Search in sources :

Example 51 with ResourceTO

use of org.apache.syncope.common.lib.to.ResourceTO in project syncope by apache.

the class AbstractITCase method getLdapResourceDirContext.

@SuppressWarnings({ "unchecked", "rawtypes", "UseOfObsoleteCollectionType" })
protected InitialDirContext getLdapResourceDirContext(final String bindDn, final String bindPwd) throws NamingException {
    ResourceTO ldapRes = resourceService.read(RESOURCE_NAME_LDAP);
    ConnInstanceTO ldapConn = connectorService.read(ldapRes.getConnector(), Locale.ENGLISH.getLanguage());
    Properties env = new Properties();
    env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
    env.put(Context.PROVIDER_URL, "ldap://" + ldapConn.getConf("host").get().getValues().get(0) + ":" + ldapConn.getConf("port").get().getValues().get(0) + "/");
    env.put(Context.SECURITY_AUTHENTICATION, "simple");
    env.put(Context.SECURITY_PRINCIPAL, bindDn == null ? ldapConn.getConf("principal").get().getValues().get(0) : bindDn);
    env.put(Context.SECURITY_CREDENTIALS, bindPwd == null ? ldapConn.getConf("credentials").get().getValues().get(0) : bindPwd);
    return new InitialDirContext(env);
}
Also used : ResourceTO(org.apache.syncope.common.lib.to.ResourceTO) ConnInstanceTO(org.apache.syncope.common.lib.to.ConnInstanceTO) InitialDirContext(javax.naming.directory.InitialDirContext) Properties(java.util.Properties)

Example 52 with ResourceTO

use of org.apache.syncope.common.lib.to.ResourceTO in project syncope by apache.

the class UserITCase method suspendReactivateOnResource.

@Test
public void suspendReactivateOnResource() {
    // Assert resources are present
    ResourceTO dbTable = resourceService.read(RESOURCE_NAME_TESTDB);
    assertNotNull(dbTable);
    ResourceTO ldap = resourceService.read(RESOURCE_NAME_LDAP);
    assertNotNull(ldap);
    // Create user with reference to resources
    UserTO userTO = getUniqueSampleTO("suspreactonresource@syncope.apache.org");
    userTO.getMemberships().clear();
    userTO.getResources().clear();
    userTO.getResources().add(RESOURCE_NAME_TESTDB);
    userTO.getResources().add(RESOURCE_NAME_LDAP);
    userTO = createUser(userTO).getEntity();
    assertNotNull(userTO);
    assertEquals(FlowableDetector.isFlowableEnabledForUsers(syncopeService) ? "active" : "created", userTO.getStatus());
    String userKey = userTO.getKey();
    // Suspend with effect on syncope, ldap and db => user should be suspended in syncope and all resources
