UserPatch userPatch = new UserPatch(); userPatch.setKey(user); patches.add(userPatch); Set<String> before = membershipsBefore.get(user); if (before == null || !before.contains(group)) { userPatch.getMemberships().add( new MembershipPatch.Builder(). operation(PatchOperation.ADD_REPLACE). filter(patch -> user.equals(patch.getKey())).findFirst(). orElseGet(() -> { UserPatch patch = new UserPatch(); patch.setKey(user); patches.add(patch); return patch; Set<String> after = membershipsAfter.get(user); if (after == null || !after.contains(group)) { userPatch.getMemberships().add( new MembershipPatch.Builder(). operation(PatchOperation.DELETE). }); patches.stream().filter(patch -> !patch.isEmpty()).forEach(patch -> { LOG.debug("About to update User {}", patch); userProvisioningManager.update(patch, true);
@PreAuthorize("hasRole('" + StandardEntitlement.MUST_CHANGE_PASSWORD + "')") public ProvisioningResult<UserTO> mustChangePassword(final String password, final boolean nullPriorityAsync) { UserPatch userPatch = new UserPatch(); userPatch.setPassword(new PasswordPatch.Builder().value(password).build()); userPatch.setMustChangePassword(new BooleanReplacePatchItem.Builder().value(false).build()); return selfUpdate(userPatch, nullPriorityAsync); }
@Override public List<PropagationTaskInfo> getUserUpdateTasks( final WorkflowResult<Pair<UserPatch, Boolean>> wfResult, final boolean changePwd, final Collection<String> noPropResourceKeys) { return getUpdateTasks( userDAO.authFind(wfResult.getResult().getLeft().getKey()), wfResult.getResult().getKey().getPassword() == null ? null : wfResult.getResult().getKey().getPassword().getValue(), changePwd, wfResult.getResult().getValue(), wfResult.getPropByRes(), wfResult.getResult().getKey().getVirAttrs(), noPropResourceKeys); }
@Override public List<PropagationStatus> provision( final String key, final boolean changePwd, final String password, final Collection<String> resources, final boolean nullPriorityAsync) { UserPatch userPatch = new UserPatch(); userPatch.setKey(key); userPatch.getResources().addAll(resources.stream().map(resource -> new StringPatchItem.Builder().operation(PatchOperation.ADD_REPLACE).value(resource).build()). collect(Collectors.toSet())); if (changePwd) { PasswordPatch passwordPatch = new PasswordPatch(); passwordPatch.setOnSyncope(false); passwordPatch.getResources().addAll(resources); passwordPatch.setValue(password); userPatch.setPassword(passwordPatch); } PropagationByResource propByRes = new PropagationByResource(); propByRes.addAll(ResourceOperation.UPDATE, resources); WorkflowResult<Pair<UserPatch, Boolean>> wfResult = new WorkflowResult<>( ImmutablePair.of(userPatch, (Boolean) null), propByRes, "update"); List<PropagationTaskInfo> taskInfos = propagationManager.getUserUpdateTasks(wfResult, changePwd, null); PropagationReporter propagationReporter = taskExecutor.execute(taskInfos, nullPriorityAsync); return propagationReporter.getStatuses(); }
UserPatch result = new UserPatch(); result.setPassword(new PasswordPatch.Builder(). value(updated.getPassword()). resources(updated.getResources()).build()); result.setUsername( replacePatchItem(updated.getUsername(), original.getUsername(), new StringReplacePatchItem())); result.setSecurityQuestion(null); result.setSecurityAnswer(null); } else if (!updated.getSecurityQuestion().equals(original.getSecurityQuestion()) || StringUtils.isNotBlank(updated.getSecurityAnswer())) { result.setSecurityQuestion(new StringReplacePatchItem.Builder(). value(updated.getSecurityQuestion()).build()); result.setSecurityAnswer( new StringReplacePatchItem.Builder().value(updated.getSecurityAnswer()).build()); result.setMustChangePassword(replacePatchItem( updated.isMustChangePassword(), original.isMustChangePassword(), new BooleanReplacePatchItem())); original.getRoles().stream().filter(role -> !updated.getRoles().contains(role)). forEach(toRemove -> { result.getRoles().add(new StringPatchItem.Builder(). operation(PatchOperation.DELETE).value(toRemove).build()); }); result.getRoles().add(new StringPatchItem.Builder().
