/** * {@inheritDoc} */ @Override public boolean requiresSync(@NotNull SyncedIdentity identity) { if (identity.getExternalIdRef() == null || identity.lastSynced() < 0) { return true; } final long now = System.currentTimeMillis(); final long expirationTime = identity.isGroup() ? config.group().getExpirationTime() : config.user().getExpirationTime(); return now - identity.lastSynced() > expirationTime; }
@Test public void testLastSynced() { assertEquals(234, si.lastSynced()); assertEquals(234, siGroup.lastSynced()); SyncedIdentity siNeverSynced = new DefaultSyncedIdentity(TestIdentityProvider.ID_TEST_USER, externalUser.getExternalId(), false, -1); assertEquals(-1, siNeverSynced.lastSynced()); } }
@Test public void testCreateSyncedIdentityEmptyLastSyncedProperty() throws Exception { Group gr = createTestGroup(); gr.setProperty(DefaultSyncContext.REP_LAST_SYNCED, new Value[0]); SyncedIdentity si = DefaultSyncContext.createSyncedIdentity(gr); assertNotNull(si); assertEquals(-1, si.lastSynced()); }
@Test public void testCreateSyncedIdentitySyncedGroup() throws Exception { ExternalIdentity externalGroup = idp.listGroups().next(); sync(externalGroup); Authorizable a = userManager.getAuthorizable(externalGroup.getId()); SyncedIdentity si = DefaultSyncContext.createSyncedIdentity(a); assertNotNull(si); assertEquals(a.getID(), si.getId()); assertNotNull(si.getExternalIdRef()); assertTrue(si.isGroup()); assertEquals(syncCtx.now, si.lastSynced()); }
@Test public void testCreateSyncedIdentitySyncedUser() throws Exception { ExternalIdentity externalUser = idp.listUsers().next(); sync(externalUser); Authorizable a = userManager.getAuthorizable(externalUser.getId()); SyncedIdentity si = DefaultSyncContext.createSyncedIdentity(a); assertNotNull(si); assertEquals(a.getID(), si.getId()); assertNotNull(si.getExternalIdRef()); assertFalse(si.isGroup()); assertEquals(syncCtx.now, si.lastSynced()); }
@Test public void testCreateSyncedIdentityLocalUser() throws Exception { User u = getTestUser(); SyncedIdentity si = DefaultSyncContext.createSyncedIdentity(u); assertNotNull(si); assertEquals(u.getID(), si.getId()); assertNull(si.getExternalIdRef()); assertFalse(si.isGroup()); assertEquals(-1, si.lastSynced()); }
@Test public void testCreateSyncedIdentityLocalGroup() throws Exception { Group gr = createTestGroup(); SyncedIdentity si = DefaultSyncContext.createSyncedIdentity(gr); assertNotNull(si); assertEquals(gr.getID(), si.getId()); assertNull(si.getExternalIdRef()); assertTrue(si.isGroup()); assertEquals(-1, si.lastSynced()); }
@Test public void testSyncForeignExternalGroup() throws Exception { ExternalGroup foreign = new TestIdentityProvider.ForeignExternalGroup(); SyncResult res = syncContext.sync(foreign); assertNotNull(res); assertSame(SyncResult.Status.FOREIGN, res.getStatus()); // expect {@code SyncedIdentity} in accordance with {@code sync(String userId)}, // where the authorizable is found to be linked to a different IDP. SyncedIdentity si = res.getIdentity(); assertNotNull(si); assertEquals(foreign.getId(), si.getId()); ExternalIdentityRef ref = si.getExternalIdRef(); assertNotNull(ref); assertEquals(foreign.getExternalId(), ref); assertTrue(si.isGroup()); assertEquals(-1, si.lastSynced()); assertFalse(r.hasPendingChanges()); }
@Test public void testSyncForeignExternalUser() throws Exception { ExternalIdentity foreign = new TestIdentityProvider.ForeignExternalUser(); SyncResult res = syncCtx.sync(foreign); assertNotNull(res); assertSame(SyncResult.Status.FOREIGN, res.getStatus()); // expect {@code SyncedIdentity} in accordance with {@code sync(String userId)}, // where the authorizable is found to be linked to a different IDP. SyncedIdentity si = res.getIdentity(); assertNotNull(si); assertEquals(foreign.getId(), si.getId()); ExternalIdentityRef ref = si.getExternalIdRef(); assertNotNull(ref); assertEquals(foreign.getExternalId(), ref); assertFalse(si.isGroup()); assertEquals(-1, si.lastSynced()); assertFalse(root.hasPendingChanges()); }
