Search in sources :

Example 1 with Attribute

use of io.gravitee.am.model.scim.Attribute in project gravitee-access-management by gravitee-io.

the class OrganizationUserRepositoryTest method buildUser.

private User buildUser() {
    User user = new User();
    String random = UUID.randomUUID().toString();
    user.setReferenceType(ReferenceType.ORGANIZATION);
    user.setReferenceId("organization" + random);
    user.setUsername("username" + random);
    user.setEmail(random + "@acme.fr");
    user.setAccountLockedAt(new Date());
    user.setAccountLockedUntil(new Date());
    user.setAccountNonExpired(true);
    user.setAccountNonLocked(true);
    user.setClient("client" + random);
    user.setCreatedAt(new Date());
    user.setCredentialsNonExpired(true);
    user.setDisplayName("display" + random);
    user.setEnabled(true);
    user.setExternalId("external" + random);
    user.setInternal(false);
    user.setLastName("last" + random);
    user.setLoggedAt(new Date());
    user.setFirstName("first" + random);
    user.setLoginsCount(5l);
    user.setNewsletter(false);
    user.setNickName("nick" + random);
    user.setSource("gravitee");
    user.setPassword("testpassword");
    Attribute attribute = new Attribute();
    attribute.setPrimary(true);
    attribute.setType("attrType");
    attribute.setValue("val" + random);
    user.setEmails(Arrays.asList(attribute));
    user.setPhotos(Arrays.asList(attribute));
    user.setPhoneNumbers(Arrays.asList(attribute));
    user.setIms(Arrays.asList(attribute));
    user.setEntitlements(Arrays.asList("ent" + random));
    user.setRoles(Arrays.asList("role" + random));
    user.setDynamicRoles(Arrays.asList("dynamic_role" + random));
    Address addr = new Address();
    addr.setCountry("fr");
    user.setAddresses(Arrays.asList(addr));
    Certificate certificate = new Certificate();
    certificate.setValue("cert" + random);
    user.setX509Certificates(Arrays.asList(certificate));
    EnrolledFactor fact = new EnrolledFactor();
    fact.setAppId("app" + random);
    fact.setSecurity(new EnrolledFactorSecurity("a", "b", Collections.singletonMap("a", "b")));
    fact.setChannel(new EnrolledFactorChannel(EnrolledFactorChannel.Type.EMAIL, "e@e"));
    user.setFactors(Arrays.asList(fact));
    Map<String, Object> info = new HashMap<>();
    info.put(StandardClaims.EMAIL, random + "@info.acme.fr");
    user.setAdditionalInformation(info);
    return user;
}
Also used : EnrolledFactorChannel(io.gravitee.am.model.factor.EnrolledFactorChannel) User(io.gravitee.am.model.User) Address(io.gravitee.am.model.scim.Address) Attribute(io.gravitee.am.model.scim.Attribute) EnrolledFactor(io.gravitee.am.model.factor.EnrolledFactor) EnrolledFactorSecurity(io.gravitee.am.model.factor.EnrolledFactorSecurity) Certificate(io.gravitee.am.model.scim.Certificate)

Example 2 with Attribute

use of io.gravitee.am.model.scim.Attribute in project gravitee-access-management by gravitee-io.

the class UserRepositoryTest method buildUser.

