From 10807249316f68a8b70782f8c840338d5bdb1559 Mon Sep 17 00:00:00 2001 From: Adrian Hoelzl Date: Wed, 4 Sep 2024 09:38:09 +0200 Subject: [PATCH 1/8] Remove obsolete property 'usernamePattern' from JdbcScimUserProvisioning --- .../uaa/scim/jdbc/JdbcScimUserProvisioning.java | 11 ----------- uaa/src/main/webapp/WEB-INF/spring/scim-endpoints.xml | 1 - 2 files changed, 12 deletions(-) diff --git a/server/src/main/java/org/cloudfoundry/identity/uaa/scim/jdbc/JdbcScimUserProvisioning.java b/server/src/main/java/org/cloudfoundry/identity/uaa/scim/jdbc/JdbcScimUserProvisioning.java index 40dd5d7d83e..9951b093b8f 100644 --- a/server/src/main/java/org/cloudfoundry/identity/uaa/scim/jdbc/JdbcScimUserProvisioning.java +++ b/server/src/main/java/org/cloudfoundry/identity/uaa/scim/jdbc/JdbcScimUserProvisioning.java @@ -28,7 +28,6 @@ import java.util.List; import java.util.Map; import java.util.UUID; -import java.util.regex.Pattern; import org.cloudfoundry.identity.uaa.audit.event.SystemDeletable; import org.cloudfoundry.identity.uaa.constants.OriginKeys; @@ -131,8 +130,6 @@ public Logger getLogger() { private static final RowMapper mapper = new ScimUserRowMapper(); - private Pattern usernamePattern = Pattern.compile("[\\p{L}+0-9+\\-_.@'!]+"); - private TimeService timeService = new TimeServiceImpl(); private final JdbcIdentityZoneProvisioning jdbcIdentityZoneProvisioning; @@ -510,14 +507,6 @@ public void setDeactivateOnDelete(boolean deactivateOnDelete) { this.deactivateOnDelete = deactivateOnDelete; } - /** - * Sets the regular expression which will be used to validate the username. - */ - public void setUsernamePattern(String usernamePattern) { - Assert.hasText(usernamePattern, "Username pattern must not be empty"); - this.usernamePattern = Pattern.compile(usernamePattern); - } - @Override public int deleteByIdentityZone(String zoneId) { jdbcTemplate.update(HARD_DELETE_OF_GROUP_MEMBERS_BY_ZONE, zoneId); diff --git a/uaa/src/main/webapp/WEB-INF/spring/scim-endpoints.xml b/uaa/src/main/webapp/WEB-INF/spring/scim-endpoints.xml index 3df4cef469a..82556aba3d8 100644 --- a/uaa/src/main/webapp/WEB-INF/spring/scim-endpoints.xml +++ b/uaa/src/main/webapp/WEB-INF/spring/scim-endpoints.xml @@ -39,7 +39,6 @@ - From c0ae23ad0f41e1d6e08bc97413b7480eeb5da351 Mon Sep 17 00:00:00 2001 From: Adrian Hoelzl Date: Wed, 4 Sep 2024 10:02:48 +0200 Subject: [PATCH 2/8] Change bean configuration of JdbcScimUserProvisioning from XML to annotation-based --- .../scim/jdbc/JdbcScimUserProvisioning.java | 30 +++++++++---------- .../account/PasswordChangeEndpointTests.java | 4 ++- .../oauth/TokenRevocationEndpointTests.java | 3 +- .../LoginSamlAuthenticationProviderTests.java | 3 +- .../bootstrap/ScimGroupBootstrapTests.java | 3 +- .../bootstrap/ScimUserBootstrapTests.java | 3 +- .../JdbcScimGroupMembershipManagerTests.java | 3 +- .../jdbc/JdbcScimUserProvisioningTests.java | 17 +++++------ .../webapp/WEB-INF/spring/scim-endpoints.xml | 10 ------- 9 files changed, 35 insertions(+), 41 deletions(-) diff --git a/server/src/main/java/org/cloudfoundry/identity/uaa/scim/jdbc/JdbcScimUserProvisioning.java b/server/src/main/java/org/cloudfoundry/identity/uaa/scim/jdbc/JdbcScimUserProvisioning.java index 9951b093b8f..ecefeb69606 100644 --- a/server/src/main/java/org/cloudfoundry/identity/uaa/scim/jdbc/JdbcScimUserProvisioning.java +++ b/server/src/main/java/org/cloudfoundry/identity/uaa/scim/jdbc/JdbcScimUserProvisioning.java @@ -49,7 +49,6 @@ import org.cloudfoundry.identity.uaa.scim.util.ScimUtils; import org.cloudfoundry.identity.uaa.user.JdbcUaaUserDatabase; import org.cloudfoundry.identity.uaa.util.TimeService; -import org.cloudfoundry.identity.uaa.util.TimeServiceImpl; import org.cloudfoundry.identity.uaa.util.UaaStringUtils; import org.cloudfoundry.identity.uaa.zone.IdentityZone; import org.cloudfoundry.identity.uaa.zone.JdbcIdentityZoneProvisioning; @@ -58,6 +57,9 @@ import org.cloudfoundry.identity.uaa.zone.beans.IdentityZoneManager; import org.slf4j.Logger; import org.slf4j.LoggerFactory; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.beans.factory.annotation.Qualifier; +import org.springframework.beans.factory.annotation.Value; import org.springframework.dao.DuplicateKeyException; import org.springframework.dao.EmptyResultDataAccessException; import org.springframework.dao.IncorrectResultSizeDataAccessException; @@ -67,8 +69,10 @@ import org.springframework.jdbc.core.namedparam.NamedParameterJdbcTemplate; import org.springframework.security.authentication.BadCredentialsException; import org.springframework.security.crypto.password.PasswordEncoder; +import org.springframework.stereotype.Component; import org.springframework.util.Assert; +@Component("scimUserProvisioning") public class JdbcScimUserProvisioning extends AbstractQueryable implements ScimUserProvisioning, ResourceMonitor, SystemDeletable { @@ -126,23 +130,26 @@ public Logger getLogger() { private final PasswordEncoder passwordEncoder; - private boolean deactivateOnDelete = true; + @Value("${scim.delete.deactivate:false}") + private boolean deactivateOnDelete; private static final RowMapper mapper = new ScimUserRowMapper(); - private TimeService timeService = new TimeServiceImpl(); + @Autowired + @Qualifier("timeService") + private TimeService timeService; private final JdbcIdentityZoneProvisioning jdbcIdentityZoneProvisioning; private final IdentityZoneManager identityZoneManager; - - private SearchQueryConverter joinConverter; + private final SearchQueryConverter joinConverter; public JdbcScimUserProvisioning( final NamedParameterJdbcTemplate namedJdbcTemplate, - final JdbcPagingListFactory pagingListFactory, - final PasswordEncoder passwordEncoder, + @Qualifier("jdbcPagingListFactory") final JdbcPagingListFactory pagingListFactory, + @Qualifier("nonCachingPasswordEncoder") final PasswordEncoder passwordEncoder, final IdentityZoneManager identityZoneManager, - final JdbcIdentityZoneProvisioning jdbcIdentityZoneProvisioning + final JdbcIdentityZoneProvisioning jdbcIdentityZoneProvisioning, + @Qualifier("scimJoinQueryConverter") final SearchQueryConverter joinConverter ) { super(namedJdbcTemplate, pagingListFactory, mapper); Assert.notNull(namedJdbcTemplate, "JdbcTemplate required"); @@ -151,13 +158,6 @@ public JdbcScimUserProvisioning( this.passwordEncoder = passwordEncoder; this.jdbcIdentityZoneProvisioning = jdbcIdentityZoneProvisioning; this.identityZoneManager = identityZoneManager; - } - - public void setTimeService(TimeService timeService) { - this.timeService = timeService; - } - - public void setJoinConverter(SearchQueryConverter joinConverter) { this.joinConverter = joinConverter; } diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/account/PasswordChangeEndpointTests.java b/server/src/test/java/org/cloudfoundry/identity/uaa/account/PasswordChangeEndpointTests.java index 42b451e12bf..1e9c7fa6884 100644 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/account/PasswordChangeEndpointTests.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/account/PasswordChangeEndpointTests.java @@ -3,6 +3,7 @@ import org.cloudfoundry.identity.uaa.annotations.WithDatabaseContext; import org.cloudfoundry.identity.uaa.resources.jdbc.JdbcPagingListFactory; import org.cloudfoundry.identity.uaa.resources.jdbc.LimitSqlAdapterFactory; +import org.cloudfoundry.identity.uaa.resources.jdbc.SimpleSearchQueryConverter; import org.cloudfoundry.identity.uaa.scim.ScimUser; import org.cloudfoundry.identity.uaa.scim.exception.InvalidPasswordException; import org.cloudfoundry.identity.uaa.scim.exception.ScimException; @@ -50,7 +51,8 @@ void setup(@Autowired JdbcTemplate jdbcTemplate, @Autowired NamedParameterJdbcTe jdbcScimUserProvisioning = new JdbcScimUserProvisioning( namedJdbcTemplate, new JdbcPagingListFactory(namedJdbcTemplate, LimitSqlAdapterFactory.getLimitSqlAdapter()), - passwordEncoder, mockIdentityZoneManager, new JdbcIdentityZoneProvisioning(jdbcTemplate)); + passwordEncoder, mockIdentityZoneManager, new JdbcIdentityZoneProvisioning(jdbcTemplate), + new SimpleSearchQueryConverter()); final RandomValueStringGenerator generator = new RandomValueStringGenerator(); diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/oauth/TokenRevocationEndpointTests.java b/server/src/test/java/org/cloudfoundry/identity/uaa/oauth/TokenRevocationEndpointTests.java index b2254cfa8f0..82083be25ea 100644 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/oauth/TokenRevocationEndpointTests.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/oauth/TokenRevocationEndpointTests.java @@ -11,6 +11,7 @@ import org.cloudfoundry.identity.uaa.oauth.token.RevocableToken; import org.cloudfoundry.identity.uaa.resources.jdbc.JdbcPagingListFactory; import org.cloudfoundry.identity.uaa.resources.jdbc.LimitSqlAdapter; +import org.cloudfoundry.identity.uaa.resources.jdbc.SimpleSearchQueryConverter; import org.cloudfoundry.identity.uaa.scim.ScimUserProvisioning; import org.cloudfoundry.identity.uaa.scim.jdbc.JdbcScimUserProvisioning; import org.cloudfoundry.identity.uaa.util.AlphanumericRandomValueStringGenerator; @@ -77,7 +78,7 @@ void setupForTokenRevocation() { ScimUserProvisioning userProvisioning = new JdbcScimUserProvisioning( namedJdbcTemplate, new JdbcPagingListFactory(namedJdbcTemplate, limitSqlAdapter), - passwordEncoder, new IdentityZoneManagerImpl(), new JdbcIdentityZoneProvisioning(jdbcTemplate)); + passwordEncoder, new IdentityZoneManagerImpl(), new JdbcIdentityZoneProvisioning(jdbcTemplate), new SimpleSearchQueryConverter()); JdbcRevocableTokenProvisioning provisioning = spy(new JdbcRevocableTokenProvisioning(jdbcTemplate, limitSqlAdapter, new TimeServiceImpl())); endpoint = spy(new TokenRevocationEndpoint(clientService, userProvisioning, provisioning)); ApplicationEventPublisher publisher = mock(ApplicationEventPublisher.class); diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/provider/saml/LoginSamlAuthenticationProviderTests.java b/server/src/test/java/org/cloudfoundry/identity/uaa/provider/saml/LoginSamlAuthenticationProviderTests.java index ef7bdafb2d0..ea0a4061524 100644 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/provider/saml/LoginSamlAuthenticationProviderTests.