Search in sources :

Example 16 with Membership

use of io.gravitee.am.model.Membership in project gravitee-access-management by gravitee-io.

the class AuthenticationServiceImpl method updateRoles.

/**
 * Update ORGANIZATION role to an existing user if the identity provider role mapper has changed
 */
private Completable updateRoles(User principal, io.gravitee.am.model.User existingUser) {
    // no role defined, continue
    if (principal.getRoles() == null || principal.getRoles().isEmpty()) {
        return Completable.complete();
    }
    // role to update if it's different from the current one
    final String roleId = principal.getRoles().get(0);
    // update membership if necessary
    return membershipService.findByMember(existingUser.getId(), MemberType.USER).filter(membership -> ReferenceType.ORGANIZATION == membership.getReferenceType()).firstElement().map(membership -> !membership.getRoleId().equals(roleId)).switchIfEmpty(Maybe.just(false)).flatMapCompletable(mustChangeOrganizationRole -> {
        if (!mustChangeOrganizationRole) {
            return Completable.complete();
        }
        Membership membership = new Membership();
        membership.setMemberType(MemberType.USER);
        membership.setMemberId(existingUser.getId());
        membership.setReferenceType(existingUser.getReferenceType());
        membership.setReferenceId(existingUser.getReferenceId());
        membership.setRoleId(roleId);
        // check role and then update membership
        return roleService.findById(existingUser.getReferenceType(), existingUser.getReferenceId(), roleId).flatMap(__ -> membershipService.addOrUpdate(existingUser.getReferenceId(), membership)).ignoreElement();
    });
}
Also used : java.util(java.util) Completable(io.reactivex.Completable) Maybe(io.reactivex.Maybe) AuthenticationAuditBuilder(io.gravitee.am.service.reporter.builder.AuthenticationAuditBuilder) Autowired(org.springframework.beans.factory.annotation.Autowired) AuditService(io.gravitee.am.service.AuditService) Single(io.reactivex.Single) DefaultUser(io.gravitee.am.identityprovider.api.DefaultUser) User(io.gravitee.am.identityprovider.api.User) AuditBuilder(io.gravitee.am.service.reporter.builder.AuditBuilder) ReferenceType(io.gravitee.am.model.ReferenceType) SimpleAuthenticationContext(io.gravitee.am.identityprovider.api.SimpleAuthenticationContext) MembershipService(io.gravitee.am.service.MembershipService) RoleService(io.gravitee.am.service.RoleService) AuthenticationService(io.gravitee.am.management.handlers.management.api.authentication.service.AuthenticationService) StandardClaims(io.gravitee.am.common.oidc.StandardClaims) EndUserAuthentication(io.gravitee.am.management.handlers.management.api.authentication.provider.security.EndUserAuthentication) MemberType(io.gravitee.am.model.membership.MemberType) Membership(io.gravitee.am.model.Membership) UserNotFoundException(io.gravitee.am.service.exception.UserNotFoundException) Organization(io.gravitee.am.model.Organization) Claims(io.gravitee.am.common.jwt.Claims) OrganizationUserService(io.gravitee.am.service.OrganizationUserService) CustomClaims(io.gravitee.am.common.oidc.CustomClaims) Authentication(org.springframework.security.core.Authentication) Membership(io.gravitee.am.model.Membership)

Example 17 with Membership

use of io.gravitee.am.model.Membership in project gravitee-access-management by gravitee-io.

the class DomainNotificationServiceTest method shouldNotifyUser_EmailAndUI.