private User buildUser() {
    User user = new User();
    String random = UUID.randomUUID().toString();
    user.setReferenceType(ReferenceType.DOMAIN);
    user.setReferenceId("domain" + random);
    user.setUsername("username" + random);
    user.setEmail(random + "@acme.fr");
    user.setAccountLockedAt(new Date());
    user.setAccountLockedUntil(new Date());
    user.setAccountNonExpired(true);
    user.setAccountNonLocked(true);
    user.setClient("client" + random);
    user.setCreatedAt(new Date());
    user.setMfaEnrollmentSkippedAt(new Date());
    user.setCredentialsNonExpired(true);
    user.setDisplayName("display" + random);
    user.setEnabled(true);
    user.setExternalId("external" + random);
    user.setInternal(false);
    user.setLastName("last" + random);
    user.setLoggedAt(new Date());
    user.setLastPasswordReset(new Date());
    user.setFirstName("first" + random);
    user.setLoginsCount(5l);
    user.setNewsletter(false);
    user.setNickName("nick" + random);
    user.setSource("test");
    Attribute attribute = new Attribute();
    attribute.setPrimary(true);
    attribute.setType("attrType");
    attribute.setValue("val" + random);
    user.setEmails(Arrays.asList(attribute));
    user.setPhotos(Arrays.asList(attribute));
    user.setPhoneNumbers(Arrays.asList(attribute));
    user.setIms(Arrays.asList(attribute));
    user.setEntitlements(Arrays.asList("ent" + random));
    user.setRoles(Arrays.asList("role" + random));
    user.setDynamicRoles(Arrays.asList("dynamic_role" + random));
    Address addr = new Address();
    addr.setCountry("fr");
    user.setAddresses(Arrays.asList(addr));
    Certificate certificate = new Certificate();
    certificate.setValue("cert" + random);
    user.setX509Certificates(Arrays.asList(certificate));
    EnrolledFactor fact = new EnrolledFactor();
    fact.setAppId("app" + random);
    fact.setSecurity(new EnrolledFactorSecurity("a", "b", Collections.singletonMap("a", "b")));
    fact.setChannel(new EnrolledFactorChannel(EnrolledFactorChannel.Type.EMAIL, "e@e"));
    user.setFactors(Arrays.asList(fact));
    Map<String, Object> info = new HashMap<>();
    info.put(StandardClaims.EMAIL, random + "@info.acme.fr");
    user.setAdditionalInformation(info);
    return user;
}
Also used : EnrolledFactorChannel(io.gravitee.am.model.factor.EnrolledFactorChannel) User(io.gravitee.am.model.User) Address(io.gravitee.am.model.scim.Address) Attribute(io.gravitee.am.model.scim.Attribute) EnrolledFactor(io.gravitee.am.model.factor.EnrolledFactor) EnrolledFactorSecurity(io.gravitee.am.model.factor.EnrolledFactorSecurity) Certificate(io.gravitee.am.model.scim.Certificate)

Example 3 with Attribute

use of io.gravitee.am.model.scim.Attribute in project gravitee-access-management by gravitee-io.

the class UserFactorUpdaterTest method shouldNotUpdateEmail_NoChange.

@Test
public void shouldNotUpdateEmail_NoChange() {
    User existingUser = new User();
    existingUser.setEmail("email@domain.org");
    Attribute email1 = new Attribute();
    email1.setValue(existingUser.getEmail());
    Attribute email2 = new Attribute();
    email2.setValue("email2@domain.org");
    Attribute email3 = new Attribute();
    email3.setValue("email3@domain.org");
    existingUser.setEmails(Arrays.asList(email1, email2, email3));
    EnrolledFactor factor = new EnrolledFactor();
    factor.setChannel(new EnrolledFactorChannel(EnrolledFactorChannel.Type.EMAIL, email3.getValue()));
    User updatedUser = new User();
    updatedUser.setEmail(null);
    Attribute uemail1 = new Attribute();
    // value is the same
    uemail1.setValue(email1.getValue());
    Attribute uemail2 = new Attribute();
    uemail2.setValue("uemail2@domain.org");
    updatedUser.setEmails(Arrays.asList(uemail1, uemail2));
    UserFactorUpdater.updateFactors(singletonList(factor), existingUser, updatedUser);
    assertEquals("Email should not be updated", email3.getValue(), factor.getChannel().getTarget());
}
Also used : EnrolledFactorChannel(io.gravitee.am.model.factor.EnrolledFactorChannel) User(io.gravitee.am.model.User) Attribute(io.gravitee.am.model.scim.Attribute) EnrolledFactor(io.gravitee.am.model.factor.EnrolledFactor) Test(org.junit.Test)

Example 4 with Attribute

use of io.gravitee.am.model.scim.Attribute in project gravitee-access-management by gravitee-io.

the class UserServiceImpl method upsertFactor.

