lionsdev/lions-user-manager-server-impl-quarkus
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: lionsdev:e0f5bba399e8ef8d235ae474bf94f982ea474101
Branches Tags
lionsdev:main
...
compare: lionsdev:main
Branches Tags
lionsdev:main

28 Commits
e0f5bba399 ... main

Author SHA1 Message Date
lionsdev
accda45926 docs: Quarkus 3.17.8→3.27.3 LTS, Java 17→21, lionsctl -j 21, Dockerfile racine, pré-requis infra (db-secret, JDBC override, delete deploy Helm)
Some checks failed
CI/CD Pipeline / pipeline (push) Failing after 2m13s
Details
2026-04-24 18:02:56 +00:00
lionsdev
9427dfd941 fix(docker): use java -jar entrypoint + UID 1001 to match lionsctl pod securityContext (runAsUser=1001)
Some checks failed
CI/CD Pipeline / pipeline (push) Failing after 2m26s
Details
2026-04-24 12:08:40 +00:00
lionsdev
e93e48e1ca chore(docker): add root Dockerfile pinning ubi8/openjdk-21:1.21 (lionsctl generated tag 1.15 introuvable)
Some checks failed
CI/CD Pipeline / pipeline (push) Failing after 1m35s
Details
2026-04-23 23:24:01 +00:00
lionsdev
9b00855d6e chore(quarkus-327): pin all plugin versions (compiler, surefire, failsafe, jacoco) + fix lombok.version ref in compiler annotationProcessorPaths
Some checks failed
CI/CD Pipeline / pipeline (push) Failing after 1m30s
Details
2026-04-23 16:02:09 +00:00
lionsdev
23c8d9bd93 chore(quarkus-327): pin quarkus-maven-plugin version (was resolving to 3.35.0.CR1 pre-release)
Some checks failed
CI/CD Pipeline / pipeline (push) Failing after 1m37s
Details
2026-04-23 15:58:00 +00:00
lionsdev
41d87451c9 chore(quarkus-327): bump to Quarkus 3.27.3 LTS, make pom autonomous, fix UserServiceImpl tests (search → searchByUsername), rename deprecated config keys
Some checks failed
CI/CD Pipeline / pipeline (push) Failing after 1m57s
Details
2026-04-23 15:00:32 +00:00
lionsdev
16240fedc1 ci: use lionsctl-ci image; drop actions/checkout dependency
Some checks failed
CI/CD Pipeline / pipeline (push) Failing after 2m26s
Details
2026-04-22 21:39:16 +00:00
lionsdev
d7f5b4a5f5 ci: enable lionsctl pipeline via lionsctl-ci image
Some checks failed
CI/CD Pipeline / pipeline (push) Failing after 3s
Details
2026-04-22 19:42:52 +00:00
dahoud
04a2567b36 ci: ajouter workflow Gitea Actions (lionsctl pipeline auto-deploy sur push main)
Some checks failed
CI/CD Lions Pipeline / Build + Push + Deploy (push) Failing after 59s
Details
2026-04-22 16:01:07 +00:00
dahoud
86d0dc51b7 fix(keycloak): gérer 409 User Conflict + bump Lombok + release 21 explicite 
- UserServiceImpl.createUser : capture HTTP 409 et récupère l'utilisateur
  existant (searchByEmail/searchByUsername) au lieu de throw brutal
- usernameExists : utilise searchByUsername(exact=true) au lieu de search(query)
  pour match exact sans ambiguïté
- pom.xml : <release>21</release> explicite sur maven-compiler-plugin
- Lombok 1.18.34 → 1.18.36

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-04-21 12:45:44 +00:00
dahoud
8ab1513bf5 feat(lum): KeycloakRealmSetupService + rôles RBAC UnionFlow + Jacoco 100% 
- Ajoute KeycloakRealmSetupService : auto-initialisation des rôles realm
  (admin, user_manager, user_viewer, role_manager...) et assignation du rôle
  user_manager au service account unionflow-server au démarrage (idempotent,
  retries, thread séparé pour ne pas bloquer le démarrage)
  → Corrige le 403 sur resetPassword / changement de mot de passe premier login

- UserResource : étend les @RolesAllowed avec ADMIN/SUPER_ADMIN/USER pour
  permettre aux appels inter-services unionflow-server d'accéder aux endpoints
  sans être bloqués par le RBAC LUM ; corrige sendVerificationEmail (retourne Response)

- application-dev.properties : service-accounts.user-manager-clients=unionflow-server
- application-prod.properties : client-id, credentials.secret, token.audience, auto-setup
- application-test.properties : H2 in-memory (plus besoin de Docker pour les tests)
- pom.xml : H2 scope test, Jacoco 100% enforcement (exclusions MapStruct/repos/setup),
  annotation processors MapStruct+Lombok explicites
- .gitignore + .env ajouté (.env exclu du commit)
- script/docker/.env.example : variables KEYCLOAK_ADMIN_USERNAME/PASSWORD documentées
 2026-04-12 15:04:23 +00:00
dahoud
2ed890803c fix(keycloak): updateUser propage requiredActions + createUser re-applique UPDATE_PASSWORD 
- UserServiceImpl.updateUser: ajout de la propagation des requiredActions vers Keycloak
  (champ ignoré jusqu'ici — cause racine de l'échec de la remédiation des anciens comptes)
- UserServiceImpl.createUser: re-application des requiredActions après setPassword(temporary=false)
  car resetPassword avec temporary=false retire UPDATE_PASSWORD des required actions dans Keycloak
- RoleResource: ajout du rôle user_manager dans @RolesAllowed sur assignRealmRoles et revokeRealmRoles
 2026-04-05 11:12:13 +00:00
dahoud
e1245bee38 fix(tests): corriger 48 tests en echec (mocks, assertions, stubs) 
- KeycloakAdminClientImpl[Complete]Test: isConnected utilise tokenManager() et non serverInfo()
- AuditResourceTest: injecter defaultRealm="master" dans @BeforeEach, fix purgeOldLogs (retourne long)
- AuditServiceImplAdditionalTest/CompleteTest: ajouter @InjectMocks + @Mock (NPE auditLogRepository=null)
- RoleServiceImpl: lancer IllegalArgumentException si message contient "not found" ou "404"
- SyncServiceImplTest: syncAllRealms/isKeycloakAvailable utilisent getAllRealms(), corriger assertions sante
- UserServiceImplTest: corriger assertion header CSV (prenom/nom au lieu de firstName/lastName)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-03-28 17:55:44 +00:00
dahoud
633dcc3f86 fix: Enable proxy forwarding for ingress nginx headers 
- Add quarkus.http.proxy.* properties to read X-Forwarded-* headers
- Fixes redirect issue where Swagger UI redirects to /q/swagger-ui/ instead of /lions-user-manager/q/swagger-ui/
- Allows Quarkus to reconstruct original URL from ingress headers
 2026-02-27 05:40:02 +00:00
dahoud
bb5a2ec8c7 fix: Use absolute URL for Swagger UI OpenAPI spec 2026-02-27 05:22:39 +00:00
dahoud
3b2aa29683 fix: Remove root-path, configure Swagger UI URL correctly 2026-02-27 05:18:56 +00:00
dahoud
7ca54276be fix: Add root-path for Swagger UI compatibility 2026-02-27 05:00:06 +00:00
dahoud
6998e18860 fix: Correct Dockerfile ENTRYPOINT for Quarkus fast-jar 2026-02-27 04:34:42 +00:00
dahoud
4ee373ac81 Merge: resolved conflict in application-prod.properties 2026-02-27 04:33:53 +00:00
Lions Infrastructure
ebb6b0355e fix: Update Dockerfile to use USER 1001 for K8s compatibility 2026-02-27 05:26:23 +01:00
Lions Infrastructure
9bbcf5ec34 feat: Enable Swagger UI in production 2026-02-26 02:15:20 +01:00
root
71ebcd44b3 refactoring 2026-02-18 19:07:41 +01:00
dahoud
c0ef8b5ca5 refactoring 2026-02-18 18:02:53 +00:00
dahoud
2f8e5803b8 refactoring 2026-02-18 17:36:05 +00:00
dahoud
f501e56856 refactoring 2026-02-18 17:20:51 +00:00
dahoud
21f3703fbc refactoring 2026-02-18 16:15:48 +00:00
dahoud
4ef40258a2 refactoring 2026-02-18 15:49:03 +00:00
lionsdev
5f9630cc66 refactoring 2026-02-18 14:55:46 +00:00
103 changed files with 17166 additions and 11110 deletions
Expand all files Collapse all files

76
.gitea/workflows/ci.yml Normal file
View File

@@ -0,0 +1,76 @@
# ============================================================================
# Template — .gitea/workflows/ci.yml
# Drop this file into each app repo (adjust LIONS_JAVA_VERSION +
# LIONS_APP_NAME + optional --deploy-repo-url). It runs inside the
# registry.lions.dev/lionsdev/lionsctl-ci:latest image, so lionsctl,
# kubectl, helm, docker CLI, JDK 17+21 and Maven are all pre-installed.
#
# Required Gitea repo secrets:
# LIONS_REGISTRY_USERNAME (typically "lionsregistry")
# LIONS_REGISTRY_PASSWORD
# LIONS_GIT_USERNAME (typically "lionsdev")
# LIONS_GIT_ACCESS_TOKEN (Gitea PAT with write:repository, write:package)
# LIONS_GIT_PASSWORD (Gitea password for same user — Helm mode)
# SMTP_HOST SMTP_PORT SMTP_USERNAME SMTP_PASSWORD SMTP_FROM
# ============================================================================
name: CI/CD Pipeline
on:
push:
branches: [ main ]
workflow_dispatch: {}
env:
# Adjust per repo:
# - unionflow-server-impl-quarkus -> 21
# - all others -> 17
LIONS_JAVA_VERSION: "17"
LIONS_CLUSTER: "k1"
jobs:
pipeline:
runs-on: ubuntu-latest
container:
image: registry.lions.dev/lionsdev/lionsctl-ci:latest
credentials:
username: ${{ secrets.LIONS_REGISTRY_USERNAME }}
password: ${{ secrets.LIONS_REGISTRY_PASSWORD }}
# Mount the host docker socket so `docker build/push` inside the
# container hits the runner's daemon (DinD-free).
volumes:
- /var/run/docker.sock:/var/run/docker.sock
steps:
- name: Show tooling
run: |
lionsctl --version || true
docker --version
kubectl version --client=true
helm version --short
mvn --version | head -n2
- name: Pipeline deploy
env:
LIONS_REGISTRY_USERNAME: ${{ secrets.LIONS_REGISTRY_USERNAME }}
LIONS_REGISTRY_PASSWORD: ${{ secrets.LIONS_REGISTRY_PASSWORD }}
LIONS_GIT_USERNAME: ${{ secrets.LIONS_GIT_USERNAME }}
LIONS_GIT_ACCESS_TOKEN: ${{ secrets.LIONS_GIT_ACCESS_TOKEN }}
LIONS_GIT_PASSWORD: ${{ secrets.LIONS_GIT_PASSWORD }}
SMTP_HOST: ${{ secrets.SMTP_HOST }}
SMTP_PORT: ${{ secrets.SMTP_PORT }}
SMTP_USERNAME: ${{ secrets.SMTP_USERNAME }}
SMTP_PASSWORD: ${{ secrets.SMTP_PASSWORD }}
SMTP_FROM: ${{ secrets.SMTP_FROM }}
# No actions/checkout — lionsctl clones internally using git_access_token.
run: |
# For btpxpress-backend add: --deploy-repo-url https://git.lions.dev/lionsdev/btpxpress-server-k1
# For btpxpress-frontend add: --deploy-repo-url https://git.lions.dev/lionsdev/btpxpress-client-k1
lionsctl pipeline \
-u ${{ gitea.server_url }}/${{ gitea.repository }} \
-b ${{ gitea.ref_name }} \
-j ${{ env.LIONS_JAVA_VERSION }} \
-e production \
-c ${{ env.LIONS_CLUSTER }} \
-p prod \
--deploy-repo-url https://git.lions.dev/lionsdev/lions-user-manager-server-impl-quarkus-k1 \
-m admin@lions.dev

94
.gitignore vendored Normal file
View File

@@ -0,0 +1,94 @@
# ============================================
# Quarkus Backend .gitignore
# ============================================
# Maven
target/
pom.xml.tag
pom.xml.releaseBackup
pom.xml.versionsBackup
pom.xml.next
release.properties
dependency-reduced-pom.xml
buildNumber.properties
.mvn/timing.properties
.mvn/wrapper/maven-wrapper.jar
# Quarkus
.quarkus/
quarkus.log
# IDE
.idea/
*.iml
*.ipr
*.iws
.vscode/
.classpath
.project
.settings/
.factorypath
.apt_generated/
.apt_generated_tests/
# Eclipse
.metadata
bin/
tmp/
*.tmp
*.bak
*.swp
*~.nib
local.properties
.loadpath
.recommenders
# IntelliJ
out/
.idea_modules/
# Logs
*.log
*.log.*
logs/
# OS
.DS_Store
Thumbs.db
*.pid
# Java
*.class
*.jar
!.mvn/wrapper/maven-wrapper.jar
*.war
*.ear
hs_err_pid*
# Application secrets
*.jks
*.p12
*.pem
*.key
*-secret.properties
application-local.properties
application-dev-override.properties
.env
# Docker
.dockerignore
docker-compose.override.yml
# Database
*.db
*.sqlite
*.h2.db
# Test
test-output/
.gradle/
build/
# Temporary
.tmp/
temp/

22
Dockerfile Normal file
View File

@@ -0,0 +1,22 @@
# Dockerfile for lions-user-manager-server-impl-quarkus
# Used by lionsctl pipeline. Expects `mvn clean package -Pprod` to have produced target/quarkus-app/ (fast-jar).
FROM registry.access.redhat.com/ubi8/openjdk-21:1.21
ENV LANGUAGE='en_US:en'
COPY --chown=1001:1001 target/quarkus-app/lib/ /deployments/lib/
COPY --chown=1001:1001 target/quarkus-app/*.jar /deployments/
COPY --chown=1001:1001 target/quarkus-app/app/ /deployments/app/
COPY --chown=1001:1001 target/quarkus-app/quarkus/ /deployments/quarkus/
USER 1001
EXPOSE 8080
ENV JAVA_OPTS="-Dquarkus.http.host=0.0.0.0 -Djava.util.logging.manager=org.jboss.logmanager.LogManager"
ENV JAVA_APP_JAR="/deployments/quarkus-run.jar"
HEALTHCHECK --interval=30s --timeout=3s --start-period=30s --retries=3 \
CMD curl -f http://localhost:8080/q/health/live || exit 1
ENTRYPOINT [ "java", "-jar", "/deployments/quarkus-run.jar" ]

