Search in sources :

Example 26 with AccIdentityAccountFilter

use of eu.bcvsolutions.idm.acc.dto.filter.AccIdentityAccountFilter in project CzechIdMng by bcvsolutions.

the class AccountProtectionSystemTest method protectedIdentityDeleteTest.

/**
 * On delete of the identity could deleted accounts in the protected mode too.
 */
@Test
public void protectedIdentityDeleteTest() {
    IdmIdentityDto identity = helper.createIdentity();
    SysSystemDto system = initSystem();
    IdmRoleDto roleOne = roleService.getByCode(ROLE_ONE);
    // Set system to protected mode
    SysSystemMappingDto mapping = systemMappingService.findBySystem(system, SystemOperationType.PROVISIONING, SystemEntityType.IDENTITY).get(0);
    mapping.setProtectionEnabled(Boolean.TRUE);
    mapping.setProtectionInterval(null);
    systemMappingService.save(mapping);
    IdmIdentityRoleDto identityRole = helper.createIdentityRole(identity, roleOne);
    AccAccountDto account = accountService.getAccount(identity.getUsername(), system.getId());
    Assert.assertNotNull(account);
    Assert.assertFalse(account.isInProtection());
    TestResource createdAccount = helper.findResource(account.getUid());
    Assert.assertNotNull(createdAccount);
    // Remove role from identity
    identityRoleService.deleteById(identityRole.getId());
    AccIdentityAccountFilter identityAccountFilter = new AccIdentityAccountFilter();
    identityAccountFilter.setAccountId(account.getId());
    List<AccIdentityAccountDto> identityAccounts = identityAccountService.find(identityAccountFilter, null).getContent();
    Assert.assertEquals(1, identityAccounts.size());
    // On delete of the identity could deleted accounts in the protected mode too.
    identityService.delete(identity);
    // Identity have to be deleted
    Assert.assertNull(identityService.get(identity.getId()));
    // Force delete was used, so identity-account have to be deleted;
    Assert.assertNull(identityAccountService.get(identityAccounts.get(0).getId()));
    // Force delete does not delete the account. Account must exists and must be in
    // the protection mode.
    account = accountService.get(account.getId());
    Assert.assertNotNull(account);
    Assert.assertTrue(account.isInProtection());
}
Also used : IdmRoleDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleDto) AccIdentityAccountFilter(eu.bcvsolutions.idm.acc.dto.filter.AccIdentityAccountFilter) SysSystemMappingDto(eu.bcvsolutions.idm.acc.dto.SysSystemMappingDto) AccAccountDto(eu.bcvsolutions.idm.acc.dto.AccAccountDto) TestResource(eu.bcvsolutions.idm.acc.entity.TestResource) IdmIdentityDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityDto) IdmIdentityRoleDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityRoleDto) AccIdentityAccountDto(eu.bcvsolutions.idm.acc.dto.AccIdentityAccountDto) SysSystemDto(eu.bcvsolutions.idm.acc.dto.SysSystemDto) AbstractIntegrationTest(eu.bcvsolutions.idm.test.api.AbstractIntegrationTest) Test(org.junit.Test)

Example 27 with AccIdentityAccountFilter

use of eu.bcvsolutions.idm.acc.dto.filter.AccIdentityAccountFilter in project CzechIdMng by bcvsolutions.

the class IdentityAccountManagementTest method defaultAccountRemove.

@Test
public void defaultAccountRemove() {
    TestResource createdAccount = helper.findResource("x" + IDENTITY_USERNAME);
    Assert.assertNotNull("Idenitity have to exists on target system (before account will be delete)", createdAccount);
    AccAccountFilter accountFilter = new AccAccountFilter();
    accountFilter.setUid("x" + IDENTITY_USERNAME);
    Assert.assertEquals("Account needs to exist befor will be delete", 1, accountService.find(accountFilter, null).getContent().size());
    IdmIdentityDto identity = identityService.getByUsername(IDENTITY_USERNAME);
    IdmIdentityRoleFilter irfilter = new IdmIdentityRoleFilter();
    irfilter.setIdentityId(identity.getId());
    IdmIdentityRoleDto identityRoleToDelete = identityRoleService.find(irfilter, null).getContent().get(0);
    // This evokes IdentityRole DELETE event. On this event will be start
    // account management and provisioning
    identityRoleService.deleteById(identityRoleToDelete.getId());
    Assert.assertEquals("Account must not be after was deleted", 0, accountService.find(accountFilter, null).getContent().size());
    AccIdentityAccountFilter iaccFilter = new AccIdentityAccountFilter();
    iaccFilter.setIdentityId(identity.getId());
    Assert.assertEquals("Idenitity account have to not exists after account was deleted!", 0, identityAccountService.find(iaccFilter, null).getContent().size());
    createdAccount = helper.findResource("x" + IDENTITY_USERNAME);
    Assert.assertNull("Idenitity have to no exists on target system (after account was deleted)", createdAccount);
    // Reset value
    identity.setFirstName(IDENTITY_USERNAME);
    identityService.save(identity);
}
Also used : AccAccountFilter(eu.bcvsolutions.idm.acc.dto.filter.AccAccountFilter) AccIdentityAccountFilter(eu.bcvsolutions.idm.acc.dto.filter.AccIdentityAccountFilter) TestResource(eu.bcvsolutions.idm.acc.entity.TestResource) IdmIdentityDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityDto) IdmIdentityRoleFilter(eu.bcvsolutions.idm.core.api.dto.filter.IdmIdentityRoleFilter) IdmIdentityRoleDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityRoleDto) AbstractIntegrationTest(eu.bcvsolutions.idm.test.api.AbstractIntegrationTest) Test(org.junit.Test)

