use of eu.bcvsolutions.idm.acc.dto.filter.AccIdentityAccountFilter in project CzechIdMng by bcvsolutions.
the class AccountProtectionSystemTest method protectedIdentityDeleteTest.
/**
* On delete of the identity could deleted accounts in the protected mode too.
*/
@Test
public void protectedIdentityDeleteTest() {
IdmIdentityDto identity = helper.createIdentity();
SysSystemDto system = initSystem();
IdmRoleDto roleOne = roleService.getByCode(ROLE_ONE);
// Set system to protected mode
SysSystemMappingDto mapping = systemMappingService.findBySystem(system, SystemOperationType.PROVISIONING, SystemEntityType.IDENTITY).get(0);
mapping.setProtectionEnabled(Boolean.TRUE);
mapping.setProtectionInterval(null);
systemMappingService.save(mapping);
IdmIdentityRoleDto identityRole = helper.createIdentityRole(identity, roleOne);
AccAccountDto account = accountService.getAccount(identity.getUsername(), system.getId());
Assert.assertNotNull(account);
Assert.assertFalse(account.isInProtection());
TestResource createdAccount = helper.findResource(account.getUid());
Assert.assertNotNull(createdAccount);
// Remove role from identity
identityRoleService.deleteById(identityRole.getId());
AccIdentityAccountFilter identityAccountFilter = new AccIdentityAccountFilter();
identityAccountFilter.setAccountId(account.getId());
List<AccIdentityAccountDto> identityAccounts = identityAccountService.find(identityAccountFilter, null).getContent();
Assert.assertEquals(1, identityAccounts.size());
// On delete of the identity could deleted accounts in the protected mode too.
identityService.delete(identity);
// Identity have to be deleted
Assert.assertNull(identityService.get(identity.getId()));
// Force delete was used, so identity-account have to be deleted;
Assert.assertNull(identityAccountService.get(identityAccounts.get(0).getId()));
// Force delete does not delete the account. Account must exists and must be in
// the protection mode.
account = accountService.get(account.getId());
Assert.assertNotNull(account);
Assert.assertTrue(account.isInProtection());
}
use of eu.bcvsolutions.idm.acc.dto.filter.AccIdentityAccountFilter in project CzechIdMng by bcvsolutions.
the class IdentityAccountManagementTest method defaultAccountRemove.
@Test
public void defaultAccountRemove() {
TestResource createdAccount = helper.findResource("x" + IDENTITY_USERNAME);
Assert.assertNotNull("Idenitity have to exists on target system (before account will be delete)", createdAccount);
AccAccountFilter accountFilter = new AccAccountFilter();
accountFilter.setUid("x" + IDENTITY_USERNAME);
Assert.assertEquals("Account needs to exist befor will be delete", 1, accountService.find(accountFilter, null).getContent().size());
IdmIdentityDto identity = identityService.getByUsername(IDENTITY_USERNAME);
IdmIdentityRoleFilter irfilter = new IdmIdentityRoleFilter();
irfilter.setIdentityId(identity.getId());
IdmIdentityRoleDto identityRoleToDelete = identityRoleService.find(irfilter, null).getContent().get(0);
// This evokes IdentityRole DELETE event. On this event will be start
// account management and provisioning
identityRoleService.deleteById(identityRoleToDelete.getId());
Assert.assertEquals("Account must not be after was deleted", 0, accountService.find(accountFilter, null).getContent().size());
AccIdentityAccountFilter iaccFilter = new AccIdentityAccountFilter();
iaccFilter.setIdentityId(identity.getId());
Assert.assertEquals("Idenitity account have to not exists after account was deleted!", 0, identityAccountService.find(iaccFilter, null).getContent().size());
createdAccount = helper.findResource("x" + IDENTITY_USERNAME);
Assert.assertNull("Idenitity have to no exists on target system (after account was deleted)", createdAccount);
// Reset value
identity.setFirstName(IDENTITY_USERNAME);
identityService.save(identity);
}
use of eu.bcvsolutions.idm.acc.dto.filter.AccIdentityAccountFilter in project CzechIdMng by bcvsolutions.
the class IdentityAccountManagementTest method overloadedAttributeAdd_A_LastNameRole.
