Examples with IdmTokenDto eu.bcvsolutions.idm.core.api.dto.IdmTokenDto used on opensource projects

Example 21 with IdmTokenDto

use of eu.bcvsolutions.idm.core.api.dto.IdmTokenDto in project CzechIdMng by bcvsolutions.

the class ExtendExpirationFilterTest method testSuccessfulTokenExtension.

/**
 * Token is prolonged, when original expiration differs more than 60 seconds
 * @throws Exception
 */
@Test
public void testSuccessfulTokenExtension() throws Exception {
    LoginDto login = getHelper().loginAdmin();
    securityService.logout();
    // 
    IdmTokenDto originalToken = tokenService.get(login.getAuthentication().getId());
    originalToken.setExpiration(originalToken.getExpiration().minusMinutes(2));
    originalToken = tokenService.save(originalToken);
    // 
    MvcResult result = getMockMvc().perform(get(getSelfPath(TestHelper.ADMIN_USERNAME)).header(JwtAuthenticationMapper.AUTHENTICATION_TOKEN_NAME, login.getToken()).contentType(TestHelper.HAL_CONTENT_TYPE)).andExpect(status().isOk()).andExpect(content().contentType(TestHelper.HAL_CONTENT_TYPE)).andExpect(jsonPath("$.username", equalTo(TestHelper.ADMIN_USERNAME))).andReturn();
    IdmJwtAuthenticationDto extended = getIdmJwtDto(result);
    Assert.assertEquals(originalToken.getOwnerId(), extended.getCurrentIdentityId());
    Assert.assertEquals(originalToken.getIssuedAt().toInstant().toEpochMilli(), extended.getIssuedAt().toInstant().toEpochMilli());
    // token expiration - orignal exp. time is lower or equal to new one
    Assert.assertTrue(originalToken.getExpiration().toInstant().toEpochMilli() < extended.getExpiration().toInstant().toEpochMilli());
}

Example 22 with IdmTokenDto

use of eu.bcvsolutions.idm.core.api.dto.IdmTokenDto in project CzechIdMng by bcvsolutions.

the class DefaultTwoFactorAuthenticationManagerIntegrationTest method testNotRequireTwoFactorAuthenticationWithVerifiedToken.

@Test
public void testNotRequireTwoFactorAuthenticationWithVerifiedToken() {
    // password is needed
    IdmIdentityDto identity = getHelper().createIdentity();
    // 
    TwoFactorRegistrationResponseDto initResponse = manager.init(identity.getId(), TwoFactorAuthenticationType.NOTIFICATION);
    Assert.assertNotNull(initResponse);
    Assert.assertNotNull(initResponse.getVerificationSecret());
    Assert.assertEquals(identity.getUsername(), initResponse.getUsername());
    Assert.assertNull(initResponse.getQrcode());
    // 
    // confirm
    TwoFactorRegistrationConfirmDto confirm = new TwoFactorRegistrationConfirmDto();
    confirm.setVerificationSecret(new GuardedString(initResponse.getVerificationSecret()));
    confirm.setVerificationCode(manager.generateCode(new GuardedString(initResponse.getVerificationSecret())));
    confirm.setTwoFactorAuthenticationType(TwoFactorAuthenticationType.NOTIFICATION);
    Assert.assertTrue(manager.confirm(identity.getId(), confirm));
    Assert.assertEquals(initResponse.getVerificationSecret(), getHelper().getPassword(identity).getVerificationSecret());
    // 
    IdmTokenDto token = createToken(identity, true);
    // 
    Assert.assertFalse(manager.requireTwoFactorAuthentication(identity.getId(), token.getId()));
}

Example 23 with IdmTokenDto

use of eu.bcvsolutions.idm.core.api.dto.IdmTokenDto in project CzechIdMng by bcvsolutions.

the class DefaultAuthenticationManager method logout.