Example 28 with AccIdentityAccountFilter

use of eu.bcvsolutions.idm.acc.dto.filter.AccIdentityAccountFilter in project CzechIdMng by bcvsolutions.

the class IdentityAccountManagementTest method overloadedAttributeAdd_A_LastNameRole.

@Test
public void overloadedAttributeAdd_A_LastNameRole() {
    IdmIdentityDto identity = identityService.getByUsername(IDENTITY_USERNAME);
    IdmRoleDto roleLastName = roleService.getByCode(ROLE_OVERLOADING_LAST_NAME);
    Assert.assertNull("No account for this identity can be found, before account management start!", helper.findResource("x" + IDENTITY_USERNAME));
    IdmIdentityRoleDto irdto = new IdmIdentityRoleDto();
    irdto.setIdentityContract(identityContractService.findAllByIdentity(identity.getId()).get(0).getId());
    irdto.setRole(roleLastName.getId());
    // This evokes IdentityRole SAVE event. On this event will be start
    // account management and provisioning
    IdmIdentityRoleDto irCreated = identityRoleService.save(irdto);
    AccIdentityAccountFilter iaccFilter = new AccIdentityAccountFilter();
    iaccFilter.setIdentityId(identity.getId());
    iaccFilter.setIdentityRoleId(irCreated.getId());
    AccIdentityAccountDto identityAccount = identityAccountService.find(iaccFilter, null).getContent().get(0);
    Assert.assertNotNull("Idenitity account have to exists after account management was started!", identityAccount);
    Assert.assertNotNull("Account have to exists after account management was started!", identityAccount.getAccount());
    Assert.assertEquals(accountService.get(identityAccount.getAccount()).getUid(), "x" + IDENTITY_USERNAME);
    TestResource createdAccount = helper.findResource("x" + IDENTITY_USERNAME);
    Assert.assertNotNull("Idenitity have to exists on target system (after account management)", createdAccount);
    Assert.assertEquals("Last name on target system must be equals with email on identity (we use overloded attribute)", identity.getEmail(), createdAccount.getLastname());
}
Also used : IdmRoleDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleDto) AccIdentityAccountFilter(eu.bcvsolutions.idm.acc.dto.filter.AccIdentityAccountFilter) TestResource(eu.bcvsolutions.idm.acc.entity.TestResource) IdmIdentityDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityDto) IdmIdentityRoleDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityRoleDto) AccIdentityAccountDto(eu.bcvsolutions.idm.acc.dto.AccIdentityAccountDto) AbstractIntegrationTest(eu.bcvsolutions.idm.test.api.AbstractIntegrationTest) Test(org.junit.Test)

Example 29 with AccIdentityAccountFilter

use of eu.bcvsolutions.idm.acc.dto.filter.AccIdentityAccountFilter in project CzechIdMng by bcvsolutions.

the class IdentityAccountManagementTest method defaultAccountAddInvalid.