177
Dockerfile.prod
View File

@@ -1,86 +1,91 @@
#### ####
# Dockerfile de production pour Lions User Manager Server (Backend) # Dockerfile de production pour Lions User Manager Server (Backend)
# Multi-stage build optimisé avec sécurité renforcée # Multi-stage build optimisé avec sécurité renforcée
# Basé sur la structure de btpxpress-server # Basé sur la structure de btpxpress-server
#### ####
## Stage 1 : Build avec Maven ## Stage 1 : Build avec Maven
FROM maven:3.9.6-eclipse-temurin-17 AS builder FROM maven:3.9.6-eclipse-temurin-17 AS builder
WORKDIR /app WORKDIR /app
# Copier pom.xml et télécharger les dépendances (cache Docker) # Copier pom.xml et télécharger les dépendances (cache Docker)
COPY pom.xml . COPY pom.xml .
RUN mvn dependency:go-offline -B RUN mvn dependency:go-offline -B
# Copier le code source # Copier le code source
COPY src ./src COPY src ./src
# Construire l'application avec profil production # Construire l'application avec profil production
RUN mvn clean package -DskipTests -B -Dquarkus.profile=prod RUN mvn clean package -DskipTests -B -Dquarkus.profile=prod -Dquarkus.http.root-path=/lions-user-manager
## Stage 2 : Image de production optimisée ## Stage 2 : Image de production optimisée
FROM registry.access.redhat.com/ubi8/openjdk-17:1.18 FROM registry.access.redhat.com/ubi8/openjdk-17:1.18
ENV LANGUAGE='en_US:en' ENV LANGUAGE='en_US:en'
# Configuration des variables d'environnement pour production # Configuration des variables d'environnement pour production
ENV QUARKUS_PROFILE=prod ENV QUARKUS_PROFILE=prod
ENV DB_URL=jdbc:postgresql://postgresql:5432/lions_audit ENV DB_HOST=postgresql-service.postgresql.svc.cluster.local
ENV DB_USERNAME=lions_audit_user ENV DB_PORT=5432
ENV DB_PASSWORD=changeme ENV DB_NAME=lions_user_manager
ENV SERVER_PORT=8080 ENV DB_USERNAME=lionsuser
ENV DB_PASSWORD=LionsUser2025!
# Configuration Keycloak/OIDC (production) ENV SERVER_PORT=8080
ENV QUARKUS_OIDC_AUTH_SERVER_URL=https://security.lions.dev/realms/master
ENV QUARKUS_OIDC_CLIENT_ID=lions-user-manager # Configuration Keycloak/OIDC (production)
ENV KEYCLOAK_CLIENT_SECRET=changeme ENV QUARKUS_OIDC_AUTH_SERVER_URL=https://security.lions.dev/realms/lions-user-manager
ENV QUARKUS_OIDC_TLS_VERIFICATION=required ENV QUARKUS_OIDC_CLIENT_ID=lions-user-manager
ENV KEYCLOAK_CLIENT_SECRET=oGCivOdgbNHroNsHS1MRBZJXX8VpRGk3
# Configuration Keycloak Admin Client ENV QUARKUS_OIDC_TLS_VERIFICATION=required
ENV LIONS_KEYCLOAK_SERVER_URL=https://security.lions.dev
ENV LIONS_KEYCLOAK_ADMIN_REALM=master # Configuration Keycloak Admin Client
ENV LIONS_KEYCLOAK_ADMIN_CLIENT_ID=admin-cli ENV LIONS_KEYCLOAK_SERVER_URL=https://security.lions.dev
ENV LIONS_KEYCLOAK_ADMIN_USERNAME=admin ENV KEYCLOAK_SERVER_URL=https://security.lions.dev
ENV LIONS_KEYCLOAK_ADMIN_PASSWORD=changeme ENV LIONS_KEYCLOAK_ADMIN_REALM=master
ENV LIONS_KEYCLOAK_ADMIN_CLIENT_ID=admin-cli
# Configuration CORS pour production ENV LIONS_KEYCLOAK_ADMIN_USERNAME=admin
ENV QUARKUS_HTTP_CORS_ORIGINS=https://user-manager.lions.dev,https://admin.lions.dev ENV KEYCLOAK_ADMIN_USERNAME=admin
ENV QUARKUS_HTTP_CORS_ALLOW_CREDENTIALS=true ENV LIONS_KEYCLOAK_ADMIN_PASSWORD=KeycloakAdmin2025!
ENV KEYCLOAK_ADMIN_PASSWORD=KeycloakAdmin2025!
# Installer curl pour les health checks
USER root # Configuration CORS pour production
RUN microdnf install curl -y && microdnf clean all ENV CORS_ORIGINS=https://users.lions.dev,https://btpxpress.lions.dev,https://admin.lions.dev
RUN mkdir -p /app/logs && chown -R 185:185 /app/logs ENV QUARKUS_HTTP_CORS_ALLOW_CREDENTIALS=true
USER 185
# Installer curl pour les health checks
# Copier l'application depuis le builder USER root
COPY --from=builder --chown=185 /app/target/quarkus-app/lib/ /deployments/lib/ RUN microdnf install curl -y && microdnf clean all
COPY --from=builder --chown=185 /app/target/quarkus-app/*.jar /deployments/ RUN mkdir -p /app/logs && chown -R 185:185 /app/logs
COPY --from=builder --chown=185 /app/target/quarkus-app/app/ /deployments/app/ USER 185
COPY --from=builder --chown=185 /app/target/quarkus-app/quarkus/ /deployments/quarkus/
# Copier l'application depuis le builder
# Exposer le port COPY --from=builder --chown=185 /app/target/quarkus-app/lib/ /deployments/lib/
EXPOSE 8080 COPY --from=builder --chown=185 /app/target/quarkus-app/*.jar /deployments/
COPY --from=builder --chown=185 /app/target/quarkus-app/app/ /deployments/app/
# Variables JVM optimisées pour production avec sécurité COPY --from=builder --chown=185 /app/target/quarkus-app/quarkus/ /deployments/quarkus/
ENV JAVA_OPTS="-Xmx1g -Xms512m \
-XX:+UseG1GC \ # Exposer le port
-XX:MaxGCPauseMillis=200 \ EXPOSE 8080
-XX:+UseStringDeduplication \
-XX:+ParallelRefProcEnabled \ # Variables JVM optimisées pour production avec sécurité
-XX:+HeapDumpOnOutOfMemoryError \ ENV JAVA_OPTS="-Xmx1g -Xms512m \
-XX:HeapDumpPath=/app/logs/heapdump.hprof \ -XX:+UseG1GC \
-Djava.security.egd=file:/dev/./urandom \ -XX:MaxGCPauseMillis=200 \
-Djava.awt.headless=true \ -XX:+UseStringDeduplication \
-Dfile.encoding=UTF-8 \ -XX:+ParallelRefProcEnabled \
-Djava.util.logging.manager=org.jboss.logmanager.LogManager \ -XX:+HeapDumpOnOutOfMemoryError \
-Dquarkus.profile=${QUARKUS_PROFILE}" -XX:HeapDumpPath=/app/logs/heapdump.hprof \
-Djava.security.egd=file:/dev/./urandom \
# Point d'entrée avec profil production -Djava.awt.headless=true \
ENTRYPOINT ["sh", "-c", "exec java $JAVA_OPTS -jar /deployments/quarkus-run.jar"] -Dfile.encoding=UTF-8 \
-Djava.util.logging.manager=org.jboss.logmanager.LogManager \
# Health check -Dquarkus.profile=${QUARKUS_PROFILE}"
HEALTHCHECK --interval=30s --timeout=10s --start-period=60s --retries=3 \
CMD curl -f http://localhost:8080/q/health/ready || exit 1 # Point d'entrée avec profil production
ENTRYPOINT ["sh", "-c", "exec java $JAVA_OPTS -jar /deployments/quarkus-run.jar"]
# Health check
HEALTHCHECK --interval=30s --timeout=10s --start-period=60s --retries=3 \
CMD curl -f http://localhost:8080/q/health/ready || exit 1

167
README.md Normal file
View File

@@ -0,0 +1,167 @@
# lions-user-manager-server-impl-quarkus
> Backend REST Quarkus — Gestion des utilisateurs, rôles et realms via Keycloak Admin API
## Dépôt Git
`https://git.lions.dev/lionsdev/lions-user-manager-server-impl-quarkus`
---
## Responsabilités
- Exposition d'une API REST sécurisée (OIDC)
- Gestion CRUD des utilisateurs et rôles Keycloak via Admin API
- Synchronisation des données entre Keycloak et PostgreSQL
- Audit complet des actions (traçabilité en base)
- Export / import CSV
- Health checks, métriques Prometheus, Swagger UI
---
## API REST
| Ressource | Path | Description |
|-----------|------|-------------|
| Utilisateurs | `GET/POST/PUT/DELETE /api/users` | CRUD utilisateurs |
| Export CSV | `GET /api/users/export/csv` | Export utilisateurs au format CSV |
| Import CSV | `POST /api/users/import/csv` | Import en masse |
| Rôles | `GET/POST/DELETE /api/roles` | Gestion des rôles par realm |
| Audit | `GET /api/audit` | Consultation des logs |
| Analytics | `GET /api/audit/analytics/*` | Statistiques d'activité |
| Sync | `POST /api/sync` | Déclencher une synchronisation |
| Sync status | `GET /api/sync/status` | Dernier statut de sync |
| Sync check | `GET /api/sync/consistency` | Vérification de cohérence |
| Realms | `GET /api/realms` | Liste des realms autorisés |
| Assignments | `GET/POST/DELETE /api/realm-assignments` | Assignation realm/utilisateur |
Documentation complète : `https://api.lions.dev/lions-user-manager/q/swagger-ui`
---
## Stack
| Composant | Technologie |
|-----------|-------------|
| Framework | Quarkus 3.27.3 LTS |
| API | Quarkus REST (RESTEasy Reactive) + Jackson |
| Auth | `quarkus-oidc` (Keycloak) |
| Admin | `quarkus-keycloak-admin-rest-client` |
| ORM | Hibernate ORM Panache |
| Base de données | PostgreSQL 15 |
| Migration | Flyway |
| Health | SmallRye Health |
| Métriques | Micrometer + Prometheus |
| Docs | SmallRye OpenAPI (Swagger UI) |
---
## Développement local
### Prérequis
- Java 21, Maven 3.9+
- Keycloak sur `localhost:8180`
- PostgreSQL sur `localhost:5432` (DB : `lions_user_manager`)
### Démarrage
```bash
mvn quarkus:dev
```
Swagger UI disponible sur : `http://localhost:8081/q/swagger-ui`
### Configuration dev
Fichier : `src/main/resources/application-dev.properties`
```properties
quarkus.http.port=8081
quarkus.datasource.jdbc.url=jdbc:postgresql://localhost:5432/lions_user_manager
quarkus.oidc.auth-server-url=http://localhost:8180/realms/lions-user-manager
```
---
## Configuration production
Fichier : `src/main/resources/application-prod.properties`
Toutes les valeurs sensibles sont passées via variables d'environnement :
| Variable | Description |
|----------|-------------|
| `DB_HOST` | Hôte PostgreSQL |
| `DB_PORT` | Port (défaut : 5432) |
| `DB_NAME` | Nom de la base (défaut : lions_user_manager) |
| `DB_USERNAME` | Utilisateur PostgreSQL |
| `DB_PASSWORD` | Mot de passe PostgreSQL |
| `KEYCLOAK_AUTH_SERVER_URL` | URL du realm Keycloak |
| `KEYCLOAK_SERVER_URL` | URL base Keycloak |
| `KEYCLOAK_ADMIN_USERNAME` | Admin Keycloak |
| `KEYCLOAK_ADMIN_PASSWORD` | Mot de passe admin Keycloak |
| `CORS_ORIGINS` | Origines CORS autorisées |
---
## Build
```bash
# Build standard (développement)
mvn clean package -DskipTests
# Build production
mvn clean package -P prod -DskipTests
```
---
## Déploiement (lionsctl)
```bash
lionsctl pipeline \
-u https://git.lions.dev/lionsdev/lions-user-manager-server-impl-quarkus \
-b main -j 21 -e production -c k1 -p prod
```
**Pipeline** : clone → `mvn package -P prod``docker build -f Dockerfile` (racine, fast-jar, `ubi8/openjdk-21:1.21`, UID 1001) → push `registry.lions.dev``kubectl apply` → health check
**URL prod** : `https://api.lions.dev/lions-user-manager` — health sur `/lions-user-manager/health` (root-path personnalisé).
**Pré-requis infrastructure** avant pipeline :
- Secret K8s `lions-user-manager-server-impl-quarkus-db-secret` (clés `QUARKUS_DATASOURCE_USERNAME` + `QUARKUS_DATASOURCE_PASSWORD`)
- DB PostgreSQL `lions_user_manager` (override `QUARKUS_DATASOURCE_JDBC_URL` sur le deployment puisque lionsctl nomme la DB comme l'app)
- Deployment Helm existant supprimé au préalable (selector immutable)
---
## Tests
```bash
# Unitaires
mvn test
# Intégration (Testcontainers)
mvn verify
```
---
## Structure
```
src/main/java/dev/lions/user/manager/server/impl/
├── entity/ # Entités JPA (AuditLogEntity, SyncHistoryEntity, ...)
├── mapper/ # MapStruct mappers
├── repository/ # Repositories Panache
├── resource/ # Resources JAX-RS (UserResource, RoleResource, ...)
└── service/
└── impl/ # Implémentations des services
```
---
## Licence
Propriétaire — Lions Dev © 2026

12
lombok.config
View File

@@ -1,6 +1,6 @@
# This file configures Lombok for the project # This file configures Lombok for the project
# See https://projectlombok.org/features/configuration # See https://projectlombok.org/features/configuration
# Add @Generated annotation to all generated code # Add @Generated annotation to all generated code
# This allows JaCoCo to automatically exclude Lombok-generated code from coverage # This allows JaCoCo to automatically exclude Lombok-generated code from coverage
lombok.addLombokGeneratedAnnotation = true lombok.addLombokGeneratedAnnotation = true