@Test
public void shouldNotifyUser_EmailAndUI() throws Exception {
    ReflectionTestUtils.setField(cut, "uiNotifierEnabled", true);
    final Membership member = new Membership();
    member.setMemberType(MemberType.USER);
    member.setMemberId("userid");
    when(membershipService.findByCriteria(eq(ReferenceType.DOMAIN), eq(DOMAIN_ID), any())).thenReturn(Flowable.just(member), Flowable.empty());
    final User user = new User();
    user.setEmail("user@acme.fr");
    when(userService.findById(ReferenceType.ORGANIZATION, env.getOrganizationId(), member.getMemberId())).thenReturn(Single.just(user));
    when(emailService.getFinalEmail(any(), any(), any(), any(), any())).thenReturn(new Email());
    cut.registerCertificateExpiration(certificate);
    // wait subscription execution
    Thread.sleep(1000);
    verify(notifierService).register(argThat(def -> def.getType().equals(TYPE_UI_NOTIFIER)), any(), any());
    verify(notifierService).register(argThat(def -> def.getType().equals(TYPE_EMAIL_NOTIFIER)), any(), any());
    verify(groupService, never()).findMembers(any(), any(), any(), anyInt(), anyInt());
}
Also used : IntStream(java.util.stream.IntStream) ArgumentMatchers.any(org.mockito.ArgumentMatchers.any) Certificate(io.gravitee.am.model.Certificate) EnvironmentService(io.gravitee.am.service.EnvironmentService) DomainNotifierServiceImpl(io.gravitee.am.management.service.impl.DomainNotifierServiceImpl) Arrays(java.util.Arrays) SystemRole(io.gravitee.am.model.permissions.SystemRole) Mock(org.mockito.Mock) ArgumentMatchers.eq(org.mockito.ArgumentMatchers.eq) Role(io.gravitee.am.model.Role) Maybe(io.reactivex.Maybe) RunWith(org.junit.runner.RunWith) DomainService(io.gravitee.am.service.DomainService) Environment(io.gravitee.am.model.Environment) Mockito.argThat(org.mockito.Mockito.argThat) Single(io.reactivex.Single) Flowable(io.reactivex.Flowable) After(org.junit.After) Email(io.gravitee.am.common.email.Email) ReferenceType(io.gravitee.am.model.ReferenceType) User(io.gravitee.am.model.User) GroupService(io.gravitee.am.service.GroupService) MembershipService(io.gravitee.am.service.MembershipService) Before(org.junit.Before) InjectMocks(org.mockito.InjectMocks) RoleService(io.gravitee.am.service.RoleService) NotifierService(io.gravitee.node.api.notifier.NotifierService) Page(io.gravitee.am.model.common.Page) MemberType(io.gravitee.am.model.membership.MemberType) TYPE_EMAIL_NOTIFIER(io.gravitee.am.management.service.impl.notifications.NotificationDefinitionUtils.TYPE_EMAIL_NOTIFIER) ObjectMapper(com.fasterxml.jackson.databind.ObjectMapper) ReflectionTestUtils(org.springframework.test.util.ReflectionTestUtils) Domain(io.gravitee.am.model.Domain) Test(org.junit.Test) Mockito.times(org.mockito.Mockito.times) DefaultRole(io.gravitee.am.model.permissions.DefaultRole) UUID(java.util.UUID) Mockito.when(org.mockito.Mockito.when) Membership(io.gravitee.am.model.Membership) Collectors(java.util.stream.Collectors) Mockito.verify(org.mockito.Mockito.verify) List(java.util.List) Mockito.never(org.mockito.Mockito.never) OrganizationUserService(io.gravitee.am.service.OrganizationUserService) Mockito.anyInt(org.mockito.Mockito.anyInt) MockitoJUnitRunner(org.mockito.junit.MockitoJUnitRunner) EmailNotifierConfiguration(io.gravitee.am.management.service.impl.notifications.EmailNotifierConfiguration) TYPE_UI_NOTIFIER(io.gravitee.am.management.service.impl.notifications.NotificationDefinitionUtils.TYPE_UI_NOTIFIER) User(io.gravitee.am.model.User) Email(io.gravitee.am.common.email.Email) Membership(io.gravitee.am.model.Membership) Test(org.junit.Test)

Example 18 with Membership

use of io.gravitee.am.model.Membership in project gravitee-access-management by gravitee-io.

the class DomainNotificationServiceTest method shouldNotifyUser_EmailOnly.

