Attempt to replicate MID-3033 (can't replicate)

model/model-impl/src/test/java/com/evolveum/midpoint/model/impl/security/TestAuthenticationEvaluator.java

@@ -911,7 +911,7 @@ public void test200UserGuybrushSetPassword() throws Exception {
 		PrismObject<UserType> userAfter = getUser(USER_GUYBRUSH_OID);
 		display("user after", userAfter);
 
-		assertEncryptedPassword(userAfter, USER_GUYBRUSH_PASSWORD);
+		assertEncryptedUserPassword(userAfter, USER_GUYBRUSH_PASSWORD);
 		assertPasswordMetadata(userAfter, false, startTs, endTs, null, SchemaConstants.CHANNEL_GUI_USER_URI);
 
 		assertFailedLogins(userAfter, 0);

model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/AbstractConfiguredModelIntegrationTest.java

@@ -202,6 +202,7 @@ public class AbstractConfiguredModelIntegrationTest extends AbstractModelIntegra
 	protected static final String USER_JACK_FULL_NAME = "Jack Sparrow";
 	protected static final String USER_JACK_GIVEN_NAME = "Jack";
 	protected static final String USER_JACK_FAMILY_NAME = "Sparrow";
+	protected static final String USER_JACK_PASSWORD = "deadmentellnotales";
 
 	protected static final File USER_BARBOSSA_FILE = new File(COMMON_DIR, "user-barbossa.xml");
 	protected static final String USER_BARBOSSA_OID = "c0c010c0-d34d-b33f-f00d-111111111112";

model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/TestModelServiceContract.java

@@ -2648,7 +2648,7 @@ public void test200AddUserBlackbeardWithAccount() throws Exception {
         String accountOid = accountRefType.getOid();
         assertFalse("No accountRef oid", StringUtils.isBlank(accountOid));
 
-        assertEncryptedPassword(userBlackbeard, "QueenAnne");
+        assertEncryptedUserPassword(userBlackbeard, "QueenAnne");
         assertPasswordMetadata(userBlackbeard, true, startTime, endTime, USER_ADMINISTRATOR_OID, "http://pirates.net/avast");
 
 		// Check shadow
@@ -2732,7 +2732,7 @@ public void test210AddUserMorganWithAssignment() throws Exception {
         String accountOid = accountRefType.getOid();
         assertFalse("No accountRef oid", StringUtils.isBlank(accountOid));
 
-        assertEncryptedPassword(userMorgan, "rum");
+        assertEncryptedUserPassword(userMorgan, "rum");
         assertPasswordMetadata(userMorgan, true, startTime, endTime);
 
 		// Check shadow

model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/TestMultiResource.java

@@ -86,12 +86,18 @@ public class TestMultiResource extends AbstractInitializedModelIntegrationTest {
 	protected static final String RESOURCE_DUMMY_IVORY_NAME = "ivory";
 	protected static final String RESOURCE_DUMMY_IVORY_NAMESPACE = MidPointConstants.NS_RI;
 
-	// IVORY dummy resource has a LAX dependency on default dummy resource
+	// IVORY dummy resource has a RELAXED dependency on default dummy resource
 	protected static final File RESOURCE_DUMMY_BEIGE_FILE = new File(TEST_DIR, "resource-dummy-beige.xml");
 	protected static final String RESOURCE_DUMMY_BEIGE_OID = "10000000-0000-0000-0000-00000001b504";
 	protected static final String RESOURCE_DUMMY_BEIGE_NAME = "beige";
 	protected static final String RESOURCE_DUMMY_BEIGE_NAMESPACE = MidPointConstants.NS_RI;
 
+	// PERU dummy resource has a RELAXED dependency on YELLOW dummy resource
+	protected static final File RESOURCE_DUMMY_PERU_FILE = new File(TEST_DIR, "resource-dummy-peru.xml");
+	protected static final String RESOURCE_DUMMY_PERU_OID = "10000000-0000-0000-0000-00000001c504";
+	protected static final String RESOURCE_DUMMY_PERU_NAME = "peru";
+	protected static final String RESOURCE_DUMMY_PERU_NAMESPACE = MidPointConstants.NS_RI;
+
 	protected static final File RESOURCE_DUMMY_DAVID_FILE = new File(TEST_DIR, "resource-dummy-david.xml");
 	protected static final String RESOURCE_DUMMY_DAVID_OID = "10000000-0000-0000-0000-000000300001";
 	protected static final String RESOURCE_DUMMY_DAVID_NAME = "david";
@@ -117,6 +123,8 @@ public class TestMultiResource extends AbstractInitializedModelIntegrationTest {
 
 	private static final String USER_FIELD_NAME = "field";
 