133
pom.xml
View File

@@ -4,11 +4,59 @@
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"> xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion> <modelVersion>4.0.0</modelVersion>
<parent> <groupId>dev.lions.user.manager</groupId>
<groupId>dev.lions.user.manager</groupId> <version>1.1.0</version>
<artifactId>lions-user-manager-parent</artifactId>
<version>1.0.0</version> <properties>
</parent> <java.version>21</java.version>
<maven.compiler.source>${java.version}</maven.compiler.source>
<maven.compiler.target>${java.version}</maven.compiler.target>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<quarkus.platform.version>3.27.3</quarkus.platform.version>
<lombok.version>1.18.38</lombok.version>
<jacoco.version>0.8.12</jacoco.version>
<mapstruct.version>1.6.3</mapstruct.version>
<!-- Overrides BOM : Docker Desktop 29.x compat (bundled TC 1.21.3 / docker-java 3.4.2 OK) -->
<testcontainers.version>1.21.4</testcontainers.version>
<docker-java.version>3.4.2</docker-java.version>
</properties>
<dependencyManagement>
<dependencies>
<dependency>
<groupId>io.quarkus.platform</groupId>
<artifactId>quarkus-bom</artifactId>
<version>${quarkus.platform.version}</version>
<type>pom</type>
<scope>import</scope>
</dependency>
<dependency>
<groupId>org.testcontainers</groupId>
<artifactId>testcontainers-bom</artifactId>
<version>${testcontainers.version}</version>
<type>pom</type>
<scope>import</scope>
</dependency>
<dependency>
<groupId>dev.lions.user.manager</groupId>
<artifactId>lions-user-manager-server-api</artifactId>
<version>${project.version}</version>
</dependency>
<!-- Lombok : pas dans Quarkus BOM -->
<dependency>
<groupId>org.projectlombok</groupId>
<artifactId>lombok</artifactId>
<version>${lombok.version}</version>
<scope>provided</scope>
</dependency>
<!-- MapStruct : pas dans Quarkus BOM -->
<dependency>
<groupId>org.mapstruct</groupId>
<artifactId>mapstruct</artifactId>
<version>${mapstruct.version}</version>
</dependency>
</dependencies>
</dependencyManagement>
<artifactId>lions-user-manager-server-impl-quarkus</artifactId> <artifactId>lions-user-manager-server-impl-quarkus</artifactId>
<packaging>jar</packaging> <packaging>jar</packaging>
@@ -16,6 +64,15 @@
<name>Lions User Manager - Server Implementation (Quarkus)</name> <name>Lions User Manager - Server Implementation (Quarkus)</name>
<description>Implémentation serveur: Resources REST, Services, Keycloak Admin Client</description> <description>Implémentation serveur: Resources REST, Services, Keycloak Admin Client</description>
<repositories>
<repository>
<id>gitea-lionsdev</id>
<url>https://git.lions.dev/api/packages/lionsdev/maven</url>
<releases><enabled>true</enabled></releases>
<snapshots><enabled>true</enabled></snapshots>
</repository>
</repositories>
<dependencies> <dependencies>
<!-- Module API --> <!-- Module API -->
<dependency> <dependency>
@@ -149,6 +206,13 @@
<artifactId>mockito-junit-jupiter</artifactId> <artifactId>mockito-junit-jupiter</artifactId>
<scope>test</scope> <scope>test</scope>
</dependency> </dependency>
<dependency>
<groupId>io.quarkus</groupId>
<artifactId>quarkus-jdbc-h2</artifactId>
<scope>test</scope>
</dependency>
</dependencies> </dependencies>
<build> <build>
@@ -156,6 +220,7 @@
<plugin> <plugin>
<groupId>io.quarkus.platform</groupId> <groupId>io.quarkus.platform</groupId>
<artifactId>quarkus-maven-plugin</artifactId> <artifactId>quarkus-maven-plugin</artifactId>
<version>${quarkus.platform.version}</version>
<executions> <executions>
<execution> <execution>
<goals> <goals>
@@ -170,16 +235,39 @@
<plugin> <plugin>
<groupId>org.apache.maven.plugins</groupId> <groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-compiler-plugin</artifactId> <artifactId>maven-compiler-plugin</artifactId>
<version>3.13.0</version>
<configuration>
<release>21</release>
<annotationProcessorPaths>
<path>
<groupId>org.mapstruct</groupId>
<artifactId>mapstruct-processor</artifactId>
<version>1.6.3</version>
</path>
<path>
<groupId>org.projectlombok</groupId>
<artifactId>lombok</artifactId>
<version>${lombok.version}</version>
</path>
<path>
<groupId>org.projectlombok</groupId>
<artifactId>lombok-mapstruct-binding</artifactId>
<version>0.2.0</version>
</path>
</annotationProcessorPaths>
</configuration>
</plugin> </plugin>
<plugin> <plugin>
<groupId>org.apache.maven.plugins</groupId> <groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-surefire-plugin</artifactId> <artifactId>maven-surefire-plugin</artifactId>
<version>3.5.2</version>
</plugin> </plugin>
<plugin> <plugin>
<groupId>org.apache.maven.plugins</groupId> <groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-failsafe-plugin</artifactId> <artifactId>maven-failsafe-plugin</artifactId>
<version>3.5.2</version>
<executions> <executions>
<execution> <execution>
<goals> <goals>
@@ -193,6 +281,41 @@
<plugin> <plugin>
<groupId>org.jacoco</groupId> <groupId>org.jacoco</groupId>
<artifactId>jacoco-maven-plugin</artifactId> <artifactId>jacoco-maven-plugin</artifactId>
<version>${jacoco.version}</version>
<executions>
<execution>
<id>jacoco-check</id>
<goals>
<goal>check</goal>
</goals>
<configuration>
<excludes>
<!-- Code généré par MapStruct (pas de la logique métier) -->
<exclude>**/*MapperImpl.class</exclude>
<!-- Repositories Panache : nécessitent une base de données réelle -->
<exclude>**/server/impl/repository/*.class</exclude>
<!-- Infrastructure de démarrage Keycloak : nécessite un serveur Keycloak réel -->
<exclude>dev/lions/user/manager/config/KeycloakRealmSetupService.class</exclude>
<exclude>dev/lions/user/manager/config/KeycloakRealmSetupService$*.class</exclude>
<!-- Configuration dev-only : activée uniquement par @IfBuildProfile("dev") -->
<exclude>dev/lions/user/manager/config/KeycloakTestUserConfig.class</exclude>
<exclude>dev/lions/user/manager/config/KeycloakTestUserConfig$*.class</exclude>
</excludes>
<rules>
<rule>
<element>PACKAGE</element>
<limits>
<limit>
<counter>LINE</counter>
<value>COVEREDRATIO</value>
<minimum>1.0</minimum>
</limit>
</limits>
</rule>
</rules>
</configuration>
</execution>
</executions>
</plugin> </plugin>
</plugins> </plugins>
</build> </build>

30
script/docker/.env.example
View File

@@ -1,13 +1,17 @@
# Base de données # Base de données
DB_NAME=lions_user_manager DB_NAME=lions_user_manager
DB_USER=lions DB_USER=lions
DB_PASSWORD=lions DB_PASSWORD=lions
DB_PORT=5432 DB_PORT=5432
# Keycloak # Keycloak (Docker Compose)
KC_ADMIN=admin KC_ADMIN=admin
KC_ADMIN_PASSWORD=admin KC_ADMIN_PASSWORD=admin
KC_PORT=8180 KC_PORT=8180
# Serveur # Keycloak Admin Client (application-dev.properties)
SERVER_PORT=8080 KEYCLOAK_ADMIN_USERNAME=admin
KEYCLOAK_ADMIN_PASSWORD=admin
# Serveur
SERVER_PORT=8080

70
script/docker/dependencies-docker-compose.yml
View File

@@ -1,35 +1,35 @@
services: services:
postgres: postgres:
image: postgres:15 image: postgres:15
environment: environment:
POSTGRES_DB: ${DB_NAME:-lions_user_manager} POSTGRES_DB: ${DB_NAME:-lions_user_manager}
POSTGRES_USER: ${DB_USER:-lions} POSTGRES_USER: ${DB_USER:-lions}
POSTGRES_PASSWORD: ${DB_PASSWORD:-lions} POSTGRES_PASSWORD: ${DB_PASSWORD:-lions}
ports: ports:
- "${DB_PORT:-5432}:5432" - "${DB_PORT:-5432}:5432"
volumes: volumes:
- postgres_data:/var/lib/postgresql/data - postgres_data:/var/lib/postgresql/data
healthcheck: healthcheck:
test: ["CMD-SHELL", "pg_isready -U ${DB_USER:-lions} -d ${DB_NAME:-lions_user_manager}"] test: ["CMD-SHELL", "pg_isready -U ${DB_USER:-lions} -d ${DB_NAME:-lions_user_manager}"]
interval: 5s interval: 5s
timeout: 5s timeout: 5s
retries: 5 retries: 5
keycloak: keycloak:
image: quay.io/keycloak/keycloak:26.3.3 image: quay.io/keycloak/keycloak:26.3.3
command: start-dev command: start-dev
environment: environment:
KC_DB: postgres KC_DB: postgres
KC_DB_URL: jdbc:postgresql://postgres:5432/${DB_NAME:-lions_user_manager} KC_DB_URL: jdbc:postgresql://postgres:5432/${DB_NAME:-lions_user_manager}
KC_DB_USERNAME: ${DB_USER:-lions} KC_DB_USERNAME: ${DB_USER:-lions}
KC_DB_PASSWORD: ${DB_PASSWORD:-lions} KC_DB_PASSWORD: ${DB_PASSWORD:-lions}
KC_BOOTSTRAP_ADMIN_USERNAME: ${KC_ADMIN:-admin} KC_BOOTSTRAP_ADMIN_USERNAME: ${KC_ADMIN:-admin}
KC_BOOTSTRAP_ADMIN_PASSWORD: ${KC_ADMIN_PASSWORD:-admin} KC_BOOTSTRAP_ADMIN_PASSWORD: ${KC_ADMIN_PASSWORD:-admin}
ports: ports:
- "${KC_PORT:-8180}:8080" - "${KC_PORT:-8180}:8080"
depends_on: depends_on:
postgres: postgres:
condition: service_healthy condition: service_healthy
volumes: volumes:
postgres_data: postgres_data:

104
script/docker/docker-compose.yml
View File

@@ -1,52 +1,52 @@
services: services:
postgres: postgres:
image: postgres:15 image: postgres:15
environment: environment:
POSTGRES_DB: ${DB_NAME:-lions_user_manager} POSTGRES_DB: ${DB_NAME:-lions_user_manager}
POSTGRES_USER: ${DB_USER:-lions} POSTGRES_USER: ${DB_USER:-lions}
POSTGRES_PASSWORD: ${DB_PASSWORD:-lions} POSTGRES_PASSWORD: ${DB_PASSWORD:-lions}
ports: ports:
- "${DB_PORT:-5432}:5432" - "${DB_PORT:-5432}:5432"
volumes: volumes:
- postgres_data:/var/lib/postgresql/data - postgres_data:/var/lib/postgresql/data
healthcheck: healthcheck:
test: ["CMD-SHELL", "pg_isready -U ${DB_USER:-lions} -d ${DB_NAME:-lions_user_manager}"] test: ["CMD-SHELL", "pg_isready -U ${DB_USER:-lions} -d ${DB_NAME:-lions_user_manager}"]
interval: 5s interval: 5s
timeout: 5s timeout: 5s
retries: 5 retries: 5
keycloak: keycloak:
image: quay.io/keycloak/keycloak:26.3.3 image: quay.io/keycloak/keycloak:26.3.3
command: start-dev command: start-dev
environment: environment:
KC_DB: postgres KC_DB: postgres
KC_DB_URL: jdbc:postgresql://postgres:5432/${DB_NAME:-lions_user_manager} KC_DB_URL: jdbc:postgresql://postgres:5432/${DB_NAME:-lions_user_manager}
KC_DB_USERNAME: ${DB_USER:-lions} KC_DB_USERNAME: ${DB_USER:-lions}
KC_DB_PASSWORD: ${DB_PASSWORD:-lions} KC_DB_PASSWORD: ${DB_PASSWORD:-lions}
KC_BOOTSTRAP_ADMIN_USERNAME: ${KC_ADMIN:-admin} KC_BOOTSTRAP_ADMIN_USERNAME: ${KC_ADMIN:-admin}
KC_BOOTSTRAP_ADMIN_PASSWORD: ${KC_ADMIN_PASSWORD:-admin} KC_BOOTSTRAP_ADMIN_PASSWORD: ${KC_ADMIN_PASSWORD:-admin}
ports: ports:
- "${KC_PORT:-8180}:8080" - "${KC_PORT:-8180}:8080"
depends_on: depends_on:
postgres: postgres:
condition: service_healthy condition: service_healthy
lions-user-manager-server: lions-user-manager-server:
build: build:
context: ../.. context: ../..
dockerfile: src/main/docker/Dockerfile.jvm dockerfile: src/main/docker/Dockerfile.jvm
ports: ports:
- "${SERVER_PORT:-8080}:8080" - "${SERVER_PORT:-8080}:8080"
environment: environment:
QUARKUS_DATASOURCE_JDBC_URL: jdbc:postgresql://postgres:5432/${DB_NAME:-lions_user_manager} QUARKUS_DATASOURCE_JDBC_URL: jdbc:postgresql://postgres:5432/${DB_NAME:-lions_user_manager}
QUARKUS_DATASOURCE_USERNAME: ${DB_USER:-lions} QUARKUS_DATASOURCE_USERNAME: ${DB_USER:-lions}
QUARKUS_DATASOURCE_PASSWORD: ${DB_PASSWORD:-lions} QUARKUS_DATASOURCE_PASSWORD: ${DB_PASSWORD:-lions}
KEYCLOAK_SERVER_URL: http://keycloak:8080 KEYCLOAK_SERVER_URL: http://keycloak:8080
depends_on: depends_on:
postgres: postgres:
condition: service_healthy condition: service_healthy
keycloak: keycloak:
condition: service_started condition: service_started
volumes: volumes:
postgres_data: postgres_data:

10
script/docker/run-dev.bat
View File

@@ -1,5 +1,5 @@
@echo off @echo off
REM Demarre les dependances (postgres + keycloak) puis le serveur en mode dev (mvn quarkus:dev -P dev) REM Demarre les dependances (postgres + keycloak) puis le serveur en mode dev (mvn quarkus:dev -P dev)
cd /d "%~dp0\..\.." cd /d "%~dp0\..\.."
docker-compose -f script/docker/dependencies-docker-compose.yml up -d docker-compose -f script/docker/dependencies-docker-compose.yml up -d
mvn quarkus:dev -P dev mvn quarkus:dev -P dev

14
script/docker/run-dev.sh
View File

@@ -1,7 +1,7 @@
#!/usr/bin/env bash #!/usr/bin/env bash
# Démarre les dépendances (postgres + keycloak) puis le serveur en mode dev (mvn quarkus:dev -P dev) # Démarre les dépendances (postgres + keycloak) puis le serveur en mode dev (mvn quarkus:dev -P dev)
set -e set -e
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
cd "$SCRIPT_DIR/../.." cd "$SCRIPT_DIR/../.."
docker-compose -f script/docker/dependencies-docker-compose.yml up -d docker-compose -f script/docker/dependencies-docker-compose.yml up -d
mvn quarkus:dev -P dev mvn quarkus:dev -P dev

31
src/main/docker/Dockerfile.jvm
View File

@@ -1,11 +1,20 @@
FROM registry.access.redhat.com/ubi8/openjdk-17:1.20 FROM registry.access.redhat.com/ubi8/openjdk-17:1.20
ENV LANGUAGE='en_US:en'
COPY --chown=185 target/quarkus-app/lib/ /deployments/lib/ ENV LANGUAGE='en_US:en'
COPY --chown=185 target/quarkus-app/*.jar /deployments/
COPY --chown=185 target/quarkus-app/app/ /deployments/app/ # Copy files with correct ownership for user 1001
COPY --chown=185 target/quarkus-app/quarkus/ /deployments/quarkus/ COPY --chown=1001:1001 target/quarkus-app/lib/ /deployments/lib/
EXPOSE 8080 COPY --chown=1001:1001 target/quarkus-app/*.jar /deployments/
USER 185 COPY --chown=1001:1001 target/quarkus-app/app/ /deployments/app/
ENV JAVA_OPTS_APPEND="-Dquarkus.http.host=0.0.0.0 -Djava.util.logging.manager=org.jboss.logmanager.LogManager" COPY --chown=1001:1001 target/quarkus-app/quarkus/ /deployments/quarkus/
ENV JAVA_APP_JAR="/deployments/quarkus-run.jar"
ENTRYPOINT ["/opt/jboss/container/java/run/run-java.sh"] EXPOSE 8080
# Use user 1001 (compatible with K8s securityContext)
USER 1001
ENV JAVA_OPTS_APPEND="-Dquarkus.http.host=0.0.0.0 -Djava.util.logging.manager=org.jboss.logmanager.LogManager"
ENV JAVA_APP_JAR="/deployments/quarkus-run.jar"
# Use java command with proper Quarkus options for fast-jar
ENTRYPOINT ["java", "-Dquarkus.http.host=0.0.0.0", "-Djava.util.logging.manager=org.jboss.logmanager.LogManager", "-jar", "/deployments/quarkus-run.jar"]

152
src/main/java/dev/lions/user/manager/client/KeycloakAdminClient.java
View File

