Add a test for MID-9504 (passing for now)

Evolveum · Apr 29, 2024 · 02d085e · 02d085e
1 parent e402402
commit 02d085e
Show file tree

Hide file tree

Showing 2 changed files with 137 additions and 0 deletions.
diff --git a/...ntest/src/test/java/com/evolveum/midpoint/model/intest/password/AbstractPasswordTest.java b/...ntest/src/test/java/com/evolveum/midpoint/model/intest/password/AbstractPasswordTest.java
@@ -6,6 +6,8 @@
  */
 package com.evolveum.midpoint.model.intest.password;
 
+import static com.evolveum.midpoint.schema.constants.SchemaConstants.INTENT_DEFAULT;
+
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.testng.AssertJUnit.*;
 
@@ -103,6 +105,9 @@ public abstract class AbstractPasswordTest extends AbstractInitializedModelInteg
     protected static final String RESOURCE_DUMMY_MAVERICK_OID = "72a928b6-ff7b-11e7-9643-7366d7749c31";
     protected static final String RESOURCE_DUMMY_MAVERICK_NAME = "maverick";
 
+    protected static final DummyTestResource RESOURCE_DUMMY_INBOUND = new DummyTestResource(
+            TEST_DIR, "resource-dummy-inbound.xml", "3dbe59ee-2a7e-49ba-a447-218bf64e111b", "inbound");
+
     protected static final File PASSWORD_POLICY_UGLY_FILE = new File(TEST_DIR, "password-policy-ugly.xml");
     protected static final String PASSWORD_POLICY_UGLY_OID = "cfb3fa9e-027a-11e7-8e2c-dbebaacaf4ee";
 
@@ -171,6 +176,8 @@ public void initSystem(Task initTask, OperationResult initResult) throws Excepti
         importObjectFromFile(SECURITY_POLICY_MAVERICK_FILE);
         initDummyResourcePirate(RESOURCE_DUMMY_MAVERICK_NAME, RESOURCE_DUMMY_MAVERICK_FILE, RESOURCE_DUMMY_MAVERICK_OID, initTask, initResult);
 
+        initTestObjects(initTask, initResult, RESOURCE_DUMMY_INBOUND);
+
         login(USER_ADMINISTRATOR_USERNAME);
     }
 
@@ -291,6 +298,73 @@ public void test051ModifyUserJackPassword() throws Exception {
         assertSingleUserPasswordNotification(USER_JACK_USERNAME, USER_PASSWORD_1_CLEAR);
     }
 
+    /** MID-9504 */
+    @Test
+    public void test055ModifyUserJackPasswordWithInbound() throws Exception {
+        // GIVEN
+        Task task = getTestTask();
+        OperationResult result = task.getResult();
+
+        given("user has an account on a resource with inbound password mapping");
+
+        executeChanges(
+                deltaFor(UserType.class)
+                        .item(PASSWORD_VALUE_PATH)
+                        .replace(protector.encryptString("d3adM3nT3llN0Tal3sXXX")) // just to be different
+                        .item(UserType.F_ASSIGNMENT)
+                        .add(new AssignmentType()
+                                        .construction(
+                                                RESOURCE_DUMMY_INBOUND.construction(ShadowKindType.ACCOUNT, INTENT_DEFAULT)))
+                        .asObjectDelta(USER_JACK_OID),
+                null, task, result);
+        RESOURCE_DUMMY_INBOUND.controller.assertAccountByUsername("jack");
+        var shadowOid = assertUser(USER_JACK_OID, "before")
+                .singleLink()
+                .getOid();
+
+        prepareTest();
+
+        XMLGregorianCalendar startCal = clock.currentTimeXMLGregorianCalendar();
+
+        // WHEN
+        when();
+        executeChanges(
+                List.of(
+                        deltaFor(UserType.class)
+                                .item(PASSWORD_VALUE_PATH)
+                                .replace(
+                                        protector.encryptString(USER_PASSWORD_1_CLEAR))
+                                .asObjectDelta(USER_JACK_OID),
+                        deltaFor(ShadowType.class)
+                                .item(PASSWORD_VALUE_PATH)
+                                .replace(
+                                        protector.encryptString(USER_PASSWORD_1_CLEAR))
+                                .asObjectDelta(shadowOid)
+                ),
+                null, task, result);
+
+        // THEN
+        then();
+        assertSuccess(result);
+
+        XMLGregorianCalendar endCal = clock.currentTimeXMLGregorianCalendar();
+
+        PrismObject<UserType> userJack = getUser(USER_JACK_OID);
+        display("User after change execution", userJack);
+        assertUserJack(userJack, "Jack Sparrow");
+
+        assertUserPassword(userJack, USER_PASSWORD_1_CLEAR);
+        assertPasswordMetadata(userJack, false, startCal, endCal);
+        // Password policy is not active yet. No history should be kept.
+        assertPasswordHistoryEntries(userJack);
+
+        displayDumpable("notifications", dummyTransport);
+
+        assertSingleUserPasswordNotification(USER_JACK_USERNAME, USER_PASSWORD_1_CLEAR);
+
+        unassignAccount(UserType.class, USER_JACK_OID, RESOURCE_DUMMY_INBOUND.oid, INTENT_DEFAULT, task, result);
+    }
+
     @Test
     public void test060CheckJackPasswordModelInteraction() throws Exception {
         if (getPasswordStorageType() == CredentialsStorageTypeType.NONE) {

diff --git a/model/model-intest/src/test/resources/password/resource-dummy-inbound.xml b/model/model-intest/src/test/resources/password/resource-dummy-inbound.xml
@@ -0,0 +1,63 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  ~ Copyright (c) 2010-2021 Evolveum and contributors
+  ~
+  ~ This work is dual-licensed under the Apache License 2.0
+  ~ and European Union Public License. See LICENSE file for details.
+  -->
+
+<resource oid="3dbe59ee-2a7e-49ba-a447-218bf64e111b"
+          xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
+          xmlns:q="http://prism.evolveum.com/xml/ns/public/query-3"
+          xmlns:icfs="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3"
+          xmlns:ri="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3">
+
+    <!-- Resource with inbound password mapping -->
+
+    <name>Dummy Resource Inbound</name>
+    <connectorRef type="ConnectorType">
+        <filter>
+            <q:and>
+                <q:equal>
+                    <q:path>connectorType</q:path>
+                    <q:value>com.evolveum.icf.dummy.connector.DummyConnector</q:value>
+                </q:equal>
+                <q:equal>
+                    <q:path>connectorVersion</q:path>
+                    <q:value>2.0</q:value>
+                </q:equal>
+            </q:and>
+        </filter>
+    </connectorRef>
+    <connectorConfiguration xmlns:icfi="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/bundle/com.evolveum.icf.dummy/com.evolveum.icf.dummy.connector.DummyConnector"
+                   xmlns:icfc="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/connector-schema-3">
+
+        <icfc:configurationProperties>
+            <icfi:instanceId>inbound</icfi:instanceId>
+        </icfc:configurationProperties>
+
+    </connectorConfiguration>
+
+    <schemaHandling>
+        <objectType>
+            <kind>account</kind>
+            <intent>default</intent>
+            <objectClass>ri:AccountObjectClass</objectClass>
+            <attribute>
+                <ref>icfs:name</ref>
+                <outbound>
+                    <source>
+                        <path>name</path>
+                    </source>
+                </outbound>
+            </attribute>
+            <credentials>
+                <password>
+                    <inbound>
+                        <strength>strong</strength>
+                    </inbound>
+                </password>
+            </credentials>
+        </objectType>
+    </schemaHandling>
+</resource>