    StatusPatch statusPatch = new StatusPatch.Builder().key(userKey).type(StatusPatchType.SUSPEND).onSyncope(true).resources(RESOURCE_NAME_TESTDB, RESOURCE_NAME_LDAP).build();
    userTO = userService.status(statusPatch).readEntity(new GenericType<ProvisioningResult<UserTO>>() {
    }).getEntity();
    assertNotNull(userTO);
    assertEquals("suspended", userTO.getStatus());
    ConnObjectTO connObjectTO = resourceService.readConnObject(RESOURCE_NAME_TESTDB, AnyTypeKind.USER.name(), userKey);
    assertFalse(getBooleanAttribute(connObjectTO, OperationalAttributes.ENABLE_NAME));
    connObjectTO = resourceService.readConnObject(RESOURCE_NAME_LDAP, AnyTypeKind.USER.name(), userKey);
    assertNotNull(connObjectTO);
    // Suspend and reactivate only on ldap => db and syncope should still show suspended
    statusPatch = new StatusPatch.Builder().key(userKey).type(StatusPatchType.SUSPEND).onSyncope(false).resources(RESOURCE_NAME_LDAP).build();
    userService.status(statusPatch);
    statusPatch.setType(StatusPatchType.REACTIVATE);
    userTO = userService.status(statusPatch).readEntity(new GenericType<ProvisioningResult<UserTO>>() {
    }).getEntity();
    assertNotNull(userTO);
    assertEquals("suspended", userTO.getStatus());
    connObjectTO = resourceService.readConnObject(RESOURCE_NAME_TESTDB, AnyTypeKind.USER.name(), userKey);
    assertFalse(getBooleanAttribute(connObjectTO, OperationalAttributes.ENABLE_NAME));
    // Reactivate on syncope and db => syncope and db should show the user as active
    statusPatch = new StatusPatch.Builder().key(userKey).type(StatusPatchType.REACTIVATE).onSyncope(true).resources(RESOURCE_NAME_TESTDB).build();
    userTO = userService.status(statusPatch).readEntity(new GenericType<ProvisioningResult<UserTO>>() {
    }).getEntity();
    assertNotNull(userTO);
    assertEquals("active", userTO.getStatus());
    connObjectTO = resourceService.readConnObject(RESOURCE_NAME_TESTDB, AnyTypeKind.USER.name(), userKey);
    assertTrue(getBooleanAttribute(connObjectTO, OperationalAttributes.ENABLE_NAME));
}
Also used : ResourceTO(org.apache.syncope.common.lib.to.ResourceTO) UserTO(org.apache.syncope.common.lib.to.UserTO) ProvisioningResult(org.apache.syncope.common.lib.to.ProvisioningResult) StatusPatch(org.apache.syncope.common.lib.patch.StatusPatch) ConnObjectTO(org.apache.syncope.common.lib.to.ConnObjectTO) Test(org.junit.jupiter.api.Test)

