Search in sources :

Example 26 with IdmPasswordValidationDto

use of eu.bcvsolutions.idm.core.api.dto.IdmPasswordValidationDto in project CzechIdMng by bcvsolutions.

the class DefaultIdmPasswordPolicyServiceIntegrationTest method testValidateBase.

@Test
public void testValidateBase() {
    IdmPasswordPolicyDto policy = new IdmPasswordPolicyDto();
    policy.setName("test_15");
    policy.setType(IdmPasswordPolicyType.GENERATE);
    policy.setGenerateType(IdmPasswordPolicyGenerateType.RANDOM);
    policy.setMaxPasswordLength(5);
    policy.setMinPasswordLength(1);
    policy.setNumberBase("123");
    policy.setMinNumber(3);
    IdmPasswordValidationDto password = new IdmPasswordValidationDto();
    try {
        password.setPassword("123");
        this.passwordPolicyService.validate(password, policy);
        password.setPassword("1234");
        this.passwordPolicyService.validate(password, policy);
        password.setPassword("111");
        this.passwordPolicyService.validate(password, policy);
    } catch (Exception e) {
        fail("Password base validation. " + policy);
    }
    try {
        password.setPassword("124");
        this.passwordPolicyService.validate(password, policy);
        fail("Password base validation. " + policy);
    } catch (Exception e) {
    // nothing, success
    }
    try {
        password.setPassword("456");
        this.passwordPolicyService.validate(password, policy);
        fail("Password base validation. " + policy);
    } catch (Exception e) {
    // nothing, success
    }
}
Also used : IdmPasswordPolicyDto(eu.bcvsolutions.idm.core.api.dto.IdmPasswordPolicyDto) IdmPasswordValidationDto(eu.bcvsolutions.idm.core.api.dto.IdmPasswordValidationDto) ResultCodeException(eu.bcvsolutions.idm.core.api.exception.ResultCodeException) PasswordChangeException(eu.bcvsolutions.idm.core.api.exception.PasswordChangeException) AbstractIntegrationTest(eu.bcvsolutions.idm.test.api.AbstractIntegrationTest) Test(org.junit.Test)

Example 27 with IdmPasswordValidationDto

use of eu.bcvsolutions.idm.core.api.dto.IdmPasswordValidationDto in project CzechIdMng by bcvsolutions.

the class DefaultIdmPasswordPolicyServiceIntegrationTest method testValidateLength.

@Test
public void testValidateLength() {
    IdmPasswordPolicyDto policy = new IdmPasswordPolicyDto();
    policy.setName("test_11");
    policy.setType(IdmPasswordPolicyType.VALIDATE);
    policy.setMaxPasswordLength(10);
    policy.setMinPasswordLength(5);
    IdmPasswordValidationDto password = new IdmPasswordValidationDto();
    try {
        password.setPassword("12345");
        this.passwordPolicyService.validate(password, policy);
        password.setPassword("123456");
        this.passwordPolicyService.validate(password, policy);
        password.setPassword("1234567");
        this.passwordPolicyService.validate(password, policy);
        password.setPassword("12345678");
        this.passwordPolicyService.validate(password, policy);
        password.setPassword("123456789");
        this.passwordPolicyService.validate(password, policy);
        password.setPassword("1234567890");
        this.passwordPolicyService.validate(password, policy);
    } catch (Exception e) {
        fail("Password validation length. Error message: " + e.getStackTrace().toString());
    }
    try {
        password.setPassword("1234");
        this.passwordPolicyService.validate(password, policy);
        fail("Password validation length.");
    } catch (Exception e) {
    // nothing, success
    }
    try {
        password.setPassword("");
        this.passwordPolicyService.validate(password, policy);
        fail("Password validation length.");
    } catch (Exception e) {
    // nothing, success
    }
    try {
        password.setPassword("123456789123");
        this.passwordPolicyService.validate(password, policy);
        fail("Password validation length.");
    } catch (Exception e) {
    // nothing, success
    }
}
Also used : IdmPasswordPolicyDto(eu.bcvsolutions.idm.core.api.dto.IdmPasswordPolicyDto) IdmPasswordValidationDto(eu.bcvsolutions.idm.core.api.dto.IdmPasswordValidationDto) ResultCodeException(eu.bcvsolutions.idm.core.api.exception.ResultCodeException) PasswordChangeException(eu.bcvsolutions.idm.core.api.exception.PasswordChangeException) AbstractIntegrationTest(eu.bcvsolutions.idm.test.api.AbstractIntegrationTest) Test(org.junit.Test)