@Test
public /**
 * Add invalid identity role. Account cannot be created.
 */
void defaultAccountAddInvalid() {
    initData();
    IdmIdentityDto identity = identityService.getByUsername(IDENTITY_USERNAME);
    IdmRoleDto roleDefault = roleService.getByCode(ROLE_DEFAULT);
    Assert.assertNull("No account for this identity can be found, before account management start!", helper.findResource("x" + IDENTITY_USERNAME));
    IdmIdentityRoleDto irdto = new IdmIdentityRoleDto();
    irdto.setIdentityContract(identityContractService.findAllByIdentity(identity.getId()).get(0).getId());
    irdto.setRole(roleDefault.getId());
    // Set valid from to future
    irdto.setValidFrom(LocalDate.now().plusDays(1));
    // This evokes IdentityRole SAVE event. On this event will be start
    // account management and provisioning
    irdto = identityRoleService.save(irdto);
    AccIdentityAccountFilter iaccFilter = new AccIdentityAccountFilter();
    iaccFilter.setIdentityId(identity.getId());
    iaccFilter.setIdentityRoleId(irdto.getId());
    List<AccIdentityAccountDto> identityAccounts = identityAccountService.find(iaccFilter, null).getContent();
    // Identity-account have to not exists after account management was started (INVALID identityRole was added)!
    Assert.assertEquals(0, identityAccounts.size());
    // Set valid from to null - Account must be created
    irdto.setValidFrom(null);
    // This evokes IdentityRole SAVE event. On this event will be start
    // account management and provisioning
    irdto = identityRoleService.save(irdto);
    identityAccounts = identityAccountService.find(iaccFilter, null).getContent();
    Assert.assertEquals(1, identityAccounts.size());
    AccIdentityAccountDto identityAccount = identityAccounts.get(0);
    Assert.assertNotNull("Idenitity account have to exists after account management was started!", identityAccount);
    Assert.assertNotNull("Account have to exists after account management was started!", identityAccount.getAccount());
    Assert.assertEquals(accountService.get(identityAccount.getAccount()).getUid(), "x" + IDENTITY_USERNAME);
    TestResource createdAccount = helper.findResource("x" + IDENTITY_USERNAME);
    Assert.assertNotNull("Idenitity have to exists on target system (after account management)", createdAccount);
    Assert.assertEquals(identity.getFirstName(), createdAccount.getFirstname());
    // Set valid till as expired
    irdto.setValidTill(LocalDate.now().minusDays(1));
    // This evokes IdentityRole SAVE event. On this event will be start
    // account management and provisioning
    irdto = identityRoleService.save(irdto);
    identityAccounts = identityAccountService.find(iaccFilter, null).getContent();
    // Identity-account have to not exists after account management was started (INVALID identityRole was added)!
    Assert.assertEquals(0, identityAccounts.size());
    // Clean identity role
    identityRoleService.delete(irdto);
}
Also used : IdmRoleDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleDto) AccIdentityAccountFilter(eu.bcvsolutions.idm.acc.dto.filter.AccIdentityAccountFilter) TestResource(eu.bcvsolutions.idm.acc.entity.TestResource) IdmIdentityDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityDto) IdmIdentityRoleDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityRoleDto) AccIdentityAccountDto(eu.bcvsolutions.idm.acc.dto.AccIdentityAccountDto) AbstractIntegrationTest(eu.bcvsolutions.idm.test.api.AbstractIntegrationTest) Test(org.junit.Test)

Example 30 with AccIdentityAccountFilter

use of eu.bcvsolutions.idm.acc.dto.filter.AccIdentityAccountFilter in project CzechIdMng by bcvsolutions.

the class IdentityAccountManagementTest method overloadedAttributeChangePassword.

