From 5e0de68cdb4f25988e16330fa10b61106bada768 Mon Sep 17 00:00:00 2001 From: Paul Warren Date: Mon, 16 Nov 2015 17:04:15 -0800 Subject: [PATCH] Move IdentityZone model into the payload JAR [#107504490] https://www.pivotaltracker.com/story/show/107504490 --- .../identity/uaa/authentication/Origin.java | 9 - .../authentication/SessionResetFilter.java | 3 +- .../login/LoginInfoEndpoint.java | 18 +- .../login/RemoteAuthenticationEndpoint.java | 8 +- .../manager/AuthzAuthenticationManager.java | 4 +- .../manager/LoginAuthenticationManager.java | 6 +- .../manager/PeriodLockoutPolicy.java | 4 +- .../uaa/config/IdentityProviderBootstrap.java | 23 +- .../uaa/db/BootstrapIdentityZones.java | 6 +- .../login/PasscodeAuthenticationFilter.java | 8 +- .../login/saml/ProviderChangedListener.java | 5 +- .../login/saml/ZoneAwareMetadataManager.java | 4 +- .../identity/uaa/oauth/AccessController.java | 3 +- .../oauth/ClientAdminEndpointsValidator.java | 5 +- .../ZoneEndpointsClientDetailsValidator.java | 4 +- .../identity/uaa/user/UaaUserEditor.java | 4 +- .../identity/uaa/util/DomainFilter.java | 2 +- .../DisableInternalUserManagementFilter.java | 4 +- .../DisableUserManagementSecurityFilter.java | 4 +- .../identity/uaa/zone/IdentityProvider.java | 13 +- .../uaa/zone/IdentityZoneEndpoints.java | 49 +++- .../JdbcIdentityProviderProvisioning.java | 13 +- .../SessionResetFilterTests.java | 12 +- .../login/LoginInfoEndpointTests.java | 6 +- .../RemoteAuthenticationEndpointTests.java | 4 +- .../AuthzAuthenticationManagerTests.java | 34 +-- ...ckIdpEnabledAuthenticationManagerTest.java | 8 +- .../LdapLoginAuthenticationManagerTests.java | 10 +- .../LoginAuthenticationManagerTests.java | 16 +- .../manager/PeriodLockoutPolicyTests.java | 4 +- .../config/IdentityProviderBootstrapTest.java | 86 +++---- .../uaa/oauth/CheckTokenEndpointTests.java | 14 +- .../UaaAuthorizationRequestManagerTests.java | 4 +- ...eEndpointsClientDetailsValidatorTests.java | 8 +- .../oauth/expression/IsUserSelfCheckTest.java | 6 +- .../oauth/token/UaaTokenServicesTests.java | 28 +-- .../uaa/oauth/token/UaaTokenStoreTests.java | 4 +- .../uaa/openid/UserInfoEndpointTests.java | 4 +- .../DefaultSecurityContextAccessorTests.java | 8 +- .../identity/uaa/test/TestAccountSetup.java | 4 +- .../identity/uaa/test/UaaTestAccounts.java | 4 +- .../user/InMemoryUaaUserDatabaseTests.java | 10 +- .../uaa/user/JdbcUaaUserDatabaseTests.java | 18 +- .../uaa/user/MockUaaUserDatabase.java | 6 +- .../identity/uaa/user/UaaUserTestFactory.java | 7 +- .../identity/uaa/util/DomainFilterTest.java | 12 +- .../uaa/zone/IdentityProviderTests.java | 237 ------------------ ...JdbcIdentityProviderProvisioningTests.java | 5 +- ...DynamicZoneAwareAuthenticationManager.java | 6 +- .../invitations/InvitationsController.java | 12 +- .../uaa/invitations/InvitationsEndpoint.java | 2 +- .../uaa/login/AbstractControllerInfo.java | 6 +- .../uaa/login/AccountsController.java | 4 +- .../login/AutologinAuthenticationManager.java | 7 +- .../uaa/login/ChangeEmailController.java | 4 +- .../login/EmailAccountCreationService.java | 6 +- .../uaa/login/EmailChangeEmailService.java | 4 +- .../uaa/login/EmailInvitationsService.java | 4 +- .../uaa/login/LoginUaaApprovalsService.java | 4 +- .../identity/uaa/login/ProfileController.java | 4 +- .../uaa/login/ResetPasswordController.java | 4 +- .../uaa/login/RestUaaApprovalsService.java | 4 +- .../saml/LoginSamlAuthenticationProvider.java | 10 +- .../uaa/login/util/LocalUaaRestTemplate.java | 4 +- .../uaa/zone/IdentityProviderEndpoints.java | 6 +- .../InvitationsControllerTest.java | 18 +- .../AutologinAuthenticationManagerTest.java | 15 +- .../uaa/login/ChangeEmailControllerTest.java | 10 +- .../EmailAccountCreationServiceTests.java | 4 +- .../login/EmailInvitationsServiceTests.java | 8 +- .../uaa/login/ProfileControllerTests.java | 8 +- .../uaa/login/util/SecurityUtils.java | 7 +- payload/build.gradle | 6 +- .../uaa/config/IdentityZoneConfiguration.java | 0 .../identity/uaa/config/KeyPair.java | 7 + .../identity/uaa/config/KeyPairsMap.java | 0 .../identity/uaa/config/SamlConfig.java | 0 .../identity/uaa/config/TokenPolicy.java | 0 .../identity/uaa/constants/OriginKeys.java | 32 +++ .../identity/uaa/zone/IdentityZone.java | 11 +- .../LdapGroupMappingAuthorizationManager.java | 6 +- .../uaa/login/UaaResetPasswordService.java | 7 +- .../identity/uaa/scim/ScimGroupMember.java | 4 +- .../uaa/scim/ScimUserJsonDeserializer.java | 4 +- .../bootstrap/ScimExternalGroupBootstrap.java | 4 +- .../uaa/scim/bootstrap/ScimUserBootstrap.java | 10 +- .../scim/endpoints/ChangeEmailEndpoints.java | 4 +- .../scim/endpoints/PasswordResetEndpoint.java | 5 +- .../scim/endpoints/ScimGroupEndpoints.java | 12 +- .../endpoints/UserIdConversionEndpoints.java | 4 +- .../scim/jdbc/JdbcScimUserProvisioning.java | 8 +- .../validate/UaaPasswordPolicyValidator.java | 4 +- .../ScimExternalGroupBootstrapTests.java | 53 ++-- .../bootstrap/ScimUserBootstrapTests.java | 8 +- .../endpoints/ChangeEmailEndpointsTest.java | 6 +- .../endpoints/PasswordResetEndpointTest.java | 20 +- .../endpoints/ScimGroupEndpointsTests.java | 4 +- ...imGroupExternalMembershipManagerTests.java | 12 +- .../JdbcScimGroupMembershipManagerTests.java | 23 +- .../jdbc/JdbcScimUserProvisioningTests.java | 11 +- .../UaaPasswordPolicyValidatorTests.java | 6 +- shared_versions.gradle | 1 + uaa/src/main/resources/messages.properties | 3 + ...micZoneAwareAuthenticationManagerTest.java | 40 +-- .../uaa/db/TestZonifyGroupSchema_V2_4_1.java | 13 +- ...IdentityZoneEndpointsIntegrationTests.java | 6 +- .../uaa/integration/LdapIntegationTests.java | 10 +- .../LoginServerSecurityIntegrationTests.java | 14 +- .../RemoteAuthenticationEndpointTests.java | 16 +- .../integration/feature/InvitationsIT.java | 12 +- .../uaa/integration/feature/SamlLoginIT.java | 20 +- .../util/IntegrationTestUtils.java | 10 +- .../InvitationsEndpointMockMvcTests.java | 10 +- .../login/AccountsControllerMockMvcTests.java | 14 +- .../identity/uaa/login/BootstrapTests.java | 4 +- .../login/InvitationsServiceMockMvcTests.java | 28 +-- .../identity/uaa/login/LoginMockMvcTests.java | 16 +- .../uaa/login/PasscodeMockMvcTests.java | 4 +- .../ResetPasswordControllerMockMvcTests.java | 6 +- .../LoginSamlAuthenticationProviderTests.java | 30 +-- .../saml/SamlIDPRefreshMockMvcTests.java | 8 +- .../uaa/mock/ldap/LdapMockMvcTests.java | 56 ++--- .../uaa/mock/token/TokenMvcMockTests.java | 110 ++++---- .../identity/uaa/mock/util/MockMvcUtils.java | 14 +- ...IdentityProviderEndpointsMockMvcTests.java | 15 +- .../IdentityZoneEndpointsMockMvcTests.java | 63 +++-- .../PasswordResetEndpointMockMvcTests.java | 4 +- .../ScimGroupEndpointsMockMvcTests.java | 4 +- .../endpoints/ScimUserLookupMockMvcTests.java | 4 +- 129 files changed, 788 insertions(+), 937 deletions(-) delete mode 100644 common/src/test/java/org/cloudfoundry/identity/uaa/zone/IdentityProviderTests.java rename {common => payload}/src/main/java/org/cloudfoundry/identity/uaa/config/IdentityZoneConfiguration.java (100%) rename {common => payload}/src/main/java/org/cloudfoundry/identity/uaa/config/KeyPair.java (92%) rename {common => payload}/src/main/java/org/cloudfoundry/identity/uaa/config/KeyPairsMap.java (100%) rename {common => payload}/src/main/java/org/cloudfoundry/identity/uaa/config/SamlConfig.java (100%) rename {common => payload}/src/main/java/org/cloudfoundry/identity/uaa/config/TokenPolicy.java (100%) create mode 100644 payload/src/main/java/org/cloudfoundry/identity/uaa/constants/OriginKeys.java rename {common => payload}/src/main/java/org/cloudfoundry/identity/uaa/zone/IdentityZone.java (93%) diff --git a/common/src/main/java/org/cloudfoundry/identity/uaa/authentication/Origin.java b/common/src/main/java/org/cloudfoundry/identity/uaa/authentication/Origin.java index 45392999eb..12c3af8776 100644 --- a/common/src/main/java/org/cloudfoundry/identity/uaa/authentication/Origin.java +++ b/common/src/main/java/org/cloudfoundry/identity/uaa/authentication/Origin.java @@ -21,15 +21,6 @@ public class Origin { - public static final String ORIGIN = "origin"; - public static final String UAA = "uaa"; - public static final String LOGIN_SERVER = "login-server"; - public static final String LDAP = "ldap"; - public static final String KEYSTONE = "keystone"; - public static final String SAML = "saml"; - public static final String NotANumber = "NaN"; - public static final String UNKNOWN = "unknown"; - public static String getUserId(Authentication authentication) { String id; if (authentication.getPrincipal() instanceof UaaPrincipal) { diff --git a/common/src/main/java/org/cloudfoundry/identity/uaa/authentication/SessionResetFilter.java b/common/src/main/java/org/cloudfoundry/identity/uaa/authentication/SessionResetFilter.java index 86b58d9aca..5933ec2de3 100644 --- a/common/src/main/java/org/cloudfoundry/identity/uaa/authentication/SessionResetFilter.java +++ b/common/src/main/java/org/cloudfoundry/identity/uaa/authentication/SessionResetFilter.java @@ -17,6 +17,7 @@ import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; +import org.cloudfoundry.identity.uaa.constants.OriginKeys; import org.cloudfoundry.identity.uaa.user.UaaUser; import org.cloudfoundry.identity.uaa.user.UaaUserDatabase; import org.springframework.security.core.context.SecurityContext; @@ -57,7 +58,7 @@ protected void doFilterInternal(HttpServletRequest request, HttpServletResponse if (context!=null && context.getAuthentication()!=null && context.getAuthentication() instanceof UaaAuthentication) { UaaAuthentication authentication = (UaaAuthentication)context.getAuthentication(); if (authentication.isAuthenticated() && - Origin.UAA.equals(authentication.getPrincipal().getOrigin()) && + OriginKeys.UAA.equals(authentication.getPrincipal().getOrigin()) && null != request.getSession(false)) { boolean redirect = false; diff --git a/common/src/main/java/org/cloudfoundry/identity/uaa/authentication/login/LoginInfoEndpoint.java b/common/src/main/java/org/cloudfoundry/identity/uaa/authentication/login/LoginInfoEndpoint.java index ff7a26591f..c1684da134 100644 --- a/common/src/main/java/org/cloudfoundry/identity/uaa/authentication/login/LoginInfoEndpoint.java +++ b/common/src/main/java/org/cloudfoundry/identity/uaa/authentication/login/LoginInfoEndpoint.java @@ -13,13 +13,13 @@ package org.cloudfoundry.identity.uaa.authentication.login; import org.cloudfoundry.identity.uaa.authentication.AuthzAuthenticationRequest; -import org.cloudfoundry.identity.uaa.authentication.Origin; import org.cloudfoundry.identity.uaa.authentication.UaaAuthentication; import org.cloudfoundry.identity.uaa.authentication.UaaPrincipal; import org.cloudfoundry.identity.uaa.client.ClientConstants; import org.cloudfoundry.identity.uaa.codestore.ExpiringCode; import org.cloudfoundry.identity.uaa.codestore.ExpiringCodeStore; import org.cloudfoundry.identity.uaa.codestore.ExpiringCodeType; +import org.cloudfoundry.identity.uaa.constants.OriginKeys; import org.cloudfoundry.identity.uaa.login.AutologinRequest; import org.cloudfoundry.identity.uaa.login.AutologinResponse; import org.cloudfoundry.identity.uaa.login.PasscodeInformation; @@ -81,7 +81,7 @@ @Controller public class LoginInfoEndpoint { - public static final String NotANumber = Origin.NotANumber; + public static final String NotANumber = OriginKeys.NotANumber; public static final String CREATE_ACCOUNT_LINK = "createAccountLink"; public static final String FORGOT_PASSWORD_LINK = "forgotPasswordLink"; public static final String LINK_CREATE_ACCOUNT_SHOW = "linkCreateAccountShow"; @@ -226,9 +226,9 @@ private String login(Model model, Principal principal, List excludedProm boolean fieldUsernameShow = true; if (allowedIdps==null || - allowedIdps.contains(Origin.LDAP) || - allowedIdps.contains(Origin.UAA) || - allowedIdps.contains(Origin.KEYSTONE)) { + allowedIdps.contains(OriginKeys.LDAP) || + allowedIdps.contains(OriginKeys.UAA) || + allowedIdps.contains(OriginKeys.KEYSTONE)) { fieldUsernameShow = true; } else if (idps!=null && idps.size()==1) { String url = SamlRedirectUtils.getIdpRedirectUrl(idps.get(0), entityID); @@ -237,7 +237,7 @@ private String login(Model model, Principal principal, List excludedProm fieldUsernameShow = false; } boolean linkCreateAccountShow = fieldUsernameShow; - if (fieldUsernameShow && (allowedIdps!=null && !allowedIdps.contains(Origin.UAA))) { + if (fieldUsernameShow && (allowedIdps!=null && !allowedIdps.contains(OriginKeys.UAA))) { linkCreateAccountShow = false; } String zonifiedEntityID = getZonifiedEntityId(); @@ -378,7 +378,7 @@ public AutologinResponse generateAutologinCode(@RequestBody AutologinRequest req UaaPrincipal p = (UaaPrincipal)userAuthentication.getPrincipal(); if (p!=null) { codeData.put("user_id", p.getId()); - codeData.put(Origin.ORIGIN, p.getOrigin()); + codeData.put(OriginKeys.ORIGIN, p.getOrigin()); } } ExpiringCode expiringCode = expiringCodeStore.generateCode(JsonUtils.writeValueAsString(codeData), new Timestamp(System.currentTimeMillis() + 5 * 60 * 1000)); @@ -442,11 +442,11 @@ protected ExpiringCode doGenerateCode(Object o) throws IOException { protected Map getLinksInfo() { Map model = new HashMap<>(); - model.put(Origin.UAA, getUaaBaseUrl()); + model.put(OriginKeys.UAA, getUaaBaseUrl()); if (getBaseUrl().contains("localhost:")) { model.put("login", getUaaBaseUrl()); } else { - model.put("login", getUaaBaseUrl().replaceAll(Origin.UAA, "login")); + model.put("login", getUaaBaseUrl().replaceAll(OriginKeys.UAA, "login")); } if (selfServiceLinksEnabled && !disableInternalUserManagement) { model.put(CREATE_ACCOUNT_LINK, "/create_account"); diff --git a/common/src/main/java/org/cloudfoundry/identity/uaa/authentication/login/RemoteAuthenticationEndpoint.java b/common/src/main/java/org/cloudfoundry/identity/uaa/authentication/login/RemoteAuthenticationEndpoint.java index d99d1c3286..4ab0cc7a9f 100644 --- a/common/src/main/java/org/cloudfoundry/identity/uaa/authentication/login/RemoteAuthenticationEndpoint.java +++ b/common/src/main/java/org/cloudfoundry/identity/uaa/authentication/login/RemoteAuthenticationEndpoint.java @@ -22,9 +22,9 @@ import org.apache.commons.logging.LogFactory; import org.cloudfoundry.identity.uaa.authentication.AccountNotVerifiedException; import org.cloudfoundry.identity.uaa.authentication.AuthzAuthenticationRequest; -import org.cloudfoundry.identity.uaa.authentication.Origin; import org.cloudfoundry.identity.uaa.authentication.UaaAuthenticationDetails; import org.cloudfoundry.identity.uaa.authentication.UaaPrincipal; +import org.cloudfoundry.identity.uaa.constants.OriginKeys; import org.springframework.http.HttpEntity; import org.springframework.http.HttpStatus; import org.springframework.http.ResponseEntity; @@ -100,7 +100,7 @@ public HttpEntity> authenticate(HttpServletRequest request, @ResponseBody public HttpEntity> authenticate(HttpServletRequest request, @RequestParam(value = "username", required = true) String username, - @RequestParam(value = Origin.ORIGIN, required = true) String origin, + @RequestParam(value = OriginKeys.ORIGIN, required = true) String origin, @RequestParam(value = "email", required = false) String email) { Map responseBody = new HashMap<>(); HttpStatus status = HttpStatus.UNAUTHORIZED; @@ -112,7 +112,7 @@ public HttpEntity> authenticate(HttpServletRequest request, Map userInfo = new HashMap<>(); userInfo.put("username", username); - userInfo.put(Origin.ORIGIN, origin); + userInfo.put(OriginKeys.ORIGIN, origin); if (StringUtils.hasText(email)) { userInfo.put("email", email); } @@ -138,7 +138,7 @@ private void processAdditionalInformation(Map responseBody, Auth if (hasClientOauth2Authentication()) { UaaPrincipal principal = getPrincipal(a); if (principal!=null) { - responseBody.put(Origin.ORIGIN, principal.getOrigin()); + responseBody.put(OriginKeys.ORIGIN, principal.getOrigin()); responseBody.put("user_id", principal.getId()); } } diff --git a/common/src/main/java/org/cloudfoundry/identity/uaa/authentication/manager/AuthzAuthenticationManager.java b/common/src/main/java/org/cloudfoundry/identity/uaa/authentication/manager/AuthzAuthenticationManager.java index e462844c40..5d17b44916 100644 --- a/common/src/main/java/org/cloudfoundry/identity/uaa/authentication/manager/AuthzAuthenticationManager.java +++ b/common/src/main/java/org/cloudfoundry/identity/uaa/authentication/manager/AuthzAuthenticationManager.java @@ -16,7 +16,6 @@ import org.apache.commons.logging.LogFactory; import org.cloudfoundry.identity.uaa.authentication.AccountNotVerifiedException; import org.cloudfoundry.identity.uaa.authentication.AuthenticationPolicyRejectionException; -import org.cloudfoundry.identity.uaa.authentication.Origin; import org.cloudfoundry.identity.uaa.authentication.PasswordExpiredException; import org.cloudfoundry.identity.uaa.authentication.UaaAuthentication; import org.cloudfoundry.identity.uaa.authentication.UaaAuthenticationDetails; @@ -25,6 +24,7 @@ import org.cloudfoundry.identity.uaa.authentication.event.UserAuthenticationFailureEvent; import org.cloudfoundry.identity.uaa.authentication.event.UserAuthenticationSuccessEvent; import org.cloudfoundry.identity.uaa.authentication.event.UserNotFoundEvent; +import org.cloudfoundry.identity.uaa.constants.OriginKeys; import org.cloudfoundry.identity.uaa.user.UaaUser; import org.cloudfoundry.identity.uaa.user.UaaUserDatabase; import org.cloudfoundry.identity.uaa.util.ObjectUtils; @@ -163,7 +163,7 @@ public Authentication authenticate(Authentication req) throws AuthenticationExce protected int getPasswordExpiresInMonths() { int result = 0; - IdentityProvider provider = providerProvisioning.retrieveByOrigin(Origin.UAA, IdentityZoneHolder.get().getId()); + IdentityProvider provider = providerProvisioning.retrieveByOrigin(OriginKeys.UAA, IdentityZoneHolder.get().getId()); if (provider!=null) { UaaIdentityProviderDefinition idpDefinition = ObjectUtils.castInstance(provider.getConfig(),UaaIdentityProviderDefinition.class); if (idpDefinition!=null) { diff --git a/common/src/main/java/org/cloudfoundry/identity/uaa/authentication/manager/LoginAuthenticationManager.java b/common/src/main/java/org/cloudfoundry/identity/uaa/authentication/manager/LoginAuthenticationManager.java index 2e89fbc1ec..276583d38e 100644 --- a/common/src/main/java/org/cloudfoundry/identity/uaa/authentication/manager/LoginAuthenticationManager.java +++ b/common/src/main/java/org/cloudfoundry/identity/uaa/authentication/manager/LoginAuthenticationManager.java @@ -15,11 +15,11 @@ import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.cloudfoundry.identity.uaa.authentication.AuthzAuthenticationRequest; -import org.cloudfoundry.identity.uaa.authentication.Origin; import org.cloudfoundry.identity.uaa.authentication.UaaAuthentication; import org.cloudfoundry.identity.uaa.authentication.UaaAuthenticationDetails; import org.cloudfoundry.identity.uaa.authentication.UaaPrincipal; import org.cloudfoundry.identity.uaa.authentication.event.UserAuthenticationSuccessEvent; +import org.cloudfoundry.identity.uaa.constants.OriginKeys; import org.cloudfoundry.identity.uaa.user.UaaAuthority; import org.cloudfoundry.identity.uaa.user.UaaUser; import org.cloudfoundry.identity.uaa.user.UaaUserDatabase; @@ -41,7 +41,7 @@ import java.util.Map; public class LoginAuthenticationManager implements AuthenticationManager, ApplicationEventPublisherAware { - public static final String NotANumber = Origin.NotANumber; + public static final String NotANumber = OriginKeys.NotANumber; private final Log logger = LogFactory.getLog(getClass()); @@ -127,7 +127,7 @@ protected UaaUser getUser(AuthzAuthenticationRequest req, Map in String name = req.getName(); String email = info.get("email"); String userId = info.get("user_id")!=null?info.get("user_id"):NotANumber; - String origin = info.get(Origin.ORIGIN)!=null?info.get(Origin.ORIGIN):Origin.LOGIN_SERVER; + String origin = info.get(OriginKeys.ORIGIN)!=null?info.get(OriginKeys.ORIGIN): OriginKeys.LOGIN_SERVER; if (name == null && email != null) { name = email; diff --git a/common/src/main/java/org/cloudfoundry/identity/uaa/authentication/manager/PeriodLockoutPolicy.java b/common/src/main/java/org/cloudfoundry/identity/uaa/authentication/manager/PeriodLockoutPolicy.java index e5044d51cb..4fde946092 100644 --- a/common/src/main/java/org/cloudfoundry/identity/uaa/authentication/manager/PeriodLockoutPolicy.java +++ b/common/src/main/java/org/cloudfoundry/identity/uaa/authentication/manager/PeriodLockoutPolicy.java @@ -17,8 +17,8 @@ import org.cloudfoundry.identity.uaa.audit.AuditEvent; import org.cloudfoundry.identity.uaa.audit.AuditEventType; import org.cloudfoundry.identity.uaa.audit.UaaAuditService; -import org.cloudfoundry.identity.uaa.authentication.Origin; import org.cloudfoundry.identity.uaa.config.LockoutPolicy; +import org.cloudfoundry.identity.uaa.constants.OriginKeys; import org.cloudfoundry.identity.uaa.user.UaaUser; import org.cloudfoundry.identity.uaa.util.ObjectUtils; import org.cloudfoundry.identity.uaa.zone.IdentityProvider; @@ -107,7 +107,7 @@ public void setLockoutPolicy(LockoutPolicy lockoutPolicy) { } private LockoutPolicy getLockoutPolicyFromDb() { - IdentityProvider idp = providerProvisioning.retrieveByOrigin(Origin.UAA, IdentityZoneHolder.get().getId()); + IdentityProvider idp = providerProvisioning.retrieveByOrigin(OriginKeys.UAA, IdentityZoneHolder.get().getId()); UaaIdentityProviderDefinition idpDefinition = ObjectUtils.castInstance(idp.getConfig(),UaaIdentityProviderDefinition.class); if (idpDefinition != null && idpDefinition.getLockoutPolicy() !=null ) { return idpDefinition.getLockoutPolicy(); diff --git a/common/src/main/java/org/cloudfoundry/identity/uaa/config/IdentityProviderBootstrap.java b/common/src/main/java/org/cloudfoundry/identity/uaa/config/IdentityProviderBootstrap.java index 8d6b390a27..2dd6f600e9 100644 --- a/common/src/main/java/org/cloudfoundry/identity/uaa/config/IdentityProviderBootstrap.java +++ b/common/src/main/java/org/cloudfoundry/identity/uaa/config/IdentityProviderBootstrap.java @@ -13,6 +13,7 @@ package org.cloudfoundry.identity.uaa.config; +import org.cloudfoundry.identity.uaa.constants.OriginKeys; import org.cloudfoundry.identity.uaa.AbstractIdentityProviderDefinition; import org.cloudfoundry.identity.uaa.KeystoneIdentityProviderDefinition; import org.cloudfoundry.identity.uaa.authentication.Origin; @@ -71,7 +72,7 @@ protected void addSamlProviders() { } for (SamlIdentityProviderDefinition def : configurator.getIdentityProviderDefinitions()) { IdentityProvider provider = new IdentityProvider(); - provider.setType(Origin.SAML); + provider.setType(OriginKeys.SAML); provider.setOriginKey(def.getIdpEntityAlias()); provider.setName("UAA SAML Identity Provider["+provider.getOriginKey()+"]"); provider.setActive(true); @@ -89,12 +90,12 @@ public void setLdapConfig(HashMap ldapConfig) { } protected void addLdapProvider() { - boolean ldapProfile = Arrays.asList(environment.getActiveProfiles()).contains(Origin.LDAP); + boolean ldapProfile = Arrays.asList(environment.getActiveProfiles()).contains(OriginKeys.LDAP); if (ldapConfig != null || ldapProfile) { IdentityProvider provider = new IdentityProvider(); provider.setActive(ldapProfile); - provider.setOriginKey(Origin.LDAP); - provider.setType(Origin.LDAP); + provider.setOriginKey(OriginKeys.LDAP); + provider.setType(OriginKeys.LDAP); provider.setName("UAA LDAP Provider"); Map ldap = new HashMap<>(); ldap.put(LDAP, ldapConfig); @@ -144,12 +145,12 @@ protected AbstractIdentityProviderDefinition getKeystoneDefinition(Map originMap = new HashMap(); Set origins = new LinkedHashSet(); - origins.addAll(Arrays.asList(new String[] {Origin.UAA,Origin.LOGIN_SERVER,Origin.LDAP,Origin.KEYSTONE})); + origins.addAll(Arrays.asList(new String[] {OriginKeys.UAA, OriginKeys.LOGIN_SERVER, OriginKeys.LDAP, OriginKeys.KEYSTONE})); origins.addAll(jdbcTemplate.queryForList("SELECT DISTINCT origin from users", String.class)); for (String origin : origins) { String identityProviderId = UUID.randomUUID().toString(); @@ -33,7 +33,7 @@ public void migrate(JdbcTemplate jdbcTemplate) throws Exception { jdbcTemplate.update("update oauth_client_details set identity_zone_id = ?",uaa.getId()); List clientIds = jdbcTemplate.queryForList("SELECT client_id from oauth_client_details", String.class); for (String clientId : clientIds) { - jdbcTemplate.update("insert into client_idp values (?,?) ",clientId,originMap.get(Origin.UAA)); + jdbcTemplate.update("insert into client_idp values (?,?) ",clientId,originMap.get(OriginKeys.UAA)); } jdbcTemplate.update("update users set identity_provider_id = (select id from identity_provider where identity_provider.origin_key = users.origin), identity_zone_id = (select identity_zone_id from identity_provider where identity_provider.origin_key = users.origin);"); jdbcTemplate.update("update group_membership set identity_provider_id = (select id from identity_provider where identity_provider.origin_key = group_membership.origin);"); diff --git a/common/src/main/java/org/cloudfoundry/identity/uaa/login/PasscodeAuthenticationFilter.java b/common/src/main/java/org/cloudfoundry/identity/uaa/login/PasscodeAuthenticationFilter.java index 40f4dc96b1..d7f5b3ea3a 100644 --- a/common/src/main/java/org/cloudfoundry/identity/uaa/login/PasscodeAuthenticationFilter.java +++ b/common/src/main/java/org/cloudfoundry/identity/uaa/login/PasscodeAuthenticationFilter.java @@ -32,12 +32,10 @@ import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.cloudfoundry.identity.uaa.authentication.BackwardsCompatibleTokenEndpointAuthenticationFilter; -import org.cloudfoundry.identity.uaa.authentication.Origin; import org.cloudfoundry.identity.uaa.authentication.UaaPrincipal; -import org.cloudfoundry.identity.uaa.client.SocialClientUserDetails; import org.cloudfoundry.identity.uaa.codestore.ExpiringCode; import org.cloudfoundry.identity.uaa.codestore.ExpiringCodeStore; -import org.cloudfoundry.identity.uaa.user.UaaAuthority; +import org.cloudfoundry.identity.uaa.constants.OriginKeys; import org.cloudfoundry.identity.uaa.user.UaaUser; import org.cloudfoundry.identity.uaa.user.UaaUserDatabase; import org.cloudfoundry.identity.uaa.util.JsonUtils; @@ -224,7 +222,7 @@ public Authentication authenticate(Authentication authentication) throws Authent PasscodeHttpServletRequest pcRequest = (PasscodeHttpServletRequest)expiringCodeAuthentication.getRequest(); //pcRequest.addParameter("user_id", new String[] {pi.getUserId()}); pcRequest.addParameter("username", new String[] {pi.getUsername()}); - pcRequest.addParameter(Origin.ORIGIN, new String[] {pi.getOrigin()}); + pcRequest.addParameter(OriginKeys.ORIGIN, new String[] {pi.getOrigin()}); return result; } @@ -282,4 +280,4 @@ public void destroy() { public void setParameterNames(List parameterNames) { this.parameterNames = parameterNames; } -} \ No newline at end of file +} diff --git a/common/src/main/java/org/cloudfoundry/identity/uaa/login/saml/ProviderChangedListener.java b/common/src/main/java/org/cloudfoundry/identity/uaa/login/saml/ProviderChangedListener.java index 31542b568a..71d0273bd7 100644 --- a/common/src/main/java/org/cloudfoundry/identity/uaa/login/saml/ProviderChangedListener.java +++ b/common/src/main/java/org/cloudfoundry/identity/uaa/login/saml/ProviderChangedListener.java @@ -16,7 +16,8 @@ import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; -import org.cloudfoundry.identity.uaa.authentication.Origin; +import org.cloudfoundry.identity.uaa.constants.OriginKeys; +import org.cloudfoundry.identity.uaa.util.JsonUtils; import org.cloudfoundry.identity.uaa.util.ObjectUtils; import org.cloudfoundry.identity.uaa.zone.IdentityProvider; import org.cloudfoundry.identity.uaa.zone.IdentityZone; @@ -46,7 +47,7 @@ public void onApplicationEvent(IdentityProviderModifiedEvent event) { return; } IdentityProvider eventProvider = (IdentityProvider)event.getSource(); - if (Origin.SAML.equals(eventProvider.getType())) { + if (OriginKeys.SAML.equals(eventProvider.getType())) { IdentityProvider provider = (IdentityProvider)eventProvider; IdentityZone zone = zoneProvisioning.retrieve(provider.getIdentityZoneId()); ZoneAwareMetadataManager.ExtensionMetadataManager manager = metadataManager.getManager(zone); diff --git a/common/src/main/java/org/cloudfoundry/identity/uaa/login/saml/ZoneAwareMetadataManager.java b/common/src/main/java/org/cloudfoundry/identity/uaa/login/saml/ZoneAwareMetadataManager.java index d6886ffdc0..6fdf342977 100644 --- a/common/src/main/java/org/cloudfoundry/identity/uaa/login/saml/ZoneAwareMetadataManager.java +++ b/common/src/main/java/org/cloudfoundry/identity/uaa/login/saml/ZoneAwareMetadataManager.java @@ -16,7 +16,7 @@ import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; -import org.cloudfoundry.identity.uaa.authentication.Origin; +import org.cloudfoundry.identity.uaa.constants.OriginKeys; import org.cloudfoundry.identity.uaa.util.JsonUtils; import org.cloudfoundry.identity.uaa.zone.IdentityProvider; import org.cloudfoundry.identity.uaa.zone.IdentityProviderProvisioning; @@ -129,7 +129,7 @@ protected void refreshAllProviders(boolean ignoreTimestamp) throws MetadataProvi ExtensionMetadataManager manager = getManager(zone); boolean hasChanges = false; for (IdentityProvider provider : providerDao.retrieveAll(false,zone.getId())) { - if (Origin.SAML.equals(provider.getType()) && (ignoreTimestamp || lastRefresh < provider.getLastModified().getTime())) { + if (OriginKeys.SAML.equals(provider.getType()) && (ignoreTimestamp || lastRefresh < provider.getLastModified().getTime())) { try { SamlIdentityProviderDefinition definition = (SamlIdentityProviderDefinition)provider.getConfig(); try { diff --git a/common/src/main/java/org/cloudfoundry/identity/uaa/oauth/AccessController.java b/common/src/main/java/org/cloudfoundry/identity/uaa/oauth/AccessController.java index 2cb1de1d3f..13164607fa 100755 --- a/common/src/main/java/org/cloudfoundry/identity/uaa/oauth/AccessController.java +++ b/common/src/main/java/org/cloudfoundry/identity/uaa/oauth/AccessController.java @@ -29,6 +29,7 @@ import org.apache.commons.logging.LogFactory; import org.cloudfoundry.identity.uaa.authentication.Origin; import org.cloudfoundry.identity.uaa.client.ClientConstants; +import org.cloudfoundry.identity.uaa.constants.OriginKeys; import org.cloudfoundry.identity.uaa.oauth.approval.Approval; import org.cloudfoundry.identity.uaa.oauth.approval.ApprovalStore; import org.springframework.security.authentication.InsufficientAuthenticationException; @@ -234,7 +235,7 @@ private List> getScopes(ClientDetails client, ArrayList map = new HashMap(); String value = SCOPE_PREFIX + scope; String resource = scope.substring(0, scope.lastIndexOf(".")); - if (Origin.UAA.equals(resource)) { + if (OriginKeys.UAA.equals(resource)) { // special case: don't need to prompt for internal uaa // scopes continue; diff --git a/common/src/main/java/org/cloudfoundry/identity/uaa/oauth/ClientAdminEndpointsValidator.java b/common/src/main/java/org/cloudfoundry/identity/uaa/oauth/ClientAdminEndpointsValidator.java index ae098a3aff..206c8161da 100644 --- a/common/src/main/java/org/cloudfoundry/identity/uaa/oauth/ClientAdminEndpointsValidator.java +++ b/common/src/main/java/org/cloudfoundry/identity/uaa/oauth/ClientAdminEndpointsValidator.java @@ -20,11 +20,10 @@ import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; -import org.cloudfoundry.identity.uaa.authentication.Origin; +import org.cloudfoundry.identity.uaa.constants.OriginKeys; import org.cloudfoundry.identity.uaa.rest.QueryableResourceManager; import org.cloudfoundry.identity.uaa.security.DefaultSecurityContextAccessor; import org.cloudfoundry.identity.uaa.security.SecurityContextAccessor; -import org.cloudfoundry.identity.uaa.util.UaaStringUtils; import org.springframework.beans.factory.InitializingBean; import org.springframework.security.core.authority.AuthorityUtils; import org.springframework.security.oauth2.provider.ClientDetails; @@ -49,7 +48,7 @@ public class ClientAdminEndpointsValidator implements InitializingBean, ClientDe private SecurityContextAccessor securityContextAccessor = new DefaultSecurityContextAccessor(); - private Set reservedClientIds = StringUtils.commaDelimitedListToSet(Origin.UAA); + private Set reservedClientIds = StringUtils.commaDelimitedListToSet(OriginKeys.UAA); /** diff --git a/common/src/main/java/org/cloudfoundry/identity/uaa/oauth/ZoneEndpointsClientDetailsValidator.java b/common/src/main/java/org/cloudfoundry/identity/uaa/oauth/ZoneEndpointsClientDetailsValidator.java index 99290698ad..b87f5616eb 100644 --- a/common/src/main/java/org/cloudfoundry/identity/uaa/oauth/ZoneEndpointsClientDetailsValidator.java +++ b/common/src/main/java/org/cloudfoundry/identity/uaa/oauth/ZoneEndpointsClientDetailsValidator.java @@ -3,8 +3,8 @@ import java.util.Collections; import org.apache.commons.lang.StringUtils; -import org.cloudfoundry.identity.uaa.authentication.Origin; import org.cloudfoundry.identity.uaa.client.ClientConstants; +import org.cloudfoundry.identity.uaa.constants.OriginKeys; import org.springframework.security.core.authority.AuthorityUtils; import org.springframework.security.oauth2.provider.ClientDetails; import org.springframework.security.oauth2.provider.client.BaseClientDetails; @@ -37,7 +37,7 @@ public ClientDetails validate(ClientDetails clientDetails, Mode mode) throws Inv throw new InvalidClientDetailsException("client_secret cannot be blank"); } } - if (!Collections.singletonList(Origin.UAA).equals(clientDetails.getAdditionalInformation().get(ClientConstants.ALLOWED_PROVIDERS))) { + if (!Collections.singletonList(OriginKeys.UAA).equals(clientDetails.getAdditionalInformation().get(ClientConstants.ALLOWED_PROVIDERS))) { throw new InvalidClientDetailsException("only the internal IdP ('uaa') is allowed"); } diff --git a/common/src/main/java/org/cloudfoundry/identity/uaa/user/UaaUserEditor.java b/common/src/main/java/org/cloudfoundry/identity/uaa/user/UaaUserEditor.java index c12f8ae5e0..3c9f495629 100644 --- a/common/src/main/java/org/cloudfoundry/identity/uaa/user/UaaUserEditor.java +++ b/common/src/main/java/org/cloudfoundry/identity/uaa/user/UaaUserEditor.java @@ -16,7 +16,7 @@ import java.util.Arrays; import java.util.List; -import org.cloudfoundry.identity.uaa.authentication.Origin; +import org.cloudfoundry.identity.uaa.constants.OriginKeys; import org.cloudfoundry.identity.uaa.zone.IdentityZoneHolder; import org.springframework.security.core.authority.AuthorityUtils; @@ -35,7 +35,7 @@ public void setAsText(String text) throws IllegalArgumentException { } String username = values[0], password = values[1]; - String email = username, firstName = null, lastName = null, origin = Origin.UAA; + String email = username, firstName = null, lastName = null, origin = OriginKeys.UAA; String authorities = null; if (values.length > 2) { switch (values.length) { diff --git a/common/src/main/java/org/cloudfoundry/identity/uaa/util/DomainFilter.java b/common/src/main/java/org/cloudfoundry/identity/uaa/util/DomainFilter.java index 364ced9ea1..d236ea755c 100644 --- a/common/src/main/java/org/cloudfoundry/identity/uaa/util/DomainFilter.java +++ b/common/src/main/java/org/cloudfoundry/identity/uaa/util/DomainFilter.java @@ -26,7 +26,7 @@ import java.util.stream.Collectors; import static java.util.Collections.EMPTY_LIST; -import static org.cloudfoundry.identity.uaa.authentication.Origin.UAA; +import static org.cloudfoundry.identity.uaa.constants.OriginKeys.UAA; public class DomainFilter { diff --git a/common/src/main/java/org/cloudfoundry/identity/uaa/zone/DisableInternalUserManagementFilter.java b/common/src/main/java/org/cloudfoundry/identity/uaa/zone/DisableInternalUserManagementFilter.java index 7db713c8a6..948fbed676 100644 --- a/common/src/main/java/org/cloudfoundry/identity/uaa/zone/DisableInternalUserManagementFilter.java +++ b/common/src/main/java/org/cloudfoundry/identity/uaa/zone/DisableInternalUserManagementFilter.java @@ -12,7 +12,7 @@ *******************************************************************************/ package org.cloudfoundry.identity.uaa.zone; -import org.cloudfoundry.identity.uaa.authentication.Origin; +import org.cloudfoundry.identity.uaa.constants.OriginKeys; import org.cloudfoundry.identity.uaa.util.ObjectUtils; import org.springframework.web.filter.OncePerRequestFilter; @@ -40,7 +40,7 @@ public DisableInternalUserManagementFilter(IdentityProviderProvisioning identity protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException { if (matches(request)) { - IdentityProvider idp = identityProviderProvisioning.retrieveByOrigin(Origin.UAA, IdentityZoneHolder.get().getId()); + IdentityProvider idp = identityProviderProvisioning.retrieveByOrigin(OriginKeys.UAA, IdentityZoneHolder.get().getId()); boolean isDisableInternalUserManagement = false; UaaIdentityProviderDefinition config = ObjectUtils.castInstance(idp.getConfig(), UaaIdentityProviderDefinition.class); if (config != null) { diff --git a/common/src/main/java/org/cloudfoundry/identity/uaa/zone/DisableUserManagementSecurityFilter.java b/common/src/main/java/org/cloudfoundry/identity/uaa/zone/DisableUserManagementSecurityFilter.java index 0c55e42f7a..b5de9ba487 100644 --- a/common/src/main/java/org/cloudfoundry/identity/uaa/zone/DisableUserManagementSecurityFilter.java +++ b/common/src/main/java/org/cloudfoundry/identity/uaa/zone/DisableUserManagementSecurityFilter.java @@ -12,7 +12,7 @@ *******************************************************************************/ package org.cloudfoundry.identity.uaa.zone; -import org.cloudfoundry.identity.uaa.authentication.Origin; +import org.cloudfoundry.identity.uaa.constants.OriginKeys; import org.cloudfoundry.identity.uaa.error.ExceptionReport; import org.cloudfoundry.identity.uaa.error.ExceptionReportHttpMessageConverter; import org.cloudfoundry.identity.uaa.util.ObjectUtils; @@ -66,7 +66,7 @@ public DisableUserManagementSecurityFilter(IdentityProviderProvisioning identity protected void doFilterInternal(HttpServletRequest request, final HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException { if (matches(request)) { - IdentityProvider idp = identityProviderProvisioning.retrieveByOrigin(Origin.UAA, IdentityZoneHolder.get().getId()); + IdentityProvider idp = identityProviderProvisioning.retrieveByOrigin(OriginKeys.UAA, IdentityZoneHolder.get().getId()); boolean isDisableInternalUserManagement = false; UaaIdentityProviderDefinition config = ObjectUtils.castInstance(idp.getConfig(), UaaIdentityProviderDefinition.class); if (config != null) { diff --git a/common/src/main/java/org/cloudfoundry/identity/uaa/zone/IdentityProvider.java b/common/src/main/java/org/cloudfoundry/identity/uaa/zone/IdentityProvider.java index cbaa36e45a..073f5d8e69 100644 --- a/common/src/main/java/org/cloudfoundry/identity/uaa/zone/IdentityProvider.java +++ b/common/src/main/java/org/cloudfoundry/identity/uaa/zone/IdentityProvider.java @@ -14,6 +14,8 @@ import com.fasterxml.jackson.annotation.JsonProperty; import com.fasterxml.jackson.core.JsonGenerator; +import com.fasterxml.jackson.core.type.TypeReference; + import com.fasterxml.jackson.core.JsonParser; import com.fasterxml.jackson.core.JsonProcessingException; import com.fasterxml.jackson.databind.DeserializationContext; @@ -27,6 +29,7 @@ import org.cloudfoundry.identity.uaa.KeystoneIdentityProviderDefinition; import org.cloudfoundry.identity.uaa.config.LockoutPolicy; import org.cloudfoundry.identity.uaa.config.PasswordPolicy; +import org.cloudfoundry.identity.uaa.constants.OriginKeys; import org.cloudfoundry.identity.uaa.ldap.LdapIdentityProviderDefinition; import org.cloudfoundry.identity.uaa.login.saml.SamlIdentityProviderDefinition; import org.cloudfoundry.identity.uaa.util.JsonUtils; @@ -37,11 +40,11 @@ import java.io.IOException; import java.util.Date; -import static org.cloudfoundry.identity.uaa.authentication.Origin.KEYSTONE; -import static org.cloudfoundry.identity.uaa.authentication.Origin.LDAP; -import static org.cloudfoundry.identity.uaa.authentication.Origin.SAML; -import static org.cloudfoundry.identity.uaa.authentication.Origin.UAA; -import static org.cloudfoundry.identity.uaa.authentication.Origin.UNKNOWN; +import static org.cloudfoundry.identity.uaa.constants.OriginKeys.KEYSTONE; +import static org.cloudfoundry.identity.uaa.constants.OriginKeys.LDAP; +import static org.cloudfoundry.identity.uaa.constants.OriginKeys.SAML; +import static org.cloudfoundry.identity.uaa.constants.OriginKeys.UAA; +import static org.cloudfoundry.identity.uaa.constants.OriginKeys.UNKNOWN; @JsonSerialize(using = IdentityProvider.IdentityProviderSerializer.class) @JsonDeserialize(using = IdentityProvider.IdentityProviderDeserializer.class) diff --git a/common/src/main/java/org/cloudfoundry/identity/uaa/zone/IdentityZoneEndpoints.java b/common/src/main/java/org/cloudfoundry/identity/uaa/zone/IdentityZoneEndpoints.java index f9936985c9..b36bc9e25f 100644 --- a/common/src/main/java/org/cloudfoundry/identity/uaa/zone/IdentityZoneEndpoints.java +++ b/common/src/main/java/org/cloudfoundry/identity/uaa/zone/IdentityZoneEndpoints.java @@ -12,10 +12,13 @@ *******************************************************************************/ package org.cloudfoundry.identity.uaa.zone; -import org.cloudfoundry.identity.uaa.authentication.Origin; +import org.cloudfoundry.identity.uaa.constants.OriginKeys; +import org.cloudfoundry.identity.uaa.error.UaaException; import org.cloudfoundry.identity.uaa.oauth.InvalidClientDetailsException; import org.slf4j.Logger; import org.slf4j.LoggerFactory; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.context.MessageSource; import org.springframework.http.HttpStatus; import org.springframework.http.ResponseEntity; import org.springframework.security.access.AccessDeniedException; @@ -24,6 +27,9 @@ import org.springframework.security.oauth2.provider.NoSuchClientException; import org.springframework.security.oauth2.provider.client.BaseClientDetails; import org.springframework.util.StringUtils; +import org.springframework.validation.BindingResult; +import org.springframework.validation.Errors; +import org.springframework.validation.ObjectError; import org.springframework.web.bind.MethodArgumentNotValidException; import org.springframework.web.bind.annotation.ExceptionHandler; import org.springframework.web.bind.annotation.PathVariable; @@ -32,9 +38,11 @@ import org.springframework.web.bind.annotation.RestController; import javax.validation.Valid; +import java.util.ArrayList; import java.util.Arrays; import java.util.LinkedList; import java.util.List; +import java.util.Locale; import java.util.UUID; import static org.springframework.http.HttpStatus.CONFLICT; @@ -50,12 +58,14 @@ @RequestMapping("/identity-zones") public class IdentityZoneEndpoints { + @Autowired + private MessageSource messageSource; + private static final Logger logger = LoggerFactory.getLogger(IdentityZoneEndpoints.class); private final IdentityZoneProvisioning zoneDao; private final IdentityProviderProvisioning idpDao; private final IdentityZoneEndpointClientRegistrationService clientRegistrationService; - public IdentityZoneEndpoints(IdentityZoneProvisioning zoneDao, IdentityProviderProvisioning idpDao, IdentityZoneEndpointClientRegistrationService clientRegistrationService) { super(); @@ -93,7 +103,12 @@ protected List filterForCurrentZone(List zones) { } @RequestMapping(method = POST) - public ResponseEntity createIdentityZone(@RequestBody @Valid IdentityZone body) { + public ResponseEntity createIdentityZone(@RequestBody @Valid IdentityZone body, BindingResult result) { + + if (result.hasErrors()) { + throw new UnprocessableEntityException(getErrorMessages(result)); + } + if (!IdentityZoneHolder.isUaa()) { throw new AccessDeniedException("Zones can only be created by being authenticated in the default zone."); } @@ -107,9 +122,9 @@ public ResponseEntity createIdentityZone(@RequestBody @Valid Ident IdentityZone created = zoneDao.create(body); IdentityZoneHolder.set(created); IdentityProvider defaultIdp = new IdentityProvider(); - defaultIdp.setName(Origin.UAA); - defaultIdp.setType(Origin.UAA); - defaultIdp.setOriginKey(Origin.UAA); + defaultIdp.setName(OriginKeys.UAA); + defaultIdp.setType(OriginKeys.UAA); + defaultIdp.setOriginKey(OriginKeys.UAA); defaultIdp.setIdentityZoneId(created.getId()); UaaIdentityProviderDefinition idpDefinition = new UaaIdentityProviderDefinition(); idpDefinition.setPasswordPolicy(null); @@ -122,6 +137,14 @@ public ResponseEntity createIdentityZone(@RequestBody @Valid Ident } } + private String getErrorMessages(Errors errors) { + List messages = new ArrayList<>(); + for(ObjectError error : errors.getAllErrors()) { + messages.add(messageSource.getMessage(error, Locale.getDefault())); + } + return String.join("\r\n", messages); + } + @RequestMapping(value = "{id}", method = PUT) public ResponseEntity updateIdentityZone( @RequestBody @Valid IdentityZone body, @PathVariable String id) { @@ -158,7 +181,7 @@ public ResponseEntity createClient( } IdentityZone previous = IdentityZoneHolder.get(); try { - logger.debug("Zone creating client zone["+identityZoneId+"] client["+clientDetails.getClientId()+"]"); + logger.debug("Zone creating client zone[" + identityZoneId + "] client[" + clientDetails.getClientId() + "]"); IdentityZone identityZone = zoneDao.retrieve(identityZoneId); IdentityZoneHolder.set(identityZone); ClientDetails createdClient = clientRegistrationService.createClient(clientDetails); @@ -229,14 +252,24 @@ public ResponseEntity handleValidationException(MethodArgumentNotValidExce } @ExceptionHandler(AccessDeniedException.class) - public ResponseEntity handleAccessDeniedException(MethodArgumentNotValidException e) { + public ResponseEntity handleAccessDeniedException(AccessDeniedException e) { return new ResponseEntity<>(HttpStatus.FORBIDDEN); } + @ExceptionHandler(UnprocessableEntityException.class) + public ResponseEntity handleUnprocessableEntityException(UnprocessableEntityException e) { + return new ResponseEntity<>(e, HttpStatus.UNPROCESSABLE_ENTITY); + } + @ExceptionHandler(Exception.class) public ResponseEntity handleException(Exception e) { logger.error(e.getClass() + ": " + e.getMessage(), e); return new ResponseEntity<>(HttpStatus.INTERNAL_SERVER_ERROR); } + private class UnprocessableEntityException extends UaaException { + public UnprocessableEntityException(String message) { + super("invalid_identity_zone", message, 422); + } + } } diff --git a/common/src/main/java/org/cloudfoundry/identity/uaa/zone/JdbcIdentityProviderProvisioning.java b/common/src/main/java/org/cloudfoundry/identity/uaa/zone/JdbcIdentityProviderProvisioning.java index 150523925f..a544dbd651 100644 --- a/common/src/main/java/org/cloudfoundry/identity/uaa/zone/JdbcIdentityProviderProvisioning.java +++ b/common/src/main/java/org/cloudfoundry/identity/uaa/zone/JdbcIdentityProviderProvisioning.java @@ -12,6 +12,7 @@ *******************************************************************************/ package org.cloudfoundry.identity.uaa.zone; +import org.cloudfoundry.identity.uaa.constants.OriginKeys; import org.cloudfoundry.identity.uaa.AbstractIdentityProviderDefinition; import org.cloudfoundry.identity.uaa.KeystoneIdentityProviderDefinition; import org.cloudfoundry.identity.uaa.authentication.Origin; @@ -142,8 +143,8 @@ protected void validate(IdentityProvider provider) { throw new DataIntegrityViolationException("Identity zone ID must be set."); } //ensure that SAML IDPs have reduntant fields synchronized - if (Origin.SAML.equals(provider.getType()) && provider.getConfig()!=null) { - SamlIdentityProviderDefinition saml = ObjectUtils.castInstance(provider.getConfig(),SamlIdentityProviderDefinition.class); + if (OriginKeys.SAML.equals(provider.getType()) && provider.getConfig()!