Example 28 with IdmPasswordValidationDto

use of eu.bcvsolutions.idm.core.api.dto.IdmPasswordValidationDto in project CzechIdMng by bcvsolutions.

the class IdentityPasswordPreValidateDefinitionProcessor method process.

@Override
public EventResult<PasswordChangeDto> process(EntityEvent<PasswordChangeDto> event) {
    PasswordChangeDto passwordChangeDto = event.getContent();
    IdmPasswordValidationDto passwordValidationDto = new IdmPasswordValidationDto();
    List<IdmPasswordPolicyDto> passwordPolicyList = validateDefinition(passwordChangeDto);
    this.passwordPolicyService.preValidate(passwordValidationDto, passwordPolicyList);
    return new DefaultEventResult<>(event, this);
}
Also used : IdmPasswordValidationDto(eu.bcvsolutions.idm.core.api.dto.IdmPasswordValidationDto) IdmPasswordPolicyDto(eu.bcvsolutions.idm.core.api.dto.IdmPasswordPolicyDto) PasswordChangeDto(eu.bcvsolutions.idm.core.api.dto.PasswordChangeDto) DefaultEventResult(eu.bcvsolutions.idm.core.api.event.DefaultEventResult)

Example 29 with IdmPasswordValidationDto

use of eu.bcvsolutions.idm.core.api.dto.IdmPasswordValidationDto in project CzechIdMng by bcvsolutions.

the class DefaultPasswordFilterManager method validate.