Example 53 with ResourceTO

use of org.apache.syncope.common.lib.to.ResourceTO in project syncope by apache.

the class UserIssuesITCase method issueSYNCOPE391.

@Test
public void issueSYNCOPE391() {
    // 1. create user on Syncope with null password
    UserTO userTO = UserITCase.getUniqueSampleTO("syncope391@syncope.apache.org");
    userTO.setPassword(null);
    userTO = createUser(userTO, false).getEntity();
    assertNotNull(userTO);
    assertNull(userTO.getPassword());
    // 2. create existing user on csv and check that password on Syncope is null and that password on resource
    // doesn't change
    userTO = new UserTO();
    userTO.setRealm(SyncopeConstants.ROOT_REALM);
    userTO.setPassword(null);
    userTO.setUsername("syncope391@syncope.apache.org");
    userTO.getPlainAttrs().add(attrTO("fullname", "fullname"));
    userTO.getPlainAttrs().add(attrTO("firstname", "nome0"));
    userTO.getPlainAttrs().add(attrTO("surname", "cognome0"));
    userTO.getPlainAttrs().add(attrTO("userId", "syncope391@syncope.apache.org"));
    userTO.getPlainAttrs().add(attrTO("email", "syncope391@syncope.apache.org"));
    userTO.getAuxClasses().add("csv");
    userTO.getResources().add(RESOURCE_NAME_CSV);
    userTO = createUser(userTO, false).getEntity();
    assertNotNull(userTO);
    ConnObjectTO connObjectTO = resourceService.readConnObject(RESOURCE_NAME_CSV, AnyTypeKind.USER.name(), userTO.getKey());
    assertNotNull(connObjectTO);
    // check if password has not changed
    assertEquals("password0", connObjectTO.getAttr(OperationalAttributes.PASSWORD_NAME).get().getValues().get(0));
    assertNull(userTO.getPassword());
    // 3. create user with not null password and propagate onto resource-csv, specify not to save password on
    // Syncope local storage
    userTO = UserITCase.getUniqueSampleTO("syncope391@syncope.apache.org");
    userTO.setPassword("passwordTESTNULL1");
    userTO.getVirAttrs().clear();
    userTO.getAuxClasses().add("csv");
    userTO.getResources().add(RESOURCE_NAME_CSV);
    userTO = createUser(userTO, false).getEntity();
    assertNotNull(userTO);
    connObjectTO = resourceService.readConnObject(RESOURCE_NAME_CSV, AnyTypeKind.USER.name(), userTO.getKey());
    assertNotNull(connObjectTO);
    // check if password has been propagated and that saved userTO's password is null
    assertEquals("passwordTESTNULL1", connObjectTO.getAttr(OperationalAttributes.PASSWORD_NAME).get().getValues().get(0));
    assertNull(userTO.getPassword());
    // 4. create user and propagate password on resource-csv and on Syncope local storage
    userTO = UserITCase.getUniqueSampleTO("syncope391@syncope.apache.org");
    userTO.setPassword("passwordTESTNULL1");
    userTO.getVirAttrs().clear();
    userTO.getAuxClasses().add("csv");
    userTO.getResources().add(RESOURCE_NAME_CSV);
    // storePassword true by default
    userTO = createUser(userTO).getEntity();
    assertNotNull(userTO);
    connObjectTO = resourceService.readConnObject(RESOURCE_NAME_CSV, AnyTypeKind.USER.name(), userTO.getKey());
    assertNotNull(connObjectTO);
    // check if password has been correctly propagated on Syncope and resource-csv as usual
    assertEquals("passwordTESTNULL1", connObjectTO.getAttr(OperationalAttributes.PASSWORD_NAME).get().getValues().get(0));
    Pair<Map<String, Set<String>>, UserTO> self = clientFactory.create(userTO.getUsername(), "passwordTESTNULL1").self();
    assertNotNull(self);
    // 4. add password policy to resource with passwordNotStore to false --> must store password
    ResourceTO csv = resourceService.read(RESOURCE_NAME_CSV);
    assertNotNull(csv);
    try {
        csv.setPasswordPolicy("55e5de0b-c79c-4e66-adda-251b6fb8579a");
        resourceService.update(csv);
        csv = resourceService.read(RESOURCE_NAME_CSV);
        assertEquals("55e5de0b-c79c-4e66-adda-251b6fb8579a", csv.getPasswordPolicy());
        userTO = UserITCase.getUniqueSampleTO("syncope391@syncope.apache.org");
        userTO.setPassword(null);
        userTO.getVirAttrs().clear();
        userTO.getAuxClasses().add("csv");
        userTO.getResources().add(RESOURCE_NAME_CSV);
        createUser(userTO, false);
        fail("This should not happen");
    } catch (SyncopeClientException e) {
        assertEquals(ClientExceptionType.InvalidUser, e.getType());
        assertTrue(e.getMessage().contains("Password mandatory"));
    } finally {
        // resource csv with null password policy
        csv.setPasswordPolicy(null);
        resourceService.update(csv);
    }
}
Also used : ResourceTO(org.apache.syncope.common.lib.to.ResourceTO) UserTO(org.apache.syncope.common.lib.to.UserTO) SyncopeClientException(org.apache.syncope.common.lib.SyncopeClientException) ConnObjectTO(org.apache.syncope.common.lib.to.ConnObjectTO) Map(java.util.Map) Test(org.junit.jupiter.api.Test)

Example 54 with ResourceTO

use of org.apache.syncope.common.lib.to.ResourceTO in project syncope by apache.

the class UserIssuesITCase method issueSYNCOPE505LDAP.