=null) { + SamlIdentityProviderDefinition saml = ObjectUtils.castInstance(provider.getConfig(), SamlIdentityProviderDefinition.class); saml.setIdpEntityAlias(provider.getOriginKey()); saml.setZoneId(provider.getIdentityZoneId()); provider.setConfig(saml); @@ -166,16 +167,16 @@ public IdentityProvider mapRow(ResultSet rs, int rowNum) throws SQLException { if (StringUtils.hasText(config)) { AbstractIdentityProviderDefinition definition; switch (identityProvider.getType()) { - case Origin.SAML : + case OriginKeys.SAML : definition = JsonUtils.readValue(config, SamlIdentityProviderDefinition.class); break; - case Origin.UAA : + case OriginKeys.UAA : definition = JsonUtils.readValue(config, UaaIdentityProviderDefinition.class); break; - case Origin.LDAP : + case OriginKeys.LDAP : definition = JsonUtils.readValue(config, LdapIdentityProviderDefinition.class); break; - case Origin.KEYSTONE : + case OriginKeys.KEYSTONE : definition = JsonUtils.readValue(config, KeystoneIdentityProviderDefinition.class); break; default: diff --git a/common/src/test/java/org/cloudfoundry/identity/uaa/authentication/SessionResetFilterTests.java b/common/src/test/java/org/cloudfoundry/identity/uaa/authentication/SessionResetFilterTests.java index 94e98068de..eddec9ae3a 100644 --- a/common/src/test/java/org/cloudfoundry/identity/uaa/authentication/SessionResetFilterTests.java +++ b/common/src/test/java/org/cloudfoundry/identity/uaa/authentication/SessionResetFilterTests.java @@ -15,6 +15,7 @@ package org.cloudfoundry.identity.uaa.authentication; +import org.cloudfoundry.identity.uaa.constants.OriginKeys; import org.cloudfoundry.identity.uaa.user.InMemoryUaaUserDatabase; import org.cloudfoundry.identity.uaa.user.UaaUser; import org.cloudfoundry.identity.uaa.user.UaaUserDatabase; @@ -35,17 +36,14 @@ import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpSession; import java.lang.reflect.Field; -import java.util.Calendar; import java.util.Collections; import java.util.Date; -import java.util.GregorianCalendar; import java.util.HashMap; import java.util.Map; import static org.mockito.Matchers.anyBoolean; import static org.mockito.Matchers.anyString; import static org.mockito.Mockito.mock; -import static org.mockito.Mockito.reset; import static org.mockito.Mockito.times; import static org.mockito.Mockito.verify; import static org.mockito.Mockito.verifyZeroInteractions; @@ -95,7 +93,7 @@ private void addUsersToInMemoryDb() { "family name", yesterday, yesterday, - Origin.UAA, + OriginKeys.UAA, null, true, IdentityZone.getUaa().getId(), @@ -113,7 +111,7 @@ private void addUsersToInMemoryDb() { "family name", yesterday, yesterday, - Origin.UAA, + OriginKeys.UAA, null, true, IdentityZone.getUaa().getId(), @@ -190,7 +188,7 @@ public void test_User_Not_Modified() throws Exception { @Test public void test_User_Not_Originated_In_Uaa() throws Exception { SecurityContextHolder.getContext().setAuthentication(authentication); - setFieldValue("origin", Origin.LDAP, authentication.getPrincipal()); + setFieldValue("origin", OriginKeys.LDAP, authentication.getPrincipal()); filter.doFilterInternal(request, response, chain); verify(chain, times(1)).doFilter(request, response); verifyZeroInteractions(request); @@ -203,4 +201,4 @@ protected void setFieldValue(String fieldname, Object value, Object object) { ReflectionUtils.setField(f, object, value); } -} \ No newline at end of file +} diff --git a/common/src/test/java/org/cloudfoundry/identity/uaa/authentication/login/LoginInfoEndpointTests.java b/common/src/test/java/org/cloudfoundry/identity/uaa/authentication/login/LoginInfoEndpointTests.java index 601c4931a6..6d7a712c17 100644 --- a/common/src/test/java/org/cloudfoundry/identity/uaa/authentication/login/LoginInfoEndpointTests.java +++ b/common/src/test/java/org/cloudfoundry/identity/uaa/authentication/login/LoginInfoEndpointTests.java @@ -1,12 +1,12 @@ package org.cloudfoundry.identity.uaa.authentication.login; -import org.cloudfoundry.identity.uaa.authentication.Origin; import org.cloudfoundry.identity.uaa.authentication.UaaAuthentication; import org.cloudfoundry.identity.uaa.authentication.UaaAuthenticationDetails; import org.cloudfoundry.identity.uaa.authentication.UaaPrincipal; import org.cloudfoundry.identity.uaa.client.ClientConstants; import org.cloudfoundry.identity.uaa.codestore.ExpiringCodeStore; import org.cloudfoundry.identity.uaa.codestore.InMemoryExpiringCodeStore; +import org.cloudfoundry.identity.uaa.constants.OriginKeys; import org.cloudfoundry.identity.uaa.login.saml.LoginSamlAuthenticationToken; import org.cloudfoundry.identity.uaa.login.saml.SamlIdentityProviderConfigurator; import org.cloudfoundry.identity.uaa.login.saml.SamlIdentityProviderDefinition; @@ -78,7 +78,7 @@ public void testLoginReturnsSystemZone() throws Exception { LoginInfoEndpoint endpoint = getEndpoint(); assertFalse(model.containsAttribute("zone_name")); endpoint.loginForHtml(model, null, new MockHttpServletRequest()); - assertEquals(Origin.UAA, model.asMap().get("zone_name")); + assertEquals(OriginKeys.UAA, model.asMap().get("zone_name")); } @Test @@ -352,7 +352,7 @@ public void testFilterIDPsForAuthcodeClientInDefaultZone() throws Exception { // mock session and saved request MockHttpServletRequest request = getMockHttpServletRequest(); - List allowedProviders = Arrays.asList("my-client-awesome-idp1", "my-client-awesome-idp2", Origin.LDAP); + List allowedProviders = Arrays.asList("my-client-awesome-idp1", "my-client-awesome-idp2", OriginKeys.LDAP); // mock Client service BaseClientDetails clientDetails = new BaseClientDetails(); diff --git a/common/src/test/java/org/cloudfoundry/identity/uaa/authentication/login/RemoteAuthenticationEndpointTests.java b/common/src/test/java/org/cloudfoundry/identity/uaa/authentication/login/RemoteAuthenticationEndpointTests.java index fc5f012ded..6aa429c65c 100644 --- a/common/src/test/java/org/cloudfoundry/identity/uaa/authentication/login/RemoteAuthenticationEndpointTests.java +++ b/common/src/test/java/org/cloudfoundry/identity/uaa/authentication/login/RemoteAuthenticationEndpointTests.java @@ -18,8 +18,8 @@ import static org.mockito.Mockito.when; import org.cloudfoundry.identity.uaa.authentication.AccountNotVerifiedException; -import org.cloudfoundry.identity.uaa.authentication.Origin; import org.cloudfoundry.identity.uaa.authentication.UaaPrincipal; +import org.cloudfoundry.identity.uaa.constants.OriginKeys; import org.junit.Before; import org.junit.Test; import org.springframework.http.HttpStatus; @@ -44,7 +44,7 @@ public class RemoteAuthenticationEndpointTests { @Before public void setUp() throws Exception { - UaaPrincipal principal = new UaaPrincipal("user-id-001", "joe", "joe@example.com", Origin.UAA, null, null); + UaaPrincipal principal = new UaaPrincipal("user-id-001", "joe", "joe@example.com", OriginKeys.UAA, null, null); success = new UsernamePasswordAuthenticationToken(principal, null); loginAuthMgr = mock(AuthenticationManager.class); diff --git a/common/src/test/java/org/cloudfoundry/identity/uaa/authentication/manager/AuthzAuthenticationManagerTests.java b/common/src/test/java/org/cloudfoundry/identity/uaa/authentication/manager/AuthzAuthenticationManagerTests.java index a5de0a4137..6e42cdd80e 100644 --- a/common/src/test/java/org/cloudfoundry/identity/uaa/authentication/manager/AuthzAuthenticationManagerTests.java +++ b/common/src/test/java/org/cloudfoundry/identity/uaa/authentication/manager/AuthzAuthenticationManagerTests.java @@ -15,7 +15,6 @@ import org.cloudfoundry.identity.uaa.authentication.AccountNotVerifiedException; import org.cloudfoundry.identity.uaa.authentication.AuthenticationPolicyRejectionException; import org.cloudfoundry.identity.uaa.authentication.AuthzAuthenticationRequest; -import org.cloudfoundry.identity.uaa.authentication.Origin; import org.cloudfoundry.identity.uaa.authentication.PasswordExpiredException; import org.cloudfoundry.identity.uaa.authentication.UaaAuthenticationDetails; import org.cloudfoundry.identity.uaa.authentication.UaaPrincipal; @@ -24,6 +23,7 @@ import org.cloudfoundry.identity.uaa.authentication.event.UserAuthenticationSuccessEvent; import org.cloudfoundry.identity.uaa.authentication.event.UserNotFoundEvent; import org.cloudfoundry.identity.uaa.config.PasswordPolicy; +import org.cloudfoundry.identity.uaa.constants.OriginKeys; import org.cloudfoundry.identity.uaa.user.UaaAuthority; import org.cloudfoundry.identity.uaa.user.UaaUser; import org.cloudfoundry.identity.uaa.user.UaaUserDatabase; @@ -85,7 +85,7 @@ public void setUp() throws Exception { "A", "User", new Date(), new Date(), - Origin.UAA, + OriginKeys.UAA, null, true, IdentityZoneHolder.get().getId(), @@ -96,12 +96,12 @@ public void setUp() throws Exception { publisher = mock(ApplicationEventPublisher.class); mgr = new AuthzAuthenticationManager(db, encoder, providerProvisioning); mgr.setApplicationEventPublisher(publisher); - mgr.setOrigin(Origin.UAA); + mgr.setOrigin(OriginKeys.UAA); } @Test public void successfulAuthentication() throws Exception { - when(db.retrieveUserByName("auser", Origin.UAA)).thenReturn(user); + when(db.retrieveUserByName("auser", OriginKeys.UAA)).thenReturn(user); Authentication result = mgr.authenticate(createAuthRequest("auser", "password")); assertNotNull(result); assertEquals("auser", result.getName()); @@ -130,31 +130,31 @@ public void unsuccessfulPasswordExpired() throws Exception { user.getFamilyName(), oneYearAgo, oneYearAgo, - Origin.UAA, + OriginKeys.UAA, null, true, IdentityZoneHolder.get().getId(), user.getSalt(), oneYearAgo); - when(db.retrieveUserByName("auser", Origin.UAA)).thenReturn(user); + when(db.retrieveUserByName("auser", OriginKeys.UAA)).thenReturn(user); mgr.authenticate(createAuthRequest("auser", "password")); } @Test(expected = BadCredentialsException.class) public void unsuccessfulLoginServerUserAuthentication() throws Exception { - when(db.retrieveUserByName(loginServerUserName,Origin.UAA)).thenReturn(null); + when(db.retrieveUserByName(loginServerUserName, OriginKeys.UAA)).thenReturn(null); mgr.authenticate(createAuthRequest(loginServerUserName, "")); } @Test(expected = BadCredentialsException.class) public void unsuccessfulLoginServerUserWithPasswordAuthentication() throws Exception { - when(db.retrieveUserByName(loginServerUserName,Origin.UAA)).thenReturn(null); + when(db.retrieveUserByName(loginServerUserName, OriginKeys.UAA)).thenReturn(null); mgr.authenticate(createAuthRequest(loginServerUserName, "dadas")); } @Test public void successfulAuthenticationReturnsTokenAndPublishesEvent() throws Exception { - when(db.retrieveUserByName("auser",Origin.UAA)).thenReturn(user); + when(db.retrieveUserByName("auser", OriginKeys.UAA)).thenReturn(user); Authentication result = mgr.authenticate(createAuthRequest("auser", "password")); assertNotNull(result); @@ -166,7 +166,7 @@ public void successfulAuthenticationReturnsTokenAndPublishesEvent() throws Excep @Test public void invalidPasswordPublishesAuthenticationFailureEvent() { - when(db.retrieveUserByName("auser",Origin.UAA)).thenReturn(user); + when(db.retrieveUserByName("auser", OriginKeys.UAA)).thenReturn(user); try { mgr.authenticate(createAuthRequest("auser", "wrongpassword")); fail(); @@ -178,7 +178,7 @@ public void invalidPasswordPublishesAuthenticationFailureEvent() { @Test(expected = AuthenticationPolicyRejectionException.class) public void authenticationIsDeniedIfRejectedByLoginPolicy() throws Exception { - when(db.retrieveUserByName("auser", Origin.UAA)).thenReturn(user); + when(db.retrieveUserByName("auser", OriginKeys.UAA)).thenReturn(user); AccountLoginPolicy lp = mock(AccountLoginPolicy.class); when(lp.isAllowed(any(UaaUser.class), any(Authentication.class))).thenReturn(false); mgr.setAccountLoginPolicy(lp); @@ -187,7 +187,7 @@ public void authenticationIsDeniedIfRejectedByLoginPolicy() throws Exception { @Test public void missingUserPublishesNotFoundEvent() { - when(db.retrieveUserByName(eq("aguess"),eq(Origin.UAA))).thenThrow(new UsernameNotFoundException("mocked")); + when(db.retrieveUserByName(eq("aguess"),eq(OriginKeys.UAA))).thenThrow(new UsernameNotFoundException("mocked")); try { mgr.authenticate(createAuthRequest("aguess", "password")); fail(); @@ -217,7 +217,7 @@ public void originAuthenticationFail() throws Exception { @Test public void unverifiedAuthenticationSucceedsWhenAllowed() throws Exception { user.setVerified(false); - when(db.retrieveUserByName("auser", Origin.UAA)).thenReturn(user); + when(db.retrieveUserByName("auser", OriginKeys.UAA)).thenReturn(user); Authentication result = mgr.authenticate(createAuthRequest("auser", "password")); assertEquals("auser", result.getName()); assertEquals("auser", ((UaaPrincipal) result.getPrincipal()).getName()); @@ -227,7 +227,7 @@ public void unverifiedAuthenticationSucceedsWhenAllowed() throws Exception { public void unverifiedAuthenticationFailsWhenNotAllowed() throws Exception { mgr.setAllowUnverifiedUsers(false); user.setVerified(false); - when(db.retrieveUserByName("auser", Origin.UAA)).thenReturn(user); + when(db.retrieveUserByName("auser", OriginKeys.UAA)).thenReturn(user); try { mgr.authenticate(createAuthRequest("auser", "password")); fail("Expected AccountNotVerifiedException"); @@ -254,7 +254,7 @@ public void unverified_authentication_never_allowed_in_non_default_zone() throws user.getFamilyName(), justASecondAgo, justASecondAgo, - Origin.UAA, + OriginKeys.UAA, null, true, IdentityZoneHolder.get().getId(), @@ -262,7 +262,7 @@ public void unverified_authentication_never_allowed_in_non_default_zone() throws justASecondAgo); calZoneUser.setVerified(false); - when(db.retrieveUserByName("auser", Origin.UAA)).thenReturn(calZoneUser); + when(db.retrieveUserByName("auser", OriginKeys.UAA)).thenReturn(calZoneUser); try { mgr.authenticate(createAuthRequest("auser", "password")); fail("Expected AccountNotVerifiedException"); @@ -276,7 +276,7 @@ public void unverified_authentication_never_allowed_in_non_default_zone() throws public void userIsLockedOutAfterNumberOfFailedTriesIsExceeded() throws Exception { AccountLoginPolicy lockoutPolicy = mock(PeriodLockoutPolicy.class); mgr.setAccountLoginPolicy(lockoutPolicy); - when(db.retrieveUserByName("auser", Origin.UAA)).thenReturn(user); + when(db.retrieveUserByName("auser", OriginKeys.UAA)).thenReturn(user); Authentication authentication = createAuthRequest("auser", "password"); when(lockoutPolicy.isAllowed(any(UaaUser.class), eq(authentication))).thenReturn(false); diff --git a/common/src/test/java/org/cloudfoundry/identity/uaa/authentication/manager/CheckIdpEnabledAuthenticationManagerTest.java b/common/src/test/java/org/cloudfoundry/identity/uaa/authentication/manager/CheckIdpEnabledAuthenticationManagerTest.java index 27f69e6824..eafea73e9b 100644 --- a/common/src/test/java/org/cloudfoundry/identity/uaa/authentication/manager/CheckIdpEnabledAuthenticationManagerTest.java +++ b/common/src/test/java/org/cloudfoundry/identity/uaa/authentication/manager/CheckIdpEnabledAuthenticationManagerTest.java @@ -15,7 +15,7 @@ package org.cloudfoundry.identity.uaa.authentication.manager; -import org.cloudfoundry.identity.uaa.authentication.Origin; +import org.cloudfoundry.identity.uaa.constants.OriginKeys; import org.cloudfoundry.identity.uaa.test.JdbcTestBase; import org.cloudfoundry.identity.uaa.user.MockUaaUserDatabase; import org.cloudfoundry.identity.uaa.zone.IdentityProvider; @@ -48,8 +48,8 @@ public void setupAuthManager() throws Exception { PasswordEncoder encoder = mock(PasswordEncoder.class); when(encoder.matches(anyString(),anyString())).thenReturn(true); AuthzAuthenticationManager authzAuthenticationManager = new AuthzAuthenticationManager(userDatabase, encoder, identityProviderProvisioning); - authzAuthenticationManager.setOrigin(Origin.UAA); - manager = new CheckIdpEnabledAuthenticationManager(authzAuthenticationManager, Origin.UAA, identityProviderProvisioning); + authzAuthenticationManager.setOrigin(OriginKeys.UAA); + manager = new CheckIdpEnabledAuthenticationManager(authzAuthenticationManager, OriginKeys.UAA, identityProviderProvisioning); token = new UsernamePasswordAuthenticationToken("marissa", "koala"); } @@ -63,7 +63,7 @@ public void testAuthenticate() throws Exception { @Test(expected = ProviderNotFoundException.class) public void testAuthenticateIdpDisabled() throws Exception { - IdentityProvider provider = identityProviderProvisioning.retrieveByOrigin(Origin.UAA, IdentityZoneHolder.get().getId()); + IdentityProvider provider = identityProviderProvisioning.retrieveByOrigin(OriginKeys.UAA, IdentityZoneHolder.get().getId()); provider.setActive(false); identityProviderProvisioning.update(provider); manager.authenticate(token); diff --git a/common/src/test/java/org/cloudfoundry/identity/uaa/authentication/manager/LdapLoginAuthenticationManagerTests.java b/common/src/test/java/org/cloudfoundry/identity/uaa/authentication/manager/LdapLoginAuthenticationManagerTests.java index c736c23a5a..447313dde3 100644 --- a/common/src/test/java/org/cloudfoundry/identity/uaa/authentication/manager/LdapLoginAuthenticationManagerTests.java +++ b/common/src/test/java/org/cloudfoundry/identity/uaa/authentication/manager/LdapLoginAuthenticationManagerTests.java @@ -14,8 +14,8 @@ */ package org.cloudfoundry.identity.uaa.authentication.manager; -import org.cloudfoundry.identity.uaa.authentication.Origin; import org.cloudfoundry.identity.uaa.authentication.UaaAuthentication; +import org.cloudfoundry.identity.uaa.constants.OriginKeys; import org.cloudfoundry.identity.uaa.ldap.LdapIdentityProviderDefinition; import org.cloudfoundry.identity.uaa.ldap.extension.ExtendedLdapUserImpl; import org.cloudfoundry.identity.uaa.user.UaaAuthority; @@ -227,9 +227,9 @@ public void test_custom_user_attributes() throws Exception { when(auth.getPrincipal()).thenReturn(authDetails); UaaUserDatabase db = mock(UaaUserDatabase.class); - when(db.retrieveUserByName(anyString(), eq(Origin.LDAP))).thenReturn(user); + when(db.retrieveUserByName(anyString(), eq(OriginKeys.LDAP))).thenReturn(user); when(db.retrieveUserById(anyString())).thenReturn(user); - am.setOrigin(Origin.LDAP); + am.setOrigin(OriginKeys.LDAP); am.setUserDatabase(db); UaaAuthentication authentication = (UaaAuthentication)am.authenticate(auth); @@ -277,7 +277,7 @@ protected UaaUser getUaaUser() { .withPhoneNumber("8675309") .withCreated(new Date()) .withModified(new Date()) - .withOrigin(Origin.ORIGIN) + .withOrigin(OriginKeys.ORIGIN) .withExternalId(DN) .withVerified(false) .withZoneId(IdentityZoneHolder.get().getId()) @@ -303,4 +303,4 @@ public String[] getValues() { return values; } } -} \ No newline at end of file +} diff --git a/common/src/test/java/org/cloudfoundry/identity/uaa/authentication/manager/LoginAuthenticationManagerTests.java b/common/src/test/java/org/cloudfoundry/identity/uaa/authentication/manager/LoginAuthenticationManagerTests.java index 0d3ff75f31..eda4f71a64 100644 --- a/common/src/test/java/org/cloudfoundry/identity/uaa/authentication/manager/LoginAuthenticationManagerTests.java +++ b/common/src/test/java/org/cloudfoundry/identity/uaa/authentication/manager/LoginAuthenticationManagerTests.java @@ -19,10 +19,10 @@ import java.util.Arrays; import org.cloudfoundry.identity.uaa.authentication.AuthzAuthenticationRequest; -import org.cloudfoundry.identity.uaa.authentication.Origin; import org.cloudfoundry.identity.uaa.authentication.UaaAuthenticationTestFactory; import org.cloudfoundry.identity.uaa.authentication.UaaPrincipal; import org.cloudfoundry.identity.uaa.authentication.event.UserAuthenticationSuccessEvent; +import org.cloudfoundry.identity.uaa.constants.OriginKeys; import org.cloudfoundry.identity.uaa.test.TestApplicationEventPublisher; import org.cloudfoundry.identity.uaa.user.UaaUser; import org.cloudfoundry.identity.uaa.user.UaaUserDatabase; @@ -89,7 +89,7 @@ public void testNotProcessingNotAuthenticated() { @Test public void testHappyDayNoAutoAdd() { UaaUser user = UaaUserTestFactory.getUser("FOO", "foo", "fo@test.org", "Foo", "Bar"); - Mockito.when(userDatabase.retrieveUserByName("foo", Origin.LOGIN_SERVER)).thenReturn(user); + Mockito.when(userDatabase.retrieveUserByName("foo", OriginKeys.LOGIN_SERVER)).thenReturn(user); Authentication authentication = manager.authenticate(UaaAuthenticationTestFactory .getAuthenticationRequest("foo")); assertEquals(user.getUsername(), ((UaaPrincipal) authentication.getPrincipal()).getName()); @@ -99,7 +99,7 @@ public void testHappyDayNoAutoAdd() { @Test public void testHappyDayWithAuthorities() { UaaUser user = UaaUserTestFactory.getAdminUser("FOO", "foo", "fo@test.org", "Foo", "Bar"); - Mockito.when(userDatabase.retrieveUserByName("foo", Origin.LOGIN_SERVER)).thenReturn(user); + Mockito.when(userDatabase.retrieveUserByName("foo", OriginKeys.LOGIN_SERVER)).thenReturn(user); Authentication authentication = manager.authenticate(UaaAuthenticationTestFactory .getAuthenticationRequest("foo")); assertEquals(user.getUsername(), ((UaaPrincipal) authentication.getPrincipal()).getName()); @@ -108,14 +108,14 @@ public void testHappyDayWithAuthorities() { @Test(expected = BadCredentialsException.class) public void testUserNotFoundNoAutoAdd() { - Mockito.when(userDatabase.retrieveUserByName("foo", Origin.LOGIN_SERVER)).thenThrow(new UsernameNotFoundException("planned")); + Mockito.when(userDatabase.retrieveUserByName("foo", OriginKeys.LOGIN_SERVER)).thenThrow(new UsernameNotFoundException("planned")); manager.authenticate(UaaAuthenticationTestFactory.getAuthenticationRequest("foo")); } @Test public void testHappyDayAutoAddButWithExistingUser() { UaaUser user = UaaUserTestFactory.getUser("FOO", "foo", "fo@test.org", "Foo", "Bar"); - Mockito.when(userDatabase.retrieveUserByName("foo", Origin.LOGIN_SERVER)).thenReturn(user); + Mockito.when(userDatabase.retrieveUserByName("foo", OriginKeys.LOGIN_SERVER)).thenReturn(user); Authentication authentication = manager.authenticate(UaaAuthenticationTestFactory .getAuthenticationRequest("foo", true)); assertEquals(user.getUsername(), ((UaaPrincipal) authentication.getPrincipal()).getName()); @@ -125,7 +125,7 @@ public void testHappyDayAutoAddButWithExistingUser() { @Test public void testHappyDayAutoAddButWithNewUser() { UaaUser user = UaaUserTestFactory.getUser("FOO", "foo", "fo@test.org", "Foo", "Bar"); - Mockito.when(userDatabase.retrieveUserByName("foo", Origin.LOGIN_SERVER)).thenThrow(new UsernameNotFoundException("planned")) + Mockito.when(userDatabase.retrieveUserByName("foo", OriginKeys.LOGIN_SERVER)).thenThrow(new UsernameNotFoundException("planned")) .thenReturn(user); Authentication authentication = manager.authenticate(UaaAuthenticationTestFactory .getAuthenticationRequest("foo", true)); @@ -136,7 +136,7 @@ public void testHappyDayAutoAddButWithNewUser() { @Test(expected = BadCredentialsException.class) public void testFailedAutoAddButWithNewUser() { UaaUser user = UaaUserTestFactory.getUser("FOO", "foo", "fo@test.org", "Foo", "Bar"); - Mockito.when(userDatabase.retrieveUserByName("foo", Origin.LOGIN_SERVER)).thenThrow(new UsernameNotFoundException("planned")); + Mockito.when(userDatabase.retrieveUserByName("foo", OriginKeys.LOGIN_SERVER)).thenThrow(new UsernameNotFoundException("planned")); Authentication authentication = manager.authenticate(UaaAuthenticationTestFactory .getAuthenticationRequest("foo", true)); assertEquals(user.getUsername(), ((UaaPrincipal) authentication.getPrincipal()).getName()); @@ -164,7 +164,7 @@ public void testAuthenticateWithStrangeNameAndMissingEmail() { @Test public void testSuccessfulAuthenticationPublishesEvent() throws Exception { UaaUser user = UaaUserTestFactory.getUser("FOO", "foo", "fo@test.org", "Foo", "Bar"); - Mockito.when(userDatabase.retrieveUserByName("foo", Origin.LOGIN_SERVER)).thenReturn(user); + Mockito.when(userDatabase.retrieveUserByName("foo", OriginKeys.LOGIN_SERVER)).thenReturn(user); AuthzAuthenticationRequest authenticationRequest = UaaAuthenticationTestFactory.getAuthenticationRequest("foo"); manager.authenticate(authenticationRequest); diff --git a/common/src/test/java/org/cloudfoundry/identity/uaa/authentication/manager/PeriodLockoutPolicyTests.java b/common/src/test/java/org/cloudfoundry/identity/uaa/authentication/manager/PeriodLockoutPolicyTests.java index 4e7ebebb0e..88cc30722f 100644 --- a/common/src/test/java/org/cloudfoundry/identity/uaa/authentication/manager/PeriodLockoutPolicyTests.java +++ b/common/src/test/java/org/cloudfoundry/identity/uaa/authentication/manager/PeriodLockoutPolicyTests.java @@ -14,8 +14,8 @@ import org.cloudfoundry.identity.uaa.audit.AuditEvent; import org.cloudfoundry.identity.uaa.audit.UaaAuditService; -import org.cloudfoundry.identity.uaa.authentication.Origin; import org.cloudfoundry.identity.uaa.config.LockoutPolicy; +import org.cloudfoundry.identity.uaa.constants.OriginKeys; import org.cloudfoundry.identity.uaa.user.UaaUser; import org.cloudfoundry.identity.uaa.zone.IdentityProvider; import org.cloudfoundry.identity.uaa.zone.IdentityProviderProvisioning; @@ -125,7 +125,7 @@ public void testUseLockoutPolicyFromDbIfPresent() throws Exception { lockoutPolicy.setCountFailuresWithin(3600); IdentityProvider provider = new IdentityProvider<>(); provider.setConfig(new UaaIdentityProviderDefinition(null, lockoutPolicy)); - when(providerProvisioning.retrieveByOrigin(Origin.UAA, IdentityZoneHolder.get().getId())).thenReturn(provider); + when(providerProvisioning.retrieveByOrigin(OriginKeys.UAA, IdentityZoneHolder.get().getId())).thenReturn(provider); assertFalse(policy.isAllowed(joe, mock(Authentication.class))); } } diff --git a/common/src/test/java/org/cloudfoundry/identity/uaa/config/IdentityProviderBootstrapTest.java b/common/src/test/java/org/cloudfoundry/identity/uaa/config/IdentityProviderBootstrapTest.java index 6e7cc86579..0531ea06a6 100644 --- a/common/src/test/java/org/cloudfoundry/identity/uaa/config/IdentityProviderBootstrapTest.java +++ b/common/src/test/java/org/cloudfoundry/identity/uaa/config/IdentityProviderBootstrapTest.java @@ -14,8 +14,9 @@ package org.cloudfoundry.identity.uaa.config; +import com.fasterxml.jackson.core.type.TypeReference; +import org.cloudfoundry.identity.uaa.constants.OriginKeys; import org.cloudfoundry.identity.uaa.KeystoneIdentityProviderDefinition; -import org.cloudfoundry.identity.uaa.authentication.Origin; import org.cloudfoundry.identity.uaa.ldap.LdapIdentityProviderDefinition; import org.cloudfoundry.identity.uaa.login.saml.SamlIdentityProviderConfigurator; import org.cloudfoundry.identity.uaa.login.saml.SamlIdentityProviderDefinition; @@ -41,6 +42,7 @@ import static org.cloudfoundry.identity.uaa.AbstractIdentityProviderDefinition.EMAIL_DOMAIN_ATTR; import static org.cloudfoundry.identity.uaa.ExternalIdentityProviderDefinition.ATTRIBUTE_MAPPINGS; import static org.cloudfoundry.identity.uaa.ExternalIdentityProviderDefinition.EXTERNAL_GROUPS_WHITELIST; +import static org.cloudfoundry.identity.uaa.constants.OriginKeys.KEYSTONE; import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertFalse; import static org.junit.Assert.assertNotNull; @@ -60,16 +62,16 @@ public void clearIdentityHolder() { @Test public void testLdapProfileBootstrap() throws Exception { MockEnvironment environment = new MockEnvironment(); - environment.setActiveProfiles(Origin.LDAP); + environment.setActiveProfiles(OriginKeys.LDAP); IdentityProviderProvisioning provisioning = new JdbcIdentityProviderProvisioning(jdbcTemplate); IdentityProviderBootstrap bootstrap = new IdentityProviderBootstrap(provisioning, environment); bootstrap.afterPropertiesSet(); - IdentityProvider ldapProvider = provisioning.retrieveByOrigin(Origin.LDAP, IdentityZoneHolder.get().getId()); + IdentityProvider ldapProvider = provisioning.retrieveByOrigin(OriginKeys.LDAP, IdentityZoneHolder.get().getId()); assertNotNull(ldapProvider); assertNotNull(ldapProvider.getCreated()); assertNotNull(ldapProvider.getLastModified()); - assertEquals(Origin.LDAP, ldapProvider.getType()); + assertEquals(OriginKeys.LDAP, ldapProvider.getType()); LdapIdentityProviderDefinition definition = ldapProvider.getConfig(); assertNotNull(definition); assertFalse(definition.isConfigured()); @@ -92,11 +94,11 @@ public void testLdapBootstrap() throws Exception { bootstrap.setLdapConfig(ldapConfig); bootstrap.afterPropertiesSet(); - IdentityProvider ldapProvider = provisioning.retrieveByOrigin(Origin.LDAP, IdentityZoneHolder.get().getId()); + IdentityProvider ldapProvider = provisioning.retrieveByOrigin(OriginKeys.LDAP, IdentityZoneHolder.get().getId()); assertNotNull(ldapProvider); assertNotNull(ldapProvider.getCreated()); assertNotNull(ldapProvider.getLastModified()); - assertEquals(Origin.LDAP, ldapProvider.getType()); + assertEquals(OriginKeys.LDAP, ldapProvider.getType()); assertEquals("test.domain", ldapProvider.getConfig().getEmailDomain().get(0)); assertEquals(Arrays.asList("value"), ldapProvider.getConfig().getExternalGroupsWhitelist()); assertEquals("first_name", ldapProvider.getConfig().getAttributeMappings().get("given_name")); @@ -106,53 +108,53 @@ public void testLdapBootstrap() throws Exception { public void testRemovedLdapBootstrapIsInactive() throws Exception { IdentityProviderProvisioning provisioning = new JdbcIdentityProviderProvisioning(jdbcTemplate); MockEnvironment env = new MockEnvironment(); - env.setActiveProfiles(Origin.LDAP); + env.setActiveProfiles(OriginKeys.LDAP); IdentityProviderBootstrap bootstrap = new IdentityProviderBootstrap(provisioning, env); HashMap ldapConfig = new HashMap<>(); ldapConfig.put("base.url","ldap://localhost:389/"); bootstrap.setLdapConfig(ldapConfig); bootstrap.afterPropertiesSet(); - IdentityProvider ldapProvider = provisioning.retrieveByOrigin(Origin.LDAP, IdentityZoneHolder.get().getId()); + IdentityProvider ldapProvider = provisioning.retrieveByOrigin(OriginKeys.LDAP, IdentityZoneHolder.get().getId()); assertNotNull(ldapProvider); assertNotNull(ldapProvider.getCreated()); assertNotNull(ldapProvider.getLastModified()); - assertEquals(Origin.LDAP, ldapProvider.getType()); + assertEquals(OriginKeys.LDAP, ldapProvider.getType()); assertTrue(ldapProvider.isActive()); bootstrap.setLdapConfig(null); bootstrap.afterPropertiesSet(); - ldapProvider = provisioning.retrieveByOrigin(Origin.LDAP, IdentityZoneHolder.get().getId()); + ldapProvider = provisioning.retrieveByOrigin(OriginKeys.LDAP, IdentityZoneHolder.get().getId()); assertNotNull(ldapProvider); assertNotNull(ldapProvider.getCreated()); assertNotNull(ldapProvider.getLastModified()); - assertEquals(Origin.LDAP, ldapProvider.getType()); + assertEquals(OriginKeys.LDAP, ldapProvider.getType()); assertFalse(ldapProvider.isActive()); bootstrap.setLdapConfig(ldapConfig); bootstrap.afterPropertiesSet(); - ldapProvider = provisioning.retrieveByOrigin(Origin.LDAP, IdentityZoneHolder.get().getId()); + ldapProvider = provisioning.retrieveByOrigin(OriginKeys.LDAP, IdentityZoneHolder.get().getId()); assertNotNull(ldapProvider); assertNotNull(ldapProvider.getCreated()); assertNotNull(ldapProvider.getLastModified()); - assertEquals(Origin.LDAP, ldapProvider.getType()); + assertEquals(OriginKeys.LDAP, ldapProvider.getType()); assertTrue(ldapProvider.isActive()); } @Test public void testKeystoneProfileBootstrap() throws Exception { MockEnvironment environment = new MockEnvironment(); - environment.setActiveProfiles(Origin.KEYSTONE); + environment.setActiveProfiles(KEYSTONE); IdentityProviderProvisioning provisioning = new JdbcIdentityProviderProvisioning(jdbcTemplate); IdentityProviderBootstrap bootstrap = new IdentityProviderBootstrap(provisioning, environment); bootstrap.afterPropertiesSet(); - IdentityProvider keystoneProvider = provisioning.retrieveByOrigin(Origin.KEYSTONE, IdentityZoneHolder.get().getId()); + IdentityProvider keystoneProvider = provisioning.retrieveByOrigin(KEYSTONE, IdentityZoneHolder.get().getId()); assertNotNull(keystoneProvider); assertEquals(new KeystoneIdentityProviderDefinition(), keystoneProvider.getConfig()); assertNotNull(keystoneProvider.getCreated()); assertNotNull(keystoneProvider.getLastModified()); - assertEquals(Origin.KEYSTONE, keystoneProvider.getType()); + assertEquals(KEYSTONE, keystoneProvider.getType()); assertNotNull(keystoneProvider.getConfig()); assertNull(keystoneProvider.getConfig().getAdditionalConfiguration()); } @@ -166,18 +168,18 @@ public void testKeystoneBootstrap() throws Exception { bootstrap.setKeystoneConfig(keystoneConfig); bootstrap.afterPropertiesSet(); - IdentityProvider keystoneProvider = provisioning.retrieveByOrigin(Origin.KEYSTONE, IdentityZoneHolder.get().getId()); + IdentityProvider keystoneProvider = provisioning.retrieveByOrigin(KEYSTONE, IdentityZoneHolder.get().getId()); assertNotNull(keystoneProvider); assertEquals(new KeystoneIdentityProviderDefinition(keystoneConfig), keystoneProvider.getConfig()); assertNotNull(keystoneProvider.getCreated()); assertNotNull(keystoneProvider.getLastModified()); - assertEquals(Origin.KEYSTONE, keystoneProvider.getType()); + assertEquals(KEYSTONE, keystoneProvider.getType()); } @Test public void testRemovedKeystoneBootstrapIsInactive() throws Exception { MockEnvironment env = new MockEnvironment(); - env.setActiveProfiles(Origin.KEYSTONE); + env.setActiveProfiles(KEYSTONE); IdentityProviderProvisioning provisioning = new JdbcIdentityProviderProvisioning(jdbcTemplate); IdentityProviderBootstrap bootstrap = new IdentityProviderBootstrap(provisioning, env); HashMap keystoneConfig = new HashMap<>(); @@ -185,31 +187,31 @@ public void testRemovedKeystoneBootstrapIsInactive() throws Exception { bootstrap.setKeystoneConfig(keystoneConfig); bootstrap.afterPropertiesSet(); - IdentityProvider keystoneProvider = provisioning.retrieveByOrigin(Origin.KEYSTONE, IdentityZoneHolder.get().getId()); + IdentityProvider keystoneProvider = provisioning.retrieveByOrigin(KEYSTONE, IdentityZoneHolder.get().getId()); assertNotNull(keystoneProvider); assertEquals(new KeystoneIdentityProviderDefinition(keystoneConfig), keystoneProvider.getConfig()); assertNotNull(keystoneProvider.getCreated()); assertNotNull(keystoneProvider.getLastModified()); - assertEquals(Origin.KEYSTONE, keystoneProvider.getType()); + assertEquals(KEYSTONE, keystoneProvider.getType()); assertTrue(keystoneProvider.isActive()); bootstrap.setKeystoneConfig(null); bootstrap.afterPropertiesSet(); - keystoneProvider = provisioning.retrieveByOrigin(Origin.KEYSTONE, IdentityZoneHolder.get().getId()); + keystoneProvider = provisioning.retrieveByOrigin(KEYSTONE, IdentityZoneHolder.get().getId()); assertNotNull(keystoneProvider); assertNotNull(keystoneProvider.getCreated()); assertNotNull(keystoneProvider.getLastModified()); - assertEquals(Origin.KEYSTONE, keystoneProvider.getType()); + assertEquals(KEYSTONE, keystoneProvider.getType()); assertFalse(keystoneProvider.isActive()); bootstrap.setKeystoneConfig(keystoneConfig); bootstrap.afterPropertiesSet(); - keystoneProvider = provisioning.retrieveByOrigin(Origin.KEYSTONE, IdentityZoneHolder.get().getId()); + keystoneProvider = provisioning.retrieveByOrigin(KEYSTONE, IdentityZoneHolder.get().getId()); assertNotNull(keystoneProvider); assertEquals(new KeystoneIdentityProviderDefinition(keystoneConfig), keystoneProvider.getConfig()); assertNotNull(keystoneProvider.getCreated()); assertNotNull(keystoneProvider.getLastModified()); - assertEquals(Origin.KEYSTONE, keystoneProvider.getType()); + assertEquals(KEYSTONE, keystoneProvider.getType()); assertTrue(keystoneProvider.isActive()); } @@ -248,7 +250,7 @@ public void testSamlBootstrap() throws Exception { assertEquals(definition, samlProvider.getConfig()); assertNotNull(samlProvider.getCreated()); assertNotNull(samlProvider.getLastModified()); - assertEquals(Origin.SAML, samlProvider.getType()); + assertEquals(OriginKeys.SAML, samlProvider.getType()); } @Test @@ -281,7 +283,7 @@ public void testRemovedSamlBootstrapIsInactive() throws Exception { assertEquals(definition, samlProvider.getConfig()); assertNotNull(samlProvider.getCreated()); assertNotNull(samlProvider.getLastModified()); - assertEquals(Origin.SAML, samlProvider.getType()); + assertEquals(OriginKeys.SAML, samlProvider.getType()); assertTrue(samlProvider.isActive()); IdentityProvider samlProvider2 = provisioning.retrieveByOrigin(definition2.getIdpEntityAlias(), IdentityZoneHolder.get().getId()); @@ -290,7 +292,7 @@ public void testRemovedSamlBootstrapIsInactive() throws Exception { assertEquals(definition2, samlProvider2.getConfig()); assertNotNull(samlProvider2.getCreated()); assertNotNull(samlProvider2.getLastModified()); - assertEquals(Origin.SAML, samlProvider2.getType()); + assertEquals(OriginKeys.SAML, samlProvider2.getType()); assertTrue(samlProvider2.isActive()); configurator = mock(SamlIdentityProviderConfigurator.class); @@ -303,7 +305,7 @@ public void testRemovedSamlBootstrapIsInactive() throws Exception { assertEquals(definition, samlProvider.getConfig()); assertNotNull(samlProvider.getCreated()); assertNotNull(samlProvider.getLastModified()); - assertEquals(Origin.SAML, samlProvider.getType()); + assertEquals(OriginKeys.SAML, samlProvider.getType()); assertTrue(samlProvider.isActive()); samlProvider2 = provisioning.retrieveByOrigin(definition2.getIdpEntityAlias(), IdentityZoneHolder.get().getId()); @@ -311,7 +313,7 @@ public void testRemovedSamlBootstrapIsInactive() throws Exception { assertEquals(definition2, samlProvider2.getConfig()); assertNotNull(samlProvider2.getCreated()); assertNotNull(samlProvider2.getLastModified()); - assertEquals(Origin.SAML, samlProvider2.getType()); + assertEquals(OriginKeys.SAML, samlProvider2.getType()); assertFalse(samlProvider2.isActive()); configurator = mock(SamlIdentityProviderConfigurator.class); @@ -324,7 +326,7 @@ public void testRemovedSamlBootstrapIsInactive() throws Exception { assertEquals(definition, samlProvider.getConfig()); assertNotNull(samlProvider.getCreated()); assertNotNull(samlProvider.getLastModified()); - assertEquals(Origin.SAML, samlProvider.getType()); + assertEquals(OriginKeys.SAML, samlProvider.getType()); assertFalse(samlProvider.isActive()); samlProvider2 = provisioning.retrieveByOrigin(definition2.getIdpEntityAlias(), IdentityZoneHolder.get().getId()); @@ -332,7 +334,7 @@ public void testRemovedSamlBootstrapIsInactive() throws Exception { assertEquals(definition2, samlProvider2.getConfig()); assertNotNull(samlProvider2.getCreated()); assertNotNull(samlProvider2.getLastModified()); - assertEquals(Origin.SAML, samlProvider2.getType()); + assertEquals(OriginKeys.SAML, samlProvider2.getType()); assertTrue(samlProvider2.isActive()); configurator = mock(SamlIdentityProviderConfigurator.class); @@ -345,7 +347,7 @@ public void testRemovedSamlBootstrapIsInactive() throws Exception { assertEquals(definition, samlProvider.getConfig()); assertNotNull(samlProvider.getCreated()); assertNotNull(samlProvider.getLastModified()); - assertEquals(Origin.SAML, samlProvider.getType()); + assertEquals(OriginKeys.SAML, samlProvider.getType()); assertFalse(samlProvider.isActive()); samlProvider2 = provisioning.retrieveByOrigin(definition2.getIdpEntityAlias(), IdentityZoneHolder.get().getId()); @@ -353,7 +355,7 @@ public void testRemovedSamlBootstrapIsInactive() throws Exception { assertEquals(definition2, samlProvider2.getConfig()); assertNotNull(samlProvider2.getCreated()); assertNotNull(samlProvider2.getLastModified()); - assertEquals(Origin.SAML, samlProvider2.getType()); + assertEquals(OriginKeys.SAML, samlProvider2.getType()); assertFalse(samlProvider2.isActive()); configurator = mock(SamlIdentityProviderConfigurator.class); @@ -366,7 +368,7 @@ public void testRemovedSamlBootstrapIsInactive() throws Exception { assertEquals(definition, samlProvider.getConfig()); assertNotNull(samlProvider.getCreated()); assertNotNull(samlProvider.getLastModified()); - assertEquals(Origin.SAML, samlProvider.getType()); + assertEquals(OriginKeys.SAML, samlProvider.getType()); assertTrue(samlProvider.isActive()); samlProvider2 = provisioning.retrieveByOrigin(definition2.getIdpEntityAlias(), IdentityZoneHolder.get().getId()); @@ -374,7 +376,7 @@ public void testRemovedSamlBootstrapIsInactive() throws Exception { assertEquals(definition2, samlProvider2.getConfig()); assertNotNull(samlProvider2.getCreated()); assertNotNull(samlProvider2.getLastModified()); - assertEquals(Origin.SAML, samlProvider2.getType()); + assertEquals(OriginKeys.SAML, samlProvider2.getType()); assertTrue(samlProvider2.isActive()); } @@ -403,7 +405,7 @@ private void setDisableInternalUserManagement(String expectedValue) throws Excep bootstrap.setDisableInternalUserManagement(Boolean.valueOf(expectedValue)); bootstrap.afterPropertiesSet(); - IdentityProvider internalIDP = provisioning.retrieveByOrigin(Origin.UAA, IdentityZone.getUaa().getId()); + IdentityProvider internalIDP = provisioning.retrieveByOrigin(OriginKeys.UAA, IdentityZone.getUaa().getId()); if (expectedValue == null) { expectedValue = "false"; @@ -418,7 +420,7 @@ public void setPasswordPolicyToInternalIDP() throws Exception { bootstrap.setDefaultPasswordPolicy(new PasswordPolicy(123, 4567, 1, 0, 1, 0, 6)); bootstrap.afterPropertiesSet(); - IdentityProvider internalIDP = provisioning.retrieveByOrigin(Origin.UAA, IdentityZone.getUaa().getId()); + IdentityProvider internalIDP = provisioning.retrieveByOrigin(OriginKeys.UAA, IdentityZone.getUaa().getId()); PasswordPolicy passwordPolicy = internalIDP.getConfig().getPasswordPolicy(); assertEquals(123, passwordPolicy.getMinLength()); assertEquals(4567, passwordPolicy.getMaxLength()); @@ -440,7 +442,7 @@ public void setLockoutPolicyToInternalIDP() throws Exception { bootstrap.setDefaultLockoutPolicy(lockoutPolicy); bootstrap.afterPropertiesSet(); - IdentityProvider internalIDP = provisioning.retrieveByOrigin(Origin.UAA, IdentityZone.getUaa().getId()); + IdentityProvider internalIDP = provisioning.retrieveByOrigin(OriginKeys.UAA, IdentityZone.getUaa().getId()); lockoutPolicy = internalIDP.getConfig().getLockoutPolicy(); assertEquals(123, lockoutPolicy.getLockoutPeriodSeconds()); @@ -456,13 +458,13 @@ public void deactivate_and_activate_InternalIDP() throws Exception { IdentityProviderBootstrap bootstrap = new IdentityProviderBootstrap(provisioning, environment); bootstrap.afterPropertiesSet(); - IdentityProvider internalIdp = provisioning.retrieveByOrigin(Origin.UAA, IdentityZone.getUaa().getId()); + IdentityProvider internalIdp = provisioning.retrieveByOrigin(OriginKeys.UAA, IdentityZone.getUaa().getId()); assertFalse(internalIdp.isActive()); environment.setProperty("disableInternalAuth", "false"); bootstrap.afterPropertiesSet(); - internalIdp = provisioning.retrieveByOrigin(Origin.UAA, IdentityZone.getUaa().getId()); + internalIdp = provisioning.retrieveByOrigin(OriginKeys.UAA, IdentityZone.getUaa().getId()); assertTrue(internalIdp.isActive()); } @@ -473,7 +475,7 @@ public void defaultActiveFlagOnInternalIDP() throws Exception { IdentityProviderBootstrap bootstrap = new IdentityProviderBootstrap(provisioning, environment); bootstrap.afterPropertiesSet(); - IdentityProvider internalIdp = provisioning.retrieveByOrigin(Origin.UAA, IdentityZone.getUaa().getId()); + IdentityProvider internalIdp = provisioning.retrieveByOrigin(OriginKeys.UAA, IdentityZone.getUaa().getId()); assertTrue(internalIdp.isActive()); } } diff --git a/common/src/test/java/org/cloudfoundry/identity/uaa/oauth/CheckTokenEndpointTests.java b/common/src/test/java/org/cloudfoundry/identity/uaa/oauth/CheckTokenEndpointTests.java index ba02f42c29..0b3072ec45 100644 --- a/common/src/test/java/org/cloudfoundry/identity/uaa/oauth/CheckTokenEndpointTests.java +++ b/common/src/test/java/org/cloudfoundry/identity/uaa/oauth/CheckTokenEndpointTests.java @@ -12,10 +12,10 @@ *******************************************************************************/ package org.cloudfoundry.identity.uaa.oauth; -import org.cloudfoundry.identity.uaa.authentication.Origin; import org.cloudfoundry.identity.uaa.authentication.UaaAuthenticationTestFactory; import org.cloudfoundry.identity.uaa.client.ClientConstants; import org.cloudfoundry.identity.uaa.config.TokenPolicy; +import org.cloudfoundry.identity.uaa.constants.OriginKeys; import org.cloudfoundry.identity.uaa.oauth.approval.Approval; import org.cloudfoundry.identity.uaa.oauth.approval.Approval.ApprovalStatus; import org.cloudfoundry.identity.uaa.oauth.approval.ApprovalStore; @@ -28,10 +28,8 @@ import org.cloudfoundry.identity.uaa.user.UaaUserDatabase; import org.cloudfoundry.identity.uaa.zone.IdentityZone; import org.cloudfoundry.identity.uaa.zone.IdentityZoneHolder; -import org.cloudfoundry.identity.uaa.zone.IdentityZoneProvisioning; import org.cloudfoundry.identity.uaa.zone.MultitenancyFixture; import org.junit.Before; -import org.junit.Ignore; import org.junit.Test; import org.junit.runner.RunWith; import org.junit.runners.Parameterized; @@ -210,7 +208,7 @@ public void setUp() { "FamilyName", new Date(System.currentTimeMillis() - 2000), new Date(System.currentTimeMillis() - 2000), - Origin.UAA, + OriginKeys.UAA, "externalId", false, IdentityZoneHolder.get().getId(), @@ -304,7 +302,7 @@ public void testRejectUserSaltChange() throws Exception { "FamilyName", new Date(System.currentTimeMillis() - 2000), new Date(System.currentTimeMillis() - 2000), - Origin.UAA, + OriginKeys.UAA, "externalId", false, IdentityZoneHolder.get().getId(), @@ -326,7 +324,7 @@ public void testRejectUserUsernameChange() throws Exception { "FamilyName", new Date(System.currentTimeMillis() - 2000), new Date(System.currentTimeMillis() - 2000), - Origin.UAA, + OriginKeys.UAA, "externalId", false, IdentityZoneHolder.get().getId(), @@ -348,7 +346,7 @@ public void testRejectUserEmailChange() throws Exception { "FamilyName", new Date(System.currentTimeMillis() - 2000), new Date(System.currentTimeMillis() - 2000), - Origin.UAA, + OriginKeys.UAA, "externalId", false, IdentityZoneHolder.get().getId(), @@ -372,7 +370,7 @@ public void testRejectUserPasswordChange() throws Exception { "FamilyName", new Date(System.currentTimeMillis() - 2000), new Date(System.currentTimeMillis() - 2000), - Origin.UAA, + OriginKeys.UAA, "externalId", false, IdentityZoneHolder.get().getId(), diff --git a/common/src/test/java/org/cloudfoundry/identity/uaa/oauth/UaaAuthorizationRequestManagerTests.java b/common/src/test/java/org/cloudfoundry/identity/uaa/oauth/UaaAuthorizationRequestManagerTests.java index 7512670382..d1aa471ecf 100644 --- a/common/src/test/java/org/cloudfoundry/identity/uaa/oauth/UaaAuthorizationRequestManagerTests.java +++ b/common/src/test/java/org/cloudfoundry/identity/uaa/oauth/UaaAuthorizationRequestManagerTests.java @@ -13,8 +13,8 @@ package org.cloudfoundry.identity.uaa.oauth; -import org.cloudfoundry.identity.uaa.authentication.Origin; import org.cloudfoundry.identity.uaa.client.ClientConstants; +import org.cloudfoundry.identity.uaa.constants.OriginKeys; import org.cloudfoundry.identity.uaa.security.SecurityContextAccessor; import org.cloudfoundry.identity.uaa.security.StubSecurityContextAccessor; import org.cloudfoundry.identity.uaa.user.UaaUser; @@ -76,7 +76,7 @@ public void initUaaAuthorizationRequestManagerTests() { factory = new UaaAuthorizationRequestManager(clientDetailsService, uaaUserDatabase, providerProvisioning); factory.setSecurityContextAccessor(new StubSecurityContextAccessor()); when(clientDetailsService.loadClientByClientId("foo")).thenReturn(client); - user = new UaaUser("testid", "testuser","","test@test.org",AuthorityUtils.commaSeparatedStringToAuthorityList("foo.bar,spam.baz,space.1.developer,space.2.developer,space.1.admin"),"givenname", "familyname", null, null, Origin.UAA, null, true, IdentityZone.getUaa().getId(), "testid", new Date()); + user = new