@Before public void before() throws Exception { externalUser = idp.getUser(TestIdentityProvider.ID_TEST_USER); assertNotNull(externalUser); si = new DefaultSyncedIdentity(externalUser.getId(), externalUser.getExternalId(), false, 234); externalGroup = idp.listGroups().next(); siGroup = new DefaultSyncedIdentity(externalGroup.getId(), externalGroup.getExternalId(), true, 234); }
/** * Creates a new repository user for the given external one. * Note that this method only creates the authorizable but does not perform any synchronization. * * @param externalUser the external user * @return the repository user * @throws RepositoryException if an error occurs */ @NotNull protected User createUser(@NotNull ExternalUser externalUser) throws RepositoryException { Principal principal = new PrincipalImpl(externalUser.getPrincipalName()); String authId = config.user().isApplyRFC7613UsernameCaseMapped() ? java.text.Normalizer.normalize(externalUser.getId().toLowerCase(), java.text.Normalizer.Form.NFKC) : externalUser.getId(); User user = userManager.createUser( authId, null, principal, PathUtils.concatRelativePaths(config.user().getPathPrefix(), externalUser.getIntermediatePath()) ); setExternalId(user, externalUser); return user; }
@Test public void testSyncPropertiesMappingDQuoteName() throws Exception { ExternalUser externalUser = idp.getUser(TestIdentityProvider.ID_SECOND_USER); sync(externalUser); Authorizable a = userManager.getAuthorizable(externalUser.getId()); // mapping to '"' (i.e. name size = 1) which doesn't qualify as constant // -> same behavior expected as with 'testSyncPropertiesMappingRemovesExisting' Map<String, String> mapping = new HashMap<>(); Map<String, ?> extProps = externalUser.getProperties(); for (String propName : extProps.keySet()) { mapping.put(propName, "\""); } syncCtx.syncProperties(externalUser, a, mapping); for (String propName : extProps.keySet()) { assertFalse(a.hasProperty(propName)); } }
private Map<String, String> getExpectedUserResult(String expectedOp, boolean includeGroups) throws ExternalIdentityException { Map<String, String> expected = new HashMap<>(); Iterator<ExternalUser> it = idp.listUsers(); while (it.hasNext()) { ExternalUser eu = it.next(); expected.put(eu.getId(), expectedOp); if (includeGroups) { for (ExternalIdentityRef ref : eu.getDeclaredGroups()) { expected.put(ref.getId(), expectedOp); } } } return expected; }
@Test public void testResolvePrincipalNameUser() throws ExternalIdentityException { ExternalUser user = idp.getUser(TEST_USER5_UID); assertNotNull(user); assertEquals(user.getPrincipalName(), idp.fromExternalIdentityRef(user.getExternalId())); }
@Test public void testInitialSyncExternalUsers() throws Exception { ExternalUser externalUser = idp.getUser(TestIdentityProvider.ID_TEST_USER); String[] externalId = new String[] {externalUser.getExternalId().getString()}; String[] result = syncMBean.syncExternalUsers(externalId); assertResultMessages(result, TestIdentityProvider.ID_TEST_USER, "add"); UserManager userManager = getUserManager(); User testUser = userManager.getAuthorizable(externalUser.getId(), User.class); assertNotNull(testUser); for (ExternalIdentityRef groupRef : externalUser.getDeclaredGroups()) { assertNotNull(userManager.getAuthorizable(groupRef.getId())); } }
@Test @Ignore("OAK-2874") public void testListUsers() throws Exception { Iterator<ExternalUser> users = idp.listUsers(); List<ExternalIdentityRef> refs = new ArrayList<ExternalIdentityRef>(); while (users.hasNext()) { refs.add(users.next().getExternalId()); } assertIfEquals("Test users", TEST_MEMBERS, refs); }
@Test public void testSyncUpdate() throws Exception { // create user upfront in order to test update mode UserManager userManager = getUserManager(root); ExternalUser externalUser = idp.getUser(USER_ID); Authorizable user = userManager.createUser(externalUser.getId(), null); user.setProperty(DefaultSyncContext.REP_EXTERNAL_ID, getValueFactory().createValue(externalUser.getExternalId().getString())); root.commit(); ContentSession cs = null; try { cs = login(new SimpleCredentials(USER_ID, new char[0])); root.refresh(); Authorizable a = userManager.getAuthorizable(USER_ID); assertNotNull(a); for (String prop : externalUser.getProperties().keySet()) { assertTrue(a.hasProperty(prop)); } } finally { if (cs != null) { cs.close(); } options.clear(); } }
@Override public boolean commit() { if (externalUser == null) { // login attempt in this login module was not successful clearState(); return false; } Set<? extends Principal> principals = getPrincipals(externalUser.getId()); if (!principals.isEmpty()) { if (!subject.isReadOnly()) { subject.getPrincipals().addAll(principals); if (credentials != null) { subject.getPublicCredentials().add(credentials); } setAuthInfo(createAuthInfo(externalUser.getId(), principals), subject); } else { log.debug("Could not add information to read only subject {}", subject); } return true; } clearState(); return false; }
@Test public void testIsMember() throws Exception { ExternalUser externalUser = idp.getUser(USER_ID); GroupPrincipal principal = getGroupPrincipal(externalUser.getDeclaredGroups().iterator().next()); assertTrue(principal.isMember(new PrincipalImpl(externalUser.getPrincipalName()))); assertTrue(principal.isMember(getUserManager(root).getAuthorizable(USER_ID).getPrincipal())); }
