Search in sources :

Example 86 with SysSystemMappingDto

use of eu.bcvsolutions.idm.acc.dto.SysSystemMappingDto in project CzechIdMng by bcvsolutions.

the class AccountProtectionSystemTest method protectedIdentityDeleteTest.

/**
 * On delete of the identity could deleted accounts in the protected mode too.
 */
@Test
public void protectedIdentityDeleteTest() {
    IdmIdentityDto identity = helper.createIdentity();
    SysSystemDto system = initSystem();
    IdmRoleDto roleOne = roleService.getByCode(ROLE_ONE);
    // Set system to protected mode
    SysSystemMappingDto mapping = systemMappingService.findBySystem(system, SystemOperationType.PROVISIONING, SystemEntityType.IDENTITY).get(0);
    mapping.setProtectionEnabled(Boolean.TRUE);
    mapping.setProtectionInterval(null);
    systemMappingService.save(mapping);
    IdmIdentityRoleDto identityRole = helper.createIdentityRole(identity, roleOne);
    AccAccountDto account = accountService.getAccount(identity.getUsername(), system.getId());
    Assert.assertNotNull(account);
    Assert.assertFalse(account.isInProtection());
    TestResource createdAccount = helper.findResource(account.getUid());
    Assert.assertNotNull(createdAccount);
    // Remove role from identity
    identityRoleService.deleteById(identityRole.getId());
    AccIdentityAccountFilter identityAccountFilter = new AccIdentityAccountFilter();
    identityAccountFilter.setAccountId(account.getId());
    List<AccIdentityAccountDto> identityAccounts = identityAccountService.find(identityAccountFilter, null).getContent();
    Assert.assertEquals(1, identityAccounts.size());
    // On delete of the identity could deleted accounts in the protected mode too.
    identityService.delete(identity);
    // Identity have to be deleted
    Assert.assertNull(identityService.get(identity.getId()));
    // Force delete was used, so identity-account have to be deleted;
    Assert.assertNull(identityAccountService.get(identityAccounts.get(0).getId()));
    // Force delete does not delete the account. Account must exists and must be in
    // the protection mode.
    account = accountService.get(account.getId());
    Assert.assertNotNull(account);
    Assert.assertTrue(account.isInProtection());
}
Also used : IdmRoleDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleDto) AccIdentityAccountFilter(eu.bcvsolutions.idm.acc.dto.filter.AccIdentityAccountFilter) SysSystemMappingDto(eu.bcvsolutions.idm.acc.dto.SysSystemMappingDto) AccAccountDto(eu.bcvsolutions.idm.acc.dto.AccAccountDto) TestResource(eu.bcvsolutions.idm.acc.entity.TestResource) IdmIdentityDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityDto) IdmIdentityRoleDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityRoleDto) AccIdentityAccountDto(eu.bcvsolutions.idm.acc.dto.AccIdentityAccountDto) SysSystemDto(eu.bcvsolutions.idm.acc.dto.SysSystemDto) AbstractIntegrationTest(eu.bcvsolutions.idm.test.api.AbstractIntegrationTest) Test(org.junit.Test)

Example 87 with SysSystemMappingDto

use of eu.bcvsolutions.idm.acc.dto.SysSystemMappingDto in project CzechIdMng by bcvsolutions.

the class AccountProtectionSystemTest method forceIdentityDeleteAndRelinkOrphanAccountTest.