@@ -1,76 +1,76 @@
package dev.lions.user.manager.client; package dev.lions.user.manager.client;
import org.keycloak.admin.client.Keycloak; import org.keycloak.admin.client.Keycloak;
import org.keycloak.admin.client.resource.RealmResource; import org.keycloak.admin.client.resource.RealmResource;
import org.keycloak.admin.client.resource.UsersResource; import org.keycloak.admin.client.resource.UsersResource;
import org.keycloak.admin.client.resource.RolesResource; import org.keycloak.admin.client.resource.RolesResource;
/** /**
* Interface pour le client Keycloak Admin * Interface pour le client Keycloak Admin
* Abstraction pour faciliter les tests et la gestion du cycle de vie * Abstraction pour faciliter les tests et la gestion du cycle de vie
*/ */
public interface KeycloakAdminClient { public interface KeycloakAdminClient {
/** /**
* Récupère l'instance Keycloak * Récupère l'instance Keycloak
* @return instance Keycloak * @return instance Keycloak
*/ */
Keycloak getInstance(); Keycloak getInstance();
/** /**
* Récupère une ressource Realm * Récupère une ressource Realm
* @param realmName nom du realm * @param realmName nom du realm
* @return RealmResource * @return RealmResource
*/ */
RealmResource getRealm(String realmName); RealmResource getRealm(String realmName);
/** /**
* Récupère la ressource Users d'un realm * Récupère la ressource Users d'un realm
* @param realmName nom du realm * @param realmName nom du realm
* @return UsersResource * @return UsersResource
*/ */
UsersResource getUsers(String realmName); UsersResource getUsers(String realmName);
/** /**
* Récupère la ressource Roles d'un realm * Récupère la ressource Roles d'un realm
* @param realmName nom du realm * @param realmName nom du realm
* @return RolesResource * @return RolesResource
*/ */
RolesResource getRoles(String realmName); RolesResource getRoles(String realmName);
/** /**
* Vérifie si la connexion à Keycloak est active * Vérifie si la connexion à Keycloak est active
* @return true si connecté * @return true si connecté
*/ */
boolean isConnected(); boolean isConnected();
/** /**
* Vérifie si un realm existe * Vérifie si un realm existe
* @param realmName nom du realm * @param realmName nom du realm
* @return true si le realm existe * @return true si le realm existe
*/ */
boolean realmExists(String realmName); boolean realmExists(String realmName);
/** /**
* Récupère la liste de tous les realms * Récupère la liste de tous les realms
* @return Liste des noms de realms * @return Liste des noms de realms
*/ */
java.util.List<String> getAllRealms(); java.util.List<String> getAllRealms();
/** /**
* Récupère la liste des clientId d'un realm * Récupère la liste des clientId d'un realm
* @param realmName nom du realm * @param realmName nom du realm
* @return Liste des clientId * @return Liste des clientId
*/ */
java.util.List<String> getRealmClients(String realmName); java.util.List<String> getRealmClients(String realmName);
/** /**
* Ferme la connexion Keycloak * Ferme la connexion Keycloak
*/ */
void close(); void close();
/** /**
* Force la reconnexion * Force la reconnexion
*/ */
void reconnect(); void reconnect();
} }

466
src/main/java/dev/lions/user/manager/client/KeycloakAdminClientImpl.java
View File

@@ -1,233 +1,233 @@
package dev.lions.user.manager.client; package dev.lions.user.manager.client;
import com.fasterxml.jackson.core.type.TypeReference; import com.fasterxml.jackson.core.type.TypeReference;
import com.fasterxml.jackson.databind.DeserializationFeature; import com.fasterxml.jackson.databind.DeserializationFeature;
import com.fasterxml.jackson.databind.ObjectMapper; import com.fasterxml.jackson.databind.ObjectMapper;
import io.quarkus.runtime.Startup; import io.quarkus.runtime.Startup;
import jakarta.annotation.PostConstruct; import jakarta.annotation.PostConstruct;
import jakarta.annotation.PreDestroy; import jakarta.annotation.PreDestroy;
import jakarta.enterprise.context.ApplicationScoped; import jakarta.enterprise.context.ApplicationScoped;
import jakarta.inject.Inject; import jakarta.inject.Inject;
import lombok.extern.slf4j.Slf4j; import lombok.extern.slf4j.Slf4j;
import org.eclipse.microprofile.config.inject.ConfigProperty; import org.eclipse.microprofile.config.inject.ConfigProperty;
import org.eclipse.microprofile.faulttolerance.CircuitBreaker; import org.eclipse.microprofile.faulttolerance.CircuitBreaker;
import org.eclipse.microprofile.faulttolerance.Retry; import org.eclipse.microprofile.faulttolerance.Retry;
import org.eclipse.microprofile.faulttolerance.Timeout; import org.eclipse.microprofile.faulttolerance.Timeout;
import org.keycloak.admin.client.Keycloak; import org.keycloak.admin.client.Keycloak;
import org.keycloak.admin.client.resource.RealmResource; import org.keycloak.admin.client.resource.RealmResource;
import org.keycloak.admin.client.resource.RolesResource; import org.keycloak.admin.client.resource.RolesResource;
import org.keycloak.admin.client.resource.UsersResource; import org.keycloak.admin.client.resource.UsersResource;
import jakarta.ws.rs.NotFoundException; import jakarta.ws.rs.NotFoundException;
import java.net.URI; import java.net.URI;
import java.net.http.HttpClient; import java.net.http.HttpClient;
import java.net.http.HttpRequest; import java.net.http.HttpRequest;
import java.net.http.HttpResponse; import java.net.http.HttpResponse;
import java.time.temporal.ChronoUnit; import java.time.temporal.ChronoUnit;
import java.util.List; import java.util.List;
import java.util.Map; import java.util.Map;
import java.util.stream.Collectors; import java.util.stream.Collectors;
/** /**
* Implémentation du client Keycloak Admin * Implémentation du client Keycloak Admin
* Utilise le bean Keycloak géré par Quarkus (quarkus-keycloak-admin-rest-client) * Utilise le bean Keycloak géré par Quarkus (quarkus-keycloak-admin-rest-client)
* qui respecte la configuration Jackson (fail-on-unknown-properties=false) * qui respecte la configuration Jackson (fail-on-unknown-properties=false)
* Utilise Circuit Breaker, Retry et Timeout pour la résilience * Utilise Circuit Breaker, Retry et Timeout pour la résilience
*/ */
@ApplicationScoped @ApplicationScoped
@Startup @Startup
@Slf4j @Slf4j
public class KeycloakAdminClientImpl implements KeycloakAdminClient { public class KeycloakAdminClientImpl implements KeycloakAdminClient {
@Inject @Inject
Keycloak keycloak; Keycloak keycloak;
@ConfigProperty(name = "lions.keycloak.server-url") @ConfigProperty(name = "lions.keycloak.server-url")
String serverUrl; String serverUrl;
@ConfigProperty(name = "lions.keycloak.admin-realm") @ConfigProperty(name = "lions.keycloak.admin-realm")
String adminRealm; String adminRealm;
@ConfigProperty(name = "lions.keycloak.admin-client-id") @ConfigProperty(name = "lions.keycloak.admin-client-id")
String adminClientId; String adminClientId;
@ConfigProperty(name = "lions.keycloak.admin-username") @ConfigProperty(name = "lions.keycloak.admin-username")
String adminUsername; String adminUsername;
@PostConstruct @PostConstruct
void init() { void init() {
log.info("========================================"); log.info("========================================");
log.info("Initialisation du client Keycloak Admin"); log.info("Initialisation du client Keycloak Admin");
log.info("========================================"); log.info("========================================");
log.info("Server URL: {}", serverUrl); log.info("Server URL: {}", serverUrl);
log.info("Admin Realm: {}", adminRealm); log.info("Admin Realm: {}", adminRealm);
log.info("Admin Client ID: {}", adminClientId); log.info("Admin Client ID: {}", adminClientId);
log.info("Admin Username: {}", adminUsername); log.info("Admin Username: {}", adminUsername);
log.info("✅ Client Keycloak initialisé via Quarkus CDI (connexion lazy)"); log.info("✅ Client Keycloak initialisé via Quarkus CDI (connexion lazy)");
log.info("La connexion sera établie lors de la première requête API"); log.info("La connexion sera établie lors de la première requête API");
} }
@Override @Override
@Retry(maxRetries = 3, delay = 2, delayUnit = ChronoUnit.SECONDS) @Retry(maxRetries = 3, delay = 2, delayUnit = ChronoUnit.SECONDS)
@Timeout(value = 30, unit = ChronoUnit.SECONDS) @Timeout(value = 30, unit = ChronoUnit.SECONDS)
@CircuitBreaker(requestVolumeThreshold = 10, failureRatio = 0.5, delay = 5000) @CircuitBreaker(requestVolumeThreshold = 10, failureRatio = 0.5, delay = 5000)
public Keycloak getInstance() { public Keycloak getInstance() {
return keycloak; return keycloak;
} }
@Override @Override
@Retry(maxRetries = 3, delay = 2, delayUnit = ChronoUnit.SECONDS) @Retry(maxRetries = 3, delay = 2, delayUnit = ChronoUnit.SECONDS)
@Timeout(value = 30, unit = ChronoUnit.SECONDS) @Timeout(value = 30, unit = ChronoUnit.SECONDS)
@CircuitBreaker(requestVolumeThreshold = 10, failureRatio = 0.5, delay = 5000) @CircuitBreaker(requestVolumeThreshold = 10, failureRatio = 0.5, delay = 5000)
public RealmResource getRealm(String realmName) { public RealmResource getRealm(String realmName) {
try { try {
return keycloak.realm(realmName); return keycloak.realm(realmName);
} catch (Exception e) { } catch (Exception e) {
log.error("Erreur lors de la récupération du realm {}: {}", realmName, e.getMessage()); log.error("Erreur lors de la récupération du realm {}: {}", realmName, e.getMessage());
throw new RuntimeException("Impossible de récupérer le realm: " + realmName, e); throw new RuntimeException("Impossible de récupérer le realm: " + realmName, e);
} }
} }
@Override @Override
@Retry(maxRetries = 3, delay = 2, delayUnit = ChronoUnit.SECONDS) @Retry(maxRetries = 3, delay = 2, delayUnit = ChronoUnit.SECONDS)
@Timeout(value = 30, unit = ChronoUnit.SECONDS) @Timeout(value = 30, unit = ChronoUnit.SECONDS)
@CircuitBreaker(requestVolumeThreshold = 10, failureRatio = 0.5, delay = 5000) @CircuitBreaker(requestVolumeThreshold = 10, failureRatio = 0.5, delay = 5000)
public UsersResource getUsers(String realmName) { public UsersResource getUsers(String realmName) {
return getRealm(realmName).users(); return getRealm(realmName).users();
} }
@Override @Override
@Retry(maxRetries = 3, delay = 2, delayUnit = ChronoUnit.SECONDS) @Retry(maxRetries = 3, delay = 2, delayUnit = ChronoUnit.SECONDS)
@Timeout(value = 30, unit = ChronoUnit.SECONDS) @Timeout(value = 30, unit = ChronoUnit.SECONDS)
@CircuitBreaker(requestVolumeThreshold = 10, failureRatio = 0.5, delay = 5000) @CircuitBreaker(requestVolumeThreshold = 10, failureRatio = 0.5, delay = 5000)
public RolesResource getRoles(String realmName) { public RolesResource getRoles(String realmName) {
return getRealm(realmName).roles(); return getRealm(realmName).roles();
} }
@Override @Override
public boolean isConnected() { public boolean isConnected() {
try { try {
// getAccessTokenString() n'implique pas la désérialisation de ServerInfoRepresentation // getAccessTokenString() n'implique pas la désérialisation de ServerInfoRepresentation
// (qui échoue sur le champ inconnu "cpuInfo" avec Keycloak 26+) // (qui échoue sur le champ inconnu "cpuInfo" avec Keycloak 26+)
keycloak.tokenManager().getAccessTokenString(); keycloak.tokenManager().getAccessTokenString();
return true; return true;
} catch (Exception e) { } catch (Exception e) {
log.warn("Keycloak non connecté: {}", e.getMessage()); log.warn("Keycloak non connecté: {}", e.getMessage());
return false; return false;
} }
} }
@Override @Override
public boolean realmExists(String realmName) { public boolean realmExists(String realmName) {
try { try {
getRealm(realmName).roles().list(); getRealm(realmName).roles().list();
return true; return true;
} catch (NotFoundException e) { } catch (NotFoundException e) {
log.debug("Realm {} n'existe pas", realmName); log.debug("Realm {} n'existe pas", realmName);
return false; return false;
} catch (Exception e) { } catch (Exception e) {
log.debug("Erreur lors de la vérification du realm {} (probablement il existe): {}", log.debug("Erreur lors de la vérification du realm {} (probablement il existe): {}",
realmName, e.getMessage()); realmName, e.getMessage());
return true; return true;
} }
} }
@Override @Override
@Retry(maxRetries = 3, delay = 2, delayUnit = ChronoUnit.SECONDS) @Retry(maxRetries = 3, delay = 2, delayUnit = ChronoUnit.SECONDS)
@Timeout(value = 30, unit = ChronoUnit.SECONDS) @Timeout(value = 30, unit = ChronoUnit.SECONDS)
@CircuitBreaker(requestVolumeThreshold = 10, failureRatio = 0.5, delay = 5000) @CircuitBreaker(requestVolumeThreshold = 10, failureRatio = 0.5, delay = 5000)
public List<String> getAllRealms() { public List<String> getAllRealms() {
try { try {
log.debug("Récupération de tous les realms depuis Keycloak"); log.debug("Récupération de tous les realms depuis Keycloak");
// Appel HTTP direct pour éviter l'erreur de désérialisation de RealmRepresentation // Appel HTTP direct pour éviter l'erreur de désérialisation de RealmRepresentation
// (champ bruteForceStrategy inconnu dans la version de la librairie cliente) // (champ bruteForceStrategy inconnu dans la version de la librairie cliente)
String token = keycloak.tokenManager().getAccessTokenString(); String token = keycloak.tokenManager().getAccessTokenString();
HttpRequest request = HttpRequest.newBuilder() HttpRequest request = HttpRequest.newBuilder()
.uri(URI.create(serverUrl + "/admin/realms")) .uri(URI.create(serverUrl + "/admin/realms"))
.header("Authorization", "Bearer " + token) .header("Authorization", "Bearer " + token)
.header("Accept", "application/json") .header("Accept", "application/json")
.GET() .GET()
.build(); .build();
HttpResponse<String> response = HttpClient.newHttpClient() HttpResponse<String> response = HttpClient.newHttpClient()
.send(request, HttpResponse.BodyHandlers.ofString()); .send(request, HttpResponse.BodyHandlers.ofString());
if (response.statusCode() != 200) { if (response.statusCode() != 200) {
throw new RuntimeException("Keycloak returned HTTP " + response.statusCode()); throw new RuntimeException("Keycloak returned HTTP " + response.statusCode());
} }
ObjectMapper mapper = new ObjectMapper() ObjectMapper mapper = new ObjectMapper()
.configure(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES, false); .configure(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES, false);
List<Map<String, Object>> realmMaps = mapper.readValue( List<Map<String, Object>> realmMaps = mapper.readValue(
response.body(), new TypeReference<>() {}); response.body(), new TypeReference<>() {});
List<String> realms = realmMaps.stream() List<String> realms = realmMaps.stream()
.map(r -> (String) r.get("realm")) .map(r -> (String) r.get("realm"))
.filter(r -> r != null) .filter(r -> r != null)
.collect(Collectors.toList()); .collect(Collectors.toList());
log.debug("Realms récupérés: {}", realms); log.debug("Realms récupérés: {}", realms);
return realms; return realms;
} catch (Exception e) { } catch (Exception e) {
log.error("Erreur lors de la récupération de tous les realms: {}", e.getMessage()); log.error("Erreur lors de la récupération de tous les realms: {}", e.getMessage());
throw new RuntimeException("Impossible de récupérer la liste des realms", e); throw new RuntimeException("Impossible de récupérer la liste des realms", e);
} }
} }
@Override @Override
@Retry(maxRetries = 3, delay = 2, delayUnit = ChronoUnit.SECONDS) @Retry(maxRetries = 3, delay = 2, delayUnit = ChronoUnit.SECONDS)
@Timeout(value = 30, unit = ChronoUnit.SECONDS) @Timeout(value = 30, unit = ChronoUnit.SECONDS)
@CircuitBreaker(requestVolumeThreshold = 10, failureRatio = 0.5, delay = 5000) @CircuitBreaker(requestVolumeThreshold = 10, failureRatio = 0.5, delay = 5000)
public List<String> getRealmClients(String realmName) { public List<String> getRealmClients(String realmName) {
try { try {
log.debug("Récupération des clients du realm {}", realmName); log.debug("Récupération des clients du realm {}", realmName);
String token = keycloak.tokenManager().getAccessTokenString(); String token = keycloak.tokenManager().getAccessTokenString();
HttpRequest request = HttpRequest.newBuilder() HttpRequest request = HttpRequest.newBuilder()
.uri(URI.create(serverUrl + "/admin/realms/" + realmName + "/clients")) .uri(URI.create(serverUrl + "/admin/realms/" + realmName + "/clients"))
.header("Authorization", "Bearer " + token) .header("Authorization", "Bearer " + token)
.header("Accept", "application/json") .header("Accept", "application/json")
.GET() .GET()
.build(); .build();
HttpResponse<String> response = HttpClient.newHttpClient() HttpResponse<String> response = HttpClient.newHttpClient()
.send(request, HttpResponse.BodyHandlers.ofString()); .send(request, HttpResponse.BodyHandlers.ofString());
if (response.statusCode() != 200) { if (response.statusCode() != 200) {
throw new RuntimeException("Keycloak returned HTTP " + response.statusCode()); throw new RuntimeException("Keycloak returned HTTP " + response.statusCode());
} }
ObjectMapper mapper = new ObjectMapper() ObjectMapper mapper = new ObjectMapper()
.configure(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES, false); .configure(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES, false);
List<Map<String, Object>> clientMaps = mapper.readValue( List<Map<String, Object>> clientMaps = mapper.readValue(
response.body(), new TypeReference<>() {}); response.body(), new TypeReference<>() {});
List<String> clients = clientMaps.stream() List<String> clients = clientMaps.stream()
.map(c -> (String) c.get("clientId")) .map(c -> (String) c.get("clientId"))
.filter(c -> c != null) .filter(c -> c != null)
.collect(Collectors.toList()); .collect(Collectors.toList());
log.debug("Clients récupérés pour {}: {}", realmName, clients); log.debug("Clients récupérés pour {}: {}", realmName, clients);
return clients; return clients;
} catch (Exception e) { } catch (Exception e) {
log.error("Erreur lors de la récupération des clients du realm {}: {}", realmName, e.getMessage()); log.error("Erreur lors de la récupération des clients du realm {}: {}", realmName, e.getMessage());
throw new RuntimeException("Impossible de récupérer les clients du realm: " + realmName, e); throw new RuntimeException("Impossible de récupérer les clients du realm: " + realmName, e);
} }
} }
@PreDestroy @PreDestroy
@Override @Override
public void close() { public void close() {
log.info("Fermeture de la connexion Keycloak..."); log.info("Fermeture de la connexion Keycloak...");
// Le cycle de vie est géré par Quarkus CDI // Le cycle de vie est géré par Quarkus CDI
} }
@Override @Override
public void reconnect() { public void reconnect() {
log.info("Reconnexion à Keycloak... (géré par Quarkus CDI)"); log.info("Reconnexion à Keycloak... (géré par Quarkus CDI)");
// Le bean Keycloak est géré par Quarkus, pas de reconnexion manuelle nécessaire // Le bean Keycloak est géré par Quarkus, pas de reconnexion manuelle nécessaire
} }
} }