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/provider/saml/LoginSamlAuthenticationProviderTests.java @@ -13,6 +13,7 @@ import org.cloudfoundry.identity.uaa.provider.SamlIdentityProviderDefinition; import org.cloudfoundry.identity.uaa.resources.jdbc.JdbcPagingListFactory; import org.cloudfoundry.identity.uaa.resources.jdbc.LimitSqlAdapter; +import org.cloudfoundry.identity.uaa.resources.jdbc.SimpleSearchQueryConverter; import org.cloudfoundry.identity.uaa.scim.ScimGroup; import org.cloudfoundry.identity.uaa.scim.ScimGroupProvisioning; import org.cloudfoundry.identity.uaa.scim.ScimUser; @@ -190,7 +191,7 @@ void configureProvider() throws SAMLException, SecurityException, DecryptionExce groupProvisioning.createOrGet(new ScimGroup(null, UAA_USER, identityZoneManager.getCurrentIdentityZone().getId()), identityZoneManager.getCurrentIdentityZone().getId()); providerDefinition = new SamlIdentityProviderDefinition(); - userProvisioning = new JdbcScimUserProvisioning(namedJdbcTemplate, new JdbcPagingListFactory(namedJdbcTemplate, limitSqlAdapter), passwordEncoder, new IdentityZoneManagerImpl(), new JdbcIdentityZoneProvisioning(jdbcTemplate)); + userProvisioning = new JdbcScimUserProvisioning(namedJdbcTemplate, new JdbcPagingListFactory(namedJdbcTemplate, limitSqlAdapter), passwordEncoder, new IdentityZoneManagerImpl(), new JdbcIdentityZoneProvisioning(jdbcTemplate), new SimpleSearchQueryConverter()); uaaSamlUser = groupProvisioning.create(new ScimGroup(null, UAA_SAML_USER, IdentityZone.getUaaZoneId()), identityZoneManager.getCurrentIdentityZone().getId()); diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/scim/bootstrap/ScimGroupBootstrapTests.java b/server/src/test/java/org/cloudfoundry/identity/uaa/scim/bootstrap/ScimGroupBootstrapTests.java index 1376ce4bd07..c9f072628d1 100644 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/scim/bootstrap/ScimGroupBootstrapTests.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/scim/bootstrap/ScimGroupBootstrapTests.java @@ -3,6 +3,7 @@ import org.cloudfoundry.identity.uaa.annotations.WithDatabaseContext; import org.cloudfoundry.identity.uaa.resources.jdbc.JdbcPagingListFactory; import org.cloudfoundry.identity.uaa.resources.jdbc.LimitSqlAdapter; +import org.cloudfoundry.identity.uaa.resources.jdbc.SimpleSearchQueryConverter; import org.cloudfoundry.identity.uaa.scim.ScimGroup; import org.cloudfoundry.identity.uaa.scim.jdbc.JdbcScimGroupMembershipManager; import org.cloudfoundry.identity.uaa.scim.jdbc.JdbcScimGroupProvisioning; @@ -70,7 +71,7 @@ void initScimGroupBootstrapTests() throws SQLException { JdbcPagingListFactory pagingListFactory = new JdbcPagingListFactory(namedJdbcTemplate, limitSqlAdapter); DbUtils dbUtils = new DbUtils(); gDB = new JdbcScimGroupProvisioning(namedJdbcTemplate, pagingListFactory, dbUtils); - uDB = new JdbcScimUserProvisioning(namedJdbcTemplate, pagingListFactory, passwordEncoder, new IdentityZoneManagerImpl(), new JdbcIdentityZoneProvisioning(jdbcTemplate)); + uDB = new JdbcScimUserProvisioning(namedJdbcTemplate, pagingListFactory, passwordEncoder, new IdentityZoneManagerImpl(), new JdbcIdentityZoneProvisioning(jdbcTemplate), new SimpleSearchQueryConverter()); mDB = new JdbcScimGroupMembershipManager(template, new TimeServiceImpl(), uDB, null, dbUtils); mDB.setScimGroupProvisioning(gDB); diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/scim/bootstrap/ScimUserBootstrapTests.java b/server/src/test/java/org/cloudfoundry/identity/uaa/scim/bootstrap/ScimUserBootstrapTests.java index c2494821483..f0bd910204c 100644 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/scim/bootstrap/ScimUserBootstrapTests.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/scim/bootstrap/ScimUserBootstrapTests.java @@ -7,6 +7,7 @@ import org.cloudfoundry.identity.uaa.constants.OriginKeys; import org.cloudfoundry.identity.uaa.resources.jdbc.JdbcPagingListFactory; import org.cloudfoundry.identity.uaa.resources.jdbc.LimitSqlAdapterFactory; +import org.cloudfoundry.identity.uaa.resources.jdbc.SimpleSearchQueryConverter; import org.cloudfoundry.identity.uaa.scim.ScimGroup; import org.cloudfoundry.identity.uaa.scim.ScimGroupMember; import org.cloudfoundry.identity.uaa.scim.ScimUser; @@ -95,7 +96,7 @@ class ScimUserBootstrapTests { @BeforeEach void init() throws SQLException { JdbcPagingListFactory pagingListFactory = new JdbcPagingListFactory(namedJdbcTemplate, LimitSqlAdapterFactory.getLimitSqlAdapter()); - jdbcScimUserProvisioning = spy(new JdbcScimUserProvisioning(namedJdbcTemplate, pagingListFactory, passwordEncoder, new IdentityZoneManagerImpl(), new JdbcIdentityZoneProvisioning(jdbcTemplate))); + jdbcScimUserProvisioning = spy(new JdbcScimUserProvisioning(namedJdbcTemplate, pagingListFactory, passwordEncoder, new IdentityZoneManagerImpl(), new JdbcIdentityZoneProvisioning(jdbcTemplate), new SimpleSearchQueryConverter())); DbUtils dbUtils = new DbUtils(); jdbcScimGroupProvisioning = new JdbcScimGroupProvisioning(namedJdbcTemplate, pagingListFactory, dbUtils); jdbcScimGroupMembershipManager = new JdbcScimGroupMembershipManager( diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/scim/jdbc/JdbcScimGroupMembershipManagerTests.java b/server/src/test/java/org/cloudfoundry/identity/uaa/scim/jdbc/JdbcScimGroupMembershipManagerTests.java index feda0d51999..232e1dcb07a 100644 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/scim/jdbc/JdbcScimGroupMembershipManagerTests.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/scim/jdbc/JdbcScimGroupMembershipManagerTests.java @@ -6,6 +6,7 @@ import org.cloudfoundry.identity.uaa.provider.IdentityProvider; import org.cloudfoundry.identity.uaa.resources.jdbc.JdbcPagingListFactory; import org.cloudfoundry.identity.uaa.resources.jdbc.LimitSqlAdapter; +import org.cloudfoundry.identity.uaa.resources.jdbc.SimpleSearchQueryConverter; import org.cloudfoundry.identity.uaa.scim.ScimGroup; import org.cloudfoundry.identity.uaa.scim.ScimGroupMember; import org.cloudfoundry.identity.uaa.scim.exception.InvalidScimResourceException; @@ -105,7 +106,7 @@ void setUp() throws SQLException { dbUtils = new DbUtils(); JdbcPagingListFactory pagingListFactory = new JdbcPagingListFactory(namedJdbcTemplate, limitSqlAdapter); - JdbcScimUserProvisioning jdbcScimUserProvisioning = new JdbcScimUserProvisioning(namedJdbcTemplate, pagingListFactory, passwordEncoder, new IdentityZoneManagerImpl(), new JdbcIdentityZoneProvisioning(jdbcTemplate)); + JdbcScimUserProvisioning jdbcScimUserProvisioning = new JdbcScimUserProvisioning(namedJdbcTemplate, pagingListFactory, passwordEncoder, new IdentityZoneManagerImpl(), new JdbcIdentityZoneProvisioning(jdbcTemplate), new SimpleSearchQueryConverter()); jdbcScimGroupProvisioning = new JdbcScimGroupProvisioning(namedJdbcTemplate, pagingListFactory, dbUtils); jdbcScimGroupMembershipManager = new JdbcScimGroupMembershipManager( diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/scim/jdbc/JdbcScimUserProvisioningTests.java b/server/src/test/java/org/cloudfoundry/identity/uaa/scim/jdbc/JdbcScimUserProvisioningTests.java index 09c8e37cfd4..c25d7356421 100644 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/scim/jdbc/JdbcScimUserProvisioningTests.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/scim/jdbc/JdbcScimUserProvisioningTests.java @@ -123,7 +123,9 @@ void setUp(@Autowired LimitSqlAdapter limitSqlAdapter) { idzManager = new IdentityZoneManagerImpl(); idzManager.setCurrentIdentityZone(idz); - jdbcScimUserProvisioning = new JdbcScimUserProvisioning(namedJdbcTemplate, pagingListFactory, passwordEncoder, idzManager, jdbcIdentityZoneProvisioning); + SimpleSearchQueryConverter joinConverter = new SimpleSearchQueryConverter(); + joinConverter.setAttributeNameMapper(new JoinAttributeNameMapper("u")); + jdbcScimUserProvisioning = new JdbcScimUserProvisioning(namedJdbcTemplate, pagingListFactory, passwordEncoder, idzManager, jdbcIdentityZoneProvisioning, joinConverter); SimpleSearchQueryConverter filterConverter = new SimpleSearchQueryConverter(); Map replaceWith = new HashMap<>(); @@ -132,9 +134,6 @@ void setUp(@Autowired LimitSqlAdapter limitSqlAdapter) { replaceWith.put("phoneNumbers\\.value", "phoneNumber"); filterConverter.setAttributeNameMapper(new SimpleAttributeNameMapper(replaceWith)); jdbcScimUserProvisioning.setQueryConverter(filterConverter); - SimpleSearchQueryConverter joinConverter = new SimpleSearchQueryConverter(); - joinConverter.setAttributeNameMapper(new JoinAttributeNameMapper("u")); - jdbcScimUserProvisioning.setJoinConverter(joinConverter); addUser(jdbcTemplate, joeId, JOE_NAME, passwordEncoder.encode("joespassword"), joeEmail, "Joe", "User", "+1-222-1234567", currentIdentityZoneId); @@ -315,11 +314,10 @@ void retrieveByScimFilterOnlyActive() { @Test void retrieveByScimFilterNoPaging() { JdbcPagingListFactory notInUse = mock(JdbcPagingListFactory.class); - jdbcScimUserProvisioning = new JdbcScimUserProvisioning(namedJdbcTemplate, notInUse, passwordEncoder, new IdentityZoneManagerImpl(), - new JdbcIdentityZoneProvisioning(jdbcTemplate)); SimpleSearchQueryConverter joinConverter = new SimpleSearchQueryConverter(); joinConverter.setAttributeNameMapper(new