@Test
public void forceIdentityDeleteAndRelinkOrphanAccountTest() {
    IdmIdentityDto identity = helper.createIdentity();
    SysSystemDto system = initSystem();
    IdmRoleDto roleOne = roleService.getByCode(ROLE_ONE);
    // Set system to protected mode
    SysSystemMappingDto mapping = systemMappingService.findBySystem(system, SystemOperationType.PROVISIONING, SystemEntityType.IDENTITY).get(0);
    mapping.setProtectionEnabled(Boolean.TRUE);
    mapping.setProtectionInterval(null);
    systemMappingService.save(mapping);
    helper.createIdentityRole(identity, roleOne);
    AccAccountDto account = accountService.getAccount(identity.getUsername(), system.getId());
    Assert.assertNotNull(account);
    Assert.assertFalse(account.isInProtection());
    TestResource createdAccount = helper.findResource(account.getUid());
    Assert.assertNotNull(createdAccount);
    Assert.assertEquals(identity.getFirstName(), createdAccount.getFirstname());
    account = accountService.getAccount(identity.getUsername(), system.getId());
    // Force delete of identity
    identityService.delete(identity);
    Assert.assertNull(identityService.get(identity.getId()));
    // Orphan must exists
    account = accountService.get(account.getId());
    Assert.assertNotNull(account);
    Assert.assertTrue(account.isInProtection());
    Assert.assertNull(account.getEndOfProtection());
    createdAccount = helper.findResource(account.getUid());
    Assert.assertNotNull(createdAccount);
    Assert.assertEquals(identity.getFirstName(), createdAccount.getFirstname());
    // Create new identity with same username
    identity = helper.createIdentity(identity.getUsername());
    // Assign same role
    helper.createIdentityRole(identity, roleOne);
    // Same account must exist (same ID), but now must be not in protected mode.
    account = accountService.get(account.getId());
    Assert.assertNotNull(account);
    Assert.assertFalse(account.isInProtection());
    createdAccount = helper.findResource(account.getUid());
    Assert.assertNotNull(createdAccount);
    Assert.assertEquals(identity.getFirstName(), createdAccount.getFirstname());
}
Also used : IdmRoleDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleDto) SysSystemMappingDto(eu.bcvsolutions.idm.acc.dto.SysSystemMappingDto) AccAccountDto(eu.bcvsolutions.idm.acc.dto.AccAccountDto) TestResource(eu.bcvsolutions.idm.acc.entity.TestResource) IdmIdentityDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityDto) SysSystemDto(eu.bcvsolutions.idm.acc.dto.SysSystemDto) AbstractIntegrationTest(eu.bcvsolutions.idm.test.api.AbstractIntegrationTest) Test(org.junit.Test)

Example 88 with SysSystemMappingDto

use of eu.bcvsolutions.idm.acc.dto.SysSystemMappingDto in project CzechIdMng by bcvsolutions.

the class IdentityAccountManagementTest method overloadedAttributeChangePassword.

