Merge branch 'RED-7297-2' into 'main'

RED-7297: added password policy and its validation See merge request fforesight/tenant-user-management-service!10
2023-08-25 08:04:11 +02:00 · 2023-08-25 08:04:11 +02:00 · f377d1a3ab
commit f377d1a3ab
parent 550c05e93b d7f0899c3b
3 changed files with 39 additions and 7 deletions
--- a/config/pmd/test_pmd.xml
+++ b/config/pmd/test_pmd.xml
@ -9,8 +9,9 @@
    <rule ref="category/java/errorprone.xml">
        <exclude name="DataflowAnomalyAnalysis"/>
        <exclude name="MissingSerialVersionUID"/>
-        <exclude name="BeanMembersShouldSerialize"/>
+        <exclude name="NonSerializableClass"/>
        <exclude name="AvoidDuplicateLiterals"/>
        <exclude name="AvoidLiteralsInIfCondition"/>
+        <exclude name="TestClassWithoutTestCases"/>
    </rule>
 </ruleset>
--- a/src/main/java/com/knecon/fforesight/tenantusermanagement/service/TenantManagementService.java
+++ b/src/main/java/com/knecon/fforesight/tenantusermanagement/service/TenantManagementService.java
@ -10,7 +10,6 @@ import java.util.List;
 import java.util.Map;
 import java.util.Set;
 import java.util.UUID;
-import java.util.stream.Collectors;

 import javax.sql.DataSource;

@ -83,7 +82,7 @@ public class TenantManagementService implements TenantProvider {
    @SneakyThrows
    public TenantResponse createTenant(TenantRequest tenantRequest) {

-        log.info("Tenants are: {}", tenantRepository.findAll().stream().map(TenantEntity::getTenantId).collect(Collectors.toList()));
+        log.info("Tenants are: {}", tenantRepository.findAll().stream().map(TenantEntity::getTenantId).toList());
        log.info("Requested to create tenant for: {}", tenantRequest.getTenantId());

        try {
@ -193,6 +192,8 @@ public class TenantManagementService implements TenantProvider {
            throw new ResponseStatusException(HttpStatus.INTERNAL_SERVER_ERROR, "Failed to create KC realm");
        }

+        setPasswordPolicyForRealm(tenantRequest.getTenantId());
+
        generalConfigurationService.initGeneralConfiguration(tenantRequest.getTenantId());
        keyCloakRoleManagerService.updateRoles(tenantRequest.getTenantId());
    }
@ -295,12 +296,20 @@ public class TenantManagementService implements TenantProvider {
        rolesRepresentation.setRealm(roles);
        realm.setRoles(rolesRepresentation);

-        realm.setUsers(users.stream().map(this::toUserRepresentation).collect(Collectors.toList()));
+        realm.setUsers(users.stream().map(this::toUserRepresentation).toList());

        keycloak.getAdminClient().realms().create(realm);
    }


+    private void setPasswordPolicyForRealm(String tenantId) {
+
+        var realm = realmService.realm(tenantId).toRepresentation();
+        realm.setPasswordPolicy("digits(1) and length(12) and lowerCase(1) and notEmail and notUsername and specialChars(1) and upperCase(1)");
+        realmService.realm(tenantId).update(realm);
+    }
+
+
    private boolean tryToAccessRealm(String tenantId) {

        try {
@ -314,7 +323,7 @@ public class TenantManagementService implements TenantProvider {
    private UserRepresentation toUserRepresentation(TenantUser redUser) {

        var credentialRepresentation = new CredentialRepresentation();
-        credentialRepresentation.setType("password");
+        credentialRepresentation.setType(CredentialRepresentation.PASSWORD);
        credentialRepresentation.setValue(redUser.getPassword());

        var user = new UserRepresentation();
@ -442,9 +451,10 @@ public class TenantManagementService implements TenantProvider {

    public List<TenantResponse> getTenants() {

-        return tenantRepository.findAll().stream().map(this::convert).collect(Collectors.toList());
+        return tenantRepository.findAll().stream().map(this::convert).toList();
    }

+
    public TenantResponse removePasswords(TenantResponse tenantResponse) {

        if (tenantResponse.getDatabaseConnection() != null) {
@ -459,7 +469,7 @@ public class TenantManagementService implements TenantProvider {
            tenantResponse.getAzureStorageConnection().setConnectionString(PASSWORD);
        }

-        if (tenantResponse.getS3StorageConnection() != null){
+        if (tenantResponse.getS3StorageConnection() != null) {
            tenantResponse.getS3StorageConnection().setSecret(PASSWORD);
        }

--- a/src/test/java/com/knecon/fforesight/tests/TenantsTest.java
+++ b/src/test/java/com/knecon/fforesight/tests/TenantsTest.java
@ -18,6 +18,7 @@ import com.knecon.fforesight.tenantcommons.model.DatabaseConnection;
 import com.knecon.fforesight.tenantcommons.model.S3StorageConnection;
 import com.knecon.fforesight.tenantcommons.model.SearchConnection;
 import com.knecon.fforesight.tenantusermanagement.model.TenantRequest;
+import com.knecon.fforesight.tenantusermanagement.service.RealmService;
 import com.knecon.fforesight.utils.TestTenantService;

 import feign.FeignException;
@ -33,6 +34,10 @@ public class TenantsTest extends AbstractTenantUserManagementIntegrationTest {
    @Autowired
    private EncryptionDecryptionService encryptionService;

+    @Autowired
+    private RealmService realmService;
+
+
    private static final String PASSWORD = "**********";


@ -52,6 +57,7 @@ public class TenantsTest extends AbstractTenantUserManagementIntegrationTest {
        assertThat(tenantsClient.getTenants().stream().anyMatch(t -> t.getTenantId().equals("new_tenant"))).isTrue();

        TenantContext.clear();
+
    }

    @Test
@ -221,4 +227,19 @@ public class TenantsTest extends AbstractTenantUserManagementIntegrationTest {
        TenantContext.clear();
    }

+
+    @Test
+    public void testPasswordPolicy() {
+        testTenantService.createTestTenantIfNotExists("new_tenant", minioPort);
+
+        TenantContext.setTenantId("new_tenant");
+
+        assertThat(tenantsClient.getTenant("new_tenant")).isNotNull();
+
+        var passwordPolicy = realmService.realm("new_tenant").toRepresentation().getPasswordPolicy();
+
+        assertThat(passwordPolicy).isNotEmpty();
+
+        TenantContext.clear();
+    }
 }