use of io.gravitee.am.model.scim.Attribute in project gravitee-access-management by gravitee-io.
the class OrganizationUserRepositoryTest method buildUser.
private User buildUser() {
User user = new User();
String random = UUID.randomUUID().toString();
user.setReferenceType(ReferenceType.ORGANIZATION);
user.setReferenceId("organization" + random);
user.setUsername("username" + random);
user.setEmail(random + "@acme.fr");
user.setAccountLockedAt(new Date());
user.setAccountLockedUntil(new Date());
user.setAccountNonExpired(true);
user.setAccountNonLocked(true);
user.setClient("client" + random);
user.setCreatedAt(new Date());
user.setCredentialsNonExpired(true);
user.setDisplayName("display" + random);
user.setEnabled(true);
user.setExternalId("external" + random);
user.setInternal(false);
user.setLastName("last" + random);
user.setLoggedAt(new Date());
user.setFirstName("first" + random);
user.setLoginsCount(5l);
user.setNewsletter(false);
user.setNickName("nick" + random);
user.setSource("gravitee");
user.setPassword("testpassword");
Attribute attribute = new Attribute();
attribute.setPrimary(true);
attribute.setType("attrType");
attribute.setValue("val" + random);
user.setEmails(Arrays.asList(attribute));
user.setPhotos(Arrays.asList(attribute));
user.setPhoneNumbers(Arrays.asList(attribute));
user.setIms(Arrays.asList(attribute));
user.setEntitlements(Arrays.asList("ent" + random));
user.setRoles(Arrays.asList("role" + random));
user.setDynamicRoles(Arrays.asList("dynamic_role" + random));
Address addr = new Address();
addr.setCountry("fr");
user.setAddresses(Arrays.asList(addr));
Certificate certificate = new Certificate();
certificate.setValue("cert" + random);
user.setX509Certificates(Arrays.asList(certificate));
EnrolledFactor fact = new EnrolledFactor();
fact.setAppId("app" + random);
fact.setSecurity(new EnrolledFactorSecurity("a", "b", Collections.singletonMap("a", "b")));
fact.setChannel(new EnrolledFactorChannel(EnrolledFactorChannel.Type.EMAIL, "e@e"));
user.setFactors(Arrays.asList(fact));
Map<String, Object> info = new HashMap<>();
info.put(StandardClaims.EMAIL, random + "@info.acme.fr");
user.setAdditionalInformation(info);
return user;
}
use of io.gravitee.am.model.scim.Attribute in project gravitee-access-management by gravitee-io.
the class UserRepositoryTest method buildUser.
private User buildUser() {
User user = new User();
String random = UUID.randomUUID().toString();
user.setReferenceType(ReferenceType.DOMAIN);
user.setReferenceId("domain" + random);
user.setUsername("username" + random);
user.setEmail(random + "@acme.fr");
user.setAccountLockedAt(new Date());
user.setAccountLockedUntil(new Date());
user.setAccountNonExpired(true);
user.setAccountNonLocked(true);
user.setClient("client" + random);
user.setCreatedAt(new Date());
user.setMfaEnrollmentSkippedAt(new Date());
user.setCredentialsNonExpired(true);
user.setDisplayName("display" + random);
user.setEnabled(true);
user.setExternalId("external" + random);
user.setInternal(false);
user.setLastName("last" + random);
user.setLoggedAt(new Date());
user.setLastPasswordReset(new Date());
user.setFirstName("first" + random);
user.setLoginsCount(5l);
user.setNewsletter(false);
user.setNickName("nick" + random);
user.setSource("test");
Attribute attribute = new Attribute();
attribute.setPrimary(true);
attribute.setType("attrType");
attribute.setValue("val" + random);
user.setEmails(Arrays.asList(attribute));
user.setPhotos(Arrays.asList(attribute));
user.setPhoneNumbers(Arrays.asList(attribute));
user.setIms(Arrays.asList(attribute));
user.setEntitlements(Arrays.asList("ent" + random));
user.setRoles(Arrays.asList("role" + random));
user.setDynamicRoles(Arrays.asList("dynamic_role" + random));
Address addr = new Address();
addr.setCountry("fr");
user.setAddresses(Arrays.asList(addr));
Certificate certificate = new Certificate();
certificate.setValue("cert" + random);
user.setX509Certificates(Arrays.asList(certificate));
EnrolledFactor fact = new EnrolledFactor();
fact.setAppId("app" + random);
fact.setSecurity(new EnrolledFactorSecurity("a", "b", Collections.singletonMap("a", "b")));
fact.setChannel(new EnrolledFactorChannel(EnrolledFactorChannel.Type.EMAIL, "e@e"));
user.setFactors(Arrays.asList(fact));
Map<String, Object> info = new HashMap<>();
info.put(StandardClaims.EMAIL, random + "@info.acme.fr");
user.setAdditionalInformation(info);
return user;
}
use of io.gravitee.am.model.scim.Attribute in project gravitee-access-management by gravitee-io.