@Test
public void issueSYNCOPE505LDAP() throws Exception {
    // 1. create user
    UserTO user = UserITCase.getUniqueSampleTO("syncope505-ldap@syncope.apache.org");
    user.setPassword("security123");
    user = createUser(user).getEntity();
    assertNotNull(user);
    assertTrue(user.getResources().isEmpty());
    // 2. Add LDAPPasswordPropagationActions
    ImplementationTO propagationActions = new ImplementationTO();
    propagationActions.setKey(LDAPPasswordPropagationActions.class.getSimpleName());
    propagationActions.setEngine(ImplementationEngine.JAVA);
    propagationActions.setType(ImplementationType.PROPAGATION_ACTIONS);
    propagationActions.setBody(LDAPPasswordPropagationActions.class.getName());
    Response response = implementationService.create(propagationActions);
    propagationActions = implementationService.read(propagationActions.getType(), response.getHeaderString(RESTHeaders.RESOURCE_KEY));
    assertNotNull(propagationActions);
    ResourceTO resourceTO = resourceService.read(RESOURCE_NAME_LDAP);
    assertNotNull(resourceTO);
    resourceTO.getPropagationActions().add(propagationActions.getKey());
    resourceTO.setRandomPwdIfNotProvided(false);
    resourceService.update(resourceTO);
    // 3. Add a resource to the User
    UserPatch userPatch = new UserPatch();
    userPatch.setKey(user.getKey());
    userPatch.getResources().add(new StringPatchItem.Builder().operation(PatchOperation.ADD_REPLACE).value(RESOURCE_NAME_LDAP).build());
    userPatch.setPassword(new PasswordPatch.Builder().onSyncope(false).resource(RESOURCE_NAME_LDAP).build());
    user = updateUser(userPatch).getEntity();
    assertNotNull(user);
    assertEquals(1, user.getResources().size());
    // 4. Check that the LDAP resource has the correct password
    ConnObjectTO connObject = resourceService.readConnObject(RESOURCE_NAME_LDAP, AnyTypeKind.USER.name(), user.getKey());
    assertNotNull(getLdapRemoteObject(connObject.getAttr(Name.NAME).get().getValues().get(0), "security123", connObject.getAttr(Name.NAME).get().getValues().get(0)));
    // 5. Remove LDAPPasswordPropagationActions
    resourceTO = resourceService.read(RESOURCE_NAME_LDAP);
    assertNotNull(resourceTO);
    resourceTO.getPropagationActions().remove(propagationActions.getKey());
    resourceTO.setRandomPwdIfNotProvided(true);
    resourceService.update(resourceTO);
}
Also used : ImplementationTO(org.apache.syncope.common.lib.to.ImplementationTO) Response(javax.ws.rs.core.Response) LDAPPasswordPropagationActions(org.apache.syncope.core.provisioning.java.propagation.LDAPPasswordPropagationActions) ResourceTO(org.apache.syncope.common.lib.to.ResourceTO) UserTO(org.apache.syncope.common.lib.to.UserTO) ConnObjectTO(org.apache.syncope.common.lib.to.ConnObjectTO) UserPatch(org.apache.syncope.common.lib.patch.UserPatch) Test(org.junit.jupiter.api.Test)

Example 55 with ResourceTO

use of org.apache.syncope.common.lib.to.ResourceTO in project syncope by apache.

the class UserIssuesITCase method issueSYNCOPE493.

