use of eu.bcvsolutions.idm.core.api.dto.IdmPasswordValidationDto in project CzechIdMng by bcvsolutions.
the class DefaultIdmPasswordPolicyServiceIntegrationTest method testValidateBase.
@Test
public void testValidateBase() {
IdmPasswordPolicyDto policy = new IdmPasswordPolicyDto();
policy.setName("test_15");
policy.setType(IdmPasswordPolicyType.GENERATE);
policy.setGenerateType(IdmPasswordPolicyGenerateType.RANDOM);
policy.setMaxPasswordLength(5);
policy.setMinPasswordLength(1);
policy.setNumberBase("123");
policy.setMinNumber(3);
IdmPasswordValidationDto password = new IdmPasswordValidationDto();
try {
password.setPassword("123");
this.passwordPolicyService.validate(password, policy);
password.setPassword("1234");
this.passwordPolicyService.validate(password, policy);
password.setPassword("111");
this.passwordPolicyService.validate(password, policy);
} catch (Exception e) {
fail("Password base validation. " + policy);
}
try {
password.setPassword("124");
this.passwordPolicyService.validate(password, policy);
fail("Password base validation. " + policy);
} catch (Exception e) {
// nothing, success
}
try {
password.setPassword("456");
this.passwordPolicyService.validate(password, policy);
fail("Password base validation. " + policy);
} catch (Exception e) {
// nothing, success
}
}
use of eu.bcvsolutions.idm.core.api.dto.IdmPasswordValidationDto in project CzechIdMng by bcvsolutions.
the class DefaultIdmPasswordPolicyServiceIntegrationTest method testValidateLength.
@Test
public void testValidateLength() {
IdmPasswordPolicyDto policy = new IdmPasswordPolicyDto();
policy.setName("test_11");
policy.setType(IdmPasswordPolicyType.VALIDATE);
policy.setMaxPasswordLength(10);
policy.setMinPasswordLength(5);
IdmPasswordValidationDto password = new IdmPasswordValidationDto();
try {
password.setPassword("12345");
this.passwordPolicyService.validate(password, policy);
password.setPassword("123456");
this.passwordPolicyService.validate(password, policy);
password.setPassword("1234567");
this.passwordPolicyService.validate(password, policy);
password.setPassword("12345678");
this.passwordPolicyService.validate(password, policy);
password.setPassword("123456789");
this.passwordPolicyService.validate(password, policy);
password.setPassword("1234567890");
this.passwordPolicyService.validate(password, policy);
} catch (Exception e) {
fail("Password validation length. Error message: " + e.getStackTrace().toString());
}
try {
password.setPassword("1234");
this.passwordPolicyService.validate(password, policy);
fail("Password validation length.");
} catch (Exception e) {
// nothing, success
}
try {
password.setPassword("");
this.passwordPolicyService.validate(password, policy);
fail("Password validation length.");
} catch (Exception e) {
// nothing, success
}
try {
password.setPassword("123456789123");
this.passwordPolicyService.validate(password, policy);
fail("Password validation length.");
} catch (Exception e) {
// nothing, success
}
}
use of eu.bcvsolutions.idm.core.api.dto.IdmPasswordValidationDto in project CzechIdMng by bcvsolutions.
the class IdentityPasswordPreValidateDefinitionProcessor method process.
@Override
public EventResult<PasswordChangeDto> process(EntityEvent<PasswordChangeDto> event) {
PasswordChangeDto passwordChangeDto = event.getContent();
IdmPasswordValidationDto passwordValidationDto = new IdmPasswordValidationDto();
List<IdmPasswordPolicyDto> passwordPolicyList = validateDefinition(passwordChangeDto);
this.passwordPolicyService.preValidate(passwordValidationDto, passwordPolicyList);
return new DefaultEventResult<>(event, this);
}
use of eu.bcvsolutions.idm.core.api.dto.IdmPasswordValidationDto in project CzechIdMng by bcvsolutions.
the class DefaultPasswordFilterManager method validate.
