@Transactional(readOnly = true) @Override public UserTO getUserTO(final User user, final boolean details) { UserTO userTO = new UserTO(); userTO.setKey(user.getKey()); userTO.setUsername(user.getUsername()); userTO.setPassword(user.getPassword()); userTO.setType(user.getType().getKey()); userTO.setCreationDate(user.getCreationDate()); userTO.setCreator(user.getCreator()); userTO.setLastChangeDate(user.getLastChangeDate()); userTO.setLastModifier(user.getLastModifier()); userTO.setStatus(user.getStatus()); userTO.setSuspended(BooleanUtils.isTrue(user.isSuspended())); userTO.setChangePwdDate(user.getChangePwdDate()); userTO.setFailedLogins(user.getFailedLogins()); userTO.setLastLoginDate(user.getLastLoginDate()); userTO.setMustChangePassword(user.isMustChangePassword()); userTO.setToken(user.getToken()); userTO.setTokenExpireTime(user.getTokenExpireTime()); userTO.setSecurityQuestion(user.getSecurityQuestion().getKey()); userTO.getDynRealms().addAll(userDAO.findDynRealms(user.getKey())); userTO.getRoles().addAll(user.getRoles().stream().map(Entity::getKey).collect(Collectors.toList())); userTO.getDynRoles().addAll( userDAO.findDynRoles(user.getKey()).stream().map(Entity::getKey).collect(Collectors.toList()));
@Transactional(propagation = Propagation.REQUIRES_NEW) public String create(final SAML2IdPEntity idp, final SAML2LoginResponseTO responseTO, final String nameID) { UserTO userTO = new UserTO(); if (idp.getUserTemplate() != null) { templateUtils.apply(userTO, idp.getUserTemplate()); } List<SAML2IdPActions> actions = getActions(idp); for (SAML2IdPActions action : actions) { userTO = action.beforeCreate(userTO, responseTO); } fill(idp.getKey(), responseTO, userTO); if (userTO.getRealm() == null) { userTO.setRealm(SyncopeConstants.ROOT_REALM); } if (userTO.getUsername() == null) { userTO.setUsername(nameID); } Pair<String, List<PropagationStatus>> created = provisioningManager.create(userTO, false, false); userTO = binder.getUserTO(created.getKey()); for (SAML2IdPActions action : actions) { userTO = action.afterCreate(userTO, responseTO); } return userTO.getUsername(); }
&& StringUtils.isBlank(((UserTO) anyTO).getPassword()) && provision.getResource().isRandomPwdIfNotProvided()) { Realm realm = realmDAO.findByFullPath(userTO.getRealm()); if (realm != null) { realmDAO.findAncestors(realm).stream(). userTO.getResources().stream(). map(resource -> resourceDAO.find(resource)). filter(resource -> resource != null && resource.getPasswordPolicy() != null). userTO.setPassword(password);
public void refreshAuth(final String username) { try { Pair<Map<String, Set<String>>, UserTO> self = client.self(); auth = self.getLeft(); selfTO = self.getRight(); roles = null; } catch (ForbiddenException e) { LOG.warn("Could not read self(), probably in a {} scenario", StandardEntitlement.MUST_CHANGE_PASSWORD, e); selfTO = new UserTO(); selfTO.setUsername(username); selfTO.setMustChangePassword(true); } }
@Transactional(readOnly = true) @Override public UserTO getAuthenticatedUserTO() { final UserTO authUserTO; String authUsername = AuthContextUtils.getUsername(); if (anonymousUser.equals(authUsername)) { authUserTO = new UserTO(); authUserTO.setKey(null); authUserTO.setUsername(anonymousUser); } else if (adminUser.equals(authUsername)) { authUserTO = new UserTO(); authUserTO.setKey(null); authUserTO.setUsername(adminUser); } else { User authUser = userDAO.findByUsername(authUsername); authUserTO = getUserTO(authUser, true); } return authUserTO; }