@Test
public void issueSYNCOPE493() {
    // 1.  create user and check that firstname is not propagated on resource with mapping for firstname set to NONE
    UserTO userTO = UserITCase.getUniqueSampleTO("493@test.org");
    userTO.getResources().add(RESOURCE_NAME_WS1);
    ProvisioningResult<UserTO> result = createUser(userTO);
    assertNotNull(userTO);
    assertEquals(1, result.getPropagationStatuses().size());
    assertEquals(PropagationTaskExecStatus.SUCCESS, result.getPropagationStatuses().get(0).getStatus());
    userTO = result.getEntity();
    ConnObjectTO actual = resourceService.readConnObject(RESOURCE_NAME_WS1, AnyTypeKind.USER.name(), userTO.getKey());
    assertNotNull(actual);
    // check if mapping attribute with purpose NONE really hasn't been propagated
    assertFalse(actual.getAttr("NAME").isPresent());
    // 2.  update resource ws-target-resource-1
    ResourceTO ws1 = resourceService.read(RESOURCE_NAME_WS1);
    assertNotNull(ws1);
    MappingTO ws1NewUMapping = ws1.getProvision(AnyTypeKind.USER.name()).get().getMapping();
    // change purpose from NONE to BOTH
    for (ItemTO itemTO : ws1NewUMapping.getItems()) {
        if ("firstname".equals(itemTO.getIntAttrName())) {
            itemTO.setPurpose(MappingPurpose.BOTH);
        }
    }
    ws1.getProvision(AnyTypeKind.USER.name()).get().setMapping(ws1NewUMapping);
    resourceService.update(ws1);
    ResourceTO newWs1 = resourceService.read(ws1.getKey());
    assertNotNull(newWs1);
    // check for existence
    Collection<ItemTO> mapItems = newWs1.getProvision(AnyTypeKind.USER.name()).get().getMapping().getItems();
    assertNotNull(mapItems);
    assertEquals(7, mapItems.size());
    // 3.  update user and check firstname propagation
    UserPatch userPatch = new UserPatch();
    userPatch.setKey(userTO.getKey());
    userPatch.setPassword(new PasswordPatch());
    userPatch.getPlainAttrs().add(attrAddReplacePatch("firstname", "firstnameNew"));
    result = updateUser(userPatch);
    assertNotNull(userTO);
    assertEquals(1, result.getPropagationStatuses().size());
    assertEquals(PropagationTaskExecStatus.SUCCESS, result.getPropagationStatuses().get(0).getStatus());
    userTO = result.getEntity();
    ConnObjectTO newUser = resourceService.readConnObject(RESOURCE_NAME_WS1, AnyTypeKind.USER.name(), userTO.getKey());
    assertNotNull(newUser.getAttr("NAME"));
    assertEquals("firstnameNew", newUser.getAttr("NAME").get().getValues().get(0));
    // 4.  restore resource ws-target-resource-1 mapping
    ws1NewUMapping = newWs1.getProvision(AnyTypeKind.USER.name()).get().getMapping();
    // restore purpose from BOTH to NONE
    for (ItemTO itemTO : ws1NewUMapping.getItems()) {
        if ("firstname".equals(itemTO.getIntAttrName())) {
            itemTO.setPurpose(MappingPurpose.NONE);
        }
    }
    newWs1.getProvision(AnyTypeKind.USER.name()).get().setMapping(ws1NewUMapping);
    resourceService.update(newWs1);
}
Also used : MappingTO(org.apache.syncope.common.lib.to.MappingTO) PasswordPatch(org.apache.syncope.common.lib.patch.PasswordPatch) ResourceTO(org.apache.syncope.common.lib.to.ResourceTO) UserTO(org.apache.syncope.common.lib.to.UserTO) ConnObjectTO(org.apache.syncope.common.lib.to.ConnObjectTO) ItemTO(org.apache.syncope.common.lib.to.ItemTO) UserPatch(org.apache.syncope.common.lib.patch.UserPatch) Test(org.junit.jupiter.api.Test)

Aggregations

ResourceTO (org.apache.syncope.common.lib.to.ResourceTO)61 Test (org.junit.jupiter.api.Test)49 ItemTO (org.apache.syncope.common.lib.to.ItemTO)32 ProvisionTO (org.apache.syncope.common.lib.to.ProvisionTO)29 SyncopeClientException (org.apache.syncope.common.lib.SyncopeClientException)27 Response (javax.ws.rs.core.Response)23 MappingTO (org.apache.syncope.common.lib.to.MappingTO)23 UserTO (org.apache.syncope.common.lib.to.UserTO)17 ConnInstanceTO (org.apache.syncope.common.lib.to.ConnInstanceTO)14 ConnObjectTO (org.apache.syncope.common.lib.to.ConnObjectTO)12 ResourceService (org.apache.syncope.common.rest.api.service.ResourceService)11 UserPatch (org.apache.syncope.common.lib.patch.UserPatch)10 GroupTO (org.apache.syncope.common.lib.to.GroupTO)10 ConnConfProperty (org.apache.syncope.common.lib.types.ConnConfProperty)9 JdbcTemplate (org.springframework.jdbc.core.JdbcTemplate)9 AnyTypeKind (org.apache.syncope.common.lib.types.AnyTypeKind)8 Assertions.assertEquals (org.junit.jupiter.api.Assertions.assertEquals)8 Assertions.assertFalse (org.junit.jupiter.api.Assertions.assertFalse)8 Assertions.assertNotNull (org.junit.jupiter.api.Assertions.assertNotNull)8 Assertions.assertTrue (org.junit.jupiter.api.Assertions.assertTrue)8