@Override
public Single<User> upsertFactor(String userId, EnrolledFactor enrolledFactor, io.gravitee.am.identityprovider.api.User principal) {
    return findById(userId).switchIfEmpty(Maybe.error(new UserNotFoundException(userId))).flatMapSingle(oldUser -> {
        User user = new User(oldUser);
        List<EnrolledFactor> enrolledFactors = user.getFactors();
        if (enrolledFactors == null || enrolledFactors.isEmpty()) {
            enrolledFactors = Collections.singletonList(enrolledFactor);
        } else {
            // if current factor is primary, set the others to secondary
            if (Boolean.TRUE.equals(enrolledFactor.isPrimary())) {
                enrolledFactors.forEach(e -> e.setPrimary(false));
            }
            // if the Factor already exists, update the target and the security value
            Optional<EnrolledFactor> optFactor = enrolledFactors.stream().filter(existingFactor -> existingFactor.getFactorId().equals(enrolledFactor.getFactorId())).findFirst();
            if (optFactor.isPresent()) {
                EnrolledFactor factorToUpdate = new EnrolledFactor(optFactor.get());
                factorToUpdate.setStatus(enrolledFactor.getStatus());
                factorToUpdate.setChannel(enrolledFactor.getChannel());
                factorToUpdate.setSecurity(enrolledFactor.getSecurity());
                factorToUpdate.setPrimary(enrolledFactor.isPrimary());
                // update the factor
                enrolledFactors.removeIf(ef -> factorToUpdate.getFactorId().equals(ef.getFactorId()));
                enrolledFactors.add(factorToUpdate);
            } else {
                enrolledFactors.add(enrolledFactor);
            }
        }
        user.setFactors(enrolledFactors);
        if (enrolledFactor.getChannel() != null && EnrolledFactorChannel.Type.SMS.equals(enrolledFactor.getChannel().getType())) {
            // MFA SMS currently used, preserve the phone number into the user profile if not yet present
            List<Attribute> phoneNumbers = user.getPhoneNumbers();
            if (phoneNumbers == null) {
                phoneNumbers = new ArrayList<>();
                user.setPhoneNumbers(phoneNumbers);
            }
            String enrolledPhoneNumber = enrolledFactor.getChannel().getTarget();
            if (!phoneNumbers.stream().filter(p -> p.getValue().equals(enrolledPhoneNumber)).findFirst().isPresent()) {
                Attribute newPhoneNumber = new Attribute();
                newPhoneNumber.setType("mobile");
                newPhoneNumber.setPrimary(phoneNumbers.isEmpty());
                newPhoneNumber.setValue(enrolledPhoneNumber);
                phoneNumbers.add(newPhoneNumber);
            }
        }
        if (enrolledFactor.getChannel() != null && EnrolledFactorChannel.Type.EMAIL.equals(enrolledFactor.getChannel().getType())) {
            // MFA EMAIL currently used, preserve the email into the user profile if not yet present
            String email = user.getEmail();
            String enrolledEmail = enrolledFactor.getChannel().getTarget();
            if (email == null) {
                user.setEmail(enrolledEmail);
            } else if (!email.equals(enrolledEmail)) {
                // an email is already present but doesn't match the one provided as security factor
                // register this email in the user profile.
                List<Attribute> emails = user.getEmails();
                if (emails == null) {
                    emails = new ArrayList<>();
                    user.setEmails(emails);
                }
                if (!emails.stream().filter(p -> p.getValue().equals(enrolledEmail)).findFirst().isPresent()) {
                    Attribute additionalEmail = new Attribute();
                    additionalEmail.setPrimary(false);
                    additionalEmail.setValue(enrolledEmail);
                    emails.add(additionalEmail);
                }
            }
        }
        return update(user).doOnSuccess(user1 -> {
            if (needToAuditUserFactorsOperation(user1, oldUser)) {
                // remove sensitive data about factors
                removeSensitiveFactorsData(user1.getFactors());
                removeSensitiveFactorsData(oldUser.getFactors());
                auditService.report(AuditBuilder.builder(UserAuditBuilder.class).principal(principal).type(EventType.USER_UPDATED).user(user1).oldValue(oldUser));
            }
        }).doOnError(throwable -> auditService.report(AuditBuilder.builder(UserAuditBuilder.class).principal(principal).type(EventType.USER_UPDATED).throwable(throwable)));
    });
}
Also used : UserNotFoundException(io.gravitee.am.service.exception.UserNotFoundException) java.util(java.util) UserRepository(io.gravitee.am.repository.management.api.UserRepository) Completable(io.reactivex.Completable) UserService(io.gravitee.am.service.UserService) Maybe(io.reactivex.Maybe) Autowired(org.springframework.beans.factory.annotation.Autowired) AnalyticsQuery(io.gravitee.am.model.analytics.AnalyticsQuery) AuditService(io.gravitee.am.service.AuditService) Single(io.reactivex.Single) Event(io.gravitee.am.model.common.event.Event) Type(io.gravitee.am.common.event.Type) EnrolledFactorChannel(io.gravitee.am.model.factor.EnrolledFactorChannel) TechnicalManagementException(io.gravitee.am.service.exception.TechnicalManagementException) Attribute(io.gravitee.am.model.scim.Attribute) Flowable(io.reactivex.Flowable) EnrolledFactor(io.gravitee.am.model.factor.EnrolledFactor) AuditBuilder(io.gravitee.am.service.reporter.builder.AuditBuilder) ReferenceType(io.gravitee.am.model.ReferenceType) FactorStatus(io.gravitee.am.model.factor.FactorStatus) User(io.gravitee.am.model.User) Action(io.gravitee.am.common.event.Action) Page(io.gravitee.am.model.common.Page) EventType(io.gravitee.am.common.audit.EventType) NewUser(io.gravitee.am.service.model.NewUser) AbstractManagementException(io.gravitee.am.service.exception.AbstractManagementException) Collectors(java.util.stream.Collectors) UserNotFoundException(io.gravitee.am.service.exception.UserNotFoundException) Component(org.springframework.stereotype.Component) UpdateUser(io.gravitee.am.service.model.UpdateUser) UserAuditBuilder(io.gravitee.am.service.reporter.builder.management.UserAuditBuilder) Payload(io.gravitee.am.model.common.event.Payload) Lazy(org.springframework.context.annotation.Lazy) User(io.gravitee.am.model.User) NewUser(io.gravitee.am.service.model.NewUser) UpdateUser(io.gravitee.am.service.model.UpdateUser) Attribute(io.gravitee.am.model.scim.Attribute) EnrolledFactor(io.gravitee.am.model.factor.EnrolledFactor) UserAuditBuilder(io.gravitee.am.service.reporter.builder.management.UserAuditBuilder)