@Override public void onClick(final AjaxRequestTarget target, final UserTO ignore) { UserTO clone = SerializationUtils.clone(model.getObject()); clone.setKey(null); clone.setUsername(model.getObject().getUsername() + "_clone"); send(UserDirectoryPanel.this, Broadcast.EXACT, new AjaxWizard.NewItemActionEvent<>(new UserWrapper(clone), target)); }
if (updated.getPassword() != null && (original.getPassword() == null || !original.getPassword().equals(updated.getPassword()))) { value(updated.getPassword()). resources(updated.getResources()).build()); replacePatchItem(updated.getUsername(), original.getUsername(), new StringReplacePatchItem())); if (updated.getSecurityQuestion() == null) { result.setSecurityQuestion(null); result.setSecurityAnswer(null); } else if (!updated.getSecurityQuestion().equals(original.getSecurityQuestion()) || StringUtils.isNotBlank(updated.getSecurityAnswer())) { value(updated.getSecurityQuestion()).build()); result.setSecurityAnswer( new StringReplacePatchItem.Builder().value(updated.getSecurityAnswer()).build()); updated.isMustChangePassword(), original.isMustChangePassword(), new BooleanReplacePatchItem())); original.getRoles().stream().filter(role -> !updated.getRoles().contains(role)). forEach(toRemove -> { result.getRoles().add(new StringPatchItem.Builder(). updated.getRoles().stream().filter(role -> !original.getRoles().contains(role)). forEach(toAdd -> { result.getRoles().add(new StringPatchItem.Builder(). EntityTOUtils.buildRelationshipMap(updated.getRelationships());
LOG.debug("User self registration request for [{}]", userTO.getUsername()); LOG.trace("Request is [{}]", userTO); userTO.getPlainAttrs().stream(). filter(attr -> (attr.getSchema(). contains(SyncopeEnduserConstants.MEMBERSHIP_ATTR_SEPARATOR))). String[] simpleAttrs = attr.getSchema().split( SyncopeEnduserConstants.MEMBERSHIP_ATTR_SEPARATOR); MembershipTO membership = userTO.getMemberships().stream(). filter(memb -> simpleAttrs[0].equals(memb.getGroupName())). findFirst().orElse(null); if (membership == null) { membership = new MembershipTO.Builder(null).groupName(simpleAttrs[0]).build(); userTO.getMemberships().add(membership); membAttrs.add(attr); }); userTO.getPlainAttrs().removeAll(membAttrs); millisToDate(userTO.getPlainAttrs(), plainSchema); return plainSchema; }).forEach(plainSchema -> { userTO.getMemberships().forEach(membership -> { millisToDate(membership.getPlainAttrs(), plainSchema); }); userTO.getDerAttrs().stream(). filter(attr -> (attr.getSchema().
LOG.debug("User self registration request for [{}]", userTO.getUsername()); LOG.trace("Request is [{}]", userTO); userTO.getPlainAttrs().stream(). filter(attr -> (attr.getSchema(). contains(SyncopeEnduserConstants.MEMBERSHIP_ATTR_SEPARATOR))). String[] simpleAttrs = attr.getSchema().split( SyncopeEnduserConstants.MEMBERSHIP_ATTR_SEPARATOR); MembershipTO membership = userTO.getMemberships().stream(). filter(memb -> simpleAttrs[0].equals(memb.getGroupName())). findFirst().orElse(null); if (membership == null) { membership = new MembershipTO.Builder().group(null, simpleAttrs[0]).build(); userTO.getMemberships().add(membership); membAttrs.add(attr); }); userTO.getPlainAttrs().removeAll(membAttrs); millisToDate(userTO.getPlainAttrs(), plainSchema); return plainSchema; }).forEachOrdered(plainSchema -> { userTO.getMemberships().forEach(membership -> { millisToDate(membership.getPlainAttrs(), plainSchema); }); userTO.getDerAttrs().stream(). filter(attr -> (attr.getSchema().