@PreAuthorize("hasRole('" + StandardEntitlement.USER_UPDATE + "')") @Override public ProvisioningResult<UserTO> unassign( final String key, final Collection<String> resources, final boolean nullPriorityAsync) { // security checks UserTO user = binder.getUserTO(key); Set<String> effectiveRealms = RealmUtils.getEffective( AuthContextUtils.getAuthorizations().get(StandardEntitlement.USER_UPDATE), user.getRealm()); securityChecks(effectiveRealms, user.getRealm(), user.getKey()); UserPatch patch = new UserPatch(); patch.setKey(key); patch.getResources().addAll(resources.stream().map(resource -> new StringPatchItem.Builder().operation(PatchOperation.DELETE).value(resource).build()). collect(Collectors.toList())); return update(patch, nullPriorityAsync); }
if (userPatch.getPassword() != null && StringUtils.isNotBlank(userPatch.getPassword().getValue())) { if (userPatch.getPassword().isOnSyncope()) { setPassword(user, userPatch.getPassword().getValue(), scce); user.setChangePwdDate(new Date()); propByRes.addAll(ResourceOperation.UPDATE, userPatch.getPassword().getResources()); if (userPatch.getUsername() != null && StringUtils.isNotBlank(userPatch.getUsername().getValue())) { String oldUsername = user.getUsername(); user.setUsername(userPatch.getUsername().getValue()); AuthContextUtils.updateUsername(userPatch.getUsername().getValue()); accessToken.setOwner(userPatch.getUsername().getValue()); accessTokenDAO.save(accessToken); if (userPatch.getSecurityQuestion() != null) { if (userPatch.getSecurityQuestion().getValue() == null) { user.setSecurityQuestion(null); user.setSecurityAnswer(null); } else { SecurityQuestion securityQuestion = securityQuestionDAO.find(userPatch.getSecurityQuestion().getValue()); if (securityQuestion != null) { user.setSecurityQuestion(securityQuestion); user.setSecurityAnswer(userPatch.getSecurityAnswer().getValue()); if (userPatch.getMustChangePassword() != null) { user.setMustChangePassword(userPatch.getMustChangePassword().getValue());
@Override public String unlink(final UserPatch userPatch) { WorkflowResult<Pair<UserPatch, Boolean>> updated = uwfAdapter.update(userPatch); return updated.getResult().getLeft().getKey(); }
if (userPatch.getPassword() == null) { wfResult.getResult(), new PropagationByResource(), wfResult.getPerformedTasks()); Set<String> pwdResourceNames = new HashSet<>(userPatch.getPassword().getResources()); Collection<String> allResourceNames = userDAO.findAllResourceKeys(userPatch.getKey()); pwdResourceNames.retainAll(allResourceNames); if (!pwdWFResult.getPropByRes().isEmpty()) { Set<String> toBeExcluded = new HashSet<>(allResourceNames); toBeExcluded.addAll(userPatch.getResources().stream(). map(patchItem -> patchItem.getValue()).collect(Collectors.toList())); toBeExcluded.removeAll(pwdResourceNames);
if (userPatch.getPassword() != null) { result.setPassword(userPatch.getPassword().getValue()); if (userPatch.getUsername() != null) { result.setUsername(userPatch.getUsername().getValue()); userPatch.getRelationships(). forEach(relPatch -> { if (relPatch.getRelationshipTO() == null) { userPatch.getMemberships(). forEach(membPatch -> { if (membPatch.getGroup() == null) { for (StringPatchItem rolePatch : userPatch.getRoles()) { switch (rolePatch.getOperation()) { case ADD_REPLACE:
} catch (Exception e) { LOG.error("Update of user {} failed, trying to pull its status anyway (if configured)", userPatch.getKey(), e); User user = userDAO.find(userPatch.getKey()); enableUpdate = uwfAdapter.activate(userPatch.getKey(), null); } else if (enabled && user.isSuspended()) { enableUpdate = uwfAdapter.reactivate(userPatch.getKey()); } else if (!enabled && !user.isSuspended()) { enableUpdate = uwfAdapter.suspend(userPatch.getKey()); updated, updated.getResult().getLeft().getPassword() != null, excludedResources); PropagationReporter propagationReporter = taskExecutor.execute(taskInfos, nullPriorityAsync);
protected ProvisioningResult<UserTO> doUpdate( final UserPatch userPatch, final boolean self, final boolean nullPriorityAsync) { UserTO userTO = binder.getUserTO(userPatch.getKey()); Set<String> dynRealmsBefore = new HashSet<>(userTO.getDynRealms()); Pair<UserPatch, List<LogicActions>> before = beforeUpdate(userPatch, userTO.getRealm()); boolean authDynRealms = false; if (!self && before.getLeft().getRealm() != null && StringUtils.isNotBlank(before.getLeft().getRealm().getValue())) { Set<String> effectiveRealms = RealmUtils.getEffective( AuthContextUtils.getAuthorizations().get(StandardEntitlement.USER_UPDATE), before.getLeft().getRealm().getValue()); authDynRealms = securityChecks(effectiveRealms, before.getLeft().getRealm().getValue(), before.getLeft().getKey()); } Pair<UserPatch, List<PropagationStatus>> updated = provisioningManager.update(before.getLeft(), nullPriorityAsync); return afterUpdate( binder.returnUserTO(binder.getUserTO(updated.getLeft().getKey())), updated.getRight(), before.getRight(), authDynRealms, dynRealmsBefore); }