+	private static final String USER_PASSWORD_A_CLEAR = "A"; // too short
+
 	protected static DummyResource dummyResourceLavender;
 	protected static DummyResourceContoller dummyResourceCtlLavender;
 	protected ResourceType resourceDummyLavenderType;
@@ -132,6 +140,11 @@ public class TestMultiResource extends AbstractInitializedModelIntegrationTest {
 	protected ResourceType resourceDummyBeigeType;
 	protected PrismObject<ResourceType> resourceDummyBeige;
 
+	protected static DummyResource dummyResourcePeru;
+	protected static DummyResourceContoller dummyResourceCtlPeru;
+	protected ResourceType resourceDummyPeruType;
+	protected PrismObject<ResourceType> resourceDummyPeru;
+
 	protected static DummyResource dummyResourceDavid;
 	protected static DummyResourceContoller dummyResourceCtlDavid;
 	protected PrismObject<ResourceType> resourceDummyDavid;
@@ -164,6 +177,13 @@ public void initSystem(Task initTask, OperationResult initResult) throws Excepti
 		resourceDummyBeige = importAndGetObjectFromFile(ResourceType.class, RESOURCE_DUMMY_BEIGE_FILE, RESOURCE_DUMMY_BEIGE_OID, initTask, initResult);
 		resourceDummyBeigeType = resourceDummyBeige.asObjectable();
 		dummyResourceCtlBeige.setResource(resourceDummyBeige);
+
+		dummyResourceCtlPeru = DummyResourceContoller.create(RESOURCE_DUMMY_PERU_NAME, resourceDummyPeru);
+		dummyResourceCtlPeru.extendSchemaPirate();
+		dummyResourcePeru = dummyResourceCtlPeru.getDummyResource();
+		resourceDummyPeru = importAndGetObjectFromFile(ResourceType.class, RESOURCE_DUMMY_PERU_FILE, RESOURCE_DUMMY_PERU_OID, initTask, initResult);
+		resourceDummyPeruType = resourceDummyPeru.asObjectable();
+		dummyResourceCtlPeru.setResource(resourceDummyPeru);
 
 		dummyResourceCtlDavid = DummyResourceContoller.create(RESOURCE_DUMMY_DAVID_NAME);
 		dummyResourceCtlDavid.extendSchemaPirate();
@@ -1124,6 +1144,137 @@ public void test379DeleteAccountIvory() throws Exception {
         assertNoDummyAccount(ACCOUNT_JACK_DUMMY_USERNAME, ACCOUNT_JACK_DUMMY_FULLNAME);
     }
 
