Example 1 with InvalidPasswordRuleConf
use of org.apache.syncope.core.provisioning.api.utils.policy.InvalidPasswordRuleConf in project syncope by apache.
the class PasswordGeneratorTest method issueSYNCOPE678.
@Test
public void issueSYNCOPE678() {
String password = null;
try {
password = passwordGenerator.generate(Collections.<PasswordPolicy>emptyList());
} catch (InvalidPasswordRuleConf e) {
fail(e.getMessage());
}
assertNotNull(password);
DefaultPasswordRuleConf pwdRuleConf1 = createBaseDefaultPasswordRuleConf();
pwdRuleConf1.setMinLength(0);
TestImplementation passwordRule1 = new TestImplementation();
passwordRule1.setBody(POJOHelper.serialize(pwdRuleConf1));
TestPasswordPolicy policy1 = new TestPasswordPolicy();
password = null;
try {
password = passwordGenerator.generate(Collections.<PasswordPolicy>singletonList(policy1));
} catch (InvalidPasswordRuleConf e) {
fail(e.getMessage());
}
assertNotNull(password);
}
Also used :
DefaultPasswordRuleConf(org.apache.syncope.common.lib.policy.DefaultPasswordRuleConf)
InvalidPasswordRuleConf(org.apache.syncope.core.provisioning.api.utils.policy.InvalidPasswordRuleConf)
PasswordPolicy(org.apache.syncope.core.persistence.api.entity.policy.PasswordPolicy)
Test(org.junit.jupiter.api.Test)
Example 2 with InvalidPasswordRuleConf
use of org.apache.syncope.core.provisioning.api.utils.policy.InvalidPasswordRuleConf in project syncope by apache.
the class MappingManagerImpl method prepareAttr.
/**
* Prepare an attribute to be sent to a connector instance.
*
* @param provision external resource
* @param mapItem mapping item for the given attribute
* @param any given any object
* @param password clear-text password
* @return connObjectKey + prepared attribute
*/
private Pair<String, Attribute> prepareAttr(final Provision provision, final Item mapItem, final Any<?> any, final String password) {
IntAttrName intAttrName;
try {
intAttrName = intAttrNameParser.parse(mapItem.getIntAttrName(), provision.getAnyType().getKind());
} catch (ParseException e) {
LOG.error("Invalid intAttrName '{}' specified, ignoring", mapItem.getIntAttrName(), e);
return null;
}
boolean readOnlyVirSchema = false;
Schema schema = null;
AttrSchemaType schemaType = AttrSchemaType.String;
if (intAttrName.getSchemaType() != null) {
switch(intAttrName.getSchemaType()) {
case PLAIN:
schema = plainSchemaDAO.find(intAttrName.getSchemaName());
if (schema != null) {
schemaType = schema.getType();
}
break;
case VIRTUAL:
schema = virSchemaDAO.find(intAttrName.getSchemaName());
readOnlyVirSchema = (schema != null && schema.isReadonly());
break;
default:
}
}
List<PlainAttrValue> values = getIntValues(provision, mapItem, intAttrName, any);
LOG.debug("Define mapping for: " + "\n* ExtAttrName " + mapItem.getExtAttrName() + "\n* is connObjectKey " + mapItem.isConnObjectKey() + "\n* is password " + mapItem.isPassword() + "\n* mandatory condition " + mapItem.getMandatoryCondition() + "\n* Schema " + intAttrName.getSchemaName() + "\n* ClassType " + schemaType.getType().getName() + "\n* Values " + values);
Pair<String, Attribute> result;
if (readOnlyVirSchema) {
result = null;
} else {
List<Object> objValues = new ArrayList<>();
for (PlainAttrValue value : values) {
if (FrameworkUtil.isSupportedAttributeType(schemaType.getType())) {
objValues.add(value.getValue());
} else {
objValues.add(value.getValueAsString(schemaType));
}
}
if (mapItem.isConnObjectKey()) {