JoinAttributeNameMapper("u")); - jdbcScimUserProvisioning.setJoinConverter(joinConverter); + jdbcScimUserProvisioning = new JdbcScimUserProvisioning(namedJdbcTemplate, notInUse, passwordEncoder, new IdentityZoneManagerImpl(), + new JdbcIdentityZoneProvisioning(jdbcTemplate), joinConverter); String originActive = randomString(); addIdentityProvider(jdbcTemplate, currentIdentityZoneId, originActive, true); @@ -375,8 +373,7 @@ void retrieveByScimFilterUsingLower() { NamedParameterJdbcTemplate mockedJdbcTemplate = mock(NamedParameterJdbcTemplate.class); SimpleSearchQueryConverter joinConverter = new SimpleSearchQueryConverter(); joinConverter.setAttributeNameMapper(new JoinAttributeNameMapper("u")); - jdbcScimUserProvisioning = new JdbcScimUserProvisioning(mockedJdbcTemplate, pagingListFactory, passwordEncoder, idzManager, jdbcIdentityZoneProvisioning); - jdbcScimUserProvisioning.setJoinConverter(joinConverter); + jdbcScimUserProvisioning = new JdbcScimUserProvisioning(mockedJdbcTemplate, pagingListFactory, passwordEncoder, idzManager, jdbcIdentityZoneProvisioning, joinConverter); String scimFilter = "id eq '1111' or username eq 'j4hyqpassX' or origin eq 'uaa'"; jdbcScimUserProvisioning.setPageSize(0); @@ -778,7 +775,7 @@ void cannotCreateScimUserWithEmptyEmail() { void canReadScimUserWithMissingEmail() { // Create a user with no email address, reflecting previous behavior - JdbcScimUserProvisioning noValidateProvisioning = new JdbcScimUserProvisioning(namedJdbcTemplate, pagingListFactory, passwordEncoder, new IdentityZoneManagerImpl(), new JdbcIdentityZoneProvisioning(jdbcTemplate)) { + JdbcScimUserProvisioning noValidateProvisioning = new JdbcScimUserProvisioning(namedJdbcTemplate, pagingListFactory, passwordEncoder, new IdentityZoneManagerImpl(), new JdbcIdentityZoneProvisioning(jdbcTemplate), new SimpleSearchQueryConverter()) { @Override public ScimUser retrieve(String id, String zoneId) { ScimUser createdUserId = new ScimUser(); diff --git a/uaa/src/main/webapp/WEB-INF/spring/scim-endpoints.xml b/uaa/src/main/webapp/WEB-INF/spring/scim-endpoints.xml index 82556aba3d8..de780929c4a 100644 --- a/uaa/src/main/webapp/WEB-INF/spring/scim-endpoints.xml +++ b/uaa/src/main/webapp/WEB-INF/spring/scim-endpoints.xml @@ -33,16 +33,6 @@ - - - - - - - - - - From ed70fe163450a40676c5ebad097e6fe79f25475a Mon Sep 17 00:00:00 2001 From: Adrian Hoelzl Date: Wed, 4 Sep 2024 10:27:46 +0200 Subject: [PATCH 3/8] Change bean configuration of TimeService from XML to annotation-based --- .../identity/uaa/scim/jdbc/JdbcScimUserProvisioning.java | 8 ++++---- .../cloudfoundry/identity/uaa/util/TimeServiceImpl.java | 3 +++ .../uaa/account/PasswordChangeEndpointTests.java | 3 ++- .../identity/uaa/oauth/TokenRevocationEndpointTests.java | 2 +- .../saml/LoginSamlAuthenticationProviderTests.java | 2 +- .../uaa/scim/bootstrap/ScimGroupBootstrapTests.java | 2 +- .../uaa/scim/bootstrap/ScimUserBootstrapTests.java | 2 +- .../scim/jdbc/JdbcScimGroupMembershipManagerTests.java | 2 +- .../uaa/scim/jdbc/JdbcScimUserProvisioningTests.java | 9 +++++---- uaa/src/main/webapp/WEB-INF/spring/oauth-endpoints.xml | 2 -- 10 files changed, 19 insertions(+), 16 deletions(-) diff --git a/server/src/main/java/org/cloudfoundry/identity/uaa/scim/jdbc/JdbcScimUserProvisioning.java b/server/src/main/java/org/cloudfoundry/identity/uaa/scim/jdbc/JdbcScimUserProvisioning.java index ecefeb69606..2dc570b6673 100644 --- a/server/src/main/java/org/cloudfoundry/identity/uaa/scim/jdbc/JdbcScimUserProvisioning.java +++ b/server/src/main/java/org/cloudfoundry/identity/uaa/scim/jdbc/JdbcScimUserProvisioning.java @@ -135,9 +135,7 @@ public Logger getLogger() { private static final RowMapper mapper = new ScimUserRowMapper(); - @Autowired - @Qualifier("timeService") - private TimeService timeService; + private final TimeService timeService; private final JdbcIdentityZoneProvisioning jdbcIdentityZoneProvisioning; private final IdentityZoneManager identityZoneManager; @@ -149,7 +147,8 @@ public JdbcScimUserProvisioning( @Qualifier("nonCachingPasswordEncoder") final PasswordEncoder passwordEncoder, final IdentityZoneManager identityZoneManager, final JdbcIdentityZoneProvisioning jdbcIdentityZoneProvisioning, - @Qualifier("scimJoinQueryConverter") final SearchQueryConverter joinConverter + @Qualifier("scimJoinQueryConverter") final SearchQueryConverter joinConverter, + @Qualifier("timeService") final TimeService timeService ) { super(namedJdbcTemplate, pagingListFactory, mapper); Assert.notNull(namedJdbcTemplate, "JdbcTemplate required"); @@ -159,6 +158,7 @@ public JdbcScimUserProvisioning( this.jdbcIdentityZoneProvisioning = jdbcIdentityZoneProvisioning; this.identityZoneManager = identityZoneManager; this.joinConverter = joinConverter; + this.timeService = timeService; } @Override diff --git a/server/src/main/java/org/cloudfoundry/identity/uaa/util/TimeServiceImpl.java b/server/src/main/java/org/cloudfoundry/identity/uaa/util/TimeServiceImpl.java index 7e160dd1445..977afdea6d1 100644 --- a/server/src/main/java/org/cloudfoundry/identity/uaa/util/TimeServiceImpl.java +++ b/server/src/main/java/org/cloudfoundry/identity/uaa/util/TimeServiceImpl.java @@ -1,4 +1,7 @@ package org.cloudfoundry.identity.uaa.util; +import org.springframework.stereotype.Component; + +@Component("timeService") public class TimeServiceImpl implements TimeService { } diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/account/PasswordChangeEndpointTests.java b/server/src/test/java/org/cloudfoundry/identity/uaa/account/PasswordChangeEndpointTests.java index 1e9c7fa6884..a599f4825e5 100644 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/account/PasswordChangeEndpointTests.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/account/PasswordChangeEndpointTests.java @@ -10,6 +10,7 @@ import org.cloudfoundry.identity.uaa.scim.jdbc.JdbcScimUserProvisioning; import org.cloudfoundry.identity.uaa.scim.validate.PasswordValidator; import org.cloudfoundry.identity.uaa.security.beans.SecurityContextAccessor; +import org.cloudfoundry.identity.uaa.util.TimeServiceImpl; import org.cloudfoundry.identity.uaa.zone.IdentityZone; import org.cloudfoundry.identity.uaa.zone.IdentityZoneConfiguration; import org.cloudfoundry.identity.uaa.zone.JdbcIdentityZoneProvisioning; @@ -52,7 +53,7 @@ void setup(@Autowired JdbcTemplate jdbcTemplate, @Autowired NamedParameterJdbcTe namedJdbcTemplate, new JdbcPagingListFactory(namedJdbcTemplate, LimitSqlAdapterFactory.getLimitSqlAdapter()), passwordEncoder, mockIdentityZoneManager, new JdbcIdentityZoneProvisioning(jdbcTemplate), - new SimpleSearchQueryConverter()); + new SimpleSearchQueryConverter(), new TimeServiceImpl()); final RandomValueStringGenerator generator = new RandomValueStringGenerator(); diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/oauth/TokenRevocationEndpointTests.java b/server/src/test/java/org/cloudfoundry/identity/uaa/oauth/TokenRevocationEndpointTests.java index 82083be25ea..a1209aa4d96 100644 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/oauth/TokenRevocationEndpointTests.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/oauth/TokenRevocationEndpointTests.java @@ -78,7 +78,7 @@ void setupForTokenRevocation() { ScimUserProvisioning userProvisioning = new JdbcScimUserProvisioning( namedJdbcTemplate, new JdbcPagingListFactory(namedJdbcTemplate, limitSqlAdapter), - passwordEncoder, new IdentityZoneManagerImpl(), new JdbcIdentityZoneProvisioning(jdbcTemplate), new SimpleSearchQueryConverter()); + passwordEncoder, new IdentityZoneManagerImpl(), new JdbcIdentityZoneProvisioning(jdbcTemplate), new SimpleSearchQueryConverter(), new TimeServiceImpl()); JdbcRevocableTokenProvisioning provisioning = spy(new JdbcRevocableTokenProvisioning(jdbcTemplate, limitSqlAdapter, new TimeServiceImpl())); endpoint = spy(new TokenRevocationEndpoint(clientService, userProvisioning, provisioning)); ApplicationEventPublisher publisher = mock(ApplicationEventPublisher.class); diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/provider/saml/LoginSamlAuthenticationProviderTests.java b/server/src/test/java/org/cloudfoundry/identity/uaa/provider/saml/LoginSamlAuthenticationProviderTests.java index ea0a4061524..3144b4946a2 100644 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/provider/saml/LoginSamlAuthenticationProviderTests.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/provider/saml/LoginSamlAuthenticationProviderTests.java @@ -191,7 +191,7 @@ void configureProvider() throws SAMLException, SecurityException, DecryptionExce groupProvisioning.createOrGet(new ScimGroup(null, UAA_USER, identityZoneManager.getCurrentIdentityZone().getId()), identityZoneManager.getCurrentIdentityZone().getId()); providerDefinition = new SamlIdentityProviderDefinition(); - userProvisioning = new JdbcScimUserProvisioning(namedJdbcTemplate, new JdbcPagingListFactory(namedJdbcTemplate, limitSqlAdapter), passwordEncoder, new IdentityZoneManagerImpl(), new JdbcIdentityZoneProvisioning(jdbcTemplate), new SimpleSearchQueryConverter()); + userProvisioning = new JdbcScimUserProvisioning(namedJdbcTemplate, new JdbcPagingListFactory(namedJdbcTemplate, limitSqlAdapter), passwordEncoder, new IdentityZoneManagerImpl(), new JdbcIdentityZoneProvisioning(jdbcTemplate), new SimpleSearchQueryConverter(), new TimeServiceImpl()); uaaSamlUser = groupProvisioning.create(new ScimGroup(null, UAA_SAML_USER, IdentityZone.getUaaZoneId()), identityZoneManager.getCurrentIdentityZone().getId()); diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/scim/bootstrap/ScimGroupBootstrapTests.java b/server/src/test/java/org/cloudfoundry/identity/uaa/scim/bootstrap/ScimGroupBootstrapTests.java index c9f072628d1..b1c7e9f5ca6 100644 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/scim/bootstrap/ScimGroupBootstrapTests.