44
src/main/java/dev/lions/user/manager/config/JacksonConfig.java
View File

@@ -1,22 +1,22 @@
package dev.lions.user.manager.config; package dev.lions.user.manager.config;
import com.fasterxml.jackson.databind.DeserializationFeature; import com.fasterxml.jackson.databind.DeserializationFeature;
import com.fasterxml.jackson.databind.ObjectMapper; import com.fasterxml.jackson.databind.ObjectMapper;
import io.quarkus.jackson.ObjectMapperCustomizer; import io.quarkus.jackson.ObjectMapperCustomizer;
import jakarta.inject.Singleton; import jakarta.inject.Singleton;
import lombok.extern.slf4j.Slf4j; import lombok.extern.slf4j.Slf4j;
/** /**
* Configure Jackson globally to ignore unknown JSON properties. * Configure Jackson globally to ignore unknown JSON properties.
* This is required for forward compatibility with newer Keycloak versions (e.g. cpuInfo field). * This is required for forward compatibility with newer Keycloak versions (e.g. cpuInfo field).
*/ */
@Singleton @Singleton
@Slf4j @Slf4j
public class JacksonConfig implements ObjectMapperCustomizer { public class JacksonConfig implements ObjectMapperCustomizer {
@Override @Override
public void customize(ObjectMapper objectMapper) { public void customize(ObjectMapper objectMapper) {
log.info("### LIONS: Applying Jackson configuration for Keycloak compatibility ###"); log.info("### LIONS: Applying Jackson configuration for Keycloak compatibility ###");
objectMapper.configure(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES, false); objectMapper.configure(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES, false);
} }
} }

66
src/main/java/dev/lions/user/manager/config/KeycloakJacksonCustomizer.java
View File

@@ -1,33 +1,33 @@
package dev.lions.user.manager.config; package dev.lions.user.manager.config;
import com.fasterxml.jackson.annotation.JsonIgnoreProperties; import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
import com.fasterxml.jackson.databind.ObjectMapper; import com.fasterxml.jackson.databind.ObjectMapper;
import io.quarkus.jackson.ObjectMapperCustomizer; import io.quarkus.jackson.ObjectMapperCustomizer;
import jakarta.inject.Singleton; import jakarta.inject.Singleton;
import org.keycloak.representations.idm.RealmRepresentation; import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.representations.idm.UserRepresentation; import org.keycloak.representations.idm.UserRepresentation;
import org.keycloak.representations.idm.RoleRepresentation; import org.keycloak.representations.idm.RoleRepresentation;
/** /**
* Customizer pour Jackson afin d'ignorer les propriétés inconnues dans les * Customizer pour Jackson afin d'ignorer les propriétés inconnues dans les
* représentations Keycloak. * représentations Keycloak.
* Cela évite les erreurs de désérialisation (comme bruteForceStrategy) lorsque * Cela évite les erreurs de désérialisation (comme bruteForceStrategy) lorsque
* le serveur Keycloak * le serveur Keycloak
* est plus récent que les bibliothèques clients. * est plus récent que les bibliothèques clients.
*/ */
@Singleton @Singleton
public class KeycloakJacksonCustomizer implements ObjectMapperCustomizer { public class KeycloakJacksonCustomizer implements ObjectMapperCustomizer {
@Override @Override
public void customize(ObjectMapper objectMapper) { public void customize(ObjectMapper objectMapper) {
// En plus de la configuration globale, on force les Mix-ins pour les classes // En plus de la configuration globale, on force les Mix-ins pour les classes
// Keycloak critiques // Keycloak critiques
objectMapper.addMixIn(RealmRepresentation.class, IgnoreUnknownMixin.class); objectMapper.addMixIn(RealmRepresentation.class, IgnoreUnknownMixin.class);
objectMapper.addMixIn(UserRepresentation.class, IgnoreUnknownMixin.class); objectMapper.addMixIn(UserRepresentation.class, IgnoreUnknownMixin.class);
objectMapper.addMixIn(RoleRepresentation.class, IgnoreUnknownMixin.class); objectMapper.addMixIn(RoleRepresentation.class, IgnoreUnknownMixin.class);
} }
@JsonIgnoreProperties(ignoreUnknown = true) @JsonIgnoreProperties(ignoreUnknown = true)
abstract static class IgnoreUnknownMixin { abstract static class IgnoreUnknownMixin {
} }
} }

397
src/main/java/dev/lions/user/manager/config/KeycloakRealmSetupService.java Normal file
View File

@@ -0,0 +1,397 @@
package dev.lions.user.manager.config;
import com.fasterxml.jackson.core.type.TypeReference;
import com.fasterxml.jackson.databind.DeserializationFeature;
import com.fasterxml.jackson.databind.ObjectMapper;
import io.quarkus.runtime.StartupEvent;
import jakarta.enterprise.context.ApplicationScoped;
import jakarta.enterprise.event.Observes;
import lombok.extern.slf4j.Slf4j;
import org.eclipse.microprofile.config.inject.ConfigProperty;
import java.net.URI;
import java.net.URLEncoder;
import java.net.http.HttpClient;
import java.net.http.HttpRequest;
import java.net.http.HttpResponse;
import java.nio.charset.StandardCharsets;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import java.util.Set;
import java.util.concurrent.Executors;
import java.util.concurrent.TimeUnit;
/**
* Initialise les rôles nécessaires dans les realms Keycloak autorisés au démarrage,
* et assigne le rôle {@code user_manager} aux service accounts des clients configurés.
*
* <p>Utilise l'API REST Admin Keycloak via {@code java.net.http.HttpClient} avec
* {@code ObjectMapper(FAIL_ON_UNKNOWN_PROPERTIES=false)} pour éviter les erreurs de
* désérialisation sur Keycloak 26+ (champs inconnus {@code bruteForceStrategy}, {@code cpuInfo}).
*
* <p>L'initialisation est <b>idempotente</b> : elle vérifie l'existence avant de créer
* ou d'assigner. En cas d'erreur (Keycloak non disponible au démarrage), un simple
* avertissement est loggué sans bloquer le démarrage de l'application.
*
* <h3>Configuration</h3>
* <pre>
* lions.keycloak.auto-setup.enabled=true
* lions.keycloak.authorized-realms=unionflow,btpxpress
* lions.keycloak.service-accounts.user-manager-clients=unionflow-server,btpxpress-server
* </pre>
*/
@ApplicationScoped
@Slf4j
public class KeycloakRealmSetupService {
/** Rôles à créer dans chaque realm autorisé. */
private static final List<String> REQUIRED_ROLES = List.of(
"admin", "user_manager", "user_viewer",
"role_manager", "role_viewer", "auditor", "sync_manager"
);
@ConfigProperty(name = "lions.keycloak.server-url")
String serverUrl;
@ConfigProperty(name = "lions.keycloak.authorized-realms", defaultValue = "unionflow")
String authorizedRealms;
@ConfigProperty(name = "lions.keycloak.service-accounts.user-manager-clients")
Optional<String> userManagerClients;
// Credentials admin Keycloak pour obtenir un token master (sans CDI RequestScoped)
@ConfigProperty(name = "quarkus.keycloak.admin-client.server-url")
String adminServerUrl;
@ConfigProperty(name = "quarkus.keycloak.admin-client.realm", defaultValue = "master")
String adminRealm;
@ConfigProperty(name = "quarkus.keycloak.admin-client.client-id", defaultValue = "admin-cli")
String adminClientId;
@ConfigProperty(name = "quarkus.keycloak.admin-client.username", defaultValue = "admin")
String adminUsername;
@ConfigProperty(name = "quarkus.keycloak.admin-client.password", defaultValue = "admin")
String adminPassword;
@ConfigProperty(name = "lions.keycloak.auto-setup.enabled", defaultValue = "true")
boolean autoSetupEnabled;
/** Nombre de tentatives max si Keycloak n'est pas encore prêt au démarrage. */
@ConfigProperty(name = "lions.keycloak.auto-setup.retry-max", defaultValue = "5")
int retryMax;
/** Délai en secondes entre chaque tentative. */
@ConfigProperty(name = "lions.keycloak.auto-setup.retry-delay-seconds", defaultValue = "5")
int retryDelaySeconds;
void onStart(@Observes StartupEvent ev) {
if (!autoSetupEnabled) {
log.info("KeycloakRealmSetupService désactivé (lions.keycloak.auto-setup.enabled=false)");
return;
}
// Exécuter l'auto-setup dans un thread séparé pour ne pas bloquer le démarrage
// et permettre les retries sans bloquer Quarkus
Executors.newSingleThreadExecutor().execute(this::runSetupWithRetry);
}
private void runSetupWithRetry() {
for (int attempt = 1; attempt <= retryMax; attempt++) {
try {
log.info("Initialisation des rôles Keycloak (tentative {}/{})...", attempt, retryMax);
HttpClient http = HttpClient.newHttpClient();
String token = fetchAdminToken(http);
ObjectMapper mapper = new ObjectMapper()
.configure(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES, false);
for (String rawRealm : authorizedRealms.split(",")) {
String realm = rawRealm.trim();
if (realm.isBlank() || "master".equals(realm)) {
continue;
}
log.info("Configuration du realm '{}'...", realm);
setupRealmRoles(http, mapper, token, realm);
assignUserManagerRoleToServiceAccounts(http, mapper, token, realm);
}
log.info("✅ Initialisation des rôles Keycloak terminée avec succès");
return; // succès — on sort
} catch (Exception e) {
if (attempt < retryMax) {
log.warn("⚠️ Tentative {}/{} échouée ({}). Nouvelle tentative dans {}s...",
attempt, retryMax, e.getMessage(), retryDelaySeconds);
try {
TimeUnit.SECONDS.sleep(retryDelaySeconds);
} catch (InterruptedException ie) {
Thread.currentThread().interrupt();
log.warn("Auto-setup interrompu");
return;
}
} else {
log.error("❌ Impossible d'initialiser les rôles Keycloak après {} tentatives. " +
"Vérifier que Keycloak est accessible et que KEYCLOAK_ADMIN_PASSWORD est défini. " +
"Le service account 'unionflow-server' n'aura pas le rôle 'user_manager' — " +
"les changements de mot de passe premier login retourneront 403.",
retryMax, e);
}
}
}
}
// ─────────────────────────────────────────────────────────────────────────
// Token admin Keycloak (appel HTTP direct, sans CDI RequestScoped)
// ─────────────────────────────────────────────────────────────────────────
private String fetchAdminToken(HttpClient http) throws Exception {
String body = "grant_type=password"
+ "&client_id=" + URLEncoder.encode(adminClientId, StandardCharsets.UTF_8)
+ "&username=" + URLEncoder.encode(adminUsername, StandardCharsets.UTF_8)
+ "&password=" + URLEncoder.encode(adminPassword, StandardCharsets.UTF_8);
HttpResponse<String> resp = http.send(
HttpRequest.newBuilder()
.uri(URI.create(adminServerUrl + "/realms/" + adminRealm
+ "/protocol/openid-connect/token"))
.header("Content-Type", "application/x-www-form-urlencoded")
.POST(HttpRequest.BodyPublishers.ofString(body))
.build(),
HttpResponse.BodyHandlers.ofString()
);
if (resp.statusCode() != 200) {
throw new IllegalStateException("Impossible d'obtenir un token admin Keycloak (HTTP "
+ resp.statusCode() + "): " + resp.body());
}
ObjectMapper mapper = new ObjectMapper()
.configure(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES, false);
Map<String, Object> tokenResponse = mapper.readValue(resp.body(), new TypeReference<>() {});
return (String) tokenResponse.get("access_token");
}
// ─────────────────────────────────────────────────────────────────────────
// Création des rôles realm
// ─────────────────────────────────────────────────────────────────────────
private void setupRealmRoles(HttpClient http, ObjectMapper mapper, String token, String realm)
throws Exception {
Set<String> existingNames = fetchExistingRoleNames(http, mapper, token, realm);
if (existingNames == null) return; // realm inaccessible, déjà loggué
for (String roleName : REQUIRED_ROLES) {
if (existingNames.contains(roleName)) {
log.debug("Rôle '{}' déjà présent dans le realm '{}'", roleName, realm);
continue;
}
createRole(http, token, realm, roleName);
}
}
private Set<String> fetchExistingRoleNames(HttpClient http, ObjectMapper mapper,
String token, String realm) throws Exception {
HttpResponse<String> resp = http.send(
HttpRequest.newBuilder()
.uri(URI.create(serverUrl + "/admin/realms/" + realm + "/roles"))
.header("Authorization", "Bearer " + token)
.header("Accept", "application/json")
.GET().build(),
HttpResponse.BodyHandlers.ofString()
);
if (resp.statusCode() != 200) {
log.warn("Impossible de lire les rôles du realm '{}' (HTTP {})", realm, resp.statusCode());
return null;
}
List<Map<String, Object>> roles = mapper.readValue(resp.body(), new TypeReference<>() {});
Set<String> names = new HashSet<>();
for (Map<String, Object> r : roles) {
names.add((String) r.get("name"));
}
return names;
}
private void createRole(HttpClient http, String token, String realm, String roleName)
throws Exception {
String body = String.format(
"{\"name\":\"%s\",\"description\":\"Rôle %s pour lions-user-manager\"}",
roleName, roleName
);
HttpResponse<String> resp = http.send(
HttpRequest.newBuilder()
.uri(URI.create(serverUrl + "/admin/realms/" + realm + "/roles"))
.header("Authorization", "Bearer " + token)
.header("Content-Type", "application/json")
.POST(HttpRequest.BodyPublishers.ofString(body)).build(),
HttpResponse.BodyHandlers.ofString()
);
if (resp.statusCode() == 201) {
log.info("✅ Rôle '{}' créé dans le realm '{}'", roleName, realm);
} else if (resp.statusCode() == 409) {
log.debug("Rôle '{}' déjà existant dans le realm '{}' (race condition ignorée)", roleName, realm);
} else {
log.warn("Échec de création du rôle '{}' dans le realm '{}' (HTTP {}): {}",
roleName, realm, resp.statusCode(), resp.body());
}
}
// ─────────────────────────────────────────────────────────────────────────
// Assignation du rôle user_manager aux service accounts
// ─────────────────────────────────────────────────────────────────────────
private void assignUserManagerRoleToServiceAccounts(HttpClient http, ObjectMapper mapper,
String token, String realm) throws Exception {
if (userManagerClients.isEmpty() || userManagerClients.get().isBlank()) {
return;
}
Map<String, Object> userManagerRole = fetchRoleByName(http, mapper, token, realm, "user_manager");
if (userManagerRole == null) {
log.warn("Rôle 'user_manager' introuvable dans le realm '{}', assignation ignorée", realm);
return;
}
for (String rawClient : userManagerClients.get().split(",")) {
String clientId = rawClient.trim();
if (clientId.isBlank()) continue;
assignRoleToServiceAccount(http, mapper, token, realm, clientId, userManagerRole);
}
}
private Map<String, Object> fetchRoleByName(HttpClient http, ObjectMapper mapper,
String token, String realm, String roleName)
throws Exception {
HttpResponse<String> resp = http.send(
HttpRequest.newBuilder()
.uri(URI.create(serverUrl + "/admin/realms/" + realm + "/roles/" + roleName))
.header("Authorization", "Bearer " + token)
.header("Accept", "application/json")
.GET().build(),
HttpResponse.BodyHandlers.ofString()
);
if (resp.statusCode() != 200) {
log.warn("Rôle '{}' introuvable dans le realm '{}' (HTTP {})", roleName, realm, resp.statusCode());
return null;
}
return mapper.readValue(resp.body(), new TypeReference<>() {});
}
private void assignRoleToServiceAccount(HttpClient http, ObjectMapper mapper, String token,
String realm, String clientId,
Map<String, Object> role) throws Exception {
// 1. Trouver l'UUID interne du client
String internalClientId = findClientInternalId(http, mapper, token, realm, clientId);
if (internalClientId == null) return;
// 2. Récupérer l'utilisateur service account du client
String serviceAccountUserId = findServiceAccountUserId(http, mapper, token, realm, clientId, internalClientId);
if (serviceAccountUserId == null) return;
// 3. Vérifier si le rôle est déjà assigné
if (isRoleAlreadyAssigned(http, mapper, token, realm, serviceAccountUserId, (String) role.get("name"))) {
log.debug("Rôle '{}' déjà assigné au service account du client '{}' dans le realm '{}'",
role.get("name"), clientId, realm);
return;
}
// 4. Assigner le rôle
ObjectMapper cleanMapper = new ObjectMapper()
.configure(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES, false);
String body = "[" + cleanMapper.writeValueAsString(role) + "]";
HttpResponse<String> assignResp = http.send(
HttpRequest.newBuilder()
.uri(URI.create(serverUrl + "/admin/realms/" + realm
+ "/users/" + serviceAccountUserId + "/role-mappings/realm"))
.header("Authorization", "Bearer " + token)
.header("Content-Type", "application/json")
.POST(HttpRequest.BodyPublishers.ofString(body)).build(),
HttpResponse.BodyHandlers.ofString()
);
if (assignResp.statusCode() == 204) {
log.info("✅ Rôle 'user_manager' assigné au service account du client '{}' dans le realm '{}'",
clientId, realm);
} else {
log.warn("Échec d'assignation du rôle 'user_manager' au service account '{}' dans le realm '{}' (HTTP {}): {}",
clientId, realm, assignResp.statusCode(), assignResp.body());
}
}
private String findClientInternalId(HttpClient http, ObjectMapper mapper, String token,
String realm, String clientId) throws Exception {
HttpResponse<String> resp = http.send(
HttpRequest.newBuilder()
.uri(URI.create(serverUrl + "/admin/realms/" + realm
+ "/clients?clientId=" + clientId + "&search=false"))
.header("Authorization", "Bearer " + token)
.header("Accept", "application/json")
.GET().build(),
HttpResponse.BodyHandlers.ofString()
);
if (resp.statusCode() != 200) {
log.warn("Impossible de rechercher le client '{}' dans le realm '{}' (HTTP {})",
clientId, realm, resp.statusCode());
return null;
}
List<Map<String, Object>> clients = mapper.readValue(resp.body(), new TypeReference<>() {});
if (clients.isEmpty()) {
log.info("Client '{}' absent du realm '{}' — pas d'assignation service account dans ce realm " +
"(normal si le client ne s'authentifie pas via ce realm)", clientId, realm);
return null;
}
return (String) clients.get(0).get("id");
}
private String findServiceAccountUserId(HttpClient http, ObjectMapper mapper, String token,
String realm, String clientId, String internalClientId)
throws Exception {
HttpResponse<String> resp = http.send(
HttpRequest.newBuilder()
.uri(URI.create(serverUrl + "/admin/realms/" + realm
+ "/clients/" + internalClientId + "/service-account-user"))
.header("Authorization", "Bearer " + token)
.header("Accept", "application/json")
.GET().build(),
HttpResponse.BodyHandlers.ofString()
);
if (resp.statusCode() != 200) {
log.warn("Service account introuvable pour le client '{}' dans le realm '{}' " +
"(HTTP {} — le client est-il confidentiel avec serviceAccountsEnabled=true ?)",
clientId, realm, resp.statusCode());
return null;
}
Map<String, Object> saUser = mapper.readValue(resp.body(), new TypeReference<>() {});
return (String) saUser.get("id");
}
private boolean isRoleAlreadyAssigned(HttpClient http, ObjectMapper mapper, String token,
String realm, String userId, String roleName)
throws Exception {
HttpResponse<String> resp = http.send(
HttpRequest.newBuilder()
.uri(URI.create(serverUrl + "/admin/realms/" + realm
+ "/users/" + userId + "/role-mappings/realm"))
.header("Authorization", "Bearer " + token)
.header("Accept", "application/json")
.GET().build(),
HttpResponse.BodyHandlers.ofString()
);
if (resp.statusCode() != 200) return false;
List<Map<String, Object>> assigned = mapper.readValue(resp.body(), new TypeReference<>() {});
return assigned.stream().anyMatch(r -> roleName.equals(r.get("name")));
}
}