UaaUser("testid", "testuser","","test@test.org",AuthorityUtils.commaSeparatedStringToAuthorityList("foo.bar,spam.baz,space.1.developer,space.2.developer,space.1.admin"),"givenname", "familyname", null, null, OriginKeys.UAA, null, true, IdentityZone.getUaa().getId(), "testid", new Date()); when(uaaUserDatabase.retrieveUserById(anyString())).thenReturn(user); } diff --git a/common/src/test/java/org/cloudfoundry/identity/uaa/oauth/ZoneEndpointsClientDetailsValidatorTests.java b/common/src/test/java/org/cloudfoundry/identity/uaa/oauth/ZoneEndpointsClientDetailsValidatorTests.java index 40d0ef18d4..ed181d8694 100644 --- a/common/src/test/java/org/cloudfoundry/identity/uaa/oauth/ZoneEndpointsClientDetailsValidatorTests.java +++ b/common/src/test/java/org/cloudfoundry/identity/uaa/oauth/ZoneEndpointsClientDetailsValidatorTests.java @@ -4,8 +4,8 @@ import java.util.Collections; -import org.cloudfoundry.identity.uaa.authentication.Origin; import org.cloudfoundry.identity.uaa.client.ClientConstants; +import org.cloudfoundry.identity.uaa.constants.OriginKeys; import org.cloudfoundry.identity.uaa.oauth.ClientDetailsValidator.Mode; import org.junit.Before; import org.junit.Test; @@ -25,14 +25,14 @@ public void setUp() throws Exception { public void testCreateLimitedClient() { BaseClientDetails clientDetails = new BaseClientDetails("valid-client", null, "openid", "authorization_code,password", "uaa.resource"); clientDetails.setClientSecret("secret"); - clientDetails.addAdditionalInformation(ClientConstants.ALLOWED_PROVIDERS, Collections.singletonList(Origin.UAA)); + clientDetails.addAdditionalInformation(ClientConstants.ALLOWED_PROVIDERS, Collections.singletonList(OriginKeys.UAA)); ClientDetails validatedClientDetails = zoneEndpointsClientDetailsValidator.validate(clientDetails, Mode.CREATE); assertEquals(clientDetails.getClientId(), validatedClientDetails.getClientId()); assertEquals(clientDetails.getScope(), validatedClientDetails.getScope()); assertEquals(clientDetails.getAuthorizedGrantTypes(), validatedClientDetails.getAuthorizedGrantTypes()); assertEquals(clientDetails.getAuthorities(), validatedClientDetails.getAuthorities()); assertEquals(Collections.singleton("none"), validatedClientDetails.getResourceIds()); - assertEquals(Collections.singletonList(Origin.UAA), validatedClientDetails.getAdditionalInformation().get(ClientConstants.ALLOWED_PROVIDERS)); + assertEquals(Collections.singletonList(OriginKeys.UAA), validatedClientDetails.getAdditionalInformation().get(ClientConstants.ALLOWED_PROVIDERS)); } @Test(expected = InvalidClientDetailsException.class) @@ -51,7 +51,7 @@ public void testCreateClientNoSecretIsInvalid() { @Test public void testCreateClientNoSecretForImplicitIsValid() { BaseClientDetails clientDetails = new BaseClientDetails("client", null, "openid", "implicit", "uaa.resource"); - clientDetails.addAdditionalInformation(ClientConstants.ALLOWED_PROVIDERS, Collections.singletonList(Origin.UAA)); + clientDetails.addAdditionalInformation(ClientConstants.ALLOWED_PROVIDERS, Collections.singletonList(OriginKeys.UAA)); ClientDetails validatedClientDetails = zoneEndpointsClientDetailsValidator.validate(clientDetails, Mode.CREATE); assertEquals(clientDetails.getAuthorizedGrantTypes(), validatedClientDetails.getAuthorizedGrantTypes()); } diff --git a/common/src/test/java/org/cloudfoundry/identity/uaa/oauth/expression/IsUserSelfCheckTest.java b/common/src/test/java/org/cloudfoundry/identity/uaa/oauth/expression/IsUserSelfCheckTest.java index 0acbdcefed..4c0a8ac906 100644 --- a/common/src/test/java/org/cloudfoundry/identity/uaa/oauth/expression/IsUserSelfCheckTest.java +++ b/common/src/test/java/org/cloudfoundry/identity/uaa/oauth/expression/IsUserSelfCheckTest.java @@ -14,10 +14,10 @@ package org.cloudfoundry.identity.uaa.oauth.expression; -import org.cloudfoundry.identity.uaa.authentication.Origin; import org.cloudfoundry.identity.uaa.authentication.UaaAuthentication; import org.cloudfoundry.identity.uaa.authentication.UaaAuthenticationDetails; import org.cloudfoundry.identity.uaa.authentication.UaaPrincipal; +import org.cloudfoundry.identity.uaa.constants.OriginKeys; import org.cloudfoundry.identity.uaa.util.UaaStringUtils; import org.cloudfoundry.identity.uaa.zone.IdentityZoneHolder; import org.junit.After; @@ -51,7 +51,7 @@ public void getBean() { id = new RandomValueStringGenerator(25).generate(); request = new MockHttpServletRequest(); request.setRemoteAddr("127.0.0.1"); - principal = new UaaPrincipal(id, "username","username@email.org", Origin.UAA, null, IdentityZoneHolder.get().getId()); + principal = new UaaPrincipal(id, "username","username@email.org", OriginKeys.UAA, null, IdentityZoneHolder.get().getId()); authentication = new UaaAuthentication(principal, Collections.emptyList(), new UaaAuthenticationDetails(request)); bean = new IsUserSelfCheck(); } @@ -111,4 +111,4 @@ public void testSelfCheck_Token_ClientAuth_Fails() { assertFalse(bean.isSelf(request, 1)); } -} \ No newline at end of file +} diff --git a/common/src/test/java/org/cloudfoundry/identity/uaa/oauth/token/UaaTokenServicesTests.java b/common/src/test/java/org/cloudfoundry/identity/uaa/oauth/token/UaaTokenServicesTests.java index 32c49f1ea6..4980bf3bcb 100644 --- a/common/src/test/java/org/cloudfoundry/identity/uaa/oauth/token/UaaTokenServicesTests.java +++ b/common/src/test/java/org/cloudfoundry/identity/uaa/oauth/token/UaaTokenServicesTests.java @@ -15,12 +15,12 @@ import org.cloudfoundry.identity.uaa.audit.AuditEvent; import org.cloudfoundry.identity.uaa.audit.AuditEventType; import org.cloudfoundry.identity.uaa.audit.event.TokenIssuedEvent; -import org.cloudfoundry.identity.uaa.authentication.Origin; import org.cloudfoundry.identity.uaa.authentication.UaaAuthentication; import org.cloudfoundry.identity.uaa.authentication.UaaPrincipal; import org.cloudfoundry.identity.uaa.client.ClientConstants; import org.cloudfoundry.identity.uaa.config.IdentityZoneConfiguration; import org.cloudfoundry.identity.uaa.config.TokenPolicy; +import org.cloudfoundry.identity.uaa.constants.OriginKeys; import org.cloudfoundry.identity.uaa.oauth.approval.Approval; import org.cloudfoundry.identity.uaa.oauth.approval.Approval.ApprovalStatus; import org.cloudfoundry.identity.uaa.oauth.approval.ApprovalStore; @@ -157,7 +157,7 @@ public class UaaTokenServicesTests { .withPhoneNumber("1234567890") .withCreated(new Date(System.currentTimeMillis() - 15000)) .withModified(new Date(System.currentTimeMillis() - 15000)) - .withOrigin(Origin.UAA) + .withOrigin(OriginKeys.UAA) .withExternalId(externalId) .withVerified(false) .withZoneId(IdentityZoneHolder.get().getId()) @@ -255,9 +255,9 @@ public void testInvalidGrantType() { @Test(expected = InvalidTokenException.class) public void testInvalidRefreshToken() { Map map = new HashMap<>(); - map.put("grant_type","refresh_token"); + map.put("grant_type", "refresh_token"); AuthorizationRequest authorizationRequest = new AuthorizationRequest(map,null,null,null,null,null,false,null,null,null); - tokenServices.refreshAccessToken("dasdasdasdasdas", requestFactory.createTokenRequest(authorizationRequest,"refresh_token")); + tokenServices.refreshAccessToken("dasdasdasdasdas", requestFactory.createTokenRequest(authorizationRequest, "refresh_token")); } @Test @@ -891,8 +891,8 @@ public void testCreateAccessTokenAuthcodeGrantExpandedScopes() { Calendar expiresAt = Calendar.getInstance(); expiresAt.add(Calendar.MILLISECOND, 3000); - approvalStore.addApproval(new Approval(userId, CLIENT_ID, readScope.get(0), expiresAt.getTime(), ApprovalStatus.APPROVED,new Date())); - approvalStore.addApproval(new Approval(userId, CLIENT_ID, writeScope.get(0), expiresAt.getTime(), ApprovalStatus.APPROVED,new Date())); + approvalStore.addApproval(new Approval(userId, CLIENT_ID, readScope.get(0), expiresAt.getTime(), ApprovalStatus.APPROVED, new Date())); + approvalStore.addApproval(new Approval(userId, CLIENT_ID, writeScope.get(0), expiresAt.getTime(), ApprovalStatus.APPROVED, new Date())); // First Request AuthorizationRequest authorizationRequest = new AuthorizationRequest(CLIENT_ID,requestedAuthScopes); authorizationRequest.setResourceIds(new HashSet<>(resourceIds)); @@ -918,7 +918,7 @@ public void testCreateAccessTokenAuthcodeGrantExpandedScopes() { expandedScopeAuthorizationRequest.setRequestParameters(refreshAzParameters); OAuth2Authentication expandedScopeAuthentication = new OAuth2Authentication(expandedScopeAuthorizationRequest.createOAuth2Request(),userAuthentication); - tokenServices.refreshAccessToken(accessToken.getRefreshToken().getValue(),requestFactory.createTokenRequest(expandedScopeAuthorizationRequest,"refresh_token")); + tokenServices.refreshAccessToken(accessToken.getRefreshToken().getValue(), requestFactory.createTokenRequest(expandedScopeAuthorizationRequest, "refresh_token")); } @Test @@ -961,7 +961,7 @@ public void testUserUpdatedAfterRefreshTokenIssued() { OAuth2Authentication authentication = new OAuth2Authentication(authorizationRequest.createOAuth2Request(), userAuthentication); OAuth2AccessToken accessToken = tokenServices.createAccessToken(authentication); - UaaUser user = userDatabase.retrieveUserByName(username, Origin.UAA); + UaaUser user = userDatabase.retrieveUserByName(username, OriginKeys.UAA); UaaUser newUser = new UaaUser(user.getUsername(), "blah", user.getEmail(), null, null); userDatabase.updateUser(userId, newUser); @@ -1066,7 +1066,7 @@ public void testRefreshTokenAfterApprovalsDenied() { Calendar expiresAt = Calendar.getInstance(); expiresAt.add(Calendar.MILLISECOND, -3000); - approvalStore.addApproval(new Approval(userId, CLIENT_ID, readScope.get(0), expiresAt.getTime(), ApprovalStatus.DENIED,new Date())); + approvalStore.addApproval(new Approval(userId, CLIENT_ID, readScope.get(0), expiresAt.getTime(), ApprovalStatus.DENIED, new Date())); approvalStore.addApproval(new Approval(userId, CLIENT_ID, writeScope.get(0), expiresAt.getTime(), ApprovalStatus.APPROVED,new Date())); AuthorizationRequest authorizationRequest = new AuthorizationRequest(CLIENT_ID,requestedAuthScopes); @@ -1132,7 +1132,7 @@ public void testRefreshTokenAfterApprovalsMissing2() { refreshAzParameters.put(GRANT_TYPE, REFRESH_TOKEN); refreshAuthorizationRequest.setRequestParameters(refreshAzParameters); - tokenServices.refreshAccessToken(accessToken.getRefreshToken().getValue(), requestFactory.createTokenRequest(refreshAuthorizationRequest,"refresh_token")); + tokenServices.refreshAccessToken(accessToken.getRefreshToken().getValue(), requestFactory.createTokenRequest(refreshAuthorizationRequest, "refresh_token")); } @Test @@ -1171,8 +1171,8 @@ public void testReadAccessTokenForDeletedUserId() { Calendar updatedAt = Calendar.getInstance(); updatedAt.add(Calendar.MILLISECOND, -1000); - approvalStore.addApproval(new Approval(userId, CLIENT_ID, readScope.get(0), expiresAt.getTime(), ApprovalStatus.APPROVED,updatedAt.getTime())); - approvalStore.addApproval(new Approval(userId, CLIENT_ID, writeScope.get(0), expiresAt.getTime(), ApprovalStatus.APPROVED,updatedAt.getTime())); + approvalStore.addApproval(new Approval(userId, CLIENT_ID, readScope.get(0), expiresAt.getTime(), ApprovalStatus.APPROVED, updatedAt.getTime())); + approvalStore.addApproval(new Approval(userId, CLIENT_ID, writeScope.get(0), expiresAt.getTime(), ApprovalStatus.APPROVED, updatedAt.getTime())); OAuth2Authentication authentication = new OAuth2Authentication(authorizationRequest.createOAuth2Request(), userAuthentication); OAuth2AccessToken accessToken = tokenServices.createAccessToken(authentication); @@ -1306,7 +1306,7 @@ private void assertCommonUserAccessTokenProperties(OAuth2AccessToken accessToken clientId(is(CLIENT_ID)), subject(is(userId)), audience(is(resourceIds)), - origin(is(Origin.UAA)), + origin(is(OriginKeys.UAA)), revocationSignature(is(not(nullValue()))), cid(is(CLIENT_ID)), userId(is(userId)), @@ -1324,7 +1324,7 @@ private void assertCommonUserRefreshTokenProperties(OAuth2RefreshToken refreshTo OAuth2RefreshTokenMatchers.clientId(is(CLIENT_ID)), OAuth2RefreshTokenMatchers.subject(is(not(nullValue()))), OAuth2RefreshTokenMatchers.audience(is(resourceIds)), - OAuth2RefreshTokenMatchers.origin(is(Origin.UAA)), + OAuth2RefreshTokenMatchers.origin(is(OriginKeys.UAA)), OAuth2RefreshTokenMatchers.revocationSignature(is(not(nullValue()))), OAuth2RefreshTokenMatchers.jwtId(not(isEmptyString())), OAuth2RefreshTokenMatchers.issuedAt(is(greaterThan(0))), diff --git a/common/src/test/java/org/cloudfoundry/identity/uaa/oauth/token/UaaTokenStoreTests.java b/common/src/test/java/org/cloudfoundry/identity/uaa/oauth/token/UaaTokenStoreTests.java index abcc3a4f98..ba1c4ab4d2 100644 --- a/common/src/test/java/org/cloudfoundry/identity/uaa/oauth/token/UaaTokenStoreTests.java +++ b/common/src/test/java/org/cloudfoundry/identity/uaa/oauth/token/UaaTokenStoreTests.java @@ -14,10 +14,10 @@ package org.cloudfoundry.identity.uaa.oauth.token; -import org.cloudfoundry.identity.uaa.authentication.Origin; import org.cloudfoundry.identity.uaa.authentication.UaaAuthentication; import org.cloudfoundry.identity.uaa.authentication.UaaAuthenticationDetails; import org.cloudfoundry.identity.uaa.authentication.UaaPrincipal; +import org.cloudfoundry.identity.uaa.constants.OriginKeys; import org.cloudfoundry.identity.uaa.test.JdbcTestBase; import org.cloudfoundry.identity.uaa.util.UaaStringUtils; import org.cloudfoundry.identity.uaa.zone.IdentityZone; @@ -72,7 +72,7 @@ public class UaaTokenStoreTests extends JdbcTestBase { private OAuth2Authentication uaaAuthentication; public static final String LONG_CLIENT_ID = "a-client-id-that-is-longer-than-thirty-six-characters-but-less-than-two-hundred-fifty-five-characters-wow-two-hundred-fifty-five-characters-is-actually-a-very-long-client-id-and-we-hope-that-size-limit-should-be-sufficient-for-any-reasonable-application"; - private UaaPrincipal principal = new UaaPrincipal("userid","username","username@test.org", Origin.UAA, null, IdentityZone.getUaa().getId()); + private UaaPrincipal principal = new UaaPrincipal("userid","username","username@test.org", OriginKeys.UAA, null, IdentityZone.getUaa().getId()); @Before public void createTokenStore() throws Exception { diff --git a/common/src/test/java/org/cloudfoundry/identity/uaa/openid/UserInfoEndpointTests.java b/common/src/test/java/org/cloudfoundry/identity/uaa/openid/UserInfoEndpointTests.java index f0f7579c0e..b396b6a047 100644 --- a/common/src/test/java/org/cloudfoundry/identity/uaa/openid/UserInfoEndpointTests.java +++ b/common/src/test/java/org/cloudfoundry/identity/uaa/openid/UserInfoEndpointTests.java @@ -17,9 +17,9 @@ import java.util.Collections; import java.util.Map; -import org.cloudfoundry.identity.uaa.authentication.Origin; import org.cloudfoundry.identity.uaa.authentication.UaaAuthentication; import org.cloudfoundry.identity.uaa.authentication.UaaAuthenticationTestFactory; +import org.cloudfoundry.identity.uaa.constants.OriginKeys; import org.cloudfoundry.identity.uaa.user.InMemoryUaaUserDatabase; import org.cloudfoundry.identity.uaa.user.UaaUser; import org.cloudfoundry.identity.uaa.user.UaaUserTestFactory; @@ -44,7 +44,7 @@ public UserInfoEndpointTests() { @Test public void testSunnyDay() { - UaaUser user = userDatabase.retrieveUserByName("olds", Origin.UAA); + UaaUser user = userDatabase.retrieveUserByName("olds", OriginKeys.UAA); UaaAuthentication authentication = UaaAuthenticationTestFactory.getAuthentication(user.getId(), "olds", "olds@vmware.com"); Map map = endpoint.loginInfo(new OAuth2Authentication(null, authentication)); diff --git a/common/src/test/java/org/cloudfoundry/identity/uaa/security/DefaultSecurityContextAccessorTests.java b/common/src/test/java/org/cloudfoundry/identity/uaa/security/DefaultSecurityContextAccessorTests.java index 2c15af578d..0379471b96 100644 --- a/common/src/test/java/org/cloudfoundry/identity/uaa/security/DefaultSecurityContextAccessorTests.java +++ b/common/src/test/java/org/cloudfoundry/identity/uaa/security/DefaultSecurityContextAccessorTests.java @@ -15,11 +15,11 @@ import static org.junit.Assert.assertFalse; import static org.junit.Assert.assertTrue; -import org.cloudfoundry.identity.uaa.authentication.Origin; import org.cloudfoundry.identity.uaa.authentication.UaaAuthentication; import org.cloudfoundry.identity.uaa.authentication.UaaAuthenticationDetails; import org.cloudfoundry.identity.uaa.authentication.UaaAuthenticationTestFactory; import org.cloudfoundry.identity.uaa.authentication.UaaPrincipal; +import org.cloudfoundry.identity.uaa.constants.OriginKeys; import org.cloudfoundry.identity.uaa.user.UaaAuthority; import org.cloudfoundry.identity.uaa.util.UaaStringUtils; import org.cloudfoundry.identity.uaa.zone.IdentityZoneHolder; @@ -36,8 +36,6 @@ import org.springframework.security.oauth2.provider.OAuth2Authentication; import java.util.Arrays; -import java.util.Collection; -import java.util.Collections; import java.util.LinkedList; import java.util.List; import java.util.stream.Collectors; @@ -93,7 +91,7 @@ public void zoneAdminUserIsAdmin() throws Exception { authorities.add(new SimpleGrantedAuthority("zones." + IdentityZoneHolder.get().getId() + ".admin")); client.setAuthorities(authorities); - UaaPrincipal principal = new UaaPrincipal("id","username","email", Origin.UAA,null,IdentityZoneHolder.get().getId()); + UaaPrincipal principal = new UaaPrincipal("id","username","email", OriginKeys.UAA,null,IdentityZoneHolder.get().getId()); UaaAuthentication userAuthentication = new UaaAuthentication(principal, authorities, new UaaAuthenticationDetails(new MockHttpServletRequest())); AuthorizationRequest authorizationRequest = new AuthorizationRequest("admin", UaaStringUtils.getStringsFromAuthorities(authorities)); @@ -112,7 +110,7 @@ public void zoneAdminUserIsNotAdmin_BecauseOriginIsNotUaa() throws Exception { authorities.add(new SimpleGrantedAuthority("zones." + IdentityZoneHolder.get().getId() + ".admin")); client.setAuthorities(authorities); - UaaPrincipal principal = new UaaPrincipal("id","username","email", Origin.UAA,null, MultitenancyFixture.identityZone("test","test").getId()); + UaaPrincipal principal = new UaaPrincipal("id","username","email", OriginKeys.UAA,null, MultitenancyFixture.identityZone("test","test").getId()); UaaAuthentication userAuthentication = new UaaAuthentication(principal, authorities, new UaaAuthenticationDetails(new MockHttpServletRequest())); AuthorizationRequest authorizationRequest = new AuthorizationRequest("admin", UaaStringUtils.getStringsFromAuthorities(authorities)); diff --git a/common/src/test/java/org/cloudfoundry/identity/uaa/test/TestAccountSetup.java b/common/src/test/java/org/cloudfoundry/identity/uaa/test/TestAccountSetup.java index 8e5979dcdd..aa2c438a6f 100644 --- a/common/src/test/java/org/cloudfoundry/identity/uaa/test/TestAccountSetup.java +++ b/common/src/test/java/org/cloudfoundry/identity/uaa/test/TestAccountSetup.java @@ -27,7 +27,7 @@ import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; -import org.cloudfoundry.identity.uaa.authentication.Origin; +import org.cloudfoundry.identity.uaa.constants.OriginKeys; import org.cloudfoundry.identity.uaa.user.UaaUser; import org.cloudfoundry.identity.uaa.zone.IdentityZoneHolder; import org.junit.rules.TestWatchman; @@ -215,7 +215,7 @@ private UaaUser getUserFromMap(Map map) { @SuppressWarnings("unchecked") Collection> groups = (Collection>) map.get("groups"); return new UaaUser(id, userName, "", email, extractAuthorities(groups), givenName, familyName, new Date(), - new Date(), Origin.UAA, "externalId", false, IdentityZoneHolder.get().getId(), null,null); + new Date(), OriginKeys.UAA, "externalId", false, IdentityZoneHolder.get().getId(), null,null); } private List extractAuthorities(Collection> groups) { diff --git a/common/src/test/java/org/cloudfoundry/identity/uaa/test/UaaTestAccounts.java b/common/src/test/java/org/cloudfoundry/identity/uaa/test/UaaTestAccounts.java index c10521a90e..518f2a1856 100644 --- a/common/src/test/java/org/cloudfoundry/identity/uaa/test/UaaTestAccounts.java +++ b/common/src/test/java/org/cloudfoundry/identity/uaa/test/UaaTestAccounts.java @@ -20,7 +20,7 @@ import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; -import org.cloudfoundry.identity.uaa.authentication.Origin; +import org.cloudfoundry.identity.uaa.constants.OriginKeys; import org.cloudfoundry.identity.uaa.user.UaaAuthority; import org.cloudfoundry.identity.uaa.user.UaaUser; import org.cloudfoundry.identity.uaa.zone.IdentityZoneHolder; @@ -90,7 +90,7 @@ public String getEmail() { public UaaUser getUserWithRandomID() { String id = UUID.randomUUID().toString(); UaaUser user = new UaaUser(id, getUserName(), "", getEmail(), - UaaAuthority.USER_AUTHORITIES, "Test", "User", new Date(), new Date(), Origin.UAA, "externalId", true, + UaaAuthority.USER_AUTHORITIES, "Test", "User", new Date(), new Date(), OriginKeys.UAA, "externalId", true, IdentityZoneHolder.get().getId(), id, new Date()); ReflectionTestUtils.setField(user, "password", getPassword()); return user; diff --git a/common/src/test/java/org/cloudfoundry/identity/uaa/user/InMemoryUaaUserDatabaseTests.java b/common/src/test/java/org/cloudfoundry/identity/uaa/user/InMemoryUaaUserDatabaseTests.java index 4c0c290812..af312b5808 100644 --- a/common/src/test/java/org/cloudfoundry/identity/uaa/user/InMemoryUaaUserDatabaseTests.java +++ b/common/src/test/java/org/cloudfoundry/identity/uaa/user/InMemoryUaaUserDatabaseTests.java @@ -1,6 +1,6 @@ package org.cloudfoundry.identity.uaa.user; -import org.cloudfoundry.identity.uaa.authentication.Origin; +import org.cloudfoundry.identity.uaa.constants.OriginKeys; import org.cloudfoundry.identity.uaa.zone.IdentityZoneHolder; import org.junit.Before; import org.junit.Test; @@ -14,7 +14,7 @@ public class InMemoryUaaUserDatabaseTests { - UaaUser user = new UaaUser("test-id","username","password","email",UaaAuthority.USER_AUTHORITIES,"givenname","familyname", new Date(), new Date(), Origin.UAA,"externalID", false, IdentityZoneHolder.get().getId(), "test-id", new Date()); + UaaUser user = new UaaUser("test-id","username","password","email",UaaAuthority.USER_AUTHORITIES,"givenname","familyname", new Date(), new Date(), OriginKeys.UAA,"externalID", false, IdentityZoneHolder.get().getId(), "test-id", new Date()); InMemoryUaaUserDatabase db; @Before public void setUp() { @@ -31,12 +31,12 @@ public void testRetrieveUserByName() throws Exception { @Test(expected = UsernameNotFoundException.class) public void testRetrieveUserByNameInvalidOrigin() throws Exception { - db.retrieveUserByName(user.getUsername(), Origin.LDAP); + db.retrieveUserByName(user.getUsername(), OriginKeys.LDAP); } @Test(expected = UsernameNotFoundException.class) public void testRetrieveUserByNameInvalidUsername() throws Exception { - db.retrieveUserByName(user.getUsername() + "1", Origin.UAA); + db.retrieveUserByName(user.getUsername() + "1", OriginKeys.UAA); } @Test @@ -71,4 +71,4 @@ public void testUpdateUser() throws Exception { db.updateUser(user.getId(), newUser); assertSame(newUser, db.retrieveUserById(user.getId())); } -} \ No newline at end of file +} diff --git a/common/src/test/java/org/cloudfoundry/identity/uaa/user/JdbcUaaUserDatabaseTests.java b/common/src/test/java/org/cloudfoundry/identity/uaa/user/JdbcUaaUserDatabaseTests.java index cd5c67b812..8cabe35dfd 100644 --- a/common/src/test/java/org/cloudfoundry/identity/uaa/user/JdbcUaaUserDatabaseTests.java +++ b/common/src/test/java/org/cloudfoundry/identity/uaa/user/JdbcUaaUserDatabaseTests.java @@ -12,7 +12,7 @@ *******************************************************************************/ package org.cloudfoundry.identity.uaa.user; -import org.cloudfoundry.identity.uaa.authentication.Origin; +import org.cloudfoundry.identity.uaa.constants.OriginKeys; import org.cloudfoundry.identity.uaa.test.JdbcTestBase; import org.cloudfoundry.identity.uaa.test.TestUtils; import org.cloudfoundry.identity.uaa.zone.IdentityZone; @@ -56,7 +56,7 @@ public class JdbcUaaUserDatabaseTests extends JdbcTestBase { private void addUser(String id, String name, String password) { TestUtils.assertNoSuchUser(template, "id", id); Timestamp t = new Timestamp(System.currentTimeMillis()); - template.update(addUserSql, id, name, password, name.toLowerCase() + "@test.org", name, name, "", Origin.UAA, IdentityZoneHolder.get().getId(),t,t,t); + template.update(addUserSql, id, name, password, name.toLowerCase() + "@test.org", name, name, "", OriginKeys.UAA, IdentityZoneHolder.get().getId(),t,t,t); } private void addAuthority(String authority, String userId) { @@ -96,7 +96,7 @@ public void clearDb() throws Exception { @Test public void getValidUserSucceeds() { - UaaUser joe = db.retrieveUserByName("joe",Origin.UAA); + UaaUser joe = db.retrieveUserByName("joe", OriginKeys.UAA); assertNotNull(joe); assertEquals(JOE_ID, joe.getId()); assertEquals("Joe", joe.getUsername()); @@ -111,18 +111,18 @@ public void getValidUserSucceeds() { @Test public void getSaltValueWorks() { - UaaUser joe = db.retrieveUserByName("joe",Origin.UAA); + UaaUser joe = db.retrieveUserByName("joe", OriginKeys.UAA); assertNotNull(joe); assertNull(joe.getSalt()); template.update(addSaltSql, "salt", JOE_ID); - joe = db.retrieveUserByName("joe",Origin.UAA); + joe = db.retrieveUserByName("joe", OriginKeys.UAA); assertNotNull(joe); assertEquals("salt", joe.getSalt()); } @Test public void getValidUserCaseInsensitive() { - UaaUser joe = db.retrieveUserByName("JOE", Origin.UAA); + UaaUser joe = db.retrieveUserByName("JOE", OriginKeys.UAA); assertNotNull(joe); assertEquals(JOE_ID, joe.getId()); assertEquals("Joe", joe.getUsername()); @@ -134,13 +134,13 @@ public void getValidUserCaseInsensitive() { @Test(expected = UsernameNotFoundException.class) public void getNonExistentUserRaisedNotFoundException() { - db.retrieveUserByName("jo", Origin.UAA); + db.retrieveUserByName("jo", OriginKeys.UAA); } @Test public void getUserWithExtraAuthorities() { addAuthority("dash.admin", JOE_ID); - UaaUser joe = db.retrieveUserByName("joe", Origin.UAA); + UaaUser joe = db.retrieveUserByName("joe", OriginKeys.UAA); assertTrue("authorities does not contain uaa.user", joe.getAuthorities().contains(new SimpleGrantedAuthority("uaa.user"))); assertTrue("authorities does not contain dash.admin", @@ -162,7 +162,7 @@ public void getValidUserInOtherZoneFromOtherZone() { @Test(expected = UsernameNotFoundException.class) public void getValidUserInOtherZoneFromDefaultZoneFails() { - UaaUser alice = db.retrieveUserByName("alice",Origin.UAA); + UaaUser alice = db.retrieveUserByName("alice", OriginKeys.UAA); assertNotNull(alice); assertEquals(ALICE_ID, alice.getId()); assertEquals("alice", alice.getUsername()); diff --git a/common/src/test/java/org/cloudfoundry/identity/uaa/user/MockUaaUserDatabase.java b/common/src/test/java/org/cloudfoundry/identity/uaa/user/MockUaaUserDatabase.java index 607119cdfc..e146f828c8 100644 --- a/common/src/test/java/org/cloudfoundry/identity/uaa/user/MockUaaUserDatabase.java +++ b/common/src/test/java/org/cloudfoundry/identity/uaa/user/MockUaaUserDatabase.java @@ -14,7 +14,7 @@ import java.util.Date; -import org.cloudfoundry.identity.uaa.authentication.Origin; +import org.cloudfoundry.identity.uaa.constants.OriginKeys; import org.cloudfoundry.identity.uaa.zone.IdentityZoneHolder; import org.springframework.security.core.userdetails.UsernameNotFoundException; @@ -26,13 +26,13 @@ public class MockUaaUserDatabase implements UaaUserDatabase { public MockUaaUserDatabase(String id, String name, String email, String givenName, String familyName) { user = new UaaUser(id, name, "", email, UaaAuthority.USER_AUTHORITIES, givenName, familyName, - new Date(), new Date(), Origin.UAA, "externalId", false, IdentityZoneHolder.get().getId(), id, new Date()); + new Date(), new Date(), OriginKeys.UAA, "externalId", false, IdentityZoneHolder.get().getId(), id, new Date()); } public MockUaaUserDatabase(String id, String name, String email, String givenName, String familyName, Date createdAt, Date updatedAt) { user = new UaaUser(id, name, "", email, UaaAuthority.USER_AUTHORITIES, givenName, familyName, - createdAt, updatedAt, Origin.UAA, "externalId", false, IdentityZoneHolder.get().getId(), id, new Date()); + createdAt, updatedAt, OriginKeys.UAA, "externalId", false, IdentityZoneHolder.get().getId(), id, new Date()); } @Override diff --git a/common/src/test/java/org/cloudfoundry/identity/uaa/user/UaaUserTestFactory.java b/common/src/test/java/org/cloudfoundry/identity/uaa/user/UaaUserTestFactory.java index 465a678be2..358e499a35 100644 --- a/common/src/test/java/org/cloudfoundry/identity/uaa/user/UaaUserTestFactory.java +++ b/common/src/test/java/org/cloudfoundry/identity/uaa/user/UaaUserTestFactory.java @@ -12,8 +12,7 @@ *******************************************************************************/ package org.cloudfoundry.identity.uaa.user; -import org.cloudfoundry.identity.uaa.authentication.Origin; -import org.cloudfoundry.identity.uaa.zone.IdentityZone; +import org.cloudfoundry.identity.uaa.constants.OriginKeys; import org.cloudfoundry.identity.uaa.zone.IdentityZoneHolder; import java.util.Date; @@ -26,12 +25,12 @@ public class UaaUserTestFactory { public static UaaUser getUser(String id, String name, String email, String givenName, String familyName) { return new UaaUser(id, name, "", email, UaaAuthority.USER_AUTHORITIES, givenName, familyName, new Date(), - new Date(), Origin.UAA, "externalId", false, IdentityZoneHolder.get().getId(), id, new Date()); + new Date(), OriginKeys.UAA, "externalId", false, IdentityZoneHolder.get().getId(), id, new Date()); } public static UaaUser getAdminUser(String id, String name, String email, String givenName, String familyName) { return new UaaUser(id, name, "", email, UaaAuthority.ADMIN_AUTHORITIES, givenName, familyName, new Date(), - new Date(), Origin.UAA, "externalId", false, IdentityZoneHolder.get().getId(), id, new Date()); + new Date(), OriginKeys.UAA, "externalId", false, IdentityZoneHolder.get().getId(), id, new Date()); } } diff --git a/common/src/test/java/org/cloudfoundry/identity/uaa/util/DomainFilterTest.java b/common/src/test/java/org/cloudfoundry/identity/uaa/util/DomainFilterTest.java index 262a175f75..93d067f911 100644 --- a/common/src/test/java/org/cloudfoundry/identity/uaa/util/DomainFilterTest.java +++ b/common/src/test/java/org/cloudfoundry/identity/uaa/util/DomainFilterTest.java @@ -14,7 +14,7 @@ package org.cloudfoundry.identity.uaa.util; -import org.cloudfoundry.identity.uaa.authentication.Origin; +import org.cloudfoundry.identity.uaa.constants.OriginKeys; import org.cloudfoundry.identity.uaa.ldap.LdapIdentityProviderDefinition; import org.cloudfoundry.identity.uaa.login.saml.SamlIdentityProviderDefinition; import org.cloudfoundry.identity.uaa.zone.IdentityProvider; @@ -29,7 +29,7 @@ import java.util.List; import static java.util.Collections.EMPTY_LIST; -import static org.cloudfoundry.identity.uaa.authentication.Origin.LOGIN_SERVER; +import static org.cloudfoundry.identity.uaa.constants.OriginKeys.LOGIN_SERVER; import static org.cloudfoundry.identity.uaa.client.ClientConstants.ALLOWED_PROVIDERS; import static org.junit.Assert.assertFalse; import static org.junit.Assert.assertThat; @@ -97,10 +97,10 @@ public void setUp() throws Exception { } private void configureTestData() { - uaaProvider = new IdentityProvider().setActive(true).setType(Origin.UAA).setOriginKey(Origin.UAA).setConfig(uaaDef); - ldapProvider = new IdentityProvider().setActive(true).setType(Origin.LDAP).setOriginKey(Origin.LDAP).setConfig(ldapDef); - samlProvider1 = new IdentityProvider().setActive(true).setType(Origin.SAML).setOriginKey("saml1").setConfig(samlDef1); - samlProvider2 = new IdentityProvider().setActive(true).setType(Origin.SAML).setOriginKey("saml2").setConfig(samlDef2); + uaaProvider = new IdentityProvider().setActive(true).setType(OriginKeys.UAA).setOriginKey(OriginKeys.UAA).setConfig(uaaDef); + ldapProvider = new IdentityProvider().setActive(true).setType(OriginKeys.LDAP).setOriginKey(OriginKeys.LDAP).setConfig(ldapDef); + samlProvider1 = new IdentityProvider().setActive(true).setType(OriginKeys.SAML).setOriginKey("saml1").setConfig(samlDef1); + samlProvider2 = new IdentityProvider().setActive(true).setType(OriginKeys.SAML).setOriginKey("saml2").setConfig(samlDef2); loginServerProvider = new IdentityProvider().setActive(true).setType(LOGIN_SERVER).setOriginKey(LOGIN_SERVER); activeProviders = Arrays.asList(uaaProvider, ldapProvider, samlProvider1, samlProvider2, loginServerProvider); } diff --git a/common/src/test/java/org/cloudfoundry/identity/uaa/zone/IdentityProviderTests.java b/common/src/test/java/org/cloudfoundry/identity/uaa/zone/IdentityProviderTests.java deleted file mode 100644 index 651057711c..0000000000 --- a/common/src/test/java/org/cloudfoundry/identity/uaa/zone/IdentityProviderTests.java +++ /dev/null @@ -1,237 +0,0 @@ -/** - ******************************************************************************* - * Cloud Foundry - * Copyright (c) [2009-2015] Pivotal Software, Inc. All Rights Reserved. - *

- * This product is licensed to you under the Apache License, Version 2.0 (the "License"). - * You may not use this product except in compliance with the License. - *

- * This product includes a number of subcomponents with - * separate copyright notices and license terms. Your use of these - * subcomponents is subject to the terms and conditions of the - * subcomponent's license, as noted in the LICENSE file. - ***************************************************************************** - */ -package org.cloudfoundry.identity.uaa.zone; - -import com.fasterxml.jackson.core.type.TypeReference; -import org.cloudfoundry.identity.uaa.AbstractIdentityProviderDefinition; -import org.cloudfoundry.identity.uaa.KeystoneIdentityProviderDefinition; -import org.cloudfoundry.identity.uaa.authentication.Origin; -import org.cloudfoundry.identity.uaa.ldap.LdapIdentityProviderDefinition; -import org.cloudfoundry.identity.uaa.login.saml.SamlIdentityProviderDefinition; -import org.cloudfoundry.identity.uaa.util.JsonUtils; -import org.junit.Test; - -import java.util.List; - -import static org.junit.Assert.assertEquals; -import static org.junit.Assert.assertNotNull; -import static org.junit.Assert.assertTrue; - -public class IdentityProviderTests { - - @Test - public void test_backwards_compatible_json_where_config_is_a_string() { - List providers = - JsonUtils.readValue( - BACKWARDS_COMPATIBLE_LIST_OF_IDPS, - new TypeReference>() {} - ); - assertEquals(7, providers.size()); - } - - @Test - public void configIsAlwaysValidWhenOriginIsOtherThanUaa() { - IdentityProvider identityProvider = new IdentityProvider().setOriginKey(Origin.LDAP).setConfig(new LdapIdentityProviderDefinition()); - assertTrue(identityProvider.configIsValid()); - } - - @Test - public void uaaConfigMustContainAllPasswordPolicyFields() { - assertValidity(true, JsonUtils.readValue("",UaaIdentityProviderDefinition.class)); - assertValidity(true, JsonUtils.readValue("{\"passwordPolicy\": null}",UaaIdentityProviderDefinition.class)); - assertValidity(false,JsonUtils.readValue( "{\"passwordPolicy\": {}}",UaaIdentityProviderDefinition.class)); - assertValidity(false,JsonUtils.readValue( "{\"passwordPolicy\":{\"minLength\":6}}",UaaIdentityProviderDefinition.class)); - assertValidity(false,JsonUtils.readValue( "{\"passwordPolicy\":{\"minLength\":6,\"maxLength\":128}}",UaaIdentityProviderDefinition.class)); - assertValidity(false,JsonUtils.readValue( "{\"passwordPolicy\":{\"minLength\":6,\"maxLength\":128,\"requireUpperCaseCharacter\":1}}",UaaIdentityProviderDefinition.class)); - assertValidity(false,JsonUtils.readValue( "{\"passwordPolicy\":{\"minLength\":6,\"maxLength\":128,\"requireUpperCaseCharacter\":1,\"requireLowerCaseCharacter\":1}}",UaaIdentityProviderDefinition.class)); - assertValidity(false,JsonUtils.readValue( "{\"passwordPolicy\":{\"minLength\":6,\"maxLength\":128,\"requireUpperCaseCharacter\":1,\"requireLowerCaseCharacter\":1,\"requireDigit\":1}}",UaaIdentityProviderDefinition.class)); - assertValidity(false,JsonUtils.readValue( "{\"passwordPolicy\":{\"minLength\":6,\"maxLength\":128,\"requireUpperCaseCharacter\":1,\"requireLowerCaseCharacter\":1,\"requireDigit\":1,\"requireSpecialCharacter\":0}}",UaaIdentityProviderDefinition.class)); - assertValidity(true, JsonUtils.readValue("{\"passwordPolicy\":{\"minLength\":6,\"maxLength\":128,\"requireUpperCaseCharacter\":1,\"requireLowerCaseCharacter\":1,\"requireDigit\":1,\"requireSpecialCharacter\":0,\"expirePasswordInMonths\":0}}",UaaIdentityProviderDefinition.class)); - } - - @Test - public void uaaConfigDoesNotAllowNegativeNumbersForPasswordPolicy() { - assertValidity(false, JsonUtils.readValue("{\"passwordPolicy\":{\"minLength\":-6,\"maxLength\":128,\"requireUpperCaseCharacter\":1,\"requireLowerCaseCharacter\":1,\"requireDigit\":1,\"requireSpecialCharacter\":0,\"expirePasswordInMonths\":0}}", UaaIdentityProviderDefinition.class)); - assertValidity(false, JsonUtils.readValue("{\"passwordPolicy\":{\"minLength\":6,\"maxLength\":-128,\"requireUpperCaseCharacter\":1,\"requireLowerCaseCharacter\":1,\"requireDigit\":1,\"requireSpecialCharacter\":0,\"expirePasswordInMonths\":0}}", UaaIdentityProviderDefinition.class)); - assertValidity(false, JsonUtils.readValue("{\"passwordPolicy\":{\"minLength\":6,\"maxLength\":128,\"requireUpperCaseCharacter\":-1,\"requireLowerCaseCharacter\":1,\"requireDigit\":1,\"requireSpecialCharacter\":0,\"expirePasswordInMonths\":0}}", UaaIdentityProviderDefinition.class)); - assertValidity(false, JsonUtils.readValue("{\"passwordPolicy\":{\"minLength\":6,\"maxLength\":128,\"requireUpperCaseCharacter\":1,\"requireLowerCaseCharacter\":-1,\"requireDigit\":1,\"requireSpecialCharacter\":0,\"expirePasswordInMonths\":0}}", UaaIdentityProviderDefinition.class)); - assertValidity(false, JsonUtils.readValue("{\"passwordPolicy\":{\"minLength\":6,\"maxLength\":128,\"requireUpperCaseCharacter\":1,\"requireLowerCaseCharacter\":1,\"requireDigit\":-1,\"requireSpecialCharacter\":0,\"expirePasswordInMonths\":0}}", UaaIdentityProviderDefinition.class)); - assertValidity(false, JsonUtils.readValue("{\"passwordPolicy\":{\"minLength\":6,\"maxLength\":128,\"requireUpperCaseCharacter\":1,\"requireLowerCaseCharacter\":1,\"requireDigit\":1,\"requireSpecialCharacter\":-1,\"expirePasswordInMonths\":0}}", UaaIdentityProviderDefinition.class)); - assertValidity(false, JsonUtils.readValue("{\"passwordPolicy\":{\"minLength\":6,\"maxLength\":128,\"requireUpperCaseCharacter\":1,\"requireLowerCaseCharacter\":1,\"requireDigit\":1,\"requireSpecialCharacter\":0,\"expirePasswordInMonths\":-1}}", UaaIdentityProviderDefinition.class)); - } - - @Test - public void uaaConfigMustContainAllLockoutPolicyFieldsIfSpecified() throws Exception { - assertValidity(true, JsonUtils.readValue("", UaaIdentityProviderDefinition.class)); - assertValidity(true, JsonUtils.readValue("{\"lockoutPolicy\": null}", UaaIdentityProviderDefinition.class)); - assertValidity(false,JsonUtils.readValue( "{\"lockoutPolicy\": {}}", UaaIdentityProviderDefinition.class)); - assertValidity(false,JsonUtils.readValue( "{\"lockoutPolicy\":{\"lockoutPeriodSeconds\":900}}", UaaIdentityProviderDefinition.class)); - assertValidity(false,JsonUtils.readValue( "{\"lockoutPolicy\":{\"lockoutPeriodSeconds\":900,\"lockoutAfterFailures\":128}}", UaaIdentityProviderDefinition.class)); - assertValidity(true, JsonUtils.readValue("{\"lockoutPolicy\":{\"lockoutPeriodSeconds\":900,\"lockoutAfterFailures\":128,\"countFailuresWithin\":1800}}", UaaIdentityProviderDefinition.class)); - } - - @Test - public void uaaConfigDoesNotAllNegativeNumbersForLockoutPolicy() throws Exception { - assertValidity(false, JsonUtils.readValue("{\"lockoutPolicy\":{\"lockoutPeriodSeconds\":-6,\"lockoutAfterFailures\":128,\"countFailuresWithin\":1}}", UaaIdentityProviderDefinition.class)); - assertValidity(false, JsonUtils.readValue("{\"lockoutPolicy\":{\"lockoutPeriodSeconds\":6,\"lockoutAfterFailures\":-128,\"countFailuresWithin\":1}}", UaaIdentityProviderDefinition.class)); - assertValidity(false, JsonUtils.readValue("{\"lockoutPolicy\":{\"lockoutPeriodSeconds\":6,\"lockoutAfterFailures\":128,\"countFailuresWithin\":-1}}", UaaIdentityProviderDefinition.class)); - } - - @Test - public void test_serialize_uaa() { - UaaIdentityProviderDefinition definition = new UaaIdentityProviderDefinition(); - IdentityProvider identityProvider = new IdentityProvider().setOriginKey(Origin.UAA).setConfig(definition); - test_serialization(identityProvider); - } - - @Test - public void test_serialize_saml() { - SamlIdentityProviderDefinition definition = new SamlIdentityProviderDefinition(); - definition.setMetaDataLocation("http://test.org"); - definition.setIdpEntityAlias(Origin.SAML); - definition.setZoneId(IdentityZone.getUaa().getId()); - IdentityProvider identityProvider = - new IdentityProvider() - .setOriginKey(definition.getIdpEntityAlias()) - .setConfig(definition) - .setIdentityZoneId(definition.getZoneId()); - test_serialization(identityProvider); - } - - protected IdentityProvider test_serialization(IdentityProvider identityProvider) { - String json = JsonUtils.writeValueAsString(identityProvider); - IdentityProvider identityProvider2 = JsonUtils.readValue(json, IdentityProvider.class); - assertNotNull(identityProvider2); - assertEquals(identityProvider.getConfig(), identityProvider2.getConfig()); - return identityProvider2; - } - - @Test - public void test_serialize_ldap() { - LdapIdentityProviderDefinition definition = new LdapIdentityProviderDefinition(); - IdentityProvider identityProvider = new IdentityProvider().setOriginKey(Origin.LDAP).setConfig(definition); - test_serialization(identityProvider); - } - - @Test - public void test_serialize_keystone() { - KeystoneIdentityProviderDefinition definition = new KeystoneIdentityProviderDefinition(); - IdentityProvider identityProvider = new IdentityProvider().setOriginKey(Origin.LDAP).setConfig(definition); - test_serialization(identityProvider); - } - - @Test - public void test_serialize_other_origin() { - AbstractIdentityProviderDefinition definition = new AbstractIdentityProviderDefinition(); - IdentityProvider identityProvider = new IdentityProvider().setOriginKey("other").setConfig(definition); - IdentityProvider other = test_serialization(identityProvider); - assertEquals("unknown", other.getType()); - assertEquals("other", other.getOriginKey()); - assertTrue(other.getConfig() instanceof AbstractIdentityProviderDefinition); - } - - private void assertValidity(boolean expected, AbstractIdentityProviderDefinition config) { - IdentityProvider identityProvider = new IdentityProvider().setOriginKey(Origin.UAA).setConfig(config); - assertEquals(expected, identityProvider.configIsValid()); - } - - public static final String BACKWARDS_COMPATIBLE_LIST_OF_IDPS = - "[\n" + - " {\n" + - " \"id\": \"2bfcef9b-33df-4c76-843f-e0e6b484a60a\",\n" + - " \"originKey\": \"keystone\",\n" + - " \"name\": \"keystone\",\n" + - " \"type\": \"keystone\",\n" + - " \"config\": null,\n" + - " \"version\": 1208,\n" + - " \"created\": 946684800000,\n" + - " \"active\": false,\n" + - " \"identityZoneId\": \"uaa\",\n" + - " \"last_modified\": 1447811837000\n" + - " },\n" + - " {\n" + - " \"id\": \"72209e6f-6434-491f-a170-398755bdc06d\",\n" + - " \"originKey\": \"ldap\",\n" + - " \"name\": \"UAA LDAP Provider\",\n" + - " \"type\": \"ldap\",\n" + - " \"config\": \"{\\\"emailDomain\\\":null,\\\"externalGroupsWhitelist\\\":[],\\\"attributeMappings\\\":{},\\\"ldapProfileFile\\\":\\\"ldap/ldap-search-and-bind.xml\\\",\\\"baseUrl\\\":\\\"ldap://52.20.5.106:389/\\\",\\\"referral\\\":null,\\\"skipSSLVerification\\\":false,\\\"userDNPattern\\\":null,\\\"userDNPatternDelimiter\\\":null,\\\"bindUserDn\\\":\\\"cn=admin,dc=test,dc=com\\\",\\\"bindPassword\\\":\\\"password\\\",\\\"userSearchBase\\\":\\\"dc=test,dc=com\\\",\\\"userSearchFilter\\\":\\\"cn={0}\\\",\\\"passwordAttributeName\\\":null,\\\"passwordEncoder\\\":null,\\\"localPasswordCompare\\\":null,\\\"mailAttributeName\\\":\\\"mail\\\",\\\"mailSubstitute\\\":\\\"\\\",\\\"mailSubstituteOverridesLdap\\\":false,\\\"ldapGroupFile\\\":\\\"ldap/ldap-groups-map-to-scopes.xml\\\",\\\"groupSearchBase\\\":\\\"ou=scopes,dc=test,dc=com\\\",\\\"groupSearchFilter\\\":\\\"member={0}\\\",\\\"groupsIgnorePartialResults\\\":null,\\\"autoAddGroups\\\":true,\\\"groupSearchSubTree\\\":true,\\\"maxGroupSearchDepth\\\":1,\\\"groupRoleAttribute\\\":\\\"spring.security.ldap.dn\\\"}\",\n" + - " \"version\": 932,\n" + - " \"created\": 946684800000,\n" + - " \"active\": true,\n" + - " \"identityZoneId\": \"uaa\",\n" + - " \"last_modified\": 1447811837000\n" + - " },\n" + - " {\n" + - " \"id\": \"69efc352-cb8d-4e85-9a43-86ddff9b4c91\",\n" + - " \"originKey\": \"login-server\",\n" + - " \"name\": \"login-server\",\n" + - " \"type\": \"login-server\",\n" + - " \"config\": null,\n" + - " \"version\": 0,\n" + - " \"created\": 946684800000,\n" + - " \"active\": true,\n" + - " \"identityZoneId\": \"uaa\",\n" + - " \"last_modified\": 1438372376000\n" + - " },\n" + - " {\n" + - " \"id\": \"58773443-0857-4f13-9dd9-0dc15fdeef06\",\n" + - " \"originKey\": \"okta-preview\",\n" + - " \"name\": \"UAA SAML Identity Provider[okta-preview]\",\n" + - " \"type\": \"saml\",\n" + - " \"config\": \"{\\\"emailDomain\\\":null,\\\"externalGroupsWhitelist\\\":[],\\\"attributeMappings\\\":{},\\\"metaDataLocation\\\":\\\"MIICmTCCAgKgAwIBAgIGAUPATqmEMA0GCSqGSIb3DQEBBQUAMIGPMQswCQYDVQQGEwJVUzETMBEG\\\\nA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzENMAsGA1UECgwET2t0YTEU\\\\nMBIGA1UECwwLU1NPUHJvdmlkZXIxEDAOBgNVBAMMB1Bpdm90YWwxHDAaBgkqhkiG9w0BCQEWDWlu\\\\nZm9Ab2t0YS5jb20wHhcNMTQwMTIzMTgxMjM3WhcNNDQwMTIzMTgxMzM3WjCBjzELMAkGA1UEBhMC\\\\nVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xDTALBgNVBAoM\\\\nBE9rdGExFDASBgNVBAsMC1NTT1Byb3ZpZGVyMRAwDgYDVQQDDAdQaXZvdGFsMRwwGgYJKoZIhvcN\\\\nAQkBFg1pbmZvQG9rdGEuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCeil67/TLOiTZU\\\\nWWgW2XEGgFZ94bVO90v5J1XmcHMwL8v5Z/8qjdZLpGdwI7Ph0CyXMMNklpaR/Ljb8fsls3amdT5O\\\\nBw92Zo8ulcpjw2wuezTwL0eC0wY/GQDAZiXL59npE6U+fH1lbJIq92hx0HJSru/0O1q3+A/+jjZL\\\\n3tL/SwIDAQABMA0GCSqGSIb3DQEBBQUAA4GBAI5BoWZoH6Mz9vhypZPOJCEKa/K+biZQsA4Zqsuk\\\\nvvphhSERhqk/Nv76Vkl8uvJwwHbQrR9KJx4L3PRkGCG24rix71jEuXVGZUsDNM3CUKnARx4MEab6\\\\nGFHNkZ6DmoT/PFagngecHu+EwmuDtaG0rEkFrARwe+d8Ru0BN558abFburn:oasis:names:tc:SAML:1.1:nameid-format:emailAddressurn:oasis:names:tc:SAML:1.1:nameid-format:unspecified\\\\n\\\",\\\"idpEntityAlias\\\":\\\"okta-preview\\\",\\\"zoneId\\\":\\\"uaa\\\",\\\"nameID\\\":\\\"urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress\\\",\\\"assertionConsumerIndex\\\":0,\\\"metadataTrustCheck\\\":false,\\\"showSamlLink\\\":true,\\\"socketFactoryClassName\\\":\\\"org.apache.commons.httpclient.protocol.DefaultProtocolSocketFactory\\\",\\\"linkText\\\":null,\\\"iconUrl\\\":null,\\\"addShadowUserOnLogin\\\":true}\",\n" + - " \"version\": 48,\n" + - " \"created\": 1447100573000,\n" + - " \"active\": true,\n" + - " \"identityZoneId\": \"uaa\",\n" + - " \"last_modified\": 1447811837000\n" + - " },\n" + - " {\n" + - " \"id\": \"a937f8da-f47b-4b94-ae51-5bb23a590a69\",\n" + - " \"originKey\": \"simplesamlphp-url\",\n" + - " \"name\": \"UAA SAML Identity Provider[simplesamlphp-url]\",\n" + - " \"type\": \"saml\",\n" + - " \"config\": \"{\\\"emailDomain\\\":null,\\\"externalGroupsWhitelist\\\":[],\\\"attributeMappings\\\":{\\\"user.attribute.terribleBosses\\\":\\\"manager\\\",\\\"user.attribute.employeeCostCenter\\\":\\\"costCenter\\\"},\\\"metaDataLocation\\\":\\\"http://simplesamlphp.identity.cf-app.com/saml2/idp/metadata.php\\\",\\\"idpEntityAlias\\\":\\\"simplesamlphp-url\\\",\\\"zoneId\\\":\\\"uaa\\\",\\\"nameID\\\":\\\"urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress\\\",\\\"assertionConsumerIndex\\\":0,\\\"metadataTrustCheck\\\":false,\\\"showSamlLink\\\":true,\\\"socketFactoryClassName\\\":\\\"org.apache.commons.httpclient.protocol.DefaultProtocolSocketFactory\\\",\\\"linkText\\\":\\\"Log