@Override
public void logout() {
    IdmTokenDto token = tokenManager.getCurrentToken();
    if (token == null) {
        LOG.debug("Current token not found, logout is not supported (already logged out or authenticated externally without token).");
        return;
    }
    // 
    // all registered authenticator should know about logout given token
    String userId = Objects.toString(token.getOwnerId(), "");
    String username = null;
    if (IdmIdentity.class.getCanonicalName().equals(token.getOwnerType())) {
        IdmIdentityDto dto = identityService.get(token.getOwnerId());
        if (dto != null) {
            username = dto.getUsername();
        }
    }
    String action = siemLogger.buildAction(SiemLoggerManager.LOGIN_LEVEL_KEY, SiemLoggerManager.LOGOUT_SUBLEVEL_KEY);
    try {
        for (Authenticator authenticator : getEnabledAuthenticators()) {
            LOG.trace("Process authenticator [{}].", authenticator.getName());
            // 
            authenticator.logout(token);
        }
        siemLogger.log(action, SiemLoggerManager.SUCCESS_ACTION_STATUS, username, userId, null, null, null, null);
    } catch (Exception e) {
        siemLogger.log(action, SiemLoggerManager.FAILED_ACTION_STATUS, username, userId, null, null, null, e.getMessage());
    }
}

Example 24 with IdmTokenDto

use of eu.bcvsolutions.idm.core.api.dto.IdmTokenDto in project CzechIdMng by bcvsolutions.

the class IdentityRoleDeleteAuthoritiesProcessorTest method testRoleRemovedAuthorityRemoved.

/**
 * Removing a role which grants authorities must raise
 * the authorities modification event on identity.
 */
@Test
public void testRoleRemovedAuthorityRemoved() {
    IdmRoleDto role = getTestRole();
    IdmIdentityDto i = getHelper().createIdentity();
    IdmIdentityContractDto c = getTestContract(i);
    IdmIdentityRoleDto ir = getTestIdentityRole(role, c);
    List<IdmTokenDto> tokens = tokenManager.getTokens(i);
    // 
    Assert.assertTrue(tokens.isEmpty());
    Assert.assertEquals(1, identityRoleService.findAllByIdentity(i.getId()).size());
    checkAssignedAuthorities(i);
    // 
    // login - one token
    getHelper().login(i.getUsername(), i.getPassword());
    try {
        tokens = tokenManager.getTokens(i);
        Assert.assertEquals(1, tokens.size());
        Assert.assertFalse(tokens.get(0).isDisabled());
        // 
        // remove role - token should be disabled
        identityRoleService.delete(ir);
        // 
        tokens = tokenManager.getTokens(i);
        Assert.assertEquals(1, tokens.size());
        Assert.assertTrue(tokens.get(0).isDisabled());
        Assert.assertEquals(0, identityRoleService.findAllByIdentity(i.getId()).size());
        Assert.assertEquals(0, authoritiesFactory.getGrantedAuthoritiesForIdentity(i.getId()).size());
    } finally {
        getHelper().logout();
    }
}

Example 25 with IdmTokenDto

use of eu.bcvsolutions.idm.core.api.dto.IdmTokenDto in project CzechIdMng by bcvsolutions.

the class IdentityRoleDeleteAuthoritiesProcessorTest method testRoleRemovedAuthorityStays.

/**
 * User has to roles with same authorities - removing just one role
 * shall not change the authorities modification flag.
 */
@Test
public void testRoleRemovedAuthorityStays() {
    // two roles with same authorities
    IdmRoleDto role = getTestRole();
    IdmRoleDto role2 = getTestRole();
    IdmIdentityDto i = getHelper().createIdentity();
    IdmIdentityContractDto c = getTestContract(i);
    IdmIdentityRoleDto ir = getTestIdentityRole(role, c);
    IdmIdentityRoleDto ir2 = getTestIdentityRole(role2, c);
    // 
    List<IdmTokenDto> tokens = tokenManager.getTokens(i);
    // 
    Assert.assertTrue(tokens.isEmpty());
    Assert.assertEquals(2, identityRoleService.findAllByIdentity(i.getId()).size());
    checkAssignedAuthorities(i);
    // 
    // login - one token
    getHelper().login(i.getUsername(), i.getPassword());
    try {
        tokens = tokenManager.getTokens(i);
        Assert.assertEquals(1, tokens.size());
        Assert.assertFalse(tokens.get(0).isDisabled());
        identityRoleService.delete(ir2);
        tokens = tokenManager.getTokens(i);
        Assert.assertEquals(1, tokens.size());
        Assert.assertFalse(tokens.get(0).isDisabled());
        Assert.assertEquals(1, identityRoleService.findAllByIdentity(i.getId()).size());
        Assert.assertEquals(ir.getId(), identityRoleService.findAllByIdentity(i.getId()).get(0).getId());
        Assert.assertEquals(1, authoritiesFactory.getGrantedAuthoritiesForIdentity(i.getId()).size());
    } finally {
        getHelper().logout();
    }
}