@Test(expected = ResultCodeException.class)
public void overloadedAttributeChangePassword() {
    IdmIdentityDto identity = identityService.getByUsername(IDENTITY_USERNAME);
    AccIdentityAccountFilter filter = new AccIdentityAccountFilter();
    filter.setIdentityId(identity.getId());
    filter.setSystemId(systemService.getByCode(SYSTEM_NAME).getId());
    List<AccIdentityAccountDto> identityAccounts = identityAccountService.find(filter, PageRequest.of(0, 1, new Sort(Sort.Direction.ASC, AccIdentityAccount_.created.getName()))).getContent();
    TestResource resourceAccount = helper.findResource("x" + IDENTITY_USERNAME);
    // Create new password two
    PasswordChangeDto passwordChange = new PasswordChangeDto();
    passwordChange.setAccounts(ImmutableList.of(identityAccounts.get(0).getAccount().toString()));
    passwordChange.setNewPassword(new GuardedString(IDENTITY_PASSWORD_TWO));
    passwordChange.setIdm(true);
    // Do change of password for selected accounts
    identityService.passwordChange(identity, passwordChange);
    // Check correct password two
    resourceAccount = helper.findResource("x" + IDENTITY_USERNAME);
    Assert.assertEquals("Check same password on target system", IDENTITY_PASSWORD_TWO, resourceAccount.getPassword());
    // Add overloaded password attribute
    IdmRoleDto rolePassword = roleService.getByCode(ROLE_OVERLOADING_PASSWORD);
    SysSystemDto systemDto = systemService.getByCode(SYSTEM_NAME);
    assertNotNull(systemDto);
    SysRoleSystemFilter roleSystemFilter = new SysRoleSystemFilter();
    roleSystemFilter.setRoleId(rolePassword.getId());
    roleSystemFilter.setSystemId(systemDto.getId());
    List<SysRoleSystemDto> roleSystems = roleSystemService.find(roleSystemFilter, null).getContent();
    assertEquals(1, roleSystems.size());
    SysRoleSystemDto roleSystemDto = roleSystems.get(0);
    SysSystemMappingDto systemMapping = helper.getDefaultMapping(systemDto);
    SysSystemAttributeMappingDto attributeHandlingPassword = schemaAttributeHandlingService.findBySystemMappingAndName(systemMapping.getId(), TestHelper.ATTRIBUTE_MAPPING_PASSWORD);
    // Attribute for overloading last name attribute
    SysRoleSystemAttributeDto attributePassword = new SysRoleSystemAttributeDto();
    attributePassword.setEntityAttribute(true);
    attributePassword.setIdmPropertyName("password");
    attributePassword.setConfidentialAttribute(true);
    attributePassword.setName("Overloaded password - add x");
    attributePassword.setRoleSystem(roleSystemDto.getId());
    attributePassword.setSystemAttributeMapping(attributeHandlingPassword.getId());
    attributePassword.setTransformScript("return new " + GuardedString.class.getName() + "(\"x\"+attributeValue.asString());");
    // Since 9.3.0 is not possible override password in role mapping exception will be thrown
    attributePassword = roleSystemAttributeService.save(attributePassword);
}
Also used : IdmRoleDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleDto) PasswordChangeDto(eu.bcvsolutions.idm.core.api.dto.PasswordChangeDto) SysSystemAttributeMappingDto(eu.bcvsolutions.idm.acc.dto.SysSystemAttributeMappingDto) SysSystemMappingDto(eu.bcvsolutions.idm.acc.dto.SysSystemMappingDto) TestResource(eu.bcvsolutions.idm.acc.entity.TestResource) GuardedString(eu.bcvsolutions.idm.core.security.api.domain.GuardedString) AccIdentityAccountDto(eu.bcvsolutions.idm.acc.dto.AccIdentityAccountDto) SysSystemDto(eu.bcvsolutions.idm.acc.dto.SysSystemDto) SysRoleSystemAttributeDto(eu.bcvsolutions.idm.acc.dto.SysRoleSystemAttributeDto) SysRoleSystemFilter(eu.bcvsolutions.idm.acc.dto.filter.SysRoleSystemFilter) AccIdentityAccountFilter(eu.bcvsolutions.idm.acc.dto.filter.AccIdentityAccountFilter) Sort(org.springframework.data.domain.Sort) SysRoleSystemDto(eu.bcvsolutions.idm.acc.dto.SysRoleSystemDto) IdmIdentityDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityDto) AbstractIntegrationTest(eu.bcvsolutions.idm.test.api.AbstractIntegrationTest) Test(org.junit.Test)

Example 89 with SysSystemMappingDto

use of eu.bcvsolutions.idm.acc.dto.SysSystemMappingDto in project CzechIdMng by bcvsolutions.

the class IdentityProvisioningTest method testIdentityState.