in with Simple SAML PHP URL\\\",\\\"iconUrl\\\":null,\\\"addShadowUserOnLogin\\\":true}\",\n" + - " \"version\": 46,\n" + - " \"created\": 1447168745000,\n" + - " \"active\": true,\n" + - " \"identityZoneId\": \"uaa\",\n" + - " \"last_modified\": 1447811837000\n" + - " },\n" + - " {\n" + - " \"id\": \"eb82ad76-376e-4215-bb0f-de4677155ade\",\n" + - " \"originKey\": \"siteminder\",\n" + - " \"name\": \"UAA SAML Identity Provider[siteminder]\",\n" + - " \"type\": \"saml\",\n" + - " \"config\": \"{\\\"emailDomain\\\":null,\\\"externalGroupsWhitelist\\\":[],\\\"attributeMappings\\\":{},\\\"metaDataLocation\\\":\\\" CN=siteminder,OU=security,O=ca,L=islandia,ST=new york,C=US 1389887106 MIICRzCCAbCgAwIBAgIEUtf+gjANBgkqhkiG9w0BAQQFADBoMQswCQYDVQQGEwJVUzERMA8GA1UECBMIbmV3IHlvcmsxETAPBgNVBAcTCGlzbGFuZGlhMQswCQYDVQQKEwJjYTERMA8GA1UECxMIc2VjdXJpdHkxEzARBgNVBAMTCnNpdGVtaW5kZXIwHhcNMTQwMTE2MTU0NTA2WhcNMjQwMTE0MTU0NTA2WjBoMQswCQYDVQQGEwJVUzERMA8GA1UECBMIbmV3IHlvcmsxETAPBgNVBAcTCGlzbGFuZGlhMQswCQYDVQQKEwJjYTERMA8GA1UECxMIc2VjdXJpdHkxEzARBgNVBAMTCnNpdGVtaW5kZXIwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOap0m7c+LSOAoGLUD3TAdS7BcJFns6HPSGAYK9NBY6MxITKElqVWHaVoaqxHCQxdQsF9oZvhPAmiNsbIRniKA+cypUov8U0pNIRPPBfl7p9ojGPZf5OtotnUnEN2ZcYuZwxRnKPfpfEs5fshSvcZIa34FCSCw8L0sRDoWFIucBjAgMBAAEwDQYJKoZIhvcNAQEEBQADgYEAFbsuhxBm3lUkycfZZuNYft1j41k+FyLLTyXyPJKmc2s2RPOYtLQyolNB214ZCIZzVSExyfo959ZBvdWz+UinpFNPd8cEc0nuXOmfW/XBEgT0YS1vIDUzfeVRyZLj2u4BdBGwmK5oYRbgHxViFVnn3C6UN5rcg5mZl0FBXJ31Zuk= CN=siteminder,OU=security,O=ca,L=islandia,ST=new york,C=US urn:oasis:names:tc:SAML:2.0:nameid-format:persistent \\\",\\\"idpEntityAlias\\\":\\\"siteminder\\\",\\\"zoneId\\\":\\\"uaa\\\",\\\"nameID\\\":\\\"urn:oasis:names:tc:SAML:2.0:nameid-format:persistent\\\",\\\"assertionConsumerIndex\\\":0,\\\"metadataTrustCheck\\\":false,\\\"showSamlLink\\\":true,\\\"socketFactoryClassName\\\":\\\"org.apache.commons.httpclient.protocol.DefaultProtocolSocketFactory\\\",\\\"linkText\\\":\\\"SiteMinder\\\",\\\"iconUrl\\\":null,\\\"addShadowUserOnLogin\\\":true}\",\n" + - " \"version\": 2,\n" + - " \"created\": 1447811113000,\n" + - " \"active\": true,\n" + - " \"identityZoneId\": \"uaa\",\n" + - " \"last_modified\": 1447811837000\n" + - " },\n" + - " {\n" + - " \"id\": \"c0042c9e-1962-4f5c-a0ee-6282611eaec5\",\n" + - " \"originKey\": \"uaa\",\n" + - " \"name\": \"uaa\",\n" + - " \"type\": \"uaa\",\n" + - " \"config\": \"{\\\"emailDomain\\\":null,\\\"passwordPolicy\\\":{\\\"minLength\\\":0,\\\"maxLength\\\":255,\\\"requireUpperCaseCharacter\\\":0,\\\"requireLowerCaseCharacter\\\":0,\\\"requireDigit\\\":0,\\\"requireSpecialCharacter\\\":0,\\\"expirePasswordInMonths\\\":0},\\\"lockoutPolicy\\\":{\\\"lockoutPeriodSeconds\\\":300,\\\"lockoutAfterFailures\\\":5,\\\"countFailuresWithin\\\":3600},\\\"disableInternalUserManagement\\\":false}\",\n" + - " \"version\": 575,\n" + - " \"created\": 946684800000,\n" + - " \"active\": true,\n" + - " \"identityZoneId\": \"uaa\",\n" + - " \"last_modified\": 1447811837000\n" + - " }\n" + - "]"; -} diff --git a/common/src/test/java/org/cloudfoundry/identity/uaa/zone/JdbcIdentityProviderProvisioningTests.java b/common/src/test/java/org/cloudfoundry/identity/uaa/zone/JdbcIdentityProviderProvisioningTests.java index e5ddc1455b..bc1e6dfc16 100644 --- a/common/src/test/java/org/cloudfoundry/identity/uaa/zone/JdbcIdentityProviderProvisioningTests.java +++ b/common/src/test/java/org/cloudfoundry/identity/uaa/zone/JdbcIdentityProviderProvisioningTests.java @@ -3,6 +3,7 @@ import org.apache.commons.lang.RandomStringUtils; import org.cloudfoundry.identity.uaa.AbstractIdentityProviderDefinition; import org.cloudfoundry.identity.uaa.authentication.Origin; +import org.cloudfoundry.identity.uaa.constants.OriginKeys; import org.cloudfoundry.identity.uaa.ldap.LdapIdentityProviderDefinition; import org.cloudfoundry.identity.uaa.test.JdbcTestBase; import org.cloudfoundry.identity.uaa.util.JsonUtils; @@ -65,7 +66,7 @@ public void testCreateAndUpdateIdentityProviderInDefaultZone() throws Exception assertEquals(idp.getName(), createdIdp.getName()); assertEquals(rawCreatedIdp.get("origin_key"), createdIdp.getOriginKey()); - assertEquals(Origin.UNKNOWN, createdIdp.getType()); //we don't allow other types anymore + assertEquals(OriginKeys.UNKNOWN, createdIdp.getType()); //we don't allow other types anymore assertEquals(idp.getConfig(), createdIdp.getConfig()); assertEquals(idp.getLastModified().getTime()/1000, createdIdp.getLastModified().getTime()/1000); assertEquals(Integer.valueOf(rawCreatedIdp.get("version").toString())+1, createdIdp.getVersion()); @@ -129,7 +130,7 @@ public void testUpdateIdentityProviderInDefaultZone() throws Exception { String idpId = RandomStringUtils.randomAlphabetic(6); IdentityProvider idp = MultitenancyFixture.identityProvider(originKey, zoneId); idp.setId(idpId); - idp.setType(Origin.LDAP); + idp.setType(OriginKeys.LDAP); idp = db.create(idp); LdapIdentityProviderDefinition definition = new LdapIdentityProviderDefinition(); diff --git a/login/src/main/java/org/cloudfoundry/identity/uaa/authentication/manager/DynamicZoneAwareAuthenticationManager.java b/login/src/main/java/org/cloudfoundry/identity/uaa/authentication/manager/DynamicZoneAwareAuthenticationManager.java index 6aa3b61481..fcad8a40f9 100644 --- a/login/src/main/java/org/cloudfoundry/identity/uaa/authentication/manager/DynamicZoneAwareAuthenticationManager.java +++ b/login/src/main/java/org/cloudfoundry/identity/uaa/authentication/manager/DynamicZoneAwareAuthenticationManager.java @@ -14,8 +14,8 @@ import org.cloudfoundry.identity.uaa.authentication.AccountNotVerifiedException; import org.cloudfoundry.identity.uaa.authentication.AuthenticationPolicyRejectionException; -import org.cloudfoundry.identity.uaa.authentication.Origin; import org.cloudfoundry.identity.uaa.authentication.manager.ChainedAuthenticationManager.AuthenticationManagerConfiguration; +import org.cloudfoundry.identity.uaa.constants.OriginKeys; import org.cloudfoundry.identity.uaa.ldap.LdapIdentityProviderDefinition; import org.cloudfoundry.identity.uaa.scim.ScimGroupExternalMembershipManager; import org.cloudfoundry.identity.uaa.scim.ScimGroupProvisioning; @@ -64,8 +64,8 @@ public Authentication authenticate(Authentication authentication) throws Authent } protected ChainedAuthenticationManager getChainedAuthenticationManager(IdentityZone zone) { - IdentityProvider ldapProvider = getProvider(Origin.LDAP, zone); - IdentityProvider uaaProvider = getProvider(Origin.UAA, zone); + IdentityProvider ldapProvider = getProvider(OriginKeys.LDAP, zone); + IdentityProvider uaaProvider = getProvider(OriginKeys.UAA, zone); List delegates = new LinkedList<>(); diff --git a/login/src/main/java/org/cloudfoundry/identity/uaa/invitations/InvitationsController.java b/login/src/main/java/org/cloudfoundry/identity/uaa/invitations/InvitationsController.java index e4521296fe..fa33e4bcdd 100644 --- a/login/src/main/java/org/cloudfoundry/identity/uaa/invitations/InvitationsController.java +++ b/login/src/main/java/org/cloudfoundry/identity/uaa/invitations/InvitationsController.java @@ -3,13 +3,13 @@ import com.fasterxml.jackson.core.type.TypeReference; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; -import org.cloudfoundry.identity.uaa.authentication.Origin; import org.cloudfoundry.identity.uaa.authentication.UaaAuthentication; import org.cloudfoundry.identity.uaa.authentication.UaaAuthenticationDetails; import org.cloudfoundry.identity.uaa.authentication.UaaPrincipal; import org.cloudfoundry.identity.uaa.authentication.manager.DynamicZoneAwareAuthenticationManager; import org.cloudfoundry.identity.uaa.codestore.ExpiringCode; import org.cloudfoundry.identity.uaa.codestore.ExpiringCodeStore; +import org.cloudfoundry.identity.uaa.constants.OriginKeys; import org.cloudfoundry.identity.uaa.invitations.InvitationsService.AcceptedInvitation; import org.cloudfoundry.identity.uaa.ldap.ExtendedLdapUserDetails; import org.cloudfoundry.identity.uaa.login.PasswordConfirmationValidation; @@ -55,7 +55,7 @@ import java.util.HashMap; import java.util.Map; -import static org.cloudfoundry.identity.uaa.authentication.Origin.ORIGIN; +import static org.cloudfoundry.identity.uaa.constants.OriginKeys.ORIGIN; import static org.springframework.web.bind.annotation.RequestMethod.GET; import static org.springframework.web.bind.annotation.RequestMethod.POST; @@ -135,8 +135,8 @@ public String acceptInvitePage(@RequestParam String code, Model model, HttpServl String redirect = "redirect:" + accepted.getRedirectUri(); logger.debug(String.format("Redirecting accepted invitation for email:%s, id:%s to URL:%s", codeData.get("email"), codeData.get("user_id"), redirect)); return redirect; - } else if (Origin.SAML.equals(provider.getType())) { - SamlIdentityProviderDefinition definition = ObjectUtils.castInstance(provider.getConfig(),SamlIdentityProviderDefinition.class); + } else if (OriginKeys.SAML.equals(provider.getType())) { + SamlIdentityProviderDefinition definition = ObjectUtils.castInstance(provider.getConfig(), SamlIdentityProviderDefinition.class); RequestContextHolder.getRequestAttributes().setAttribute("IS_INVITE_ACCEPTANCE", true, RequestAttributes.SCOPE_SESSION); RequestContextHolder.getRequestAttributes().setAttribute("user_id", user.getId(), RequestAttributes.SCOPE_SESSION); @@ -256,7 +256,7 @@ public String acceptLdapInvitation(@RequestParam("enterprise_username") String u AuthenticationManager authenticationManager = null; IdentityProvider ldapProvider = null; try { - ldapProvider = providerProvisioning.retrieveByOrigin(Origin.LDAP, IdentityZoneHolder.get().getId()); + ldapProvider = providerProvisioning.retrieveByOrigin(OriginKeys.LDAP, IdentityZoneHolder.get().getId()); zoneAwareAuthenticationManager.getLdapAuthenticationManager(IdentityZoneHolder.get(), ldapProvider).getLdapAuthenticationManager(); authenticationManager = zoneAwareAuthenticationManager.getLdapAuthenticationManager(IdentityZoneHolder.get(), ldapProvider).getLdapManagerActual(); } catch (EmptyResultDataAccessException e) { @@ -273,7 +273,7 @@ public String acceptLdapInvitation(@RequestParam("enterprise_username") String u ScimUser user = userProvisioning.retrieve(data.get("user_id")); if (!user.getPrimaryEmail().equalsIgnoreCase(((ExtendedLdapUserDetails) authentication.getPrincipal()).getEmailAddress())) { model.addAttribute("email", data.get("email")); - model.addAttribute(Origin.LDAP, Origin.LDAP); + model.addAttribute(OriginKeys.LDAP, OriginKeys.LDAP); model.addAttribute("code", expiringCodeStore.generateCode(expiringCode.getData(), new Timestamp(System.currentTimeMillis() + (10 * 60 * 1000))).getCode()); return handleUnprocessableEntity(model, response, "error_message", "invite.email_mismatch", "invitations/accept_invite"); } diff --git a/login/src/main/java/org/cloudfoundry/identity/uaa/invitations/InvitationsEndpoint.java b/login/src/main/java/org/cloudfoundry/identity/uaa/invitations/InvitationsEndpoint.java index 69c5746300..3ef88ab266 100644 --- a/login/src/main/java/org/cloudfoundry/identity/uaa/invitations/InvitationsEndpoint.java +++ b/login/src/main/java/org/cloudfoundry/identity/uaa/invitations/InvitationsEndpoint.java @@ -33,7 +33,7 @@ import java.util.List; import java.util.Map; -import static org.cloudfoundry.identity.uaa.authentication.Origin.ORIGIN; +import static org.cloudfoundry.identity.uaa.constants.OriginKeys.ORIGIN; import static org.springframework.security.oauth2.common.util.OAuth2Utils.CLIENT_ID; import static org.springframework.security.oauth2.common.util.OAuth2Utils.REDIRECT_URI; diff --git a/login/src/main/java/org/cloudfoundry/identity/uaa/login/AbstractControllerInfo.java b/login/src/main/java/org/cloudfoundry/identity/uaa/login/AbstractControllerInfo.java index 35f33ca51a..07b1467c3a 100644 --- a/login/src/main/java/org/cloudfoundry/identity/uaa/login/AbstractControllerInfo.java +++ b/login/src/main/java/org/cloudfoundry/identity/uaa/login/AbstractControllerInfo.java @@ -15,7 +15,7 @@ import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; -import org.cloudfoundry.identity.uaa.authentication.Origin; +import org.cloudfoundry.identity.uaa.constants.OriginKeys; import org.cloudfoundry.identity.uaa.util.UaaStringUtils; import org.springframework.core.io.support.PropertiesLoaderUtils; import org.springframework.http.HttpHeaders; @@ -107,8 +107,8 @@ protected String getUaaHost() { protected Map getLinksInfo() { Map model = new HashMap(); - model.put(Origin.UAA, getUaaBaseUrl()); - model.put("login", getUaaBaseUrl().replaceAll(Origin.UAA, "login")); + model.put(OriginKeys.UAA, getUaaBaseUrl()); + model.put("login", getUaaBaseUrl().replaceAll(OriginKeys.UAA, "login")); model.putAll(getLinks()); return model; } diff --git a/login/src/main/java/org/cloudfoundry/identity/uaa/login/AccountsController.java b/login/src/main/java/org/cloudfoundry/identity/uaa/login/AccountsController.java index e58044a290..1d56fb713a 100644 --- a/login/src/main/java/org/cloudfoundry/identity/uaa/login/AccountsController.java +++ b/login/src/main/java/org/cloudfoundry/identity/uaa/login/AccountsController.java @@ -12,8 +12,8 @@ *******************************************************************************/ package org.cloudfoundry.identity.uaa.login; -import org.cloudfoundry.identity.uaa.authentication.Origin; import org.cloudfoundry.identity.uaa.authentication.UaaPrincipal; +import org.cloudfoundry.identity.uaa.constants.OriginKeys; import org.cloudfoundry.identity.uaa.error.UaaException; import org.cloudfoundry.identity.uaa.scim.exception.InvalidPasswordException; import org.cloudfoundry.identity.uaa.user.UaaAuthority; @@ -102,7 +102,7 @@ public String verifyUser(Model model, return "accounts/new_activation_email"; } - UaaPrincipal uaaPrincipal = new UaaPrincipal(accountCreation.getUserId(), accountCreation.getUsername(), accountCreation.getEmail(), Origin.UAA, null, IdentityZoneHolder.get().getId()); + UaaPrincipal uaaPrincipal = new UaaPrincipal(accountCreation.getUserId(), accountCreation.getUsername(), accountCreation.getEmail(), OriginKeys.UAA, null, IdentityZoneHolder.get().getId()); UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(uaaPrincipal, null, UaaAuthority.USER_AUTHORITIES); SecurityContextHolder.getContext().setAuthentication(token); diff --git a/login/src/main/java/org/cloudfoundry/identity/uaa/login/AutologinAuthenticationManager.java b/login/src/main/java/org/cloudfoundry/identity/uaa/login/AutologinAuthenticationManager.java index 8840660e25..b8463d7ddf 100644 --- a/login/src/main/java/org/cloudfoundry/identity/uaa/login/AutologinAuthenticationManager.java +++ b/login/src/main/java/org/cloudfoundry/identity/uaa/login/AutologinAuthenticationManager.java @@ -17,26 +17,23 @@ import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.cloudfoundry.identity.uaa.authentication.AuthzAuthenticationRequest; -import org.cloudfoundry.identity.uaa.authentication.Origin; import org.cloudfoundry.identity.uaa.authentication.UaaAuthentication; import org.cloudfoundry.identity.uaa.authentication.UaaAuthenticationDetails; import org.cloudfoundry.identity.uaa.authentication.UaaPrincipal; -import org.cloudfoundry.identity.uaa.client.SocialClientUserDetails; import org.cloudfoundry.identity.uaa.codestore.ExpiringCode; import org.cloudfoundry.identity.uaa.codestore.ExpiringCodeStore; import org.cloudfoundry.identity.uaa.codestore.ExpiringCodeType; +import org.cloudfoundry.identity.uaa.constants.OriginKeys; import org.cloudfoundry.identity.uaa.error.InvalidCodeException; import org.cloudfoundry.identity.uaa.user.UaaAuthority; import org.cloudfoundry.identity.uaa.util.JsonUtils; import org.cloudfoundry.identity.uaa.zone.IdentityZoneHolder; import org.springframework.security.authentication.AuthenticationManager; import org.springframework.security.authentication.BadCredentialsException; -import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; import org.springframework.security.core.Authentication; import org.springframework.security.core.AuthenticationException; import org.springframework.security.oauth2.common.util.OAuth2Utils; -import java.io.IOException; import java.util.Map; /** @@ -89,7 +86,7 @@ public Authentication authenticate(Authentication authentication) throws Authent String username; String clientId; username = codeData.get("username"); - origin = codeData.get(Origin.ORIGIN); + origin = codeData.get(OriginKeys.ORIGIN); userId = codeData.get("user_id"); clientId = codeData.get(OAuth2Utils.CLIENT_ID); diff --git a/login/src/main/java/org/cloudfoundry/identity/uaa/login/ChangeEmailController.java b/login/src/main/java/org/cloudfoundry/identity/uaa/login/ChangeEmailController.java index 87475cf9d6..21077a67b6 100644 --- a/login/src/main/java/org/cloudfoundry/identity/uaa/login/ChangeEmailController.java +++ b/login/src/main/java/org/cloudfoundry/identity/uaa/login/ChangeEmailController.java @@ -1,9 +1,9 @@ package org.cloudfoundry.identity.uaa.login; -import org.cloudfoundry.identity.uaa.authentication.Origin; import org.cloudfoundry.identity.uaa.authentication.UaaAuthentication; import org.cloudfoundry.identity.uaa.authentication.UaaAuthenticationDetails; import org.cloudfoundry.identity.uaa.authentication.UaaPrincipal; +import org.cloudfoundry.identity.uaa.constants.OriginKeys; import org.cloudfoundry.identity.uaa.error.UaaException; import org.cloudfoundry.identity.uaa.user.UaaUser; import org.cloudfoundry.identity.uaa.user.UaaUserDatabase; @@ -68,7 +68,7 @@ public String changeEmail(Model model, @Valid @ModelAttribute("newEmail") ValidE return "change_email"; } String origin = ((UaaPrincipal)securityContext.getAuthentication().getPrincipal()).getOrigin(); - if (!origin.equals(Origin.UAA)) { + if (!origin.equals(OriginKeys.UAA)) { redirectAttributes.addAttribute("error_message_code", "email_change.non-uaa-origin"); return "redirect:profile"; } diff --git a/login/src/main/java/org/cloudfoundry/identity/uaa/login/EmailAccountCreationService.java b/login/src/main/java/org/cloudfoundry/identity/uaa/login/EmailAccountCreationService.java index 49de83774b..8ad21bbeac 100644 --- a/login/src/main/java/org/cloudfoundry/identity/uaa/login/EmailAccountCreationService.java +++ b/login/src/main/java/org/cloudfoundry/identity/uaa/login/EmailAccountCreationService.java @@ -3,9 +3,9 @@ import com.fasterxml.jackson.core.type.TypeReference; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; -import org.cloudfoundry.identity.uaa.authentication.Origin; import org.cloudfoundry.identity.uaa.codestore.ExpiringCode; import org.cloudfoundry.identity.uaa.codestore.ExpiringCodeStore; +import org.cloudfoundry.identity.uaa.constants.OriginKeys; import org.cloudfoundry.identity.uaa.error.UaaException; import org.cloudfoundry.identity.uaa.scim.ScimUser; import org.cloudfoundry.identity.uaa.scim.ScimUserProvisioning; @@ -71,10 +71,10 @@ public void beginActivation(String email, String password, String clientId, Stri String subject = getSubjectText(); try { - ScimUser scimUser = createUser(email, password, Origin.UAA); + ScimUser scimUser = createUser(email, password, OriginKeys.UAA); generateAndSendCode(email, clientId, subject, scimUser.getId(), redirectUri); } catch (ScimResourceAlreadyExistsException e) { - List users = scimUserProvisioning.query("userName eq \""+email+"\" and origin eq \""+Origin.UAA+"\""); + List users = scimUserProvisioning.query("userName eq \""+email+"\" and origin eq \""+ OriginKeys.UAA+"\""); try { if (users.size()>0) { if (users.get(0).isVerified()) { diff --git a/login/src/main/java/org/cloudfoundry/identity/uaa/login/EmailChangeEmailService.java b/login/src/main/java/org/cloudfoundry/identity/uaa/login/EmailChangeEmailService.java index abd6217c94..ba40928b87 100644 --- a/login/src/main/java/org/cloudfoundry/identity/uaa/login/EmailChangeEmailService.java +++ b/login/src/main/java/org/cloudfoundry/identity/uaa/login/EmailChangeEmailService.java @@ -21,9 +21,9 @@ import java.util.regex.Pattern; import com.fasterxml.jackson.core.type.TypeReference; -import org.cloudfoundry.identity.uaa.authentication.Origin; import org.cloudfoundry.identity.uaa.codestore.ExpiringCode; import org.cloudfoundry.identity.uaa.codestore.ExpiringCodeStore; +import org.cloudfoundry.identity.uaa.constants.OriginKeys; import org.cloudfoundry.identity.uaa.error.UaaException; import org.cloudfoundry.identity.uaa.scim.ScimUser; import org.cloudfoundry.identity.uaa.scim.ScimUserProvisioning; @@ -63,7 +63,7 @@ public EmailChangeEmailService(TemplateEngine templateEngine, MessageService mes @Override public void beginEmailChange(String userId, String email, String newEmail, String clientId, String redirectUri) { ScimUser user = scimUserProvisioning.retrieve(userId); - List results = scimUserProvisioning.query("userName eq \"" + newEmail + "\" and origin eq \"" + Origin.UAA + "\""); + List results = scimUserProvisioning.query("userName eq \"" + newEmail + "\" and origin eq \"" + OriginKeys.UAA + "\""); if (user.getUserName().equals(user.getPrimaryEmail())) { if (!results.isEmpty()) { diff --git a/login/src/main/java/org/cloudfoundry/identity/uaa/login/EmailInvitationsService.java b/login/src/main/java/org/cloudfoundry/identity/uaa/login/EmailInvitationsService.java index 429c51836c..5989bb143f 100644 --- a/login/src/main/java/org/cloudfoundry/identity/uaa/login/EmailInvitationsService.java +++ b/login/src/main/java/org/cloudfoundry/identity/uaa/login/EmailInvitationsService.java @@ -3,9 +3,9 @@ import com.fasterxml.jackson.core.type.TypeReference; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; -import org.cloudfoundry.identity.uaa.authentication.Origin; import org.cloudfoundry.identity.uaa.codestore.ExpiringCode; import org.cloudfoundry.identity.uaa.codestore.ExpiringCodeStore; +import org.cloudfoundry.identity.uaa.constants.OriginKeys; import org.cloudfoundry.identity.uaa.invitations.InvitationsService; import org.cloudfoundry.identity.uaa.message.PasswordChangeRequest; import org.cloudfoundry.identity.uaa.scim.ScimUser; @@ -100,7 +100,7 @@ public AcceptedInvitation acceptInvitation(String code, String password) { user = scimUserProvisioning.verifyUser(userId, user.getVersion()); - if (Origin.UAA.equals(user.getOrigin())) { + if (OriginKeys.UAA.equals(user.getOrigin())) { PasswordChangeRequest request = new PasswordChangeRequest(); request.setPassword(password); scimUserProvisioning.changePassword(userId, null, password); diff --git a/login/src/main/java/org/cloudfoundry/identity/uaa/login/LoginUaaApprovalsService.java b/login/src/main/java/org/cloudfoundry/identity/uaa/login/LoginUaaApprovalsService.java index 6622ce4153..5ac3a376ac 100644 --- a/login/src/main/java/org/cloudfoundry/identity/uaa/login/LoginUaaApprovalsService.java +++ b/login/src/main/java/org/cloudfoundry/identity/uaa/login/LoginUaaApprovalsService.java @@ -12,7 +12,7 @@ *******************************************************************************/ package org.cloudfoundry.identity.uaa.login; -import org.cloudfoundry.identity.uaa.authentication.Origin; +import org.cloudfoundry.identity.uaa.constants.OriginKeys; import org.cloudfoundry.identity.uaa.oauth.approval.Approval; import org.cloudfoundry.identity.uaa.oauth.approval.ApprovalsControllerService; import org.springframework.beans.factory.annotation.Autowired; @@ -53,7 +53,7 @@ public Map> getCurrentApprovalsByClientId() { clientApprovals.add(approval); } else { String resource = scope.substring(0, scope.lastIndexOf(".")); - if (Origin.UAA.equals(resource)) { + if (OriginKeys.UAA.equals(resource)) { // special case: don't need to prompt for internal uaa // scopes continue; diff --git a/login/src/main/java/org/cloudfoundry/identity/uaa/login/ProfileController.java b/login/src/main/java/org/cloudfoundry/identity/uaa/login/ProfileController.java index 79a3d64742..54337ffbaa 100644 --- a/login/src/main/java/org/cloudfoundry/identity/uaa/login/ProfileController.java +++ b/login/src/main/java/org/cloudfoundry/identity/uaa/login/ProfileController.java @@ -12,9 +12,9 @@ *******************************************************************************/ package org.cloudfoundry.identity.uaa.login; -import org.cloudfoundry.identity.uaa.authentication.Origin; import org.cloudfoundry.identity.uaa.authentication.UaaPrincipal; import org.cloudfoundry.identity.uaa.client.ClientConstants; +import org.cloudfoundry.identity.uaa.constants.OriginKeys; import org.cloudfoundry.identity.uaa.oauth.approval.Approval; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.security.core.Authentication; @@ -109,7 +109,7 @@ else if (null != delete) { private boolean isUaaManagedUser(Authentication authentication) { if (authentication.getPrincipal() instanceof UaaPrincipal) { UaaPrincipal principal = (UaaPrincipal) authentication.getPrincipal(); - return Origin.UAA.equals(principal.getOrigin()); + return OriginKeys.UAA.equals(principal.getOrigin()); } return false; } diff --git a/login/src/main/java/org/cloudfoundry/identity/uaa/login/ResetPasswordController.java b/login/src/main/java/org/cloudfoundry/identity/uaa/login/ResetPasswordController.java index c63f41e877..ab10fbd5b4 100644 --- a/login/src/main/java/org/cloudfoundry/identity/uaa/login/ResetPasswordController.java +++ b/login/src/main/java/org/cloudfoundry/identity/uaa/login/ResetPasswordController.java @@ -14,10 +14,10 @@ import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; -import org.cloudfoundry.identity.uaa.authentication.Origin; import org.cloudfoundry.identity.uaa.authentication.UaaPrincipal; import org.cloudfoundry.identity.uaa.codestore.ExpiringCode; import org.cloudfoundry.identity.uaa.codestore.ExpiringCodeStore; +import org.cloudfoundry.identity.uaa.constants.OriginKeys; import org.cloudfoundry.identity.uaa.error.UaaException; import org.cloudfoundry.identity.uaa.login.ResetPasswordService.ResetPasswordResponse; import org.cloudfoundry.identity.uaa.scim.ScimUser; @@ -193,7 +193,7 @@ public String resetPassword(Model model, try { ResetPasswordResponse resetPasswordResponse = resetPasswordService.resetPassword(code, password); ScimUser user = resetPasswordResponse.getUser(); - UaaPrincipal uaaPrincipal = new UaaPrincipal(user.getId(), user.getUserName(), user.getPrimaryEmail(), Origin.UAA, null, IdentityZoneHolder.get().getId()); + UaaPrincipal uaaPrincipal = new UaaPrincipal(user.getId(), user.getUserName(), user.getPrimaryEmail(), OriginKeys.UAA, null, IdentityZoneHolder.get().getId()); UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(uaaPrincipal, null, UaaAuthority.USER_AUTHORITIES); SecurityContextHolder.getContext().setAuthentication(token); diff --git a/login/src/main/java/org/cloudfoundry/identity/uaa/login/RestUaaApprovalsService.java b/login/src/main/java/org/cloudfoundry/identity/uaa/login/RestUaaApprovalsService.java index ef37632e85..ef18e2b172 100644 --- a/login/src/main/java/org/cloudfoundry/identity/uaa/login/RestUaaApprovalsService.java +++ b/login/src/main/java/org/cloudfoundry/identity/uaa/login/RestUaaApprovalsService.java @@ -14,7 +14,7 @@ import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; -import org.cloudfoundry.identity.uaa.authentication.Origin; +import org.cloudfoundry.identity.uaa.constants.OriginKeys; import org.cloudfoundry.identity.uaa.oauth.approval.Approval; import org.springframework.core.ParameterizedTypeReference; import org.springframework.http.HttpMethod; @@ -65,7 +65,7 @@ public Map> getCurrentApprovalsByClientId() { clientApprovals.add(approval); } else { String resource = scope.substring(0, scope.lastIndexOf(".")); - if (Origin.UAA.equals(resource)) { + if (OriginKeys.UAA.equals(resource)) { // special case: don't need to prompt for internal uaa // scopes continue; diff --git a/login/src/main/java/org/cloudfoundry/identity/uaa/login/saml/LoginSamlAuthenticationProvider.java b/login/src/main/java/org/cloudfoundry/identity/uaa/login/saml/LoginSamlAuthenticationProvider.java index 0e74d67ee4..b2394a2d44 100644 --- a/login/src/main/java/org/cloudfoundry/identity/uaa/login/saml/LoginSamlAuthenticationProvider.java +++ b/login/src/main/java/org/cloudfoundry/identity/uaa/login/saml/LoginSamlAuthenticationProvider.java @@ -17,13 +17,13 @@ import org.apache.commons.lang.StringUtils; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; -import org.cloudfoundry.identity.uaa.authentication.Origin; import org.cloudfoundry.identity.uaa.authentication.UaaAuthentication; import org.cloudfoundry.identity.uaa.authentication.UaaPrincipal; import org.cloudfoundry.identity.uaa.authentication.event.UserAuthenticationSuccessEvent; import org.cloudfoundry.identity.uaa.authentication.manager.ExternalGroupAuthorizationEvent; import org.cloudfoundry.identity.uaa.authentication.manager.InvitedUserAuthenticatedEvent; import org.cloudfoundry.identity.uaa.authentication.manager.NewUserAuthenticatedEvent; +import org.cloudfoundry.identity.uaa.constants.OriginKeys; import org.cloudfoundry.identity.uaa.login.SamlUserAuthority; import org.cloudfoundry.identity.uaa.scim.ScimGroupExternalMember; import org.cloudfoundry.identity.uaa.scim.ScimGroupExternalMembershipManager; @@ -130,7 +130,7 @@ public Authentication authenticate(Authentication authentication) throws Authent throw new ProviderNotFoundException("Not identity provider found in zone."); } ExpiringUsernameAuthenticationToken result = getExpiringUsernameAuthenticationToken(authentication); - UaaPrincipal samlPrincipal = new UaaPrincipal(Origin.NotANumber, result.getName(), result.getName(), alias, result.getName(), zone.getId()); + UaaPrincipal samlPrincipal = new UaaPrincipal(OriginKeys.NotANumber, result.getName(), result.getName(), alias, result.getName(), zone.getId()); Collection samlAuthorities = retrieveSamlAuthorities(samlConfig, (SAMLCredential) result.getCredentials()); Collection authorities = mapAuthorities(idp.getOriginKey(), samlAuthorities); @@ -303,13 +303,13 @@ protected UaaUser getUser(UaaPrincipal principal, MultiValueMap u String givenName = userAttributes.getFirst(GIVEN_NAME_ATTRIBUTE_NAME); String familyName = userAttributes.getFirst(FAMILY_NAME_ATTRIBUTE_NAME); String phoneNumber = userAttributes.getFirst(PHONE_NUMBER_ATTRIBUTE_NAME); - String userId = Origin.NotANumber; - String origin = principal.getOrigin()!=null?principal.getOrigin():Origin.LOGIN_SERVER; + String userId = OriginKeys.NotANumber; + String origin = principal.getOrigin()!=null?principal.getOrigin(): OriginKeys.LOGIN_SERVER; String zoneId = principal.getZoneId(); if (name == null && email != null) { name = email; } - if (name == null && Origin.NotANumber.equals(userId)) { + if (name == null && OriginKeys.NotANumber.equals(userId)) { throw new BadCredentialsException("Cannot determine username from credentials supplied"); } else if (name==null) { //we have user_id, name is irrelevant diff --git a/login/src/main/java/org/cloudfoundry/identity/uaa/login/util/LocalUaaRestTemplate.java b/login/src/main/java/org/cloudfoundry/identity/uaa/login/util/LocalUaaRestTemplate.java index 9444c519eb..361351b2e2 100644 --- a/login/src/main/java/org/cloudfoundry/identity/uaa/login/util/LocalUaaRestTemplate.java +++ b/login/src/main/java/org/cloudfoundry/identity/uaa/login/util/LocalUaaRestTemplate.java @@ -16,7 +16,7 @@ import org.apache.http.conn.ssl.TrustSelfSignedStrategy; import org.apache.http.impl.client.CloseableHttpClient; import org.apache.http.impl.client.HttpClients; -import org.cloudfoundry.identity.uaa.authentication.Origin; +import org.cloudfoundry.identity.uaa.constants.OriginKeys; import org.springframework.beans.factory.InitializingBean; import org.springframework.http.client.ClientHttpRequestFactory; import org.springframework.http.client.HttpComponentsClientHttpRequestFactory; @@ -66,7 +66,7 @@ protected OAuth2AccessToken acquireAccessToken(OAuth2ClientContext oauth2Context scopes.add(authority.getAuthority()); } Set resourceIds = new HashSet<>(); - resourceIds.add(Origin.UAA); + resourceIds.add(OriginKeys.UAA); Set responseTypes = new HashSet<>(); responseTypes.add("token"); Map requestParameters = new HashMap<>(); diff --git a/login/src/main/java/org/cloudfoundry/identity/uaa/zone/IdentityProviderEndpoints.java b/login/src/main/java/org/cloudfoundry/identity/uaa/zone/IdentityProviderEndpoints.java index 9b29615bbd..7687a72764 100644 --- a/login/src/main/java/org/cloudfoundry/identity/uaa/zone/IdentityProviderEndpoints.java +++ b/login/src/main/java/org/cloudfoundry/identity/uaa/zone/IdentityProviderEndpoints.java @@ -14,9 +14,9 @@ import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; -import org.cloudfoundry.identity.uaa.authentication.Origin; import org.cloudfoundry.identity.uaa.authentication.manager.DynamicLdapAuthenticationManager; import org.cloudfoundry.identity.uaa.authentication.manager.LdapLoginAuthenticationManager; +import org.cloudfoundry.identity.uaa.constants.OriginKeys; import org.cloudfoundry.identity.uaa.ldap.LdapIdentityProviderDefinition; import org.cloudfoundry.identity.uaa.login.saml.SamlIdentityProviderConfigurator; import org.cloudfoundry.identity.uaa.login.saml.SamlIdentityProviderDefinition; @@ -80,7 +80,7 @@ public IdentityProviderEndpoints( public ResponseEntity createIdentityProvider(@RequestBody IdentityProvider body) throws MetadataProviderException{ String zoneId = IdentityZoneHolder.get().getId(); body.setIdentityZoneId(zoneId); - if (Origin.SAML.equals(body.getType())) { + if (OriginKeys.SAML.equals(body.getType())) { SamlIdentityProviderDefinition definition = ObjectUtils.castInstance(body.getConfig(), SamlIdentityProviderDefinition.class); definition.setZoneId(zoneId); definition.setIdpEntityAlias(body.getOriginKey()); @@ -100,7 +100,7 @@ public ResponseEntity updateIdentityProvider(@PathVariable Str if (!body.configIsValid()) { return new ResponseEntity<>(UNPROCESSABLE_ENTITY); } - if (Origin.SAML.equals(body.getType())) { + if (OriginKeys.SAML.equals(body.getType())) { body.setOriginKey(existing.getOriginKey()); //we do not allow origin to change for a SAML provider, since that can cause clashes SamlIdentityProviderDefinition definition = ObjectUtils.castInstance(body.getConfig(), SamlIdentityProviderDefinition.class); definition.setZoneId(zoneId); diff --git a/login/src/test/java/org/cloudfoundry/identity/uaa/invitations/InvitationsControllerTest.java b/login/src/test/java/org/cloudfoundry/identity/uaa/invitations/InvitationsControllerTest.java index 2669f43423..5a94f7a4cf 100644 --- a/login/src/test/java/org/cloudfoundry/identity/uaa/invitations/InvitationsControllerTest.java +++ b/login/src/test/java/org/cloudfoundry/identity/uaa/invitations/InvitationsControllerTest.java @@ -1,11 +1,11 @@ package org.cloudfoundry.identity.uaa.invitations; -import org.cloudfoundry.identity.uaa.authentication.Origin; import org.cloudfoundry.identity.uaa.authentication.UaaPrincipal; import org.cloudfoundry.identity.uaa.authentication.manager.DynamicLdapAuthenticationManager; import org.cloudfoundry.identity.uaa.authentication.manager.DynamicZoneAwareAuthenticationManager; import org.cloudfoundry.identity.uaa.codestore.ExpiringCode; import org.cloudfoundry.identity.uaa.codestore.ExpiringCodeStore; +import org.cloudfoundry.identity.uaa.constants.OriginKeys; import org.cloudfoundry.identity.uaa.ldap.ExtendedLdapUserDetails; import org.cloudfoundry.identity.uaa.login.BuildInfo; import org.cloudfoundry.identity.uaa.login.saml.SamlIdentityProviderDefinition; @@ -136,7 +136,7 @@ public void testAcceptInvitationsPage() throws Exception { when(expiringCodeStore.retrieveCode("the_secret_code")).thenReturn(new ExpiringCode("code", new Timestamp(System.currentTimeMillis()), JsonUtils.writeValueAsString(codeData))); when(expiringCodeStore.generateCode(anyString(), anyObject())).thenReturn(new ExpiringCode("code", new Timestamp(System.currentTimeMillis()), JsonUtils.writeValueAsString(codeData))); IdentityProvider provider = new IdentityProvider(); - provider.setType(Origin.UAA); + provider.setType(OriginKeys.UAA); when(providerProvisioning.retrieveByOrigin(anyString(), anyString())).thenReturn(provider); MockHttpServletRequestBuilder get = get("/invitations/accept") .param("code", "the_secret_code"); @@ -161,7 +161,7 @@ public void acceptInvitePage_for_unverifiedSamlUser() throws Exception { IdentityProvider provider = new IdentityProvider(); SamlIdentityProviderDefinition definition = new SamlIdentityProviderDefinition("http://test.saml.com", "test-saml", "test", 0, false, true, "testsaml", "test.com", IdentityZone.getUaa().getId()); provider.setConfig(definition); - provider.setType(Origin.SAML); + provider.setType(OriginKeys.SAML); when(providerProvisioning.retrieveByOrigin(eq("test-saml"), anyString())).thenReturn(provider); MockHttpServletRequestBuilder get = get("/invitations/accept") .param("code", "the_secret_code"); @@ -181,7 +181,7 @@ public void acceptInvitePage_for_unverifiedLdapUser() throws Exception { when(expiringCodeStore.generateCode(anyString(), anyObject())).thenReturn(new ExpiringCode("code", new Timestamp(System.currentTimeMillis()), JsonUtils.writeValueAsString(codeData))); IdentityProvider provider = new IdentityProvider(); - provider.setType(Origin.LDAP); + provider.setType(OriginKeys.LDAP); when(providerProvisioning.retrieveByOrigin(eq("ldap"), anyString())).thenReturn(provider); MockHttpServletRequestBuilder get = get("/invitations/accept") @@ -302,7 +302,7 @@ public void acceptInvitePage_for_verifiedUser() throws Exception { when(expiringCodeStore.generateCode(anyString(), anyObject())).thenReturn(new ExpiringCode("code", new Timestamp(System.currentTimeMillis()), JsonUtils.writeValueAsString(codeData))); when(invitationsService.acceptInvitation(anyString(), anyString())).thenReturn(new InvitationsService.AcceptedInvitation("blah.test.com", new ScimUser())); IdentityProvider provider = new IdentityProvider(); - provider.setType(Origin.UAA); + provider.setType(OriginKeys.UAA); when(providerProvisioning.retrieveByOrigin(anyString(), anyString())).thenReturn(provider); MockHttpServletRequestBuilder get = get("/invitations/accept") .param("code", "the_secret_code"); @@ -352,7 +352,7 @@ public void testAcceptInvite() throws Exception { } public MockHttpServletRequestBuilder startAcceptInviteFlow(String password) { - UaaPrincipal uaaPrincipal = new UaaPrincipal("user-id-001", "user@example.com", "user@example.com", Origin.UAA, null, IdentityZoneHolder.get().getId()); + UaaPrincipal uaaPrincipal = new UaaPrincipal("user-id-001", "user@example.com", "user@example.com", OriginKeys.UAA, null, IdentityZoneHolder.get().getId()); UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(uaaPrincipal, null, UaaAuthority.USER_AUTHORITIES); SecurityContextHolder.getContext().setAuthentication(token); @@ -364,7 +364,7 @@ public MockHttpServletRequestBuilder startAcceptInviteFlow(String password) { @Test public void acceptInviteWithValidClientRedirect() throws Exception { - UaaPrincipal uaaPrincipal = new UaaPrincipal("user-id-001", "user@example.com", "user@example.com", Origin.UAA, null,IdentityZoneHolder.get().getId()); + UaaPrincipal uaaPrincipal = new UaaPrincipal("user-id-001", "user@example.com", "user@example.com", OriginKeys.UAA, null,IdentityZoneHolder.get().getId()); ScimUser user = new ScimUser(uaaPrincipal.getId(), uaaPrincipal.getName(),"fname", "lname"); user.setPrimaryEmail(user.getUserName()); @@ -387,7 +387,7 @@ public void acceptInviteWithValidClientRedirect() throws Exception { @Test public void acceptInviteWithInvalidClientRedirect() throws Exception { - UaaPrincipal uaaPrincipal = new UaaPrincipal("user-id-001", "user@example.com", "user@example.com", Origin.UAA, null,IdentityZoneHolder.get().getId()); + UaaPrincipal uaaPrincipal = new UaaPrincipal("user-id-001", "user@example.com", "user@example.com", OriginKeys.UAA, null,IdentityZoneHolder.get().getId()); UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(uaaPrincipal, null, UaaAuthority.USER_AUTHORITIES); SecurityContextHolder.getContext().setAuthentication(token); @@ -410,7 +410,7 @@ public void acceptInviteWithInvalidClientRedirect() throws Exception { @Test public void testAcceptInviteWithoutMatchingPasswords() throws Exception { - UaaPrincipal uaaPrincipal = new UaaPrincipal("user-id-001", "user@example.com", "user@example.com", Origin.UAA, null,IdentityZoneHolder.get().getId()); + UaaPrincipal uaaPrincipal = new UaaPrincipal("user-id-001", "user@example.com", "user@example.com", OriginKeys.UAA, null,IdentityZoneHolder.get().getId()); UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(uaaPrincipal, null, UaaAuthority.USER_AUTHORITIES); SecurityContextHolder.getContext().setAuthentication(token); diff --git a/login/src/test/java/org/cloudfoundry/identity/uaa/login/AutologinAuthenticationManagerTest.java b/login/src/test/java/org/cloudfoundry/identity/uaa/login/AutologinAuthenticationManagerTest.java index 07a6f0fe94..dd72f905b6 100644 --- a/login/src/test/java/org/cloudfoundry/identity/uaa/login/AutologinAuthenticationManagerTest.java +++ b/login/src/test/java/org/cloudfoundry/identity/uaa/login/AutologinAuthenticationManagerTest.java @@ -1,17 +1,16 @@ package org.cloudfoundry.identity.uaa.login; import org.cloudfoundry.identity.uaa.authentication.AuthzAuthenticationRequest; -import org.cloudfoundry.identity.uaa.authentication.Origin; import org.cloudfoundry.identity.uaa.authentication.UaaAuthentication; import org.cloudfoundry.identity.uaa.authentication.UaaAuthenticationDetails; import org.cloudfoundry.identity.uaa.codestore.ExpiringCode; import org.cloudfoundry.identity.uaa.codestore.ExpiringCodeStore; import org.cloudfoundry.identity.uaa.codestore.ExpiringCodeType; +import org.cloudfoundry.identity.uaa.constants.OriginKeys; import org.cloudfoundry.identity.uaa.error.InvalidCodeException; import org.cloudfoundry.identity.uaa.util.JsonUtils; import org.junit.Before; import org.junit.Test; -import org.junit.rules.ExpectedException; import org.mockito.Mockito; import org.springframework.mock.web.MockHttpServletRequest; import org.springframework.security.authentication.BadCredentialsException; @@ -62,7 +61,7 @@ public void authentication_successful() throws Exception { codeData.put("user_id", "test-user-id"); codeData.put("client_id", "test-client-id"); codeData.put("username", "test-username"); - codeData.put(Origin.ORIGIN, Origin.UAA); + codeData.put(OriginKeys.ORIGIN, OriginKeys.UAA); codeData.put("action", ExpiringCodeType.AUTOLOGIN.name()); when(codeStore.retrieveCode("the_secret_code")).thenReturn(new ExpiringCode("the_secret_code", new Timestamp(123), JsonUtils.writeValueAsString(codeData))); @@ -72,7 +71,7 @@ public void authentication_successful() throws Exception { UaaAuthentication uaaAuthentication = (UaaAuthentication)authenticate; assertThat(uaaAuthentication.getPrincipal().getId(), is("test-user-id")); assertThat(uaaAuthentication.getPrincipal().getName(), is("test-username")); - assertThat(uaaAuthentication.getPrincipal().getOrigin(), is(Origin.UAA)); + assertThat(uaaAuthentication.getPrincipal().getOrigin(), is(OriginKeys.UAA)); assertThat(uaaAuthentication.getDetails(), is(instanceOf(UaaAuthenticationDetails.class))); UaaAuthenticationDetails uaaAuthDetails = (UaaAuthenticationDetails)uaaAuthentication.getDetails(); assertThat(uaaAuthDetails.getClientId(), is("test-client-id")); @@ -84,7 +83,7 @@ public void authentication_fails_withInvalidClient() { codeData.put("user_id", "test-user-id"); codeData.put("client_id", "actual-client-id"); codeData.put("username", "test-username"); - codeData.put(Origin.ORIGIN, Origin.UAA); + codeData.put(OriginKeys.ORIGIN, OriginKeys.UAA); codeData.put("action", ExpiringCodeType.AUTOLOGIN.name()); when(codeStore.retrieveCode("the_secret_code")).thenReturn(new ExpiringCode("the_secret_code", new Timestamp(123), JsonUtils.writeValueAsString(codeData))); @@ -96,7 +95,7 @@ public void authentication_fails_withNoClientId() { Map codeData = new HashMap<>(); codeData.put("user_id", "test-user-id"); codeData.put("username", "test-username"); - codeData.put(Origin.ORIGIN, Origin.UAA); + codeData.put(OriginKeys.ORIGIN, OriginKeys.UAA); codeData.put("action", ExpiringCodeType.AUTOLOGIN.name()); when(codeStore.retrieveCode("the_secret_code")).thenReturn(new ExpiringCode("the_secret_code", new Timestamp(123), JsonUtils.writeValueAsString(codeData))); @@ -115,7 +114,7 @@ public void authentication_fails_withCodeIntendedForDifferentPurpose() { codeData.put("user_id", "test-user-id"); codeData.put("client_id", "test-client-id"); codeData.put("username", "test-username"); - codeData.put(Origin.ORIGIN, Origin.UAA); + codeData.put(OriginKeys.ORIGIN, OriginKeys.UAA); when(codeStore.retrieveCode("the_secret_code")).thenReturn(new ExpiringCode("the_secret_code", new Timestamp(123), JsonUtils.writeValueAsString(codeData))); manager.authenticate(authenticationToken); @@ -131,4 +130,4 @@ public void authentication_fails_withInvalidCode() { } -} \ No newline at end of file +} diff --git a/login/src/test/java/org/cloudfoundry/identity/uaa/login/ChangeEmailControllerTest.java b/login/src/test/java/org/cloudfoundry/identity/uaa/login/ChangeEmailControllerTest.java index ebd6ca65a6..1321e46ab5 100644 --- a/login/src/test/java/org/cloudfoundry/identity/uaa/login/ChangeEmailControllerTest.java +++ b/login/src/test/java/org/cloudfoundry/identity/uaa/login/ChangeEmailControllerTest.java @@ -1,9 +1,9 @@ package org.cloudfoundry.identity.uaa.login; import org.cloudfoundry.identity.uaa.TestClassNullifier; -import org.cloudfoundry.identity.uaa.authentication.Origin; import org.cloudfoundry.identity.uaa.authentication.UaaAuthentication; import org.cloudfoundry.identity.uaa.authentication.UaaPrincipal; +import org.cloudfoundry.identity.uaa.constants.OriginKeys; import org.cloudfoundry.identity.uaa.error.UaaException; import org.cloudfoundry.identity.uaa.login.test.ThymeleafConfig; import org.cloudfoundry.identity.uaa.user.UaaAuthority; @@ -180,7 +180,7 @@ public void testInvalidEmail() throws Exception { @Test public void testVerifyEmail() throws Exception { - UaaUser user = new UaaUser("user-id-001", "new@example.com", "password", "new@example.com", Collections.emptyList(), "name", "name", null, null, Origin.UAA, null, true, IdentityZoneHolder.get().getId(),"user-id-001", null); + UaaUser user = new UaaUser("user-id-001", "new@example.com", "password", "new@example.com", Collections.emptyList(), "name", "name", null, null, OriginKeys.UAA, null, true, IdentityZoneHolder.get().getId(),"user-id-001", null); when(uaaUserDatabase.retrieveUserById(anyString())).thenReturn(user); Map response = new HashMap<>(); @@ -205,7 +205,7 @@ public void testVerifyEmail() throws Exception { @Test public void testVerifyEmailWithRedirectUrl() throws Exception { - UaaUser user = new UaaUser("user-id-001", "new@example.com", "password", "new@example.com", Collections.emptyList(), "name", "name", null, null, Origin.UAA, null, true, IdentityZoneHolder.get().getId(),"user-id-001", null); + UaaUser user = new UaaUser("user-id-001", "new@example.com", "password", "new@example.com", Collections.emptyList(), "name", "name", null, null, OriginKeys.UAA, null, true, IdentityZoneHolder.get().getId(),"user-id-001", null); when(uaaUserDatabase.retrieveUserById(anyString())).thenReturn(user); Map response = new HashMap<>(); @@ -257,7 +257,7 @@ public void testVerifyEmailWithInvalidCode() throws Exception { private void setupSecurityContext() { Authentication authentication = new UaaAuthentication( - new