userTO.getKey(), schemas, new Meta( Resource.User, userTO.getCreationDate(), userTO.getLastChangeDate() == null ? userTO.getCreationDate() : userTO.getLastChangeDate(), userTO.getETagValue(), location), output(attributes, excludedAttributes, "userName", userTO.getUsername()), !userTO.isSuspended()); attrs.putAll(EntityTOUtils.buildAttrMap(userTO.getPlainAttrs())); attrs.putAll(EntityTOUtils.buildAttrMap(userTO.getDerAttrs())); attrs.putAll(EntityTOUtils.buildAttrMap(userTO.getVirAttrs())); attrs.put("username", new AttrTO.Builder().schema("username").value(userTO.getUsername()).build()); UserTO userManager = userLogic.read(attrs.get( conf.getEnterpriseUserConf().getManager().getKey()).getValues().get(0)); manager.setValue(userManager.getKey()); manager.setRef( StringUtils.substringBefore(location, "/Users") + "/Users/" + userManager.getKey()); AttrTO displayName = userManager.getPlainAttr( conf.getEnterpriseUserConf().getManager().getDisplayName()).orElse(null); if (displayName == null) { displayName = userManager.getDerAttr( conf.getEnterpriseUserConf().getManager().getDisplayName()).orElse(null);
UserTO updatedUser = (UserTO) updated; if (StringUtils.isBlank(updatedUser.getUsername())) { updatedUser.setUsername(originalUser.getUsername()); if (StringUtils.isBlank(updatedUser.getPassword()) || ENCRYPTOR.verify(updatedUser.getPassword(), user.getCipherAlgorithm(), user.getPassword())) { updatedUser.setPassword(null); updatedUser.setSecurityQuestion(updatedUser.getSecurityQuestion()); updatedUser.setMustChangePassword(originalUser.isMustChangePassword());
UserTO userTO = new UserTO(); userTO.setRealm(SyncopeConstants.ROOT_REALM); userTO.setKey(user.getId()); userTO.setPassword(user.getPassword()); userTO.setUsername(user.getUserName()); fill(userTO.getPlainAttrs(), conf.getUserConf().getEmails(), user.getEmails()); fill(userTO.getPlainAttrs(), conf.getUserConf().getPhoneNumbers(), user.getPhoneNumbers()); fill(userTO.getPlainAttrs(), conf.getUserConf().getIms(), user.getIms()); fill(userTO.getPlainAttrs(), conf.getUserConf().getPhotos(), user.getPhotos()); userTO.getMemberships().add(new MembershipTO.Builder().group(group.getValue()).build()); }); userTO.getRoles().add(role.getValue()); });
} else if (idp.isSelfRegUnmatching()) { responseTO.setNameID(nameID.getValue()); UserTO userTO = new UserTO(); responseTO.getAttrs().addAll(userTO.getPlainAttrs()); responseTO.getAttrs().addAll(userTO.getVirAttrs()); if (StringUtils.isNotBlank(userTO.getUsername())) { responseTO.setUsername(userTO.getUsername());
result.setPassword(userPatch.getPassword().getValue()); result.setUsername(userPatch.getUsername().getValue()); LOG.warn("Invalid {} specified: {}", RelationshipPatch.class.getName(), relPatch); } else { result.getRelationships().remove(relPatch.getRelationshipTO()); if (relPatch.getOperation() == PatchOperation.ADD_REPLACE) { result.getRelationships().add(relPatch.getRelationshipTO()); LOG.warn("Invalid {} specified: {}", MembershipPatch.class.getName(), membPatch); } else { result.getMemberships().stream(). filter(membership -> membPatch.getGroup().equals(membership.getGroupKey())). findFirst().ifPresent(memb -> result.getMemberships().remove(memb)); result.getMemberships().add(newMembershipTO); switch (rolePatch.getOperation()) { case ADD_REPLACE: result.getRoles().add(rolePatch.getValue()); break; result.getRoles().remove(rolePatch.getValue());