@Override public <P extends AnyPatch> P newAnyPatch(final String key) { P result = null; switch (anyTypeKind) { case USER: result = (P) new UserPatch(); break; case GROUP: result = (P) new GroupPatch(); break; case ANY_OBJECT: result = (P) new AnyObjectPatch(); break; default: } if (result != null) { result.setKey(key); } return result; }
@PreAuthorize("isAuthenticated() " + "and not(hasRole('" + StandardEntitlement.ANONYMOUS + "')) " + "and not(hasRole('" + StandardEntitlement.MUST_CHANGE_PASSWORD + "'))") public ProvisioningResult<UserTO> selfUpdate(final UserPatch userPatch, final boolean nullPriorityAsync) { UserTO userTO = binder.getAuthenticatedUserTO(); userPatch.setKey(userTO.getKey()); ProvisioningResult<UserTO> updated = doUpdate(userPatch, true, nullPriorityAsync); // Ensures that, if the self update above moves the user into a status from which no authentication // is possible, the existing Access Token is clean up to avoid issues with future authentications if (!confDAO.getValuesAsStrings("authentication.statuses").contains(updated.getEntity().getStatus())) { String accessToken = accessTokenDAO.findByOwner(updated.getEntity().getUsername()).getKey(); if (accessToken != null) { accessTokenDAO.delete(accessToken); } } return updated; }
@Transactional(readOnly = true) @Override public <M extends AnyPatch> void beforeUpdate( final ProvisioningProfile<?, ?> profile, final SyncDelta delta, final EntityTO entityTO, final M anyPatch) throws JobExecutionException { if (anyPatch instanceof UserPatch) { PasswordPatch modPassword = ((UserPatch) anyPatch).getPassword(); parseEncodedPassword(modPassword == null ? null : modPassword.getValue()); } }
@PreAuthorize("hasRole('" + StandardEntitlement.USER_UPDATE + "')") @Override public ProvisioningResult<UserTO> assign( final String key, final Collection<String> resources, final boolean changepwd, final String password, final boolean nullPriorityAsync) { // security checks UserTO user = binder.getUserTO(key); Set<String> effectiveRealms = RealmUtils.getEffective( AuthContextUtils.getAuthorizations().get(StandardEntitlement.USER_UPDATE), user.getRealm()); securityChecks(effectiveRealms, user.getRealm(), user.getKey()); UserPatch patch = new UserPatch(); patch.setKey(key); patch.getResources().addAll(resources.stream().map(resource -> new StringPatchItem.Builder().operation(PatchOperation.ADD_REPLACE).value(resource).build()). collect(Collectors.toList())); if (changepwd) { patch.setPassword(new PasswordPatch.Builder(). value(password).onSyncope(false).resources(resources).build()); } return update(patch, nullPriorityAsync); }
@PreAuthorize("hasRole('" + StandardEntitlement.USER_UPDATE + "')") @Override public UserTO unlink(final String key, final Collection<String> resources) { // security checks UserTO user = binder.getUserTO(key); Set<String> effectiveRealms = RealmUtils.getEffective( AuthContextUtils.getAuthorizations().get(StandardEntitlement.USER_UPDATE), user.getRealm()); securityChecks(effectiveRealms, user.getRealm(), user.getKey()); UserPatch patch = new UserPatch(); patch.setKey(key); patch.getResources().addAll(resources.stream().map(resource -> new StringPatchItem.Builder().operation(PatchOperation.DELETE).value(resource).build()). collect(Collectors.toList())); return binder.returnUserTO(binder.getUserTO(provisioningManager.unlink(patch))); }
@Override public void internalSuspend(final String key) { Pair<WorkflowResult<String>, Boolean> updated = uwfAdapter.internalSuspend(key); // propagate suspension if and only if it is required by policy if (updated != null && updated.getRight()) { UserPatch userPatch = new UserPatch(); userPatch.setKey(updated.getLeft().getResult()); List<PropagationTaskInfo> taskInfos = propagationManager.getUserUpdateTasks(new WorkflowResult<>( Pair.of(userPatch, Boolean.FALSE), updated.getLeft().getPropByRes(), updated.getLeft().getPerformedTasks())); taskExecutor.execute(taskInfos, false); } }
@Override public String link(final UserPatch userPatch) { return uwfAdapter.update(userPatch).getResult().getLeft().getKey(); }