UaaPrincipal("user-id-001", "bob", "user@example.com", Origin.UAA, null,IdentityZoneHolder.get().getId()), + new UaaPrincipal("user-id-001", "bob", "user@example.com", OriginKeys.UAA, null,IdentityZoneHolder.get().getId()), Arrays.asList(UaaAuthority.UAA_USER), null ); @@ -304,4 +304,4 @@ ChangeEmailController changeEmailController(ChangeEmailService changeEmailServic return changeEmailController; } } -} \ No newline at end of file +} diff --git a/login/src/test/java/org/cloudfoundry/identity/uaa/login/EmailAccountCreationServiceTests.java b/login/src/test/java/org/cloudfoundry/identity/uaa/login/EmailAccountCreationServiceTests.java index 6110493e6d..4ea5e3a741 100644 --- a/login/src/test/java/org/cloudfoundry/identity/uaa/login/EmailAccountCreationServiceTests.java +++ b/login/src/test/java/org/cloudfoundry/identity/uaa/login/EmailAccountCreationServiceTests.java @@ -1,8 +1,8 @@ package org.cloudfoundry.identity.uaa.login; -import org.cloudfoundry.identity.uaa.authentication.Origin; import org.cloudfoundry.identity.uaa.codestore.ExpiringCode; import org.cloudfoundry.identity.uaa.codestore.ExpiringCodeStore; +import org.cloudfoundry.identity.uaa.constants.OriginKeys; import org.cloudfoundry.identity.uaa.error.UaaException; import org.cloudfoundry.identity.uaa.login.test.ThymeleafConfig; import org.cloudfoundry.identity.uaa.scim.ScimUser; @@ -292,7 +292,7 @@ private String setUpForSuccess(String userId, String redirectUri) throws Excepti "familyName"); user.setPrimaryEmail("user@example.com"); user.setPassword("password"); - user.setOrigin(Origin.UAA); + user.setOrigin(OriginKeys.UAA); user.setActive(true); user.setVerified(false); diff --git a/login/src/test/java/org/cloudfoundry/identity/uaa/login/EmailInvitationsServiceTests.java b/login/src/test/java/org/cloudfoundry/identity/uaa/login/EmailInvitationsServiceTests.java index 75f7d6ac4e..5536730ea4 100644 --- a/login/src/test/java/org/cloudfoundry/identity/uaa/login/EmailInvitationsServiceTests.java +++ b/login/src/test/java/org/cloudfoundry/identity/uaa/login/EmailInvitationsServiceTests.java @@ -1,8 +1,8 @@ package org.cloudfoundry.identity.uaa.login; -import org.cloudfoundry.identity.uaa.authentication.Origin; import org.cloudfoundry.identity.uaa.codestore.ExpiringCode; import org.cloudfoundry.identity.uaa.codestore.ExpiringCodeStore; +import org.cloudfoundry.identity.uaa.constants.OriginKeys; import org.cloudfoundry.identity.uaa.login.test.ThymeleafConfig; import org.cloudfoundry.identity.uaa.scim.ScimUser; import org.cloudfoundry.identity.uaa.scim.ScimUserProvisioning; @@ -36,7 +36,7 @@ import java.util.HashMap; import java.util.Map; -import static org.cloudfoundry.identity.uaa.authentication.Origin.UAA; +import static org.cloudfoundry.identity.uaa.constants.OriginKeys.UAA; import static org.cloudfoundry.identity.uaa.login.EmailInvitationsService.EMAIL; import static org.cloudfoundry.identity.uaa.login.EmailInvitationsService.USER_ID; import static org.junit.Assert.assertEquals; @@ -109,7 +109,7 @@ public void acceptInvitationNoClientId() throws Exception { @Test public void acceptInvitationWithClientNotFound() throws Exception { ScimUser user = new ScimUser("user-id-001", "user@example.com", "first", "last"); - user.setOrigin(Origin.UAA); + user.setOrigin(OriginKeys.UAA); when(scimUserProvisioning.verifyUser(anyString(), anyInt())).thenReturn(user); when(scimUserProvisioning.update(anyString(), anyObject())).thenReturn(user); when(scimUserProvisioning.retrieve(eq("user-id-001"))).thenReturn(user); @@ -183,7 +183,7 @@ public void accept_invitation_with_external_user_that_does_not_have_email_as_the String actualUsername = "actual_username"; ScimUser userBeforeAccept = new ScimUser(userId, email, "first", "last"); userBeforeAccept.setPrimaryEmail(email); - userBeforeAccept.setOrigin(Origin.SAML); + userBeforeAccept.setOrigin(OriginKeys.SAML); when(scimUserProvisioning.verifyUser(eq(userId), anyInt())).thenReturn(userBeforeAccept); when(scimUserProvisioning.retrieve(eq(userId))).thenReturn(userBeforeAccept); diff --git a/login/src/test/java/org/cloudfoundry/identity/uaa/login/ProfileControllerTests.java b/login/src/test/java/org/cloudfoundry/identity/uaa/login/ProfileControllerTests.java index d4a496db57..e7abe92feb 100644 --- a/login/src/test/java/org/cloudfoundry/identity/uaa/login/ProfileControllerTests.java +++ b/login/src/test/java/org/cloudfoundry/identity/uaa/login/ProfileControllerTests.java @@ -14,9 +14,9 @@ package org.cloudfoundry.identity.uaa.login; import org.cloudfoundry.identity.uaa.TestClassNullifier; -import org.cloudfoundry.identity.uaa.authentication.Origin; import org.cloudfoundry.identity.uaa.authentication.UaaPrincipal; import org.cloudfoundry.identity.uaa.client.ClientConstants; +import org.cloudfoundry.identity.uaa.constants.OriginKeys; import org.cloudfoundry.identity.uaa.login.test.ThymeleafConfig; import org.cloudfoundry.identity.uaa.zone.IdentityZoneHolder; import org.junit.After; @@ -133,7 +133,7 @@ public void testGetProfileNoAppName() throws Exception { public void testGetProfile(String name) throws Exception { - UaaPrincipal uaaPrincipal = new UaaPrincipal("fake-user-id", "username", "email@example.com", Origin.UAA, null, IdentityZoneHolder.get().getId()); + UaaPrincipal uaaPrincipal = new UaaPrincipal("fake-user-id", "username", "email@example.com", OriginKeys.UAA, null, IdentityZoneHolder.get().getId()); UsernamePasswordAuthenticationToken authentication = new UsernamePasswordAuthenticationToken(uaaPrincipal, null); mockMvc.perform(get("/profile").principal(authentication)) @@ -157,7 +157,7 @@ public void testSpecialMessageWhenNoAppsAreAuthorized() throws Exception { Map> approvalsByClientId = new HashMap>(); Mockito.when(approvalsService.getCurrentApprovalsByClientId()).thenReturn(approvalsByClientId); - UaaPrincipal uaaPrincipal = new UaaPrincipal("fake-user-id", "username", "email@example.com", Origin.UAA, null, IdentityZoneHolder.get().getId()); + UaaPrincipal uaaPrincipal = new UaaPrincipal("fake-user-id", "username", "email@example.com", OriginKeys.UAA, null, IdentityZoneHolder.get().getId()); UsernamePasswordAuthenticationToken authentication = new UsernamePasswordAuthenticationToken(uaaPrincipal, null); mockMvc.perform(get("/profile").principal(authentication)) @@ -169,7 +169,7 @@ public void testSpecialMessageWhenNoAppsAreAuthorized() throws Exception { @Test public void testPasswordLinkHiddenWhenUsersOriginIsNotUaa() throws Exception { - UaaPrincipal uaaPrincipal = new UaaPrincipal("fake-user-id", "username", "email@example.com", Origin.LDAP, "dnEntryForLdapUser", IdentityZoneHolder.get().getId()); + UaaPrincipal uaaPrincipal = new UaaPrincipal("fake-user-id", "username", "email@example.com", OriginKeys.LDAP, "dnEntryForLdapUser", IdentityZoneHolder.get().getId()); UsernamePasswordAuthenticationToken authentication = new UsernamePasswordAuthenticationToken(uaaPrincipal, null); mockMvc.perform(get("/profile").principal(authentication)) diff --git a/login/src/test/java/org/cloudfoundry/identity/uaa/login/util/SecurityUtils.java b/login/src/test/java/org/cloudfoundry/identity/uaa/login/util/SecurityUtils.java index 7eaaf6e20b..562afd1617 100644 --- a/login/src/test/java/org/cloudfoundry/identity/uaa/login/util/SecurityUtils.java +++ b/login/src/test/java/org/cloudfoundry/identity/uaa/login/util/SecurityUtils.java @@ -13,13 +13,12 @@ */ package org.cloudfoundry.identity.uaa.login.util; -import org.cloudfoundry.identity.uaa.authentication.Origin; import org.cloudfoundry.identity.uaa.authentication.UaaAuthentication; import org.cloudfoundry.identity.uaa.authentication.UaaAuthenticationDetails; import org.cloudfoundry.identity.uaa.authentication.UaaPrincipal; +import org.cloudfoundry.identity.uaa.constants.OriginKeys; import org.cloudfoundry.identity.uaa.zone.IdentityZoneHolder; import org.springframework.mock.web.MockHttpServletRequest; -import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; import org.springframework.security.core.Authentication; import org.springframework.security.core.GrantedAuthority; import org.springframework.security.core.context.SecurityContext; @@ -27,10 +26,8 @@ import org.springframework.security.oauth2.provider.OAuth2Authentication; import org.springframework.security.oauth2.provider.OAuth2Request; -import java.util.Arrays; import java.util.Collections; import java.util.LinkedList; -import java.util.List; import java.util.Set; import static org.junit.Assert.assertTrue; @@ -46,7 +43,7 @@ public static SecurityContext defaultSecurityContext(Authentication authenticati } public static Authentication fullyAuthenticatedUser(String id, String username, String email, GrantedAuthority... authorities) { - UaaPrincipal p = new UaaPrincipal(id, username, email, Origin.UAA,"", IdentityZoneHolder.get().getId()); + UaaPrincipal p = new UaaPrincipal(id, username, email, OriginKeys.UAA,"", IdentityZoneHolder.get().getId()); LinkedList grantedAuthorities = new LinkedList<>(); Collections.addAll(grantedAuthorities, authorities); UaaAuthentication auth = new UaaAuthentication(p, "", grantedAuthorities, new UaaAuthenticationDetails(new MockHttpServletRequest()),true, System.currentTimeMillis()); diff --git a/payload/build.gradle b/payload/build.gradle index 1db3575d86..a5f640ffe8 100644 --- a/payload/build.gradle +++ b/payload/build.gradle @@ -1,6 +1,10 @@ description = 'CloudFoundry Identity Payload Data Objects JAR' dependencies { + compile group: 'javax.validation', name: 'validation-api', version: parent.validationAPIVersion + + compile group: 'com.fasterxml.jackson.core', name: 'jackson-databind', version:parent.jacksonVersion + compile(group: 'org.springframework.security.oauth', name: 'spring-security-oauth2', version:parent.springSecurityOAuthVersion) { exclude(module: 'commons-codec') exclude(module: 'jackson-mapper-asl') @@ -17,5 +21,5 @@ apply from: file('build_properties.gradle') processResources { //maven replaces project.artifactId in the log4j.properties file //https://www.pivotaltracker.com/story/show/74344574 - filter { line -> line.contains('${project.artifactId}') ? line.replace('${project.artifactId}','cloudfoundry-identity-common') : line } + filter { line -> line.contains('${project.artifactId}') ? line.replace('${project.artifactId}','cloudfoundry-identity-payload') : line } } diff --git a/common/src/main/java/org/cloudfoundry/identity/uaa/config/IdentityZoneConfiguration.java b/payload/src/main/java/org/cloudfoundry/identity/uaa/config/IdentityZoneConfiguration.java similarity index 100% rename from common/src/main/java/org/cloudfoundry/identity/uaa/config/IdentityZoneConfiguration.java rename to payload/src/main/java/org/cloudfoundry/identity/uaa/config/IdentityZoneConfiguration.java diff --git a/common/src/main/java/org/cloudfoundry/identity/uaa/config/KeyPair.java b/payload/src/main/java/org/cloudfoundry/identity/uaa/config/KeyPair.java similarity index 92% rename from common/src/main/java/org/cloudfoundry/identity/uaa/config/KeyPair.java rename to payload/src/main/java/org/cloudfoundry/identity/uaa/config/KeyPair.java index 9484baede2..3181b9adea 100644 --- a/common/src/main/java/org/cloudfoundry/identity/uaa/config/KeyPair.java +++ b/payload/src/main/java/org/cloudfoundry/identity/uaa/config/KeyPair.java @@ -17,12 +17,15 @@ import org.springframework.security.oauth2.common.util.RandomValueStringGenerator; import java.util.HashMap; +import java.util.UUID; /** * Created by pivotal on 11/11/15. */ public class KeyPair { + + private UUID id; private String verificationKey = new RandomValueStringGenerator().generate(); private String signingKey = verificationKey; @@ -38,6 +41,10 @@ public KeyPair(String signingKey, String verificationKey) { this.verificationKey = verificationKey; } + public UUID getId() { return id; } + + public void setId(UUID id) { this.id = id; } + public String getSigningKey() { return signingKey; } diff --git a/common/src/main/java/org/cloudfoundry/identity/uaa/config/KeyPairsMap.java b/payload/src/main/java/org/cloudfoundry/identity/uaa/config/KeyPairsMap.java similarity index 100% rename from common/src/main/java/org/cloudfoundry/identity/uaa/config/KeyPairsMap.java rename to payload/src/main/java/org/cloudfoundry/identity/uaa/config/KeyPairsMap.java diff --git a/common/src/main/java/org/cloudfoundry/identity/uaa/config/SamlConfig.java b/payload/src/main/java/org/cloudfoundry/identity/uaa/config/SamlConfig.java similarity index 100% rename from common/src/main/java/org/cloudfoundry/identity/uaa/config/SamlConfig.java rename to payload/src/main/java/org/cloudfoundry/identity/uaa/config/SamlConfig.java diff --git a/common/src/main/java/org/cloudfoundry/identity/uaa/config/TokenPolicy.java b/payload/src/main/java/org/cloudfoundry/identity/uaa/config/TokenPolicy.java similarity index 100% rename from common/src/main/java/org/cloudfoundry/identity/uaa/config/TokenPolicy.java rename to payload/src/main/java/org/cloudfoundry/identity/uaa/config/TokenPolicy.java diff --git a/payload/src/main/java/org/cloudfoundry/identity/uaa/constants/OriginKeys.java b/payload/src/main/java/org/cloudfoundry/identity/uaa/constants/OriginKeys.java new file mode 100644 index 0000000000..1367064199 --- /dev/null +++ b/payload/src/main/java/org/cloudfoundry/identity/uaa/constants/OriginKeys.java @@ -0,0 +1,32 @@ +/* + * ****************************************************************************** + * Cloud Foundry Copyright (c) [2009-2015] Pivotal Software, Inc. All Rights Reserved. + * + * This product is licensed to you under the Apache License, Version 2.0 (the "License"). + * You may not use this product except in compliance with the License. + * + * This product includes a number of subcomponents with + * separate copyright notices and license terms. Your use of these + * subcomponents is subject to the terms and conditions of the + * subcomponent's license, as noted in the LICENSE file. + * ****************************************************************************** + */ + +package org.cloudfoundry.identity.uaa.constants; + +/** + * Created by pivotal on 11/16/15. + */ +public final class OriginKeys { + + private OriginKeys() {} + + public static final String ORIGIN = "origin"; + public static final String UAA = "uaa"; + public static final String LOGIN_SERVER = "login-server"; + public static final String LDAP = "ldap"; + public static final String KEYSTONE = "keystone"; + public static final String SAML = "saml"; + public static final String NotANumber = "NaN"; + public static final String UNKNOWN = "unknown"; +} diff --git a/common/src/main/java/org/cloudfoundry/identity/uaa/zone/IdentityZone.java b/payload/src/main/java/org/cloudfoundry/identity/uaa/zone/IdentityZone.java similarity index 93% rename from common/src/main/java/org/cloudfoundry/identity/uaa/zone/IdentityZone.java rename to payload/src/main/java/org/cloudfoundry/identity/uaa/zone/IdentityZone.java index 2359390764..5d52adb106 100644 --- a/common/src/main/java/org/cloudfoundry/identity/uaa/zone/IdentityZone.java +++ b/payload/src/main/java/org/cloudfoundry/identity/uaa/zone/IdentityZone.java @@ -13,18 +13,13 @@ package org.cloudfoundry.identity.uaa.zone; import com.fasterxml.jackson.annotation.JsonProperty; -import com.fasterxml.jackson.databind.annotation.JsonDeserialize; -import com.fasterxml.jackson.databind.annotation.JsonSerialize; -import org.cloudfoundry.identity.uaa.authentication.Origin; import org.cloudfoundry.identity.uaa.config.IdentityZoneConfiguration; +import org.cloudfoundry.identity.uaa.constants.OriginKeys; import javax.validation.constraints.NotNull; - import java.util.Calendar; import java.util.Date; -@JsonSerialize -@JsonDeserialize public class IdentityZone { public static final IdentityZone getUaa() { Calendar calendar = Calendar.getInstance(); @@ -34,8 +29,8 @@ public static final IdentityZone getUaa() { uaa.setCreated(calendar.getTime()); uaa.setLastModified(calendar.getTime()); uaa.setVersion(0); - uaa.setId(Origin.UAA); - uaa.setName(Origin.UAA); + uaa.setId(OriginKeys.UAA); + uaa.setName(OriginKeys.UAA); uaa.setDescription("The system zone for backwards compatibility"); uaa.setSubdomain(""); return uaa; diff --git a/scim/src/main/java/org/cloudfoundry/identity/uaa/authorization/external/LdapGroupMappingAuthorizationManager.java b/scim/src/main/java/org/cloudfoundry/identity/uaa/authorization/external/LdapGroupMappingAuthorizationManager.java index 0c62ccbee2..ddbf7b3827 100644 --- a/scim/src/main/java/org/cloudfoundry/identity/uaa/authorization/external/LdapGroupMappingAuthorizationManager.java +++ b/scim/src/main/java/org/cloudfoundry/identity/uaa/authorization/external/LdapGroupMappingAuthorizationManager.java @@ -14,14 +14,12 @@ import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; -import org.apache.xml.resolver.readers.OASISXMLCatalogReader; -import org.cloudfoundry.identity.uaa.authentication.Origin; import org.cloudfoundry.identity.uaa.authorization.ExternalGroupMappingAuthorizationManager; +import org.cloudfoundry.identity.uaa.constants.OriginKeys; import org.cloudfoundry.identity.uaa.ldap.extension.LdapAuthority; import org.cloudfoundry.identity.uaa.scim.ScimGroupExternalMember; import org.cloudfoundry.identity.uaa.scim.ScimGroupExternalMembershipManager; import org.cloudfoundry.identity.uaa.scim.ScimGroupProvisioning; -import org.cloudfoundry.identity.uaa.zone.IdentityZoneHolder; import org.springframework.security.core.GrantedAuthority; import org.springframework.security.core.authority.SimpleGrantedAuthority; @@ -43,7 +41,7 @@ public Set findScopesFromAuthorities(Set members = extMbrMgr.getExternalGroupMapsByExternalGroup(la.getDn(), Origin.LDAP); + List members = extMbrMgr.getExternalGroupMapsByExternalGroup(la.getDn(), OriginKeys.LDAP); for (ScimGroupExternalMember member : members) { SimpleGrantedAuthority mapped = new SimpleGrantedAuthority(member.getDisplayName()); result.add(mapped); diff --git a/scim/src/main/java/org/cloudfoundry/identity/uaa/login/UaaResetPasswordService.java b/scim/src/main/java/org/cloudfoundry/identity/uaa/login/UaaResetPasswordService.java index 01f817da29..59d242dc68 100644 --- a/scim/src/main/java/org/cloudfoundry/identity/uaa/login/UaaResetPasswordService.java +++ b/scim/src/main/java/org/cloudfoundry/identity/uaa/login/UaaResetPasswordService.java @@ -12,9 +12,9 @@ *******************************************************************************/ package org.cloudfoundry.identity.uaa.login; -import org.cloudfoundry.identity.uaa.authentication.Origin; import org.cloudfoundry.identity.uaa.codestore.ExpiringCode; import org.cloudfoundry.identity.uaa.codestore.ExpiringCodeStore; +import org.cloudfoundry.identity.uaa.constants.OriginKeys; import org.cloudfoundry.identity.uaa.error.InvalidCodeException; import org.cloudfoundry.identity.uaa.error.UaaException; import org.cloudfoundry.identity.uaa.password.event.PasswordChangeEvent; @@ -35,15 +35,12 @@ import org.springframework.security.oauth2.provider.ClientDetails; import org.springframework.security.oauth2.provider.ClientDetailsService; import org.springframework.security.oauth2.provider.NoSuchClientException; -import org.springframework.util.StringUtils; import org.springframework.web.client.RestClientException; import java.sql.Timestamp; import java.util.Collections; import java.util.Date; -import java.util.HashMap; import java.util.List; -import java.util.Map; import java.util.Set; import java.util.regex.Pattern; @@ -134,7 +131,7 @@ private ResetPasswordResponse changePasswordCodeAuthenticated(String code, Strin @Override public ForgotPasswordInfo forgotPassword(String email, String clientId, String redirectUri) { String jsonEmail = JsonUtils.writeValueAsString(email); - List results = scimUserProvisioning.query("userName eq " + jsonEmail + " and origin eq \"" + Origin.UAA + "\""); + List results = scimUserProvisioning.query("userName eq " + jsonEmail + " and origin eq \"" + OriginKeys.UAA + "\""); if (results.isEmpty()) { results = scimUserProvisioning.query("userName eq " + jsonEmail); if (results.isEmpty()) { diff --git a/scim/src/main/java/org/cloudfoundry/identity/uaa/scim/ScimGroupMember.java b/scim/src/main/java/org/cloudfoundry/identity/uaa/scim/ScimGroupMember.java index d97655c9a6..39e811d7ba 100644 --- a/scim/src/main/java/org/cloudfoundry/identity/uaa/scim/ScimGroupMember.java +++ b/scim/src/main/java/org/cloudfoundry/identity/uaa/scim/ScimGroupMember.java @@ -18,7 +18,7 @@ import com.fasterxml.jackson.annotation.JsonIgnore; import com.fasterxml.jackson.annotation.JsonInclude; import com.fasterxml.jackson.annotation.JsonProperty; -import org.cloudfoundry.identity.uaa.authentication.Origin; +import org.cloudfoundry.identity.uaa.constants.OriginKeys; @JsonInclude(JsonInclude.Include.NON_NULL) public class ScimGroupMember { @@ -34,7 +34,7 @@ public enum Role { @JsonProperty("value") private String memberId; - private String origin = Origin.UAA; + private String origin = OriginKeys.UAA; @JsonInclude(JsonInclude.Include.NON_NULL) public enum Type { diff --git a/scim/src/main/java/org/cloudfoundry/identity/uaa/scim/ScimUserJsonDeserializer.java b/scim/src/main/java/org/cloudfoundry/identity/uaa/scim/ScimUserJsonDeserializer.java index 19d43796fc..7a474a0a71 100644 --- a/scim/src/main/java/org/cloudfoundry/identity/uaa/scim/ScimUserJsonDeserializer.java +++ b/scim/src/main/java/org/cloudfoundry/identity/uaa/scim/ScimUserJsonDeserializer.java @@ -23,7 +23,7 @@ import com.fasterxml.jackson.databind.DeserializationContext; import com.fasterxml.jackson.databind.JsonDeserializer; import com.fasterxml.jackson.databind.exc.UnrecognizedPropertyException; -import org.cloudfoundry.identity.uaa.authentication.Origin; +import org.cloudfoundry.identity.uaa.constants.OriginKeys; import org.cloudfoundry.identity.uaa.oauth.approval.Approval; import org.cloudfoundry.identity.uaa.util.json.JsonDateDeserializer; @@ -76,7 +76,7 @@ public ScimUser deserialize(JsonParser jp, DeserializationContext ctxt) throws I user.setActive(jp.readValueAs(Boolean.class)); } else if ("verified".equalsIgnoreCase(fieldName)) { user.setVerified(jp.readValueAs(Boolean.class)); - } else if (Origin.ORIGIN.equalsIgnoreCase(fieldName)) { + } else if (OriginKeys.ORIGIN.equalsIgnoreCase(fieldName)) { user.setOrigin(jp.readValueAs(String.class)); } else if ("externalId".equalsIgnoreCase(fieldName)) { user.setExternalId(jp.readValueAs(String.class)); diff --git a/scim/src/main/java/org/cloudfoundry/identity/uaa/scim/bootstrap/ScimExternalGroupBootstrap.java b/scim/src/main/java/org/cloudfoundry/identity/uaa/scim/bootstrap/ScimExternalGroupBootstrap.java index 449a19d122..31a50c88e2 100644 --- a/scim/src/main/java/org/cloudfoundry/identity/uaa/scim/bootstrap/ScimExternalGroupBootstrap.java +++ b/scim/src/main/java/org/cloudfoundry/identity/uaa/scim/bootstrap/ScimExternalGroupBootstrap.java @@ -21,7 +21,7 @@ import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; -import org.cloudfoundry.identity.uaa.authentication.Origin; +import org.cloudfoundry.identity.uaa.constants.OriginKeys; import org.cloudfoundry.identity.uaa.scim.ScimGroup; import org.cloudfoundry.identity.uaa.scim.ScimGroupExternalMember; import org.cloudfoundry.identity.uaa.scim.ScimGroupExternalMembershipManager; @@ -110,7 +110,7 @@ public void afterPropertiesSet() throws Exception { } - String origin = Origin.LDAP; + String origin = OriginKeys.LDAP; if (null != groups && groups.size() == 1) { String groupId = groups.get(0).getId(); if (StringUtils.hasText(fields[1])) { diff --git a/scim/src/main/java/org/cloudfoundry/identity/uaa/scim/bootstrap/ScimUserBootstrap.java b/scim/src/main/java/org/cloudfoundry/identity/uaa/scim/bootstrap/ScimUserBootstrap.java index f0d640688d..769a271e42 100644 --- a/scim/src/main/java/org/cloudfoundry/identity/uaa/scim/bootstrap/ScimUserBootstrap.java +++ b/scim/src/main/java/org/cloudfoundry/identity/uaa/scim/bootstrap/ScimUserBootstrap.java @@ -14,11 +14,11 @@ import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; -import org.cloudfoundry.identity.uaa.authentication.Origin; import org.cloudfoundry.identity.uaa.authentication.manager.AuthEvent; import org.cloudfoundry.identity.uaa.authentication.manager.ExternalGroupAuthorizationEvent; import org.cloudfoundry.identity.uaa.authentication.manager.InvitedUserAuthenticatedEvent; import org.cloudfoundry.identity.uaa.authentication.manager.NewUserAuthenticatedEvent; +import org.cloudfoundry.identity.uaa.constants.OriginKeys; import org.cloudfoundry.identity.uaa.scim.ScimGroup; import org.cloudfoundry.identity.uaa.scim.ScimGroupMember; import org.cloudfoundry.identity.uaa.scim.ScimGroupMembershipManager; @@ -99,7 +99,7 @@ public void afterPropertiesSet() throws Exception { protected ScimUser getScimUser(UaaUser user) { List users = scimUserProvisioning.query("userName eq \"" + user.getUsername() + "\"" + " and origin eq \"" + - (user.getOrigin() == null ? Origin.UAA : user.getOrigin()) + "\""); + (user.getOrigin() == null ? OriginKeys.UAA : user.getOrigin()) + "\""); if (users.isEmpty() && StringUtils.hasText(user.getId())) { try { @@ -149,7 +149,7 @@ private void updateUser(ScimUser existingUser, UaaUser updatedUser, boolean upda final ScimUser newScimUser = convertToScimUser(updatedUser); newScimUser.setVersion(existingUser.getVersion()); scimUserProvisioning.update(id, newScimUser); - if (Origin.UAA.equals(newScimUser.getOrigin())) { //password is not relevant for non UAA users + if (OriginKeys.UAA.equals(newScimUser.getOrigin())) { //password is not relevant for non UAA users scimUserProvisioning.changePassword(id, null, updatedUser.getPassword()); } if (updateGroups) { @@ -183,7 +183,7 @@ public void onApplicationEvent(AuthEvent event) { ExternalGroupAuthorizationEvent exEvent = (ExternalGroupAuthorizationEvent)event; //delete previous membership relation ships String origin = exEvent.getUser().getOrigin(); - if (!Origin.UAA.equals(origin)) {//only delete non UAA relationships + if (!OriginKeys.UAA.equals(origin)) {//only delete non UAA relationships membershipManager.delete("member_id eq \""+event.getUser().getId()+"\" and origin eq \""+origin+"\""); } for (GrantedAuthority authority : exEvent.getExternalAuthorities()) { @@ -205,7 +205,7 @@ public void onApplicationEvent(AuthEvent event) { } private void addToGroup(String scimUserId, String gName) { - addToGroup(scimUserId,gName,Origin.UAA, true); + addToGroup(scimUserId,gName, OriginKeys.UAA, true); } private void addToGroup(String scimUserId, String gName, String origin, boolean addGroup) { diff --git a/scim/src/main/java/org/cloudfoundry/identity/uaa/scim/endpoints/ChangeEmailEndpoints.java b/scim/src/main/java/org/cloudfoundry/identity/uaa/scim/endpoints/ChangeEmailEndpoints.java index eddb1cbef9..1fc4feb8ea 100644 --- a/scim/src/main/java/org/cloudfoundry/identity/uaa/scim/endpoints/ChangeEmailEndpoints.java +++ b/scim/src/main/java/org/cloudfoundry/identity/uaa/scim/endpoints/ChangeEmailEndpoints.java @@ -3,9 +3,9 @@ import com.fasterxml.jackson.annotation.JsonProperty; import com.fasterxml.jackson.core.type.TypeReference; import org.cloudfoundry.identity.uaa.audit.event.UserModifiedEvent; -import org.cloudfoundry.identity.uaa.authentication.Origin; import org.cloudfoundry.identity.uaa.codestore.ExpiringCode; import org.cloudfoundry.identity.uaa.codestore.ExpiringCodeStore; +import org.cloudfoundry.identity.uaa.constants.OriginKeys; import org.cloudfoundry.identity.uaa.error.UaaException; import org.cloudfoundry.identity.uaa.rest.QueryableResourceManager; import org.cloudfoundry.identity.uaa.scim.ScimUser; @@ -53,7 +53,7 @@ public ResponseEntity generateEmailVerificationCode(@RequestBody EmailCh ScimUser user = scimUserProvisioning.retrieve(userId); if (user.getUserName().equals(user.getPrimaryEmail())) { - List results = scimUserProvisioning.query("userName eq \"" + email + "\" and origin eq \"" + Origin.UAA + "\""); + List results = scimUserProvisioning.query("userName eq \"" + email + "\" and origin eq \"" + OriginKeys.UAA + "\""); if (!results.isEmpty()) { return new ResponseEntity<>(CONFLICT); } diff --git a/scim/src/main/java/org/cloudfoundry/identity/uaa/scim/endpoints/PasswordResetEndpoint.java b/scim/src/main/java/org/cloudfoundry/identity/uaa/scim/endpoints/PasswordResetEndpoint.java index 69ce09413a..e9b35f5963 100644 --- a/scim/src/main/java/org/cloudfoundry/identity/uaa/scim/endpoints/PasswordResetEndpoint.java +++ b/scim/src/main/java/org/cloudfoundry/identity/uaa/scim/endpoints/PasswordResetEndpoint.java @@ -12,14 +12,13 @@ *******************************************************************************/ package org.cloudfoundry.identity.uaa.scim.endpoints; -import org.cloudfoundry.identity.uaa.authentication.Origin; import org.cloudfoundry.identity.uaa.codestore.ExpiringCode; import org.cloudfoundry.identity.uaa.codestore.ExpiringCodeStore; import org.cloudfoundry.identity.uaa.codestore.ExpiringCodeType; +import org.cloudfoundry.identity.uaa.constants.OriginKeys; import org.cloudfoundry.identity.uaa.error.ConvertingExceptionView; import org.cloudfoundry.identity.uaa.error.ExceptionReport; import org.cloudfoundry.identity.uaa.error.InvalidCodeException; -import org.cloudfoundry.identity.uaa.error.UaaException; import org.cloudfoundry.identity.uaa.login.ConflictException; import org.cloudfoundry.identity.uaa.login.ForgotPasswordInfo; import org.cloudfoundry.identity.uaa.login.NotFoundException; @@ -134,7 +133,7 @@ private ExpiringCode getCode(String id, String username, String clientId) { codeData.put("user_id", id); codeData.put("username", username); codeData.put(OAuth2Utils.CLIENT_ID, clientId); - codeData.put(Origin.ORIGIN, Origin.UAA); + codeData.put(OriginKeys.ORIGIN, OriginKeys.UAA); codeData.put("action", ExpiringCodeType.AUTOLOGIN.name()); return codeStore.generateCode(JsonUtils.writeValueAsString(codeData), new Timestamp(System.currentTimeMillis() + 5 * 60 * 1000)); } diff --git a/scim/src/main/java/org/cloudfoundry/identity/uaa/scim/endpoints/ScimGroupEndpoints.java b/scim/src/main/java/org/cloudfoundry/identity/uaa/scim/endpoints/ScimGroupEndpoints.java index 38c66531c6..f01c23d5ed 100644 --- a/scim/src/main/java/org/cloudfoundry/identity/uaa/scim/endpoints/ScimGroupEndpoints.java +++ b/scim/src/main/java/org/cloudfoundry/identity/uaa/scim/endpoints/ScimGroupEndpoints.java @@ -14,7 +14,7 @@ import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; -import org.cloudfoundry.identity.uaa.authentication.Origin; +import org.cloudfoundry.identity.uaa.constants.OriginKeys; import org.cloudfoundry.identity.uaa.error.ConvertingExceptionView; import org.cloudfoundry.identity.uaa.error.ExceptionReport; import org.cloudfoundry.identity.uaa.rest.SearchResults; @@ -222,7 +222,7 @@ public ScimGroupExternalMember mapExternalGroup(@RequestBody ScimGroupExternalMe String displayName = sgm.getDisplayName(); String groupId = sgm.getGroupId()==null?getGroupId(displayName):sgm.getGroupId(); String externalGroup = sgm.getExternalGroup().trim(); - String origin = StringUtils.hasText(sgm.getOrigin()) ? sgm.getOrigin() : Origin.LDAP; + String origin = StringUtils.hasText(sgm.getOrigin()) ? sgm.getOrigin() : OriginKeys.LDAP; return externalMembershipManager.mapExternalGroup(groupId, externalGroup, origin); } catch (IllegalArgumentException e) { throw new ScimException(e.getMessage(), HttpStatus.BAD_REQUEST); @@ -249,7 +249,7 @@ public ScimGroupExternalMember unmapExternalGroup(@PathVariable String groupId, @PathVariable String origin) { try { if (!StringUtils.hasText(origin)) { - origin = Origin.LDAP; + origin = OriginKeys.LDAP; } return externalMembershipManager.unmapExternalGroup(groupId, externalGroup.trim(), origin); } catch (IllegalArgumentException e) { @@ -266,7 +266,7 @@ public ScimGroupExternalMember unmapExternalGroup(@PathVariable String groupId, @ResponseStatus(HttpStatus.OK) @Deprecated public ScimGroupExternalMember deprecatedUnmapExternalGroup(@PathVariable String groupId, @PathVariable String externalGroup) { - return unmapExternalGroup(groupId, externalGroup, Origin.LDAP); + return unmapExternalGroup(groupId, externalGroup, OriginKeys.LDAP); } @RequestMapping(value = { "/Groups/External/displayName/{displayName}/externalGroup/{externalGroup}" }, method = RequestMethod.DELETE) @@ -274,7 +274,7 @@ public ScimGroupExternalMember deprecatedUnmapExternalGroup(@PathVariable String @ResponseStatus(HttpStatus.OK) @Deprecated public ScimGroupExternalMember unmapExternalGroupUsingName(@PathVariable String displayName, @PathVariable String externalGroup) { - return unmapExternalGroupUsingName(displayName, externalGroup, Origin.LDAP); + return unmapExternalGroupUsingName(displayName, externalGroup, OriginKeys.LDAP); } @RequestMapping(value = { "/Groups/External/displayName/{displayName}/externalGroup/{externalGroup}/origin/{origin}" }, method = RequestMethod.DELETE) @@ -285,7 +285,7 @@ public ScimGroupExternalMember unmapExternalGroupUsingName(@PathVariable String @PathVariable String origin) { try { if (!StringUtils.hasText(origin)) { - origin = Origin.LDAP; + origin = OriginKeys.LDAP; } return externalMembershipManager.unmapExternalGroup(getGroupId(displayName), externalGroup.trim(),origin); diff --git a/scim/src/main/java/org/cloudfoundry/identity/uaa/scim/endpoints/UserIdConversionEndpoints.java b/scim/src/main/java/org/cloudfoundry/identity/uaa/scim/endpoints/UserIdConversionEndpoints.java index 5a9ed8ad8c..39b0bdf748 100644 --- a/scim/src/main/java/org/cloudfoundry/identity/uaa/scim/endpoints/UserIdConversionEndpoints.java +++ b/scim/src/main/java/org/cloudfoundry/identity/uaa/scim/endpoints/UserIdConversionEndpoints.java @@ -17,7 +17,7 @@ import com.unboundid.scim.sdk.SCIMFilter; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; -import org.cloudfoundry.identity.uaa.authentication.Origin; +import org.cloudfoundry.identity.uaa.constants.OriginKeys; import org.cloudfoundry.identity.uaa.rest.SearchResults; import org.cloudfoundry.identity.uaa.scim.ScimCore; import org.cloudfoundry.identity.uaa.scim.exception.ScimException; @@ -158,7 +158,7 @@ private boolean checkFilter(SCIMFilter filter) { if ("id".equalsIgnoreCase(name) || "userName".equalsIgnoreCase(name)) { return true; - } else if (Origin.ORIGIN.equalsIgnoreCase(name)) { + } else if (OriginKeys.ORIGIN.equalsIgnoreCase(name)) { return false; } else { throw new ScimException("Invalid filter attribute.", HttpStatus.BAD_REQUEST); diff --git a/scim/src/main/java/org/cloudfoundry/identity/uaa/scim/jdbc/JdbcScimUserProvisioning.java b/scim/src/main/java/org/cloudfoundry/identity/uaa/scim/jdbc/JdbcScimUserProvisioning.java index c53260fef8..1f2aa31a60 100644 --- a/scim/src/main/java/org/cloudfoundry/identity/uaa/scim/jdbc/JdbcScimUserProvisioning.java +++ b/scim/src/main/java/org/cloudfoundry/identity/uaa/scim/jdbc/JdbcScimUserProvisioning.java @@ -14,7 +14,7 @@ import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; -import org.cloudfoundry.identity.uaa.authentication.Origin; +import org.cloudfoundry.identity.uaa.constants.OriginKeys; import org.cloudfoundry.identity.uaa.rest.ResourceMonitor; import org.cloudfoundry.identity.uaa.rest.jdbc.AbstractQueryable; import org.cloudfoundry.identity.uaa.rest.jdbc.JdbcPagingListFactory; @@ -142,7 +142,7 @@ public ScimUser create(final ScimUser user) { final String id = UUID.randomUUID().toString(); final String identityZoneId = IdentityZoneHolder.get().getId(); - final String origin = StringUtils.hasText(user.getOrigin()) ? user.getOrigin() : Origin.UAA; + final String origin = StringUtils.hasText(user.getOrigin()) ? user.getOrigin() : OriginKeys.UAA; try { jdbcTemplate.update(CREATE_USER_SQL, new PreparedStatementSetter() { @@ -177,7 +177,7 @@ public void setValues(PreparedStatement ps) throws SQLException { }); } catch (DuplicateKeyException e) { - ScimUser existingUser = query("userName eq \"" + user.getUserName() + "\" and origin eq \"" + (StringUtils.hasText(user.getOrigin())? user.getOrigin() : Origin.UAA) + "\"").get(0); + ScimUser existingUser = query("userName eq \"" + user.getUserName() + "\" and origin eq \"" + (StringUtils.hasText(user.getOrigin())? user.getOrigin() : OriginKeys.UAA) + "\"").get(0); Map userDetails = new HashMap<>(); userDetails.put("active", existingUser.isActive()); userDetails.put("verified", existingUser.isVerified()); @@ -221,7 +221,7 @@ private String extractPhoneNumber(final ScimUser user) { public ScimUser update(final String id, final ScimUser user) throws InvalidScimResourceException { validate(user); logger.debug("Updating user " + user.getUserName()); - final String origin = StringUtils.hasText(user.getOrigin()) ? user.getOrigin() : Origin.UAA; + final String origin = StringUtils.hasText(user.getOrigin()) ? user.getOrigin() : OriginKeys.UAA; int updated = jdbcTemplate.update(UPDATE_USER_SQL, new PreparedStatementSetter() { @Override diff --git a/scim/src/main/java/org/cloudfoundry/identity/uaa/scim/validate/UaaPasswordPolicyValidator.java b/scim/src/main/java/org/cloudfoundry/identity/uaa/scim/validate/UaaPasswordPolicyValidator.java index 7dbf039213..748411f79e 100644 --- a/scim/src/main/java/org/cloudfoundry/identity/uaa/scim/validate/UaaPasswordPolicyValidator.java +++ b/scim/src/main/java/org/cloudfoundry/identity/uaa/scim/validate/UaaPasswordPolicyValidator.java @@ -1,7 +1,7 @@ package org.cloudfoundry.identity.uaa.scim.validate; -import org.cloudfoundry.identity.uaa.authentication.Origin; import org.cloudfoundry.identity.uaa.config.PasswordPolicy; +import org.cloudfoundry.identity.uaa.constants.OriginKeys; import org.cloudfoundry.identity.uaa.scim.exception.InvalidPasswordException; import org.cloudfoundry.identity.uaa.zone.IdentityProvider; import org.cloudfoundry.identity.uaa.zone.IdentityProviderProvisioning; @@ -50,7 +50,7 @@ public void validate(String password) throws InvalidPasswordException { throw new IllegalArgumentException("Password cannot be null"); } - IdentityProvider idp = provisioning.retrieveByOrigin(Origin.UAA, IdentityZoneHolder.get().getId()); + IdentityProvider idp = provisioning.retrieveByOrigin(OriginKeys.UAA, IdentityZoneHolder.get().getId()); if (idp==null) { //should never happen return; diff --git a/scim/src/test/java/org/cloudfoundry/identity/uaa/scim/bootstrap/ScimExternalGroupBootstrapTests.java b/scim/src/test/java/org/cloudfoundry/identity/uaa/scim/bootstrap/ScimExternalGroupBootstrapTests.java index b8424a7e45..48fa931bcf 100644 --- a/scim/src/test/java/org/cloudfoundry/identity/uaa/scim/bootstrap/ScimExternalGroupBootstrapTests.java +++ b/scim/src/test/java/org/cloudfoundry/identity/uaa/scim/bootstrap/ScimExternalGroupBootstrapTests.java @@ -18,7 +18,7 @@ import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertNull; -import org.cloudfoundry.identity.uaa.authentication.Origin; +import org.cloudfoundry.identity.uaa.constants.OriginKeys; import org.cloudfoundry.identity.uaa.rest.jdbc.JdbcPagingListFactory; import org.cloudfoundry.identity.uaa.scim.ScimGroup; import org.cloudfoundry.identity.uaa.scim.ScimGroupExternalMembershipManager; @@ -26,7 +26,6 @@ import org.cloudfoundry.identity.uaa.scim.jdbc.JdbcScimGroupProvisioning; import org.cloudfoundry.identity.uaa.test.JdbcTestBase; import org.cloudfoundry.identity.uaa.zone.IdentityZone; -import org.cloudfoundry.identity.uaa.zone.IdentityZoneHolder; import org.junit.Before; import org.junit.Test; @@ -61,12 +60,12 @@ public void canAddExternalGroups() throws Exception { bootstrap.afterPropertiesSet(); - assertEquals(2, eDB.getExternalGroupMapsByExternalGroup("cn=Engineering,ou=groups,dc=example,dc=com", Origin.LDAP).size()); - assertEquals(1, eDB.getExternalGroupMapsByExternalGroup("cn=HR,ou=groups,dc=example,dc=com", Origin.LDAP).size()); - assertEquals(1, eDB.getExternalGroupMapsByExternalGroup("cn=mgmt,ou=groups,dc=example,dc=com", Origin.LDAP).size()); + assertEquals(2, eDB.getExternalGroupMapsByExternalGroup("cn=Engineering,ou=groups,dc=example,dc=com", OriginKeys.LDAP).size()); + assertEquals(1, eDB.getExternalGroupMapsByExternalGroup("cn=HR,ou=groups,dc=example,dc=com", OriginKeys.LDAP).size()); + assertEquals(1, eDB.getExternalGroupMapsByExternalGroup("cn=mgmt,ou=groups,dc=example,dc=com", OriginKeys.LDAP).size()); - assertEquals(3, eDB.getExternalGroupMapsByGroupName("acme", Origin.LDAP).size()); - assertEquals(1, eDB.getExternalGroupMapsByGroupName("acme.dev", Origin.LDAP).size()); + assertEquals(3, eDB.getExternalGroupMapsByGroupName("acme", OriginKeys.LDAP).size()); + assertEquals(1, eDB.getExternalGroupMapsByGroupName("acme.dev", OriginKeys.LDAP).size()); } @Test @@ -78,12 +77,12 @@ public void canAddExternalGroupsWithOrigin() throws Exception { bootstrap.afterPropertiesSet(); - assertEquals(2, eDB.getExternalGroupMapsByExternalGroup("cn=Engineering,ou=groups,dc=example,dc=com", Origin.UAA).size()); - assertEquals(1, eDB.getExternalGroupMapsByExternalGroup("cn=HR,ou=groups,dc=example,dc=com", Origin.UAA).size()); - assertEquals(1, eDB.getExternalGroupMapsByExternalGroup("cn=mgmt,ou=groups,dc=example,dc=com", Origin.UAA).size()); + assertEquals(2, eDB.getExternalGroupMapsByExternalGroup("cn=Engineering,ou=groups,dc=example,dc=com", OriginKeys.UAA).size()); + assertEquals(1, eDB.getExternalGroupMapsByExternalGroup("cn=HR,ou=groups,dc=example,dc=com", OriginKeys.UAA).size()); + assertEquals(1, eDB.getExternalGroupMapsByExternalGroup("cn=mgmt,ou=groups,dc=example,dc=com", OriginKeys.UAA).size()); - assertEquals(3, eDB.getExternalGroupMapsByGroupName("acme", Origin.UAA).size()); - assertEquals(1, eDB.getExternalGroupMapsByGroupName("acme.dev", Origin.UAA).size()); + assertEquals(3, eDB.getExternalGroupMapsByGroupName("acme", OriginKeys.UAA).size()); + assertEquals(1, eDB.getExternalGroupMapsByGroupName("acme.dev", OriginKeys.UAA).size()); } @@ -94,12 +93,12 @@ public void canAddExternalGroupsWithSpaces() throws Exception { externalGroupSet.add("acme.dev|cn=Engineering,ou=groups,dc=example,dc=com "); bootstrap.setExternalGroupMap(externalGroupSet); bootstrap.afterPropertiesSet(); - assertEquals(2, eDB.getExternalGroupMapsByExternalGroup("cn=Engineering,ou=groups,dc=example,dc=com", Origin.LDAP).size()); - assertEquals(1, eDB.getExternalGroupMapsByExternalGroup("cn=HR,ou=groups,dc=example,dc=com", Origin.LDAP).size()); - assertEquals(1, eDB.getExternalGroupMapsByExternalGroup("cn=mgmt,ou=groups,dc=example,dc=com", Origin.LDAP).size()); + assertEquals(2, eDB.getExternalGroupMapsByExternalGroup("cn=Engineering,ou=groups,dc=example,dc=com", OriginKeys.LDAP).size()); + assertEquals(1, eDB.getExternalGroupMapsByExternalGroup("cn=HR,ou=groups,dc=example,dc=com", OriginKeys.LDAP).size()); + assertEquals(1, eDB.getExternalGroupMapsByExternalGroup("cn=mgmt,ou=groups,dc=example,dc=com", OriginKeys.LDAP).size()); - assertEquals(3, eDB.getExternalGroupMapsByGroupName("acme", Origin.LDAP).size()); - assertEquals(1, eDB.getExternalGroupMapsByGroupName("acme.dev", Origin.LDAP).size()); + assertEquals(3, eDB.getExternalGroupMapsByGroupName("acme", OriginKeys.LDAP).size()); + assertEquals(1, eDB.getExternalGroupMapsByGroupName("acme.dev", OriginKeys.LDAP).size()); } @Test @@ -109,12 +108,12 @@ public void cannotAddExternalGroupsThatDoNotExist() throws Exception { externalGroupSet.add("acme1.dev|cn=Engineering,ou=groups,dc=example,dc=com"); bootstrap.setExternalGroupMap(externalGroupSet); bootstrap.afterPropertiesSet(); - assertEquals(0, eDB.getExternalGroupMapsByExternalGroup("cn=Engineering,ou=groups,dc=example,dc=com", Origin.LDAP).size()); - assertEquals(0, eDB.getExternalGroupMapsByExternalGroup("cn=HR,ou=groups,dc=example,dc=com", Origin.LDAP).size()); - assertEquals(0, eDB.getExternalGroupMapsByExternalGroup("cn=mgmt,ou=groups,dc=example,dc=com", Origin.LDAP).size()); + assertEquals(0, eDB.getExternalGroupMapsByExternalGroup("cn=Engineering,ou=groups,dc=example,dc=com", OriginKeys.LDAP).size()); + assertEquals(0, eDB.getExternalGroupMapsByExternalGroup("cn=HR,ou=groups,dc=example,dc=com", OriginKeys.LDAP).size()); + assertEquals(0, eDB.getExternalGroupMapsByExternalGroup("cn=mgmt,ou=groups,dc=example,dc=com", OriginKeys.LDAP).size()); - assertNull(eDB.getExternalGroupMapsByGroupName("acme1", Origin.LDAP)); - assertNull(eDB.getExternalGroupMapsByGroupName("acme1.dev", Origin.LDAP)); + assertNull(eDB.getExternalGroupMapsByGroupName("acme1", OriginKeys.LDAP)); + assertNull(eDB.getExternalGroupMapsByGroupName("acme1.dev", OriginKeys.LDAP)); } @Test @@ -124,11 +123,11 @@ public void cannotAddExternalGroupsThatMapToNothing() throws Exception { externalGroupSet.add("acme.dev"); bootstrap.setExternalGroupMap(externalGroupSet); bootstrap.afterPropertiesSet(); - assertEquals(0, eDB.getExternalGroupMapsByExternalGroup("cn=Engineering,ou=groups,dc=example,dc=com", Origin.LDAP).size()); - assertEquals(0, eDB.getExternalGroupMapsByExternalGroup("cn=HR,ou=groups,dc=example,dc=com", Origin.LDAP).size()); - assertEquals(0, eDB.getExternalGroupMapsByExternalGroup("cn=mgmt,ou=groups,dc=example,dc=com", Origin.LDAP).size()); + assertEquals(0, eDB.getExternalGroupMapsByExternalGroup("cn=Engineering,ou=groups,dc=example,dc=com", OriginKeys.LDAP).size()); + assertEquals(0, eDB.getExternalGroupMapsByExternalGroup("cn=HR,ou=groups,dc=example,dc=com", OriginKeys.LDAP).size()); + assertEquals(0, eDB.getExternalGroupMapsByExternalGroup("cn=mgmt,ou=groups,dc=example,dc=com", OriginKeys.LDAP).size()); - assertEquals(0, eDB.getExternalGroupMapsByGroupName("acme", Origin.LDAP).size()); - assertEquals(0, eDB.getExternalGroupMapsByGroupName("acme.dev", Origin.LDAP).size()); + assertEquals(0, eDB.getExternalGroupMapsByGroupName("acme", OriginKeys.LDAP).size()); + assertEquals(0, eDB.getExternalGroupMapsByGroupName("acme.dev", OriginKeys.LDAP).size()); } } diff --git a/scim/src/test/java/org/cloudfoundry/identity/uaa/scim/bootstrap/ScimUserBootstrapTests.java b/scim/src/test/java/org/cloudfoundry/identity/uaa/scim/bootstrap/ScimUserBootstrapTests.java index 8bfeb1333b..3003fb0262 100644 --- a/scim/src/test/java/org/cloudfoundry/identity/uaa/scim/bootstrap/ScimUserBootstrapTests.java +++ b/scim/src/test/java/org/cloudfoundry/identity/uaa/scim/bootstrap/ScimUserBootstrapTests.java @@ -12,8 +12,8 @@ *******************************************************************************/ package org.cloudfoundry.identity.uaa.scim.bootstrap; -import org.cloudfoundry.identity.uaa.authentication.Origin; import org.cloudfoundry.identity.uaa.authentication.manager.ExternalGroupAuthorizationEvent; +import org.cloudfoundry.identity.uaa.constants.OriginKeys; import org.cloudfoundry.identity.uaa.rest.jdbc.DefaultLimitSqlAdapter; import org.cloudfoundry.identity.uaa.rest.jdbc.JdbcPagingListFactory; import org.cloudfoundry.identity.uaa.scim.ScimGroup; @@ -226,14 +226,14 @@ public void canRemoveAuthorities() throws Exception { @Test public void canUpdateUsers() throws Exception { UaaUser joe = new UaaUser("joe", "password", "joe@test.org", "Joe", "User"); - joe = joe.modifyOrigin(Origin.UAA); + joe = joe.modifyOrigin(OriginKeys.UAA); ScimUserBootstrap bootstrap = new ScimUserBootstrap(db, gdb, mdb, Arrays.asList(joe)); bootstrap.afterPropertiesSet(); String passwordHash = jdbcTemplate.queryForObject("select password from users where username='joe'",new Object[0], String.class); joe = new UaaUser("joe", "new", "joe@test.org", "Joe", "Bloggs"); - joe = joe.modifyOrigin(Origin.UAA); + joe = joe.modifyOrigin(OriginKeys.UAA); bootstrap = new ScimUserBootstrap(db, gdb, mdb, Arrays.asList(joe)); bootstrap.setOverride(true); bootstrap.afterPropertiesSet(); @@ -314,7 +314,7 @@ protected void validateAuthoritiesCreated(String[] externalAuthorities, String[] if (external.contains(g.getDisplayName())) { assertEquals("Expecting relationship for Group[" + g.getDisplayName() + "] be of different origin.", origin, m.getOrigin()); } else { - assertEquals("Expecting