Search in sources :

Example 6 with SyncopeClient

use of org.apache.syncope.client.lib.SyncopeClient in project syncope by apache.

the class UserSelfITCase method updateWithApproval.

@Test
public void updateWithApproval() {
    assumeTrue(FlowableDetector.isFlowableEnabledForUsers(syncopeService));
    // 1. create user as admin
    UserTO created = createUser(UserITCase.getUniqueSampleTO("anonymous@syncope.apache.org")).getEntity();
    assertNotNull(created);
    assertFalse(created.getUsername().endsWith("XX"));
    // 2. self-update (username + memberships + resource) - works but needs approval
    UserPatch userPatch = new UserPatch();
    userPatch.setKey(created.getKey());
    userPatch.setUsername(new StringReplacePatchItem.Builder().value(created.getUsername() + "XX").build());
    userPatch.getMemberships().add(new MembershipPatch.Builder().operation(PatchOperation.ADD_REPLACE).group("bf825fe1-7320-4a54-bd64-143b5c18ab97").build());
    userPatch.getResources().add(new StringPatchItem.Builder().operation(PatchOperation.ADD_REPLACE).value(RESOURCE_NAME_TESTDB).build());
    userPatch.setPassword(new PasswordPatch.Builder().value("newPassword123").onSyncope(false).resource(RESOURCE_NAME_TESTDB).build());
    SyncopeClient authClient = clientFactory.create(created.getUsername(), "password123");
    UserTO updated = authClient.getService(UserSelfService.class).update(userPatch).readEntity(new GenericType<ProvisioningResult<UserTO>>() {
    }).getEntity();
    assertNotNull(updated);
    assertEquals("updateApproval", updated.getStatus());
    assertFalse(updated.getUsername().endsWith("XX"));
    assertTrue(updated.getMemberships().isEmpty());
    // no propagation happened
    assertTrue(updated.getResources().isEmpty());
    try {
        resourceService.readConnObject(RESOURCE_NAME_TESTDB, AnyTypeKind.USER.name(), updated.getKey());
        fail("This should not happen");
    } catch (SyncopeClientException e) {
        assertEquals(ClientExceptionType.NotFound, e.getType());
    }
    // 3. approve self-update as admin
    WorkflowFormTO form = userWorkflowService.getFormForUser(updated.getKey());
    form = userWorkflowService.claimForm(form.getTaskId());
    form.getProperty("approveUpdate").get().setValue(Boolean.TRUE.toString());
    updated = userWorkflowService.submitForm(form);
    assertNotNull(updated);
    assertEquals("active", updated.getStatus());
    assertTrue(updated.getUsername().endsWith("XX"));
    assertEquals(1, updated.getMemberships().size());
    // check that propagation also happened
    assertTrue(updated.getResources().contains(RESOURCE_NAME_TESTDB));
    assertNotNull(resourceService.readConnObject(RESOURCE_NAME_TESTDB, AnyTypeKind.USER.name(), updated.getKey()));
}
Also used : GenericType(javax.ws.rs.core.GenericType) PasswordPatch(org.apache.syncope.common.lib.patch.PasswordPatch) StringReplacePatchItem(org.apache.syncope.common.lib.patch.StringReplacePatchItem) UserSelfService(org.apache.syncope.common.rest.api.service.UserSelfService) UserTO(org.apache.syncope.common.lib.to.UserTO) SyncopeClientException(org.apache.syncope.common.lib.SyncopeClientException) UserPatch(org.apache.syncope.common.lib.patch.UserPatch) SyncopeClient(org.apache.syncope.client.lib.SyncopeClient) WorkflowFormTO(org.apache.syncope.common.lib.to.WorkflowFormTO) Test(org.junit.jupiter.api.Test)

Example 7 with SyncopeClient

use of org.apache.syncope.client.lib.SyncopeClient in project syncope by apache.

the class UserWorkflowITCase method updateApproval.