result = Pair.of(objValues.isEmpty() ? null : objValues.iterator().next().toString(), null);
} else if (mapItem.isPassword() && any instanceof User) {
String passwordAttrValue = password;
if (StringUtils.isBlank(passwordAttrValue)) {
User user = (User) any;
if (user.canDecodePassword()) {
try {
passwordAttrValue = ENCRYPTOR.decode(user.getPassword(), user.getCipherAlgorithm());
} catch (Exception e) {
LOG.error("Could not decode password for {}", user, e);
}
} else if (provision.getResource().isRandomPwdIfNotProvided()) {
try {
passwordAttrValue = passwordGenerator.generate(provision.getResource());
} catch (InvalidPasswordRuleConf e) {
LOG.error("Could not generate policy-compliant random password for {}", user, e);
}
}
}
if (passwordAttrValue == null) {
result = null;
} else {
result = Pair.of(null, AttributeBuilder.buildPassword(passwordAttrValue.toCharArray()));
}
} else if (schema != null && schema.isMultivalue()) {
result = Pair.of(null, AttributeBuilder.build(mapItem.getExtAttrName(), objValues));
} else {
result = Pair.of(null, objValues.isEmpty() ? AttributeBuilder.build(mapItem.getExtAttrName()) : AttributeBuilder.build(mapItem.getExtAttrName(), objValues.iterator().next()));
}
}
return result;
}
Also used :
User(org.apache.syncope.core.persistence.api.entity.user.User)
Attribute(org.identityconnectors.framework.common.objects.Attribute)
InvalidPasswordRuleConf(org.apache.syncope.core.provisioning.api.utils.policy.InvalidPasswordRuleConf)
Schema(org.apache.syncope.core.persistence.api.entity.Schema)
PlainSchema(org.apache.syncope.core.persistence.api.entity.PlainSchema)
DerSchema(org.apache.syncope.core.persistence.api.entity.DerSchema)
VirSchema(org.apache.syncope.core.persistence.api.entity.VirSchema)
ArrayList(java.util.ArrayList)
ParseException(java.text.ParseException)
ParsingValidationException(org.apache.syncope.core.persistence.api.attrvalue.validation.ParsingValidationException)
IntAttrName(org.apache.syncope.core.provisioning.api.IntAttrName)
AttrSchemaType(org.apache.syncope.common.lib.types.AttrSchemaType)
PlainAttrValue(org.apache.syncope.core.persistence.api.entity.PlainAttrValue)
AnyObject(org.apache.syncope.core.persistence.api.entity.anyobject.AnyObject)
ParseException(java.text.ParseException)
Example 3 with InvalidPasswordRuleConf
use of org.apache.syncope.core.provisioning.api.utils.policy.InvalidPasswordRuleConf in project syncope by apache.
the class UserTest method testPasswordGenerator.
@Test
public void testPasswordGenerator() {
String password = "";
try {
password = passwordGenerator.generate(resourceDAO.find("ws-target-resource-nopropagation"));
} catch (InvalidPasswordRuleConf e) {
fail(e.getMessage());
}
assertNotNull(password);
User user = userDAO.find("c9b2dec2-00a7-4855-97c0-d854842b4b24");
user.setPassword(password, CipherAlgorithm.SHA);
userDAO.save(user);
}
Also used :
User(org.apache.syncope.core.persistence.api.entity.user.User)
InvalidPasswordRuleConf(org.apache.syncope.core.provisioning.api.utils.policy.InvalidPasswordRuleConf)
Test(org.junit.jupiter.api.Test)
AbstractTest(org.apache.syncope.core.persistence.jpa.AbstractTest)
Example 4 with InvalidPasswordRuleConf
use of org.apache.syncope.core.provisioning.api.utils.policy.InvalidPasswordRuleConf in project syncope by apache.
the class ConnObjectUtils method getAnyTO.
/**
* Build a UserTO / GroupTO / AnyObjectTO out of connector object attributes and schema mapping.