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/scim/bootstrap/ScimGroupBootstrapTests.java @@ -71,7 +71,7 @@ void initScimGroupBootstrapTests() throws SQLException { JdbcPagingListFactory pagingListFactory = new JdbcPagingListFactory(namedJdbcTemplate, limitSqlAdapter); DbUtils dbUtils = new DbUtils(); gDB = new JdbcScimGroupProvisioning(namedJdbcTemplate, pagingListFactory, dbUtils); - uDB = new JdbcScimUserProvisioning(namedJdbcTemplate, pagingListFactory, passwordEncoder, new IdentityZoneManagerImpl(), new JdbcIdentityZoneProvisioning(jdbcTemplate), new SimpleSearchQueryConverter()); + uDB = new JdbcScimUserProvisioning(namedJdbcTemplate, pagingListFactory, passwordEncoder, new IdentityZoneManagerImpl(), new JdbcIdentityZoneProvisioning(jdbcTemplate), new SimpleSearchQueryConverter(), new TimeServiceImpl()); mDB = new JdbcScimGroupMembershipManager(template, new TimeServiceImpl(), uDB, null, dbUtils); mDB.setScimGroupProvisioning(gDB); diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/scim/bootstrap/ScimUserBootstrapTests.java b/server/src/test/java/org/cloudfoundry/identity/uaa/scim/bootstrap/ScimUserBootstrapTests.java index f0bd910204c..d63922d019e 100644 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/scim/bootstrap/ScimUserBootstrapTests.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/scim/bootstrap/ScimUserBootstrapTests.java @@ -96,7 +96,7 @@ class ScimUserBootstrapTests { @BeforeEach void init() throws SQLException { JdbcPagingListFactory pagingListFactory = new JdbcPagingListFactory(namedJdbcTemplate, LimitSqlAdapterFactory.getLimitSqlAdapter()); - jdbcScimUserProvisioning = spy(new JdbcScimUserProvisioning(namedJdbcTemplate, pagingListFactory, passwordEncoder, new IdentityZoneManagerImpl(), new JdbcIdentityZoneProvisioning(jdbcTemplate), new SimpleSearchQueryConverter())); + jdbcScimUserProvisioning = spy(new JdbcScimUserProvisioning(namedJdbcTemplate, pagingListFactory, passwordEncoder, new IdentityZoneManagerImpl(), new JdbcIdentityZoneProvisioning(jdbcTemplate), new SimpleSearchQueryConverter(), new TimeServiceImpl())); DbUtils dbUtils = new DbUtils(); jdbcScimGroupProvisioning = new JdbcScimGroupProvisioning(namedJdbcTemplate, pagingListFactory, dbUtils); jdbcScimGroupMembershipManager = new JdbcScimGroupMembershipManager( diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/scim/jdbc/JdbcScimGroupMembershipManagerTests.java b/server/src/test/java/org/cloudfoundry/identity/uaa/scim/jdbc/JdbcScimGroupMembershipManagerTests.java index 232e1dcb07a..4925a803ac4 100644 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/scim/jdbc/JdbcScimGroupMembershipManagerTests.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/scim/jdbc/JdbcScimGroupMembershipManagerTests.java @@ -106,7 +106,7 @@ void setUp() throws SQLException { dbUtils = new DbUtils(); JdbcPagingListFactory pagingListFactory = new JdbcPagingListFactory(namedJdbcTemplate, limitSqlAdapter); - JdbcScimUserProvisioning jdbcScimUserProvisioning = new JdbcScimUserProvisioning(namedJdbcTemplate, pagingListFactory, passwordEncoder, new IdentityZoneManagerImpl(), new JdbcIdentityZoneProvisioning(jdbcTemplate), new SimpleSearchQueryConverter()); + JdbcScimUserProvisioning jdbcScimUserProvisioning = new JdbcScimUserProvisioning(namedJdbcTemplate, pagingListFactory, passwordEncoder, new IdentityZoneManagerImpl(), new JdbcIdentityZoneProvisioning(jdbcTemplate), new SimpleSearchQueryConverter(), new TimeServiceImpl()); jdbcScimGroupProvisioning = new JdbcScimGroupProvisioning(namedJdbcTemplate, pagingListFactory, dbUtils); jdbcScimGroupMembershipManager = new JdbcScimGroupMembershipManager( diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/scim/jdbc/JdbcScimUserProvisioningTests.java b/server/src/test/java/org/cloudfoundry/identity/uaa/scim/jdbc/JdbcScimUserProvisioningTests.java index c25d7356421..a48d760a08a 100644 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/scim/jdbc/JdbcScimUserProvisioningTests.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/scim/jdbc/JdbcScimUserProvisioningTests.java @@ -55,6 +55,7 @@ import org.cloudfoundry.identity.uaa.scim.exception.ScimResourceAlreadyExistsException; import org.cloudfoundry.identity.uaa.scim.exception.ScimResourceNotFoundException; import org.cloudfoundry.identity.uaa.user.UaaAuthority; +import org.cloudfoundry.identity.uaa.util.TimeServiceImpl; import org.cloudfoundry.identity.uaa.zone.IdentityZone; import org.cloudfoundry.identity.uaa.zone.IdentityZoneConfiguration; import org.cloudfoundry.identity.uaa.zone.JdbcIdentityZoneProvisioning; @@ -125,7 +126,7 @@ void setUp(@Autowired LimitSqlAdapter limitSqlAdapter) { SimpleSearchQueryConverter joinConverter = new SimpleSearchQueryConverter(); joinConverter.setAttributeNameMapper(new JoinAttributeNameMapper("u")); - jdbcScimUserProvisioning = new JdbcScimUserProvisioning(namedJdbcTemplate, pagingListFactory, passwordEncoder, idzManager, jdbcIdentityZoneProvisioning, joinConverter); + jdbcScimUserProvisioning = new JdbcScimUserProvisioning(namedJdbcTemplate, pagingListFactory, passwordEncoder, idzManager, jdbcIdentityZoneProvisioning, joinConverter, new TimeServiceImpl()); SimpleSearchQueryConverter filterConverter = new SimpleSearchQueryConverter(); Map replaceWith = new HashMap<>(); @@ -317,7 +318,7 @@ void retrieveByScimFilterNoPaging() { SimpleSearchQueryConverter joinConverter = new SimpleSearchQueryConverter(); joinConverter.setAttributeNameMapper(new JoinAttributeNameMapper("u")); jdbcScimUserProvisioning = new JdbcScimUserProvisioning(namedJdbcTemplate, notInUse, passwordEncoder, new IdentityZoneManagerImpl(), - new JdbcIdentityZoneProvisioning(jdbcTemplate), joinConverter); + new JdbcIdentityZoneProvisioning(jdbcTemplate), joinConverter, new TimeServiceImpl()); String originActive = randomString(); addIdentityProvider(jdbcTemplate, currentIdentityZoneId, originActive, true); @@ -373,7 +374,7 @@ void retrieveByScimFilterUsingLower() { NamedParameterJdbcTemplate mockedJdbcTemplate = mock(NamedParameterJdbcTemplate.class); SimpleSearchQueryConverter joinConverter = new SimpleSearchQueryConverter(); joinConverter.setAttributeNameMapper(new JoinAttributeNameMapper("u")); - jdbcScimUserProvisioning = new JdbcScimUserProvisioning(mockedJdbcTemplate, pagingListFactory, passwordEncoder, idzManager, jdbcIdentityZoneProvisioning, joinConverter); + jdbcScimUserProvisioning = new JdbcScimUserProvisioning(mockedJdbcTemplate, pagingListFactory, passwordEncoder, idzManager, jdbcIdentityZoneProvisioning, joinConverter, new TimeServiceImpl()); String scimFilter = "id eq '1111' or username eq 'j4hyqpassX' or origin eq 'uaa'"; jdbcScimUserProvisioning.setPageSize(0); @@ -775,7 +776,7 @@ void cannotCreateScimUserWithEmptyEmail() { void canReadScimUserWithMissingEmail() { // Create a user with no email address, reflecting previous behavior - JdbcScimUserProvisioning noValidateProvisioning = new JdbcScimUserProvisioning(namedJdbcTemplate, pagingListFactory, passwordEncoder, new IdentityZoneManagerImpl(), new JdbcIdentityZoneProvisioning(jdbcTemplate), new SimpleSearchQueryConverter()) { + JdbcScimUserProvisioning noValidateProvisioning = new JdbcScimUserProvisioning(namedJdbcTemplate, pagingListFactory, passwordEncoder, new IdentityZoneManagerImpl(), new JdbcIdentityZoneProvisioning(jdbcTemplate), new SimpleSearchQueryConverter(), new TimeServiceImpl()) { @Override public ScimUser retrieve(String id, String zoneId) { ScimUser createdUserId = new ScimUser(); diff --git a/uaa/src/main/webapp/WEB-INF/spring/oauth-endpoints.xml b/uaa/src/main/webapp/WEB-INF/spring/oauth-endpoints.xml index c2e6763c55c..9a287266131 100755 --- a/uaa/src/main/webapp/WEB-INF/spring/oauth-endpoints.xml +++ b/uaa/src/main/webapp/WEB-INF/spring/oauth-endpoints.xml @@ -543,8 +543,6 @@ - - From 9a9a5b14f2b60364da1613828bb1b47632e6723f Mon Sep 17 00:00:00 2001 From: Adrian Hoelzl Date: Wed, 4 Sep 2024 10:53:31 +0200 Subject: [PATCH 4/8] Refactor bean definition of 'deactivateOnDelete' --- .../identity/uaa/scim/jdbc/JdbcScimUserProvisioning.java | 8 +++++--- .../identity/uaa/account/PasswordChangeEndpointTests.java | 2 +- .../identity/uaa/oauth/TokenRevocationEndpointTests.java | 2 +- .../saml/LoginSamlAuthenticationProviderTests.java | 2 +- .../uaa/scim/bootstrap/ScimGroupBootstrapTests.java | 2 +- .../uaa/scim/bootstrap/ScimUserBootstrapTests.java | 2 +- .../scim/jdbc/JdbcScimGroupMembershipManagerTests.java | 2 +- .../uaa/scim/jdbc/JdbcScimUserProvisioningTests.java | 8 ++++---- 8 files changed, 15 insertions(+), 13 deletions(-) diff --git a/server/src/main/java/org/cloudfoundry/identity/uaa/scim/jdbc/JdbcScimUserProvisioning.java b/server/src/main/java/org/cloudfoundry/identity/uaa/scim/jdbc/JdbcScimUserProvisioning.java index 2dc570b6673..87499426149 100644 --- a/server/src/main/java/org/cloudfoundry/identity/uaa/scim/jdbc/JdbcScimUserProvisioning.java +++ b/server/src/main/java/org/cloudfoundry/identity/uaa/scim/jdbc/JdbcScimUserProvisioning.java @@ -29,6 +29,7 @@ import java.util.Map; import java.util.UUID; +import com.google.common.annotations.VisibleForTesting; import org.cloudfoundry.identity.uaa.audit.event.SystemDeletable; import org.cloudfoundry.identity.uaa.constants.OriginKeys; import org.cloudfoundry.identity.uaa.resources.ResourceMonitor; @@ -57,7 +58,6 @@ import org.cloudfoundry.identity.uaa.zone.beans.IdentityZoneManager; import org.slf4j.Logger; import org.slf4j.LoggerFactory; -import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Qualifier; import