the class UserFactorUpdaterTest method shouldNotUpdateEmail_NoChange.
@Test
public void shouldNotUpdateEmail_NoChange() {
User existingUser = new User();
existingUser.setEmail("email@domain.org");
Attribute email1 = new Attribute();
email1.setValue(existingUser.getEmail());
Attribute email2 = new Attribute();
email2.setValue("email2@domain.org");
Attribute email3 = new Attribute();
email3.setValue("email3@domain.org");
existingUser.setEmails(Arrays.asList(email1, email2, email3));
EnrolledFactor factor = new EnrolledFactor();
factor.setChannel(new EnrolledFactorChannel(EnrolledFactorChannel.Type.EMAIL, email3.getValue()));
User updatedUser = new User();
updatedUser.setEmail(null);
Attribute uemail1 = new Attribute();
// value is the same
uemail1.setValue(email1.getValue());
Attribute uemail2 = new Attribute();
uemail2.setValue("uemail2@domain.org");
updatedUser.setEmails(Arrays.asList(uemail1, uemail2));
UserFactorUpdater.updateFactors(singletonList(factor), existingUser, updatedUser);
assertEquals("Email should not be updated", email3.getValue(), factor.getChannel().getTarget());
}
use of io.gravitee.am.model.scim.Attribute in project gravitee-access-management by gravitee-io.
the class UserServiceImpl method upsertFactor.
@Override
public Single<User> upsertFactor(String userId, EnrolledFactor enrolledFactor, io.gravitee.am.identityprovider.api.User principal) {
return findById(userId).switchIfEmpty(Maybe.error(new UserNotFoundException(userId))).flatMapSingle(oldUser -> {
User user = new User(oldUser);
List<EnrolledFactor> enrolledFactors = user.getFactors();
if (enrolledFactors == null || enrolledFactors.isEmpty()) {
enrolledFactors = Collections.singletonList(enrolledFactor);
} else {
// if current factor is primary, set the others to secondary
if (Boolean.TRUE.equals(enrolledFactor.isPrimary())) {
enrolledFactors.forEach(e -> e.setPrimary(false));
}
// if the Factor already exists, update the target and the security value
Optional<EnrolledFactor> optFactor = enrolledFactors.stream().filter(existingFactor -> existingFactor.getFactorId().equals(enrolledFactor.getFactorId())).findFirst();
if (optFactor.isPresent()) {
EnrolledFactor factorToUpdate = new EnrolledFactor(optFactor.get());
factorToUpdate.setStatus(enrolledFactor.getStatus());
factorToUpdate.setChannel(enrolledFactor.getChannel());
factorToUpdate.setSecurity(enrolledFactor.getSecurity());
factorToUpdate.setPrimary(enrolledFactor.isPrimary());
// update the factor
enrolledFactors.removeIf(ef -> factorToUpdate.getFactorId().equals(ef.getFactorId()));
enrolledFactors.add(factorToUpdate);
} else {
enrolledFactors.add(enrolledFactor);
}
}
user.setFactors(enrolledFactors);
if (enrolledFactor.getChannel() != null && EnrolledFactorChannel.Type.SMS.equals(enrolledFactor.getChannel().getType())) {
// MFA SMS currently used, preserve the phone number into the user profile if not yet present
List<Attribute> phoneNumbers = user.getPhoneNumbers();
if (phoneNumbers == null) {
phoneNumbers = new ArrayList<>();