*
* @param obj connector object
* @param pullTask pull task
* @param provision provision information
* @param anyUtils utils
* @param <T> any object
* @return UserTO for the user to be created
*/
@Transactional(readOnly = true)
public <T extends AnyTO> T getAnyTO(final ConnectorObject obj, final PullTask pullTask, final Provision provision, final AnyUtils anyUtils) {
T anyTO = getAnyTOFromConnObject(obj, pullTask, provision, anyUtils);
// (for users) if password was not set above, generate if resource is configured for that
if (anyTO instanceof UserTO && StringUtils.isBlank(((UserTO) anyTO).getPassword()) && provision.getResource().isRandomPwdIfNotProvided()) {
UserTO userTO = (UserTO) anyTO;
List<PasswordPolicy> passwordPolicies = new ArrayList<>();
Realm realm = realmDAO.findByFullPath(userTO.getRealm());
if (realm != null) {
realmDAO.findAncestors(realm).stream().filter(ancestor -> ancestor.getPasswordPolicy() != null).forEach(ancestor -> {
passwordPolicies.add(ancestor.getPasswordPolicy());
});
}
userTO.getResources().stream().map(resource -> resourceDAO.find(resource)).filter(resource -> resource != null && resource.getPasswordPolicy() != null).forEach(resource -> {
passwordPolicies.add(resource.getPasswordPolicy());
});
String password;
try {
password = passwordGenerator.generate(passwordPolicies);
} catch (InvalidPasswordRuleConf e) {
LOG.error("Could not generate policy-compliant random password for {}", userTO, e);
password = SecureRandomUtils.generateRandomPassword(16);
}
userTO.setPassword(password);
}
return anyTO;
}
Also used :
AttrTO(org.apache.syncope.common.lib.to.AttrTO)
Realm(org.apache.syncope.core.persistence.api.entity.Realm)
RealmTO(org.apache.syncope.common.lib.to.RealmTO)
LoggerFactory(org.slf4j.LoggerFactory)
AnyTO(org.apache.syncope.common.lib.to.AnyTO)
Autowired(org.springframework.beans.factory.annotation.Autowired)
ConnObjectTO(org.apache.syncope.common.lib.to.ConnObjectTO)
PasswordGenerator(org.apache.syncope.core.spring.security.PasswordGenerator)
InvalidPasswordRuleConf(org.apache.syncope.core.provisioning.api.utils.policy.InvalidPasswordRuleConf)
StringUtils(org.apache.commons.lang3.StringUtils)
ArrayList(java.util.ArrayList)
PasswordPolicy(org.apache.syncope.core.persistence.api.entity.policy.PasswordPolicy)
GuardedString(org.identityconnectors.common.security.GuardedString)
Attribute(org.identityconnectors.framework.common.objects.Attribute)
PullTask(org.apache.syncope.core.persistence.api.entity.task.PullTask)
Base64(org.identityconnectors.common.Base64)
MappingManager(org.apache.syncope.core.provisioning.api.MappingManager)
SecurityUtil(org.identityconnectors.common.security.SecurityUtil)
RealmDAO(org.apache.syncope.core.persistence.api.dao.RealmDAO)
OrgUnit(org.apache.syncope.core.persistence.api.entity.resource.OrgUnit)
AnyPatch(org.apache.syncope.common.lib.patch.AnyPatch)
Encryptor(org.apache.syncope.core.spring.security.Encryptor)
Logger(org.slf4j.Logger)
UserDAO(org.apache.syncope.core.persistence.api.dao.UserDAO)
GuardedByteArray(org.identityconnectors.common.security.GuardedByteArray)
Set(java.util.Set)
User(org.apache.syncope.core.persistence.api.entity.user.User)
GroupTO(org.apache.syncope.common.lib.to.GroupTO)
SecureRandomUtils(org.apache.syncope.core.spring.security.SecureRandomUtils)
ConnectorObject(org.identityconnectors.framework.common.objects.ConnectorObject)
List(java.util.List)
Provision(org.apache.syncope.core.persistence.api.entity.resource.Provision)
Component(org.springframework.stereotype.Component)
UserTO(org.apache.syncope.common.lib.to.UserTO)
AnyUtils(org.apache.syncope.core.persistence.api.entity.AnyUtils)
ExternalResourceDAO(org.apache.syncope.core.persistence.api.dao.ExternalResourceDAO)
AnyOperations(org.apache.syncope.common.lib.AnyOperations)
AnyObjectTO(org.apache.syncope.common.lib.to.AnyObjectTO)
Transactional(org.springframework.transaction.annotation.Transactional)
InvalidPasswordRuleConf(org.apache.syncope.core.provisioning.api.utils.policy.InvalidPasswordRuleConf)
UserTO(org.apache.syncope.common.lib.to.UserTO)
PasswordPolicy(org.apache.syncope.core.persistence.api.entity.policy.PasswordPolicy)
ArrayList(java.util.ArrayList)
GuardedString(org.identityconnectors.common.security.GuardedString)
Realm(org.apache.syncope.core.persistence.api.entity.Realm)
Transactional(org.springframework.transaction.annotation.Transactional)
Example 5 with InvalidPasswordRuleConf
use of org.apache.syncope.core.provisioning.api.utils.policy.InvalidPasswordRuleConf in project syncope by apache.