@Test
public void testIdentityState() {
    SysSystemDto systemDto = helper.createTestResourceSystem(true);
    SysSystemMappingDto defaultMapping = helper.getDefaultMapping(systemDto);
    SysSchemaAttributeFilter schemaAttributeFilter = new SysSchemaAttributeFilter();
    schemaAttributeFilter.setSystemId(systemDto.getId());
    List<SysSchemaAttributeDto> schemaAttributes = schemaAttributeService.find(schemaAttributeFilter, null).getContent();
    SysSchemaAttributeDto descriptionSchemaAttribute = schemaAttributes.stream().filter(attribute -> TestHelper.ATTRIBUTE_MAPPING_DESCRIPTION.equalsIgnoreCase(attribute.getName())).findFirst().get();
    SysSystemAttributeMappingDto attributeMapping = new SysSystemAttributeMappingDto();
    attributeMapping.setUid(false);
    attributeMapping.setEntityAttribute(true);
    attributeMapping.setIdmPropertyName(IdentityProvisioningExecutor.IDENTITY_STATE_IDM_NAME);
    attributeMapping.setName(descriptionSchemaAttribute.getName());
    attributeMapping.setSchemaAttribute(descriptionSchemaAttribute.getId());
    attributeMapping.setSystemMapping(defaultMapping.getId());
    attributeMapping = schemaAttributeMappingService.save(attributeMapping);
    IdmRoleDto roleWithSystem = helper.createRole();
    helper.createRoleSystem(roleWithSystem, systemDto);
    IdmIdentityDto identity = helper.createIdentity();
    helper.createIdentityRole(identity, roleWithSystem, null, null);
    // the default state after identity creation
    TestResource resource = helper.findResource(identity.getUsername());
    assertNotNull(resource);
    String valueOnResource = resource.getDescrip();
    Assert.assertEquals(IdentityState.VALID.toString(), valueOnResource);
    // the identity state is changed manually
    identity.setState(IdentityState.DISABLED);
    identityService.save(identity);
    resource = helper.findResource(identity.getUsername());
    assertNotNull(resource);
    valueOnResource = resource.getDescrip();
    Assert.assertEquals(IdentityState.DISABLED.toString(), valueOnResource);
    // test transformation still works
    attributeMapping.setTransformToResourceScript("return \"DELIBERATE_NONSENSE\";");
    attributeMapping = schemaAttributeMappingService.save(attributeMapping);
    identity.setState(IdentityState.LEFT);
    identityService.save(identity);
    resource = helper.findResource(identity.getUsername());
    assertNotNull(resource);
    valueOnResource = resource.getDescrip();
    Assert.assertEquals("DELIBERATE_NONSENSE", valueOnResource);
}
Also used : IdmRoleDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleDto) SysSchemaAttributeDto(eu.bcvsolutions.idm.acc.dto.SysSchemaAttributeDto) SysSystemAttributeMappingDto(eu.bcvsolutions.idm.acc.dto.SysSystemAttributeMappingDto) SysSchemaAttributeFilter(eu.bcvsolutions.idm.acc.dto.filter.SysSchemaAttributeFilter) SysSystemMappingDto(eu.bcvsolutions.idm.acc.dto.SysSystemMappingDto) TestResource(eu.bcvsolutions.idm.acc.entity.TestResource) IdmIdentityDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityDto) SysSystemDto(eu.bcvsolutions.idm.acc.dto.SysSystemDto) AbstractIntegrationTest(eu.bcvsolutions.idm.test.api.AbstractIntegrationTest) Test(org.junit.Test)

Example 90 with SysSystemMappingDto

use of eu.bcvsolutions.idm.acc.dto.SysSystemMappingDto in project CzechIdMng by bcvsolutions.

the class IdentityProvisioningTest method testUserType.

