use of eu.bcvsolutions.idm.core.security.api.dto.LoginDto in project CzechIdMng by bcvsolutions.
the class PasswordChangeController method passwordChange.
/**
* Changes identity password. Could be public, because previous password is required.
*
* @param identityId
* @param passwordChangeDto
* @return
*/
@ResponseBody
@ResponseStatus(code = HttpStatus.OK)
@RequestMapping(value = BaseController.BASE_PATH + "/public/identities/{backendId}/password-change", method = RequestMethod.PUT)
@ApiOperation(value = "Change identity's password", nickname = "passwordChange", response = PasswordChangeDto.class, tags = { PasswordChangeController.TAG })
public List<OperationResult> passwordChange(@ApiParam(value = "Identity's uuid identifier or username.", required = true) @PathVariable String backendId, @RequestBody @Valid PasswordChangeDto passwordChangeDto) {
IdmIdentityDto identity = (IdmIdentityDto) entityLookupService.lookupDto(IdmIdentityDto.class, backendId);
if (identity == null) {
// we don't result not found by security reasons, it public endpoint
throw new ResultCodeException(CoreResultCode.PASSWORD_CHANGE_CURRENT_FAILED_IDM);
}
// we need to login as identity, if no one is logged in
try {
if (!securityService.isAuthenticated()) {
LoginDto loginDto = new LoginDto();
loginDto.setSkipMustChange(true);
loginDto.setUsername(identity.getUsername());
loginDto.setPassword(passwordChangeDto.getOldPassword());
loginDto = authenticationManager.authenticate(loginDto);
//
// public password change password for all system including idm
passwordChangeDto.setAll(true);
// check if is allowed change password trough IdM, otherwise leave value as it is
passwordChangeDto.setIdm(identityConfiguration.isAllowedPublicChangePasswordForIdm());
}
} catch (IdmAuthenticationException ex) {
throw new ResultCodeException(CoreResultCode.PASSWORD_CHANGE_CURRENT_FAILED_IDM, ex);
}
//
// check permission for password change
identityService.checkAccess(identity, IdentityBasePermission.PASSWORDCHANGE);
//
return identityService.passwordChange(identity, passwordChangeDto);
}
use of eu.bcvsolutions.idm.core.security.api.dto.LoginDto in project CzechIdMng by bcvsolutions.
the class DefaultAccAuthenticatorTest method loginAgainstTwoAccount.
@Test
public void loginAgainstTwoAccount() {
IdmIdentityDto identity = identityService.getByUsername(USERNAME);
AccIdentityAccountFilter filter = new AccIdentityAccountFilter();
filter.setIdentityId(identity.getId());
List<AccIdentityAccountDto> identityAccounts = identityAccountService.find(filter, null).getContent();
// get account distinct for identityAccounts
List<String> accountIds = new ArrayList<>();
for (AccIdentityAccountDto identityAccount : identityAccounts) {
if (!accountIds.contains(identityAccount.getAccount().toString())) {
accountIds.add(identityAccount.getAccount().toString());
}
}
assertEquals(1, accountIds.size());
assertEquals(1, identityAccounts.size());
IdmRoleDto role2 = roleService.getByCode(ROLE_NAME + "2");
IdmIdentityRoleDto irdto = new IdmIdentityRoleDto();
irdto.setIdentityContract(identityContractService.findAllByIdentity(identity.getId()).get(0).getId());
irdto.setRole(role2.getId());
irdto = identityRoleService.save(irdto);
identityAccounts = identityAccountService.find(filter, null).getContent();
// get account distinct for identityAccounts
accountIds = new ArrayList<>();
for (AccIdentityAccountDto identityAccount : identityAccounts) {
if (!accountIds.contains(identityAccount.getAccount().toString())) {
accountIds.add(identityAccount.getAccount().toString());
}
}
assertEquals(2, accountIds.size());
assertEquals(2, identityAccounts.size());
PasswordChangeDto passwordChangeDto = new PasswordChangeDto();
List<String> accs = new ArrayList<>();
accs.add(accountIds.get(0));
passwordChangeDto.setAccounts(accs);
passwordChangeDto.setAll(false);
passwordChangeDto.setNewPassword(new GuardedString("1234"));
// change password for system
provisioningService.changePassword(identity, passwordChangeDto);
passwordChangeDto = new PasswordChangeDto();
accs = new ArrayList<>();
accs.add(accountIds.get(1));
passwordChangeDto.setAccounts(accs);
passwordChangeDto.setAll(false);
passwordChangeDto.setNewPassword(new GuardedString("4321"));
// change password for system
provisioningService.changePassword(identity, passwordChangeDto);
// bough password are right
LoginDto loginDto1 = new LoginDto();
loginDto1.setUsername(USERNAME);
loginDto1.setPassword(new GuardedString("1234"));
loginDto1 = authenticationManager.authenticate(loginDto1);
LoginDto loginDto2 = new LoginDto();
loginDto2.setUsername(USERNAME);
loginDto2.setPassword(new GuardedString("4321"));
loginDto2 = authenticationManager.authenticate(loginDto2);
assertNotNull(loginDto2);
assertNotNull(loginDto2.getAuthentication());
assertEquals("acc", loginDto2.getAuthenticationModule());
assertNotNull(loginDto1);
assertNotNull(loginDto1.getAuthentication());
assertEquals("acc", loginDto1.getAuthenticationModule());
}
use of eu.bcvsolutions.idm.core.security.api.dto.LoginDto in project CzechIdMng by bcvsolutions.