@Override
public void validate(AccPasswordFilterRequestDto request) {
    LOG.info("Validation request from resource [{}] for identity identifier [{}] starting. {}", request.getResource(), request.getUsername(), request.getLogMetadata());
    SysSystemDto system = getSystem(request.getResource());
    SysSystemAttributeMappingDto passwordFilterAttribute = getAttributeMappingForPasswordFilter(system);
    IdmIdentityDto identity = evaluateUsernameToIdentity(system, request, passwordFilterAttribute);
    List<AccUniformPasswordDto> passwordDefinitions = getActiveUniformPasswordDefinitions(system);
    final GuardedString password = request.getPassword();
    final long timeout = passwordFilterAttribute.getEchoTimeout();
    final boolean changeInIdm = changeInIdm(passwordDefinitions);
    // Accounts with password filter support
    List<AccAccountDto> managedAccounts = null;
    // Accounts only for password changed without echo and password filter system
    List<AccAccountDto> notManagedAccounts = null;
    // System doesn't exists in password uniform feature
    if (CollectionUtils.isEmpty(passwordDefinitions)) {
        LOG.debug("System [{}] isn't exist in uniform password definition. Password will be check only trough the given system.");
        // Try find one account for given system with supported password filter
        managedAccounts = getAccountForSystemWithPasswordFilter(system, identity);
        notManagedAccounts = Lists.newArrayList();
    } else {
        UUID identityId = identity.getId();
        managedAccounts = getAccountsForPasswordChange(passwordDefinitions, identityId, Boolean.TRUE);
        notManagedAccounts = getAccountsForPasswordChange(passwordDefinitions, identityId, Boolean.FALSE);
    }
    if (managedAccounts.isEmpty()) {
        LOG.warn("For identifier [{}] (identity: [{}]) and resource [{}] wasn't found any managed account, validation will not be processed. {}", request.getUsername(), identity.getUsername(), request.getResource(), request.getLogMetadata());
        return;
    }
    // Accounts for current system only
    List<AccAccountDto> accounts = managedAccounts.stream().filter(account -> {
        return account.getSystem().equals(system.getId());
    }).collect(Collectors.toList());
    for (AccAccountDto account : accounts) {
        AccPasswordFilterEchoItemDto echo = getEcho(account.getId());
        if (echo == null) {
            // Echo doesn't exist yet we can continue for validation
            LOG.debug("Echo for account id [{}] and system identifier [{}] doesn't exist. {}", account.getId(), request.getUsername(), request.getLogMetadata());
            continue;
        }
        boolean echoValid = echo.isEchoValid(timeout);
        boolean passwordEqual = isPasswordEqual(echo, password);
        if (echoValid && passwordEqual && echo.isChanged()) {
            // Classic valid echo that was already changed, for this echo will not validate again
            LOG.info("Echo record found! Account uid [{}] and system code [{}]. Validation will be skipped. {}", account.getUid(), system.getCode(), request.getLogMetadata());
            // For one valid echo just skip password validate for all another password from uniform password
            return;
        }
        if (echo.isValidityChecked()) {
            // Validation was successfully executed, now is second run
            // TODO: can we skip this validation?
            LOG.debug("For account [{}] and system [{}] exist only echo for validation. {}", account.getUid(), system.getCode(), request.getLogMetadata());
        }
    }
    // Unite system from managed and not managed accounts
    List<SysSystemDto> systems = getSystemForAccounts(managedAccounts);
    systems.addAll(getSystemForAccounts(notManagedAccounts));
    // Get password policies from managed systems
    List<IdmPasswordPolicyDto> policies = getPasswordPolicy(systems);
    // Default password policy must be also added when is setup change trough IdM
    if (changeInIdm) {
        IdmPasswordPolicyDto defaultPasswordPolicy = policyService.getDefaultPasswordPolicy(IdmPasswordPolicyType.VALIDATE);
        // Password policy can be added by some system check for duplicate
        if (defaultPasswordPolicy != null && !policies.contains(defaultPasswordPolicy)) {
            policies.add(defaultPasswordPolicy);
        }
    }
    // For empty policies is not required process validation
    if (policies.isEmpty()) {
        LOG.info("Any applicable password policy found! For identifier [{}] (identity: [{}]) and resource [{}]. {}", request.getUsername(), identity.getUsername(), request.getResource(), request.getLogMetadata());
    } else {
        // Compose validation request for IdM
        IdmPasswordValidationDto passwordValidationDto = new IdmPasswordValidationDto();
        passwordValidationDto.setPassword(password);
        passwordValidationDto.setIdentity(identity);
        // password is changed on different logged identity, but change by password filter is originally executed as target identity
        passwordValidationDto.setEnforceMinPasswordAgeValidation(true);
        try {
            policyService.validate(passwordValidationDto, policies);
        } catch (Exception e) {
            // Just log the message and send error next
