Examples with UserPatch org.apache.syncope.common.lib.patch.UserPatch used on opensource projects

Example 61 with UserPatch

use of org.apache.syncope.common.lib.patch.UserPatch in project syncope by apache.

the class PropagationManagerImpl method getUserUpdateTasks.

@Override
public List<PropagationTaskTO> getUserUpdateTasks(final WorkflowResult<Pair<UserPatch, Boolean>> wfResult) {
    UserPatch userPatch = wfResult.getResult().getKey();
    // Propagate password update only to requested resources
    List<PropagationTaskTO> tasks = new ArrayList<>();
    if (userPatch.getPassword() == null) {
        // a. no specific password propagation request: generate propagation tasks for any resource associated
        tasks = getUserUpdateTasks(wfResult, false, null);
    } else {
        // b. generate the propagation task list in two phases: first the ones containing password,
        // the the rest (with no password)
        WorkflowResult<Pair<UserPatch, Boolean>> pwdWFResult = new WorkflowResult<>(wfResult.getResult(), new PropagationByResource(), wfResult.getPerformedTasks());
        Set<String> pwdResourceNames = new HashSet<>(userPatch.getPassword().getResources());
        Collection<String> allResourceNames = userDAO.findAllResourceKeys(userPatch.getKey());
        pwdResourceNames.retainAll(allResourceNames);
        pwdWFResult.getPropByRes().addAll(ResourceOperation.UPDATE, pwdResourceNames);
        if (!pwdWFResult.getPropByRes().isEmpty()) {
            Set<String> toBeExcluded = new HashSet<>(allResourceNames);
            toBeExcluded.addAll(userPatch.getResources().stream().map(patchItem -> patchItem.getValue()).collect(Collectors.toList()));
            toBeExcluded.removeAll(pwdResourceNames);
            tasks.addAll(getUserUpdateTasks(pwdWFResult, true, toBeExcluded));
        }
        WorkflowResult<Pair<UserPatch, Boolean>> noPwdWFResult = new WorkflowResult<>(wfResult.getResult(), new PropagationByResource(), wfResult.getPerformedTasks());
        noPwdWFResult.getPropByRes().merge(wfResult.getPropByRes());
        noPwdWFResult.getPropByRes().removeAll(pwdResourceNames);
        noPwdWFResult.getPropByRes().purge();
        if (!noPwdWFResult.getPropByRes().isEmpty()) {
            tasks.addAll(getUserUpdateTasks(noPwdWFResult, false, pwdResourceNames));
        }
    }
    return tasks;
}

Example 62 with UserPatch

use of org.apache.syncope.common.lib.patch.UserPatch in project syncope by apache.

the class DBPasswordPullActions method beforeUpdate.

@Transactional(readOnly = true)
@Override
public <M extends AnyPatch> void beforeUpdate(final ProvisioningProfile<?, ?> profile, final SyncDelta delta, final EntityTO entityTO, final M anyPatch) throws JobExecutionException {
    if (anyPatch instanceof UserPatch) {
        PasswordPatch modPassword = ((UserPatch) anyPatch).getPassword();
        parseEncodedPassword(modPassword == null ? null : modPassword.getValue(), profile.getConnector());
    }
}

Example 63 with UserPatch

use of org.apache.syncope.common.lib.patch.UserPatch in project syncope by apache.

the class AuthenticationITCase method anyTypeEntitlement.