relationship for Group[" + g.getDisplayName() + "] be of different origin.", Origin.UAA, m.getOrigin()); + assertEquals("Expecting relationship for Group[" + g.getDisplayName() + "] be of different origin.", OriginKeys.UAA, m.getOrigin()); } } } diff --git a/scim/src/test/java/org/cloudfoundry/identity/uaa/scim/endpoints/ChangeEmailEndpointsTest.java b/scim/src/test/java/org/cloudfoundry/identity/uaa/scim/endpoints/ChangeEmailEndpointsTest.java index d42515c7ea..a5ab68e3a1 100644 --- a/scim/src/test/java/org/cloudfoundry/identity/uaa/scim/endpoints/ChangeEmailEndpointsTest.java +++ b/scim/src/test/java/org/cloudfoundry/identity/uaa/scim/endpoints/ChangeEmailEndpointsTest.java @@ -2,9 +2,9 @@ import org.cloudfoundry.identity.uaa.TestClassNullifier; import org.cloudfoundry.identity.uaa.audit.event.UserModifiedEvent; -import org.cloudfoundry.identity.uaa.authentication.Origin; import org.cloudfoundry.identity.uaa.codestore.ExpiringCode; import org.cloudfoundry.identity.uaa.codestore.ExpiringCodeStore; +import org.cloudfoundry.identity.uaa.constants.OriginKeys; import org.cloudfoundry.identity.uaa.rest.QueryableResourceManager; import org.cloudfoundry.identity.uaa.scim.ScimUser; import org.cloudfoundry.identity.uaa.scim.ScimUserProvisioning; @@ -88,7 +88,7 @@ public void testGenerateEmailChangeCodeWithExistingUsernameChange() throws Excep Mockito.when(scimUserProvisioning.retrieve("user-id-001")).thenReturn(userChangingEmail); ScimUser existingUser = new ScimUser("id001", "new@example.com", null, null); - Mockito.when(scimUserProvisioning.query("userName eq \"new@example.com\" and origin eq \"" + Origin.UAA + "\"")) + Mockito.when(scimUserProvisioning.query("userName eq \"new@example.com\" and origin eq \"" + OriginKeys.UAA + "\"")) .thenReturn(Arrays.asList(existingUser)); MockHttpServletRequestBuilder post = post("/email_verifications") @@ -164,4 +164,4 @@ public void testChangeEmailWhenUsernameNotTheSame() throws Exception { Assert.assertEquals("new@example.com", user.getValue().getPrimaryEmail()); Assert.assertEquals("username", user.getValue().getUserName()); } -} \ No newline at end of file +} diff --git a/scim/src/test/java/org/cloudfoundry/identity/uaa/scim/endpoints/PasswordResetEndpointTest.java b/scim/src/test/java/org/cloudfoundry/identity/uaa/scim/endpoints/PasswordResetEndpointTest.java index c20521ccb1..b1a75a8ce1 100644 --- a/scim/src/test/java/org/cloudfoundry/identity/uaa/scim/endpoints/PasswordResetEndpointTest.java +++ b/scim/src/test/java/org/cloudfoundry/identity/uaa/scim/endpoints/PasswordResetEndpointTest.java @@ -13,9 +13,9 @@ package org.cloudfoundry.identity.uaa.scim.endpoints; import org.cloudfoundry.identity.uaa.TestClassNullifier; -import org.cloudfoundry.identity.uaa.authentication.Origin; import org.cloudfoundry.identity.uaa.codestore.ExpiringCode; import org.cloudfoundry.identity.uaa.codestore.ExpiringCodeStore; +import org.cloudfoundry.identity.uaa.constants.OriginKeys; import org.cloudfoundry.identity.uaa.error.ExceptionReportHttpMessageConverter; import org.cloudfoundry.identity.uaa.login.ResetPasswordService; import org.cloudfoundry.identity.uaa.login.UaaResetPasswordService; @@ -95,7 +95,7 @@ public void password_reset_with_client_id_and_redirect_uri() throws Exception { ScimUser user = new ScimUser("id001", email, null, null); user.setPasswordLastModified(yesterday); - when(scimUserProvisioning.query("userName eq \"" + email + "\" and origin eq \"" + Origin.UAA + "\"")) + when(scimUserProvisioning.query("userName eq \"" + email + "\" and origin eq \"" + OriginKeys.UAA + "\"")) .thenReturn(Arrays.asList(user)); PasswordChange change = new PasswordChange("id001", email, yesterday, clientId, redirectUri); @@ -121,7 +121,7 @@ public void password_reset_without_client_id_and_without_redirect_uri() throws E ScimUser user = new ScimUser("id001", email, null, null); user.setPasswordLastModified(yesterday); - when(scimUserProvisioning.query("userName eq \"" + email + "\" and origin eq \"" + Origin.UAA + "\"")) + when(scimUserProvisioning.query("userName eq \"" + email + "\" and origin eq \"" + OriginKeys.UAA + "\"")) .thenReturn(Arrays.asList(user)); PasswordChange change = new PasswordChange("id001", email, yesterday, null, null); @@ -145,7 +145,7 @@ public void testCreatingAPasswordResetWhenTheUsernameExists() throws Exception { user.setMeta(new ScimMeta(yesterday, yesterday, 0)); user.addEmail("user@example.com"); user.setPasswordLastModified(yesterday); - when(scimUserProvisioning.query("userName eq \"user@example.com\" and origin eq \"" + Origin.UAA + "\"")) + when(scimUserProvisioning.query("userName eq \"user@example.com\" and origin eq \"" + OriginKeys.UAA + "\"")) .thenReturn(Arrays.asList(user)); MockHttpServletRequestBuilder post = post("/password_resets") @@ -161,7 +161,7 @@ public void testCreatingAPasswordResetWhenTheUsernameExists() throws Exception { @Test public void testCreatingAPasswordResetWhenTheUserDoesNotExist() throws Exception { - when(scimUserProvisioning.query("userName eq \"user@example.com\" and origin eq \"" + Origin.UAA + "\"")) + when(scimUserProvisioning.query("userName eq \"user@example.com\" and origin eq \"" + OriginKeys.UAA + "\"")) .thenReturn(Arrays.asList()); MockHttpServletRequestBuilder post = post("/password_resets") @@ -175,13 +175,13 @@ public void testCreatingAPasswordResetWhenTheUserDoesNotExist() throws Exception @Test public void testCreatingAPasswordResetWhenTheUserHasNonUaaOrigin() throws Exception { - when(scimUserProvisioning.query("userName eq \"user@example.com\" and origin eq \"" + Origin.UAA + "\"")) + when(scimUserProvisioning.query("userName eq \"user@example.com\" and origin eq \"" + OriginKeys.UAA + "\"")) .thenReturn(Arrays.asList()); ScimUser user = new ScimUser("id001", "user@example.com", null, null); user.setMeta(new ScimMeta(new Date(System.currentTimeMillis()-(1000*60*60*24)), new Date(System.currentTimeMillis()-(1000*60*60*24)), 0)); user.addEmail("user@example.com"); - user.setOrigin(Origin.LDAP); + user.setOrigin(OriginKeys.LDAP); when(scimUserProvisioning.query("userName eq \"user@example.com\"")) .thenReturn(Arrays.asList(user)); @@ -201,7 +201,7 @@ public void testCreatingAPasswordResetWithAUsernameContainingSpecialCharacters() user.setMeta(new ScimMeta(yesterday, yesterday, 0)); user.setPasswordLastModified(yesterday); user.addEmail("user\"'@example.com"); - when(scimUserProvisioning.query("userName eq \"user\\\"'@example.com\" and origin eq \"" + Origin.UAA + "\"")) + when(scimUserProvisioning.query("userName eq \"user\\\"'@example.com\" and origin eq \"" + OriginKeys.UAA + "\"")) .thenReturn(Arrays.asList(user)); PasswordChange change = new PasswordChange("id001", "user\"'@example.com", yesterday, null, null); @@ -218,9 +218,9 @@ public void testCreatingAPasswordResetWithAUsernameContainingSpecialCharacters() .andExpect(content().string(containsString("\"code\":\"secret_code\""))) .andExpect(content().string(containsString("\"user_id\":\"id001\""))); - when(scimUserProvisioning.query("userName eq \"user\\\"'@example.com\" and origin eq \"" + Origin.UAA + "\"")) + when(scimUserProvisioning.query("userName eq \"user\\\"'@example.com\" and origin eq \"" + OriginKeys.UAA + "\"")) .thenReturn(Arrays.asList()); - user.setOrigin(Origin.LDAP); + user.setOrigin(OriginKeys.LDAP); when(scimUserProvisioning.query("userName eq \"user\\\"'@example.com\"")) .thenReturn(Arrays.asList(user)); diff --git a/scim/src/test/java/org/cloudfoundry/identity/uaa/scim/endpoints/ScimGroupEndpointsTests.java b/scim/src/test/java/org/cloudfoundry/identity/uaa/scim/endpoints/ScimGroupEndpointsTests.java index 704ac7f7ad..90657df8e2 100644 --- a/scim/src/test/java/org/cloudfoundry/identity/uaa/scim/endpoints/ScimGroupEndpointsTests.java +++ b/scim/src/test/java/org/cloudfoundry/identity/uaa/scim/endpoints/ScimGroupEndpointsTests.java @@ -14,7 +14,7 @@ import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; -import org.cloudfoundry.identity.uaa.authentication.Origin; +import org.cloudfoundry.identity.uaa.constants.OriginKeys; import org.cloudfoundry.identity.uaa.error.ExceptionReportHttpMessageConverter; import org.cloudfoundry.identity.uaa.rest.SearchResults; import org.cloudfoundry.identity.uaa.rest.jdbc.DefaultLimitSqlAdapter; @@ -233,7 +233,7 @@ public void mapExternalGroup_truncatesLeadingAndTrailingSpaces_InExternalGroupNa @Test public void unmapExternalGroup_truncatesLeadingAndTrailingSpaces_InExternalGroupName() throws Exception { ScimGroupExternalMember member = getScimGroupExternalMember(); - member = endpoints.unmapExternalGroup(member.getGroupId(), " \nexternal_group_id\n", Origin.LDAP); + member = endpoints.unmapExternalGroup(member.getGroupId(), " \nexternal_group_id\n", OriginKeys.LDAP); assertEquals("external_group_id", member.getExternalGroup()); } diff --git a/scim/src/test/java/org/cloudfoundry/identity/uaa/scim/jdbc/JdbcScimGroupExternalMembershipManagerTests.java b/scim/src/test/java/org/cloudfoundry/identity/uaa/scim/jdbc/JdbcScimGroupExternalMembershipManagerTests.java index 1b6dad4f3e..4882c2542a 100644 --- a/scim/src/test/java/org/cloudfoundry/identity/uaa/scim/jdbc/JdbcScimGroupExternalMembershipManagerTests.java +++ b/scim/src/test/java/org/cloudfoundry/identity/uaa/scim/jdbc/JdbcScimGroupExternalMembershipManagerTests.java @@ -19,7 +19,7 @@ import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertNotNull; -import org.cloudfoundry.identity.uaa.authentication.Origin; +import org.cloudfoundry.identity.uaa.constants.OriginKeys; import org.cloudfoundry.identity.uaa.rest.jdbc.JdbcPagingListFactory; import org.cloudfoundry.identity.uaa.scim.ScimGroup; import org.cloudfoundry.identity.uaa.scim.ScimGroupExternalMember; @@ -43,7 +43,7 @@ public class JdbcScimGroupExternalMembershipManagerTests extends JdbcTestBase { private static final String addGroupSqlFormat = "insert into groups (id, displayName, identity_zone_id) values ('%s','%s','%s')"; - private String origin = Origin.LDAP; + private String origin = OriginKeys.LDAP; private IdentityZone otherZone; @@ -118,8 +118,8 @@ public void using_filter_query_filters_by_zone() { assertEquals(3, edao.query("").size()); assertEquals(3, edao.query("externalGroup sw \"cn\"").size()); assertEquals(3, edao.query("group_id sw \"g\"").size()); - assertEquals(0, edao.query("origin eq \""+Origin.UAA+"\"").size()); - assertEquals(3, edao.query("origin eq \""+Origin.LDAP+"\"").size()); + assertEquals(0, edao.query("origin eq \""+ OriginKeys.UAA+"\"").size()); + assertEquals(3, edao.query("origin eq \""+ OriginKeys.LDAP+"\"").size()); } @Test @@ -132,13 +132,13 @@ public void using_filter_delete_filters_by_zone() { map3GroupsInEachZone(); assertEquals(3, edao.query("").size()); - edao.delete("origin eq \""+Origin.LDAP+"\""); + edao.delete("origin eq \""+ OriginKeys.LDAP+"\""); assertEquals(0, edao.query("").size()); assertEquals(3, jdbcTemplate.queryForInt("select count(*) from external_group_mapping")); map3GroupsInEachZone(); assertEquals(3, edao.query("").size()); - edao.delete("origin eq \""+Origin.UAA+"\""); + edao.delete("origin eq \""+ OriginKeys.UAA+"\""); assertEquals(3, edao.query("").size()); assertEquals(6, jdbcTemplate.queryForInt("select count(*) from external_group_mapping")); } diff --git a/scim/src/test/java/org/cloudfoundry/identity/uaa/scim/jdbc/JdbcScimGroupMembershipManagerTests.java b/scim/src/test/java/org/cloudfoundry/identity/uaa/scim/jdbc/JdbcScimGroupMembershipManagerTests.java index 9873fd1249..b63d124b8c 100644 --- a/scim/src/test/java/org/cloudfoundry/identity/uaa/scim/jdbc/JdbcScimGroupMembershipManagerTests.java +++ b/scim/src/test/java/org/cloudfoundry/identity/uaa/scim/jdbc/JdbcScimGroupMembershipManagerTests.java @@ -12,13 +12,12 @@ *******************************************************************************/ package org.cloudfoundry.identity.uaa.scim.jdbc; -import org.cloudfoundry.identity.uaa.authentication.Origin; +import org.cloudfoundry.identity.uaa.constants.OriginKeys; import org.cloudfoundry.identity.uaa.rest.jdbc.JdbcPagingListFactory; import org.cloudfoundry.identity.uaa.scim.ScimGroup; import org.cloudfoundry.identity.uaa.scim.ScimGroupMember; import org.cloudfoundry.identity.uaa.scim.exception.InvalidScimResourceException; import org.cloudfoundry.identity.uaa.scim.exception.MemberNotFoundException; -import org.cloudfoundry.identity.uaa.scim.exception.ScimResourceConstraintFailedException; import org.cloudfoundry.identity.uaa.scim.exception.ScimResourceNotFoundException; import org.cloudfoundry.identity.uaa.scim.test.TestUtils; import org.cloudfoundry.identity.uaa.test.JdbcTestBase; @@ -84,7 +83,7 @@ public void initJdbcScimGroupMembershipManagerTests() { } private void addMember(String gId, String mId, String mType, String authorities) { - addMember(gId,mId,mType,authorities,Origin.UAA); + addMember(gId,mId,mType,authorities, OriginKeys.UAA); } private void addMember(String gId, String mId, String mType, String authorities, String origin) { jdbcTemplate.execute(String.format(addMemberSqlFormat, gId, mId, mType, authorities, origin)); @@ -143,7 +142,7 @@ public void canQuery_Filter_Has_ZoneIn_Effect() throws Exception { String id = new RandomValueStringGenerator().generate(); IdentityZone zone = MultitenancyFixture.identityZone(id,id); IdentityZoneHolder.set(zone); - assertEquals(0,dao.query("origin eq \"" + Origin.UAA + "\"").size()); + assertEquals(0,dao.query("origin eq \"" + OriginKeys.UAA + "\"").size()); } @@ -151,7 +150,7 @@ public void canQuery_Filter_Has_ZoneIn_Effect() throws Exception { public void canDeleteWithFilter1() throws Exception { addMembers(); validateCount(4); - dao.delete("origin eq \"" + Origin.UAA + "\""); + dao.delete("origin eq \"" + OriginKeys.UAA + "\""); validateCount(0); } @@ -159,7 +158,7 @@ public void canDeleteWithFilter1() throws Exception { public void canDeleteWithFilter2() throws Exception { addMembers(); validateCount(4); - dao.delete("origin eq \""+ Origin.ORIGIN +"\""); + dao.delete("origin eq \""+ OriginKeys.ORIGIN +"\""); validateCount(4); } @@ -167,7 +166,7 @@ public void canDeleteWithFilter2() throws Exception { public void canDeleteWithFilter3() throws Exception { addMembers(); validateCount(4); - dao.delete("member_id eq \"m3\" and origin eq \""+ Origin.UAA +"\""); + dao.delete("member_id eq \"m3\" and origin eq \""+ OriginKeys.UAA +"\""); validateCount(2); } @@ -175,7 +174,7 @@ public void canDeleteWithFilter3() throws Exception { public void canDeleteWithFilter4() throws Exception { addMembers(); validateCount(4); - dao.delete("member_id sw \"m\" and origin eq \""+ Origin.UAA +"\""); + dao.delete("member_id sw \"m\" and origin eq \""+ OriginKeys.UAA +"\""); validateCount(1); } @@ -183,7 +182,7 @@ public void canDeleteWithFilter4() throws Exception { public void canDeleteWithFilter5() throws Exception { addMembers(); validateCount(4); - dao.delete("member_id sw \"m\" and origin eq \""+ Origin.LDAP +"\""); + dao.delete("member_id sw \"m\" and origin eq \""+ OriginKeys.LDAP +"\""); validateCount(4); } @@ -194,7 +193,7 @@ public void cannot_Delete_With_Filter_Outside_Zone() throws Exception { validateCount(4); IdentityZone zone = MultitenancyFixture.identityZone(id,id); IdentityZoneHolder.set(zone); - dao.delete("member_id eq \"m3\" and origin eq \"" + Origin.UAA + "\""); + dao.delete("member_id eq \"m3\" and origin eq \"" + OriginKeys.UAA + "\""); IdentityZoneHolder.clear(); validateCount(4); } @@ -250,7 +249,7 @@ public void addMember_In_Different_Zone_Causes_Issues() throws Exception { IdentityZone otherZone = MultitenancyFixture.identityZone(subdomain, subdomain); IdentityZoneHolder.set(otherZone); ScimGroupMember m1 = new ScimGroupMember("m1", ScimGroupMember.Type.USER, null); - m1.setOrigin(Origin.UAA); + m1.setOrigin(OriginKeys.UAA); dao.addMember("g2", m1); } @@ -261,7 +260,7 @@ public void canAddMember_Validate_Origin_and_ZoneId() throws Exception { IdentityZoneHolder.set(otherZone); validateCount(0); ScimGroupMember m1 = new ScimGroupMember("m1", ScimGroupMember.Type.USER, null); - m1.setOrigin(Origin.UAA); + m1.setOrigin(OriginKeys.UAA); dao.addMember("g2", m1); } diff --git a/scim/src/test/java/org/cloudfoundry/identity/uaa/scim/jdbc/JdbcScimUserProvisioningTests.java b/scim/src/test/java/org/cloudfoundry/identity/uaa/scim/jdbc/JdbcScimUserProvisioningTests.java index dbc878c0e5..1e6240c5e6 100644 --- a/scim/src/test/java/org/cloudfoundry/identity/uaa/scim/jdbc/JdbcScimUserProvisioningTests.java +++ b/scim/src/test/java/org/cloudfoundry/identity/uaa/scim/jdbc/JdbcScimUserProvisioningTests.java @@ -12,14 +12,13 @@ *******************************************************************************/ package org.cloudfoundry.identity.uaa.scim.jdbc; -import org.cloudfoundry.identity.uaa.authentication.Origin; +import org.cloudfoundry.identity.uaa.constants.OriginKeys; import org.cloudfoundry.identity.uaa.rest.SimpleAttributeNameMapper; import org.cloudfoundry.identity.uaa.rest.jdbc.JdbcPagingListFactory; import org.cloudfoundry.identity.uaa.scim.ScimUser; import org.cloudfoundry.identity.uaa.scim.ScimUser.Group; import org.cloudfoundry.identity.uaa.scim.ScimUser.PhoneNumber; import org.cloudfoundry.identity.uaa.scim.bootstrap.ScimUserBootstrapTests; -import org.cloudfoundry.identity.uaa.scim.exception.InvalidPasswordException; import org.cloudfoundry.identity.uaa.scim.exception.InvalidScimResourceException; import org.cloudfoundry.identity.uaa.scim.exception.ScimResourceAlreadyExistsException; import org.cloudfoundry.identity.uaa.scim.exception.ScimResourceNotFoundException; @@ -103,7 +102,7 @@ public void initJdbcScimUserProvisioningTests() throws Exception { existingUserCount = jdbcTemplate.queryForInt("select count(id) from users"); - defaultIdentityProviderId = jdbcTemplate.queryForObject("select id from identity_provider where origin_key = ? and identity_zone_id = ?", String.class, Origin.UAA, "uaa"); + defaultIdentityProviderId = jdbcTemplate.queryForObject("select id from identity_provider where origin_key = ? and identity_zone_id = ?", String.class, OriginKeys.UAA, "uaa"); addUser(JOE_ID, "joe", pe.encode("joespassword"), "joe@joe.com", "Joe", "User", "+1-222-1234567", defaultIdentityProviderId, "uaa"); addUser(MABEL_ID, "mabel", pe.encode("mabelspassword"), "mabel@mabel.com", "Mabel", "User", "", defaultIdentityProviderId, "uaa"); @@ -160,7 +159,7 @@ public void canCreateUserInDefaultIdentityZone() { assertEquals(user.getUserName(), map.get("userName")); assertEquals(user.getUserType(), map.get(UaaAuthority.UAA_USER.getUserType())); assertNull(created.getGroups()); - assertEquals(Origin.UAA, created.getOrigin()); + assertEquals(OriginKeys.UAA, created.getOrigin()); assertEquals("uaa", map.get("identity_zone_id")); assertNull(user.getPasswordLastModified()); assertNotNull(created.getPasswordLastModified()); @@ -187,7 +186,7 @@ public void canModifyPassword() throws Exception { public void canCreateUserInOtherIdentityZone() { String otherZoneId = "my-zone-id"; createOtherIdentityZone(otherZoneId); - String idpId = createOtherIdentityProvider(Origin.UAA, otherZoneId); + String idpId = createOtherIdentityProvider(OriginKeys.UAA, otherZoneId); ScimUser user = new ScimUser(null, "jo@foo.com", "Jo", "User"); user.addEmail("jo@blah.com"); ScimUser created = db.createUser(user, "j7hyqpassX"); @@ -198,7 +197,7 @@ public void canCreateUserInOtherIdentityZone() { assertEquals(user.getUserName(), map.get("userName")); assertEquals(user.getUserType(), map.get(UaaAuthority.UAA_USER.getUserType())); assertNull(created.getGroups()); - assertEquals(Origin.UAA, created.getOrigin()); + assertEquals(OriginKeys.UAA, created.getOrigin()); assertEquals("my-zone-id", map.get("identity_zone_id")); } diff --git a/scim/src/test/java/org/cloudfoundry/identity/uaa/scim/validate/UaaPasswordPolicyValidatorTests.java b/scim/src/test/java/org/cloudfoundry/identity/uaa/scim/validate/UaaPasswordPolicyValidatorTests.java index 4446c82238..aea061ad8c 100644 --- a/scim/src/test/java/org/cloudfoundry/identity/uaa/scim/validate/UaaPasswordPolicyValidatorTests.java +++ b/scim/src/test/java/org/cloudfoundry/identity/uaa/scim/validate/UaaPasswordPolicyValidatorTests.java @@ -15,8 +15,8 @@ package org.cloudfoundry.identity.uaa.scim.validate; import org.apache.commons.lang.RandomStringUtils; -import org.cloudfoundry.identity.uaa.authentication.Origin; import org.cloudfoundry.identity.uaa.config.PasswordPolicy; +import org.cloudfoundry.identity.uaa.constants.OriginKeys; import org.cloudfoundry.identity.uaa.scim.ScimUser; import org.cloudfoundry.identity.uaa.scim.exception.InvalidPasswordException; import org.cloudfoundry.identity.uaa.zone.IdentityProvider; @@ -55,7 +55,7 @@ public void setUp() { UaaIdentityProviderDefinition idpDefinition = new UaaIdentityProviderDefinition(new PasswordPolicy(10, 23, 1, 1, 1, 1, 6), null); internalIDP.setConfig(idpDefinition); - Mockito.when(provisioning.retrieveByOrigin(Origin.UAA, IdentityZone.getUaa().getId())) + Mockito.when(provisioning.retrieveByOrigin(OriginKeys.UAA, IdentityZone.getUaa().getId())) .thenReturn(internalIDP); } @@ -117,7 +117,7 @@ public void testValidateSpaceNotSpecialCharacter() throws Exception { private void validatePassword(String password, String ... expectedErrors) { ScimUser user = new ScimUser(); - user.setOrigin(Origin.UAA); + user.setOrigin(OriginKeys.UAA); try { validator.validate(password); if (expectedErrors != null && expectedErrors.length > 0) { diff --git a/shared_versions.gradle b/shared_versions.gradle index 12845f5551..c917005692 100644 --- a/shared_versions.gradle +++ b/shared_versions.gradle @@ -11,4 +11,5 @@ ext { apacheLdapApiVersion = '1.0.0-M22' jacksonVersion = '2.5.3' flywayVersion = '3.2.1' + validationAPIVersion = '1.0.0.GA' } diff --git a/uaa/src/main/resources/messages.properties b/uaa/src/main/resources/messages.properties index bae86998b5..fde4a71c4c 100644 --- a/uaa/src/main/resources/messages.properties +++ b/uaa/src/main/resources/messages.properties @@ -54,6 +54,9 @@ login.account_locked=Your account has been locked because of too many failed att login.invalid_login_request=Invalid login attempt, request does not meet our security standards, please try again. account_activation.invite.email_mismatch=The authenticated email does not match the invited email. Please log in using a different account. +NotNull.identityZone.subdomain=The subdomain must be provided. +NotNull.identityZone.name=The identity zone must be given a name. + # Passay Properties HISTORY_VIOLATION=Password matches one of %1$s previous passwords. ILLEGAL_WORD=Password contains the dictionary word '%1$s'. diff --git a/uaa/src/test/java/org/cloudfoundry/identity/uaa/authentication/manager/DynamicZoneAwareAuthenticationManagerTest.java b/uaa/src/test/java/org/cloudfoundry/identity/uaa/authentication/manager/DynamicZoneAwareAuthenticationManagerTest.java index 8fe9bded99..5ac6b20611 100644 --- a/uaa/src/test/java/org/cloudfoundry/identity/uaa/authentication/manager/DynamicZoneAwareAuthenticationManagerTest.java +++ b/uaa/src/test/java/org/cloudfoundry/identity/uaa/authentication/manager/DynamicZoneAwareAuthenticationManagerTest.java @@ -2,7 +2,7 @@ import org.cloudfoundry.identity.uaa.authentication.AccountNotVerifiedException; import org.cloudfoundry.identity.uaa.authentication.AuthenticationPolicyRejectionException; -import org.cloudfoundry.identity.uaa.authentication.Origin; +import org.cloudfoundry.identity.uaa.constants.OriginKeys; import org.cloudfoundry.identity.uaa.ldap.LdapIdentityProviderDefinition; import org.cloudfoundry.identity.uaa.scim.ScimGroupExternalMembershipManager; import org.cloudfoundry.identity.uaa.scim.ScimGroupProvisioning; @@ -68,14 +68,14 @@ public void beforeAndAfter() throws Exception { when(success.isAuthenticated()).thenReturn(true); when(uaaActive.isActive()).thenReturn(true); - when(uaaActive.getOriginKey()).thenReturn(Origin.UAA); + when(uaaActive.getOriginKey()).thenReturn(OriginKeys.UAA); when(uaaInactive.isActive()).thenReturn(false); - when(uaaInactive.getOriginKey()).thenReturn(Origin.UAA); + when(uaaInactive.getOriginKey()).thenReturn(OriginKeys.UAA); when(ldapActive.isActive()).thenReturn(true); - when(ldapActive.getOriginKey()).thenReturn(Origin.LDAP); + when(ldapActive.getOriginKey()).thenReturn(OriginKeys.LDAP); when(ldapInactive.isActive()).thenReturn(false); - when(ldapInactive.getOriginKey()).thenReturn(Origin.LDAP); + when(ldapInactive.getOriginKey()).thenReturn(OriginKeys.LDAP); when(ldapActive.getConfig()).thenReturn(ldapIdentityProviderDefinition); when(ldapActive.getConfig()).thenReturn(ldapIdentityProviderDefinition); @@ -93,8 +93,8 @@ public void testAuthenticateInUaaZone() throws Exception { @Test public void testNonUAAZoneUaaNotActive() throws Exception { IdentityZoneHolder.set(ZONE); - when(providerProvisioning.retrieveByOrigin(Origin.UAA, ZONE.getId())).thenReturn(uaaInactive); - when(providerProvisioning.retrieveByOrigin(Origin.LDAP, ZONE.getId())).thenReturn(ldapActive); + when(providerProvisioning.retrieveByOrigin(OriginKeys.UAA, ZONE.getId())).thenReturn(uaaInactive); + when(providerProvisioning.retrieveByOrigin(OriginKeys.LDAP, ZONE.getId())).thenReturn(ldapActive); DynamicZoneAwareAuthenticationManager manager = getDynamicZoneAwareAuthenticationManager(true); DynamicLdapAuthenticationManager mockManager = manager.getLdapAuthenticationManager(null, null); when(mockManager.authenticate(any(Authentication.class))).thenReturn(success); @@ -107,8 +107,8 @@ public void testNonUAAZoneUaaNotActive() throws Exception { @Test public void testNonUAAZoneUaaActiveAccountNotVerified() throws Exception { IdentityZoneHolder.set(ZONE); - when(providerProvisioning.retrieveByOrigin(Origin.UAA, ZONE.getId())).thenReturn(uaaActive); - when(providerProvisioning.retrieveByOrigin(Origin.LDAP, ZONE.getId())).thenReturn(ldapActive); + when(providerProvisioning.retrieveByOrigin(OriginKeys.UAA, ZONE.getId())).thenReturn(uaaActive); + when(providerProvisioning.retrieveByOrigin(OriginKeys.LDAP, ZONE.getId())).thenReturn(ldapActive); DynamicZoneAwareAuthenticationManager manager = getDynamicZoneAwareAuthenticationManager(true); when(uaaAuthenticationMgr.authenticate(any(Authentication.class))).thenThrow(new AccountNotVerifiedException("mock")); DynamicLdapAuthenticationManager mockManager = manager.getLdapAuthenticationManager(null, null); @@ -124,8 +124,8 @@ public void testNonUAAZoneUaaActiveAccountNotVerified() throws Exception { @Test public void testNonUAAZoneUaaActiveAccountLocked() throws Exception { IdentityZoneHolder.set(ZONE); - when(providerProvisioning.retrieveByOrigin(Origin.UAA, ZONE.getId())).thenReturn(uaaActive); - when(providerProvisioning.retrieveByOrigin(Origin.LDAP, ZONE.getId())).thenReturn(ldapActive); + when(providerProvisioning.retrieveByOrigin(OriginKeys.UAA, ZONE.getId())).thenReturn(uaaActive); + when(providerProvisioning.retrieveByOrigin(OriginKeys.LDAP, ZONE.getId())).thenReturn(ldapActive); DynamicZoneAwareAuthenticationManager manager = getDynamicZoneAwareAuthenticationManager(true); when(uaaAuthenticationMgr.authenticate(any(Authentication.class))).thenThrow(new AuthenticationPolicyRejectionException("mock")); DynamicLdapAuthenticationManager mockManager = manager.getLdapAuthenticationManager(null, null); @@ -141,8 +141,8 @@ public void testNonUAAZoneUaaActiveAccountLocked() throws Exception { @Test public void testNonUAAZoneUaaActiveUaaAuthenticationSucccess() throws Exception { IdentityZoneHolder.set(ZONE); - when(providerProvisioning.retrieveByOrigin(Origin.UAA, ZONE.getId())).thenReturn(uaaActive); - when(providerProvisioning.retrieveByOrigin(Origin.LDAP, ZONE.getId())).thenReturn(ldapActive); + when(providerProvisioning.retrieveByOrigin(OriginKeys.UAA, ZONE.getId())).thenReturn(uaaActive); + when(providerProvisioning.retrieveByOrigin(OriginKeys.LDAP, ZONE.getId())).thenReturn(ldapActive); DynamicZoneAwareAuthenticationManager manager = getDynamicZoneAwareAuthenticationManager(true); when(uaaAuthenticationMgr.authenticate(any(Authentication.class))).thenReturn(success); DynamicLdapAuthenticationManager mockManager = manager.getLdapAuthenticationManager(null, null); @@ -153,8 +153,8 @@ public void testNonUAAZoneUaaActiveUaaAuthenticationSucccess() throws Exception @Test public void testNonUAAZoneUaaActiveUaaAuthenticationFailure() throws Exception { IdentityZoneHolder.set(ZONE); - when(providerProvisioning.retrieveByOrigin(Origin.UAA, ZONE.getId())).thenReturn(uaaActive); - when(providerProvisioning.retrieveByOrigin(Origin.LDAP, ZONE.getId())).thenReturn(ldapActive); + when(providerProvisioning.retrieveByOrigin(OriginKeys.UAA, ZONE.getId())).thenReturn(uaaActive); + when(providerProvisioning.retrieveByOrigin(OriginKeys.LDAP, ZONE.getId())).thenReturn(ldapActive); DynamicZoneAwareAuthenticationManager manager = getDynamicZoneAwareAuthenticationManager(true); when(uaaAuthenticationMgr.authenticate(any(Authentication.class))).thenThrow(new BadCredentialsException("mock")); DynamicLdapAuthenticationManager mockManager = manager.getLdapAuthenticationManager(null, null); @@ -165,8 +165,8 @@ public void testNonUAAZoneUaaActiveUaaAuthenticationFailure() throws Exception { @Test public void testAuthenticateInNoneUaaZoneWithLdapProvider() throws Exception { IdentityZoneHolder.set(ZONE); - when(providerProvisioning.retrieveByOrigin(Origin.LDAP, ZONE.getId())).thenReturn(ldapActive); - when(providerProvisioning.retrieveByOrigin(Origin.UAA, ZONE.getId())).thenReturn(uaaInactive); + when(providerProvisioning.retrieveByOrigin(OriginKeys.LDAP, ZONE.getId())).thenReturn(ldapActive); + when(providerProvisioning.retrieveByOrigin(OriginKeys.UAA, ZONE.getId())).thenReturn(uaaInactive); DynamicZoneAwareAuthenticationManager manager = getDynamicZoneAwareAuthenticationManager(true); DynamicLdapAuthenticationManager mockManager = manager.getLdapAuthenticationManager(null, null); when(mockManager.authenticate(any(Authentication.class))).thenReturn(success); @@ -179,8 +179,8 @@ public void testAuthenticateInNoneUaaZoneWithLdapProvider() throws Exception { @Test public void testAuthenticateInNoneUaaZoneWithInactiveProviders() throws Exception { IdentityZoneHolder.set(ZONE); - when(providerProvisioning.retrieveByOrigin(Origin.LDAP, ZONE.getId())).thenReturn(ldapInactive); - when(providerProvisioning.retrieveByOrigin(Origin.UAA, ZONE.getId())).thenReturn(uaaInactive); + when(providerProvisioning.retrieveByOrigin(OriginKeys.LDAP, ZONE.getId())).thenReturn(ldapInactive); + when(providerProvisioning.retrieveByOrigin(OriginKeys.UAA, ZONE.getId())).thenReturn(uaaInactive); DynamicZoneAwareAuthenticationManager manager = getDynamicZoneAwareAuthenticationManager(true); DynamicLdapAuthenticationManager mockManager = manager.getLdapAuthenticationManager(null, null); when(mockManager.authenticate(any(Authentication.class))).thenReturn(success); @@ -222,4 +222,4 @@ public DynamicLdapAuthenticationManager getLdapAuthenticationManager(IdentityZon } -} \ No newline at end of file +} diff --git a/uaa/src/test/java/org/cloudfoundry/identity/uaa/db/TestZonifyGroupSchema_V2_4_1.java b/uaa/src/test/java/org/cloudfoundry/identity/uaa/db/TestZonifyGroupSchema_V2_4_1.java index 44b402a164..46abb04b51 100644 --- a/uaa/src/test/java/org/cloudfoundry/identity/uaa/db/TestZonifyGroupSchema_V2_4_1.java +++ b/uaa/src/test/java/org/cloudfoundry/identity/uaa/db/TestZonifyGroupSchema_V2_4_1.java @@ -30,6 +30,7 @@ import org.springframework.jdbc.core.JdbcTemplate; import org.springframework.mock.web.MockHttpServletResponse; import org.springframework.security.oauth2.common.util.RandomValueStringGenerator; +import org.springframework.validation.AbstractBindingResult; import java.util.Arrays; import java.util.HashMap; @@ -52,7 +53,17 @@ public void populateDataUsingEndpoints() { for (int i=0; i groups = new LinkedList<>(); IdentityZoneHolder.set(zone); for (int j=0; j clientCreateResponse = client.exchange( serverRunning.getUrl("/identity-zones/"+id+"/clients"), diff --git a/uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/LdapIntegationTests.java b/uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/LdapIntegationTests.java index 3633e7095a..02c6776482 100644 --- a/uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/LdapIntegationTests.java +++ b/uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/LdapIntegationTests.java @@ -15,8 +15,8 @@ import com.fasterxml.jackson.core.type.TypeReference; import org.cloudfoundry.identity.uaa.ServerRunning; -import org.cloudfoundry.identity.uaa.authentication.Origin; import org.cloudfoundry.identity.uaa.client.ClientConstants; +import org.cloudfoundry.identity.uaa.constants.OriginKeys; import org.cloudfoundry.identity.uaa.integration.util.IntegrationTestUtils; import org.cloudfoundry.identity.uaa.ldap.LdapIdentityProviderDefinition; import org.cloudfoundry.identity.uaa.oauth.Claims; @@ -120,15 +120,15 @@ public void test_LDAP_Custom_User_Attributes_In_ID_Token() throws Exception { IdentityProvider provider = new IdentityProvider(); provider.setIdentityZoneId(zoneId); - provider.setType(Origin.LDAP); + provider.setType(OriginKeys.LDAP); provider.setActive(true); provider.setConfig(ldapIdentityProviderDefinition); - provider.setOriginKey(Origin.LDAP); + provider.setOriginKey(OriginKeys.LDAP); provider.setName("simplesamlphp for uaa"); provider = IntegrationTestUtils.createOrUpdateProvider(zoneAdminToken,baseUrl,provider); assertNotNull(provider.getId()); - assertEquals(Origin.LDAP, provider.getOriginKey()); + assertEquals(OriginKeys.LDAP, provider.getOriginKey()); List idps = Arrays.asList(provider.getOriginKey()); @@ -186,7 +186,7 @@ public void test_LDAP_Custom_User_Attributes_In_ID_Token() throws Exception { protected boolean doesSupportZoneDNS_and_isLdapEnabled() { String profile = System.getProperty("spring.profiles.active",""); - if (!profile.contains(Origin.LDAP)) { + if (!profile.contains(OriginKeys.LDAP)) { return false; } diff --git a/uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/LoginServerSecurityIntegrationTests.java b/uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/LoginServerSecurityIntegrationTests.java index 9a0e4b6eb1..17b959c195 100644 --- a/uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/LoginServerSecurityIntegrationTests.java +++ b/uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/LoginServerSecurityIntegrationTests.java @@ -14,8 +14,8 @@ import org.apache.commons.codec.binary.Base64; import org.cloudfoundry.identity.uaa.ServerRunning; -import org.cloudfoundry.identity.uaa.authentication.Origin; import org.cloudfoundry.identity.uaa.authentication.UaaAuthenticationDetails; +import org.cloudfoundry.identity.uaa.constants.OriginKeys; import org.cloudfoundry.identity.uaa.message.PasswordChangeRequest; import org.cloudfoundry.identity.uaa.scim.ScimUser; import org.cloudfoundry.identity.uaa.test.TestAccountSetup; @@ -155,7 +155,7 @@ public void testAuthenticateReturnsUserID() throws Exception { ResponseEntity response = serverRunning.postForMap("/authenticate", params, headers); assertEquals(HttpStatus.OK, response.getStatusCode()); assertEquals(JOE, response.getBody().get("username")); - assertEquals(Origin.UAA, response.getBody().get(Origin.ORIGIN)); + assertEquals(OriginKeys.UAA, response.getBody().get(OriginKeys.ORIGIN)); assertTrue(StringUtils.hasText((String)response.getBody().get("user_id"))); } @@ -167,7 +167,7 @@ public void testAuthenticateMarissaReturnsUserID() throws Exception { ResponseEntity response = serverRunning.postForMap("/authenticate", params, headers); assertEquals(HttpStatus.OK, response.getStatusCode()); assertEquals("marissa", response.getBody().get("username")); - assertEquals(Origin.UAA, response.getBody().get(Origin.ORIGIN)); + assertEquals(OriginKeys.UAA, response.getBody().get(OriginKeys.ORIGIN)); assertTrue(StringUtils.hasText((String)response.getBody().get("user_id"))); } @@ -187,7 +187,7 @@ public void testAuthenticateDoesNotReturnsUserID() throws Exception { ResponseEntity response = serverRunning.postForMap("/authenticate", params, headers); assertEquals(HttpStatus.OK, response.getStatusCode()); assertEquals("marissa", response.getBody().get("username")); - assertNull(response.getBody().get(Origin.ORIGIN)); + assertNull(response.getBody().get(OriginKeys.ORIGIN)); assertNull(response.getBody().get("user_id")); } @@ -196,7 +196,7 @@ public void testAuthenticateDoesNotReturnsUserID() throws Exception { public void testLoginServerCanAuthenticateUserForCf() throws Exception { ImplicitResourceDetails resource = testAccounts.getDefaultImplicitResource(); params.set("client_id", resource.getClientId()); - params.set(Origin.ORIGIN, joe.getOrigin()); + params.set(OriginKeys.ORIGIN, joe.getOrigin()); params.set(UaaAuthenticationDetails.ADD_NEW, "false"); String redirect = resource.getPreEstablishedRedirectUri(); if (redirect != null) { @@ -214,7 +214,7 @@ public void testLoginServerCanAuthenticateUserForCf() throws Exception { public void testLoginServerCanAuthenticateUserForAuthorizationCode() throws Exception { params.set("client_id", testAccounts.getDefaultAuthorizationCodeResource().getClientId()); params.set("response_type", "code"); - params.set(Origin.ORIGIN, joe.getOrigin()); + params.set(OriginKeys.ORIGIN, joe.getOrigin()); params.set(UaaAuthenticationDetails.ADD_NEW, "false"); @SuppressWarnings("rawtypes") ResponseEntity response = serverRunning.postForMap(serverRunning.getAuthorizationUri(), params, headers); @@ -328,7 +328,7 @@ public void testLoginServerCfPasswordToken() throws Exception { params.set("client_id", resource.getClientId()); params.set("client_secret",""); params.set("source","login"); - params.set(Origin.ORIGIN, joe.getOrigin()); + params.set(OriginKeys.ORIGIN, joe.getOrigin()); params.set(UaaAuthenticationDetails.ADD_NEW, "false"); params.set("grant_type", "password"); String redirect = resource.getPreEstablishedRedirectUri(); diff --git a/uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/RemoteAuthenticationEndpointTests.java b/uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/RemoteAuthenticationEndpointTests.java index c1c92e8db4..6b6a84c560 100644 --- a/uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/RemoteAuthenticationEndpointTests.java +++ b/uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/RemoteAuthenticationEndpointTests.java @@ -27,7 +27,7 @@ import org.apache.commons.codec.binary.Base64; import org.cloudfoundry.identity.uaa.ServerRunning; -import org.cloudfoundry.identity.uaa.authentication.Origin; +import org.cloudfoundry.identity.uaa.constants.OriginKeys; import org.cloudfoundry.identity.uaa.oauth.UaaOauth2ErrorHandler; import org.cloudfoundry.identity.uaa.test.UaaTestAccounts; import org.junit.Rule; @@ -67,11 +67,11 @@ public void remoteAuthenticationSucceedsWithCorrectCredentials() throws Exceptio @Test public void remoteAuthenticationSucceedsAndCreatesUser() throws Exception { String username = new RandomValueStringGenerator().generate(); - String origin = Origin.LOGIN_SERVER; + String origin = OriginKeys.LOGIN_SERVER; Map info = new HashMap<>(); info.put("source", "login"); info.put("add_new", "true"); - info.put(Origin.ORIGIN, origin); + info.put(OriginKeys.ORIGIN, origin); @SuppressWarnings("rawtypes") ResponseEntity response = authenticate(username, null, info); assertEquals(HttpStatus.OK, response.getStatusCode()); @@ -91,11 +91,11 @@ public void remoteAuthenticationFailsWithIncorrectCredentials() throws Exception public void validateLdapOrKeystoneOrigin() throws Exception { String profiles = System.getProperty("spring.profiles.active"); if (profiles!=null && profiles.contains("ldap")) { - validateOrigin("marissa3","ldap3",Origin.LDAP, null); + validateOrigin("marissa3","ldap3", OriginKeys.LDAP, null); } else if (profiles!=null && profiles.contains("keystone")) { - validateOrigin("marissa2", "keystone", Origin.KEYSTONE, null); + validateOrigin("marissa2", "keystone", OriginKeys.KEYSTONE, null); } else { - validateOrigin(testAccounts.getUserName(), testAccounts.getPassword(), Origin.UAA, null); + validateOrigin(testAccounts.getUserName(), testAccounts.getPassword(), OriginKeys.UAA, null); } } @@ -115,12 +115,12 @@ public void validateOrigin(String username, String password, String origin, Map< for (Map user : list) { assertThat(user, hasKey("id")); assertThat(user, hasKey("userName")); - assertThat(user, hasKey(Origin.ORIGIN)); + assertThat(user, hasKey(OriginKeys.ORIGIN)); assertThat(user, not(hasKey("name"))); assertThat(user, not(hasKey("emails"))); if (user.get("userName").equals(username)) { found = true; - assertEquals(origin, user.get(Origin.ORIGIN)); + assertEquals(origin, user.get(OriginKeys.ORIGIN)); } } assertTrue(found); diff --git a/uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/feature/InvitationsIT.java b/uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/feature/InvitationsIT.java index a58ec403f3..2c6255eec7 100644 --- a/uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/feature/InvitationsIT.java +++ b/uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/feature/InvitationsIT.java @@ -14,8 +14,8 @@ import com.dumbster.smtp.SimpleSmtpServer; import org.cloudfoundry.identity.uaa.ServerRunning; -import org.cloudfoundry.identity.uaa.authentication.Origin; import org.cloudfoundry.identity.uaa.codestore.ExpiringCode; +import org.cloudfoundry.identity.uaa.constants.OriginKeys; import org.cloudfoundry.identity.uaa.integration.util.IntegrationTestUtils; import org.cloudfoundry.identity.uaa.scim.ScimUser; import org.junit.After; @@ -112,8 +112,8 @@ public void testInviteUserWithClientRedirect() throws Exception { public void performInviteUser(String email, boolean isVerified) throws Exception { webDriver.get(baseUrl + "/logout.do"); - String code = createInvitation(email, email, "http://localhost:8080/app/", Origin.UAA); - String invitedUserId = IntegrationTestUtils.getUserIdByField(scimToken, baseUrl, Origin.UAA, "email", email); + String code = createInvitation(email, email, "http://localhost:8080/app/", OriginKeys.UAA); + String invitedUserId = IntegrationTestUtils.getUserIdByField(scimToken, baseUrl, OriginKeys.UAA, "email", email); if (isVerified) { ScimUser user = IntegrationTestUtils.getUser(scimToken, baseUrl, invitedUserId); user.setVerified(true); @@ -121,7 +121,7 @@ public void performInviteUser(String email, boolean isVerified) throws Exception } String currentUserId = null; try { - currentUserId = IntegrationTestUtils.getUserId(scimToken, baseUrl, Origin.UAA, email); + currentUserId = IntegrationTestUtils.getUserId(scimToken, baseUrl, OriginKeys.UAA, email); } catch (RuntimeException x) { } assertEquals(invitedUserId, currentUserId); @@ -137,7 +137,7 @@ public void performInviteUser(String email, boolean isVerified) throws Exception //redirect to the home page to login Assert.assertThat(webDriver.findElement(By.cssSelector("h1")).getText(), containsString("Welcome!")); } - String acceptedUserId = IntegrationTestUtils.getUserId(scimToken, baseUrl, Origin.UAA, email); + String acceptedUserId = IntegrationTestUtils.getUserId(scimToken, baseUrl, OriginKeys.UAA, email); if (currentUserId == null) { assertEquals(invitedUserId, acceptedUserId); } else { @@ -184,7 +184,7 @@ public void testInsecurePasswordDisplaysErrorMessage() throws Exception { private String createInvitation() { String userEmail = "user" + new SecureRandom().nextInt() + "@example.com"; - return createInvitation(userEmail, userEmail, "http://localhost:8080/app/", Origin.UAA); + return createInvitation(userEmail, userEmail, "http://localhost:8080/app/", OriginKeys.UAA); } private String createInvitation(String username, String userEmail, String redirectUri, String origin) { diff --git a/uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/feature/SamlLoginIT.java b/uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/feature/SamlLoginIT.java index 24ed755d32..74b6d9a861 100644 --- a/uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/feature/SamlLoginIT.java +++ b/uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/feature/SamlLoginIT.java @@ -17,10 +17,10 @@ import com.fasterxml.jackson.databind.JsonMappingException; import com.fasterxml.jackson.databind.ObjectMapper; import org.cloudfoundry.identity.uaa.ServerRunning; -import org.cloudfoundry.identity.uaa.authentication.Origin; import org.cloudfoundry.identity.uaa.client.ClientConstants; import org.cloudfoundry.identity.uaa.config.LockoutPolicy; import org.cloudfoundry.identity.uaa.config.PasswordPolicy; +import org.cloudfoundry.identity.uaa.constants.OriginKeys; import org.cloudfoundry.identity.uaa.integration.util.IntegrationTestUtils; import org.cloudfoundry.identity.uaa.login.saml.SamlIdentityProviderDefinition; import org.cloudfoundry.identity.uaa.login.test.LoginServerClassRunner; @@ -235,7 +235,7 @@ public void failureResponseFromSamlIDP_showErrorFromSaml() throws Exception { SamlIdentityProviderDefinition samlIdentityProviderDefinition = createSimplePHPSamlIDP("simplesamlphp", "testzone3"); IdentityProvider provider = new IdentityProvider(); provider.setIdentityZoneId(zoneId); - provider.setType(Origin.SAML); + provider.setType(OriginKeys.SAML); provider.setActive(true); provider.setConfig(samlIdentityProviderDefinition); provider.setOriginKey(samlIdentityProviderDefinition.getIdpEntityAlias()); @@ -313,7 +313,7 @@ protected BaseClientDetails createClientAndSpecifyProvider(String clientId, Iden ); String email = new RandomValueStringGenerator().generate() +"@samltesting.org"; ScimUser user = IntegrationTestUtils.createUser(adminClient, baseUrl, email, "firstname", "lastname", email, true); - IntegrationTestUtils.makeZoneAdmin(identityClient, baseUrl, user.getId(), Origin.UAA); + IntegrationTestUtils.makeZoneAdmin(identityClient, baseUrl, user.getId(), OriginKeys.UAA); String zoneAdminToken = IntegrationTestUtils.getAuthorizationCodeToken(serverRunning, @@ -393,7 +393,7 @@ public void perform_SamlInvitation_Automatic_Redirect_In_Zone2(String username, SamlIdentityProviderDefinition samlIdentityProviderDefinition = createTestZone2IDP("simplesamlphp"); IdentityProvider provider = new IdentityProvider<>(); provider.setIdentityZoneId(zoneId); - provider.setType(Origin.SAML); + provider.setType(OriginKeys.SAML); provider.setActive(true); provider.setConfig(samlIdentityProviderDefinition); provider.setOriginKey(samlIdentityProviderDefinition.getIdpEntityAlias()); @@ -407,7 +407,7 @@ public void perform_SamlInvitation_Automatic_Redirect_In_Zone2(String username, new LockoutPolicy(10, 10, 10) ); uaaDefinition.setEmailDomain(emptyList ? Collections.EMPTY_LIST : Arrays.asList("*.*","*.*.