Search in sources :

Example 61 with UserPatch

use of org.apache.syncope.common.lib.patch.UserPatch in project syncope by apache.

the class PropagationManagerImpl method getUserUpdateTasks.

@Override
public List<PropagationTaskTO> getUserUpdateTasks(final WorkflowResult<Pair<UserPatch, Boolean>> wfResult) {
    UserPatch userPatch = wfResult.getResult().getKey();
    // Propagate password update only to requested resources
    List<PropagationTaskTO> tasks = new ArrayList<>();
    if (userPatch.getPassword() == null) {
        // a. no specific password propagation request: generate propagation tasks for any resource associated
        tasks = getUserUpdateTasks(wfResult, false, null);
    } else {
        // b. generate the propagation task list in two phases: first the ones containing password,
        // the the rest (with no password)
        WorkflowResult<Pair<UserPatch, Boolean>> pwdWFResult = new WorkflowResult<>(wfResult.getResult(), new PropagationByResource(), wfResult.getPerformedTasks());
        Set<String> pwdResourceNames = new HashSet<>(userPatch.getPassword().getResources());
        Collection<String> allResourceNames = userDAO.findAllResourceKeys(userPatch.getKey());
        pwdResourceNames.retainAll(allResourceNames);
        pwdWFResult.getPropByRes().addAll(ResourceOperation.UPDATE, pwdResourceNames);
        if (!pwdWFResult.getPropByRes().isEmpty()) {
            Set<String> toBeExcluded = new HashSet<>(allResourceNames);
            toBeExcluded.addAll(userPatch.getResources().stream().map(patchItem -> patchItem.getValue()).collect(Collectors.toList()));
            toBeExcluded.removeAll(pwdResourceNames);
            tasks.addAll(getUserUpdateTasks(pwdWFResult, true, toBeExcluded));
        }
        WorkflowResult<Pair<UserPatch, Boolean>> noPwdWFResult = new WorkflowResult<>(wfResult.getResult(), new PropagationByResource(), wfResult.getPerformedTasks());
        noPwdWFResult.getPropByRes().merge(wfResult.getPropByRes());
        noPwdWFResult.getPropByRes().removeAll(pwdResourceNames);
        noPwdWFResult.getPropByRes().purge();
        if (!noPwdWFResult.getPropByRes().isEmpty()) {
            tasks.addAll(getUserUpdateTasks(noPwdWFResult, false, pwdResourceNames));
        }
    }
    return tasks;
}
Also used : WorkflowResult(org.apache.syncope.core.provisioning.api.WorkflowResult) PropagationTaskTO(org.apache.syncope.common.lib.to.PropagationTaskTO) ArrayList(java.util.ArrayList) PropagationByResource(org.apache.syncope.core.provisioning.api.PropagationByResource) UserPatch(org.apache.syncope.common.lib.patch.UserPatch) Pair(org.apache.commons.lang3.tuple.Pair) HashSet(java.util.HashSet)

Example 62 with UserPatch

use of org.apache.syncope.common.lib.patch.UserPatch in project syncope by apache.

the class DBPasswordPullActions method beforeUpdate.

@Transactional(readOnly = true)
@Override
public <M extends AnyPatch> void beforeUpdate(final ProvisioningProfile<?, ?> profile, final SyncDelta delta, final EntityTO entityTO, final M anyPatch) throws JobExecutionException {
    if (anyPatch instanceof UserPatch) {
        PasswordPatch modPassword = ((UserPatch) anyPatch).getPassword();
        parseEncodedPassword(modPassword == null ? null : modPassword.getValue(), profile.getConnector());
    }
}
Also used : PasswordPatch(org.apache.syncope.common.lib.patch.PasswordPatch) UserPatch(org.apache.syncope.common.lib.patch.UserPatch) Transactional(org.springframework.transaction.annotation.Transactional)

Example 63 with UserPatch

use of org.apache.syncope.common.lib.patch.UserPatch in project syncope by apache.

the class AuthenticationITCase method anyTypeEntitlement.