            LOG.error("Validation didn't pass! For identity username [{}] and system code [{}]. Error message: [{}]. {}", identity.getUsername(), system.getCode(), StringUtils.defaultString(e.getMessage()), request.getLogMetadata());
            // Set echod with not information about not valid password
            managedAccounts.forEach(account -> {
                createEchoForValidation(account.getId(), password, false);
            });
            // Throw error to caller
            throw e;
        }
    }
    // Set validate echos only for managed accounts
    managedAccounts.forEach(account -> {
        createEchoForValidation(account.getId(), password, true);
    });
    // Password valid
    LOG.info("Validation request pass! For identity [{}] and system code [{}]. {}", identity.getUsername(), system.getCode(), request.getLogMetadata());
}
Also used : IdmPasswordPolicyDto(eu.bcvsolutions.idm.core.api.dto.IdmPasswordPolicyDto) SysSystem_(eu.bcvsolutions.idm.acc.entity.SysSystem_) DtoUtils(eu.bcvsolutions.idm.core.api.utils.DtoUtils) ZonedDateTime(java.time.ZonedDateTime) Autowired(org.springframework.beans.factory.annotation.Autowired) StringUtils(org.apache.commons.lang3.StringUtils) GroovyScriptService(eu.bcvsolutions.idm.core.api.service.GroovyScriptService) AccAccountDto(eu.bcvsolutions.idm.acc.dto.AccAccountDto) ResultCodeException(eu.bcvsolutions.idm.core.api.exception.ResultCodeException) Map(java.util.Map) IdentityEventType(eu.bcvsolutions.idm.core.model.event.IdentityEvent.IdentityEventType) AccPasswordFilterEchoItemDto(eu.bcvsolutions.idm.acc.dto.AccPasswordFilterEchoItemDto) ImmutableMap(com.google.common.collect.ImmutableMap) PasswordFilterEncoderConfiguration(eu.bcvsolutions.idm.acc.config.domain.PasswordFilterEncoderConfiguration) UUID(java.util.UUID) Collectors(java.util.stream.Collectors) List(java.util.List) AccAccountService(eu.bcvsolutions.idm.acc.service.api.AccAccountService) Strings(org.apache.logging.log4j.util.Strings) IdentityEvent(eu.bcvsolutions.idm.core.model.event.IdentityEvent) AccAccountFilter(eu.bcvsolutions.idm.acc.dto.filter.AccAccountFilter) DefaultTransformFromResourceEvaluator(eu.bcvsolutions.idm.acc.script.evaluator.DefaultTransformFromResourceEvaluator) IdmIdentityService(eu.bcvsolutions.idm.core.api.service.IdmIdentityService) GuardedString(eu.bcvsolutions.idm.core.security.api.domain.GuardedString) AccResultCode(eu.bcvsolutions.idm.acc.domain.AccResultCode) AccUniformPasswordDto(eu.bcvsolutions.idm.acc.dto.AccUniformPasswordDto) AccUniformPasswordService(eu.bcvsolutions.idm.acc.service.api.AccUniformPasswordService) HashMap(java.util.HashMap) BooleanUtils(org.apache.commons.lang3.BooleanUtils) ValueWrapper(eu.bcvsolutions.idm.core.api.config.cache.domain.ValueWrapper) SysSystemDto(eu.bcvsolutions.idm.acc.dto.SysSystemDto) CollectionUtils(org.apache.commons.collections4.CollectionUtils) AccUniformPasswordFilter(eu.bcvsolutions.idm.acc.dto.filter.AccUniformPasswordFilter) ArrayList(java.util.ArrayList) IdmPasswordValidationDto(eu.bcvsolutions.idm.core.api.dto.IdmPasswordValidationDto) Lists(com.google.common.collect.Lists) PasswordFilterManager(eu.bcvsolutions.idm.acc.service.api.PasswordFilterManager) LookupService(eu.bcvsolutions.idm.core.api.service.LookupService) Service(org.springframework.stereotype.Service) IdentityProcessor(eu.bcvsolutions.idm.core.api.event.processor.IdentityProcessor) SCryptPasswordEncoder(org.springframework.security.crypto.scrypt.SCryptPasswordEncoder) IdmPasswordPolicyType(eu.bcvsolutions.idm.core.api.domain.IdmPasswordPolicyType) IdentityPasswordProcessor(eu.bcvsolutions.idm.core.model.event.processor.identity.IdentityPasswordProcessor) IdmIdentityDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityDto) IdmCacheManager(eu.bcvsolutions.idm.core.api.service.IdmCacheManager) AbstractScriptEvaluator(eu.bcvsolutions.idm.core.script.evaluator.AbstractScriptEvaluator) SysSystemAttributeMappingFilter(eu.bcvsolutions.idm.acc.dto.filter.SysSystemAttributeMappingFilter) PasswordEncoder(org.springframework.security.crypto.password.PasswordEncoder) AccAccount_(eu.bcvsolutions.idm.acc.entity.AccAccount_) AccPasswordFilterRequestDto(eu.bcvsolutions.idm.acc.dto.AccPasswordFilterRequestDto) SysSystemAttributeMappingDto(eu.bcvsolutions.idm.acc.dto.SysSystemAttributeMappingDto) SysSystemAttributeMappingService(eu.bcvsolutions.idm.acc.service.api.SysSystemAttributeMappingService) PasswordChangeDto(eu.bcvsolutions.idm.core.api.dto.PasswordChangeDto) Assert(org.springframework.util.Assert) IdmPasswordPolicyService(eu.bcvsolutions.idm.core.api.service.IdmPasswordPolicyService) SysSystemAttributeMappingDto(eu.bcvsolutions.idm.acc.dto.SysSystemAttributeMappingDto) AccUniformPasswordDto(eu.bcvsolutions.idm.acc.dto.AccUniformPasswordDto) GuardedString(eu.bcvsolutions.idm.core.security.api.domain.GuardedString) AccAccountDto(eu.bcvsolutions.idm.acc.dto.AccAccountDto) SysSystemDto(eu.bcvsolutions.idm.acc.dto.SysSystemDto) ResultCodeException(eu.bcvsolutions.idm.core.api.exception.ResultCodeException) AccPasswordFilterEchoItemDto(eu.bcvsolutions.idm.acc.dto.AccPasswordFilterEchoItemDto) IdmPasswordPolicyDto(eu.bcvsolutions.idm.core.api.dto.IdmPasswordPolicyDto) IdmPasswordValidationDto(eu.bcvsolutions.idm.core.api.dto.IdmPasswordValidationDto) IdmIdentityDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityDto) UUID(java.util.UUID)