org.springframework.beans.factory.annotation.Value; import org.springframework.dao.DuplicateKeyException; @@ -130,7 +130,6 @@ public Logger getLogger() { private final PasswordEncoder passwordEncoder; - @Value("${scim.delete.deactivate:false}") private boolean deactivateOnDelete; private static final RowMapper mapper = new ScimUserRowMapper(); @@ -148,7 +147,8 @@ public JdbcScimUserProvisioning( final IdentityZoneManager identityZoneManager, final JdbcIdentityZoneProvisioning jdbcIdentityZoneProvisioning, @Qualifier("scimJoinQueryConverter") final SearchQueryConverter joinConverter, - @Qualifier("timeService") final TimeService timeService + final TimeService timeService, + @Value("${scim.delete.deactivate:false}") final boolean deactivateOnDelete ) { super(namedJdbcTemplate, pagingListFactory, mapper); Assert.notNull(namedJdbcTemplate, "JdbcTemplate required"); @@ -159,6 +159,7 @@ public JdbcScimUserProvisioning( this.identityZoneManager = identityZoneManager; this.joinConverter = joinConverter; this.timeService = timeService; + this.deactivateOnDelete = deactivateOnDelete; } @Override @@ -503,6 +504,7 @@ protected int deleteUser(String userId, int version, String zoneId) { return updated; } + @VisibleForTesting public void setDeactivateOnDelete(boolean deactivateOnDelete) { this.deactivateOnDelete = deactivateOnDelete; } diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/account/PasswordChangeEndpointTests.java b/server/src/test/java/org/cloudfoundry/identity/uaa/account/PasswordChangeEndpointTests.java index a599f4825e5..35d1da83e04 100644 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/account/PasswordChangeEndpointTests.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/account/PasswordChangeEndpointTests.java @@ -53,7 +53,7 @@ void setup(@Autowired JdbcTemplate jdbcTemplate, @Autowired NamedParameterJdbcTe namedJdbcTemplate, new JdbcPagingListFactory(namedJdbcTemplate, LimitSqlAdapterFactory.getLimitSqlAdapter()), passwordEncoder, mockIdentityZoneManager, new JdbcIdentityZoneProvisioning(jdbcTemplate), - new SimpleSearchQueryConverter(), new TimeServiceImpl()); + new SimpleSearchQueryConverter(), new TimeServiceImpl(), true); final RandomValueStringGenerator generator = new RandomValueStringGenerator(); diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/oauth/TokenRevocationEndpointTests.java b/server/src/test/java/org/cloudfoundry/identity/uaa/oauth/TokenRevocationEndpointTests.java index a1209aa4d96..c08d481bf6c 100644 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/oauth/TokenRevocationEndpointTests.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/oauth/TokenRevocationEndpointTests.java @@ -78,7 +78,7 @@ void setupForTokenRevocation() { ScimUserProvisioning userProvisioning = new JdbcScimUserProvisioning( namedJdbcTemplate, new JdbcPagingListFactory(namedJdbcTemplate, limitSqlAdapter), - passwordEncoder, new IdentityZoneManagerImpl(), new JdbcIdentityZoneProvisioning(jdbcTemplate), new SimpleSearchQueryConverter(), new TimeServiceImpl()); + passwordEncoder, new IdentityZoneManagerImpl(), new JdbcIdentityZoneProvisioning(jdbcTemplate), new SimpleSearchQueryConverter(), new TimeServiceImpl(), true); JdbcRevocableTokenProvisioning provisioning = spy(new JdbcRevocableTokenProvisioning(jdbcTemplate, limitSqlAdapter, new TimeServiceImpl())); endpoint = spy(new TokenRevocationEndpoint(clientService, userProvisioning, provisioning)); ApplicationEventPublisher publisher = mock(ApplicationEventPublisher.class); diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/provider/saml/LoginSamlAuthenticationProviderTests.java b/server/src/test/java/org/cloudfoundry/identity/uaa/provider/saml/LoginSamlAuthenticationProviderTests.java index 3144b4946a2..07cf7cd4435 100644 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/provider/saml/LoginSamlAuthenticationProviderTests.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/provider/saml/LoginSamlAuthenticationProviderTests.java @@ -191,7 +191,7 @@ void configureProvider() throws SAMLException, SecurityException, DecryptionExce groupProvisioning.createOrGet(new ScimGroup(null, UAA_USER, identityZoneManager.getCurrentIdentityZone().getId()), identityZoneManager.getCurrentIdentityZone().getId()); providerDefinition = new SamlIdentityProviderDefinition(); - userProvisioning = new JdbcScimUserProvisioning(namedJdbcTemplate, new JdbcPagingListFactory(namedJdbcTemplate, limitSqlAdapter), passwordEncoder, new IdentityZoneManagerImpl(), new JdbcIdentityZoneProvisioning(jdbcTemplate), new SimpleSearchQueryConverter(), new TimeServiceImpl()); + userProvisioning = new JdbcScimUserProvisioning(namedJdbcTemplate, new JdbcPagingListFactory(namedJdbcTemplate, limitSqlAdapter), passwordEncoder, new IdentityZoneManagerImpl(), new JdbcIdentityZoneProvisioning(jdbcTemplate), new SimpleSearchQueryConverter(), new TimeServiceImpl(), true); uaaSamlUser = groupProvisioning.create(new ScimGroup(null, UAA_SAML_USER, IdentityZone.getUaaZoneId()), identityZoneManager.getCurrentIdentityZone().getId()); diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/scim/bootstrap/ScimGroupBootstrapTests.java b/server/src/test/java/org/cloudfoundry/identity/uaa/scim/bootstrap/ScimGroupBootstrapTests.java index b1c7e9f5ca6..876e2b19b9e 100644 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/scim/bootstrap/ScimGroupBootstrapTests.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/scim/bootstrap/ScimGroupBootstrapTests.java @@ -71,7 +71,7 @@ void initScimGroupBootstrapTests() throws SQLException { JdbcPagingListFactory pagingListFactory = new JdbcPagingListFactory(namedJdbcTemplate, limitSqlAdapter); DbUtils dbUtils = new DbUtils(); gDB = new JdbcScimGroupProvisioning(namedJdbcTemplate, pagingListFactory, dbUtils); - uDB = new JdbcScimUserProvisioning(namedJdbcTemplate, pagingListFactory, passwordEncoder, new IdentityZoneManagerImpl(), new JdbcIdentityZoneProvisioning(jdbcTemplate), new SimpleSearchQueryConverter(), new TimeServiceImpl()); + uDB = new JdbcScimUserProvisioning(namedJdbcTemplate, pagingListFactory, passwordEncoder, new IdentityZoneManagerImpl(), new JdbcIdentityZoneProvisioning(jdbcTemplate), new SimpleSearchQueryConverter(), new TimeServiceImpl(), true); mDB = new JdbcScimGroupMembershipManager(template, new TimeServiceImpl(), uDB, null, dbUtils); mDB.setScimGroupProvisioning(gDB); diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/scim/bootstrap/ScimUserBootstrapTests.java b/server/src/test/java/org/cloudfoundry/identity/uaa/scim/bootstrap/ScimUserBootstrapTests.java index d63922d019e..4a81cee2414 100644 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/scim/bootstrap/ScimUserBootstrapTests.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/scim/bootstrap/ScimUserBootstrapTests.java @@ -96,7 +96,7 @@ class ScimUserBootstrapTests { @BeforeEach void init() throws SQLException { JdbcPagingListFactory pagingListFactory = new JdbcPagingListFactory(namedJdbcTemplate, LimitSqlAdapterFactory.getLimitSqlAdapter()); - jdbcScimUserProvisioning = spy(new JdbcScimUserProvisioning(namedJdbcTemplate, pagingListFactory, passwordEncoder, new IdentityZoneManagerImpl(), new JdbcIdentityZoneProvisioning(jdbcTemplate), new SimpleSearchQueryConverter(), new TimeServiceImpl())); + jdbcScimUserProvisioning = spy(new JdbcScimUserProvisioning(namedJdbcTemplate, pagingListFactory, passwordEncoder, new IdentityZoneManagerImpl(), new JdbcIdentityZoneProvisioning(jdbcTemplate), new SimpleSearchQueryConverter(), new TimeServiceImpl(), true)); DbUtils dbUtils = new DbUtils(); jdbcScimGroupProvisioning = new JdbcScimGroupProvisioning(namedJdbcTemplate, pagingListFactory, dbUtils); jdbcScimGroupMembershipManager = new JdbcScimGroupMembershipManager( diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/scim/jdbc/JdbcScimGroupMembershipManagerTests.java b/server/src/test/java/org/cloudfoundry/identity/uaa/scim/jdbc/JdbcScimGroupMembershipManagerTests.java index 4925a803ac4..174027103d4 100644 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/scim/jdbc/JdbcScimGroupMembershipManagerTests.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/scim/jdbc/JdbcScimGroupMembershipManagerTests.java @@ -106,7 +106,7 @@ void setUp() throws SQLException { dbUtils = new DbUtils(); JdbcPagingListFactory pagingListFactory = new JdbcPagingListFactory(namedJdbcTemplate, limitSqlAdapter); - JdbcScimUserProvisioning jdbcScimUserProvisioning = new JdbcScimUserProvisioning(namedJdbcTemplate, pagingListFactory, passwordEncoder, new IdentityZoneManagerImpl(), new JdbcIdentityZoneProvisioning(jdbcTemplate), new SimpleSearchQueryConverter(), new TimeServiceImpl()); + JdbcScimUserProvisioning jdbcScimUserProvisioning = new JdbcScimUserProvisioning(namedJdbcTemplate, pagingListFactory, passwordEncoder, new IdentityZoneManagerImpl(), new JdbcIdentityZoneProvisioning(jdbcTemplate), new SimpleSearchQueryConverter(), new TimeServiceImpl(), true); jdbcScimGroupProvisioning = new JdbcScimGroupProvisioning(namedJdbcTemplate, pagingListFactory, dbUtils); jdbcScimGroupMembershipManager = new JdbcScimGroupMembershipManager( diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/scim/jdbc/JdbcScimUserProvisioningTests.java b/server/src/test/java/org/cloudfoundry/identity/uaa/scim/jdbc/JdbcScimUserProvisioningTests.java index a48d760a08a..68d1e165466 100644 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/scim/jdbc/JdbcScimUserProvisioningTests.