@Test
public void anyTypeEntitlement() {
    final String anyTypeKey = "FOLDER " + getUUIDString();
    // 1. no entitlement exists (yet) for the any type to be created
    assertFalse(syncopeService.platform().getEntitlements().stream().anyMatch(entitlement -> entitlement.contains(anyTypeKey)));
    // 2. create plain schema, any type class and any type
    PlainSchemaTO path = new PlainSchemaTO();
    path.setKey("path" + getUUIDString());
    path.setType(AttrSchemaType.String);
    path = createSchema(SchemaType.PLAIN, path);
    AnyTypeClassTO anyTypeClass = new AnyTypeClassTO();
    anyTypeClass.setKey("folder" + getUUIDString());
    anyTypeClass.getPlainSchemas().add(path.getKey());
    anyTypeClassService.create(anyTypeClass);
    AnyTypeTO anyTypeTO = new AnyTypeTO();
    anyTypeTO.setKey(anyTypeKey);
    anyTypeTO.setKind(AnyTypeKind.ANY_OBJECT);
    anyTypeTO.getClasses().add(anyTypeClass.getKey());
    anyTypeService.create(anyTypeTO);
    // 2. now entitlement exists for the any type just created
    assertTrue(syncopeService.platform().getEntitlements().stream().anyMatch(entitlement -> entitlement.contains(anyTypeKey)));
    // 3. attempt to create an instance of the type above: fail because no entitlement was assigned
    AnyObjectTO folder = new AnyObjectTO();
    folder.setName("home");
    folder.setRealm(SyncopeConstants.ROOT_REALM);
    folder.setType(anyTypeKey);
    folder.getPlainAttrs().add(attrTO(path.getKey(), "/home"));
    SyncopeClient belliniClient = clientFactory.create("bellini", ADMIN_PWD);
    try {
        belliniClient.getService(AnyObjectService.class).create(folder);
        fail("This should not happen");
    } catch (SyncopeClientException e) {
        assertEquals(ClientExceptionType.DelegatedAdministration, e.getType());
    }
    // 4. give create entitlement for the any type just created
    RoleTO role = new RoleTO();
    role.setKey("role" + getUUIDString());
    role.getRealms().add(SyncopeConstants.ROOT_REALM);
    role.getEntitlements().add(anyTypeKey + "_READ");
    role.getEntitlements().add(anyTypeKey + "_CREATE");
    role = createRole(role);
    UserTO bellini = userService.read("bellini");
    UserPatch patch = new UserPatch();
    patch.setKey(bellini.getKey());
    patch.getRoles().add(new StringPatchItem.Builder().operation(PatchOperation.ADD_REPLACE).value(role.getKey()).build());
    bellini = updateUser(patch).getEntity();
    assertTrue(bellini.getRoles().contains(role.getKey()));
    // 5. now the instance of the type above can be created successfully
    belliniClient.logout();
    belliniClient.login(new BasicAuthenticationHandler("bellini", ADMIN_PWD));
    belliniClient.getService(AnyObjectService.class).create(folder);
}
Also used : StringPatchItem(org.apache.syncope.common.lib.patch.StringPatchItem) SyncopeClientException(org.apache.syncope.common.lib.SyncopeClientException) Autowired(org.springframework.beans.factory.annotation.Autowired) UserPatch(org.apache.syncope.common.lib.patch.UserPatch) ProvisioningResult(org.apache.syncope.common.lib.to.ProvisioningResult) ResourceDeassociationAction(org.apache.syncope.common.lib.types.ResourceDeassociationAction) AnyTypeKind(org.apache.syncope.common.lib.types.AnyTypeKind) SpringJUnitConfig(org.springframework.test.context.junit.jupiter.SpringJUnitConfig) Assertions.assertFalse(org.junit.jupiter.api.Assertions.assertFalse) Pair(org.apache.commons.lang3.tuple.Pair) AttrSchemaType(org.apache.syncope.common.lib.types.AttrSchemaType) Map(java.util.Map) RESTHeaders(org.apache.syncope.common.rest.api.RESTHeaders) PagedResult(org.apache.syncope.common.lib.to.PagedResult) FlowableDetector(org.apache.syncope.fit.FlowableDetector) BasicAuthenticationHandler(org.apache.syncope.client.lib.BasicAuthenticationHandler) BulkActionResult(org.apache.syncope.common.lib.to.BulkActionResult) SchemaService(org.apache.syncope.common.rest.api.service.SchemaService) Set(java.util.Set) WorkflowFormTO(org.apache.syncope.common.lib.to.WorkflowFormTO) SchemaType(org.apache.syncope.common.lib.types.SchemaType) Collectors(java.util.stream.Collectors) StatusPatch(org.apache.syncope.common.lib.patch.StatusPatch) GenericType(javax.ws.rs.core.GenericType) Test(org.junit.jupiter.api.Test) Response(javax.ws.rs.core.Response) DeassociationPatch(org.apache.syncope.common.lib.patch.DeassociationPatch) Assertions.assertTrue(org.junit.jupiter.api.Assertions.assertTrue) AccessControlException(java.security.AccessControlException) Assertions.fail(org.junit.jupiter.api.Assertions.fail) Assertions.assertNotNull(org.junit.jupiter.api.Assertions.assertNotNull) StandardEntitlement(org.apache.syncope.common.lib.types.StandardEntitlement) AnonymousAuthenticationHandler(org.apache.syncope.client.lib.AnonymousAuthenticationHandler) UserService(org.apache.syncope.common.rest.api.service.UserService) JdbcTemplate(org.springframework.jdbc.core.JdbcTemplate) PlainSchemaTO(org.apache.syncope.common.lib.to.PlainSchemaTO) RoleTO(org.apache.syncope.common.lib.to.RoleTO) Assumptions.assumeTrue(org.junit.jupiter.api.Assumptions.assumeTrue) DataSource(javax.sql.DataSource) ClientExceptionType(org.apache.syncope.common.lib.types.ClientExceptionType) Assertions.assertEquals(org.junit.jupiter.api.Assertions.assertEquals) AbstractITCase(org.apache.syncope.fit.AbstractITCase) AnyQuery(org.apache.syncope.common.rest.api.beans.AnyQuery) AnyObjectService(org.apache.syncope.common.rest.api.service.AnyObjectService) MembershipTO(org.apache.syncope.common.lib.to.MembershipTO) CipherAlgorithm(org.apache.syncope.common.lib.types.CipherAlgorithm) AnyTypeClassTO(org.apache.syncope.common.lib.to.AnyTypeClassTO) SyncopeConstants(org.apache.syncope.common.lib.SyncopeConstants) Encryptor(org.apache.syncope.core.spring.security.Encryptor) ForbiddenException(javax.ws.rs.ForbiddenException) StatusPatchType(org.apache.syncope.common.lib.types.StatusPatchType) AnyTypeTO(org.apache.syncope.common.lib.to.AnyTypeTO) PasswordPatch(org.apache.syncope.common.lib.patch.PasswordPatch) PatchOperation(org.apache.syncope.common.lib.types.PatchOperation) StringReplacePatchItem(org.apache.syncope.common.lib.patch.StringReplacePatchItem) SyncopeClient(org.apache.syncope.client.lib.SyncopeClient) UserTO(org.apache.syncope.common.lib.to.UserTO) AnyObjectTO(org.apache.syncope.common.lib.to.AnyObjectTO) SyncopeClientException(org.apache.syncope.common.lib.SyncopeClientException) AnyTypeTO(org.apache.syncope.common.lib.to.AnyTypeTO) RoleTO(org.apache.syncope.common.lib.to.RoleTO) SyncopeClient(org.apache.syncope.client.lib.SyncopeClient) UserPatch(org.apache.syncope.common.lib.patch.UserPatch) PlainSchemaTO(org.apache.syncope.common.lib.to.PlainSchemaTO) AnyObjectTO(org.apache.syncope.common.lib.to.AnyObjectTO) AnyObjectService(org.apache.syncope.common.rest.api.service.AnyObjectService) UserTO(org.apache.syncope.common.lib.to.UserTO) BasicAuthenticationHandler(org.apache.syncope.client.lib.BasicAuthenticationHandler) AnyTypeClassTO(org.apache.syncope.common.lib.to.AnyTypeClassTO) Test(org.junit.jupiter.api.Test)