the class DefaultPasswordGenerator method generate.
@Override
public String generate(final List<PasswordPolicy> policies) throws InvalidPasswordRuleConf {
List<DefaultPasswordRuleConf> defaultRuleConfs = new ArrayList<>();
policies.stream().forEach(policy -> policy.getRules().forEach(impl -> {
try {
Optional<PasswordRule> rule = ImplementationManager.buildPasswordRule(impl);
if (rule.isPresent() && rule.get().getConf() instanceof DefaultPasswordRuleConf) {
defaultRuleConfs.add((DefaultPasswordRuleConf) rule.get().getConf());
}
} catch (Exception e) {
LOG.error("Invalid {}, ignoring...", impl, e);
}
}));
DefaultPasswordRuleConf ruleConf = merge(defaultRuleConfs);
check(ruleConf);
return generate(ruleConf);
}
Also used :
Logger(org.slf4j.Logger)
PolicyPattern(org.apache.syncope.core.provisioning.api.utils.policy.PolicyPattern)
LoggerFactory(org.slf4j.LoggerFactory)
InvalidPasswordRuleConf(org.apache.syncope.core.provisioning.api.utils.policy.InvalidPasswordRuleConf)
StringUtils(org.apache.commons.lang3.StringUtils)
PasswordRule(org.apache.syncope.core.persistence.api.dao.PasswordRule)
ImplementationManager(org.apache.syncope.core.spring.ImplementationManager)
ArrayList(java.util.ArrayList)
PasswordPolicy(org.apache.syncope.core.persistence.api.entity.policy.PasswordPolicy)
ExternalResource(org.apache.syncope.core.persistence.api.entity.resource.ExternalResource)
List(java.util.List)
DefaultPasswordRuleConf(org.apache.syncope.common.lib.policy.DefaultPasswordRuleConf)
Optional(java.util.Optional)
Transactional(org.springframework.transaction.annotation.Transactional)
DefaultPasswordRuleConf(org.apache.syncope.common.lib.policy.DefaultPasswordRuleConf)
Optional(java.util.Optional)
ArrayList(java.util.ArrayList)
Aggregations
InvalidPasswordRuleConf (org.apache.syncope.core.provisioning.api.utils.policy.InvalidPasswordRuleConf)5
ArrayList (java.util.ArrayList)3
PasswordPolicy (org.apache.syncope.core.persistence.api.entity.policy.PasswordPolicy)3
User (org.apache.syncope.core.persistence.api.entity.user.User)3
List (java.util.List)2
StringUtils (org.apache.commons.lang3.StringUtils)2
DefaultPasswordRuleConf (org.apache.syncope.common.lib.policy.DefaultPasswordRuleConf)2
Test (org.junit.jupiter.api.Test)2
Logger (org.slf4j.Logger)2
LoggerFactory (org.slf4j.LoggerFactory)2
Transactional (org.springframework.transaction.annotation.Transactional)2
ParseException (java.text.ParseException)1
Optional (java.util.Optional)1
Set (java.util.Set)1
AnyOperations (org.apache.syncope.common.lib.AnyOperations)1
AnyPatch (org.apache.syncope.common.lib.patch.AnyPatch)1
AnyObjectTO (org.apache.syncope.common.lib.to.AnyObjectTO)1
AnyTO (org.apache.syncope.common.lib.to.AnyTO)1
AttrTO (org.apache.syncope.common.lib.to.AttrTO)1
ConnObjectTO (org.apache.syncope.common.lib.to.ConnObjectTO)1