Aggregations

IdmPasswordValidationDto (eu.bcvsolutions.idm.core.api.dto.IdmPasswordValidationDto)29 IdmPasswordPolicyDto (eu.bcvsolutions.idm.core.api.dto.IdmPasswordPolicyDto)27 AbstractIntegrationTest (eu.bcvsolutions.idm.test.api.AbstractIntegrationTest)24 Test (org.junit.Test)24 ResultCodeException (eu.bcvsolutions.idm.core.api.exception.ResultCodeException)18 PasswordChangeException (eu.bcvsolutions.idm.core.api.exception.PasswordChangeException)15 IdmIdentityDto (eu.bcvsolutions.idm.core.api.dto.IdmIdentityDto)14 GuardedString (eu.bcvsolutions.idm.core.security.api.domain.GuardedString)7 IdmPasswordDto (eu.bcvsolutions.idm.core.api.dto.IdmPasswordDto)5 PasswordChangeDto (eu.bcvsolutions.idm.core.api.dto.PasswordChangeDto)5 DefaultEventResult (eu.bcvsolutions.idm.core.api.event.DefaultEventResult)4 IdmPasswordPolicyType (eu.bcvsolutions.idm.core.api.domain.IdmPasswordPolicyType)2 PasswordChangeType (eu.bcvsolutions.idm.core.api.domain.PasswordChangeType)2 IdentityProcessor (eu.bcvsolutions.idm.core.api.event.processor.IdentityProcessor)2 IdmPasswordPolicyService (eu.bcvsolutions.idm.core.api.service.IdmPasswordPolicyService)2 ImmutableMap (com.google.common.collect.ImmutableMap)1 Lists (com.google.common.collect.Lists)1 AccModuleDescriptor (eu.bcvsolutions.idm.acc.AccModuleDescriptor)1 PasswordFilterEncoderConfiguration (eu.bcvsolutions.idm.acc.config.domain.PasswordFilterEncoderConfiguration)1 AccResultCode (eu.bcvsolutions.idm.acc.domain.AccResultCode)1