user.setPhoneNumbers(phoneNumbers);
}
String enrolledPhoneNumber = enrolledFactor.getChannel().getTarget();
if (!phoneNumbers.stream().filter(p -> p.getValue().equals(enrolledPhoneNumber)).findFirst().isPresent()) {
Attribute newPhoneNumber = new Attribute();
newPhoneNumber.setType("mobile");
newPhoneNumber.setPrimary(phoneNumbers.isEmpty());
newPhoneNumber.setValue(enrolledPhoneNumber);
phoneNumbers.add(newPhoneNumber);
}
}
if (enrolledFactor.getChannel() != null && EnrolledFactorChannel.Type.EMAIL.equals(enrolledFactor.getChannel().getType())) {
// MFA EMAIL currently used, preserve the email into the user profile if not yet present
String email = user.getEmail();
String enrolledEmail = enrolledFactor.getChannel().getTarget();
if (email == null) {
user.setEmail(enrolledEmail);
} else if (!email.equals(enrolledEmail)) {
// an email is already present but doesn't match the one provided as security factor
// register this email in the user profile.
List<Attribute> emails = user.getEmails();
if (emails == null) {
emails = new ArrayList<>();
user.setEmails(emails);
}
if (!emails.stream().filter(p -> p.getValue().equals(enrolledEmail)).findFirst().isPresent()) {
Attribute additionalEmail = new Attribute();
additionalEmail.setPrimary(false);
additionalEmail.setValue(enrolledEmail);
emails.add(additionalEmail);
}
}
}
return update(user).doOnSuccess(user1 -> {
if (needToAuditUserFactorsOperation(user1, oldUser)) {
// remove sensitive data about factors
removeSensitiveFactorsData(user1.getFactors());
removeSensitiveFactorsData(oldUser.getFactors());
auditService.report(AuditBuilder.builder(UserAuditBuilder.class).principal(principal).type(EventType.USER_UPDATED).user(user1).oldValue(oldUser));
}
}).doOnError(throwable -> auditService.report(AuditBuilder.builder(UserAuditBuilder.class).principal(principal).type(EventType.USER_UPDATED).throwable(throwable)));
});
}
use of io.gravitee.am.model.scim.Attribute in project gravitee-access-management by gravitee-io.
the class UserFactorUpdaterTest method shouldUpdateEmail_WithEmailAttributes.
@Test
public void shouldUpdateEmail_WithEmailAttributes() {
User existingUser = new User();
existingUser.setEmail("email@domain.org");
Attribute email1 = new Attribute();
email1.setValue(existingUser.getEmail());
Attribute email2 = new Attribute();
email2.setValue("email2@domain.org");
existingUser.setEmails(Arrays.asList(email1, email2));
EnrolledFactor factor = new EnrolledFactor();
factor.setChannel(new EnrolledFactorChannel(EnrolledFactorChannel.Type.EMAIL, email2.getValue()));
User updatedUser = new User();
updatedUser.setEmail(null);
Attribute uemail1 = new Attribute();
// value is the same
uemail1.setValue(email1.getValue());
Attribute uemail2 = new Attribute();
uemail2.setValue("uemail2@domain.org");
updatedUser.setEmails(Arrays.asList(uemail1, uemail2));
UserFactorUpdater.updateFactors(singletonList(factor), existingUser, updatedUser);
assertEquals("Email should be updated", uemail2.getValue(), factor.getChannel().getTarget());
}
Aggregations