the class DefaultAccAuthenticatorTest method A_loginAgainstSystem.
@Test
public void A_loginAgainstSystem() {
initData();
IdmIdentityDto identity = identityService.getByUsername(USERNAME);
IdmRoleDto role = roleService.getByCode(ROLE_NAME);
IdmIdentityRoleDto irdto = new IdmIdentityRoleDto();
irdto.setIdentityContract(identityContractService.findAllByIdentity(identity.getId()).get(0).getId());
irdto.setRole(role.getId());
// This evokes IdentityRole SAVE event. On this event will be start
// account management and provisioning
irdto = identityRoleService.save(irdto);
//
AccIdentityAccountFilter filter = new AccIdentityAccountFilter();
filter.setIdentityId(identity.getId());
List<AccIdentityAccountDto> accounts = identityAccountService.find(filter, null).getContent();
assertEquals(1, accounts.size());
List<String> accs = new ArrayList<>();
accs.add(accounts.get(0).getId().toString());
PasswordChangeDto passwordChangeDto = new PasswordChangeDto();
passwordChangeDto.setAccounts(accs);
passwordChangeDto.setAll(true);
passwordChangeDto.setNewPassword(new GuardedString("test"));
// change password for system
provisioningService.changePassword(identity, passwordChangeDto);
LoginDto loginDto = new LoginDto();
loginDto.setUsername(USERNAME);
loginDto.setPassword(new GuardedString("test"));
loginDto = authenticationManager.authenticate(loginDto);
//
assertNotNull(loginDto);
assertNotNull(loginDto.getAuthentication());
assertEquals("acc", loginDto.getAuthenticationModule());
}
use of eu.bcvsolutions.idm.core.security.api.dto.LoginDto in project CzechIdMng by bcvsolutions.
the class DefaultAccAuthenticatorTest method loginAgainstIdm.
@Test
public void loginAgainstIdm() {
IdmIdentityDto identity = new IdmIdentityDto();
identity.setUsername("test_login_1");
identity.setLastName("test_login_1");
identity.setPassword(new GuardedString("test1234"));
identity = identityService.save(identity);
LoginDto loginDto = new LoginDto();
loginDto.setPassword(new GuardedString("test1234"));
loginDto.setUsername("test_login_1");
loginDto = authenticationManager.authenticate(loginDto);
assertNotNull(loginDto);
assertNotNull(loginDto.getAuthentication());
assertEquals("core", loginDto.getAuthenticationModule());
}
use of eu.bcvsolutions.idm.core.security.api.dto.LoginDto in project CzechIdMng by bcvsolutions.
the class IdentityAccountByRoleEvaluatorIntegrationTest method testCannotReadIdentityAccount.
@Test(expected = ForbiddenEntityException.class)
public void testCannotReadIdentityAccount() {
IdmIdentityDto identity;
AccIdentityAccountDto accountIdentityOne;
try {
loginAsAdmin(InitApplicationData.ADMIN_USERNAME);
//
identity = helper.createIdentity();
SysSystemDto system = helper.createTestResourceSystem(true);
AccAccountDto accountOne = new AccAccountDto();
accountOne.setSystem(system.getId());
accountOne.setUid(identity.getUsername());
accountOne.setAccountType(AccountType.PERSONAL);
accountOne = accountService.save(accountOne);
accountIdentityOne = new AccIdentityAccountDto();
accountIdentityOne.setIdentity(identity.getId());
accountIdentityOne.setOwnership(true);
accountIdentityOne.setAccount(accountOne.getId());
accountIdentityOne = identityAccountService.save(accountIdentityOne);
} finally {
logout();
}
// check
try {
loginService.login(new LoginDto(identity.getUsername(), identity.getPassword()));
identityAccountService.get(accountIdentityOne.getId(), IdmBasePermission.READ);
} finally {
logout();
}
}
Aggregations