@Test
public void anyTypeEntitlement() {
    final String anyTypeKey = "FOLDER " + getUUIDString();
    // 1. no entitlement exists (yet) for the any type to be created
    assertFalse(syncopeService.platform().getEntitlements().stream().anyMatch(entitlement -> entitlement.contains(anyTypeKey)));
    // 2. create plain schema, any type class and any type
    PlainSchemaTO path = new PlainSchemaTO();
    path.setKey("path" + getUUIDString());
    path.setType(AttrSchemaType.String);
    path = createSchema(SchemaType.PLAIN, path);
    AnyTypeClassTO anyTypeClass = new AnyTypeClassTO();
    anyTypeClass.setKey("folder" + getUUIDString());
    anyTypeClass.getPlainSchemas().add(path.getKey());
    anyTypeClassService.create(anyTypeClass);
    AnyTypeTO anyTypeTO = new AnyTypeTO();
    anyTypeTO.setKey(anyTypeKey);
    anyTypeTO.setKind(AnyTypeKind.ANY_OBJECT);
    anyTypeTO.getClasses().add(anyTypeClass.getKey());
    anyTypeService.create(anyTypeTO);
    // 2. now entitlement exists for the any type just created
    assertTrue(syncopeService.platform().getEntitlements().stream().anyMatch(entitlement -> entitlement.contains(anyTypeKey)));
    // 3. attempt to create an instance of the type above: fail because no entitlement was assigned
    AnyObjectTO folder = new AnyObjectTO();
    folder.setName("home");
    folder.setRealm(SyncopeConstants.ROOT_REALM);
    folder.setType(anyTypeKey);
    folder.getPlainAttrs().add(attrTO(path.getKey(), "/home"));
    SyncopeClient belliniClient = clientFactory.create("bellini", ADMIN_PWD);
    try {
        belliniClient.getService(AnyObjectService.class).create(folder);
        fail("This should not happen");
    } catch (SyncopeClientException e) {
        assertEquals(ClientExceptionType.DelegatedAdministration, e.getType());
    }
    // 4. give create entitlement for the any type just created
    RoleTO role = new RoleTO();
    role.setKey("role" + getUUIDString());
    role.getRealms().add(SyncopeConstants.ROOT_REALM);
    role.getEntitlements().add(anyTypeKey + "_READ");
    role.getEntitlements().add(anyTypeKey + "_CREATE");
    role = createRole(role);
    UserTO bellini = userService.read("bellini");
    UserPatch patch = new UserPatch();
    patch.setKey(bellini.getKey());
    patch.getRoles().add(new StringPatchItem.Builder().operation(PatchOperation.ADD_REPLACE).value(role.getKey()).build());
    bellini = updateUser(patch).getEntity();
    assertTrue(bellini.getRoles().contains(role.getKey()));
    // 5. now the instance of the type above can be created successfully
    belliniClient.logout();
    belliniClient.login(new BasicAuthenticationHandler("bellini", ADMIN_PWD));
    belliniClient.getService(AnyObjectService.class).create(folder);
}

Example 64 with UserPatch

use of org.apache.syncope.common.lib.patch.UserPatch in project syncope by apache.

the class AuthenticationITCase method issueSYNCOPE164.

@Test
public void issueSYNCOPE164() throws Exception {
    // 1. create user with db resource
    UserTO user = UserITCase.getUniqueSampleTO("syncope164@syncope.apache.org");
    user.setRealm("/even/two");
    user.setPassword("password123");
    user.getResources().add(RESOURCE_NAME_TESTDB);
    user = createUser(user).getEntity();
    assertNotNull(user);
    // 2. unlink the resource from the created user
    DeassociationPatch deassociationPatch = new DeassociationPatch.Builder().key(user.getKey()).action(ResourceDeassociationAction.UNLINK).resource(RESOURCE_NAME_TESTDB).build();
    assertNotNull(userService.deassociate(deassociationPatch).readEntity(BulkActionResult.class));
    // 3. change password on Syncope
    UserPatch userPatch = new UserPatch();
    userPatch.setKey(user.getKey());
    userPatch.setPassword(new PasswordPatch.Builder().value("password234").build());
    user = updateUser(userPatch).getEntity();
    assertNotNull(user);
    // 4. check that the db resource has still the initial password value
    final JdbcTemplate jdbcTemplate = new JdbcTemplate(testDataSource);
    String value = queryForObject(jdbcTemplate, 50, "SELECT PASSWORD FROM test WHERE ID=?", String.class, user.getUsername());
    assertEquals(Encryptor.getInstance().encode("password123", CipherAlgorithm.SHA1), value.toUpperCase());
    // 5. successfully authenticate with old (on db resource) and new (on internal storage) password values
    Pair<Map<String, Set<String>>, UserTO> self = clientFactory.create(user.getUsername(), "password123").self();
    assertNotNull(self);
    self = clientFactory.create(user.getUsername(), "password234").self();
    assertNotNull(self);
}

Example 65 with UserPatch

use of org.apache.syncope.common.lib.patch.UserPatch in project syncope by apache.

the class AuthenticationITCase method delegatedUserCRUD.