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/scim/jdbc/JdbcScimUserProvisioningTests.java @@ -126,7 +126,7 @@ void setUp(@Autowired LimitSqlAdapter limitSqlAdapter) { SimpleSearchQueryConverter joinConverter = new SimpleSearchQueryConverter(); joinConverter.setAttributeNameMapper(new JoinAttributeNameMapper("u")); - jdbcScimUserProvisioning = new JdbcScimUserProvisioning(namedJdbcTemplate, pagingListFactory, passwordEncoder, idzManager, jdbcIdentityZoneProvisioning, joinConverter, new TimeServiceImpl()); + jdbcScimUserProvisioning = new JdbcScimUserProvisioning(namedJdbcTemplate, pagingListFactory, passwordEncoder, idzManager, jdbcIdentityZoneProvisioning, joinConverter, new TimeServiceImpl(), true); SimpleSearchQueryConverter filterConverter = new SimpleSearchQueryConverter(); Map replaceWith = new HashMap<>(); @@ -318,7 +318,7 @@ void retrieveByScimFilterNoPaging() { SimpleSearchQueryConverter joinConverter = new SimpleSearchQueryConverter(); joinConverter.setAttributeNameMapper(new JoinAttributeNameMapper("u")); jdbcScimUserProvisioning = new JdbcScimUserProvisioning(namedJdbcTemplate, notInUse, passwordEncoder, new IdentityZoneManagerImpl(), - new JdbcIdentityZoneProvisioning(jdbcTemplate), joinConverter, new TimeServiceImpl()); + new JdbcIdentityZoneProvisioning(jdbcTemplate), joinConverter, new TimeServiceImpl(), true); String originActive = randomString(); addIdentityProvider(jdbcTemplate, currentIdentityZoneId, originActive, true); @@ -374,7 +374,7 @@ void retrieveByScimFilterUsingLower() { NamedParameterJdbcTemplate mockedJdbcTemplate = mock(NamedParameterJdbcTemplate.class); SimpleSearchQueryConverter joinConverter = new SimpleSearchQueryConverter(); joinConverter.setAttributeNameMapper(new JoinAttributeNameMapper("u")); - jdbcScimUserProvisioning = new JdbcScimUserProvisioning(mockedJdbcTemplate, pagingListFactory, passwordEncoder, idzManager, jdbcIdentityZoneProvisioning, joinConverter, new TimeServiceImpl()); + jdbcScimUserProvisioning = new JdbcScimUserProvisioning(mockedJdbcTemplate, pagingListFactory, passwordEncoder, idzManager, jdbcIdentityZoneProvisioning, joinConverter, new TimeServiceImpl(), true); String scimFilter = "id eq '1111' or username eq 'j4hyqpassX' or origin eq 'uaa'"; jdbcScimUserProvisioning.setPageSize(0); @@ -776,7 +776,7 @@ void cannotCreateScimUserWithEmptyEmail() { void canReadScimUserWithMissingEmail() { // Create a user with no email address, reflecting previous behavior - JdbcScimUserProvisioning noValidateProvisioning = new JdbcScimUserProvisioning(namedJdbcTemplate, pagingListFactory, passwordEncoder, new IdentityZoneManagerImpl(), new JdbcIdentityZoneProvisioning(jdbcTemplate), new SimpleSearchQueryConverter(), new TimeServiceImpl()) { + JdbcScimUserProvisioning noValidateProvisioning = new JdbcScimUserProvisioning(namedJdbcTemplate, pagingListFactory, passwordEncoder, new IdentityZoneManagerImpl(), new JdbcIdentityZoneProvisioning(jdbcTemplate), new SimpleSearchQueryConverter(), new TimeServiceImpl(), true) { @Override public ScimUser retrieve(String id, String zoneId) { ScimUser createdUserId = new ScimUser(); From 0b0fb3022c19919c1522f57c8c5189f43dba2081 Mon Sep 17 00:00:00 2001 From: Adrian Hoelzl Date: Wed, 4 Sep 2024 13:02:33 +0200 Subject: [PATCH 5/8] Fix injection of queryConverter --- .../identity/uaa/scim/jdbc/JdbcScimUserProvisioning.java | 4 ++-- .../identity/uaa/account/PasswordChangeEndpointTests.java | 2 +- .../identity/uaa/oauth/TokenRevocationEndpointTests.java | 2 +- .../saml/LoginSamlAuthenticationProviderTests.java | 2 +- .../uaa/scim/bootstrap/ScimGroupBootstrapTests.java | 2 +- .../uaa/scim/bootstrap/ScimUserBootstrapTests.java | 2 +- .../scim/jdbc/JdbcScimGroupMembershipManagerTests.java | 2 +- .../uaa/scim/jdbc/JdbcScimUserProvisioningTests.java | 8 ++++---- 8 files changed, 12 insertions(+), 12 deletions(-) diff --git a/server/src/main/java/org/cloudfoundry/identity/uaa/scim/jdbc/JdbcScimUserProvisioning.java b/server/src/main/java/org/cloudfoundry/identity/uaa/scim/jdbc/JdbcScimUserProvisioning.java index 87499426149..11e9b9a2ce8 100644 --- a/server/src/main/java/org/cloudfoundry/identity/uaa/scim/jdbc/JdbcScimUserProvisioning.java +++ b/server/src/main/java/org/cloudfoundry/identity/uaa/scim/jdbc/JdbcScimUserProvisioning.java @@ -37,7 +37,6 @@ import org.cloudfoundry.identity.uaa.resources.jdbc.JdbcPagingListFactory; import org.cloudfoundry.identity.uaa.resources.jdbc.SearchQueryConverter; import org.cloudfoundry.identity.uaa.resources.jdbc.SearchQueryConverter.ProcessedFilter; -import org.cloudfoundry.identity.uaa.resources.jdbc.SimpleSearchQueryConverter; import org.cloudfoundry.identity.uaa.scim.ScimMeta; import org.cloudfoundry.identity.uaa.scim.ScimUser; import org.cloudfoundry.identity.uaa.scim.ScimUser.Name; @@ -146,6 +145,7 @@ public JdbcScimUserProvisioning( @Qualifier("nonCachingPasswordEncoder") final PasswordEncoder passwordEncoder, final IdentityZoneManager identityZoneManager, final JdbcIdentityZoneProvisioning jdbcIdentityZoneProvisioning, + @Qualifier("scimUserQueryConverter") final SearchQueryConverter queryConverter, @Qualifier("scimJoinQueryConverter") final SearchQueryConverter joinConverter, final TimeService timeService, @Value("${scim.delete.deactivate:false}") final boolean deactivateOnDelete @@ -153,13 +153,13 @@ public JdbcScimUserProvisioning( super(namedJdbcTemplate, pagingListFactory, mapper); Assert.notNull(namedJdbcTemplate, "JdbcTemplate required"); this.jdbcTemplate = namedJdbcTemplate.getJdbcTemplate(); - setQueryConverter(new SimpleSearchQueryConverter()); this.passwordEncoder = passwordEncoder; this.jdbcIdentityZoneProvisioning = jdbcIdentityZoneProvisioning; this.identityZoneManager = identityZoneManager; this.joinConverter = joinConverter; this.timeService = timeService; this.deactivateOnDelete = deactivateOnDelete; + setQueryConverter(queryConverter); } @Override diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/account/PasswordChangeEndpointTests.java b/server/src/test/java/org/cloudfoundry/identity/uaa/account/PasswordChangeEndpointTests.java index 35d1da83e04..f30cf9041f0 100644 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/account/PasswordChangeEndpointTests.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/account/PasswordChangeEndpointTests.java @@ -53,7 +53,7 @@ void setup(@Autowired JdbcTemplate jdbcTemplate, @Autowired NamedParameterJdbcTe namedJdbcTemplate, new JdbcPagingListFactory(namedJdbcTemplate, LimitSqlAdapterFactory.getLimitSqlAdapter()), passwordEncoder, mockIdentityZoneManager, new JdbcIdentityZoneProvisioning(jdbcTemplate), - new SimpleSearchQueryConverter(), new TimeServiceImpl(), true); + new SimpleSearchQueryConverter(), new SimpleSearchQueryConverter(), new TimeServiceImpl(), true); final RandomValueStringGenerator generator = new RandomValueStringGenerator(); diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/oauth/TokenRevocationEndpointTests.java b/server/src/test/java/org/cloudfoundry/identity/uaa/oauth/TokenRevocationEndpointTests.java index c08d481bf6c..e7a9f61e24b 100644 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/oauth/TokenRevocationEndpointTests.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/oauth/TokenRevocationEndpointTests.java @@ -78,7 +78,7 @@ void setupForTokenRevocation() { ScimUserProvisioning userProvisioning = new JdbcScimUserProvisioning( namedJdbcTemplate, new JdbcPagingListFactory(namedJdbcTemplate, limitSqlAdapter), - passwordEncoder, new IdentityZoneManagerImpl(), new JdbcIdentityZoneProvisioning(jdbcTemplate), new SimpleSearchQueryConverter(), new TimeServiceImpl(), true); + passwordEncoder, new IdentityZoneManagerImpl(), new JdbcIdentityZoneProvisioning(jdbcTemplate), new SimpleSearchQueryConverter(), new SimpleSearchQueryConverter(), new TimeServiceImpl(), true); JdbcRevocableTokenProvisioning provisioning = spy(new JdbcRevocableTokenProvisioning(jdbcTemplate, limitSqlAdapter, new TimeServiceImpl())); endpoint = spy(new TokenRevocationEndpoint(clientService, userProvisioning, provisioning)); ApplicationEventPublisher publisher = mock(ApplicationEventPublisher.class); diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/provider/saml/LoginSamlAuthenticationProviderTests.java b/server/src/test/java/org/cloudfoundry/identity/uaa/provider/saml/LoginSamlAuthenticationProviderTests.java index 07cf7cd4435..ffacead7c73 100644 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/provider/saml/LoginSamlAuthenticationProviderTests.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/provider/saml/LoginSamlAuthenticationProviderTests.java @@ -191,7 +191,7 @@ void configureProvider() throws SAMLException, SecurityException, DecryptionExce groupProvisioning.createOrGet(new ScimGroup(null, UAA_USER, identityZoneManager.getCurrentIdentityZone().getId()), identityZoneManager.getCurrentIdentityZone().getId()); providerDefinition = new SamlIdentityProviderDefinition(); - userProvisioning = new JdbcScimUserProvisioning(namedJdbcTemplate, new JdbcPagingListFactory(namedJdbcTemplate, limitSqlAdapter), passwordEncoder, new IdentityZoneManagerImpl(), new JdbcIdentityZoneProvisioning(jdbcTemplate), new SimpleSearchQueryConverter(), new TimeServiceImpl(), true); + userProvisioning = new JdbcScimUserProvisioning(namedJdbcTemplate, new JdbcPagingListFactory(namedJdbcTemplate, limitSqlAdapter), passwordEncoder, new IdentityZoneManagerImpl(), new JdbcIdentityZoneProvisioning(jdbcTemplate), new SimpleSearchQueryConverter(), new SimpleSearchQueryConverter(), new TimeServiceImpl(), true); uaaSamlUser = groupProvisioning.create(new ScimGroup(null, UAA_SAML_USER, IdentityZone.getUaaZoneId()), identityZoneManager.getCurrentIdentityZone().getId()); diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/scim/bootstrap/ScimGroupBootstrapTests.java b/server/src/test/java/org/cloudfoundry/identity/uaa/scim/bootstrap/ScimGroupBootstrapTests.java index 876e2b19b9e..722d7aee971 100644 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/scim/bootstrap/ScimGroupBootstrapTests.