*")); - IdentityProvider uaaProvider = IntegrationTestUtils.getProvider(zoneAdminToken, baseUrl, zoneId, Origin.UAA); + IdentityProvider uaaProvider = IntegrationTestUtils.getProvider(zoneAdminToken, baseUrl, zoneId, OriginKeys.UAA); uaaProvider.setConfig(uaaDefinition); uaaProvider = IntegrationTestUtils.createOrUpdateProvider(zoneAdminToken,baseUrl,uaaProvider); @@ -492,7 +492,7 @@ public void testSamlLoginClientIDPAuthorizationAutomaticRedirectInZone1() throws SamlIdentityProviderDefinition samlIdentityProviderDefinition = createTestZone1IDP("simplesamlphp"); IdentityProvider provider = new IdentityProvider<>(); provider.setIdentityZoneId(zoneId); - provider.setType(Origin.SAML); + provider.setType(OriginKeys.SAML); provider.setActive(true); provider.setConfig(samlIdentityProviderDefinition); provider.setOriginKey(samlIdentityProviderDefinition.getIdpEntityAlias()); @@ -567,7 +567,7 @@ public void testSamlLogin_Map_Groups_In_Zone1() throws Exception { IdentityProvider provider = new IdentityProvider<>(); provider.setIdentityZoneId(zoneId); - provider.setType(Origin.SAML); + provider.setType(OriginKeys.SAML); provider.setActive(true); provider.setConfig(samlIdentityProviderDefinition); provider.setOriginKey(samlIdentityProviderDefinition.getIdpEntityAlias()); @@ -673,7 +673,7 @@ public void testSamlLogin_Custom_User_Attributes_In_ID_Token() throws Exception IdentityProvider provider = new IdentityProvider(); provider.setIdentityZoneId(zoneId); - provider.setType(Origin.SAML); + provider.setType(OriginKeys.SAML); provider.setActive(true); provider.setConfig(samlIdentityProviderDefinition); provider.setOriginKey(samlIdentityProviderDefinition.getIdpEntityAlias()); @@ -774,7 +774,7 @@ public void testSimpleSamlPhpLoginInTestZone1Works() throws Exception { SamlIdentityProviderDefinition samlIdentityProviderDefinition = createTestZone1IDP("simplesamlphp"); IdentityProvider provider = new IdentityProvider<>(); provider.setIdentityZoneId(zoneId); - provider.setType(Origin.SAML); + provider.setType(OriginKeys.SAML); provider.setActive(true); provider.setConfig(samlIdentityProviderDefinition); provider.setOriginKey(samlIdentityProviderDefinition.getIdpEntityAlias()); @@ -789,7 +789,7 @@ public void testSimpleSamlPhpLoginInTestZone1Works() throws Exception { samlIdentityProviderDefinition1.setMetaDataLocation(getValidRandomIDPMetaData()); IdentityProvider provider1 = new IdentityProvider(); provider1.setIdentityZoneId(zoneId); - provider1.setType(Origin.SAML); + provider1.setType(OriginKeys.SAML); provider1.setActive(true); provider1.setConfig(samlIdentityProviderDefinition1); provider1.setOriginKey(samlIdentityProviderDefinition1.getIdpEntityAlias()); diff --git a/uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/util/IntegrationTestUtils.java b/uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/util/IntegrationTestUtils.java index 0e5a1b0b57..444d4662e7 100644 --- a/uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/util/IntegrationTestUtils.java +++ b/uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/util/IntegrationTestUtils.java @@ -19,7 +19,7 @@ import org.apache.http.client.HttpClient; import org.apache.http.impl.client.HttpClientBuilder; import org.cloudfoundry.identity.uaa.ServerRunning; -import org.cloudfoundry.identity.uaa.authentication.Origin; +import org.cloudfoundry.identity.uaa.constants.OriginKeys; import org.cloudfoundry.identity.uaa.login.saml.SamlIdentityProviderDefinition; import org.cloudfoundry.identity.uaa.rest.SearchResults; import org.cloudfoundry.identity.uaa.scim.ScimGroup; @@ -591,7 +591,7 @@ public static IdentityProvider createIdentityProvider(String originKey, boolean ); String email = new RandomValueStringGenerator().generate() +"@samltesting.org"; ScimUser user = IntegrationTestUtils.createUser(adminClient, baseUrl, email, "firstname", "lastname", email, true); - IntegrationTestUtils.makeZoneAdmin(identityClient, baseUrl, user.getId(), Origin.UAA); + IntegrationTestUtils.makeZoneAdmin(identityClient, baseUrl, user.getId(), OriginKeys.UAA); String zoneAdminToken = IntegrationTestUtils.getAuthorizationCodeToken(serverRunning, @@ -601,11 +601,11 @@ public static IdentityProvider createIdentityProvider(String originKey, boolean email, "secr3T"); - SamlIdentityProviderDefinition samlIdentityProviderDefinition = createSimplePHPSamlIDP(originKey, Origin.UAA); + SamlIdentityProviderDefinition samlIdentityProviderDefinition = createSimplePHPSamlIDP(originKey, OriginKeys.UAA); samlIdentityProviderDefinition.setAddShadowUserOnLogin(addShadowUserOnLogin); IdentityProvider provider = new IdentityProvider(); - provider.setIdentityZoneId(Origin.UAA); - provider.setType(Origin.SAML); + provider.setIdentityZoneId(OriginKeys.UAA); + provider.setType(OriginKeys.SAML); provider.setActive(true); provider.setConfig(samlIdentityProviderDefinition); provider.setOriginKey(samlIdentityProviderDefinition.getIdpEntityAlias()); diff --git a/uaa/src/test/java/org/cloudfoundry/identity/uaa/invitations/InvitationsEndpointMockMvcTests.java b/uaa/src/test/java/org/cloudfoundry/identity/uaa/invitations/InvitationsEndpointMockMvcTests.java index 3d393dba99..5fe5cef3ed 100644 --- a/uaa/src/test/java/org/cloudfoundry/identity/uaa/invitations/InvitationsEndpointMockMvcTests.java +++ b/uaa/src/test/java/org/cloudfoundry/identity/uaa/invitations/InvitationsEndpointMockMvcTests.java @@ -1,10 +1,10 @@ package org.cloudfoundry.identity.uaa.invitations; import com.fasterxml.jackson.core.type.TypeReference; -import org.cloudfoundry.identity.uaa.authentication.Origin; import org.cloudfoundry.identity.uaa.codestore.ExpiringCode; import org.cloudfoundry.identity.uaa.codestore.ExpiringCodeStore; import org.cloudfoundry.identity.uaa.config.IdentityProviderBootstrap; +import org.cloudfoundry.identity.uaa.constants.OriginKeys; import org.cloudfoundry.identity.uaa.mock.InjectedMockContextTest; import org.cloudfoundry.identity.uaa.mock.util.MockMvcUtils; import org.cloudfoundry.identity.uaa.scim.ScimUser; @@ -28,8 +28,8 @@ import java.util.Arrays; import java.util.Map; -import static org.cloudfoundry.identity.uaa.authentication.Origin.ORIGIN; -import static org.cloudfoundry.identity.uaa.authentication.Origin.UAA; +import static org.cloudfoundry.identity.uaa.constants.OriginKeys.ORIGIN; +import static org.cloudfoundry.identity.uaa.constants.OriginKeys.UAA; import static org.cloudfoundry.identity.uaa.mock.util.MockMvcUtils.utils; import static org.hamcrest.CoreMatchers.notNullValue; import static org.hamcrest.CoreMatchers.nullValue; @@ -224,7 +224,7 @@ private void assertResponseAndCodeCorrect(String[] emails, String redirectUrl, S for (int i = 0; i < emails.length; i++) { assertThat(response.getNewInvites().size(), is(emails.length)); assertThat(response.getNewInvites().get(i).getEmail(), is(emails[i])); - assertThat(response.getNewInvites().get(i).getOrigin(), is(Origin.UAA)); + assertThat(response.getNewInvites().get(i).getOrigin(), is(OriginKeys.UAA)); assertThat(response.getNewInvites().get(i).getUserId(), is(notNullValue())); assertThat(response.getNewInvites().get(i).getErrorCode(), is(nullValue())); assertThat(response.getNewInvites().get(i).getErrorMessage(), is(nullValue())); @@ -242,7 +242,7 @@ private void assertResponseAndCodeCorrect(String[] emails, String redirectUrl, S Map data = JsonUtils.readValue(expiringCode.getData(), new TypeReference>() {}); assertThat(data.get(InvitationConstants.USER_ID), is(notNullValue())); assertThat(data.get(InvitationConstants.EMAIL), is(emails[i])); - assertThat(data.get(ORIGIN), is(Origin.UAA)); + assertThat(data.get(ORIGIN), is(OriginKeys.UAA)); assertThat(data.get(CLIENT_ID), is(clientDetails.getClientId())); assertThat(data.get(REDIRECT_URI), is(redirectUrl)); } diff --git a/uaa/src/test/java/org/cloudfoundry/identity/uaa/login/AccountsControllerMockMvcTests.java b/uaa/src/test/java/org/cloudfoundry/identity/uaa/login/AccountsControllerMockMvcTests.java index 676bf089b7..005ba019dc 100644 --- a/uaa/src/test/java/org/cloudfoundry/identity/uaa/login/AccountsControllerMockMvcTests.java +++ b/uaa/src/test/java/org/cloudfoundry/identity/uaa/login/AccountsControllerMockMvcTests.java @@ -3,9 +3,9 @@ import com.dumbster.smtp.SimpleSmtpServer; import com.dumbster.smtp.SmtpMessage; import org.apache.commons.lang3.RandomStringUtils; -import org.cloudfoundry.identity.uaa.authentication.Origin; import org.cloudfoundry.identity.uaa.authentication.UaaPrincipal; import org.cloudfoundry.identity.uaa.codestore.JdbcExpiringCodeStore; +import org.cloudfoundry.identity.uaa.constants.OriginKeys; import org.cloudfoundry.identity.uaa.login.test.MockMvcTestClient; import org.cloudfoundry.identity.uaa.mock.InjectedMockContextTest; import org.cloudfoundry.identity.uaa.mock.util.MockMvcUtils; @@ -247,7 +247,7 @@ public void testCreatingAnAccount() throws Exception { assertThat(authentication.getPrincipal(), instanceOf(UaaPrincipal.class)); UaaPrincipal principal = (UaaPrincipal) authentication.getPrincipal(); assertThat(principal.getEmail(), equalTo(userEmail)); - assertThat(principal.getOrigin(), equalTo(Origin.UAA)); + assertThat(principal.getOrigin(), equalTo(OriginKeys.UAA)); } @Test @@ -275,7 +275,7 @@ public void testCreatingAnAccountWithAnEmptyClientId() throws Exception { assertThat(authentication.getPrincipal(), instanceOf(UaaPrincipal.class)); UaaPrincipal principal = (UaaPrincipal) authentication.getPrincipal(); assertThat(principal.getEmail(), equalTo(userEmail)); - assertThat(principal.getOrigin(), equalTo(Origin.UAA)); + assertThat(principal.getOrigin(), equalTo(OriginKeys.UAA)); } @Test @@ -317,7 +317,7 @@ public void testCreatingAnAccountWithNoClientRedirect() throws Exception { assertThat(authentication.getPrincipal(), instanceOf(UaaPrincipal.class)); UaaPrincipal principal = (UaaPrincipal) authentication.getPrincipal(); assertThat(principal.getEmail(), equalTo(userEmail)); - assertThat(principal.getOrigin(), equalTo(Origin.UAA)); + assertThat(principal.getOrigin(), equalTo(OriginKeys.UAA)); } @Test @@ -369,7 +369,7 @@ public void testCreatingAnAccountInAnotherZoneWithNoClientRedirect() throws Exce assertThat(authentication.getPrincipal(), instanceOf(UaaPrincipal.class)); UaaPrincipal principal = (UaaPrincipal) authentication.getPrincipal(); assertThat(principal.getEmail(), equalTo(userEmail)); - assertThat(principal.getOrigin(), equalTo(Origin.UAA)); + assertThat(principal.getOrigin(), equalTo(OriginKeys.UAA)); } @Test @@ -422,7 +422,7 @@ public void testCreatingAnAccountInAnotherZoneWithClientRedirect() throws Except assertThat(authentication.getPrincipal(), instanceOf(UaaPrincipal.class)); UaaPrincipal principal = (UaaPrincipal) authentication.getPrincipal(); assertThat(principal.getEmail(), equalTo(userEmail)); - assertThat(principal.getOrigin(), equalTo(Origin.UAA)); + assertThat(principal.getOrigin(), equalTo(OriginKeys.UAA)); } @Test @@ -495,6 +495,6 @@ private void createAccount(String expectedRedirectUri, String redirectUri) throw assertThat(authentication.getPrincipal(), instanceOf(UaaPrincipal.class)); UaaPrincipal principal = (UaaPrincipal) authentication.getPrincipal(); assertThat(principal.getEmail(), equalTo(userEmail)); - assertThat(principal.getOrigin(), equalTo(Origin.UAA)); + assertThat(principal.getOrigin(), equalTo(OriginKeys.UAA)); } } diff --git a/uaa/src/test/java/org/cloudfoundry/identity/uaa/login/BootstrapTests.java b/uaa/src/test/java/org/cloudfoundry/identity/uaa/login/BootstrapTests.java index f29e1c5c96..a7f088728f 100755 --- a/uaa/src/test/java/org/cloudfoundry/identity/uaa/login/BootstrapTests.java +++ b/uaa/src/test/java/org/cloudfoundry/identity/uaa/login/BootstrapTests.java @@ -15,7 +15,6 @@ import org.apache.commons.httpclient.contrib.ssl.EasySSLProtocolSocketFactory; import org.apache.commons.httpclient.protocol.DefaultProtocolSocketFactory; import org.apache.tomcat.jdbc.pool.DataSource; -import org.cloudfoundry.identity.uaa.authentication.Origin; import org.cloudfoundry.identity.uaa.authentication.login.Prompt; import org.cloudfoundry.identity.uaa.authentication.manager.PeriodLockoutPolicy; import org.cloudfoundry.identity.uaa.config.KeyPair; @@ -23,6 +22,7 @@ import org.cloudfoundry.identity.uaa.config.PasswordPolicy; import org.cloudfoundry.identity.uaa.config.TokenPolicy; import org.cloudfoundry.identity.uaa.config.YamlServletProfileInitializer; +import org.cloudfoundry.identity.uaa.constants.OriginKeys; import org.cloudfoundry.identity.uaa.login.saml.SamlIdentityProviderConfigurator; import org.cloudfoundry.identity.uaa.login.saml.SamlIdentityProviderDefinition; import org.cloudfoundry.identity.uaa.login.util.FakeJavaMailSender; @@ -421,7 +421,7 @@ public void testBootstrappedIdps_and_ExcludedClaims() throws Exception { assertNotNull(providerProvisioning.retrieveByOrigin(def.getIdpEntityAlias(), IdentityZone.getUaa().getId())); } - assertNotNull(providerProvisioning.retrieveByOrigin(Origin.LDAP, IdentityZone.getUaa().getId())); + assertNotNull(providerProvisioning.retrieveByOrigin(OriginKeys.LDAP, IdentityZone.getUaa().getId())); } @Test diff --git a/uaa/src/test/java/org/cloudfoundry/identity/uaa/login/InvitationsServiceMockMvcTests.java b/uaa/src/test/java/org/cloudfoundry/identity/uaa/login/InvitationsServiceMockMvcTests.java index 08ecaf8747..27b574e4fa 100644 --- a/uaa/src/test/java/org/cloudfoundry/identity/uaa/login/InvitationsServiceMockMvcTests.java +++ b/uaa/src/test/java/org/cloudfoundry/identity/uaa/login/InvitationsServiceMockMvcTests.java @@ -15,7 +15,7 @@ package org.cloudfoundry.identity.uaa.login; import org.cloudfoundry.identity.uaa.AbstractIdentityProviderDefinition; -import org.cloudfoundry.identity.uaa.authentication.Origin; +import org.cloudfoundry.identity.uaa.constants.OriginKeys; import org.cloudfoundry.identity.uaa.ldap.LdapIdentityProviderDefinition; import org.cloudfoundry.identity.uaa.login.saml.SamlIdentityProviderDefinition; import org.cloudfoundry.identity.uaa.login.util.FakeJavaMailSender; @@ -107,7 +107,7 @@ public void clearOutCodeTable() { @Test public void inviteUser_Correct_Origin_Set() throws Exception { String email = new RandomValueStringGenerator().generate().toLowerCase()+"@test.org"; - inviteUser(email, userInviteToken, null, clientId, Origin.UAA); + inviteUser(email, userInviteToken, null, clientId, OriginKeys.UAA); } protected T queryUserForField(String email, String field, Class type) { @@ -118,8 +118,8 @@ protected T queryUserForField(String email, String field, Class type) { @Test public void test_authorize_with_invitation_login() throws Exception { String email = new RandomValueStringGenerator().generate().toLowerCase()+"@test.org"; - URL inviteLink = inviteUser(email, userInviteToken, null, clientId, Origin.UAA); - assertEquals(Origin.UAA, getWebApplicationContext().getBean(JdbcTemplate.class).queryForObject("select origin from users where username=?", new Object[]{email}, String.class)); + URL inviteLink = inviteUser(email, userInviteToken, null, clientId, OriginKeys.UAA); + assertEquals(OriginKeys.UAA, getWebApplicationContext().getBean(JdbcTemplate.class).queryForObject("select origin from users where username=?", new Object[]{email}, String.class)); String code = extractInvitationCode(inviteLink.toString()); MvcResult result = getMockMvc().perform( @@ -161,8 +161,8 @@ public void test_authorize_with_invitation_login() throws Exception { @Test public void accept_invitation_should_not_log_you_in() throws Exception { String email = new RandomValueStringGenerator().generate().toLowerCase()+"@test.org"; - URL inviteLink = inviteUser(email, userInviteToken, null, clientId, Origin.UAA); - assertEquals(Origin.UAA, getWebApplicationContext().getBean(JdbcTemplate.class).queryForObject("select origin from users where username=?", new Object[]{email}, String.class)); + URL inviteLink = inviteUser(email, userInviteToken, null, clientId, OriginKeys.UAA); + assertEquals(OriginKeys.UAA, getWebApplicationContext().getBean(JdbcTemplate.class).queryForObject("select origin from users where username=?", new Object[]{email}, String.class)); String code = extractInvitationCode(inviteLink.toString()); MvcResult result = getMockMvc().perform(get("/invitations/accept") @@ -187,11 +187,11 @@ public void accept_invitation_should_not_log_you_in() throws Exception { @Test public void accept_invitation_for_verified_user_sends_redirect() throws Exception { String email = new RandomValueStringGenerator().generate().toLowerCase() + "@test.org"; - URL inviteLink = inviteUser(email, userInviteToken, null, clientId, Origin.UAA); + URL inviteLink = inviteUser(email, userInviteToken, null, clientId, OriginKeys.UAA); getWebApplicationContext().getBean(JdbcTemplate.class).update("UPDATE users SET verified=true WHERE email=?",email); assertTrue("User should not be verified", queryUserForField(email, "verified", Boolean.class)); - assertEquals(Origin.UAA, queryUserForField(email, Origin.ORIGIN, String.class)); + assertEquals(OriginKeys.UAA, queryUserForField(email, OriginKeys.ORIGIN, String.class)); String code = extractInvitationCode(inviteLink.toString()); getMockMvc().perform( @@ -206,10 +206,10 @@ public void accept_invitation_for_verified_user_sends_redirect() throws Exceptio @Test public void accept_invitation_sets_your_password() throws Exception { String email = new RandomValueStringGenerator().generate().toLowerCase()+"@test.org"; - URL inviteLink = inviteUser(email, userInviteToken, null, clientId, Origin.UAA); + URL inviteLink = inviteUser(email, userInviteToken, null, clientId, OriginKeys.UAA); assertFalse("User should not be verified", queryUserForField(email, "verified", Boolean.class)); - assertEquals(Origin.UAA, queryUserForField(email, Origin.ORIGIN, String.class)); + assertEquals(OriginKeys.UAA, queryUserForField(email, OriginKeys.ORIGIN, String.class)); String code = extractInvitationCode(inviteLink.toString()); MvcResult result = getMockMvc().perform(get("/invitations/accept") @@ -252,13 +252,13 @@ public void invite_ldap_users_verifies_and_redirects() throws Exception { String domain = generator.generate().toLowerCase()+".com"; definition.setEmailDomain(Arrays.asList(domain)); - IdentityProvider provider = createIdentityProvider(zone.getZone(), Origin.LDAP, definition); + IdentityProvider provider = createIdentityProvider(zone.getZone(), OriginKeys.LDAP, definition); String email = new RandomValueStringGenerator().generate().toLowerCase()+"@"+domain; URL inviteLink = inviteUser(email, zone.getAdminToken(), zone.getZone().getIdentityZone().getSubdomain(), zone.getScimInviteClient().getClientId(), provider.getOriginKey()); String code = extractInvitationCode(inviteLink.toString()); assertFalse("User should not be verified", queryUserForField(email, "verified", Boolean.class)); - assertEquals(Origin.LDAP, queryUserForField(email, Origin.ORIGIN, String.class)); + assertEquals(OriginKeys.LDAP, queryUserForField(email, OriginKeys.ORIGIN, String.class)); ResultActions actions = getMockMvc().perform(get("/invitations/accept") .param("code", code) @@ -288,7 +288,7 @@ public void invite_saml_user_will_redirect_upon_accept() throws Exception { String code = extractInvitationCode(inviteLink.toString()); assertFalse("User should not be verified", queryUserForField(email, "verified", Boolean.class)); - assertEquals(originKey, queryUserForField(email, Origin.ORIGIN, String.class)); + assertEquals(originKey, queryUserForField(email, OriginKeys.ORIGIN, String.class)); //should redirect to saml provider getMockMvc().perform( @@ -307,7 +307,7 @@ public void invite_saml_user_will_redirect_upon_accept() throws Exception { ); - assertEquals(provider.getOriginKey(), queryUserForField(email, Origin.ORIGIN, String.class)); + assertEquals(provider.getOriginKey(), queryUserForField(email, OriginKeys.ORIGIN, String.class)); assertFalse("Saml user should not yet be verified after clicking on the accept link", queryUserForField(email, "verified", Boolean.class)); } diff --git a/uaa/src/test/java/org/cloudfoundry/identity/uaa/login/LoginMockMvcTests.java b/uaa/src/test/java/org/cloudfoundry/identity/uaa/login/LoginMockMvcTests.java index ac000deeea..39d0fab360 100644 --- a/uaa/src/test/java/org/cloudfoundry/identity/uaa/login/LoginMockMvcTests.java +++ b/uaa/src/test/java/org/cloudfoundry/identity/uaa/login/LoginMockMvcTests.java @@ -12,7 +12,6 @@ *******************************************************************************/ package org.cloudfoundry.identity.uaa.login; -import org.cloudfoundry.identity.uaa.authentication.Origin; import org.cloudfoundry.identity.uaa.authentication.UaaPrincipal; import org.cloudfoundry.identity.uaa.authentication.WhitelistLogoutHandler; import org.cloudfoundry.identity.uaa.authentication.login.LoginInfoEndpoint; @@ -20,6 +19,7 @@ import org.cloudfoundry.identity.uaa.client.ClientConstants; import org.cloudfoundry.identity.uaa.codestore.JdbcExpiringCodeStore; import org.cloudfoundry.identity.uaa.config.LockoutPolicy; +import org.cloudfoundry.identity.uaa.constants.OriginKeys; import org.cloudfoundry.identity.uaa.login.saml.IdentityProviderConfiguratorTests; import org.cloudfoundry.identity.uaa.login.saml.SamlIdentityProviderDefinition; import org.cloudfoundry.identity.uaa.mock.InjectedMockContextTest; @@ -620,7 +620,7 @@ public void testSamlLoginLinksShowActiveProviders() throws Exception { String metadata = String.format(MockMvcUtils.IDP_META_DATA, new RandomValueStringGenerator().generate()); SamlIdentityProviderDefinition activeSamlIdentityProviderDefinition = new SamlIdentityProviderDefinition(metadata, activeAlias, null, 0, false, true, "Active SAML Provider", null, identityZone.getId()); IdentityProvider activeIdentityProvider = new IdentityProvider(); - activeIdentityProvider.setType(Origin.SAML); + activeIdentityProvider.setType(OriginKeys.SAML); activeIdentityProvider.setName("Active SAML Provider"); activeIdentityProvider.setConfig(activeSamlIdentityProviderDefinition); activeIdentityProvider.setActive(true); @@ -630,7 +630,7 @@ public void testSamlLoginLinksShowActiveProviders() throws Exception { metadata = String.format(MockMvcUtils.IDP_META_DATA, new RandomValueStringGenerator().generate()); SamlIdentityProviderDefinition inactiveSamlIdentityProviderDefinition = new SamlIdentityProviderDefinition(metadata, inactiveAlias, null, 0, false, true, "You should not see me", null, identityZone.getId()); IdentityProvider inactiveIdentityProvider = new IdentityProvider(); - inactiveIdentityProvider.setType(Origin.SAML); + inactiveIdentityProvider.setType(OriginKeys.SAML); inactiveIdentityProvider.setName("Inactive SAML Provider"); inactiveIdentityProvider.setConfig(inactiveSamlIdentityProviderDefinition); inactiveIdentityProvider.setActive(false); @@ -657,7 +657,7 @@ public void testSamlRedirectWhenTheOnlyProvider() throws Exception { String metadata = String.format(MockMvcUtils.IDP_META_DATA, new RandomValueStringGenerator().generate()); SamlIdentityProviderDefinition activeSamlIdentityProviderDefinition = new SamlIdentityProviderDefinition(metadata, alias, null, 0, false, true, "Active SAML Provider", null, identityZone.getId()); IdentityProvider activeIdentityProvider = new IdentityProvider(); - activeIdentityProvider.setType(Origin.SAML); + activeIdentityProvider.setType(OriginKeys.SAML); activeIdentityProvider.setName("Active SAML Provider"); activeIdentityProvider.setActive(true); activeIdentityProvider.setConfig(activeSamlIdentityProviderDefinition); @@ -721,7 +721,7 @@ public void testNoCreateAccountLinksWhenUAAisNotAllowedProvider() throws Excepti identityZone.getId() ); IdentityProvider activeIdentityProvider3 = new IdentityProvider(); - activeIdentityProvider3.setType(Origin.SAML); + activeIdentityProvider3.setType(OriginKeys.SAML); activeIdentityProvider3.setName("Active 3 SAML Provider"); activeIdentityProvider3.setActive(true); activeIdentityProvider3.setConfig(activeSamlIdentityProviderDefinition3); @@ -730,7 +730,7 @@ public void testNoCreateAccountLinksWhenUAAisNotAllowedProvider() throws Excepti SamlIdentityProviderDefinition activeSamlIdentityProviderDefinition2 = new SamlIdentityProviderDefinition(String.format(IdentityProviderConfiguratorTests.xmlWithoutID,"http://example2.com/saml/metadata"), alias2, null, 0, false, true, "Active2 SAML Provider", null, identityZone.getId()); IdentityProvider activeIdentityProvider2 = new IdentityProvider(); - activeIdentityProvider2.setType(Origin.SAML); + activeIdentityProvider2.setType(OriginKeys.SAML); activeIdentityProvider2.setName("Active 2 SAML Provider"); activeIdentityProvider2.setActive(true); activeIdentityProvider2.setConfig(activeSamlIdentityProviderDefinition2); @@ -786,7 +786,7 @@ public void testDeactivatedProviderIsRemovedFromSamlLoginLinks() throws Exceptio String metadata = String.format(MockMvcUtils.IDP_META_DATA, new RandomValueStringGenerator().generate()); SamlIdentityProviderDefinition samlIdentityProviderDefinition = new SamlIdentityProviderDefinition(metadata, alias, null, 0, false, true, "SAML Provider", null, identityZone.getId()); IdentityProvider identityProvider = new IdentityProvider(); - identityProvider.setType(Origin.SAML); + identityProvider.setType(OriginKeys.SAML); identityProvider.setName("SAML Provider"); identityProvider.setActive(true); identityProvider.setConfig(samlIdentityProviderDefinition); @@ -1225,7 +1225,7 @@ public void autologin_with_validCode_RedirectsToHome() throws Exception { private void changeLockoutPolicyForIdpInZone(IdentityZone zone) throws Exception { IdentityProviderProvisioning identityProviderProvisioning = getWebApplicationContext().getBean(IdentityProviderProvisioning.class); - IdentityProvider identityProvider = identityProviderProvisioning.retrieveByOrigin(Origin.UAA, zone.getId()); + IdentityProvider identityProvider = identityProviderProvisioning.retrieveByOrigin(OriginKeys.UAA, zone.getId()); LockoutPolicy policy = new LockoutPolicy(); policy.setLockoutAfterFailures(2); diff --git a/uaa/src/test/java/org/cloudfoundry/identity/uaa/login/PasscodeMockMvcTests.java b/uaa/src/test/java/org/cloudfoundry/identity/uaa/login/PasscodeMockMvcTests.java index ad5f87dc49..cd86821fce 100644 --- a/uaa/src/test/java/org/cloudfoundry/identity/uaa/login/PasscodeMockMvcTests.java +++ b/uaa/src/test/java/org/cloudfoundry/identity/uaa/login/PasscodeMockMvcTests.java @@ -1,10 +1,10 @@ package org.cloudfoundry.identity.uaa.login; import org.apache.commons.codec.binary.Base64; -import org.cloudfoundry.identity.uaa.authentication.Origin; import org.cloudfoundry.identity.uaa.authentication.UaaAuthentication; import org.cloudfoundry.identity.uaa.authentication.UaaAuthenticationDetails; import org.cloudfoundry.identity.uaa.authentication.UaaPrincipal; +import org.cloudfoundry.identity.uaa.constants.OriginKeys; import org.cloudfoundry.identity.uaa.login.saml.LoginSamlAuthenticationToken; import org.cloudfoundry.identity.uaa.mock.InjectedMockContextTest; import org.cloudfoundry.identity.uaa.oauth.RemoteUserAuthentication; @@ -83,7 +83,7 @@ public void setUp() throws Exception { } } UaaUserDatabase db = getWebApplicationContext().getBean(UaaUserDatabase.class); - marissa = new UaaPrincipal(db.retrieveUserByName(USERNAME, Origin.UAA)); + marissa = new UaaPrincipal(db.retrieveUserByName(USERNAME, OriginKeys.UAA)); } } diff --git a/uaa/src/test/java/org/cloudfoundry/identity/uaa/login/ResetPasswordControllerMockMvcTests.java b/uaa/src/test/java/org/cloudfoundry/identity/uaa/login/ResetPasswordControllerMockMvcTests.java index c269e9a90a..46e6f95ca7 100644 --- a/uaa/src/test/java/org/cloudfoundry/identity/uaa/login/ResetPasswordControllerMockMvcTests.java +++ b/uaa/src/test/java/org/cloudfoundry/identity/uaa/login/ResetPasswordControllerMockMvcTests.java @@ -12,11 +12,11 @@ *******************************************************************************/ package org.cloudfoundry.identity.uaa.login; -import org.cloudfoundry.identity.uaa.authentication.Origin; import org.cloudfoundry.identity.uaa.authentication.UaaPrincipal; import org.cloudfoundry.identity.uaa.codestore.ExpiringCode; import org.cloudfoundry.identity.uaa.codestore.ExpiringCodeStore; import org.cloudfoundry.identity.uaa.codestore.JdbcExpiringCodeStore; +import org.cloudfoundry.identity.uaa.constants.OriginKeys; import org.cloudfoundry.identity.uaa.mock.InjectedMockContextTest; import org.cloudfoundry.identity.uaa.mock.util.MockMvcUtils; import org.cloudfoundry.identity.uaa.mock.util.MockMvcUtils.PredictableGenerator; @@ -94,7 +94,7 @@ public void testResettingAPasswordUsingUsernameToEnsureNoModification() throws E assertThat(principal.getId(), equalTo(users.get(0).getId())); assertThat(principal.getName(), equalTo(users.get(0).getUserName())); assertThat(principal.getEmail(), equalTo(users.get(0).getPrimaryEmail())); - assertThat(principal.getOrigin(), equalTo(Origin.UAA)); + assertThat(principal.getOrigin(), equalTo(OriginKeys.UAA)); } @Test @@ -255,7 +255,7 @@ public void testResettingAPasswordUsingTimestampForUserModification() throws Exc assertThat(principal.getId(), equalTo(users.get(0).getId())); assertThat(principal.getName(), equalTo(users.get(0).getUserName())); assertThat(principal.getEmail(), equalTo(users.get(0).getPrimaryEmail())); - assertThat(principal.getOrigin(), equalTo(Origin.UAA)); + assertThat(principal.getOrigin(), equalTo(OriginKeys.UAA)); } @Test diff --git a/uaa/src/test/java/org/cloudfoundry/identity/uaa/login/saml/LoginSamlAuthenticationProviderTests.java b/uaa/src/test/java/org/cloudfoundry/identity/uaa/login/saml/LoginSamlAuthenticationProviderTests.java index 25063d1a59..4ebec3ada8 100644 --- a/uaa/src/test/java/org/cloudfoundry/identity/uaa/login/saml/LoginSamlAuthenticationProviderTests.java +++ b/uaa/src/test/java/org/cloudfoundry/identity/uaa/login/saml/LoginSamlAuthenticationProviderTests.java @@ -15,8 +15,10 @@ package org.cloudfoundry.identity.uaa.login.saml; import org.cloudfoundry.identity.uaa.authentication.Origin; +import org.cloudfoundry.identity.uaa.ExternalIdentityProviderDefinition; import org.cloudfoundry.identity.uaa.authentication.UaaAuthentication; import org.cloudfoundry.identity.uaa.authentication.manager.AuthEvent; +import org.cloudfoundry.identity.uaa.constants.OriginKeys; import org.cloudfoundry.identity.uaa.rest.jdbc.JdbcPagingListFactory; import org.cloudfoundry.identity.uaa.scim.ScimGroup; import org.cloudfoundry.identity.uaa.scim.ScimGroupProvisioning; @@ -152,9 +154,9 @@ public void configureProvider() throws Exception { JdbcScimGroupExternalMembershipManager externalManager = new JdbcScimGroupExternalMembershipManager(jdbcTemplate, new JdbcPagingListFactory(jdbcTemplate, limitSqlAdapter)); externalManager.setScimGroupProvisioning(groupProvisioning); - externalManager.mapExternalGroup(uaaSamlUser.getId(), SAML_USER, Origin.SAML); - externalManager.mapExternalGroup(uaaSamlAdmin.getId(), SAML_ADMIN, Origin.SAML); - externalManager.mapExternalGroup(uaaSamlTest.getId(), SAML_TEST, Origin.SAML); + externalManager.mapExternalGroup(uaaSamlUser.getId(), SAML_USER, OriginKeys.SAML); + externalManager.mapExternalGroup(uaaSamlAdmin.getId(), SAML_ADMIN, OriginKeys.SAML); + externalManager.mapExternalGroup(uaaSamlTest.getId(), SAML_TEST, OriginKeys.SAML); consumer = mock(WebSSOProfileConsumer.class); credential = getUserCredential("marissa-saml", "Marissa", "Bloggs", "marissa.bloggs@test.com", "1234567890"); @@ -184,12 +186,12 @@ public void configureProvider() throws Exception { provider = new IdentityProvider(); provider.setIdentityZoneId(IdentityZone.getUaa().getId()); - provider.setOriginKey(Origin.SAML); + provider.setOriginKey(OriginKeys.SAML); provider.setName("saml-test"); provider.setActive(true); - provider.setType(Origin.SAML); - providerDefinition.setMetaDataLocation(String.format(IDP_META_DATA, Origin.SAML)); - providerDefinition.setIdpEntityAlias(Origin.SAML); + provider.setType(OriginKeys.SAML); + providerDefinition.setMetaDataLocation(String.format(IDP_META_DATA, OriginKeys.SAML)); + providerDefinition.setIdpEntityAlias(OriginKeys.SAML); provider.setConfig(providerDefinition); provider = providerProvisioning.create(provider); } @@ -217,7 +219,7 @@ private SAMLCredential getUserCredential(String username, String firstName, Stri @Test public void testAuthenticateSimple() { - authprovider.authenticate(mockSamlAuthentication(Origin.SAML)); + authprovider.authenticate(mockSamlAuthentication(OriginKeys.SAML)); } @Test @@ -364,7 +366,7 @@ public void update_existingUser_if_attributes_different() throws Exception { when(consumer.processAuthenticationResponse(anyObject())).thenReturn(credential); getAuthentication(); - UaaUser user = userDatabase.retrieveUserByName("marissa-saml", Origin.SAML); + UaaUser user = userDatabase.retrieveUserByName("marissa-saml", OriginKeys.SAML); assertEquals("Marissa-changed", user.getGivenName()); assertEquals("marissa.bloggs@change.org", user.getEmail()); } @@ -372,10 +374,10 @@ public void update_existingUser_if_attributes_different() throws Exception { @Test public void dont_update_existingUser_if_attributes_areTheSame() throws Exception { getAuthentication(); - UaaUser user = userDatabase.retrieveUserByName("marissa-saml", Origin.SAML); + UaaUser user = userDatabase.retrieveUserByName("marissa-saml", OriginKeys.SAML); getAuthentication(); - UaaUser existingUser = userDatabase.retrieveUserByName("marissa-saml", Origin.SAML); + UaaUser existingUser = userDatabase.retrieveUserByName("marissa-saml", OriginKeys.SAML); assertEquals(existingUser.getModified(), user.getModified()); } @@ -392,7 +394,7 @@ public void shadowAccount_createdWith_MappedUserAttributes() throws Exception { providerProvisioning.update(provider); getAuthentication(); - UaaUser user = userDatabase.retrieveUserByName("marissa-saml", Origin.SAML); + UaaUser user = userDatabase.retrieveUserByName("marissa-saml", OriginKeys.SAML); assertEquals("Marissa", user.getGivenName()); assertEquals("Bloggs", user.getFamilyName()); assertEquals("marissa.bloggs@test.com", user.getEmail()); @@ -409,7 +411,7 @@ public void shadowUser_GetsCreatedWithDefaultValues_IfAttributeNotMapped() throw providerProvisioning.update(provider); UaaAuthentication authentication = getAuthentication(); - UaaUser user = userDatabase.retrieveUserByName("marissa-saml", Origin.SAML); + UaaUser user = userDatabase.retrieveUserByName("marissa-saml", OriginKeys.SAML); assertEquals("marissa.bloggs", user.getGivenName()); assertEquals("test.com", user.getFamilyName()); assertEquals("marissa.bloggs@test.com", user.getEmail()); @@ -442,7 +444,7 @@ public void user_authentication_contains_custom_attributes() throws Exception { } protected UaaAuthentication getAuthentication() { - Authentication authentication = authprovider.authenticate(mockSamlAuthentication(Origin.SAML)); + Authentication authentication = authprovider.authenticate(mockSamlAuthentication(OriginKeys.SAML)); assertNotNull("Authentication should exist", authentication); assertTrue("Authentication should be UaaAuthentication", authentication instanceof UaaAuthentication); return (UaaAuthentication)authentication; diff --git a/uaa/src/test/java/org/cloudfoundry/identity/uaa/login/saml/SamlIDPRefreshMockMvcTests.java b/uaa/src/test/java/org/cloudfoundry/identity/uaa/login/saml/SamlIDPRefreshMockMvcTests.java index b47a8be593..3175a0dab3 100644 --- a/uaa/src/test/java/org/cloudfoundry/identity/uaa/login/saml/SamlIDPRefreshMockMvcTests.java +++ b/uaa/src/test/java/org/cloudfoundry/identity/uaa/login/saml/SamlIDPRefreshMockMvcTests.java @@ -12,9 +12,9 @@ *******************************************************************************/ package org.cloudfoundry.identity.uaa.login.saml; -import org.cloudfoundry.identity.uaa.authentication.Origin; import org.cloudfoundry.identity.uaa.config.IdentityZoneConfiguration; import org.cloudfoundry.identity.uaa.config.SamlConfig; +import org.cloudfoundry.identity.uaa.constants.OriginKeys; import org.cloudfoundry.identity.uaa.mock.InjectedMockContextTest; import org.cloudfoundry.identity.uaa.mock.util.MockMvcUtils; import org.cloudfoundry.identity.uaa.test.UaaTestAccounts; @@ -83,7 +83,7 @@ public void setUpContext() throws Exception { @After public void cleanSamlProviders() throws Exception { - jdbcTemplate.update("UPDATE identity_provider SET active=? WHERE type=?", false, Origin.SAML); + jdbcTemplate.update("UPDATE identity_provider SET active=? WHERE type=?", false, OriginKeys.SAML); for (SamlIdentityProviderDefinition definition : configurator.getIdentityProviderDefinitions()) { configurator.removeIdentityProviderDefinition(definition); } @@ -104,7 +104,7 @@ public void cleanSamlProviders() throws Exception { //all we have left is the local provider assertEquals(1, zoneAwareMetadataManager.getManager(zone).getAvailableProviders().size()); } - jdbcTemplate.update("delete from identity_provider where type=?", Origin.SAML); + jdbcTemplate.update("delete from identity_provider where type=?", OriginKeys.SAML); SecurityContextHolder.clearContext(); IdentityZoneHolder.clear(); } @@ -463,7 +463,7 @@ public IdentityProvider createSamlProvider(Strin provider.setIdentityZoneId(IdentityZone.getUaa().getId()); provider.setOriginKey(alias); provider.setName("DB Added SAML Provider"); - provider.setType(Origin.SAML); + provider.setType(OriginKeys.SAML); provider = providerProvisioning.create(provider); return provider; } diff --git a/uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/ldap/LdapMockMvcTests.java b/uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/ldap/LdapMockMvcTests.java index ac5ede9b16..ec63d39e8e 100644 --- a/uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/ldap/LdapMockMvcTests.java +++ b/uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/ldap/LdapMockMvcTests.java @@ -13,10 +13,10 @@ package org.cloudfoundry.identity.uaa.mock.ldap; import org.cloudfoundry.identity.uaa.TestClassNullifier; -import org.cloudfoundry.identity.uaa.authentication.Origin; import org.cloudfoundry.identity.uaa.authentication.UaaAuthentication; import org.cloudfoundry.identity.uaa.authentication.manager.AuthzAuthenticationManager; import org.cloudfoundry.identity.uaa.authentication.manager.DynamicZoneAwareAuthenticationManager; +import org.cloudfoundry.identity.uaa.constants.OriginKeys; import org.cloudfoundry.identity.uaa.ldap.ExtendedLdapUserMapper; import org.cloudfoundry.identity.uaa.ldap.LdapIdentityProviderDefinition; import org.cloudfoundry.identity.uaa.ldap.ProcessLdapProperties; @@ -225,7 +225,7 @@ public void tearDown() throws Exception { } private void deleteLdapUsers() { - jdbcTemplate.update("delete from users where origin='" + Origin.LDAP + "'"); + jdbcTemplate.update("delete from users where origin='" + OriginKeys.LDAP + "'"); } public void acceptInvitation_for_ldap_user_whose_username_is_not_email() throws Exception { @@ -252,14 +252,14 @@ public void acceptInvitation_for_ldap_user_whose_username_is_not_email() throws 10, true); definition.setEmailDomain(Arrays.asList("test.com")); - utils().createIdentityProvider(mockMvc, zone.getZone(), Origin.LDAP, definition); + utils().createIdentityProvider(mockMvc, zone.getZone(), OriginKeys.LDAP, definition); - URL url = utils().inviteUser(mainContext, mockMvc, email, zone.getAdminToken(), zone.getZone().getIdentityZone().getSubdomain(), zone.getScimInviteClient().getClientId(), Origin.LDAP, REDIRECT_URI); + URL url = utils().inviteUser(mainContext, mockMvc, email, zone.getAdminToken(), zone.getZone().getIdentityZone().getSubdomain(), zone.getScimInviteClient().getClientId(), OriginKeys.LDAP, REDIRECT_URI); String code = utils().extractInvitationCode(url.toString()); String userInfoOrigin = mainContext.getBean(JdbcTemplate.class).queryForObject("select origin from users where email=? and identity_zone_id=?", String.class, email, zone.getZone().getIdentityZone().getId()); String userInfoId = mainContext.getBean(JdbcTemplate.class).queryForObject("select id from users where email=? and identity_zone_id=?", String.class, email, zone.getZone().getIdentityZone().getId()); - assertEquals(Origin.LDAP, userInfoOrigin); + assertEquals(OriginKeys.LDAP, userInfoOrigin); ResultActions actions = mockMvc.perform(get("/invitations/accept") .param("code", code) @@ -289,7 +289,7 @@ public void acceptInvitation_for_ldap_user_whose_username_is_not_email() throws String newUserInfoId = mainContext.getBean(JdbcTemplate.class).queryForObject("select id from users where email=? and identity_zone_id=?", String.class, email, zone.getZone().getIdentityZone().getId()); String newUserInfoOrigin = mainContext.getBean(JdbcTemplate.class).queryForObject("select origin from users where email=? and identity_zone_id=?", String.class, email, zone.getZone().getIdentityZone().getId()); String newUserInfoUsername = mainContext.getBean(JdbcTemplate.class).queryForObject("select username from users where email=? and identity_zone_id=?", String.class, email, zone.getZone().getIdentityZone().getId()); - assertEquals(Origin.LDAP, newUserInfoOrigin); + assertEquals(OriginKeys.LDAP, newUserInfoOrigin); assertEquals("marissa2", newUserInfoUsername); //ensure that a new user wasn't created assertEquals(userInfoId, newUserInfoId); @@ -298,7 +298,7 @@ public void acceptInvitation_for_ldap_user_whose_username_is_not_email() throws //email mismatch mainContext.getBean(JdbcTemplate.class).update("delete from expiring_code_store"); email = "different@test.com"; - url = utils().inviteUser(mainContext, mockMvc, email, zone.getAdminToken(), zone.getZone().getIdentityZone().getSubdomain(), zone.getScimInviteClient().getClientId(), Origin.LDAP, REDIRECT_URI); + url = utils().inviteUser(mainContext, mockMvc, email, zone.getAdminToken(), zone.getZone().getIdentityZone().getSubdomain(), zone.getScimInviteClient().getClientId(), OriginKeys.LDAP, REDIRECT_URI); code = utils().extractInvitationCode(url.toString()); actions = mockMvc.perform(get("/invitations/accept") @@ -335,7 +335,7 @@ public void test_whitelisted_external_groups() throws Exception { Assume.assumeThat("ldap-groups-map-to-scopes.xml, ldap-groups-as-scopes.xml", StringContains.containsString(ldapGroup)); setUp(); IdentityProviderProvisioning idpProvisioning = mainContext.getBean(IdentityProviderProvisioning.class); - IdentityProvider idp = idpProvisioning.retrieveByOrigin(Origin.LDAP, IdentityZone.getUaa().getId()); + IdentityProvider idp = idpProvisioning.retrieveByOrigin(OriginKeys.LDAP, IdentityZone.getUaa().getId()); LdapIdentityProviderDefinition def = idp.getConfig(); def.addWhiteListedGroup("admins"); def.addWhiteListedGroup("thirdmarissa"); @@ -445,9 +445,9 @@ public void testLdapConfigurationBeforeSave() throws Exception { ); IdentityProvider provider = new IdentityProvider(); - provider.setOriginKey(Origin.LDAP); + provider.setOriginKey(OriginKeys.LDAP); provider.setName("Test ldap provider"); - provider.setType(Origin.LDAP); + provider.setType(OriginKeys.LDAP); provider.setConfig(definition); provider.setActive(true); provider.setIdentityZoneId(zone.getId()); @@ -693,9 +693,9 @@ public void testLoginInNonDefaultZone() throws Exception { ); IdentityProvider provider = new IdentityProvider(); - provider.setOriginKey(Origin.LDAP); + provider.setOriginKey(OriginKeys.LDAP); provider.setName("Test ldap provider"); - provider.setType(Origin.LDAP); + provider.setType(OriginKeys.LDAP); provider.setConfig(definition); provider.setActive(true); provider.setIdentityZoneId(zone.getId()); @@ -710,10 +710,10 @@ public void testLoginInNonDefaultZone() throws Exception { .andExpect(redirectedUrl("/")); IdentityZoneHolder.set(zone); - UaaUser user = userDatabase.retrieveUserByName("marissa2",Origin.LDAP); + UaaUser user = userDatabase.retrieveUserByName("marissa2", OriginKeys.LDAP); IdentityZoneHolder.clear(); assertNotNull(user); - assertEquals(Origin.LDAP, user.getOrigin()); + assertEquals(OriginKeys.LDAP, user.getOrigin()); assertEquals(zone.getId(), user.getZoneId()); provider.setActive(false); @@ -756,10 +756,10 @@ public void testLoginInNonDefaultZone() throws Exception { .andExpect(redirectedUrl("/")); IdentityZoneHolder.set(zone); - user = userDatabase.retrieveUserByName("marissa2",Origin.LDAP); + user = userDatabase.retrieveUserByName("marissa2", OriginKeys.LDAP); IdentityZoneHolder.clear(); assertNotNull(user); - assertEquals(Origin.LDAP, user.getOrigin()); + assertEquals(OriginKeys.LDAP, user.getOrigin()); assertEquals(zone.getId(), user.getZoneId()); assertEquals("marissa2@ldaptest.com", user.getEmail()); } @@ -793,9 +793,9 @@ public void testLogin_partial_result_exception_on_group_search() throws Exceptio ); IdentityProvider provider = new IdentityProvider(); - provider.setOriginKey(Origin.LDAP); + provider.setOriginKey(OriginKeys.LDAP); provider.setName("Test ldap provider"); - provider.setType(Origin.LDAP); + provider.setType(OriginKeys.LDAP); provider.setConfig(definition); provider.setActive(true); provider.setIdentityZoneId(zone.getId()); @@ -810,10 +810,10 @@ public void testLogin_partial_result_exception_on_group_search() throws Exceptio .andExpect(redirectedUrl("/")); IdentityZoneHolder.set(zone); - UaaUser user = userDatabase.retrieveUserByName("marissa8",Origin.LDAP); + UaaUser user = userDatabase.retrieveUserByName("marissa8", OriginKeys.LDAP); IdentityZoneHolder.clear(); assertNotNull(user); - assertEquals(Origin.LDAP, user.getOrigin()); + assertEquals(OriginKeys.LDAP, user.getOrigin()); assertEquals(zone.getId(), user.getZoneId()); } @@ -865,7 +865,7 @@ public void runLdapTestblock() throws Exception { public Object getBean(String name) { IdentityProviderProvisioning provisioning = mainContext.getBean(IdentityProviderProvisioning.class); - IdentityProvider ldapProvider = provisioning.retrieveByOrigin(Origin.LDAP, IdentityZoneHolder.get().getId()); + IdentityProvider ldapProvider = provisioning.retrieveByOrigin(OriginKeys.LDAP, IdentityZoneHolder.get().getId()); DynamicZoneAwareAuthenticationManager zm = mainContext.getBean(DynamicZoneAwareAuthenticationManager.class); zm.getLdapAuthenticationManager(IdentityZone.getUaa(), ldapProvider).getLdapAuthenticationManager(); return zm.getLdapAuthenticationManager(IdentityZone.getUaa(), ldapProvider).getContext().getBean(name); @@ -873,7 +873,7 @@ public Object getBean(String name) { public T getBean(Class clazz) { IdentityProviderProvisioning provisioning = mainContext.getBean(IdentityProviderProvisioning.class); - IdentityProvider ldapProvider = provisioning.retrieveByOrigin(Origin.LDAP, IdentityZoneHolder.get().getId()); + IdentityProvider ldapProvider = provisioning.retrieveByOrigin(OriginKeys.LDAP, IdentityZoneHolder.get().getId()); DynamicZoneAwareAuthenticationManager zm = mainContext.getBean(DynamicZoneAwareAuthenticationManager.class); zm.getLdapAuthenticationManager(IdentityZone.getUaa(), ldapProvider).getLdapAuthenticationManager(); return zm.getLdapAuthenticationManager(IdentityZone.getUaa(), ldapProvider).getContext().getBean(clazz); @@ -927,7 +927,7 @@ public void testExtendedAttributes() throws Exception { public void testAuthenticateInactiveIdp() throws Exception { IdentityProviderProvisioning provisioning = mainContext.getBean(IdentityProviderProvisioning.class); - IdentityProvider ldapProvider = provisioning.retrieveByOrigin(Origin.LDAP, IdentityZone.getUaa().getId()); + IdentityProvider ldapProvider = provisioning.retrieveByOrigin(OriginKeys.LDAP, IdentityZone.getUaa().getId()); try { ldapProvider.setActive(false); ldapProvider = provisioning.update(ldapProvider); @@ -958,7 +958,7 @@ public void validateOriginForNonLdapUser() throws Exception { MvcResult result = performAuthentication(username, password); assertThat(result.getResponse().getContentAsString(), containsString("\"username\":\"" + username + "\"")); assertThat(result.getResponse().getContentAsString(), containsString("\"email\":\"marissa@test.org\"")); - assertEquals(Origin.UAA, getOrigin(username)); + assertEquals(OriginKeys.UAA, getOrigin(username)); } public void validateOriginAndEmailForLdapUser() throws Exception { @@ -1053,19 +1053,19 @@ private String getOrigin(String username) { } private String getEmail(String username) { - return jdbcTemplate.queryForObject("select email from users where username='" + username + "' and origin='" + Origin.LDAP + "'", String.class); + return jdbcTemplate.queryForObject("select email from users where username='" + username + "' and origin='" + OriginKeys.LDAP + "'", String.class); } private String getGivenName(String username) { - return jdbcTemplate.queryForObject("select givenname from users where username='" + username + "' and origin='" + Origin.LDAP + "'", String.class); + return jdbcTemplate.queryForObject("select givenname from users where username='" + username + "' and origin='" + OriginKeys.LDAP + "'", String.class); } private String getFamilyName(String username) { - return jdbcTemplate.queryForObject("select familyname from users where username='" + username + "' and origin='" + Origin.LDAP + "'", String.class); + return jdbcTemplate.queryForObject("select familyname from users where username='" + username + "' and origin='" + OriginKeys.LDAP + "'", String.class); } private String getPhoneNumber(String username) { - return jdbcTemplate.queryForObject("select phonenumber from users where username='" + username + "' and origin='" + Origin.LDAP + "'", String.class); + return jdbcTemplate.queryForObject("select phonenumber from users where username='" + username + "' and origin='" + OriginKeys.LDAP + "'", String.class); } private MvcResult performAuthentication(String username, String password) throws Exception { diff --git a/uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/token/TokenMvcMockTests.java b/uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/token/TokenMvcMockTests.java index 83992f60a5..3dd77908bb 100644 --- a/uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/token/TokenMvcMockTests.java +++ b/uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/token/TokenMvcMockTests.java @@ -13,13 +13,13 @@ package org.cloudfoundry.identity.uaa.mock.token; import com.fasterxml.jackson.core.type.TypeReference; -import org.cloudfoundry.identity.uaa.authentication.Origin; import org.cloudfoundry.identity.uaa.authentication.UaaAuthentication; import org.cloudfoundry.identity.uaa.authentication.UaaAuthenticationDetails; import org.cloudfoundry.identity.uaa.authentication.UaaPrincipal; import org.cloudfoundry.identity.uaa.authorization.UaaAuthorizationEndpoint; import org.cloudfoundry.identity.uaa.client.ClientConstants; import org.cloudfoundry.identity.uaa.config.PasswordPolicy; +import org.cloudfoundry.identity.uaa.constants.OriginKeys; import org.cloudfoundry.identity.uaa.mock.InjectedMockContextTest; import org.cloudfoundry.identity.uaa.mock.util.MockMvcUtils; import org.cloudfoundry.identity.uaa.oauth.Claims; @@ -158,7 +158,7 @@ private IdentityZone setupIdentityZone(String subdomain) { } private IdentityProvider setupIdentityProvider() { - return setupIdentityProvider(Origin.UAA); + return setupIdentityProvider(OriginKeys.UAA); } private IdentityProvider setupIdentityProvider(String origin) { IdentityProvider defaultIdp = new IdentityProvider(); @@ -248,7 +248,7 @@ public void testClientIdentityProviderWithoutAllowedProvidersForPasswordGrantWor String subdomain = "testzone"+new RandomValueStringGenerator().generate(); IdentityZone testZone = setupIdentityZone(subdomain); IdentityZoneHolder.set(testZone); - IdentityProvider provider = setupIdentityProvider(Origin.UAA); + IdentityProvider provider = setupIdentityProvider(OriginKeys.UAA); String clientId2 = "testclient"+new RandomValueStringGenerator().generate(); setUpClients(clientId2, scopes, scopes, "authorization_code,password", true, TEST_REDIRECT_URI, Arrays.asList(provider.getOriginKey())); @@ -258,7 +258,7 @@ public void testClientIdentityProviderWithoutAllowedProvidersForPasswordGrantWor String username = "testuser"+new RandomValueStringGenerator().generate(); String userScopes = "space.1.developer,space.2.developer,org.1.reader,org.2.reader,org.12345.admin,scope.one,scope.two,scope.three,openid"; - ScimUser developer = setUpUser(username, userScopes, Origin.UAA, testZone.getId()); + ScimUser developer = setUpUser(username, userScopes, OriginKeys.UAA, testZone.getId()); getMockMvc().perform(post("/oauth/token") .with(new SetServerNameRequestPostProcessor(subdomain + ".localhost")) @@ -290,7 +290,7 @@ public void testClientIdentityProviderClientWithoutAllowedProvidersForAuthCodeAl String subdomain = "testzone"+new RandomValueStringGenerator().generate(); IdentityZone testZone = setupIdentityZone(subdomain); IdentityZoneHolder.set(testZone); - IdentityProvider provider = setupIdentityProvider(Origin.UAA); + IdentityProvider provider = setupIdentityProvider(OriginKeys.UAA); String scopes = "space.