UserCR userCR = (UserCR) anyCR; userTO.setUsername(userCR.getUsername()); userTO.setPassword(userCR.getPassword()); userTO.setSecurityQuestion(userCR.getSecurityQuestion()); userTO.setSecurityAnswer(userCR.getSecurityAnswer()); userTO.setMustChangePassword(userCR.isMustChangePassword()); userTO.getRelationships().addAll(userCR.getRelationships()); userTO.getMemberships().addAll(userCR.getMemberships()); userTO.getRoles().addAll(userCR.getRoles()); } else if (anyTO instanceof GroupTO && anyCR instanceof GroupCR) { GroupTO groupTO = (GroupTO) anyTO;
fillMemberships((GroupableRelatableTO) anyTO, ((GroupableRelatableTO) template)); } else if (template instanceof UserTO) { if (StringUtils.isNotBlank(((UserTO) template).getUsername())) { String evaluated = JexlUtils.evaluate(((UserTO) template).getUsername(), jexlContext); if (StringUtils.isNotBlank(evaluated)) { ((UserTO) anyTO).setUsername(evaluated); if (StringUtils.isNotBlank(((UserTO) template).getPassword())) { String evaluated = JexlUtils.evaluate(((UserTO) template).getPassword(), jexlContext); if (StringUtils.isNotBlank(evaluated)) { ((UserTO) anyTO).setPassword(evaluated); ((UserTO) anyTO).getRoles().addAll(((UserTO) template).getRoles()); } else if (template instanceof GroupTO) { if (StringUtils.isNotBlank(((GroupTO) template).getName())) {
@Override protected String getName(final AnyTO anyTO) { return UserTO.class.cast(anyTO).getUsername(); }
protected ProvisioningResult<UserTO> doDelete( final UserTO userTO, final boolean self, final boolean nullPriorityAsync) { Pair<UserTO, List<LogicActions>> before = beforeDelete(userTO); if (!self) { Set<String> effectiveRealms = RealmUtils.getEffective( AuthContextUtils.getAuthorizations().get(StandardEntitlement.USER_DELETE), before.getLeft().getRealm()); securityChecks(effectiveRealms, before.getLeft().getRealm(), before.getLeft().getKey()); } List<Group> ownedGroups = groupDAO.findOwnedByUser(before.getLeft().getKey()); if (!ownedGroups.isEmpty()) { SyncopeClientException sce = SyncopeClientException.build(ClientExceptionType.GroupOwnership); sce.getElements().addAll(ownedGroups.stream(). map(group -> group.getKey() + " " + group.getName()).collect(Collectors.toList())); throw sce; } List<PropagationStatus> statuses = provisioningManager.delete(before.getLeft().getKey(), nullPriorityAsync); UserTO deletedTO; if (userDAO.find(before.getLeft().getKey()) == null) { deletedTO = new UserTO(); deletedTO.setKey(before.getLeft().getKey()); } else { deletedTO = binder.getUserTO(before.getLeft().getKey()); } return afterDelete(binder.returnUserTO(deletedTO), statuses, before.getRight()); }
@PreAuthorize("hasRole('" + StandardEntitlement.USER_UPDATE + "')") public ProvisioningResult<UserTO> status(final StatusPatch statusPatch, final boolean nullPriorityAsync) { // security checks UserTO toUpdate = binder.getUserTO(statusPatch.getKey()); Set<String> effectiveRealms = RealmUtils.getEffective( AuthContextUtils.getAuthorizations().get(StandardEntitlement.USER_UPDATE), toUpdate.getRealm()); securityChecks(effectiveRealms, toUpdate.getRealm(), toUpdate.getKey()); // ensures the actual user key is effectively on the patch - as the binder.getUserTO(statusPatch.getKey()) // call above works with username as well statusPatch.setKey(toUpdate.getKey()); Pair<String, List<PropagationStatus>> updated = setStatusOnWfAdapter(statusPatch, nullPriorityAsync); return afterUpdate( binder.returnUserTO(binder.getUserTO(updated.getKey())), updated.getRight(), Collections.<LogicActions>emptyList(), false, Collections.<String>emptySet()); }
@Override public String getObject() { if (groupWrapper.getInnerObject().getUserOwner() == null) { return StringUtils.EMPTY; } else { UserTO userTO = userRestClient.read(groupWrapper.getInnerObject().getUserOwner()); if (userTO == null) { return StringUtils.EMPTY; } else { return String.format("[%s] %s", userTO.getKey(), userTO.getUsername()); } } }