@Test
public void updateApproval() {
    assumeTrue(FlowableDetector.isFlowableEnabledForUsers(syncopeService));
    // read forms *before* any operation
    List<WorkflowFormTO> forms = userWorkflowService.getForms();
    assertNotNull(forms);
    int preForms = forms.size();
    UserTO created = createUser(UserITCase.getUniqueSampleTO("updateApproval@syncope.apache.org")).getEntity();
    assertNotNull(created);
    assertEquals("/", created.getRealm());
    assertEquals(0, created.getMemberships().size());
    UserPatch patch = new UserPatch();
    patch.setKey(created.getKey());
    patch.getMemberships().add(new MembershipPatch.Builder().group("b1f7c12d-ec83-441f-a50e-1691daaedf3b").build());
    SyncopeClient client = clientFactory.create(created.getUsername(), "password123");
    Response response = client.getService(UserSelfService.class).update(patch);
    assertEquals(Response.Status.OK.getStatusCode(), response.getStatus());
    assertEquals("updateApproval", userService.read(created.getKey()).getStatus());
    forms = userWorkflowService.getForms();
    assertNotNull(forms);
    assertEquals(preForms + 1, forms.size());
    WorkflowFormTO form = userWorkflowService.getFormForUser(created.getKey());
    assertNotNull(form);
    assertNotNull(form.getTaskId());
    assertNull(form.getOwner());
    assertNotNull(form.getUserTO());
    assertNotNull(form.getUserPatch());
    assertEquals(patch, form.getUserPatch());
    // as admin, request for more changes: still pending approval
    patch.setRealm(new StringReplacePatchItem.Builder().value("/even/two").build());
    response = userService.update(patch);
    assertEquals(Response.Status.OK.getStatusCode(), response.getStatus());
    assertEquals("updateApproval", userService.read(created.getKey()).getStatus());
    // the patch is updated in the approval form
    form = userWorkflowService.getFormForUser(created.getKey());
    assertEquals(patch, form.getUserPatch());
    // approve the user
    form = userWorkflowService.claimForm(form.getTaskId());
    form.getProperty("approveUpdate").get().setValue(Boolean.TRUE.toString());
    userWorkflowService.submitForm(form);
    // verify that the approved user bears both original and further changes
    UserTO approved = userService.read(created.getKey());
    assertNotNull(approved);
    assertEquals("/even/two", approved.getRealm());
    assertEquals(1, approved.getMemberships().size());
    assertNotNull(approved.getMembership("b1f7c12d-ec83-441f-a50e-1691daaedf3b").get());
}
Also used : Response(javax.ws.rs.core.Response) MembershipPatch(org.apache.syncope.common.lib.patch.MembershipPatch) StringReplacePatchItem(org.apache.syncope.common.lib.patch.StringReplacePatchItem) UserSelfService(org.apache.syncope.common.rest.api.service.UserSelfService) UserTO(org.apache.syncope.common.lib.to.UserTO) WorkflowFormTO(org.apache.syncope.common.lib.to.WorkflowFormTO) UserPatch(org.apache.syncope.common.lib.patch.UserPatch) SyncopeClient(org.apache.syncope.client.lib.SyncopeClient) Test(org.junit.jupiter.api.Test)

Example 8 with SyncopeClient

use of org.apache.syncope.client.lib.SyncopeClient in project syncope by apache.

the class GroupITCase method anonymous.

@Test
public void anonymous() {
    GroupService unauthenticated = clientFactory.create().getService(GroupService.class);
    try {
        unauthenticated.search(new AnyQuery.Builder().realm("/even").build());
        fail("This should not happen");
    } catch (AccessControlException e) {
        assertNotNull(e);
    }
    SyncopeClient anonymous = clientFactory.create(new AnonymousAuthenticationHandler(ANONYMOUS_UNAME, ANONYMOUS_KEY));
    try {
        anonymous.getService(GroupService.class).search(new AnyQuery.Builder().realm("/even").build());
        fail("This should not happen");
    } catch (ForbiddenException e) {
        assertNotNull(e);
    }
    assertFalse(anonymous.getService(SyncopeService.class).searchAssignableGroups("/even", null, 1, 100).getResult().isEmpty());
}
Also used : ForbiddenException(javax.ws.rs.ForbiddenException) AccessControlException(java.security.AccessControlException) AnonymousAuthenticationHandler(org.apache.syncope.client.lib.AnonymousAuthenticationHandler) AnyQuery(org.apache.syncope.common.rest.api.beans.AnyQuery) GroupService(org.apache.syncope.common.rest.api.service.GroupService) SyncopeClient(org.apache.syncope.client.lib.SyncopeClient) Test(org.junit.jupiter.api.Test)

Example 9 with SyncopeClient

use of org.apache.syncope.client.lib.SyncopeClient in project syncope by apache.

the class JWTITCase method thirdPartyTokenUnknownUser.