+    /**
+     * Resource peru depends on resource yellow, but the dependency is relaxed.
+     * The account should be created even if we do not have yellow account yet.
+     */
+    @Test
+    public void test380AddAccountPeru() throws Exception {
+		final String TEST_NAME = "test380AddAccountPeru";
+		TestUtil.displayTestTile(TEST_NAME);
+		assumeAssignmentPolicy(AssignmentPolicyEnforcementType.NONE);
+		dummyResource.resetBreakMode();
+
+		// precondition
+		assertEncryptedUserPassword(USER_JACK_OID, USER_JACK_PASSWORD);
+
+		Task task = taskManager.createTaskInstance(TestRbac.class.getName() + "." + TEST_NAME);
+        OperationResult result = task.getResult();
+
+        ObjectDelta<UserType> userDelta = createModifyUserAddAccount(USER_JACK_OID, resourceDummyPeru);
+
+        // WHEN
+        TestUtil.displayWhen(TEST_NAME);
+        modelService.executeChanges(MiscSchemaUtil.createCollection(userDelta), null, task, result);
+
+        // THEN
+        TestUtil.displayThen(TEST_NAME);
+        result.computeStatus();
+        TestUtil.assertSuccess(result);
+
+        assertDummyAccount(RESOURCE_DUMMY_PERU_NAME, ACCOUNT_JACK_DUMMY_USERNAME, ACCOUNT_JACK_DUMMY_FULLNAME, true);
+        assertDummyPassword(RESOURCE_DUMMY_PERU_NAME, ACCOUNT_JACK_DUMMY_USERNAME, USER_JACK_PASSWORD);
+    }
+
+    @Test
+    public void test382AddAccountYellow() throws Exception {
+		final String TEST_NAME = "test382AddAccountYellow";
+		TestUtil.displayTestTile(TEST_NAME);
+		assumeAssignmentPolicy(AssignmentPolicyEnforcementType.NONE);
+
+		Task task = taskManager.createTaskInstance(TestRbac.class.getName() + "." + TEST_NAME);
+        OperationResult result = task.getResult();
+
+        ObjectDelta<UserType> userDelta = createModifyUserAddAccount(USER_JACK_OID, resourceDummyYellow);
+
+        // WHEN
+        TestUtil.displayWhen(TEST_NAME);
+        modelService.executeChanges(MiscSchemaUtil.createCollection(userDelta), null, task, result);
+
+        // THEN
+        TestUtil.displayThen(TEST_NAME);
+        result.computeStatus();
+        TestUtil.assertSuccess(result);
+
+        PrismObject<UserType> userJack = getUser(USER_JACK_OID);
+		display("User after change execution", userJack);
+		assertUserJack(userJack);
+		assertLinks(userJack, 2);
+
+        assertDummyAccount(RESOURCE_DUMMY_YELLOW_NAME, ACCOUNT_JACK_DUMMY_USERNAME, ACCOUNT_JACK_DUMMY_FULLNAME, true);
+        assertDummyPassword(RESOURCE_DUMMY_YELLOW_NAME, ACCOUNT_JACK_DUMMY_USERNAME, USER_JACK_PASSWORD);
+
+        assertDummyAccount(RESOURCE_DUMMY_PERU_NAME, ACCOUNT_JACK_DUMMY_USERNAME, ACCOUNT_JACK_DUMMY_FULLNAME, true);
+        assertDummyPassword(RESOURCE_DUMMY_PERU_NAME, ACCOUNT_JACK_DUMMY_USERNAME, USER_JACK_PASSWORD);
+    }
+
+    /**
+	 * Yellow resource has minimum password length constraint. Change password to something shorter.
+	 * There is dependency yellow<-peru. Make sure that the peru is not affected (the dependency is relaxed)
+	 * MID-3033, MID-2134
+	 */
+	@Test
+    public void test385ModifyUserJackPasswordA() throws Exception {
+		final String TEST_NAME = "test385ModifyUserJackPasswordA";
+        TestUtil.displayTestTile(this, TEST_NAME);
+
+        // GIVEN
+        Task task = taskManager.createTaskInstance(TestPassword.class.getName() + "." + TEST_NAME);
+        OperationResult result = task.getResult();
+        assumeAssignmentPolicy(AssignmentPolicyEnforcementType.NONE);
+
+		// WHEN
+        modifyUserChangePassword(USER_JACK_OID, USER_PASSWORD_A_CLEAR, task, result);
+
+		// THEN
+		result.computeStatus();
+		TestUtil.assertPartialError(result);
+
+		PrismObject<UserType> userJack = getUser(USER_JACK_OID);
+		display("User after change execution", userJack);
+		assertUserJack(userJack);
+		assertLinks(userJack, 2);
+
+        // Check account in dummy resource (yellow): password is too short for this, original password should remain there
+        assertDummyAccount(RESOURCE_DUMMY_YELLOW_NAME, ACCOUNT_JACK_DUMMY_USERNAME, ACCOUNT_JACK_DUMMY_FULLNAME, true);
+        assertDummyPassword(RESOURCE_DUMMY_YELLOW_NAME, ACCOUNT_JACK_DUMMY_USERNAME, USER_JACK_PASSWORD);
+
+        // Check account in dummy resource (peru)
+        assertDummyAccount(RESOURCE_DUMMY_PERU_NAME, ACCOUNT_JACK_DUMMY_USERNAME, ACCOUNT_JACK_DUMMY_FULLNAME, true);
+        assertDummyPassword(RESOURCE_DUMMY_PERU_NAME, ACCOUNT_JACK_DUMMY_USERNAME, USER_PASSWORD_A_CLEAR);
+
+        assertEncryptedUserPassword(userJack, USER_PASSWORD_A_CLEAR);
+	}
+
+
+    @Test
+    public void test389DeleteAccountPeru() throws Exception {
+		final String TEST_NAME = "test389DeleteAccountPeru";
+		TestUtil.displayTestTile(TEST_NAME);
+		assumeAssignmentPolicy(AssignmentPolicyEnforcementType.NONE);
+
+		Task task = taskManager.createTaskInstance(TestRbac.class.getName() + "." + TEST_NAME);
+        OperationResult result = task.getResult();
+
+        ObjectDelta<UserType> userDelta = createModifyUserDeleteAccount(USER_JACK_OID, resourceDummyPeru);
+
+        TestUtil.displayWhen(TEST_NAME);
+        modelService.executeChanges(MiscSchemaUtil.createCollection(userDelta), null, task, result);
+
+        // THEN
+        TestUtil.displayThen(TEST_NAME);
+        result.computeStatus();
+        TestUtil.assertSuccess(result);
+
+        assertNoDummyAccount(RESOURCE_DUMMY_PERU_NAME, ACCOUNT_JACK_DUMMY_USERNAME);
+
+        // just to be sure
+        assertNoDummyAccount(RESOURCE_DUMMY_LAVENDER_NAME, ACCOUNT_JACK_DUMMY_USERNAME);
+        assertNoDummyAccount(RESOURCE_DUMMY_BEIGE_NAME, ACCOUNT_JACK_DUMMY_USERNAME);
+        assertNoDummyAccount(RESOURCE_DUMMY_IVORY_NAME, ACCOUNT_JACK_DUMMY_USERNAME);
+        assertNoDummyAccount(ACCOUNT_JACK_DUMMY_USERNAME, ACCOUNT_JACK_DUMMY_FULLNAME);
+    }
+
 	@Test
     public void test400DavidAndGoliathAssignRole() throws Exception {
 		final String TEST_NAME = "test400DavidAndGoliathAssignRole";