562
src/main/java/dev/lions/user/manager/config/KeycloakTestUserConfig.java
View File

@@ -1,281 +1,281 @@
package dev.lions.user.manager.config; package dev.lions.user.manager.config;
import io.quarkus.arc.profile.IfBuildProfile; import io.quarkus.arc.profile.IfBuildProfile;
import io.quarkus.runtime.StartupEvent; import io.quarkus.runtime.StartupEvent;
import jakarta.enterprise.event.Observes; import jakarta.enterprise.event.Observes;
import jakarta.inject.Inject; import jakarta.inject.Inject;
import jakarta.inject.Singleton; import jakarta.inject.Singleton;
import lombok.extern.slf4j.Slf4j; import lombok.extern.slf4j.Slf4j;
import org.eclipse.microprofile.config.inject.ConfigProperty; import org.eclipse.microprofile.config.inject.ConfigProperty;
import org.keycloak.admin.client.Keycloak; import org.keycloak.admin.client.Keycloak;
import org.keycloak.admin.client.KeycloakBuilder; import org.keycloak.admin.client.KeycloakBuilder;
import org.keycloak.representations.idm.CredentialRepresentation; import org.keycloak.representations.idm.CredentialRepresentation;
import org.keycloak.representations.idm.ProtocolMapperRepresentation; import org.keycloak.representations.idm.ProtocolMapperRepresentation;
import org.keycloak.representations.idm.RealmRepresentation; import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.representations.idm.RoleRepresentation; import org.keycloak.representations.idm.RoleRepresentation;
import org.keycloak.representations.idm.UserRepresentation; import org.keycloak.representations.idm.UserRepresentation;
import java.util.*; import java.util.*;
/** /**
* Configuration automatique de Keycloak pour l'utilisateur de test * Configuration automatique de Keycloak pour l'utilisateur de test
* S'exécute au démarrage de l'application en mode dev * S'exécute au démarrage de l'application en mode dev
*/ */
@Singleton @Singleton
@IfBuildProfile("dev") @IfBuildProfile("dev")
@Slf4j @Slf4j
public class KeycloakTestUserConfig { public class KeycloakTestUserConfig {
@Inject @Inject
@ConfigProperty(name = "quarkus.profile", defaultValue = "prod") @ConfigProperty(name = "quarkus.profile", defaultValue = "prod")
String profile; String profile;
@Inject @Inject
@ConfigProperty(name = "lions.keycloak.server-url") @ConfigProperty(name = "lions.keycloak.server-url")
String keycloakServerUrl; String keycloakServerUrl;
@Inject @Inject
@ConfigProperty(name = "lions.keycloak.admin-realm", defaultValue = "master") @ConfigProperty(name = "lions.keycloak.admin-realm", defaultValue = "master")
String adminRealm; String adminRealm;
@Inject @Inject
@ConfigProperty(name = "lions.keycloak.admin-username", defaultValue = "admin") @ConfigProperty(name = "lions.keycloak.admin-username", defaultValue = "admin")
String adminUsername; String adminUsername;
@Inject @Inject
@ConfigProperty(name = "lions.keycloak.admin-password", defaultValue = "admin") @ConfigProperty(name = "lions.keycloak.admin-password", defaultValue = "admin")
String adminPassword; String adminPassword;
@Inject @Inject
@ConfigProperty(name = "lions.keycloak.authorized-realms") @ConfigProperty(name = "lions.keycloak.authorized-realms")
String authorizedRealms; String authorizedRealms;
private static final String TEST_REALM = "lions-user-manager"; private static final String TEST_REALM = "lions-user-manager";
private static final String TEST_USER = "test-user"; private static final String TEST_USER = "test-user";
private static final String TEST_PASSWORD = "test123"; private static final String TEST_PASSWORD = "test123";
private static final String TEST_EMAIL = "test@lions.dev"; private static final String TEST_EMAIL = "test@lions.dev";
private static final String CLIENT_ID = "lions-user-manager-client"; private static final String CLIENT_ID = "lions-user-manager-client";
private static final List<String> REQUIRED_ROLES = Arrays.asList( private static final List<String> REQUIRED_ROLES = Arrays.asList(
"admin", "user_manager", "user_viewer", "admin", "user_manager", "user_viewer",
"role_manager", "role_viewer", "auditor", "sync_manager" "role_manager", "role_viewer", "auditor", "sync_manager"
); );
void onStart(@Observes StartupEvent ev) { void onStart(@Observes StartupEvent ev) {
// DÉSACTIVÉ: Configuration manuelle via script create-roles-and-assign.sh // DÉSACTIVÉ: Configuration manuelle via script create-roles-and-assign.sh
// Cette configuration automatique cause des erreurs de compatibilité Keycloak // Cette configuration automatique cause des erreurs de compatibilité Keycloak
// (bruteForceStrategy, cpuInfo non reconnus par la version Keycloak client) // (bruteForceStrategy, cpuInfo non reconnus par la version Keycloak client)
log.info("Configuration automatique de Keycloak DÉSACTIVÉE"); log.info("Configuration automatique de Keycloak DÉSACTIVÉE");
log.info("Utiliser le script create-roles-and-assign.sh pour configurer Keycloak manuellement"); log.info("Utiliser le script create-roles-and-assign.sh pour configurer Keycloak manuellement");
return; return;
/* ANCIEN CODE DÉSACTIVÉ /* ANCIEN CODE DÉSACTIVÉ
// Ne s'exécuter qu'en mode dev // Ne s'exécuter qu'en mode dev
if (!"dev".equals(profile) && !"development".equals(profile)) { if (!"dev".equals(profile) && !"development".equals(profile)) {
log.debug("Mode non-dev détecté ({}), configuration Keycloak ignorée", profile); log.debug("Mode non-dev détecté ({}), configuration Keycloak ignorée", profile);
return; return;
} }
log.info("Configuration automatique de Keycloak pour l'utilisateur de test..."); log.info("Configuration automatique de Keycloak pour l'utilisateur de test...");
Keycloak adminClient = null; Keycloak adminClient = null;
try { try {
// Connexion en tant qu'admin // Connexion en tant qu'admin
adminClient = KeycloakBuilder.builder() adminClient = KeycloakBuilder.builder()
.serverUrl(keycloakServerUrl) .serverUrl(keycloakServerUrl)
.realm(adminRealm) .realm(adminRealm)
.username(adminUsername) .username(adminUsername)
.password(adminPassword) .password(adminPassword)
.clientId("admin-cli") .clientId("admin-cli")
.build(); .build();
// 1. Vérifier/Créer le realm // 1. Vérifier/Créer le realm
ensureRealmExists(adminClient); ensureRealmExists(adminClient);
// 2. Créer les rôles // 2. Créer les rôles
ensureRolesExist(adminClient); ensureRolesExist(adminClient);
// 3. Créer l'utilisateur de test // 3. Créer l'utilisateur de test
String userId = ensureTestUserExists(adminClient); String userId = ensureTestUserExists(adminClient);
// 4. Assigner les rôles // 4. Assigner les rôles
assignRolesToUser(adminClient, userId); assignRolesToUser(adminClient, userId);
// 5. Vérifier/Créer le client et le mapper // 5. Vérifier/Créer le client et le mapper
ensureClientAndMapper(adminClient); ensureClientAndMapper(adminClient);
log.info("✓ Configuration Keycloak terminée avec succès"); log.info("✓ Configuration Keycloak terminée avec succès");
log.info(" Utilisateur de test: {} / {}", TEST_USER, TEST_PASSWORD); log.info(" Utilisateur de test: {} / {}", TEST_USER, TEST_PASSWORD);
log.info(" Rôles assignés: {}", String.join(", ", REQUIRED_ROLES)); log.info(" Rôles assignés: {}", String.join(", ", REQUIRED_ROLES));
} catch (Exception e) { } catch (Exception e) {
log.error("Erreur lors de la configuration Keycloak: {}", e.getMessage(), e); log.error("Erreur lors de la configuration Keycloak: {}", e.getMessage(), e);
} finally { } finally {
if (adminClient != null) { if (adminClient != null) {
adminClient.close(); adminClient.close();
} }
} }
*/ */
} }
private void ensureRealmExists(Keycloak adminClient) { private void ensureRealmExists(Keycloak adminClient) {
try { try {
adminClient.realms().realm(TEST_REALM).toRepresentation(); adminClient.realms().realm(TEST_REALM).toRepresentation();
log.debug("Realm '{}' existe déjà", TEST_REALM); log.debug("Realm '{}' existe déjà", TEST_REALM);
} catch (jakarta.ws.rs.NotFoundException e) { } catch (jakarta.ws.rs.NotFoundException e) {
log.info("Création du realm '{}'...", TEST_REALM); log.info("Création du realm '{}'...", TEST_REALM);
RealmRepresentation realm = new RealmRepresentation(); RealmRepresentation realm = new RealmRepresentation();
realm.setRealm(TEST_REALM); realm.setRealm(TEST_REALM);
realm.setEnabled(true); realm.setEnabled(true);
adminClient.realms().create(realm); adminClient.realms().create(realm);
log.info("✓ Realm '{}' créé", TEST_REALM); log.info("✓ Realm '{}' créé", TEST_REALM);
} }
} }
private void ensureRolesExist(Keycloak adminClient) { private void ensureRolesExist(Keycloak adminClient) {
var rolesResource = adminClient.realms().realm(TEST_REALM).roles(); var rolesResource = adminClient.realms().realm(TEST_REALM).roles();
for (String roleName : REQUIRED_ROLES) { for (String roleName : REQUIRED_ROLES) {
try { try {
rolesResource.get(roleName).toRepresentation(); rolesResource.get(roleName).toRepresentation();
log.debug("Rôle '{}' existe déjà", roleName); log.debug("Rôle '{}' existe déjà", roleName);
} catch (jakarta.ws.rs.NotFoundException e) { } catch (jakarta.ws.rs.NotFoundException e) {
log.info("Création du rôle '{}'...", roleName); log.info("Création du rôle '{}'...", roleName);
RoleRepresentation role = new RoleRepresentation(); RoleRepresentation role = new RoleRepresentation();
role.setName(roleName); role.setName(roleName);
role.setDescription("Rôle " + roleName + " pour lions-user-manager"); role.setDescription("Rôle " + roleName + " pour lions-user-manager");
rolesResource.create(role); rolesResource.create(role);
log.info("✓ Rôle '{}' créé", roleName); log.info("✓ Rôle '{}' créé", roleName);
} }
} }
} }
private String ensureTestUserExists(Keycloak adminClient) { private String ensureTestUserExists(Keycloak adminClient) {
var usersResource = adminClient.realms().realm(TEST_REALM).users(); var usersResource = adminClient.realms().realm(TEST_REALM).users();
// Chercher l'utilisateur // Chercher l'utilisateur
List<UserRepresentation> users = usersResource.search(TEST_USER, true); List<UserRepresentation> users = usersResource.search(TEST_USER, true);
String userId; String userId;
if (users != null && !users.isEmpty()) { if (users != null && !users.isEmpty()) {
userId = users.get(0).getId(); userId = users.get(0).getId();
log.debug("Utilisateur '{}' existe déjà (ID: {})", TEST_USER, userId); log.debug("Utilisateur '{}' existe déjà (ID: {})", TEST_USER, userId);
} else { } else {
log.info("Création de l'utilisateur '{}'...", TEST_USER); log.info("Création de l'utilisateur '{}'...", TEST_USER);
UserRepresentation user = new UserRepresentation(); UserRepresentation user = new UserRepresentation();
user.setUsername(TEST_USER); user.setUsername(TEST_USER);
user.setEmail(TEST_EMAIL); user.setEmail(TEST_EMAIL);
user.setFirstName("Test"); user.setFirstName("Test");
user.setLastName("User"); user.setLastName("User");
user.setEnabled(true); user.setEnabled(true);
user.setEmailVerified(true); user.setEmailVerified(true);
jakarta.ws.rs.core.Response response = usersResource.create(user); jakarta.ws.rs.core.Response response = usersResource.create(user);
userId = getCreatedId(response); userId = getCreatedId(response);
// Définir le mot de passe // Définir le mot de passe
CredentialRepresentation credential = new CredentialRepresentation(); CredentialRepresentation credential = new CredentialRepresentation();
credential.setType(CredentialRepresentation.PASSWORD); credential.setType(CredentialRepresentation.PASSWORD);
credential.setValue(TEST_PASSWORD); credential.setValue(TEST_PASSWORD);