@Test
public void shouldNotifyUser_EmailOnly() throws Exception {
    final Membership member = new Membership();
    member.setMemberType(MemberType.USER);
    member.setMemberId("userid");
    when(membershipService.findByCriteria(eq(ReferenceType.DOMAIN), eq(DOMAIN_ID), any())).thenReturn(Flowable.just(member), Flowable.empty());
    final User user = new User();
    user.setEmail("user@acme.fr");
    when(userService.findById(ReferenceType.ORGANIZATION, env.getOrganizationId(), member.getMemberId())).thenReturn(Single.just(user));
    when(emailService.getFinalEmail(any(), any(), any(), any(), any())).thenReturn(new Email());
    cut.registerCertificateExpiration(certificate);
    // wait subscription execution
    Thread.sleep(1000);
    verify(notifierService).register(any(), any(), any());
    verify(groupService, never()).findMembers(any(), any(), any(), anyInt(), anyInt());
}
Also used : User(io.gravitee.am.model.User) Email(io.gravitee.am.common.email.Email) Membership(io.gravitee.am.model.Membership) Test(org.junit.Test)

Example 19 with Membership

use of io.gravitee.am.model.Membership in project gravitee-access-management by gravitee-io.

the class MembershipCommandHandler method handle.

@Override
public Single<MembershipReply> handle(MembershipCommand command) {
    MembershipPayload membershipPayload = command.getPayload();
    ReferenceType assignableType;
    try {
        assignableType = ReferenceType.valueOf(membershipPayload.getReferenceType());
    } catch (Exception e) {
        logger.error("Invalid referenceType [{}].", membershipPayload.getReferenceType());
        return Single.just(new MembershipReply(command.getId(), CommandStatus.ERROR));
    }
    Single<String> userObs = userService.findByExternalIdAndSource(ReferenceType.ORGANIZATION, membershipPayload.getOrganizationId(), membershipPayload.getUserId(), COCKPIT_SOURCE).map(User::getId).toSingle();
    Single<Role> roleObs = findRole(membershipPayload.getRole(), membershipPayload.getOrganizationId(), assignableType);
    return Single.zip(roleObs, userObs, (role, userId) -> {
        Membership membership = new Membership();
        membership.setMemberType(MemberType.USER);
        membership.setMemberId(userId);
        membership.setReferenceType(assignableType);
        membership.setReferenceId(membershipPayload.getReferenceId());
        membership.setRoleId(role.getId());
        return membership;
    }).flatMap(membership -> membershipService.addOrUpdate(membershipPayload.getOrganizationId(), membership)).doOnSuccess(membership -> logger.info("Role [{}] assigned on {} [{}] for user [{}] and organization [{}].", membershipPayload.getRole(), membershipPayload.getReferenceType(), membershipPayload.getReferenceId(), membership.getMemberId(), membershipPayload.getOrganizationId())).map(user -> new MembershipReply(command.getId(), CommandStatus.SUCCEEDED)).doOnError(error -> logger.error("Error occurred when trying to assign role [{}] on {} [{}] for cockpit user [{}] and organization [{}].", membershipPayload.getRole(), membershipPayload.getReferenceType(), membershipPayload.getReferenceId(), membershipPayload.getUserId(), membershipPayload.getOrganizationId(), error)).onErrorReturn(throwable -> new MembershipReply(command.getId(), CommandStatus.ERROR));
}
Also used : SystemRole(io.gravitee.am.model.permissions.SystemRole) Role(io.gravitee.am.model.Role) DefaultRole(io.gravitee.am.model.permissions.DefaultRole) RoleService(io.gravitee.am.service.RoleService) SystemRole(io.gravitee.am.model.permissions.SystemRole) Logger(org.slf4j.Logger) MemberType(io.gravitee.am.model.membership.MemberType) Role(io.gravitee.am.model.Role) UserService(io.gravitee.am.service.UserService) LoggerFactory(org.slf4j.LoggerFactory) MembershipPayload(io.gravitee.cockpit.api.command.membership.MembershipPayload) DefaultRole(io.gravitee.am.model.permissions.DefaultRole) MembershipCommand(io.gravitee.cockpit.api.command.membership.MembershipCommand) Membership(io.gravitee.am.model.Membership) Single(io.reactivex.Single) Command(io.gravitee.cockpit.api.command.Command) Component(org.springframework.stereotype.Component) COCKPIT_SOURCE(io.gravitee.am.management.service.impl.commands.UserCommandHandler.COCKPIT_SOURCE) CommandHandler(io.gravitee.cockpit.api.command.CommandHandler) MembershipReply(io.gravitee.cockpit.api.command.membership.MembershipReply) OrganizationUserService(io.gravitee.am.service.OrganizationUserService) CommandStatus(io.gravitee.cockpit.api.command.CommandStatus) ReferenceType(io.gravitee.am.model.ReferenceType) User(io.gravitee.am.model.User) InvalidRoleException(io.gravitee.am.service.exception.InvalidRoleException) MembershipService(io.gravitee.am.service.MembershipService) MembershipReply(io.gravitee.cockpit.api.command.membership.MembershipReply) MembershipPayload(io.gravitee.cockpit.api.command.membership.MembershipPayload) Membership(io.gravitee.am.model.Membership) ReferenceType(io.gravitee.am.model.ReferenceType) InvalidRoleException(io.gravitee.am.service.exception.InvalidRoleException)