model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/TestPassword.java

@@ -132,7 +132,7 @@ public void test050CheckJackPassword() throws Exception {
 		display("User after change execution", userJack);
 		assertUserJack(userJack, "Jack Sparrow");
 
-		assertEncryptedPassword(userJack, "deadmentellnotales");
+		assertEncryptedUserPassword(userJack, USER_JACK_PASSWORD);
 	}
 
 
@@ -163,7 +163,7 @@ public void test051ModifyUserJackPassword() throws Exception {
 		display("User after change execution", userJack);
 		assertUserJack(userJack, "Jack Sparrow");
 
-		assertEncryptedPassword(userJack, USER_PASSWORD_1_CLEAR);
+		assertEncryptedUserPassword(userJack, USER_PASSWORD_1_CLEAR);
 		assertPasswordMetadata(userJack, false, startCal, endCal);
 	}
 
@@ -263,7 +263,7 @@ public void test110ModifyUserJackPassword() throws Exception {
 		display("User after change execution", userJack);
 		assertUserJack(userJack, "Jack Sparrow");
 
-		assertEncryptedPassword(userJack, USER_PASSWORD_2_CLEAR);
+		assertEncryptedUserPassword(userJack, USER_PASSWORD_2_CLEAR);
 		assertDummyPassword(ACCOUNT_JACK_DUMMY_USERNAME, USER_PASSWORD_2_CLEAR);
 		assertPasswordMetadata(userJack, false, lastPasswordChangeStart, lastPasswordChangeEnd);
 	}
@@ -293,7 +293,7 @@ public void test111ModifyAccountJackPassword() throws Exception {
 		assertUserJack(userJack, "Jack Sparrow");
 
 		// User should still have old password
-		assertEncryptedPassword(userJack, USER_PASSWORD_2_CLEAR);
+		assertEncryptedUserPassword(userJack, USER_PASSWORD_2_CLEAR);
 		// Account has new password
 		assertDummyPassword(ACCOUNT_JACK_DUMMY_USERNAME, USER_PASSWORD_3_CLEAR);
 
@@ -341,7 +341,7 @@ public void test112ModifyJackPasswordUserAndAccount() throws Exception {
 		assertUserJack(userJack, "Jack Sparrow");
 
 		// User should still have old password
-		assertEncryptedPassword(userJack, USER_PASSWORD_4_CLEAR);
+		assertEncryptedUserPassword(userJack, USER_PASSWORD_4_CLEAR);
 		// Account has new password
 		assertDummyPassword(ACCOUNT_JACK_DUMMY_USERNAME, USER_PASSWORD_5_CLEAR);
 