Example 64 with UserPatch

use of org.apache.syncope.common.lib.patch.UserPatch in project syncope by apache.

the class AuthenticationITCase method issueSYNCOPE164.

@Test
public void issueSYNCOPE164() throws Exception {
    // 1. create user with db resource
    UserTO user = UserITCase.getUniqueSampleTO("syncope164@syncope.apache.org");
    user.setRealm("/even/two");
    user.setPassword("password123");
    user.getResources().add(RESOURCE_NAME_TESTDB);
    user = createUser(user).getEntity();
    assertNotNull(user);
    // 2. unlink the resource from the created user
    DeassociationPatch deassociationPatch = new DeassociationPatch.Builder().key(user.getKey()).action(ResourceDeassociationAction.UNLINK).resource(RESOURCE_NAME_TESTDB).build();
    assertNotNull(userService.deassociate(deassociationPatch).readEntity(BulkActionResult.class));
    // 3. change password on Syncope
    UserPatch userPatch = new UserPatch();
    userPatch.setKey(user.getKey());
    userPatch.setPassword(new PasswordPatch.Builder().value("password234").build());
    user = updateUser(userPatch).getEntity();
    assertNotNull(user);
    // 4. check that the db resource has still the initial password value
    final JdbcTemplate jdbcTemplate = new JdbcTemplate(testDataSource);
    String value = queryForObject(jdbcTemplate, 50, "SELECT PASSWORD FROM test WHERE ID=?", String.class, user.getUsername());
    assertEquals(Encryptor.getInstance().encode("password123", CipherAlgorithm.SHA1), value.toUpperCase());
    // 5. successfully authenticate with old (on db resource) and new (on internal storage) password values
    Pair<Map<String, Set<String>>, UserTO> self = clientFactory.create(user.getUsername(), "password123").self();
    assertNotNull(self);
    self = clientFactory.create(user.getUsername(), "password234").self();
    assertNotNull(self);
}
Also used : DeassociationPatch(org.apache.syncope.common.lib.patch.DeassociationPatch) PasswordPatch(org.apache.syncope.common.lib.patch.PasswordPatch) UserTO(org.apache.syncope.common.lib.to.UserTO) BulkActionResult(org.apache.syncope.common.lib.to.BulkActionResult) JdbcTemplate(org.springframework.jdbc.core.JdbcTemplate) Map(java.util.Map) UserPatch(org.apache.syncope.common.lib.patch.UserPatch) Test(org.junit.jupiter.api.Test)

Example 65 with UserPatch

use of org.apache.syncope.common.lib.patch.UserPatch in project syncope by apache.

the class AuthenticationITCase method delegatedUserCRUD.