@Test
public void thirdPartyTokenUnknownUser() throws ParseException {
    // Create a new token
    Date now = new Date();
    long currentTime = now.getTime() / 1000L;
    Calendar expiry = Calendar.getInstance();
    expiry.setTime(now);
    expiry.add(Calendar.MINUTE, 5);
    JwtClaims jwtClaims = new JwtClaims();
    jwtClaims.setTokenId(UUID.randomUUID().toString());
    jwtClaims.setSubject("strauss@apache.org");
    jwtClaims.setIssuedAt(currentTime);
    jwtClaims.setIssuer(CustomJWTSSOProvider.ISSUER);
    jwtClaims.setExpiryTime(expiry.getTime().getTime() / 1000L);
    jwtClaims.setNotBefore(currentTime);
    JwsHeaders jwsHeaders = new JwsHeaders(JoseType.JWT, SignatureAlgorithm.HS512);
    JwtToken jwtToken = new JwtToken(jwsHeaders, jwtClaims);
    JwsJwtCompactProducer producer = new JwsJwtCompactProducer(jwtToken);
    JwsSignatureProvider jwsSignatureProvider = new HmacJwsSignatureProvider(CustomJWTSSOProvider.CUSTOM_KEY.getBytes(), SignatureAlgorithm.HS512);
    String signed = producer.signWith(jwsSignatureProvider);
    SyncopeClient jwtClient = clientFactory.create(signed);
    try {
        jwtClient.self();
        fail("Failure expected on an unknown subject");
    } catch (AccessControlException ex) {
    // expected
    }
}
Also used : JwtToken(org.apache.cxf.rs.security.jose.jwt.JwtToken) JwsHeaders(org.apache.cxf.rs.security.jose.jws.JwsHeaders) JwsJwtCompactProducer(org.apache.cxf.rs.security.jose.jws.JwsJwtCompactProducer) JwtClaims(org.apache.cxf.rs.security.jose.jwt.JwtClaims) Calendar(java.util.Calendar) HmacJwsSignatureProvider(org.apache.cxf.rs.security.jose.jws.HmacJwsSignatureProvider) AccessControlException(java.security.AccessControlException) Date(java.util.Date) SyncopeClient(org.apache.syncope.client.lib.SyncopeClient) JwsSignatureProvider(org.apache.cxf.rs.security.jose.jws.JwsSignatureProvider) NoneJwsSignatureProvider(org.apache.cxf.rs.security.jose.jws.NoneJwsSignatureProvider) HmacJwsSignatureProvider(org.apache.cxf.rs.security.jose.jws.HmacJwsSignatureProvider) Test(org.junit.jupiter.api.Test)

Example 10 with SyncopeClient

use of org.apache.syncope.client.lib.SyncopeClient in project syncope by apache.

the class JWTITCase method expiredToken.