@Test
public void overloadedAttributeAdd_A_LastNameRole() {
IdmIdentityDto identity = identityService.getByUsername(IDENTITY_USERNAME);
IdmRoleDto roleLastName = roleService.getByCode(ROLE_OVERLOADING_LAST_NAME);
Assert.assertNull("No account for this identity can be found, before account management start!", helper.findResource("x" + IDENTITY_USERNAME));
IdmIdentityRoleDto irdto = new IdmIdentityRoleDto();
irdto.setIdentityContract(identityContractService.findAllByIdentity(identity.getId()).get(0).getId());
irdto.setRole(roleLastName.getId());
// This evokes IdentityRole SAVE event. On this event will be start
// account management and provisioning
IdmIdentityRoleDto irCreated = identityRoleService.save(irdto);
AccIdentityAccountFilter iaccFilter = new AccIdentityAccountFilter();
iaccFilter.setIdentityId(identity.getId());
iaccFilter.setIdentityRoleId(irCreated.getId());
AccIdentityAccountDto identityAccount = identityAccountService.find(iaccFilter, null).getContent().get(0);
Assert.assertNotNull("Idenitity account have to exists after account management was started!", identityAccount);
Assert.assertNotNull("Account have to exists after account management was started!", identityAccount.getAccount());
Assert.assertEquals(accountService.get(identityAccount.getAccount()).getUid(), "x" + IDENTITY_USERNAME);
TestResource createdAccount = helper.findResource("x" + IDENTITY_USERNAME);
Assert.assertNotNull("Idenitity have to exists on target system (after account management)", createdAccount);
Assert.assertEquals("Last name on target system must be equals with email on identity (we use overloded attribute)", identity.getEmail(), createdAccount.getLastname());
}
use of eu.bcvsolutions.idm.acc.dto.filter.AccIdentityAccountFilter in project CzechIdMng by bcvsolutions.
the class IdentityAccountManagementTest method defaultAccountAddInvalid.
@Test
public /**
* Add invalid identity role. Account cannot be created.
*/
void defaultAccountAddInvalid() {
initData();
IdmIdentityDto identity = identityService.getByUsername(IDENTITY_USERNAME);
IdmRoleDto roleDefault = roleService.getByCode(ROLE_DEFAULT);
Assert.assertNull("No account for this identity can be found, before account management start!", helper.findResource("x" + IDENTITY_USERNAME));
IdmIdentityRoleDto irdto = new IdmIdentityRoleDto();
irdto.setIdentityContract(identityContractService.findAllByIdentity(identity.getId()).get(0).getId());
irdto.setRole(roleDefault.getId());
// Set valid from to future
irdto.setValidFrom(LocalDate.now().plusDays(1));
// This evokes IdentityRole SAVE event. On this event will be start
// account management and provisioning
irdto = identityRoleService.save(irdto);
AccIdentityAccountFilter iaccFilter = new AccIdentityAccountFilter();
iaccFilter.setIdentityId(identity.getId());
iaccFilter.setIdentityRoleId(irdto.getId());
List<AccIdentityAccountDto> identityAccounts = identityAccountService.find(iaccFilter, null).getContent();
// Identity-account have to not exists after account management was started (INVALID identityRole was added)!
Assert.assertEquals(0, identityAccounts.size());
// Set valid from to null - Account must be created
irdto.setValidFrom(null);
// This evokes IdentityRole SAVE event. On this event will be start
// account management and provisioning
irdto = identityRoleService.save(irdto);
identityAccounts = identityAccountService.find(iaccFilter, null).getContent();
Assert.assertEquals(1, identityAccounts.size());
AccIdentityAccountDto identityAccount = identityAccounts.get(0);
Assert.assertNotNull("Idenitity account have to exists after account management was started!", identityAccount);
Assert.assertNotNull("Account have to exists after account management was started!", identityAccount.getAccount());
Assert.assertEquals(accountService.get(identityAccount.getAccount()).getUid(), "x" + IDENTITY_USERNAME);
TestResource createdAccount = helper.findResource("x" + IDENTITY_USERNAME);
Assert.assertNotNull("Idenitity have to exists on target system (after account management)", createdAccount);
Assert.assertEquals(identity.getFirstName(), createdAccount.getFirstname());
// Set valid till as expired
irdto.setValidTill(LocalDate.now().minusDays(1));
// This evokes IdentityRole SAVE event. On this event will be start
// account management and provisioning
irdto = identityRoleService.save(irdto);
identityAccounts = identityAccountService.find(iaccFilter, null).getContent();
// Identity-account have to not exists after account management was started (INVALID identityRole was added)!
