Search in sources :

Example 1 with ScimMeta

use of org.cloudfoundry.identity.uaa.scim.ScimMeta in project uaa by cloudfoundry.

the class UaaResetPasswordServiceTests method resetPassword_ForcedChange_NewPasswordSameAsOld.

@Test
void resetPassword_ForcedChange_NewPasswordSameAsOld() {
    String userId = "user-id";
    ScimUser user = new ScimUser(userId, "username", "firstname", "lastname");
    user.setMeta(new ScimMeta(new Date(), new Date(), 0));
    user.setPrimaryEmail("foo@example.com");
    when(scimUserProvisioning.retrieve(userId, currentZoneId)).thenReturn(user);
    when(scimUserProvisioning.checkPasswordMatches("user-id", "password", currentZoneId)).thenThrow(new InvalidPasswordException("Your new password cannot be the same as the old password.", UNPROCESSABLE_ENTITY));
    assertThrows(InvalidPasswordException.class, () -> uaaResetPasswordService.resetUserPassword(userId, "password"));
}
Also used : ScimUser(org.cloudfoundry.identity.uaa.scim.ScimUser) ScimMeta(org.cloudfoundry.identity.uaa.scim.ScimMeta) InvalidPasswordException(org.cloudfoundry.identity.uaa.scim.exception.InvalidPasswordException) Matchers.containsString(org.hamcrest.Matchers.containsString) Mockito.anyString(org.mockito.Mockito.anyString) Date(java.util.Date) Test(org.junit.jupiter.api.Test)

Example 2 with ScimMeta

use of org.cloudfoundry.identity.uaa.scim.ScimMeta in project uaa by cloudfoundry.

the class UaaResetPasswordServiceTests method resetPassword_forcedChange_must_verify_password_policy.

@Test
void resetPassword_forcedChange_must_verify_password_policy() {
    String userId = "user-id";
    ScimUser user = new ScimUser(userId, "username", "firstname", "lastname");
    user.setMeta(new ScimMeta(new Date(), new Date(), 0));
    user.setPrimaryEmail("foo@example.com");
    when(scimUserProvisioning.retrieve(userId, currentZoneId)).thenReturn(user);
    doThrow(new InvalidPasswordException("Password cannot contain whitespace characters.")).when(passwordValidator).validate("new password");
    assertThrowsWithMessageThat(InvalidPasswordException.class, () -> uaaResetPasswordService.resetUserPassword(userId, "new password"), containsString("Password cannot contain whitespace characters."));
}
Also used : ScimUser(org.cloudfoundry.identity.uaa.scim.ScimUser) ScimMeta(org.cloudfoundry.identity.uaa.scim.ScimMeta) InvalidPasswordException(org.cloudfoundry.identity.uaa.scim.exception.InvalidPasswordException) Matchers.containsString(org.hamcrest.Matchers.containsString) Mockito.anyString(org.mockito.Mockito.anyString) Date(java.util.Date) Test(org.junit.jupiter.api.Test)

Example 3 with ScimMeta

use of org.cloudfoundry.identity.uaa.scim.ScimMeta in project uaa by cloudfoundry.

the class ScimGroupRowMapper method mapRow.

@Override
public ScimGroup mapRow(ResultSet rs, int rowNum) throws SQLException {
    int pos = 1;
    String id = rs.getString(pos++);
    String name = rs.getString(pos++);
    String description = rs.getString(pos++);
    Date created = rs.getTimestamp(pos++);
    Date modified = rs.getTimestamp(pos++);
    int version = rs.getInt(pos++);
    String zoneId = rs.getString(pos++);
    ScimGroup group = new ScimGroup(id, name, zoneId);
    group.setDescription(description);
    ScimMeta meta = new ScimMeta(created, modified, version);
    group.setMeta(meta);
    return group;
}
Also used : ScimMeta(org.cloudfoundry.identity.uaa.scim.ScimMeta) ScimGroup(org.cloudfoundry.identity.uaa.scim.ScimGroup) Date(java.util.Date)

Example 4 with ScimMeta

use of org.cloudfoundry.identity.uaa.scim.ScimMeta in project uaa by cloudfoundry.

the class PasswordResetEndpointTest method changingAPasswordForUnverifiedUser.

@Test
void changingAPasswordForUnverifiedUser() throws Exception {
    ExpiringCode code = new ExpiringCode("secret_code", new Timestamp(System.currentTimeMillis() + UaaResetPasswordService.PASSWORD_RESET_LIFETIME), "{\"user_id\":\"eyedee\",\"username\":\"user@example.com\",\"passwordModifiedTime\":null,\"client_id\":\"\",\"redirect_uri\":\"\"}", null);
    when(mockExpiringCodeStore.retrieveCode("secret_code", currentZoneId)).thenReturn(code);
    ScimUser scimUser = new ScimUser("eyedee", "user@example.com", "User", "Man");
    scimUser.setMeta(new ScimMeta(new Date(System.currentTimeMillis() - (1000 * 60 * 60 * 24)), new Date(System.currentTimeMillis() - (1000 * 60 * 60 * 24)), 0));
    scimUser.addEmail("user@example.com");
    scimUser.setVerified(false);
    when(mockScimUserProvisioning.retrieve("eyedee", currentZoneId)).thenReturn(scimUser);
    ExpiringCode autologinCode = new ExpiringCode("autologin-code", new Timestamp(System.currentTimeMillis() + 5 * 60 * 1000), "data", AUTOLOGIN.name());
    when(mockExpiringCodeStore.generateCode(anyString(), any(Timestamp.class), eq(AUTOLOGIN.name()), anyString())).thenReturn(autologinCode);
    MockHttpServletRequestBuilder post = post("/password_change").contentType(APPLICATION_JSON).content("{\"code\":\"secret_code\",\"new_password\":\"new_secret\"}").accept(APPLICATION_JSON);
    SecurityContextHolder.getContext().setAuthentication(new MockAuthentication());
    mockMvc.perform(post).andExpect(status().isOk()).andExpect(jsonPath("$.user_id").value("eyedee")).andExpect(jsonPath("$.username").value("user@example.com"));
    verify(mockScimUserProvisioning).changePassword("eyedee", null, "new_secret", currentZoneId);
    verify(mockScimUserProvisioning).verifyUser(scimUser.getId(), -1, currentZoneId);
}
Also used : ScimUser(org.cloudfoundry.identity.uaa.scim.ScimUser) ScimMeta(org.cloudfoundry.identity.uaa.scim.ScimMeta) ExpiringCode(org.cloudfoundry.identity.uaa.codestore.ExpiringCode) MockHttpServletRequestBuilder(org.springframework.test.web.servlet.request.MockHttpServletRequestBuilder) MockAuthentication(org.cloudfoundry.identity.uaa.test.MockAuthentication) Timestamp(java.sql.Timestamp) Date(java.util.Date) Test(org.junit.jupiter.api.Test)