@Test
public void expiredToken() throws ParseException {
    // Get an initial token
    SyncopeClient localClient = clientFactory.create(ADMIN_UNAME, ADMIN_PWD);
    AccessTokenService accessTokenService = localClient.getService(AccessTokenService.class);
    Response response = accessTokenService.login();
    String token = response.getHeaderString(RESTHeaders.TOKEN);
    assertNotNull(token);
    JwsJwtCompactConsumer consumer = new JwsJwtCompactConsumer(token);
    String tokenId = consumer.getJwtClaims().getTokenId();
    // Create a new token using the Id of the first token
    Date now = new Date();
    long currentTime = now.getTime() / 1000L;
    Calendar expiry = Calendar.getInstance();
    expiry.setTime(now);
    expiry.add(Calendar.MINUTE, 5);
    JwtClaims jwtClaims = new JwtClaims();
    jwtClaims.setTokenId(tokenId);
    jwtClaims.setSubject(ADMIN_UNAME);
    jwtClaims.setIssuedAt(currentTime);
    jwtClaims.setIssuer(JWT_ISSUER);
    jwtClaims.setExpiryTime((now.getTime() - 5000L) / 1000L);
    jwtClaims.setNotBefore(currentTime);
    JwsHeaders jwsHeaders = new JwsHeaders(JoseType.JWT, SignatureAlgorithm.HS512);
    JwtToken jwtToken = new JwtToken(jwsHeaders, jwtClaims);
    JwsJwtCompactProducer producer = new JwsJwtCompactProducer(jwtToken);
    JwsSignatureProvider jwsSignatureProvider = new HmacJwsSignatureProvider(JWS_KEY.getBytes(), SignatureAlgorithm.HS512);
    String signed = producer.signWith(jwsSignatureProvider);
    SyncopeClient jwtClient = clientFactory.create(signed);
    UserSelfService jwtUserSelfService = jwtClient.getService(UserSelfService.class);
    try {
        jwtUserSelfService.read();
        fail("Failure expected on an expired token");
    } catch (AccessControlException ex) {
    // expected
    }
}
Also used : JwtClaims(org.apache.cxf.rs.security.jose.jwt.JwtClaims) UserSelfService(org.apache.syncope.common.rest.api.service.UserSelfService) Calendar(java.util.Calendar) AccessControlException(java.security.AccessControlException) SyncopeClient(org.apache.syncope.client.lib.SyncopeClient) Date(java.util.Date) Response(javax.ws.rs.core.Response) JwtToken(org.apache.cxf.rs.security.jose.jwt.JwtToken) JwsHeaders(org.apache.cxf.rs.security.jose.jws.JwsHeaders) JwsJwtCompactProducer(org.apache.cxf.rs.security.jose.jws.JwsJwtCompactProducer) AccessTokenService(org.apache.syncope.common.rest.api.service.AccessTokenService) HmacJwsSignatureProvider(org.apache.cxf.rs.security.jose.jws.HmacJwsSignatureProvider) JwsJwtCompactConsumer(org.apache.cxf.rs.security.jose.jws.JwsJwtCompactConsumer) JwsSignatureProvider(org.apache.cxf.rs.security.jose.jws.JwsSignatureProvider) NoneJwsSignatureProvider(org.apache.cxf.rs.security.jose.jws.NoneJwsSignatureProvider) HmacJwsSignatureProvider(org.apache.cxf.rs.security.jose.jws.HmacJwsSignatureProvider) Test(org.junit.jupiter.api.Test)

Aggregations

SyncopeClient (org.apache.syncope.client.lib.SyncopeClient)40 Test (org.junit.jupiter.api.Test)31 Response (javax.ws.rs.core.Response)15 UserTO (org.apache.syncope.common.lib.to.UserTO)15 UserSelfService (org.apache.syncope.common.rest.api.service.UserSelfService)15 AccessControlException (java.security.AccessControlException)12 JwtToken (org.apache.cxf.rs.security.jose.jwt.JwtToken)11 Date (java.util.Date)10 HmacJwsSignatureProvider (org.apache.cxf.rs.security.jose.jws.HmacJwsSignatureProvider)10 JwsHeaders (org.apache.cxf.rs.security.jose.jws.JwsHeaders)10 JwsJwtCompactProducer (org.apache.cxf.rs.security.jose.jws.JwsJwtCompactProducer)10 JwsSignatureProvider (org.apache.cxf.rs.security.jose.jws.JwsSignatureProvider)10 NoneJwsSignatureProvider (org.apache.cxf.rs.security.jose.jws.NoneJwsSignatureProvider)10 JwtClaims (org.apache.cxf.rs.security.jose.jwt.JwtClaims)10 Calendar (java.util.Calendar)9 IOException (java.io.IOException)8 SyncopeClientException (org.apache.syncope.common.lib.SyncopeClientException)8 AccessTokenService (org.apache.syncope.common.rest.api.service.AccessTokenService)8 JwsJwtCompactConsumer (org.apache.cxf.rs.security.jose.jws.JwsJwtCompactConsumer)7 SyncopeClientFactoryBean (org.apache.syncope.client.lib.SyncopeClientFactoryBean)7