@Override
public void validate(AccPasswordFilterRequestDto request) {
LOG.info("Validation request from resource [{}] for identity identifier [{}] starting. {}", request.getResource(), request.getUsername(), request.getLogMetadata());
SysSystemDto system = getSystem(request.getResource());
SysSystemAttributeMappingDto passwordFilterAttribute = getAttributeMappingForPasswordFilter(system);
IdmIdentityDto identity = evaluateUsernameToIdentity(system, request, passwordFilterAttribute);
List<AccUniformPasswordDto> passwordDefinitions = getActiveUniformPasswordDefinitions(system);
final GuardedString password = request.getPassword();
final long timeout = passwordFilterAttribute.getEchoTimeout();
final boolean changeInIdm = changeInIdm(passwordDefinitions);
// Accounts with password filter support
List<AccAccountDto> managedAccounts = null;
// Accounts only for password changed without echo and password filter system
List<AccAccountDto> notManagedAccounts = null;
// System doesn't exists in password uniform feature
if (CollectionUtils.isEmpty(passwordDefinitions)) {
LOG.debug("System [{}] isn't exist in uniform password definition. Password will be check only trough the given system.");
// Try find one account for given system with supported password filter
managedAccounts = getAccountForSystemWithPasswordFilter(system, identity);
notManagedAccounts = Lists.newArrayList();
} else {
UUID identityId = identity.getId();
managedAccounts = getAccountsForPasswordChange(passwordDefinitions, identityId, Boolean.TRUE);
notManagedAccounts = getAccountsForPasswordChange(passwordDefinitions, identityId, Boolean.FALSE);
}
if (managedAccounts.isEmpty()) {
LOG.warn("For identifier [{}] (identity: [{}]) and resource [{}] wasn't found any managed account, validation will not be processed. {}", request.getUsername(), identity.getUsername(), request.getResource(), request.getLogMetadata());
return;
}
// Accounts for current system only
List<AccAccountDto> accounts = managedAccounts.stream().filter(account -> {
return account.getSystem().equals(system.getId());
}).collect(Collectors.toList());
for (AccAccountDto account : accounts) {
AccPasswordFilterEchoItemDto echo = getEcho(account.getId());
if (echo == null) {
// Echo doesn't exist yet we can continue for validation
LOG.debug("Echo for account id [{}] and system identifier [{}] doesn't exist. {}", account.getId(), request.getUsername(), request.getLogMetadata());
continue;
}
boolean echoValid = echo.isEchoValid(timeout);
boolean passwordEqual = isPasswordEqual(echo, password);
if (echoValid && passwordEqual && echo.isChanged()) {
// Classic valid echo that was already changed, for this echo will not validate again
LOG.info("Echo record found! Account uid [{}] and system code [{}]. Validation will be skipped. {}", account.getUid(), system.getCode(), request.getLogMetadata());
// For one valid echo just skip password validate for all another password from uniform password
return;
}
if (echo.isValidityChecked()) {
// Validation was successfully executed, now is second run
// TODO: can we skip this validation?
LOG.debug("For account [{}] and system [{}] exist only echo for validation. {}", account.getUid(), system.getCode(), request.getLogMetadata());
}
}
// Unite system from managed and not managed accounts
List<SysSystemDto> systems = getSystemForAccounts(managedAccounts);
systems.addAll(getSystemForAccounts(notManagedAccounts));
// Get password policies from managed systems
List<IdmPasswordPolicyDto> policies = getPasswordPolicy(systems);
// Default password policy must be also added when is setup change trough IdM
if (changeInIdm) {
IdmPasswordPolicyDto defaultPasswordPolicy = policyService.getDefaultPasswordPolicy(IdmPasswordPolicyType.VALIDATE);
// Password policy can be added by some system check for duplicate
if (defaultPasswordPolicy != null && !policies.contains(defaultPasswordPolicy)) {
policies.add(defaultPasswordPolicy);
}
}
// For empty policies is not required process validation
if (policies.isEmpty()) {
LOG.info("Any applicable password policy found! For identifier [{}] (identity: [{}]) and resource [{}]. {}", request.getUsername(), identity.getUsername(), request.getResource(), request.getLogMetadata());
} else {
// Compose validation request for IdM
IdmPasswordValidationDto passwordValidationDto = new IdmPasswordValidationDto();
passwordValidationDto.setPassword(password);
passwordValidationDto.setIdentity(identity);
// password is changed on different logged identity, but change by password filter is originally executed as target identity
passwordValidationDto.setEnforceMinPasswordAgeValidation(true);
try {
policyService.validate(passwordValidationDto, policies);
} catch (Exception e) {
// Just log the message and send error next
LOG.error("Validation didn't pass! For identity username [{}] and system code [{}]. Error message: [{}]. {}", identity.getUsername(), system.getCode(), StringUtils.defaultString(e.getMessage()), request.getLogMetadata());
// Set echod with not information about not valid password
managedAccounts.forEach(account -> {
createEchoForValidation(account.getId(), password, false);
});
// Throw error to caller
throw e;
}
}
// Set validate echos only for managed accounts
managedAccounts.forEach(account -> {
createEchoForValidation(account.getId(), password, true);
});
// Password valid
LOG.info("Validation request pass! For identity [{}] and system code [{}]. {}", identity.getUsername(), system.getCode(), request.getLogMetadata());
}
Aggregations