@Test
public void delegatedUserCRUD() {
    String roleKey = null;
    String delegatedAdminKey = null;
    try {
        // 1. create role for full user administration, under realm /even/two
        RoleTO role = new RoleTO();
        role.setKey("Delegated user admin");
        role.getEntitlements().add(StandardEntitlement.USER_CREATE);
        role.getEntitlements().add(StandardEntitlement.USER_UPDATE);
        role.getEntitlements().add(StandardEntitlement.USER_DELETE);
        role.getEntitlements().add(StandardEntitlement.USER_SEARCH);
        role.getEntitlements().add(StandardEntitlement.USER_READ);
        role.getRealms().add("/even/two");
        roleKey = roleService.create(role).getHeaderString(RESTHeaders.RESOURCE_KEY);
        assertNotNull(roleKey);
        // 2. as admin, create delegated admin user, and assign the role just created
        UserTO delegatedAdmin = UserITCase.getUniqueSampleTO("admin@syncope.apache.org");
        delegatedAdmin.getRoles().add(roleKey);
        delegatedAdmin = createUser(delegatedAdmin).getEntity();
        delegatedAdminKey = delegatedAdmin.getKey();
        // 3. instantiate a delegate user service client, for further operatins
        UserService delegatedUserService = clientFactory.create(delegatedAdmin.getUsername(), "password123").getService(UserService.class);
        // 4. as delegated, create user under realm / -> fail
        UserTO user = UserITCase.getUniqueSampleTO("delegated@syncope.apache.org");
        try {
            delegatedUserService.create(user, true);
            fail("This should not happen");
        } catch (SyncopeClientException e) {
            assertEquals(ClientExceptionType.DelegatedAdministration, e.getType());
        }
        // 5. set realm to /even/two -> succeed
        user.setRealm("/even/two");
        Response response = delegatedUserService.create(user, true);
        assertEquals(Response.Status.CREATED.getStatusCode(), response.getStatus());
        user = response.readEntity(new GenericType<ProvisioningResult<UserTO>>() {
        }).getEntity();
        assertEquals("surname", user.getPlainAttr("surname").get().getValues().get(0));
        // 5. as delegated, update user attempting to move under realm / -> fail
        UserPatch userPatch = new UserPatch();
        userPatch.setKey(user.getKey());
        userPatch.setRealm(new StringReplacePatchItem.Builder().value("/odd").build());
        userPatch.getPlainAttrs().add(attrAddReplacePatch("surname", "surname2"));
        try {
            delegatedUserService.update(userPatch);
            fail("This should not happen");
        } catch (SyncopeClientException e) {
            assertEquals(ClientExceptionType.DelegatedAdministration, e.getType());
        }
        // 6. revert realm change -> succeed
        userPatch.setRealm(null);
        response = delegatedUserService.update(userPatch);
        assertEquals(Response.Status.OK.getStatusCode(), response.getStatus());
        user = response.readEntity(new GenericType<ProvisioningResult<UserTO>>() {
        }).getEntity();
        assertEquals("surname2", user.getPlainAttr("surname").get().getValues().get(0));
        // 7. as delegated, delete user
        delegatedUserService.delete(user.getKey());
        try {
            userService.read(user.getKey());
            fail("This should not happen");
        } catch (SyncopeClientException e) {
            assertEquals(ClientExceptionType.NotFound, e.getType());
        }
    } finally {
        if (roleKey != null) {
            roleService.delete(roleKey);
        }
        if (delegatedAdminKey != null) {
            userService.delete(delegatedAdminKey);
        }
    }
}