credential.setTemporary(false); credential.setTemporary(false);
usersResource.get(userId).resetPassword(credential); usersResource.get(userId).resetPassword(credential);
log.info("✓ Utilisateur '{}' créé (ID: {})", TEST_USER, userId); log.info("✓ Utilisateur '{}' créé (ID: {})", TEST_USER, userId);
} }
return userId; return userId;
} }
private void assignRolesToUser(Keycloak adminClient, String userId) { private void assignRolesToUser(Keycloak adminClient, String userId) {
var usersResource = adminClient.realms().realm(TEST_REALM).users(); var usersResource = adminClient.realms().realm(TEST_REALM).users();
var rolesResource = adminClient.realms().realm(TEST_REALM).roles(); var rolesResource = adminClient.realms().realm(TEST_REALM).roles();
List<RoleRepresentation> rolesToAssign = new ArrayList<>(); List<RoleRepresentation> rolesToAssign = new ArrayList<>();
for (String roleName : REQUIRED_ROLES) { for (String roleName : REQUIRED_ROLES) {
RoleRepresentation role = rolesResource.get(roleName).toRepresentation(); RoleRepresentation role = rolesResource.get(roleName).toRepresentation();
rolesToAssign.add(role); rolesToAssign.add(role);
} }
usersResource.get(userId).roles().realmLevel().add(rolesToAssign); usersResource.get(userId).roles().realmLevel().add(rolesToAssign);
log.info("✓ {} rôles assignés à l'utilisateur", rolesToAssign.size()); log.info("✓ {} rôles assignés à l'utilisateur", rolesToAssign.size());
} }
private void ensureClientAndMapper(Keycloak adminClient) { private void ensureClientAndMapper(Keycloak adminClient) {
try { try {
var clientsResource = adminClient.realms().realm(TEST_REALM).clients(); var clientsResource = adminClient.realms().realm(TEST_REALM).clients();
var clients = clientsResource.findByClientId(CLIENT_ID); var clients = clientsResource.findByClientId(CLIENT_ID);
String clientId; String clientId;
if (clients == null || clients.isEmpty()) { if (clients == null || clients.isEmpty()) {
log.info("Création du client '{}'...", CLIENT_ID); log.info("Création du client '{}'...", CLIENT_ID);
org.keycloak.representations.idm.ClientRepresentation client = new org.keycloak.representations.idm.ClientRepresentation(); org.keycloak.representations.idm.ClientRepresentation client = new org.keycloak.representations.idm.ClientRepresentation();
client.setClientId(CLIENT_ID); client.setClientId(CLIENT_ID);
client.setName(CLIENT_ID); client.setName(CLIENT_ID);
client.setDescription("Client OIDC pour lions-user-manager"); client.setDescription("Client OIDC pour lions-user-manager");
client.setEnabled(true); client.setEnabled(true);
client.setPublicClient(false); client.setPublicClient(false);
client.setStandardFlowEnabled(true); client.setStandardFlowEnabled(true);
client.setDirectAccessGrantsEnabled(true); client.setDirectAccessGrantsEnabled(true);
client.setFullScopeAllowed(true); // IMPORTANT: Permet d'inclure tous les rôles dans le token client.setFullScopeAllowed(true); // IMPORTANT: Permet d'inclure tous les rôles dans le token
client.setRedirectUris(java.util.Arrays.asList( client.setRedirectUris(java.util.Arrays.asList(
"http://localhost:8080/*", "http://localhost:8080/*",
"http://localhost:8080/auth/callback" "http://localhost:8080/auth/callback"
)); ));
client.setWebOrigins(java.util.Arrays.asList("http://localhost:8080")); client.setWebOrigins(java.util.Arrays.asList("http://localhost:8080"));
client.setSecret("NTuaQpk5E6qiMqAWTFrCOcIkOABzZzKO"); client.setSecret("NTuaQpk5E6qiMqAWTFrCOcIkOABzZzKO");
jakarta.ws.rs.core.Response response = clientsResource.create(client); jakarta.ws.rs.core.Response response = clientsResource.create(client);
clientId = getCreatedId(response); clientId = getCreatedId(response);
log.info("✓ Client '{}' créé (ID: {})", CLIENT_ID, clientId); log.info("✓ Client '{}' créé (ID: {})", CLIENT_ID, clientId);
} else { } else {
clientId = clients.get(0).getId(); clientId = clients.get(0).getId();
log.debug("Client '{}' existe déjà (ID: {})", CLIENT_ID, clientId); log.debug("Client '{}' existe déjà (ID: {})", CLIENT_ID, clientId);
} }
// Ajouter le scope "roles" par défaut au client // Ajouter le scope "roles" par défaut au client
try { try {
var clientScopesResource = adminClient.realms().realm(TEST_REALM).clientScopes(); var clientScopesResource = adminClient.realms().realm(TEST_REALM).clientScopes();
var defaultClientScopes = clientScopesResource.findAll(); var defaultClientScopes = clientScopesResource.findAll();
var rolesScope = defaultClientScopes.stream() var rolesScope = defaultClientScopes.stream()
.filter(s -> "roles".equals(s.getName())) .filter(s -> "roles".equals(s.getName()))
.findFirst(); .findFirst();
if (rolesScope.isPresent()) { if (rolesScope.isPresent()) {
var clientResource = clientsResource.get(clientId); var clientResource = clientsResource.get(clientId);
var defaultScopes = clientResource.getDefaultClientScopes(); var defaultScopes = clientResource.getDefaultClientScopes();
boolean hasRolesScope = defaultScopes.stream() boolean hasRolesScope = defaultScopes.stream()
.anyMatch(s -> "roles".equals(s.getName())); .anyMatch(s -> "roles".equals(s.getName()));
if (!hasRolesScope) { if (!hasRolesScope) {
log.info("Ajout du scope 'roles' au client..."); log.info("Ajout du scope 'roles' au client...");
clientResource.addDefaultClientScope(rolesScope.get().getId()); clientResource.addDefaultClientScope(rolesScope.get().getId());
log.info("✓ Scope 'roles' ajouté au client"); log.info("✓ Scope 'roles' ajouté au client");
} else { } else {
log.debug("Scope 'roles' déjà présent sur le client"); log.debug("Scope 'roles' déjà présent sur le client");
} }
} else { } else {
log.warn("Scope 'roles' non trouvé dans les scopes par défaut du realm"); log.warn("Scope 'roles' non trouvé dans les scopes par défaut du realm");
} }
} catch (Exception e) { } catch (Exception e) {
log.warn("Erreur lors de l'ajout du scope 'roles': {}", e.getMessage()); log.warn("Erreur lors de l'ajout du scope 'roles': {}", e.getMessage());
} }
// Le scope "roles" de Keycloak crée automatiquement realm_access.roles // Le scope "roles" de Keycloak crée automatiquement realm_access.roles
// Pas besoin de mapper personnalisé si on utilise realm_access.roles // Pas besoin de mapper personnalisé si on utilise realm_access.roles
// Le mapper personnalisé peut créer des conflits (comme dans unionflow) // Le mapper personnalisé peut créer des conflits (comme dans unionflow)
log.debug("Le scope 'roles' est utilisé pour créer realm_access.roles automatiquement"); log.debug("Le scope 'roles' est utilisé pour créer realm_access.roles automatiquement");
} catch (Exception e) { } catch (Exception e) {
log.warn("Erreur lors de la vérification/création du client: {}", e.getMessage(), e); log.warn("Erreur lors de la vérification/création du client: {}", e.getMessage(), e);
} }
} }
private String getCreatedId(jakarta.ws.rs.core.Response response) { private String getCreatedId(jakarta.ws.rs.core.Response response) {
jakarta.ws.rs.core.Response.StatusType statusInfo = response.getStatusInfo(); jakarta.ws.rs.core.Response.StatusType statusInfo = response.getStatusInfo();
if (statusInfo.equals(jakarta.ws.rs.core.Response.Status.CREATED)) { if (statusInfo.equals(jakarta.ws.rs.core.Response.Status.CREATED)) {
String location = response.getLocation().getPath(); String location = response.getLocation().getPath();
return location.substring(location.lastIndexOf('/') + 1); return location.substring(location.lastIndexOf('/') + 1);
} }
throw new RuntimeException("Erreur lors de la création: " + statusInfo.getStatusCode()); throw new RuntimeException("Erreur lors de la création: " + statusInfo.getStatusCode());
} }
} }

152
src/main/java/dev/lions/user/manager/mapper/RoleMapper.java
View File

@@ -1,76 +1,76 @@
package dev.lions.user.manager.mapper; package dev.lions.user.manager.mapper;
import dev.lions.user.manager.dto.role.RoleDTO; import dev.lions.user.manager.dto.role.RoleDTO;
import dev.lions.user.manager.enums.role.TypeRole; import dev.lions.user.manager.enums.role.TypeRole;
import org.keycloak.representations.idm.RoleRepresentation; import org.keycloak.representations.idm.RoleRepresentation;
import java.util.List; import java.util.List;
import java.util.stream.Collectors; import java.util.stream.Collectors;
/** /**
* Mapper pour convertir entre RoleDTO et Keycloak RoleRepresentation * Mapper pour convertir entre RoleDTO et Keycloak RoleRepresentation
*/ */
public class RoleMapper { public class RoleMapper {
/** /**
* Convertit une RoleRepresentation Keycloak en RoleDTO * Convertit une RoleRepresentation Keycloak en RoleDTO
*/ */
public static RoleDTO toDTO(RoleRepresentation roleRep, String realmName, TypeRole typeRole) { public static RoleDTO toDTO(RoleRepresentation roleRep, String realmName, TypeRole typeRole) {
if (roleRep == null) { if (roleRep == null) {
return null; return null;
} }
return RoleDTO.builder() return RoleDTO.builder()
.id(roleRep.getId()) .id(roleRep.getId())
.name(roleRep.getName()) .name(roleRep.getName())
.description(roleRep.getDescription()) .description(roleRep.getDescription())
.typeRole(typeRole) .typeRole(typeRole)
.realmName(realmName) .realmName(realmName)
.composite(roleRep.isComposite()) .composite(roleRep.isComposite())
.build(); .build();
} }
/** /**
* Convertit un RoleDTO en RoleRepresentation Keycloak * Convertit un RoleDTO en RoleRepresentation Keycloak
*/ */
public static RoleRepresentation toRepresentation(RoleDTO roleDTO) { public static RoleRepresentation toRepresentation(RoleDTO roleDTO) {
if (roleDTO == null) { if (roleDTO == null) {
return null; return null;
} }
RoleRepresentation roleRep = new RoleRepresentation(); RoleRepresentation roleRep = new RoleRepresentation();
roleRep.setId(roleDTO.getId()); roleRep.setId(roleDTO.getId());
roleRep.setName(roleDTO.getName()); roleRep.setName(roleDTO.getName());
roleRep.setDescription(roleDTO.getDescription()); roleRep.setDescription(roleDTO.getDescription());
roleRep.setComposite(roleDTO.isComposite()); roleRep.setComposite(roleDTO.isComposite());
roleRep.setClientRole(roleDTO.getTypeRole() == TypeRole.CLIENT_ROLE); roleRep.setClientRole(roleDTO.getTypeRole() == TypeRole.CLIENT_ROLE);
return roleRep; return roleRep;
} }
/** /**
* Convertit une liste de RoleRepresentation en liste de RoleDTO * Convertit une liste de RoleRepresentation en liste de RoleDTO
*/ */
public static List<RoleDTO> toDTOList(List<RoleRepresentation> roleReps, String realmName, TypeRole typeRole) { public static List<RoleDTO> toDTOList(List<RoleRepresentation> roleReps, String realmName, TypeRole typeRole) {
if (roleReps == null) { if (roleReps == null) {
return List.of(); return List.of();
} }
return roleReps.stream() return roleReps.stream()
.map(roleRep -> toDTO(roleRep, realmName, typeRole)) .map(roleRep -> toDTO(roleRep, realmName, typeRole))
.collect(Collectors.toList()); .collect(Collectors.toList());
} }
/** /**
* Convertit une liste de RoleDTO en liste de RoleRepresentation * Convertit une liste de RoleDTO en liste de RoleRepresentation
*/ */
public static List<RoleRepresentation> toRepresentationList(List<RoleDTO> roleDTOs) { public static List<RoleRepresentation> toRepresentationList(List<RoleDTO> roleDTOs) {
if (roleDTOs == null) { if (roleDTOs == null) {
return List.of(); return List.of();
} }
return roleDTOs.stream() return roleDTOs.stream()
.map(RoleMapper::toRepresentation) .map(RoleMapper::toRepresentation)
.collect(Collectors.toList()); .collect(Collectors.toList());
} }
} }