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/scim/bootstrap/ScimGroupBootstrapTests.java @@ -71,7 +71,7 @@ void initScimGroupBootstrapTests() throws SQLException { JdbcPagingListFactory pagingListFactory = new JdbcPagingListFactory(namedJdbcTemplate, limitSqlAdapter); DbUtils dbUtils = new DbUtils(); gDB = new JdbcScimGroupProvisioning(namedJdbcTemplate, pagingListFactory, dbUtils); - uDB = new JdbcScimUserProvisioning(namedJdbcTemplate, pagingListFactory, passwordEncoder, new IdentityZoneManagerImpl(), new JdbcIdentityZoneProvisioning(jdbcTemplate), new SimpleSearchQueryConverter(), new TimeServiceImpl(), true); + uDB = new JdbcScimUserProvisioning(namedJdbcTemplate, pagingListFactory, passwordEncoder, new IdentityZoneManagerImpl(), new JdbcIdentityZoneProvisioning(jdbcTemplate), new SimpleSearchQueryConverter(), new SimpleSearchQueryConverter(), new TimeServiceImpl(), true); mDB = new JdbcScimGroupMembershipManager(template, new TimeServiceImpl(), uDB, null, dbUtils); mDB.setScimGroupProvisioning(gDB); diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/scim/bootstrap/ScimUserBootstrapTests.java b/server/src/test/java/org/cloudfoundry/identity/uaa/scim/bootstrap/ScimUserBootstrapTests.java index 4a81cee2414..bd4bf4732ac 100644 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/scim/bootstrap/ScimUserBootstrapTests.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/scim/bootstrap/ScimUserBootstrapTests.java @@ -96,7 +96,7 @@ class ScimUserBootstrapTests { @BeforeEach void init() throws SQLException { JdbcPagingListFactory pagingListFactory = new JdbcPagingListFactory(namedJdbcTemplate, LimitSqlAdapterFactory.getLimitSqlAdapter()); - jdbcScimUserProvisioning = spy(new JdbcScimUserProvisioning(namedJdbcTemplate, pagingListFactory, passwordEncoder, new IdentityZoneManagerImpl(), new JdbcIdentityZoneProvisioning(jdbcTemplate), new SimpleSearchQueryConverter(), new TimeServiceImpl(), true)); + jdbcScimUserProvisioning = spy(new JdbcScimUserProvisioning(namedJdbcTemplate, pagingListFactory, passwordEncoder, new IdentityZoneManagerImpl(), new JdbcIdentityZoneProvisioning(jdbcTemplate), new SimpleSearchQueryConverter(), new SimpleSearchQueryConverter(), new TimeServiceImpl(), true)); DbUtils dbUtils = new DbUtils(); jdbcScimGroupProvisioning = new JdbcScimGroupProvisioning(namedJdbcTemplate, pagingListFactory, dbUtils); jdbcScimGroupMembershipManager = new JdbcScimGroupMembershipManager( diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/scim/jdbc/JdbcScimGroupMembershipManagerTests.java b/server/src/test/java/org/cloudfoundry/identity/uaa/scim/jdbc/JdbcScimGroupMembershipManagerTests.java index 174027103d4..6f1e1b93c97 100644 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/scim/jdbc/JdbcScimGroupMembershipManagerTests.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/scim/jdbc/JdbcScimGroupMembershipManagerTests.java @@ -106,7 +106,7 @@ void setUp() throws SQLException { dbUtils = new DbUtils(); JdbcPagingListFactory pagingListFactory = new JdbcPagingListFactory(namedJdbcTemplate, limitSqlAdapter); - JdbcScimUserProvisioning jdbcScimUserProvisioning = new JdbcScimUserProvisioning(namedJdbcTemplate, pagingListFactory, passwordEncoder, new IdentityZoneManagerImpl(), new JdbcIdentityZoneProvisioning(jdbcTemplate), new SimpleSearchQueryConverter(), new TimeServiceImpl(), true); + JdbcScimUserProvisioning jdbcScimUserProvisioning = new JdbcScimUserProvisioning(namedJdbcTemplate, pagingListFactory, passwordEncoder, new IdentityZoneManagerImpl(), new JdbcIdentityZoneProvisioning(jdbcTemplate), new SimpleSearchQueryConverter(), new SimpleSearchQueryConverter(), new TimeServiceImpl(), true); jdbcScimGroupProvisioning = new JdbcScimGroupProvisioning(namedJdbcTemplate, pagingListFactory, dbUtils); jdbcScimGroupMembershipManager = new JdbcScimGroupMembershipManager( diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/scim/jdbc/JdbcScimUserProvisioningTests.java b/server/src/test/java/org/cloudfoundry/identity/uaa/scim/jdbc/JdbcScimUserProvisioningTests.java index 68d1e165466..6eba9ccab7b 100644 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/scim/jdbc/JdbcScimUserProvisioningTests.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/scim/jdbc/JdbcScimUserProvisioningTests.java @@ -126,7 +126,7 @@ void setUp(@Autowired LimitSqlAdapter limitSqlAdapter) { SimpleSearchQueryConverter joinConverter = new SimpleSearchQueryConverter(); joinConverter.setAttributeNameMapper(new JoinAttributeNameMapper("u")); - jdbcScimUserProvisioning = new JdbcScimUserProvisioning(namedJdbcTemplate, pagingListFactory, passwordEncoder, idzManager, jdbcIdentityZoneProvisioning, joinConverter, new TimeServiceImpl(), true); + jdbcScimUserProvisioning = new JdbcScimUserProvisioning(namedJdbcTemplate, pagingListFactory, passwordEncoder, idzManager, jdbcIdentityZoneProvisioning, new SimpleSearchQueryConverter(), joinConverter, new TimeServiceImpl(), true); SimpleSearchQueryConverter filterConverter = new SimpleSearchQueryConverter(); Map replaceWith = new HashMap<>(); @@ -318,7 +318,7 @@ void retrieveByScimFilterNoPaging() { SimpleSearchQueryConverter joinConverter = new SimpleSearchQueryConverter(); joinConverter.setAttributeNameMapper(new JoinAttributeNameMapper("u")); jdbcScimUserProvisioning = new JdbcScimUserProvisioning(namedJdbcTemplate, notInUse, passwordEncoder, new IdentityZoneManagerImpl(), - new JdbcIdentityZoneProvisioning(jdbcTemplate), joinConverter, new TimeServiceImpl(), true); + new JdbcIdentityZoneProvisioning(jdbcTemplate), new SimpleSearchQueryConverter(), joinConverter, new TimeServiceImpl(), true); String originActive = randomString(); addIdentityProvider(jdbcTemplate, currentIdentityZoneId, originActive, true); @@ -374,7 +374,7 @@ void retrieveByScimFilterUsingLower() { NamedParameterJdbcTemplate mockedJdbcTemplate = mock(NamedParameterJdbcTemplate.class); SimpleSearchQueryConverter joinConverter = new SimpleSearchQueryConverter(); joinConverter.setAttributeNameMapper(new JoinAttributeNameMapper("u")); - jdbcScimUserProvisioning = new JdbcScimUserProvisioning(mockedJdbcTemplate, pagingListFactory, passwordEncoder, idzManager, jdbcIdentityZoneProvisioning, joinConverter, new TimeServiceImpl(), true); + jdbcScimUserProvisioning = new JdbcScimUserProvisioning(mockedJdbcTemplate, pagingListFactory, passwordEncoder, idzManager, jdbcIdentityZoneProvisioning, new SimpleSearchQueryConverter(), joinConverter, new TimeServiceImpl(), true); String scimFilter = "id eq '1111' or username eq 'j4hyqpassX' or origin eq 'uaa'"; jdbcScimUserProvisioning.setPageSize(0); @@ -776,7 +776,7 @@ void cannotCreateScimUserWithEmptyEmail() { void canReadScimUserWithMissingEmail() { // Create a user with no email address, reflecting previous behavior - JdbcScimUserProvisioning noValidateProvisioning = new JdbcScimUserProvisioning(namedJdbcTemplate, pagingListFactory, passwordEncoder, new IdentityZoneManagerImpl(), new JdbcIdentityZoneProvisioning(jdbcTemplate), new SimpleSearchQueryConverter(), new TimeServiceImpl(), true) { + JdbcScimUserProvisioning noValidateProvisioning = new JdbcScimUserProvisioning(namedJdbcTemplate, pagingListFactory, passwordEncoder, new IdentityZoneManagerImpl(), new JdbcIdentityZoneProvisioning(jdbcTemplate), new SimpleSearchQueryConverter(), new SimpleSearchQueryConverter(), new TimeServiceImpl(), true) { @Override public ScimUser retrieve(String id, String zoneId) { ScimUser createdUserId = new ScimUser(); From f4221a34c54e1e93d7926072f9083cfe40cfadc0 Mon Sep 17 00:00:00 2001 From: Adrian Hoelzl Date: Wed, 4 Sep 2024 13:09:07 +0200 Subject: [PATCH 6/8] Refactor --- .../identity/uaa/scim/jdbc/JdbcScimUserProvisioning.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/server/src/main/java/org/cloudfoundry/identity/uaa/scim/jdbc/JdbcScimUserProvisioning.java b/server/src/main/java/org/cloudfoundry/identity/uaa/scim/jdbc/JdbcScimUserProvisioning.java index 11e9b9a2ce8..d3bf931cba5 100644 --- a/server/src/main/java/org/cloudfoundry/identity/uaa/scim/jdbc/JdbcScimUserProvisioning.java +++ b/server/src/main/java/org/cloudfoundry/identity/uaa/scim/jdbc/JdbcScimUserProvisioning.java @@ -153,13 +153,13 @@ public JdbcScimUserProvisioning( super(namedJdbcTemplate, pagingListFactory, mapper); Assert.notNull(namedJdbcTemplate, "JdbcTemplate required"); this.jdbcTemplate = namedJdbcTemplate.getJdbcTemplate(); + setQueryConverter(queryConverter); this.passwordEncoder = passwordEncoder; this.jdbcIdentityZoneProvisioning = jdbcIdentityZoneProvisioning; this.identityZoneManager = identityZoneManager; this.joinConverter = joinConverter; this.timeService = timeService; this.deactivateOnDelete = deactivateOnDelete; - setQueryConverter(queryConverter); } @Override From fa614f8a4f33281ac7f602a00218abb91c62f04b Mon Sep 17 00:00:00 2001 From: Adrian Hoelzl Date: Wed, 4 Sep 2024 13:18:54 +0200 Subject: [PATCH 7/8] Refactor injection of 'deactivateOnDelete' --- .../scim/jdbc/JdbcScimUserProvisioning.java | 8 +- .../jdbc/JdbcScimUserProvisioningTests.java | 122 +++++++++++------- 2 files changed, 77 insertions(+), 53 deletions(-) diff --git a/server/src/main/java/org/cloudfoundry/identity/uaa/scim/jdbc/JdbcScimUserProvisioning.java b/server/src/main/java/org/cloudfoundry/identity/uaa/scim/jdbc/JdbcScimUserProvisioning.java index d3bf931cba5..df9bc10c26e 100644 --- a/server/src/main/java/org/cloudfoundry/identity/uaa/scim/jdbc/JdbcScimUserProvisioning.java +++ b/server/src/main/java/org/cloudfoundry/identity/uaa/scim/jdbc/JdbcScimUserProvisioning.java @@ -29,7 +29,6 @@ import java.util.Map; import java.util.UUID; -import com.google.common.annotations.VisibleForTesting; import org.cloudfoundry.identity.uaa.audit.event.SystemDeletable; import org.cloudfoundry.identity.uaa.constants.OriginKeys; import org.cloudfoundry.identity.uaa.resources.ResourceMonitor; @@ -129,7 +128,7 @@ public Logger getLogger() { private final PasswordEncoder passwordEncoder; - private boolean deactivateOnDelete; + private final boolean deactivateOnDelete; private static final RowMapper mapper = new ScimUserRowMapper(); @@ -504,11 +503,6 @@ protected int deleteUser(String userId, int version, String zoneId) { return updated; } - @VisibleForTesting - public void setDeactivateOnDelete(boolean deactivateOnDelete) { - this.deactivateOnDelete = deactivateOnDelete; - } - @Override public int deleteByIdentityZone(String zoneId) { jdbcTemplate.update(HARD_DELETE_OF_GROUP_MEMBERS_BY_ZONE, zoneId); diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/scim/jdbc/JdbcScimUserProvisioningTests.java b/server/src/test/java/org/cloudfoundry/identity/uaa/scim/jdbc/JdbcScimUserProvisioningTests.java index 6eba9ccab7b..4a16abdd62b 100644 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/scim/jdbc/JdbcScimUserProvisioningTests.