@Test public void testSyncForeignExternalGroup() throws Exception { ExternalIdentity foreign = new TestIdentityProvider.ForeignExternalGroup(); SyncResult res = syncCtx.sync(foreign); assertNotNull(res); assertSame(SyncResult.Status.FOREIGN, res.getStatus()); // expect {@code SyncedIdentity} in accordance with {@code sync(String userId)}, // where the authorizable is found to be linked to a different IDP. SyncedIdentity si = res.getIdentity(); assertNotNull(si); assertEquals(foreign.getId(), si.getId()); ExternalIdentityRef ref = si.getExternalIdRef(); assertNotNull(ref); assertEquals(foreign.getExternalId(), ref); assertTrue(si.isGroup()); assertEquals(-1, si.lastSynced()); assertFalse(root.hasPendingChanges()); }
@Test public void testForeign() throws Exception { // sync foreign user into the repository // NOTE: that should be considered a bug by the tool that does the sync // as it uses an IDP that is not configured with the login-chain! ExternalIdentityProvider foreign = new TestIdentityProvider("foreign"); SyncContext syncContext = new DefaultSyncContext(syncConfig, foreign, getUserManager(root), getValueFactory(root)); SyncResult result = syncContext.sync(foreign.getUser(TestIdentityProvider.ID_TEST_USER)); long lastSynced = result.getIdentity().lastSynced(); root.commit(); PreAuthCredentials creds = new PreAuthCredentials(TestIdentityProvider.ID_TEST_USER); ContentSession cs = null; try { // login should succeed due the fact that the _LoginModuleImpl_ succeeds for // an existing authorizable if _pre_auth_ is enabled. cs = login(creds); assertEquals(PreAuthCredentials.PRE_AUTH_DONE, creds.getMessage()); // foreign user _must_ not have been touched by the _ExternalLoginModule_ root.refresh(); User u = getUserManager(root).getAuthorizable(TestIdentityProvider.ID_TEST_USER, User.class); assertNotNull(u); assertEquals(lastSynced, DefaultSyncContext.createSyncedIdentity(u).lastSynced()); } finally { if (cs != null) { cs.close(); } } }
@Test public void testExistingExternalNoSync() throws Exception { // prevent expiration of the user syncConfig.user().setExpirationTime(Long.MAX_VALUE); // sync user upfront SyncContext syncContext = new DefaultSyncContext(syncConfig, idp, getUserManager(root), getValueFactory(root)); SyncResult result = syncContext.sync(idp.getUser(TestIdentityProvider.ID_TEST_USER)); long lastSynced = result.getIdentity().lastSynced(); root.commit(); PreAuthCredentials creds = new PreAuthCredentials(TestIdentityProvider.ID_TEST_USER); ContentSession cs = null; try { cs = login(creds); assertEquals(PreAuthCredentials.PRE_AUTH_DONE, creds.getMessage()); assertEquals(TestIdentityProvider.ID_TEST_USER, cs.getAuthInfo().getUserID()); root.refresh(); User u = getUserManager(root).getAuthorizable(TestIdentityProvider.ID_TEST_USER, User.class); assertNotNull(u); // user _should_ not have been re-synced assertEquals(lastSynced, DefaultSyncContext.createSyncedIdentity(u).lastSynced()); } finally { if (cs != null) { cs.close(); } } }
@Test public void testExistingExternalReSync() throws Exception { // sync user upfront UserManager uMgr = getUserManager(root); SyncContext syncContext = new DefaultSyncContext(syncConfig, idp, uMgr, getValueFactory(root)); SyncResult result = syncContext.sync(idp.getUser(TestIdentityProvider.ID_TEST_USER)); long lastSynced = result.getIdentity().lastSynced(); root.commit(); PreAuthCredentials creds = new PreAuthCredentials(TestIdentityProvider.ID_TEST_USER); ContentSession cs = null; try { // wait until the synced user is expired waitUntilExpired(uMgr.getAuthorizable(TestIdentityProvider.ID_TEST_USER, User.class), root, syncConfig.user().getExpirationTime()); cs = login(creds); assertEquals(PreAuthCredentials.PRE_AUTH_DONE, creds.getMessage()); assertEquals(TestIdentityProvider.ID_TEST_USER, cs.getAuthInfo().getUserID()); root.refresh(); User u = getUserManager(root).getAuthorizable(TestIdentityProvider.ID_TEST_USER, User.class); assertNotNull(u); // user _should_ be re-synced assertFalse(lastSynced == DefaultSyncContext.createSyncedIdentity(u).lastSynced()); } finally { if (cs != null) { cs.close(); } } }