Example 5 with Attribute

use of io.gravitee.am.model.scim.Attribute in project gravitee-access-management by gravitee-io.

the class UserFactorUpdaterTest method shouldUpdateEmail_WithEmailAttributes.

@Test
public void shouldUpdateEmail_WithEmailAttributes() {
    User existingUser = new User();
    existingUser.setEmail("email@domain.org");
    Attribute email1 = new Attribute();
    email1.setValue(existingUser.getEmail());
    Attribute email2 = new Attribute();
    email2.setValue("email2@domain.org");
    existingUser.setEmails(Arrays.asList(email1, email2));
    EnrolledFactor factor = new EnrolledFactor();
    factor.setChannel(new EnrolledFactorChannel(EnrolledFactorChannel.Type.EMAIL, email2.getValue()));
    User updatedUser = new User();
    updatedUser.setEmail(null);
    Attribute uemail1 = new Attribute();
    // value is the same
    uemail1.setValue(email1.getValue());
    Attribute uemail2 = new Attribute();
    uemail2.setValue("uemail2@domain.org");
    updatedUser.setEmails(Arrays.asList(uemail1, uemail2));
    UserFactorUpdater.updateFactors(singletonList(factor), existingUser, updatedUser);
    assertEquals("Email should be updated", uemail2.getValue(), factor.getChannel().getTarget());
}
Also used : EnrolledFactorChannel(io.gravitee.am.model.factor.EnrolledFactorChannel) User(io.gravitee.am.model.User) Attribute(io.gravitee.am.model.scim.Attribute) EnrolledFactor(io.gravitee.am.model.factor.EnrolledFactor) Test(org.junit.Test)

Aggregations

User (io.gravitee.am.model.User)6 EnrolledFactor (io.gravitee.am.model.factor.EnrolledFactor)6 EnrolledFactorChannel (io.gravitee.am.model.factor.EnrolledFactorChannel)6 Attribute (io.gravitee.am.model.scim.Attribute)6 Test (org.junit.Test)3 EnrolledFactorSecurity (io.gravitee.am.model.factor.EnrolledFactorSecurity)2 Address (io.gravitee.am.model.scim.Address)2 Certificate (io.gravitee.am.model.scim.Certificate)2 EventType (io.gravitee.am.common.audit.EventType)1 Action (io.gravitee.am.common.event.Action)1 Type (io.gravitee.am.common.event.Type)1 ReferenceType (io.gravitee.am.model.ReferenceType)1 AnalyticsQuery (io.gravitee.am.model.analytics.AnalyticsQuery)1 Page (io.gravitee.am.model.common.Page)1 Event (io.gravitee.am.model.common.event.Event)1 Payload (io.gravitee.am.model.common.event.Payload)1 FactorStatus (io.gravitee.am.model.factor.FactorStatus)1 UserRepository (io.gravitee.am.repository.management.api.UserRepository)1 AuditService (io.gravitee.am.service.AuditService)1 UserService (io.gravitee.am.service.UserService)1