Example 20 with Membership

use of io.gravitee.am.model.Membership in project gravitee-access-management by gravitee-io.

the class MembersResourceTest method shouldNotAddMember_invalidInput.

@Test
public void shouldNotAddMember_invalidInput() {
    Organization organization = new Organization();
    organization.setId(Organization.DEFAULT);
    Membership membership = new Membership();
    membership.setId("membership-1");
    doReturn(Single.just(organization)).when(organizationService).findById(organization.getId());
    doReturn(Single.just(membership)).when(membershipService).addOrUpdate(eq(organization.getId()), any(Membership.class), any(io.gravitee.am.identityprovider.api.User.class));
    // invalid input.
    NewMembership newMembership = new NewMembership();
    final Response response = target("organizations").path(organization.getId()).path("members").request().post(Entity.json(newMembership));
    assertEquals(HttpStatusCode.BAD_REQUEST_400, response.getStatus());
}
Also used : Response(javax.ws.rs.core.Response) Organization(io.gravitee.am.model.Organization) NewMembership(io.gravitee.am.service.model.NewMembership) Membership(io.gravitee.am.model.Membership) NewMembership(io.gravitee.am.service.model.NewMembership) Test(org.junit.Test) JerseySpringTest(io.gravitee.am.management.handlers.management.api.JerseySpringTest)

Aggregations

Membership (io.gravitee.am.model.Membership)24 Test (org.junit.Test)13 NewMembership (io.gravitee.am.service.model.NewMembership)10 ReferenceType (io.gravitee.am.model.ReferenceType)9 MemberType (io.gravitee.am.model.membership.MemberType)7 MembershipService (io.gravitee.am.service.MembershipService)7 Response (javax.ws.rs.core.Response)7 Single (io.reactivex.Single)6 List (java.util.List)6 User (io.gravitee.am.identityprovider.api.User)5 Organization (io.gravitee.am.model.Organization)5 User (io.gravitee.am.model.User)5 AbstractManagementTest (io.gravitee.am.repository.management.AbstractManagementTest)5 RoleService (io.gravitee.am.service.RoleService)5 Maybe (io.reactivex.Maybe)5 Autowired (org.springframework.beans.factory.annotation.Autowired)5 JerseySpringTest (io.gravitee.am.management.handlers.management.api.JerseySpringTest)4 DefaultRole (io.gravitee.am.model.permissions.DefaultRole)4 DomainService (io.gravitee.am.service.DomainService)4 URI (java.net.URI)4