());
attributeAssignedRoles.setSchemaAttribute(descriptionSchemaAttribute.getId());
attributeAssignedRoles.setSystemMapping(defaultMapping.getId());
schemaAttributeMappingService.save(attributeAssignedRoles);
IdmRoleDto roleWithSystem = helper.createRole();
helper.createRoleSystem(roleWithSystem, systemDto);
IdmIdentityDto identity = helper.createIdentity();
// Create projection
IdmFormProjectionDto projection = new IdmFormProjectionDto();
projection.setOwnerType(IdmIdentity.class.getCanonicalName());
projection.setCode(getHelper().createName());
projection.setDisabled(false);
projection = formProjectionService.save(projection);
// Set projection to the identity
identity.setFormProjection(projection.getId());
identity = identityService.save(identity);
// Execute provisioning
helper.createIdentityRole(identity, roleWithSystem, null, null);
TestResource resource = helper.findResource(identity.getUsername());
assertNotNull(resource);
String valueOnResource = resource.getDescrip();
// Code of the projection must be on target system.
assertEquals(projection.getCode(), valueOnResource);
// Delete projection.
formProjectionService.delete(projection);
}
Aggregations