@@ -380,7 +380,7 @@ public void test120ModifyUserJackAssignAccountDummyRed() throws Exception {
         assertDummyPassword(RESOURCE_DUMMY_RED_NAME, ACCOUNT_JACK_DUMMY_USERNAME, USER_PASSWORD_4_CLEAR);
 
         // User and default dummy account should have unchanged passwords
-        assertEncryptedPassword(userJack, USER_PASSWORD_4_CLEAR);
+        assertEncryptedUserPassword(userJack, USER_PASSWORD_4_CLEAR);
      	assertDummyPassword("jack", USER_PASSWORD_5_CLEAR);
 
      	assertPasswordMetadata(userJack, false, lastPasswordChangeStart, lastPasswordChangeEnd);
@@ -427,7 +427,7 @@ public void test121ModifyJackPasswordUserAndAccountRed() throws Exception {
 		assertUserJack(userJack, USER_JACK_FULL_NAME);
 
 		// User should still have old password
-		assertEncryptedPassword(userJack, USER_PASSWORD_1_CLEAR);
+		assertEncryptedUserPassword(userJack, USER_PASSWORD_1_CLEAR);
 		// Red account has the same account as user
 		assertDummyPassword(RESOURCE_DUMMY_RED_NAME, ACCOUNT_JACK_DUMMY_USERNAME, USER_PASSWORD_1_CLEAR);
 		// ... and default account has also the same password as user now. There was no other change on default dummy instance 
@@ -474,7 +474,7 @@ public void test130ModifyUserJackAssignAccountDummyYellow() throws Exception {
         assertDummyPassword(RESOURCE_DUMMY_RED_NAME, ACCOUNT_JACK_DUMMY_USERNAME, USER_PASSWORD_1_CLEAR);
 
         // User and default dummy account should have unchanged passwords
-        assertEncryptedPassword(userJack, USER_PASSWORD_1_CLEAR);
+        assertEncryptedUserPassword(userJack, USER_PASSWORD_1_CLEAR);
      	assertDummyPassword(ACCOUNT_JACK_DUMMY_USERNAME, USER_PASSWORD_1_CLEAR);
 
      	assertPasswordMetadata(userJack, false, lastPasswordChangeStart, lastPasswordChangeEnd);
@@ -516,18 +516,12 @@ public void test132ModifyUserJackPasswordA() throws Exception {
         assertDummyPassword(RESOURCE_DUMMY_RED_NAME, ACCOUNT_JACK_DUMMY_USERNAME, USER_PASSWORD_A_CLEAR);
 
         // User and default dummy account should have unchanged passwords
-        assertEncryptedPassword(userJack, USER_PASSWORD_A_CLEAR);
+        assertEncryptedUserPassword(userJack, USER_PASSWORD_A_CLEAR);
      	assertDummyPassword(ACCOUNT_JACK_DUMMY_USERNAME, USER_PASSWORD_A_CLEAR);
 	}
 
 	private void assertDummyPassword(String userId, String expectedClearPassword) {
 		assertDummyPassword(null, userId, expectedClearPassword);
 	}
 
-	private void assertDummyPassword(String instance, String userId, String expectedClearPassword) {
-		DummyAccount account = getDummyAccount(instance, userId);
-		assertNotNull("No dummy account "+userId, account);
-		assertEquals("Wrong password in dummy '"+instance+"' account "+userId, expectedClearPassword, account.getPassword());
-	}
-
 }

model/model-intest/src/test/resources/multi/resource-dummy-beige.xml

@@ -16,7 +16,7 @@
   -->
 
 <!-- IVORY dummy resource for testing. It is used in multi-resource tests.
-      Similar to yellow resource but it has only lax dependency on default dummy resource. -->
+      Similar to lavender resource but it has only relaxed dependency on default dummy resource. -->
 
 <resource oid="10000000-0000-0000-0000-00000001b504"
 		  xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3"

model/model-intest/src/test/resources/multi/resource-dummy-ivory.xml

@@ -16,7 +16,7 @@
   -->
 
 <!-- IVORY dummy resource for testing. It is used in multi-resource tests.
-      Similar to yellow resource but it has only lax dependency on default dummy resource. -->
+      Similar to lavender resource but it has only lax dependency on default dummy resource. -->
 
 <resource oid="10000000-0000-0000-0000-000000011504"
 		  xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3"