@Test public void testSyncPropertiesEmptyMap() throws Exception { ExternalUser externalUser = idp.getUser(TestIdentityProvider.ID_SECOND_USER); Authorizable a = syncCtx.createUser(externalUser); syncCtx.syncProperties(externalUser, a, ImmutableMap.<String, String>of()); for (String propName : externalUser.getProperties().keySet()) { assertFalse(a.hasProperty(propName)); } }
/** * Test case to reproduce OAK-3396 where an ldap user entry * without a uid caused a NullpointerException in LdapIdentityProvider.createUser */ @Test public void testListUsersWithMissingUid() throws Exception { // the ERRONEOUS_LDIF contains an entry without uid InputStream erroneousDIF = LdapProviderTest.class.getResourceAsStream(ERRONEOUS_LDIF); LDAP_SERVER.loadLdif(erroneousDIF); Iterator<ExternalUser> users = idp.listUsers(); // without the LdapInvalidAttributeValueException a NPE would result here: while(users.hasNext()) { ExternalUser user = users.next(); // the 'Faulty Entry' of the ERRONEOUS_LDIF should be filtered out // (by LdapIdentityProvider.listUsers.getNext()) assertTrue(!user.getPrincipalName().startsWith("cn=Faulty Entry")); } }
GroupPrincipal getGroupPrincipal() throws Exception { ExternalUser externalUser = idp.getUser(USER_ID); return getGroupPrincipal(externalUser.getDeclaredGroups().iterator().next()); }
@Test public void testNullIntermediatePath() throws Exception { providerConfig.getUserConfig().setMakeDnPath(false); ExternalUser user = idp.getUser(TEST_USER1_UID); assertNotNull("User 1 must exist", user); assertNull("Intermediate path must be null", user.getIntermediatePath()); }
@Test public void testInitialSyncExternalUsersNoNesting() throws Exception { syncConfig.user().setMembershipNestingDepth(-1); ExternalUser externalUser = idp.getUser(TestIdentityProvider.ID_TEST_USER); String[] externalId = new String[] {externalUser.getExternalId().getString()}; String[] result = syncMBean.syncExternalUsers(externalId); assertResultMessages(result, TestIdentityProvider.ID_TEST_USER, "add"); UserManager userManager = getUserManager(); User testUser = userManager.getAuthorizable(externalUser.getId(), User.class); assertNotNull(testUser); for (ExternalIdentityRef groupRef : externalUser.getDeclaredGroups()) { assertNull(userManager.getAuthorizable(groupRef.getId())); } }
private void authenticateValidateInternal(LdapIdentityProvider idp, String id) throws Exception { SimpleCredentials creds = new SimpleCredentials(TEST_USER1_UID, "pass".toCharArray()); for (int i=0; i<8; i++) { ExternalUser user = this.idp.authenticate(creds); assertNotNull("User 1 must authenticate (i=" + i + ")", user); assertEquals("User Ref", TEST_USER1_DN, ((LdapUser)user).getEntry().getDn().getName()); assertEquals("User Ref", id, user.getExternalId().getId()); } }
sharedState.put(SHARED_KEY_LOGIN_NAME, externalUser.getId());
@Override @Test public void testGetPrincipalInheritedGroups() throws Exception { ExternalUser externalUser = idp.getUser(USER_ID); for (ExternalIdentityRef ref : externalUser.getDeclaredGroups()) { ExternalIdentity externalGroup = idp.getIdentity(ref); Principal grPrincipal = principalProvider.getPrincipal(externalGroup.getPrincipalName()); for (ExternalIdentityRef inheritedGroupRef : externalGroup.getDeclaredGroups()) { String inheritedPrincName = idp.getIdentity(inheritedGroupRef).getPrincipalName(); Principal principal = principalProvider.getPrincipal(inheritedPrincName); assertNotNull(principal); assertTrue(principal instanceof GroupPrincipal); GroupPrincipal inheritedGrPrincipal = (GroupPrincipal) principal; assertTrue(inheritedGrPrincipal.isMember(new PrincipalImpl(externalUser.getPrincipalName()))); assertFalse(inheritedGrPrincipal.isMember(grPrincipal)); } } }
@Test public void testSyncPropertiesEmptyMapExistingProps() throws Exception { ExternalUser externalUser = idp.getUser(TestIdentityProvider.ID_SECOND_USER); Authorizable a = syncCtx.createUser(externalUser); Value anyValue = valueFactory.createValue("any"); Map<String, ?> extProps = externalUser.getProperties(); for (String propName : extProps.keySet()) { a.setProperty(propName, anyValue); } syncCtx.syncProperties(externalUser, a, ImmutableMap.<String, String>of()); for (String propName : extProps.keySet()) { assertTrue(a.hasProperty(propName)); assertEquals(anyValue, a.getProperty(propName)[0]); } }
@Test public void testSyncUserIdExistingGroups() throws Exception { ExternalUser externalUser = idp.getUser(USER_ID); DefaultSyncContext ctx = new DefaultSyncContext(syncConfig, idp, userManager, valueFactory); ctx.sync(externalUser); ctx.close(); Authorizable user = userManager.getAuthorizable(externalUser.getId()); for (ExternalIdentityRef ref : externalUser.getDeclaredGroups()) { Group gr = userManager.getAuthorizable(ref.getId(), Group.class); assertTrue(gr.isMember(user)); } syncContext.setForceUserSync(true); syncContext.sync(externalUser.getId()); Authorizable a = userManager.getAuthorizable(USER_ID); Tree t = r.getTree(a.getPath()); assertFalse(t.hasProperty(ExternalIdentityConstants.REP_EXTERNAL_PRINCIPAL_NAMES)); assertSyncedMembership(userManager, a, externalUser); }