@Test
public void testUserType() {
    SysSystemDto systemDto = helper.createTestResourceSystem(true);
    SysSystemMappingDto defaultMapping = helper.getDefaultMapping(systemDto);
    SysSchemaAttributeFilter schemaAttributeFilter = new SysSchemaAttributeFilter();
    schemaAttributeFilter.setSystemId(systemDto.getId());
    List<SysSchemaAttributeDto> schemaAttributes = schemaAttributeService.find(schemaAttributeFilter, null).getContent();
    SysSchemaAttributeDto descriptionSchemaAttribute = schemaAttributes.stream().filter(attribute -> TestHelper.ATTRIBUTE_MAPPING_DESCRIPTION.equalsIgnoreCase(attribute.getName())).findFirst().get();
    SysSystemAttributeMappingDto attributeAssignedRoles = new SysSystemAttributeMappingDto();
    attributeAssignedRoles.setUid(false);
    attributeAssignedRoles.setEntityAttribute(true);
    attributeAssignedRoles.setIdmPropertyName(IdmIdentity_.formProjection.getName());
    attributeAssignedRoles.setTransformToResourceScript("if(attributeValue != null) " + System.lineSeparator() + "{return attributeValue.getCode();}");
    attributeAssignedRoles.setName(descriptionSchemaAttribute.getName());
    attributeAssignedRoles.setSchemaAttribute(descriptionSchemaAttribute.getId());
    attributeAssignedRoles.setSystemMapping(defaultMapping.getId());
    schemaAttributeMappingService.save(attributeAssignedRoles);
    IdmRoleDto roleWithSystem = helper.createRole();
    helper.createRoleSystem(roleWithSystem, systemDto);
    IdmIdentityDto identity = helper.createIdentity();
    // Create projection
    IdmFormProjectionDto projection = new IdmFormProjectionDto();
    projection.setOwnerType(IdmIdentity.class.getCanonicalName());
    projection.setCode(getHelper().createName());
    projection.setDisabled(false);
    projection = formProjectionService.save(projection);
    // Set projection to the identity
    identity.setFormProjection(projection.getId());
    identity = identityService.save(identity);
    // Execute provisioning
    helper.createIdentityRole(identity, roleWithSystem, null, null);
    TestResource resource = helper.findResource(identity.getUsername());
    assertNotNull(resource);
    String valueOnResource = resource.getDescrip();
    // Code of the projection must be on target system.
    assertEquals(projection.getCode(), valueOnResource);
    // Delete projection.
    formProjectionService.delete(projection);
}
Also used : IdmFormProjectionDto(eu.bcvsolutions.idm.core.eav.api.dto.IdmFormProjectionDto) IdmRoleDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleDto) SysSchemaAttributeDto(eu.bcvsolutions.idm.acc.dto.SysSchemaAttributeDto) SysSystemAttributeMappingDto(eu.bcvsolutions.idm.acc.dto.SysSystemAttributeMappingDto) SysSchemaAttributeFilter(eu.bcvsolutions.idm.acc.dto.filter.SysSchemaAttributeFilter) SysSystemMappingDto(eu.bcvsolutions.idm.acc.dto.SysSystemMappingDto) TestResource(eu.bcvsolutions.idm.acc.entity.TestResource) IdmIdentityDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityDto) IdmIdentity(eu.bcvsolutions.idm.core.model.entity.IdmIdentity) SysSystemDto(eu.bcvsolutions.idm.acc.dto.SysSystemDto) AbstractIntegrationTest(eu.bcvsolutions.idm.test.api.AbstractIntegrationTest) Test(org.junit.Test)

Aggregations

SysSystemMappingDto (eu.bcvsolutions.idm.acc.dto.SysSystemMappingDto)359 SysSystemDto (eu.bcvsolutions.idm.acc.dto.SysSystemDto)269 Test (org.junit.Test)208 AbstractIntegrationTest (eu.bcvsolutions.idm.test.api.AbstractIntegrationTest)180 SysSystemAttributeMappingDto (eu.bcvsolutions.idm.acc.dto.SysSystemAttributeMappingDto)172 SysSchemaObjectClassDto (eu.bcvsolutions.idm.acc.dto.SysSchemaObjectClassDto)134 IdmRoleDto (eu.bcvsolutions.idm.core.api.dto.IdmRoleDto)106 SysSystemAttributeMappingFilter (eu.bcvsolutions.idm.acc.dto.filter.SysSystemAttributeMappingFilter)95 SysSchemaAttributeDto (eu.bcvsolutions.idm.acc.dto.SysSchemaAttributeDto)90 SysSystemMappingFilter (eu.bcvsolutions.idm.acc.dto.filter.SysSystemMappingFilter)89 IdmIdentityDto (eu.bcvsolutions.idm.core.api.dto.IdmIdentityDto)80 AbstractSysSyncConfigDto (eu.bcvsolutions.idm.acc.dto.AbstractSysSyncConfigDto)70 UUID (java.util.UUID)60 SysSchemaAttributeFilter (eu.bcvsolutions.idm.acc.dto.filter.SysSchemaAttributeFilter)58 SysRoleSystemDto (eu.bcvsolutions.idm.acc.dto.SysRoleSystemDto)56 SysSyncConfigFilter (eu.bcvsolutions.idm.acc.dto.filter.SysSyncConfigFilter)42 SystemEntityType (eu.bcvsolutions.idm.acc.domain.SystemEntityType)38 TestResource (eu.bcvsolutions.idm.acc.entity.TestResource)38 AccAccountDto (eu.bcvsolutions.idm.acc.dto.AccAccountDto)36 SysRoleSystemAttributeDto (eu.bcvsolutions.idm.acc.dto.SysRoleSystemAttributeDto)36