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/scim/jdbc/JdbcScimUserProvisioningTests.java @@ -110,6 +110,9 @@ class JdbcScimUserProvisioningTests { private String joeEmail; private final String JOE_NAME = "joe"; + private SimpleSearchQueryConverter joinConverter; + private SimpleSearchQueryConverter filterConverter; + @BeforeEach void setUp(@Autowired LimitSqlAdapter limitSqlAdapter) { generator = new RandomValueStringGenerator(); @@ -124,17 +127,27 @@ void setUp(@Autowired LimitSqlAdapter limitSqlAdapter) { idzManager = new IdentityZoneManagerImpl(); idzManager.setCurrentIdentityZone(idz); - SimpleSearchQueryConverter joinConverter = new SimpleSearchQueryConverter(); + joinConverter = new SimpleSearchQueryConverter(); joinConverter.setAttributeNameMapper(new JoinAttributeNameMapper("u")); - jdbcScimUserProvisioning = new JdbcScimUserProvisioning(namedJdbcTemplate, pagingListFactory, passwordEncoder, idzManager, jdbcIdentityZoneProvisioning, new SimpleSearchQueryConverter(), joinConverter, new TimeServiceImpl(), true); - SimpleSearchQueryConverter filterConverter = new SimpleSearchQueryConverter(); + filterConverter = new SimpleSearchQueryConverter(); Map replaceWith = new HashMap<>(); replaceWith.put("emails\\.value", "email"); replaceWith.put("groups\\.display", "authorities"); replaceWith.put("phoneNumbers\\.value", "phoneNumber"); filterConverter.setAttributeNameMapper(new SimpleAttributeNameMapper(replaceWith)); - jdbcScimUserProvisioning.setQueryConverter(filterConverter); + + jdbcScimUserProvisioning = new JdbcScimUserProvisioning( + namedJdbcTemplate, + pagingListFactory, + passwordEncoder, + idzManager, + jdbcIdentityZoneProvisioning, + filterConverter, + joinConverter, + new TimeServiceImpl(), + true + ); addUser(jdbcTemplate, joeId, JOE_NAME, passwordEncoder.encode("joespassword"), joeEmail, "Joe", "User", "+1-222-1234567", currentIdentityZoneId); @@ -990,38 +1003,68 @@ void deactivateWithWrongVersionIsError() { () -> jdbcScimUserProvisioning.delete(joeId, 1, currentIdentityZoneId)); } - @Test - void canDeleteExistingUserThroughEvent() { - String tmpUserId = createUserForDelete(jdbcTemplate, currentIdentityZoneId); - ScimUser user = jdbcScimUserProvisioning.retrieve(tmpUserId, currentIdentityZoneId); - jdbcScimUserProvisioning.setDeactivateOnDelete(false); - jdbcScimUserProvisioning.onApplicationEvent(new EntityDeletedEvent(user, mock(Authentication.class), currentIdentityZoneId)); - assertEquals(0, jdbcTemplate.queryForList("select * from users where id=?", tmpUserId).size()); - assertEquals(0, jdbcScimUserProvisioning.query("username eq \"" + tmpUserId + "\"", currentIdentityZoneId).size()); - } + @Nested + class DeactivateOnDeleteDisabled { + @BeforeEach + void setUp() { + jdbcScimUserProvisioning = new JdbcScimUserProvisioning( + namedJdbcTemplate, + pagingListFactory, + passwordEncoder, + idzManager, + jdbcIdentityZoneProvisioning, + filterConverter, + joinConverter, + new TimeServiceImpl(), + false + ); + } - @Test - void canDeleteExistingUser() { - String tmpUserId = createUserForDelete(jdbcTemplate, currentIdentityZoneId); - jdbcScimUserProvisioning.setDeactivateOnDelete(false); - jdbcScimUserProvisioning.delete(tmpUserId, 0, currentIdentityZoneId); - assertEquals(0, jdbcTemplate.queryForList("select * from users where id=?", tmpUserId).size()); - assertEquals(0, jdbcScimUserProvisioning.query("username eq \"" + tmpUserId + "\"", currentIdentityZoneId).size()); - } + @Test + void canDeleteExistingUserThroughEvent() { + String tmpUserId = createUserForDelete(jdbcTemplate, currentIdentityZoneId); + ScimUser user = jdbcScimUserProvisioning.retrieve(tmpUserId, currentIdentityZoneId); + jdbcScimUserProvisioning.onApplicationEvent( + new EntityDeletedEvent(user, mock(Authentication.class), currentIdentityZoneId)); + assertEquals(0, jdbcTemplate.queryForList("select * from users where id=?", tmpUserId).size()); + assertEquals(0, + jdbcScimUserProvisioning.query("username eq \"" + tmpUserId + "\"", currentIdentityZoneId).size()); + } - @Test - void canDeleteExistingUserAndThenCreateHimAgain() { - String tmpUserId = createUserForDelete(jdbcTemplate, currentIdentityZoneId); - jdbcScimUserProvisioning.setDeactivateOnDelete(false); - ScimUser deletedUser = jdbcScimUserProvisioning.delete(tmpUserId, 0, currentIdentityZoneId); - assertEquals(0, jdbcTemplate.queryForList("select * from users where id=?", tmpUserId).size()); + @Test + void canDeleteExistingUser() { + String tmpUserId = createUserForDelete(jdbcTemplate, currentIdentityZoneId); + jdbcScimUserProvisioning.delete(tmpUserId, 0, currentIdentityZoneId); + assertEquals(0, jdbcTemplate.queryForList("select * from users where id=?", tmpUserId).size()); + assertEquals(0, + jdbcScimUserProvisioning.query("username eq \"" + tmpUserId + "\"", currentIdentityZoneId).size()); + } - deletedUser.setActive(true); - ScimUser user = jdbcScimUserProvisioning.createUser(deletedUser, "foobarspam1234", currentIdentityZoneId); - assertNotNull(user); - assertNotNull(user.getId()); - assertNotSame(tmpUserId, user.getId()); - assertEquals(1, jdbcScimUserProvisioning.query("username eq \"" + tmpUserId + "\"", currentIdentityZoneId).size()); + @Test + void canDeleteExistingUserAndThenCreateHimAgain() { + String tmpUserId = createUserForDelete(jdbcTemplate, currentIdentityZoneId); + ScimUser deletedUser = jdbcScimUserProvisioning.delete(tmpUserId, 0, currentIdentityZoneId); + assertEquals(0, jdbcTemplate.queryForList("select * from users where id=?", tmpUserId).size()); + + deletedUser.setActive(true); + ScimUser user = jdbcScimUserProvisioning.createUser(deletedUser, "foobarspam1234", currentIdentityZoneId); + assertNotNull(user); + assertNotNull(user.getId()); + assertNotSame(tmpUserId, user.getId()); + assertEquals(1, + jdbcScimUserProvisioning.query("username eq \"" + tmpUserId + "\"", currentIdentityZoneId).size()); + } + + @Test + void cannotDeleteNonexistentUser() { + assertThrows(ScimResourceNotFoundException.class, + () -> jdbcScimUserProvisioning.delete("9999", 0, currentIdentityZoneId)); + } + + @Test + void deleteWithWrongVersionIsError() { + assertThrows(OptimisticLockingFailureException.class, () -> jdbcScimUserProvisioning.delete(joeId, 1, currentIdentityZoneId)); + } } @Test @@ -1180,19 +1223,6 @@ void updatedIncorrectVersionUserVerified() { assertThrows(OptimisticLockingFailureException.class, () -> jdbcScimUserProvisioning.verifyUser(tmpUserIdString, user.getVersion() + 50, currentIdentityZoneId)); } - @Test - void cannotDeleteNonexistentUser() { - jdbcScimUserProvisioning.setDeactivateOnDelete(false); - assertThrows(ScimResourceNotFoundException.class, - () -> jdbcScimUserProvisioning.delete("9999", 0, currentIdentityZoneId)); - } - - @Test - void deleteWithWrongVersionIsError() { - jdbcScimUserProvisioning.setDeactivateOnDelete(false); - assertThrows(OptimisticLockingFailureException.class, () -> jdbcScimUserProvisioning.delete(joeId, 1, currentIdentityZoneId)); - } - @Test void canRetrieveUsers() { assertTrue(2 <= jdbcScimUserProvisioning.retrieveAll(currentIdentityZoneId).size()); From c7c8bdcaccb9986d5d1574ef8782e11b589315e6 Mon Sep 17 00:00:00 2001 From: Adrian Hoelzl Date: Mon, 9 Sep 2024 09:15:34 +0200 Subject: [PATCH 8/8] Remove 'username_pattern' from UaaConfiguration --- .../cloudfoundry/identity/uaa/impl/config/UaaConfiguration.java | 1 - uaa/src/test/resources/test/config/uaa.yml | 1 - 2 files changed, 2 deletions(-) diff --git a/server/src/main/java/org/cloudfoundry/identity/uaa/impl/config/UaaConfiguration.java b/server/src/main/java/org/cloudfoundry/identity/uaa/impl/config/UaaConfiguration.java index 299ce433675..d9dab93fd72 100644 --- a/server/src/main/java/org/cloudfoundry/identity/uaa/impl/config/UaaConfiguration.java +++ b/server/src/main/java/org/cloudfoundry/identity/uaa/impl/config/UaaConfiguration.java @@ -230,7 +230,6 @@ public static class Scim { public boolean userids_enabled; public boolean userOverride; public List users; - public String username_pattern; public Object groups; } diff --git a/uaa/src/test/resources/test/config/uaa.yml b/uaa/src/test/resources/test/config/uaa.yml index 53972dbb8f8..a2b69cc78bf 100644 --- a/uaa/src/test/resources/test/config/uaa.yml +++ b/uaa/src/test/resources/test/config/uaa.yml @@ -20,7 +20,6 @@ oauth: - my - support scim: - username_pattern: '[a-z0-9+\-_.@]+' users: - paul|wombat|paul@test.org|Paul|Smith|uaa.admin - stefan|wallaby|stefan@test.org|Stefan|Schmidt