@Test(expected = ResultCodeException.class)
public void overloadedAttributeChangePassword() {
    IdmIdentityDto identity = identityService.getByUsername(IDENTITY_USERNAME);
    AccIdentityAccountFilter filter = new AccIdentityAccountFilter();
    filter.setIdentityId(identity.getId());
    filter.setSystemId(systemService.getByCode(SYSTEM_NAME).getId());
    List<AccIdentityAccountDto> identityAccounts = identityAccountService.find(filter, PageRequest.of(0, 1, new Sort(Sort.Direction.ASC, AccIdentityAccount_.created.getName()))).getContent();
    TestResource resourceAccount = helper.findResource("x" + IDENTITY_USERNAME);
    // Create new password two
    PasswordChangeDto passwordChange = new PasswordChangeDto();
    passwordChange.setAccounts(ImmutableList.of(identityAccounts.get(0).getAccount().toString()));
    passwordChange.setNewPassword(new GuardedString(IDENTITY_PASSWORD_TWO));
    passwordChange.setIdm(true);
    // Do change of password for selected accounts
    identityService.passwordChange(identity, passwordChange);
    // Check correct password two
    resourceAccount = helper.findResource("x" + IDENTITY_USERNAME);
    Assert.assertEquals("Check same password on target system", IDENTITY_PASSWORD_TWO, resourceAccount.getPassword());
    // Add overloaded password attribute
    IdmRoleDto rolePassword = roleService.getByCode(ROLE_OVERLOADING_PASSWORD);
    SysSystemDto systemDto = systemService.getByCode(SYSTEM_NAME);
    assertNotNull(systemDto);
    SysRoleSystemFilter roleSystemFilter = new SysRoleSystemFilter();
    roleSystemFilter.setRoleId(rolePassword.getId());
    roleSystemFilter.setSystemId(systemDto.getId());
    List<SysRoleSystemDto> roleSystems = roleSystemService.find(roleSystemFilter, null).getContent();
    assertEquals(1, roleSystems.size());
    SysRoleSystemDto roleSystemDto = roleSystems.get(0);
    SysSystemMappingDto systemMapping = helper.getDefaultMapping(systemDto);
    SysSystemAttributeMappingDto attributeHandlingPassword = schemaAttributeHandlingService.findBySystemMappingAndName(systemMapping.getId(), TestHelper.ATTRIBUTE_MAPPING_PASSWORD);
    // Attribute for overloading last name attribute
    SysRoleSystemAttributeDto attributePassword = new SysRoleSystemAttributeDto();
    attributePassword.setEntityAttribute(true);
    attributePassword.setIdmPropertyName("password");
    attributePassword.setConfidentialAttribute(true);
    attributePassword.setName("Overloaded password - add x");
    attributePassword.setRoleSystem(roleSystemDto.getId());
    attributePassword.setSystemAttributeMapping(attributeHandlingPassword.getId());
    attributePassword.setTransformScript("return new " + GuardedString.class.getName() + "(\"x\"+attributeValue.asString());");
    // Since 9.3.0 is not possible override password in role mapping exception will be thrown
    attributePassword = roleSystemAttributeService.save(attributePassword);
}
Also used : IdmRoleDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleDto) PasswordChangeDto(eu.bcvsolutions.idm.core.api.dto.PasswordChangeDto) SysSystemAttributeMappingDto(eu.bcvsolutions.idm.acc.dto.SysSystemAttributeMappingDto) SysSystemMappingDto(eu.bcvsolutions.idm.acc.dto.SysSystemMappingDto) TestResource(eu.bcvsolutions.idm.acc.entity.TestResource) GuardedString(eu.bcvsolutions.idm.core.security.api.domain.GuardedString) AccIdentityAccountDto(eu.bcvsolutions.idm.acc.dto.AccIdentityAccountDto) SysSystemDto(eu.bcvsolutions.idm.acc.dto.SysSystemDto) SysRoleSystemAttributeDto(eu.bcvsolutions.idm.acc.dto.SysRoleSystemAttributeDto) SysRoleSystemFilter(eu.bcvsolutions.idm.acc.dto.filter.SysRoleSystemFilter) AccIdentityAccountFilter(eu.bcvsolutions.idm.acc.dto.filter.AccIdentityAccountFilter) Sort(org.springframework.data.domain.Sort) SysRoleSystemDto(eu.bcvsolutions.idm.acc.dto.SysRoleSystemDto) IdmIdentityDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityDto) AbstractIntegrationTest(eu.bcvsolutions.idm.test.api.AbstractIntegrationTest) Test(org.junit.Test)

Aggregations

AccIdentityAccountFilter (eu.bcvsolutions.idm.acc.dto.filter.AccIdentityAccountFilter)114 IdmIdentityDto (eu.bcvsolutions.idm.core.api.dto.IdmIdentityDto)96 AccIdentityAccountDto (eu.bcvsolutions.idm.acc.dto.AccIdentityAccountDto)94 Test (org.junit.Test)86 AbstractIntegrationTest (eu.bcvsolutions.idm.test.api.AbstractIntegrationTest)85 IdmRoleDto (eu.bcvsolutions.idm.core.api.dto.IdmRoleDto)67 SysSystemDto (eu.bcvsolutions.idm.acc.dto.SysSystemDto)55 IdmIdentityRoleDto (eu.bcvsolutions.idm.core.api.dto.IdmIdentityRoleDto)44 IdmIdentityContractDto (eu.bcvsolutions.idm.core.api.dto.IdmIdentityContractDto)40 TestResource (eu.bcvsolutions.idm.acc.entity.TestResource)32 SysSystemAttributeMappingDto (eu.bcvsolutions.idm.acc.dto.SysSystemAttributeMappingDto)31 SysSystemMappingDto (eu.bcvsolutions.idm.acc.dto.SysSystemMappingDto)30 IdmRoleRequestDto (eu.bcvsolutions.idm.core.api.dto.IdmRoleRequestDto)29 SysRoleSystemDto (eu.bcvsolutions.idm.acc.dto.SysRoleSystemDto)26 SysSystemAttributeMappingFilter (eu.bcvsolutions.idm.acc.dto.filter.SysSystemAttributeMappingFilter)26 AccAccountDto (eu.bcvsolutions.idm.acc.dto.AccAccountDto)24 UUID (java.util.UUID)24 IdmIdentityRoleFilter (eu.bcvsolutions.idm.core.api.dto.filter.IdmIdentityRoleFilter)22 AccIdentityAccountService (eu.bcvsolutions.idm.acc.service.api.AccIdentityAccountService)18 Autowired (org.springframework.beans.factory.annotation.Autowired)18