*.developer,space.*.admin,org.*.reader,org.123*.admin,*.*,*,openid"; @@ -301,13 +301,13 @@ public void testClientIdentityProviderClientWithoutAllowedProvidersForAuthCodeAl setUpClients(clientId2, scopes, scopes, "authorization_code,password", true, TEST_REDIRECT_URI, Arrays.asList(provider.getOriginKey())); String clientId3 = "testclient"+new RandomValueStringGenerator().generate(); - setUpClients(clientId3, scopes, scopes, "authorization_code,password", true, TEST_REDIRECT_URI, Arrays.asList(Origin.LOGIN_SERVER)); + setUpClients(clientId3, scopes, scopes, "authorization_code,password", true, TEST_REDIRECT_URI, Arrays.asList(OriginKeys.LOGIN_SERVER)); String username = "testuser"+new RandomValueStringGenerator().generate(); String userScopes = "space.1.developer,space.2.developer,org.1.reader,org.2.reader,org.12345.admin,scope.one,scope.two,scope.three,openid"; - ScimUser developer = setUpUser(username, userScopes, Origin.UAA, testZone.getId()); + ScimUser developer = setUpUser(username, userScopes, OriginKeys.UAA, testZone.getId()); - UaaPrincipal p = new UaaPrincipal(developer.getId(),developer.getUserName(),developer.getPrimaryEmail(), Origin.UAA,"", IdentityZoneHolder.get().getId()); + UaaPrincipal p = new UaaPrincipal(developer.getId(),developer.getUserName(),developer.getPrimaryEmail(), OriginKeys.UAA,"", IdentityZoneHolder.get().getId()); UsernamePasswordAuthenticationToken auth = new UsernamePasswordAuthenticationToken(p, "", UaaAuthority.USER_AUTHORITIES); Assert.assertTrue(auth.isAuthenticated()); SecurityContextHolder.getContext().setAuthentication(auth); @@ -378,7 +378,7 @@ public void testClientIdentityProviderRestrictionForPasswordGrant() throws Excep //create a user in the UAA identity provider String username = "testuser"+new RandomValueStringGenerator().generate(); String userScopes = "space.1.developer,space.2.developer,org.1.reader,org.2.reader,org.12345.admin,scope.one,scope.two,scope.three,openid"; - ScimUser developer = setUpUser(username, userScopes, Origin.UAA, IdentityZoneHolder.get().getId()); + ScimUser developer = setUpUser(username, userScopes, OriginKeys.UAA, IdentityZoneHolder.get().getId()); getMockMvc().perform(post("/oauth/token") @@ -407,7 +407,7 @@ public void test_Oauth_Authorize_API_Endpoint() throws Exception { setUpClients(clientId, "", scopes, "authorization_code", true); String username = "testuser"+new RandomValueStringGenerator().generate(); String userScopes = ""; - setUpUser(username, userScopes, Origin.UAA, IdentityZoneHolder.get().getId()); + setUpUser(username, userScopes, OriginKeys.UAA, IdentityZoneHolder.get().getId()); String cfAccessToken = MockMvcUtils.utils().getUserOAuthAccessToken( getMockMvc(), @@ -465,9 +465,9 @@ public void testOpenIdTokenHybridFlowWithNoImplicitGrant_When_IdToken_Disabled() setUpClients(clientId, scopes, scopes, "authorization_code", true); String username = "testuser" + new RandomValueStringGenerator().generate(); String userScopes = "space.1.developer,space.2.developer,org.1.reader,org.2.reader,org.12345.admin,scope.one,scope.two,scope.three,openid"; - ScimUser developer = setUpUser(username, userScopes, Origin.UAA, IdentityZoneHolder.get().getId()); + ScimUser developer = setUpUser(username, userScopes, OriginKeys.UAA, IdentityZoneHolder.get().getId()); - UaaPrincipal p = new UaaPrincipal(developer.getId(), developer.getUserName(), developer.getPrimaryEmail(), Origin.UAA, "", IdentityZoneHolder.get().getId()); + UaaPrincipal p = new UaaPrincipal(developer.getId(), developer.getUserName(), developer.getPrimaryEmail(), OriginKeys.UAA, "", IdentityZoneHolder.get().getId()); UsernamePasswordAuthenticationToken auth = new UsernamePasswordAuthenticationToken(p, "", UaaAuthority.USER_AUTHORITIES); Assert.assertTrue(auth.isAuthenticated()); @@ -509,9 +509,9 @@ public void testOpenIdTokenHybridFlowWithNoImplicitGrant() throws Exception { setUpClients(clientId, scopes, scopes, "authorization_code", true); String username = "testuser"+new RandomValueStringGenerator().generate(); String userScopes = "space.1.developer,space.2.developer,org.1.reader,org.2.reader,org.12345.admin,scope.one,scope.two,scope.three,openid"; - ScimUser developer = setUpUser(username, userScopes, Origin.UAA, IdentityZoneHolder.get().getId()); + ScimUser developer = setUpUser(username, userScopes, OriginKeys.UAA, IdentityZoneHolder.get().getId()); - UaaPrincipal p = new UaaPrincipal(developer.getId(),developer.getUserName(),developer.getPrimaryEmail(), Origin.UAA,"", IdentityZoneHolder.get().getId()); + UaaPrincipal p = new UaaPrincipal(developer.getId(),developer.getUserName(),developer.getPrimaryEmail(), OriginKeys.UAA,"", IdentityZoneHolder.get().getId()); UsernamePasswordAuthenticationToken auth = new UsernamePasswordAuthenticationToken(p, "", UaaAuthority.USER_AUTHORITIES); Assert.assertTrue(auth.isAuthenticated()); @@ -549,9 +549,9 @@ public void testOpenIdTokenHybridFlowWithNoImplicitGrantWhenLenientWhenAppNotApp setUpClients(clientId, scopes, scopes, "authorization_code", false); String username = "testuser"+new RandomValueStringGenerator().generate(); String userScopes = "space.1.developer,space.2.developer,org.1.reader,org.2.reader,org.12345.admin,scope.one,scope.two,scope.three,openid"; - ScimUser developer = setUpUser(username, userScopes, Origin.UAA, IdentityZoneHolder.get().getId()); + ScimUser developer = setUpUser(username, userScopes, OriginKeys.UAA, IdentityZoneHolder.get().getId()); - UaaPrincipal p = new UaaPrincipal(developer.getId(),developer.getUserName(),developer.getPrimaryEmail(), Origin.UAA,"", IdentityZoneHolder.get().getId()); + UaaPrincipal p = new UaaPrincipal(developer.getId(),developer.getUserName(),developer.getPrimaryEmail(), OriginKeys.UAA,"", IdentityZoneHolder.get().getId()); UsernamePasswordAuthenticationToken auth = new UsernamePasswordAuthenticationToken(p, "", UaaAuthority.USER_AUTHORITIES); Assert.assertTrue(auth.isAuthenticated()); @@ -593,9 +593,9 @@ public void testOpenIdTokenHybridFlowWithNoImplicitGrantWhenStrictWhenAppNotAppr setUpClients(clientId, scopes, scopes, "authorization_code", false); String username = "testuser"+new RandomValueStringGenerator().generate(); String userScopes = "space.1.developer,space.2.developer,org.1.reader,org.2.reader,org.12345.admin,scope.one,scope.two,scope.three,openid"; - ScimUser developer = setUpUser(username, userScopes, Origin.UAA, IdentityZoneHolder.get().getId()); + ScimUser developer = setUpUser(username, userScopes, OriginKeys.UAA, IdentityZoneHolder.get().getId()); - UaaPrincipal p = new UaaPrincipal(developer.getId(),developer.getUserName(),developer.getPrimaryEmail(), Origin.UAA,"", IdentityZoneHolder.get().getId()); + UaaPrincipal p = new UaaPrincipal(developer.getId(),developer.getUserName(),developer.getPrimaryEmail(), OriginKeys.UAA,"", IdentityZoneHolder.get().getId()); UsernamePasswordAuthenticationToken auth = new UsernamePasswordAuthenticationToken(p, "", UaaAuthority.USER_AUTHORITIES); Assert.assertTrue(auth.isAuthenticated()); @@ -640,10 +640,10 @@ public void testAuthorizationCodeGrantWithEncodedRedirectURL() throws Exception setUpClients(clientId, scopes, scopes, GRANT_TYPES, true, redirectUri); String username = "authuser"+new RandomValueStringGenerator().generate(); String userScopes = "openid"; - ScimUser developer = setUpUser(username, userScopes, Origin.UAA, IdentityZoneHolder.get().getId()); + ScimUser developer = setUpUser(username, userScopes, OriginKeys.UAA, IdentityZoneHolder.get().getId()); String basicDigestHeaderValue = "Basic " + new String(org.apache.commons.codec.binary.Base64.encodeBase64((clientId + ":" + SECRET).getBytes())); - UaaPrincipal p = new UaaPrincipal(developer.getId(),developer.getUserName(),developer.getPrimaryEmail(), Origin.UAA,"", IdentityZoneHolder.get().getId()); + UaaPrincipal p = new UaaPrincipal(developer.getId(),developer.getUserName(),developer.getPrimaryEmail(), OriginKeys.UAA,"", IdentityZoneHolder.get().getId()); UsernamePasswordAuthenticationToken auth = new UsernamePasswordAuthenticationToken(p, "", UaaAuthority.USER_AUTHORITIES); Assert.assertTrue(auth.isAuthenticated()); @@ -751,10 +751,10 @@ protected void testImplicitGrantRedirectUri(String redirectUri, String delim) th setUpClients(clientId, scopes, scopes, GRANT_TYPES, true, redirectUri); String username = "authuser"+new RandomValueStringGenerator().generate(); String userScopes = "openid"; - ScimUser developer = setUpUser(username, userScopes, Origin.UAA, IdentityZoneHolder.get().getId()); + ScimUser developer = setUpUser(username, userScopes, OriginKeys.UAA, IdentityZoneHolder.get().getId()); String basicDigestHeaderValue = "Basic " + new String(org.apache.commons.codec.binary.Base64.encodeBase64((clientId + ":" + SECRET).getBytes())); - UaaPrincipal p = new UaaPrincipal(developer.getId(),developer.getUserName(),developer.getPrimaryEmail(), Origin.UAA,"", IdentityZoneHolder.get().getId()); + UaaPrincipal p = new UaaPrincipal(developer.getId(),developer.getUserName(),developer.getPrimaryEmail(), OriginKeys.UAA,"", IdentityZoneHolder.get().getId()); UsernamePasswordAuthenticationToken auth = new UsernamePasswordAuthenticationToken(p, "", UaaAuthority.USER_AUTHORITIES); Assert.assertTrue(auth.isAuthenticated()); @@ -788,7 +788,7 @@ public void testOpenIdToken() throws Exception { setUpClients(clientId, scopes, scopes, GRANT_TYPES, true); String username = "testuser"+new RandomValueStringGenerator().generate(); String userScopes = "space.1.developer,space.2.developer,org.1.reader,org.2.reader,org.12345.admin,scope.one,scope.two,scope.three,openid"; - ScimUser developer = setUpUser(username, userScopes, Origin.UAA, IdentityZoneHolder.get().getId()); + ScimUser developer = setUpUser(username, userScopes, OriginKeys.UAA, IdentityZoneHolder.get().getId()); String authCodeClientId = "testclient"+new RandomValueStringGenerator().generate(); setUpClients(authCodeClientId, scopes, scopes, "authorization_code", true); @@ -839,8 +839,8 @@ public void testOpenIdToken() throws Exception { validateOpenIdConnectToken(((List)token.get("id_token")).get(0), developer.getId(), implicitClientId); //authorization_code grant - requesting id_token - UaaPrincipal p = new UaaPrincipal(developer.getId(),developer.getUserName(),developer.getPrimaryEmail(), Origin.UAA,"", IdentityZoneHolder.get().getId()); - UaaAuthentication auth = new UaaAuthentication(p, UaaAuthority.USER_AUTHORITIES, new UaaAuthenticationDetails(false, "clientId",Origin.ORIGIN,"sessionId")); + UaaPrincipal p = new UaaPrincipal(developer.getId(),developer.getUserName(),developer.getPrimaryEmail(), OriginKeys.UAA,"", IdentityZoneHolder.get().getId()); + UaaAuthentication auth = new UaaAuthentication(p, UaaAuthority.USER_AUTHORITIES, new UaaAuthenticationDetails(false, "clientId", OriginKeys.ORIGIN,"sessionId")); Assert.assertTrue(auth.isAuthenticated()); SecurityContextHolder.getContext().setAuthentication(auth); @@ -1165,7 +1165,7 @@ public void test_Token_Expiry_Time() throws Exception { setUpClients(clientId, scopes, scopes, GRANT_TYPES, true,null,null,60*60*24*3650); String userId = "testuser" + new RandomValueStringGenerator().generate(); String userScopes = "space.1.developer,space.2.developer,org.1.reader,org.2.reader,org.12345.admin,scope.one,scope.two,scope.three"; - ScimUser developer = setUpUser(userId, userScopes, Origin.UAA, IdentityZoneHolder.get().getId()); + ScimUser developer = setUpUser(userId, userScopes, OriginKeys.UAA, IdentityZoneHolder.get().getId()); Set allUserScopes = new HashSet<>(); allUserScopes.addAll(defaultAuthorities); allUserScopes.addAll(StringUtils.commaDelimitedListToSet(userScopes)); @@ -1197,7 +1197,7 @@ public void testWildcardPasswordGrant() throws Exception { setUpClients(clientId, scopes, scopes, GRANT_TYPES, true); String userId = "testuser"+new RandomValueStringGenerator().generate(); String userScopes = "space.1.developer,space.2.developer,org.1.reader,org.2.reader,org.12345.admin,scope.one,scope.two,scope.three"; - ScimUser developer = setUpUser(userId, userScopes, Origin.UAA, IdentityZoneHolder.get().getId()); + ScimUser developer = setUpUser(userId, userScopes, OriginKeys.UAA, IdentityZoneHolder.get().getId()); Set allUserScopes = new HashSet<>(); allUserScopes.addAll(defaultAuthorities); allUserScopes.addAll(StringUtils.commaDelimitedListToSet(userScopes)); @@ -1312,10 +1312,10 @@ public void testLoginAddNewUserForOauthTokenPasswordGrant() throws Exception { .param("family_name", last) .param("given_name", first) .param("email", email) - .param(Origin.ORIGIN, Origin.UAA)) + .param(OriginKeys.ORIGIN, OriginKeys.UAA)) .andExpect(status().isOk()); UaaUserDatabase db = getWebApplicationContext().getBean(UaaUserDatabase.class); - UaaUser user = db.retrieveUserByName(username, Origin.UAA); + UaaUser user = db.retrieveUserByName(username, OriginKeys.UAA); assertNotNull(user); assertEquals(username, user.getUsername()); assertEquals(email, user.getEmail()); @@ -1330,7 +1330,7 @@ public void testLoginAuthenticationFilter() throws Exception { setUpClients(clientId, scopes, scopes, GRANT_TYPES, true); String userId = "testuser" + new RandomValueStringGenerator().generate(); String userScopes = "space.1.developer,space.2.developer,org.1.reader,org.2.reader,org.12345.admin,scope.one,scope.two,scope.three"; - ScimUser developer = setUpUser(userId, userScopes, Origin.UAA, IdentityZoneHolder.get().getId()); + ScimUser developer = setUpUser(userId, userScopes, OriginKeys.UAA, IdentityZoneHolder.get().getId()); String loginToken = testClient.getClientCredentialsOAuthAccessToken("login", "loginsecret", ""); //the login server is matched by providing @@ -1351,7 +1351,7 @@ public void testLoginAuthenticationFilter() throws Exception { .param("client_secret", SECRET) .param("username", developer.getUserName()) .param("user_id", developer.getId()) - .param(Origin.ORIGIN, developer.getOrigin())) + .param(OriginKeys.ORIGIN, developer.getOrigin())) .andExpect(status().isOk()); //success - user_id only, contains everything we need @@ -1376,7 +1376,7 @@ public void testLoginAuthenticationFilter() throws Exception { .param("client_id", clientId) .param("client_secret", SECRET) .param("username", developer.getUserName()) - .param(Origin.ORIGIN, developer.getOrigin())) + .param(OriginKeys.ORIGIN, developer.getOrigin())) .andExpect(status().isOk()); //failure - missing client ID @@ -1401,7 +1401,7 @@ public void testLoginAuthenticationFilter() throws Exception { .param("client_secret", SECRET) .param("username", developer.getUserName()) .param("user_id", developer.getId()) - .param(Origin.ORIGIN, developer.getOrigin())) + .param(OriginKeys.ORIGIN, developer.getOrigin())) .andExpect(status().isUnauthorized()); //failure - invalid client secret @@ -1425,7 +1425,7 @@ public void testLoginAuthenticationFilter() throws Exception { .param("grant_type", "password") .param("username", developer.getUserName()) .param("user_id", developer.getId()) - .param(Origin.ORIGIN, developer.getOrigin())) + .param(OriginKeys.ORIGIN, developer.getOrigin())) .andExpect(status().isUnauthorized()); //failure - invalid user ID - user_id takes priority over username/origin so it must fail @@ -1439,7 +1439,7 @@ public void testLoginAuthenticationFilter() throws Exception { .param("client_secret", SECRET) .param("username", developer.getUserName()) .param("user_id", developer.getId() + "1dsda") - .param(Origin.ORIGIN, developer.getOrigin())) + .param(OriginKeys.ORIGIN, developer.getOrigin())) .andExpect(status().isUnauthorized()); //failure - no user ID and an invalid origin must fail @@ -1452,7 +1452,7 @@ public void testLoginAuthenticationFilter() throws Exception { .param("client_id", clientId) .param("client_secret", SECRET) .param("username", developer.getUserName()) - .param(Origin.ORIGIN, developer.getOrigin() + "dasda")) + .param(OriginKeys.ORIGIN, developer.getOrigin() + "dasda")) .andExpect(status().isUnauthorized()); //failure - no user ID, invalid username must fail @@ -1465,7 +1465,7 @@ public void testLoginAuthenticationFilter() throws Exception { .param("client_id", clientId) .param("client_secret", SECRET) .param("username", developer.getUserName() + "asdasdas") - .param(Origin.ORIGIN, developer.getOrigin())) + .param(OriginKeys.ORIGIN, developer.getOrigin())) .andExpect(status().isUnauthorized()); @@ -1479,7 +1479,7 @@ public void testLoginAuthenticationFilter() throws Exception { .param("client_id", clientId) .param("client_secret", SECRET) .param("username", developer.getUserName() + "AddNew" + (new RandomValueStringGenerator().generate())) - .param(Origin.ORIGIN, developer.getOrigin())) + .param(OriginKeys.ORIGIN, developer.getOrigin())) .andExpect(status().isOk()); //failure - pretend to be login server - add new user is false @@ -1492,7 +1492,7 @@ public void testLoginAuthenticationFilter() throws Exception { .param("client_id", clientId) .param("client_secret", SECRET) .param("username", developer.getUserName() + "AddNew" + (new RandomValueStringGenerator().generate())) - .param(Origin.ORIGIN, developer.getOrigin())) + .param(OriginKeys.ORIGIN, developer.getOrigin())) .andExpect(status().isUnauthorized()); //failure - source=login missing, so missing user password should trigger a failure @@ -1505,7 +1505,7 @@ public void testLoginAuthenticationFilter() throws Exception { .param("client_secret", SECRET) .param("username", developer.getUserName()) .param("user_id", developer.getId()) - .param(Origin.ORIGIN, developer.getOrigin())) + .param(OriginKeys.ORIGIN, developer.getOrigin())) .andExpect(status().isUnauthorized()); //failure - add_new is missing, so missing user password should trigger a failure @@ -1518,7 +1518,7 @@ public void testLoginAuthenticationFilter() throws Exception { .param("client_secret", SECRET) .param("username", developer.getUserName()) .param("user_id", developer.getId()) - .param(Origin.ORIGIN, developer.getOrigin())) + .param(OriginKeys.ORIGIN, developer.getOrigin())) .andExpect(status().isUnauthorized()); } @@ -1536,7 +1536,7 @@ public void testOtherOauthResourceLoginAuthenticationFilter() throws Exception { String userId = "testuser" + new RandomValueStringGenerator().generate(); String userScopes = "space.1.developer,space.2.developer,org.1.reader,org.2.reader,org.12345.admin,scope.one,scope.two,scope.three"; - ScimUser developer = setUpUser(userId, userScopes, Origin.UAA, IdentityZoneHolder.get().getId()); + ScimUser developer = setUpUser(userId, userScopes, OriginKeys.UAA, IdentityZoneHolder.get().getId()); String loginToken = testClient.getClientCredentialsOAuthAccessToken(oauthClientId, SECRET, ""); //failure - success only if token has oauth.login @@ -1550,7 +1550,7 @@ public void testOtherOauthResourceLoginAuthenticationFilter() throws Exception { .param("client_secret", SECRET) .param("username", developer.getUserName()) .param("user_id", developer.getId()) - .param(Origin.ORIGIN, developer.getOrigin())) + .param(OriginKeys.ORIGIN, developer.getOrigin())) .andExpect(status().isForbidden()); //failure - success only if token has oauth.login @@ -1575,7 +1575,7 @@ public void testOtherOauthResourceLoginAuthenticationFilter() throws Exception { .param("client_id", clientId) .param("client_secret", SECRET) .param("username", developer.getUserName()) - .param(Origin.ORIGIN, developer.getOrigin())) + .param(OriginKeys.ORIGIN, developer.getOrigin())) .andExpect(status().isForbidden()); //failure - missing client ID @@ -1600,7 +1600,7 @@ public void testOtherOauthResourceLoginAuthenticationFilter() throws Exception { .param("client_secret", SECRET) .param("username", developer.getUserName()) .param("user_id", developer.getId()) - .param(Origin.ORIGIN, developer.getOrigin())) + .param(OriginKeys.ORIGIN, developer.getOrigin())) .andExpect(status().isForbidden()); //failure - invalid client secret @@ -1624,7 +1624,7 @@ public void testOtherOauthResourceLoginAuthenticationFilter() throws Exception { .param("grant_type", "password") .param("username", developer.getUserName()) .param("user_id", developer.getId()) - .param(Origin.ORIGIN, developer.getOrigin())) + .param(OriginKeys.ORIGIN, developer.getOrigin())) .andExpect(status().isForbidden()); //failure - invalid user ID - user_id takes priority over username/origin so it must fail @@ -1638,7 +1638,7 @@ public void testOtherOauthResourceLoginAuthenticationFilter() throws Exception { .param("client_secret", SECRET) .param("username", developer.getUserName()) .param("user_id", developer.getId() + "1dsda") - .param(Origin.ORIGIN, developer.getOrigin())) + .param(OriginKeys.ORIGIN, developer.getOrigin())) .andExpect(status().isForbidden()); //failure - no user ID and an invalid origin must fail @@ -1651,7 +1651,7 @@ public void testOtherOauthResourceLoginAuthenticationFilter() throws Exception { .param("client_id", clientId) .param("client_secret", SECRET) .param("username", developer.getUserName()) - .param(Origin.ORIGIN, developer.getOrigin() + "dasda")) + .param(OriginKeys.ORIGIN, developer.getOrigin() + "dasda")) .andExpect(status().isForbidden()); //failure - no user ID, invalid username must fail @@ -1664,7 +1664,7 @@ public void testOtherOauthResourceLoginAuthenticationFilter() throws Exception { .param("client_id", clientId) .param("client_secret", SECRET) .param("username", developer.getUserName() + "asdasdas") - .param(Origin.ORIGIN, developer.getOrigin())) + .param(OriginKeys.ORIGIN, developer.getOrigin())) .andExpect(status().isForbidden()); @@ -1678,7 +1678,7 @@ public void testOtherOauthResourceLoginAuthenticationFilter() throws Exception { .param("client_id", clientId) .param("client_secret", SECRET) .param("username", developer.getUserName() + "AddNew" + (new RandomValueStringGenerator().generate())) - .param(Origin.ORIGIN, developer.getOrigin())) + .param(OriginKeys.ORIGIN, developer.getOrigin())) .andExpect(status().isForbidden()); //failure - pretend to be login server - add new user is false @@ -1691,7 +1691,7 @@ public void testOtherOauthResourceLoginAuthenticationFilter() throws Exception { .param("client_id", clientId) .param("client_secret", SECRET) .param("username", developer.getUserName() + "AddNew" + (new RandomValueStringGenerator().generate())) - .param(Origin.ORIGIN, developer.getOrigin())) + .param(OriginKeys.ORIGIN, developer.getOrigin())) .andExpect(status().isForbidden()); } @@ -1709,7 +1709,7 @@ public void testOtherClientAuthenticationMethods() throws Exception { String userId = "testuser" + new RandomValueStringGenerator().generate(); String userScopes = "space.1.developer,space.2.developer,org.1.reader,org.2.reader,org.12345.admin,scope.one,scope.two,scope.three"; - ScimUser developer = setUpUser(userId, userScopes, Origin.UAA, IdentityZoneHolder.get().getId()); + ScimUser developer = setUpUser(userId, userScopes, OriginKeys.UAA, IdentityZoneHolder.get().getId()); String loginToken = testClient.getClientCredentialsOAuthAccessToken(oauthClientId, SECRET, ""); //success - regular password grant but client is authenticated using POST parameters @@ -1870,7 +1870,7 @@ public void testGetPasswordGrantInvalidPassword() throws Exception { IdentityZoneHolder.clear(); String clientId = "testclient" + new RandomValueStringGenerator().generate(); String scopes = "cloud_controller.read"; - setUpClients(clientId, scopes, scopes, "password,client_credentials", true, TEST_REDIRECT_URI, Arrays.asList(Origin.UAA)); + setUpClients(clientId, scopes, scopes, "password,client_credentials", true, TEST_REDIRECT_URI, Arrays.asList(OriginKeys.UAA)); setUpUser(username); IdentityZoneHolder.clear(); getMockMvc().perform(post("/oauth/token") @@ -2021,7 +2021,7 @@ public void testGetTokenScopesNotInAuthentication() throws Exception { ScimGroupMember member = new ScimGroupMember(user.getId()); groupMembershipManager.addMember(group.getId(),member); - UaaPrincipal p = new UaaPrincipal(user.getId(),user.getUserName(),user.getPrimaryEmail(), Origin.UAA,"", IdentityZoneHolder.get().getId()); + UaaPrincipal p = new UaaPrincipal(user.getId(),user.getUserName(),user.getPrimaryEmail(), OriginKeys.UAA,"", IdentityZoneHolder.get().getId()); UsernamePasswordAuthenticationToken auth = new UsernamePasswordAuthenticationToken(p, "", UaaAuthority.USER_AUTHORITIES); Assert.assertTrue(auth.isAuthenticated()); @@ -2077,7 +2077,7 @@ public void testRevocablePasswordGrantTokenForDefaultZone() throws Exception { String tokenKey = "access_token"; String clientId = "testclient" + new RandomValueStringGenerator().generate(); String scopes = "cloud_controller.read"; - setUpClients(clientId, scopes, scopes, "password,client_credentials", true, TEST_REDIRECT_URI, Arrays.asList(Origin.UAA)); + setUpClients(clientId, scopes, scopes, "password,client_credentials", true, TEST_REDIRECT_URI, Arrays.asList(OriginKeys.UAA)); setUpUser(username); Map tokenResponse = diff --git a/uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/util/MockMvcUtils.java b/uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/util/MockMvcUtils.java index ef224d443f..760b4aa7b6 100644 --- a/uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/util/MockMvcUtils.java +++ b/uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/util/MockMvcUtils.java @@ -18,10 +18,10 @@ import org.apache.commons.codec.binary.Base64; import org.apache.commons.lang.RandomStringUtils; import org.cloudfoundry.identity.uaa.AbstractIdentityProviderDefinition; -import org.cloudfoundry.identity.uaa.authentication.Origin; import org.cloudfoundry.identity.uaa.authentication.UaaAuthentication; import org.cloudfoundry.identity.uaa.authentication.UaaAuthenticationDetails; import org.cloudfoundry.identity.uaa.authentication.UaaPrincipal; +import org.cloudfoundry.identity.uaa.constants.OriginKeys; import org.cloudfoundry.identity.uaa.invitations.InvitationsRequest; import org.cloudfoundry.identity.uaa.invitations.InvitationsResponse; import org.cloudfoundry.identity.uaa.ldap.LdapIdentityProviderDefinition; @@ -252,11 +252,11 @@ public IdentityProvider createIdentityProvider(MockMvc mockMvc, IdentityZoneCrea provider.setName(nameAndOriginKey); provider.setOriginKey(nameAndOriginKey); if (definition instanceof SamlIdentityProviderDefinition) { - provider.setType(Origin.SAML); + provider.setType(OriginKeys.SAML); } else if (definition instanceof LdapIdentityProviderDefinition) { - provider.setType(Origin.LDAP); + provider.setType(OriginKeys.LDAP); } else if (definition instanceof UaaIdentityProviderDefinition) { - provider.setType(Origin.UAA); + provider.setType(OriginKeys.UAA); } provider = utils().createIdpUsingWebRequest(mockMvc, zone.getIdentityZone().getId(), @@ -301,7 +301,7 @@ public ZoneScimInviteData createZoneForInvites(MockMvc mockMvc, ApplicationConte public static void setDisableInternalUserManagement(boolean disableInternalUserManagement, ApplicationContext applicationContext) { IdentityProviderProvisioning identityProviderProvisioning = applicationContext.getBean(IdentityProviderProvisioning.class); - IdentityProvider idp = identityProviderProvisioning.retrieveByOrigin(Origin.UAA, "uaa"); + IdentityProvider idp = identityProviderProvisioning.retrieveByOrigin(OriginKeys.UAA, "uaa"); UaaIdentityProviderDefinition config = idp.getConfig(); if (config == null) { config = new UaaIdentityProviderDefinition(); @@ -363,7 +363,7 @@ public IdentityZoneCreationResult createOtherIdentityZoneAndReturnResult(String // use the identity client to grant the zones..admin scope to a user UaaUserDatabase db = webApplicationContext.getBean(UaaUserDatabase.class); - UaaPrincipal marissa = new UaaPrincipal(db.retrieveUserByName("marissa", Origin.UAA)); + UaaPrincipal marissa = new UaaPrincipal(db.retrieveUserByName("marissa", OriginKeys.UAA)); ScimGroup group = new ScimGroup(); String zoneAdminScope = "zones." + identityZone.getId() + ".admin"; group.setDisplayName(zoneAdminScope); @@ -643,7 +643,7 @@ public String getUserOAuthAccessTokenAuthCode(MockMvc mockMvc, String clientId, String basicDigestHeaderValue = "Basic " + new String(org.apache.commons.codec.binary.Base64.encodeBase64((clientId + ":" + clientSecret) .getBytes())); - UaaPrincipal p = new UaaPrincipal(userId, username, "test@test.org", Origin.UAA, "", IdentityZoneHolder.get() + UaaPrincipal p = new UaaPrincipal(userId, username, "test@test.org", OriginKeys.UAA, "", IdentityZoneHolder.get() .getId()); UsernamePasswordAuthenticationToken auth = new UsernamePasswordAuthenticationToken(p, "", UaaAuthority.USER_AUTHORITIES); diff --git a/uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/zones/IdentityProviderEndpointsMockMvcTests.java b/uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/zones/IdentityProviderEndpointsMockMvcTests.java index f6ee3f6d85..5e3b26ec11 100644 --- a/uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/zones/IdentityProviderEndpointsMockMvcTests.java +++ b/uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/zones/IdentityProviderEndpointsMockMvcTests.java @@ -15,6 +15,7 @@ import com.fasterxml.jackson.core.type.TypeReference; import org.apache.commons.lang.RandomStringUtils; import org.cloudfoundry.identity.uaa.audit.AuditEventType; +import org.cloudfoundry.identity.uaa.constants.OriginKeys; import org.cloudfoundry.identity.uaa.authentication.Origin; import org.cloudfoundry.identity.uaa.config.PasswordPolicy; import org.cloudfoundry.identity.uaa.login.saml.IdentityProviderConfiguratorTests; @@ -106,7 +107,7 @@ public void testCreateSamlProvider() throws Exception { provider.setActive(true); provider.setName(origin); provider.setIdentityZoneId(IdentityZone.getUaa().getId()); - provider.setType(Origin.SAML); + provider.setType(OriginKeys.SAML); provider.setOriginKey(origin); SamlIdentityProviderDefinition samlDefinition = new SamlIdentityProviderDefinition(metadata, null, null, 0, false, true, "Test SAML Provider", null, null); samlDefinition.setEmailDomain(Arrays.asList("test.com", "test2.com")); @@ -232,19 +233,19 @@ public void testUpdateIdentityProviderWithInsufficientScopes() throws Exception @Test public void testUpdateUaaIdentityProviderDoesUpdateOfPasswordPolicy() throws Exception { - IdentityProvider identityProvider = identityProviderProvisioning.retrieveByOrigin(Origin.UAA, IdentityZone.getUaa().getId()); + IdentityProvider identityProvider = identityProviderProvisioning.retrieveByOrigin(OriginKeys.UAA, IdentityZone.getUaa().getId()); long expireMonths = System.nanoTime() % 100L; PasswordPolicy newConfig = new PasswordPolicy(6,20,1,1,1,0,(int)expireMonths); - identityProvider.setConfig(new UaaIdentityProviderDefinition(newConfig,null)); + identityProvider.setConfig(new UaaIdentityProviderDefinition(newConfig, null)); String accessToken = setUpAccessToken(); updateIdentityProvider(null, identityProvider, accessToken, status().isOk()); - IdentityProvider modifiedIdentityProvider = identityProviderProvisioning.retrieveByOrigin(Origin.UAA, IdentityZone.getUaa().getId()); + IdentityProvider modifiedIdentityProvider = identityProviderProvisioning.retrieveByOrigin(OriginKeys.UAA, IdentityZone.getUaa().getId()); assertEquals(newConfig, ((UaaIdentityProviderDefinition)modifiedIdentityProvider.getConfig()).getPasswordPolicy()); } @Test public void testMalformedPasswordPolicyReturnsUnprocessableEntity() throws Exception { - IdentityProvider identityProvider = identityProviderProvisioning.retrieveByOrigin(Origin.UAA, IdentityZone.getUaa().getId()); + IdentityProvider identityProvider = identityProviderProvisioning.retrieveByOrigin(OriginKeys.UAA, IdentityZone.getUaa().getId()); PasswordPolicy policy = new PasswordPolicy().setMinLength(6); identityProvider.setConfig(new UaaIdentityProviderDefinition(policy,null)); String accessToken = setUpAccessToken(); @@ -283,7 +284,7 @@ public void test_Create_Duplicate_Saml_Identity_Provider_In_Other_Zone() throws IdentityProvider identityProvider = MultitenancyFixture.identityProvider(origin1, zone.getId()); - identityProvider.setType(Origin.SAML); + identityProvider.setType(OriginKeys.SAML); SamlIdentityProviderDefinition providerDefinition = new SamlIdentityProviderDefinition( String.format(IdentityProviderConfiguratorTests.xmlWithoutID, "http://www.okta.com/"+identityProvider.getOriginKey()), @@ -334,7 +335,7 @@ public void test_Create_Duplicate_Saml_Identity_Provider_In_Default_Zone() throw IdentityProvider identityProvider = MultitenancyFixture.identityProvider(origin1, IdentityZone.getUaa().getId()); - identityProvider.setType(Origin.SAML); + identityProvider.setType(OriginKeys.SAML); SamlIdentityProviderDefinition providerDefinition = new SamlIdentityProviderDefinition( String.format(IdentityProviderConfiguratorTests.xmlWithoutID, "http://www.okta.com/"+identityProvider.getOriginKey()), diff --git a/uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/zones/IdentityZoneEndpointsMockMvcTests.java b/uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/zones/IdentityZoneEndpointsMockMvcTests.java index b11cf63cc7..3a49bef921 100644 --- a/uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/zones/IdentityZoneEndpointsMockMvcTests.java +++ b/uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/zones/IdentityZoneEndpointsMockMvcTests.java @@ -6,12 +6,12 @@ import org.cloudfoundry.identity.uaa.audit.event.AbstractUaaEvent; import org.cloudfoundry.identity.uaa.audit.event.GroupModifiedEvent; import org.cloudfoundry.identity.uaa.audit.event.UserModifiedEvent; -import org.cloudfoundry.identity.uaa.authentication.Origin; import org.cloudfoundry.identity.uaa.client.ClientConstants; import org.cloudfoundry.identity.uaa.config.IdentityZoneConfiguration; import org.cloudfoundry.identity.uaa.config.SamlConfig; import org.cloudfoundry.identity.uaa.config.TokenPolicy; import org.cloudfoundry.identity.uaa.config.KeyPair; +import org.cloudfoundry.identity.uaa.constants.OriginKeys; import org.cloudfoundry.identity.uaa.mock.InjectedMockContextTest; import org.cloudfoundry.identity.uaa.mock.util.MockMvcUtils; import org.cloudfoundry.identity.uaa.mock.util.MockMvcUtils.IdentityZoneCreationResult; @@ -49,6 +49,7 @@ import java.util.Map; import java.util.UUID; +import static org.hamcrest.MatcherAssert.assertThat; import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertNotEquals; import static org.junit.Assert.assertNull; @@ -239,6 +240,42 @@ public void testCreateZone() throws Exception { checkAuditEventListener(1, AuditEventType.IdentityZoneCreatedEvent, zoneModifiedEventListener, IdentityZone.getUaa().getId(), "http://localhost:8080/uaa/oauth/token", "identity"); } + @Test + public void createZoneWithNoNameFailsWithUnprocessableEntity() throws Exception { + String id = generator.generate(); + IdentityZone zone = this.getIdentityZone(id); + zone.setName(null); + + getMockMvc().perform( + post("/identity-zones") + .header("Authorization", "Bearer " + identityClientToken) + .contentType(APPLICATION_JSON) + .content(JsonUtils.writeValueAsString(zone))) + .andExpect(status().isUnprocessableEntity()) + .andExpect(jsonPath("$.error").value("invalid_identity_zone")) + .andExpect(jsonPath("$.error_description").value("The identity zone must be given a name.")); + + assertEquals(0, zoneModifiedEventListener.getEventCount()); + } + + @Test + public void createZoneWithNoSubdomainFailsWithUnprocessableEntity() throws Exception { + String id = generator.generate(); + IdentityZone zone = this.getIdentityZone(id); + zone.setSubdomain(null); + + getMockMvc().perform( + post("/identity-zones") + .header("Authorization", "Bearer " + identityClientToken) + .contentType(APPLICATION_JSON) + .content(JsonUtils.writeValueAsString(zone))) + .andExpect(status().isUnprocessableEntity()) + .andExpect(jsonPath("$.error").value("invalid_identity_zone")) + .andExpect(jsonPath("$.error_description").value("The subdomain must be provided.")); + + assertEquals(0, zoneModifiedEventListener.getEventCount()); + } + @Test public void testCreateZoneInsufficientScope() throws Exception { String id = new RandomValueStringGenerator().generate(); @@ -402,8 +439,8 @@ public void testCreateZoneAndIdentityProvider() throws Exception { checkZoneAuditEventInUaa(1, AuditEventType.IdentityZoneCreatedEvent); IdentityProviderProvisioning idpp = (IdentityProviderProvisioning) getWebApplicationContext().getBean("identityProviderProvisioning"); - IdentityProvider idp1 = idpp.retrieveByOrigin(Origin.UAA, identityZone.getId()); - IdentityProvider idp2 = idpp.retrieveByOrigin(Origin.UAA, IdentityZone.getUaa().getId()); + IdentityProvider idp1 = idpp.retrieveByOrigin(OriginKeys.UAA, identityZone.getId()); + IdentityProvider idp2 = idpp.retrieveByOrigin(OriginKeys.UAA, IdentityZone.getUaa().getId()); assertNotEquals(idp1, idp2); IdentityZoneProvisioning identityZoneProvisioning = (IdentityZoneProvisioning) getWebApplicationContext().getBean("identityZoneProvisioning"); @@ -421,7 +458,7 @@ public void testCreateAndDeleteLimitedClientInNewZoneUsingZoneEndpoint() throws BaseClientDetails client = new BaseClientDetails("limited-client", null, "openid", "authorization_code", "uaa.resource"); client.setClientSecret("secret"); - client.addAdditionalInformation(ClientConstants.ALLOWED_PROVIDERS, Collections.singletonList(Origin.UAA)); + client.addAdditionalInformation(ClientConstants.ALLOWED_PROVIDERS, Collections.singletonList(OriginKeys.UAA)); client.addAdditionalInformation("foo", "bar"); for (String url : Arrays.asList("","/")) { getMockMvc().perform( @@ -443,7 +480,7 @@ public void testCreateAndDeleteLimitedClientInNewZoneUsingZoneEndpoint() throws BaseClientDetails created = JsonUtils.readValue(result.getResponse().getContentAsString(), BaseClientDetails.class); assertNull(created.getClientSecret()); assertEquals("zones.write", created.getAdditionalInformation().get(ClientConstants.CREATED_WITH)); - assertEquals(Collections.singletonList(Origin.UAA), created.getAdditionalInformation().get(ClientConstants.ALLOWED_PROVIDERS)); + assertEquals(Collections.singletonList(OriginKeys.UAA), created.getAdditionalInformation().get(ClientConstants.ALLOWED_PROVIDERS)); assertEquals("bar", created.getAdditionalInformation().get("foo")); checkAuditEventListener(1, AuditEventType.ClientCreateSuccess, clientCreateEventListener, id, "http://localhost:8080/uaa/oauth/token", "identity"); @@ -468,7 +505,7 @@ public void testCreateAndDeleteLimitedClientInUAAZoneReturns403() throws Excepti BaseClientDetails client = new BaseClientDetails("limited-client", null, "openid", "authorization_code", "uaa.resource"); client.setClientSecret("secret"); - client.addAdditionalInformation(ClientConstants.ALLOWED_PROVIDERS, Collections.singletonList(Origin.UAA)); + client.addAdditionalInformation(ClientConstants.ALLOWED_PROVIDERS, Collections.singletonList(OriginKeys.UAA)); getMockMvc().perform( post("/identity-zones/uaa/clients") .header("Authorization", "Bearer " + identityClientToken) @@ -503,20 +540,6 @@ public void testCreateAdminClientInNewZoneUsingZoneEndpointReturns400() throws E .andExpect(status().isBadRequest()); } - @Test - public void testCreateInvalidZone() throws Exception { - IdentityZone identityZone = new IdentityZone(); - getMockMvc().perform( - post("/identity-zones") - .header("Authorization", "Bearer " + identityClientToken) - .contentType(APPLICATION_JSON) - .content(JsonUtils.writeValueAsString(identityZone))) - .andExpect(status().isBadRequest()); - - assertEquals(0, zoneModifiedEventListener.getEventCount()); - } - - @Test public void testCreatesZonesWithDuplicateSubdomains() throws Exception { String subdomain = UUID.randomUUID().toString(); diff --git a/uaa/src/test/java/org/cloudfoundry/identity/uaa/scim/endpoints/PasswordResetEndpointMockMvcTests.java b/uaa/src/test/java/org/cloudfoundry/identity/uaa/scim/endpoints/PasswordResetEndpointMockMvcTests.java index 2bb8d1606a..458afaa237 100644 --- a/uaa/src/test/java/org/cloudfoundry/identity/uaa/scim/endpoints/PasswordResetEndpointMockMvcTests.java +++ b/uaa/src/test/java/org/cloudfoundry/identity/uaa/scim/endpoints/PasswordResetEndpointMockMvcTests.java @@ -13,11 +13,11 @@ package org.cloudfoundry.identity.uaa.scim.endpoints; import com.fasterxml.jackson.core.type.TypeReference; -import org.cloudfoundry.identity.uaa.authentication.Origin; import org.cloudfoundry.identity.uaa.codestore.ExpiringCode; import org.cloudfoundry.identity.uaa.codestore.ExpiringCodeStore; import org.cloudfoundry.identity.uaa.codestore.ExpiringCodeType; import org.cloudfoundry.identity.uaa.codestore.JdbcExpiringCodeStore; +import org.cloudfoundry.identity.uaa.constants.OriginKeys; import org.cloudfoundry.identity.uaa.mock.InjectedMockContextTest; import org.cloudfoundry.identity.uaa.mock.util.MockMvcUtils; import org.cloudfoundry.identity.uaa.scim.ScimUser; @@ -90,7 +90,7 @@ public void changePassword_isSuccessful() throws Exception { assertThat(data.get("user_id"), is(user.getId())); assertThat(data.get("username"), is(user.getUserName())); assertThat(data.get(OAuth2Utils.CLIENT_ID), is("login")); - assertThat(data.get(Origin.ORIGIN), is(Origin.UAA)); + assertThat(data.get(OriginKeys.ORIGIN), is(OriginKeys.UAA)); assertThat(data.get("action"), is(ExpiringCodeType.AUTOLOGIN.name())); } diff --git a/uaa/src/test/java/org/cloudfoundry/identity/uaa/scim/endpoints/ScimGroupEndpointsMockMvcTests.java b/uaa/src/test/java/org/cloudfoundry/identity/uaa/scim/endpoints/ScimGroupEndpointsMockMvcTests.java index c6f180986d..2f413d190d 100644 --- a/uaa/src/test/java/org/cloudfoundry/identity/uaa/scim/endpoints/ScimGroupEndpointsMockMvcTests.java +++ b/uaa/src/test/java/org/cloudfoundry/identity/uaa/scim/endpoints/ScimGroupEndpointsMockMvcTests.java @@ -12,7 +12,7 @@ *******************************************************************************/ package org.cloudfoundry.identity.uaa.scim.endpoints; -import org.cloudfoundry.identity.uaa.authentication.Origin; +import org.cloudfoundry.identity.uaa.constants.OriginKeys; import org.cloudfoundry.identity.uaa.mock.InjectedMockContextTest; import org.cloudfoundry.identity.uaa.mock.util.MockMvcUtils; import org.cloudfoundry.identity.uaa.rest.SearchResults; @@ -850,7 +850,7 @@ protected void validateMembers(List expected, ScimGroupExternalMember[] String externalId = data[1]; ScimGroupExternalMember mbr = new ScimGroupExternalMember("N/A", externalId); mbr.setDisplayName(displayName); - mbr.setOrigin(Origin.LDAP); + mbr.setOrigin(OriginKeys.LDAP); members.add(mbr); } validateDbMembers(members, actual); diff --git a/uaa/src/test/java/org/cloudfoundry/identity/uaa/scim/endpoints/ScimUserLookupMockMvcTests.java b/uaa/src/test/java/org/cloudfoundry/identity/uaa/scim/endpoints/ScimUserLookupMockMvcTests.java index f4ee547983..213073c3e1 100644 --- a/uaa/src/test/java/org/cloudfoundry/identity/uaa/scim/endpoints/ScimUserLookupMockMvcTests.java +++ b/uaa/src/test/java/org/cloudfoundry/identity/uaa/scim/endpoints/ScimUserLookupMockMvcTests.java @@ -12,7 +12,7 @@ *******************************************************************************/ package org.cloudfoundry.identity.uaa.scim.endpoints; -import org.cloudfoundry.identity.uaa.authentication.Origin; +import org.cloudfoundry.identity.uaa.constants.OriginKeys; import org.cloudfoundry.identity.uaa.mock.InjectedMockContextTest; import org.cloudfoundry.identity.uaa.mock.util.MockMvcUtils; import org.cloudfoundry.identity.uaa.scim.ScimUser; @@ -277,7 +277,7 @@ private void validateLookupResults(String[] usernames, String body) throws java. List> resources = (List>) map.get("resources"); assertEquals(usernames.length, resources.size()); for (Map user : resources) { - assertTrue("Response should contain 'origin' object", user.get(Origin.ORIGIN)!=null); + assertTrue("Response should contain 'origin' object", user.get(OriginKeys.ORIGIN)!=null); assertTrue("Response should contain 'id' object", user.get("id")!=null); assertTrue("Response should contain 'userName' object", user.get("userName")!=null); String userName = (String)user.get("userName");