@Test
public void delegatedUserCRUD() {
    String roleKey = null;
    String delegatedAdminKey = null;
    try {
        // 1. create role for full user administration, under realm /even/two
        RoleTO role = new RoleTO();
        role.setKey("Delegated user admin");
        role.getEntitlements().add(StandardEntitlement.USER_CREATE);
        role.getEntitlements().add(StandardEntitlement.USER_UPDATE);
        role.getEntitlements().add(StandardEntitlement.USER_DELETE);
        role.getEntitlements().add(StandardEntitlement.USER_SEARCH);
        role.getEntitlements().add(StandardEntitlement.USER_READ);
        role.getRealms().add("/even/two");
        roleKey = roleService.create(role).getHeaderString(RESTHeaders.RESOURCE_KEY);
        assertNotNull(roleKey);
        // 2. as admin, create delegated admin user, and assign the role just created
        UserTO delegatedAdmin = UserITCase.getUniqueSampleTO("admin@syncope.apache.org");
        delegatedAdmin.getRoles().add(roleKey);
        delegatedAdmin = createUser(delegatedAdmin).getEntity();
        delegatedAdminKey = delegatedAdmin.getKey();
        // 3. instantiate a delegate user service client, for further operatins
        UserService delegatedUserService = clientFactory.create(delegatedAdmin.getUsername(), "password123").getService(UserService.class);
        // 4. as delegated, create user under realm / -> fail
        UserTO user = UserITCase.getUniqueSampleTO("delegated@syncope.apache.org");
        try {
            delegatedUserService.create(user, true);
            fail("This should not happen");
        } catch (SyncopeClientException e) {
            assertEquals(ClientExceptionType.DelegatedAdministration, e.getType());
        }
        // 5. set realm to /even/two -> succeed
        user.setRealm("/even/two");
        Response response = delegatedUserService.create(user, true);
        assertEquals(Response.Status.CREATED.getStatusCode(), response.getStatus());
        user = response.readEntity(new GenericType<ProvisioningResult<UserTO>>() {
        }).getEntity();
        assertEquals("surname", user.getPlainAttr("surname").get().getValues().get(0));
        // 5. as delegated, update user attempting to move under realm / -> fail
        UserPatch userPatch = new UserPatch();
        userPatch.setKey(user.getKey());
        userPatch.setRealm(new StringReplacePatchItem.Builder().value("/odd").build());
        userPatch.getPlainAttrs().add(attrAddReplacePatch("surname", "surname2"));
        try {
            delegatedUserService.update(userPatch);
            fail("This should not happen");
        } catch (SyncopeClientException e) {
            assertEquals(ClientExceptionType.DelegatedAdministration, e.getType());
        }
        // 6. revert realm change -> succeed
        userPatch.setRealm(null);
        response = delegatedUserService.update(userPatch);
        assertEquals(Response.Status.OK.getStatusCode(), response.getStatus());
        user = response.readEntity(new GenericType<ProvisioningResult<UserTO>>() {
        }).getEntity();
        assertEquals("surname2", user.getPlainAttr("surname").get().getValues().get(0));
        // 7. as delegated, delete user
        delegatedUserService.delete(user.getKey());
        try {
            userService.read(user.getKey());
            fail("This should not happen");
        } catch (SyncopeClientException e) {
            assertEquals(ClientExceptionType.NotFound, e.getType());
        }
    } finally {
        if (roleKey != null) {
            roleService.delete(roleKey);
        }
        if (delegatedAdminKey != null) {
            userService.delete(delegatedAdminKey);
        }
    }
}
Also used : Response(javax.ws.rs.core.Response) StringReplacePatchItem(org.apache.syncope.common.lib.patch.StringReplacePatchItem) UserService(org.apache.syncope.common.rest.api.service.UserService) UserTO(org.apache.syncope.common.lib.to.UserTO) ProvisioningResult(org.apache.syncope.common.lib.to.ProvisioningResult) SyncopeClientException(org.apache.syncope.common.lib.SyncopeClientException) RoleTO(org.apache.syncope.common.lib.to.RoleTO) UserPatch(org.apache.syncope.common.lib.patch.UserPatch) Test(org.junit.jupiter.api.Test)

Aggregations

UserPatch (org.apache.syncope.common.lib.patch.UserPatch)102 UserTO (org.apache.syncope.common.lib.to.UserTO)73 Test (org.junit.jupiter.api.Test)59 PasswordPatch (org.apache.syncope.common.lib.patch.PasswordPatch)37 SyncopeClientException (org.apache.syncope.common.lib.SyncopeClientException)18 AttrTO (org.apache.syncope.common.lib.to.AttrTO)17 MembershipTO (org.apache.syncope.common.lib.to.MembershipTO)17 Response (javax.ws.rs.core.Response)16 Map (java.util.Map)12 StringReplacePatchItem (org.apache.syncope.common.lib.patch.StringReplacePatchItem)12 ConnObjectTO (org.apache.syncope.common.lib.to.ConnObjectTO)11 GroupTO (org.apache.syncope.common.lib.to.GroupTO)11 PropagationByResource (org.apache.syncope.core.provisioning.api.PropagationByResource)11 WorkflowResult (org.apache.syncope.core.provisioning.api.WorkflowResult)11 JdbcTemplate (org.springframework.jdbc.core.JdbcTemplate)11 GenericType (javax.ws.rs.core.GenericType)10 Pair (org.apache.commons.lang3.tuple.Pair)10 PatchOperation (org.apache.syncope.common.lib.types.PatchOperation)10 List (java.util.List)9 AttrPatch (org.apache.syncope.common.lib.patch.AttrPatch)9