Example 5 with ScimMeta

use of org.cloudfoundry.identity.uaa.scim.ScimMeta in project uaa by cloudfoundry.

the class PasswordResetEndpointTest method creatingAPasswordResetWithAUsernameContainingSpecialCharacters.

@Test
void creatingAPasswordResetWithAUsernameContainingSpecialCharacters() throws Exception {
    ScimUser user = new ScimUser("id001", "user\"'@example.com", null, null);
    user.setMeta(new ScimMeta(yesterday, yesterday, 0));
    user.setPasswordLastModified(yesterday);
    user.addEmail("user\"'@example.com");
    when(mockScimUserProvisioning.retrieveByUsernameAndOriginAndZone(eq("user\"'@example.com"), eq(OriginKeys.UAA), eq(currentZoneId))).thenReturn(Collections.singletonList(user));
    PasswordChange change = new PasswordChange("id001", "user\"'@example.com", yesterday, null, null);
    when(mockExpiringCodeStore.generateCode(eq(JsonUtils.writeValueAsString(change)), any(Timestamp.class), anyString(), anyString())).thenReturn(new ExpiringCode("secret_code", new Timestamp(System.currentTimeMillis() + UaaResetPasswordService.PASSWORD_RESET_LIFETIME), JsonUtils.writeValueAsString(change), null));
    MockHttpServletRequestBuilder post = post("/password_resets").contentType(APPLICATION_JSON).content("user\"'@example.com").accept(APPLICATION_JSON);
    mockMvc.perform(post).andExpect(status().isCreated()).andExpect(content().string(containsString("\"code\":\"secret_code\""))).andExpect(content().string(containsString("\"user_id\":\"id001\"")));
    when(mockScimUserProvisioning.retrieveByUsernameAndOriginAndZone(eq("user\"'@example.com"), eq(OriginKeys.UAA), eq(currentZoneId))).thenReturn(Collections.emptyList());
    user.setOrigin(OriginKeys.LDAP);
    when(mockScimUserProvisioning.retrieveByUsernameAndZone(eq("user\"'@example.com"), eq(currentZoneId))).thenReturn(Collections.singletonList(user));
    post = post("/password_resets").contentType(APPLICATION_JSON).content("user\"'@example.com").accept(APPLICATION_JSON);
    mockMvc.perform(post).andExpect(status().isConflict());
}
Also used : ScimUser(org.cloudfoundry.identity.uaa.scim.ScimUser) ScimMeta(org.cloudfoundry.identity.uaa.scim.ScimMeta) ExpiringCode(org.cloudfoundry.identity.uaa.codestore.ExpiringCode) PasswordChange(org.cloudfoundry.identity.uaa.scim.endpoints.PasswordChange) MockHttpServletRequestBuilder(org.springframework.test.web.servlet.request.MockHttpServletRequestBuilder) Timestamp(java.sql.Timestamp) Test(org.junit.jupiter.api.Test)

Aggregations

ScimMeta (org.cloudfoundry.identity.uaa.scim.ScimMeta)13 ScimUser (org.cloudfoundry.identity.uaa.scim.ScimUser)12 Test (org.junit.jupiter.api.Test)11 Date (java.util.Date)10 Timestamp (java.sql.Timestamp)6 ExpiringCode (org.cloudfoundry.identity.uaa.codestore.ExpiringCode)6 MockHttpServletRequestBuilder (org.springframework.test.web.servlet.request.MockHttpServletRequestBuilder)6 MockAuthentication (org.cloudfoundry.identity.uaa.test.MockAuthentication)5 Matchers.containsString (org.hamcrest.Matchers.containsString)5 Mockito.anyString (org.mockito.Mockito.anyString)4 InvalidPasswordException (org.cloudfoundry.identity.uaa.scim.exception.InvalidPasswordException)3 SecurityContext (org.springframework.security.core.context.SecurityContext)2 ScimGroup (org.cloudfoundry.identity.uaa.scim.ScimGroup)1 PasswordChange (org.cloudfoundry.identity.uaa.scim.endpoints.PasswordChange)1 JSONObject (org.json.JSONObject)1 ArgumentMatchers.anyString (org.mockito.ArgumentMatchers.anyString)1 MockHttpServletRequest (org.springframework.mock.web.MockHttpServletRequest)1 MockHttpServletResponse (org.springframework.mock.web.MockHttpServletResponse)1