Assert.assertEquals(0, identityAccounts.size());
// Clean identity role
identityRoleService.delete(irdto);
}
use of eu.bcvsolutions.idm.acc.dto.filter.AccIdentityAccountFilter in project CzechIdMng by bcvsolutions.
the class IdentityAccountManagementTest method overloadedAttributeChangePassword.
@Test(expected = ResultCodeException.class)
public void overloadedAttributeChangePassword() {
IdmIdentityDto identity = identityService.getByUsername(IDENTITY_USERNAME);
AccIdentityAccountFilter filter = new AccIdentityAccountFilter();
filter.setIdentityId(identity.getId());
filter.setSystemId(systemService.getByCode(SYSTEM_NAME).getId());
List<AccIdentityAccountDto> identityAccounts = identityAccountService.find(filter, PageRequest.of(0, 1, new Sort(Sort.Direction.ASC, AccIdentityAccount_.created.getName()))).getContent();
TestResource resourceAccount = helper.findResource("x" + IDENTITY_USERNAME);
// Create new password two
PasswordChangeDto passwordChange = new PasswordChangeDto();
passwordChange.setAccounts(ImmutableList.of(identityAccounts.get(0).getAccount().toString()));
passwordChange.setNewPassword(new GuardedString(IDENTITY_PASSWORD_TWO));
passwordChange.setIdm(true);
// Do change of password for selected accounts
identityService.passwordChange(identity, passwordChange);
// Check correct password two
resourceAccount = helper.findResource("x" + IDENTITY_USERNAME);
Assert.assertEquals("Check same password on target system", IDENTITY_PASSWORD_TWO, resourceAccount.getPassword());
// Add overloaded password attribute
IdmRoleDto rolePassword = roleService.getByCode(ROLE_OVERLOADING_PASSWORD);
SysSystemDto systemDto = systemService.getByCode(SYSTEM_NAME);
assertNotNull(systemDto);
SysRoleSystemFilter roleSystemFilter = new SysRoleSystemFilter();
roleSystemFilter.setRoleId(rolePassword.getId());
roleSystemFilter.setSystemId(systemDto.getId());
List<SysRoleSystemDto> roleSystems = roleSystemService.find(roleSystemFilter, null).getContent();
assertEquals(1, roleSystems.size());
SysRoleSystemDto roleSystemDto = roleSystems.get(0);
SysSystemMappingDto systemMapping = helper.getDefaultMapping(systemDto);
SysSystemAttributeMappingDto attributeHandlingPassword = schemaAttributeHandlingService.findBySystemMappingAndName(systemMapping.getId(), TestHelper.ATTRIBUTE_MAPPING_PASSWORD);
// Attribute for overloading last name attribute
SysRoleSystemAttributeDto attributePassword = new SysRoleSystemAttributeDto();
attributePassword.setEntityAttribute(true);
attributePassword.setIdmPropertyName("password");
attributePassword.setConfidentialAttribute(true);
attributePassword.setName("Overloaded password - add x");
attributePassword.setRoleSystem(roleSystemDto.getId());
attributePassword.setSystemAttributeMapping(attributeHandlingPassword.getId());
attributePassword.setTransformScript("return new " + GuardedString.class.getName() + "(\"x\"+attributeValue.asString());");
// Since 9.3.0 is not possible override password in role mapping exception will be thrown
attributePassword = roleSystemAttributeService.save(attributePassword);
}
Aggregations