346
src/main/java/dev/lions/user/manager/mapper/UserMapper.java
View File

@@ -1,173 +1,173 @@
package dev.lions.user.manager.mapper; package dev.lions.user.manager.mapper;
import dev.lions.user.manager.dto.user.UserDTO; import dev.lions.user.manager.dto.user.UserDTO;
import dev.lions.user.manager.enums.user.StatutUser; import dev.lions.user.manager.enums.user.StatutUser;
import org.keycloak.representations.idm.UserRepresentation; import org.keycloak.representations.idm.UserRepresentation;
import java.time.Instant; import java.time.Instant;
import java.time.LocalDateTime; import java.time.LocalDateTime;
import java.time.ZoneId; import java.time.ZoneId;
import java.util.ArrayList; import java.util.ArrayList;
import java.util.HashMap; import java.util.HashMap;
import java.util.List; import java.util.List;
import java.util.Map; import java.util.Map;
import java.util.stream.Collectors; import java.util.stream.Collectors;
/** /**
* Mapper pour convertir UserRepresentation (Keycloak) -> UserDTO * Mapper pour convertir UserRepresentation (Keycloak) -> UserDTO
* Utilisé pour transformer les objets de l'API Keycloak vers nos DTOs * Utilisé pour transformer les objets de l'API Keycloak vers nos DTOs
*/ */
public class UserMapper { public class UserMapper {
private UserMapper() { private UserMapper() {
// Classe utilitaire // Classe utilitaire
} }
/** /**
* Convertit UserRepresentation vers UserDTO * Convertit UserRepresentation vers UserDTO
* @param userRep UserRepresentation de Keycloak * @param userRep UserRepresentation de Keycloak
* @param realmName nom du realm * @param realmName nom du realm
* @return UserDTO * @return UserDTO
*/ */
public static UserDTO toDTO(UserRepresentation userRep, String realmName) { public static UserDTO toDTO(UserRepresentation userRep, String realmName) {
if (userRep == null) { if (userRep == null) {
return null; return null;
} }
return UserDTO.builder() return UserDTO.builder()
.id(userRep.getId()) .id(userRep.getId())
.username(userRep.getUsername()) .username(userRep.getUsername())
.email(userRep.getEmail()) .email(userRep.getEmail())
.emailVerified(userRep.isEmailVerified()) .emailVerified(userRep.isEmailVerified())
.prenom(userRep.getFirstName()) .prenom(userRep.getFirstName())
.nom(userRep.getLastName()) .nom(userRep.getLastName())
.statut(StatutUser.fromEnabled(userRep.isEnabled())) .statut(StatutUser.fromEnabled(userRep.isEnabled()))
.enabled(userRep.isEnabled()) .enabled(userRep.isEnabled())
.realmName(realmName) .realmName(realmName)
.attributes(userRep.getAttributes()) .attributes(userRep.getAttributes())
.requiredActions(userRep.getRequiredActions()) .requiredActions(userRep.getRequiredActions())
.dateCreation(convertTimestamp(userRep.getCreatedTimestamp())) .dateCreation(convertTimestamp(userRep.getCreatedTimestamp()))
.telephone(getAttributeValue(userRep, "phone_number")) .telephone(getAttributeValue(userRep, "phone_number"))
.organisation(getAttributeValue(userRep, "organization")) .organisation(getAttributeValue(userRep, "organization"))
.departement(getAttributeValue(userRep, "department")) .departement(getAttributeValue(userRep, "department"))
.fonction(getAttributeValue(userRep, "job_title")) .fonction(getAttributeValue(userRep, "job_title"))
.pays(getAttributeValue(userRep, "country")) .pays(getAttributeValue(userRep, "country"))
.ville(getAttributeValue(userRep, "city")) .ville(getAttributeValue(userRep, "city"))
.langue(getAttributeValue(userRep, "locale")) .langue(getAttributeValue(userRep, "locale"))
.timezone(getAttributeValue(userRep, "timezone")) .timezone(getAttributeValue(userRep, "timezone"))
.build(); .build();
} }
/** /**
* Convertit UserDTO vers UserRepresentation * Convertit UserDTO vers UserRepresentation
* @param userDTO UserDTO * @param userDTO UserDTO
* @return UserRepresentation * @return UserRepresentation
*/ */
public static UserRepresentation toRepresentation(UserDTO userDTO) { public static UserRepresentation toRepresentation(UserDTO userDTO) {
if (userDTO == null) { if (userDTO == null) {
return null; return null;
} }
UserRepresentation userRep = new UserRepresentation(); UserRepresentation userRep = new UserRepresentation();
userRep.setId(userDTO.getId()); userRep.setId(userDTO.getId());
userRep.setUsername(userDTO.getUsername()); userRep.setUsername(userDTO.getUsername());
userRep.setEmail(userDTO.getEmail()); userRep.setEmail(userDTO.getEmail());
userRep.setEmailVerified(userDTO.getEmailVerified()); userRep.setEmailVerified(userDTO.getEmailVerified());
userRep.setFirstName(userDTO.getPrenom()); userRep.setFirstName(userDTO.getPrenom());
userRep.setLastName(userDTO.getNom()); userRep.setLastName(userDTO.getNom());
userRep.setEnabled(userDTO.getEnabled() != null ? userDTO.getEnabled() : true); userRep.setEnabled(userDTO.getEnabled() != null ? userDTO.getEnabled() : true);
// Attributs personnalisés // Attributs personnalisés
Map<String, List<String>> attributes = new HashMap<>(); Map<String, List<String>> attributes = new HashMap<>();
if (userDTO.getTelephone() != null) { if (userDTO.getTelephone() != null) {
attributes.put("phone_number", List.of(userDTO.getTelephone())); attributes.put("phone_number", List.of(userDTO.getTelephone()));
} }
if (userDTO.getOrganisation() != null) { if (userDTO.getOrganisation() != null) {
attributes.put("organization", List.of(userDTO.getOrganisation())); attributes.put("organization", List.of(userDTO.getOrganisation()));
} }
if (userDTO.getDepartement() != null) { if (userDTO.getDepartement() != null) {
attributes.put("department", List.of(userDTO.getDepartement())); attributes.put("department", List.of(userDTO.getDepartement()));
} }
if (userDTO.getFonction() != null) { if (userDTO.getFonction() != null) {
attributes.put("job_title", List.of(userDTO.getFonction())); attributes.put("job_title", List.of(userDTO.getFonction()));
} }
if (userDTO.getPays() != null) { if (userDTO.getPays() != null) {
attributes.put("country", List.of(userDTO.getPays())); attributes.put("country", List.of(userDTO.getPays()));
} }
if (userDTO.getVille() != null) { if (userDTO.getVille() != null) {
attributes.put("city", List.of(userDTO.getVille())); attributes.put("city", List.of(userDTO.getVille()));
} }
if (userDTO.getLangue() != null) { if (userDTO.getLangue() != null) {
attributes.put("locale", List.of(userDTO.getLangue())); attributes.put("locale", List.of(userDTO.getLangue()));
} }
if (userDTO.getTimezone() != null) { if (userDTO.getTimezone() != null) {
attributes.put("timezone", List.of(userDTO.getTimezone())); attributes.put("timezone", List.of(userDTO.getTimezone()));
} }
// Ajouter les attributs existants du DTO // Ajouter les attributs existants du DTO
if (userDTO.getAttributes() != null) { if (userDTO.getAttributes() != null) {
attributes.putAll(userDTO.getAttributes()); attributes.putAll(userDTO.getAttributes());
} }
userRep.setAttributes(attributes); userRep.setAttributes(attributes);
// Actions requises // Actions requises
if (userDTO.getRequiredActions() != null) { if (userDTO.getRequiredActions() != null) {
userRep.setRequiredActions(userDTO.getRequiredActions()); userRep.setRequiredActions(userDTO.getRequiredActions());
} }
return userRep; return userRep;
} }
/** /**
* Convertit une liste de UserRepresentation vers UserDTO * Convertit une liste de UserRepresentation vers UserDTO
* @param userReps liste de UserRepresentation * @param userReps liste de UserRepresentation
* @param realmName nom du realm * @param realmName nom du realm
* @return liste de UserDTO * @return liste de UserDTO
*/ */
public static List<UserDTO> toDTOList(List<UserRepresentation> userReps, String realmName) { public static List<UserDTO> toDTOList(List<UserRepresentation> userReps, String realmName) {
if (userReps == null) { if (userReps == null) {
return new ArrayList<>(); return new ArrayList<>();
} }
return userReps.stream() return userReps.stream()
.map(userRep -> toDTO(userRep, realmName)) .map(userRep -> toDTO(userRep, realmName))
.collect(Collectors.toList()); .collect(Collectors.toList());
} }
/** /**
* Récupère la valeur d'un attribut Keycloak * Récupère la valeur d'un attribut Keycloak
* @param userRep UserRepresentation * @param userRep UserRepresentation
* @param attributeName nom de l'attribut * @param attributeName nom de l'attribut
* @return valeur de l'attribut ou null * @return valeur de l'attribut ou null
*/ */
private static String getAttributeValue(UserRepresentation userRep, String attributeName) { private static String getAttributeValue(UserRepresentation userRep, String attributeName) {
if (userRep.getAttributes() == null) { if (userRep.getAttributes() == null) {
return null; return null;
} }
List<String> values = userRep.getAttributes().get(attributeName); List<String> values = userRep.getAttributes().get(attributeName);
if (values == null || values.isEmpty()) { if (values == null || values.isEmpty()) {
return null; return null;
} }
return values.get(0); return values.get(0);
} }
/** /**
* Convertit un timestamp (millisecondes) vers LocalDateTime * Convertit un timestamp (millisecondes) vers LocalDateTime
* @param timestamp timestamp en millisecondes * @param timestamp timestamp en millisecondes
* @return LocalDateTime ou null * @return LocalDateTime ou null
*/ */
private static LocalDateTime convertTimestamp(Long timestamp) { private static LocalDateTime convertTimestamp(Long timestamp) {
if (timestamp == null) { if (timestamp == null) {
return null; return null;
} }
return LocalDateTime.ofInstant( return LocalDateTime.ofInstant(
Instant.ofEpochMilli(timestamp), Instant.ofEpochMilli(timestamp),
ZoneId.systemDefault() ZoneId.systemDefault()
); );
} }
} }

342
src/main/java/dev/lions/user/manager/resource/AuditResource.java
View File

@@ -1,171 +1,171 @@
package dev.lions.user.manager.resource; package dev.lions.user.manager.resource;
import dev.lions.user.manager.api.AuditResourceApi; import dev.lions.user.manager.api.AuditResourceApi;
import dev.lions.user.manager.dto.audit.AuditLogDTO; import dev.lions.user.manager.dto.audit.AuditLogDTO;
import dev.lions.user.manager.dto.common.CountDTO; import dev.lions.user.manager.dto.common.CountDTO;
import dev.lions.user.manager.enums.audit.TypeActionAudit; import dev.lions.user.manager.enums.audit.TypeActionAudit;
import dev.lions.user.manager.service.AuditService; import dev.lions.user.manager.service.AuditService;
import jakarta.annotation.security.RolesAllowed; import jakarta.annotation.security.RolesAllowed;
import jakarta.inject.Inject; import jakarta.inject.Inject;
import jakarta.ws.rs.core.Response; import jakarta.ws.rs.core.Response;
import org.eclipse.microprofile.config.inject.ConfigProperty; import org.eclipse.microprofile.config.inject.ConfigProperty;
import lombok.extern.slf4j.Slf4j; import lombok.extern.slf4j.Slf4j;
import java.time.LocalDateTime; import java.time.LocalDateTime;
import java.util.List; import java.util.List;
import java.util.Map; import java.util.Map;
import java.util.stream.Collectors; import java.util.stream.Collectors;
/** /**
* REST Resource pour l'audit et la consultation des logs * REST Resource pour l'audit et la consultation des logs
* Implémente l'interface API commune. * Implémente l'interface API commune.
*/ */
@Slf4j @Slf4j
@jakarta.enterprise.context.ApplicationScoped @jakarta.enterprise.context.ApplicationScoped
@jakarta.ws.rs.Path("/api/audit") @jakarta.ws.rs.Path("/api/audit")
public class AuditResource implements AuditResourceApi { public class AuditResource implements AuditResourceApi {
private static final String DEFAULT_REALM_VALUE = "master"; private static final String DEFAULT_REALM_VALUE = "master";
@Inject @Inject
AuditService auditService; AuditService auditService;
@ConfigProperty(name = "lions.keycloak.admin-realm", defaultValue = DEFAULT_REALM_VALUE) @ConfigProperty(name = "lions.keycloak.admin-realm", defaultValue = DEFAULT_REALM_VALUE)
String defaultRealm; String defaultRealm;
@Override @Override
@RolesAllowed({ "admin", "auditor" }) @RolesAllowed({ "admin", "auditor" })
public List<AuditLogDTO> searchLogs( public List<AuditLogDTO> searchLogs(
String acteurUsername, String acteurUsername,
String dateDebutStr, String dateDebutStr,
String dateFinStr, String dateFinStr,
TypeActionAudit typeAction, TypeActionAudit typeAction,
String ressourceType, String ressourceType,
Boolean succes, Boolean succes,
int page, int page,
int pageSize) { int pageSize) {
log.info("POST /api/audit/search - Recherche de logs"); log.info("POST /api/audit/search - Recherche de logs");
LocalDateTime dateDebut = dateDebutStr != null ? LocalDateTime.parse(dateDebutStr) : null; LocalDateTime dateDebut = dateDebutStr != null ? LocalDateTime.parse(dateDebutStr) : null;
LocalDateTime dateFin = dateFinStr != null ? LocalDateTime.parse(dateFinStr) : null; LocalDateTime dateFin = dateFinStr != null ? LocalDateTime.parse(dateFinStr) : null;
// Utiliser findByActeur si acteurUsername est fourni, sinon findByRealm // Utiliser findByActeur si acteurUsername est fourni, sinon findByRealm
List<AuditLogDTO> logs; List<AuditLogDTO> logs;
if (acteurUsername != null && !acteurUsername.isBlank()) { if (acteurUsername != null && !acteurUsername.isBlank()) {
logs = auditService.findByActeur(acteurUsername, dateDebut, dateFin, page, pageSize); logs = auditService.findByActeur(acteurUsername, dateDebut, dateFin, page, pageSize);
} else { } else {
// Pour une recherche générale, utiliser findByRealm (on utilise defaultRealm par // Pour une recherche générale, utiliser findByRealm (on utilise defaultRealm par
// défaut) // défaut)
logs = auditService.findByRealm(defaultRealm, dateDebut, dateFin, page, pageSize); logs = auditService.findByRealm(defaultRealm, dateDebut, dateFin, page, pageSize);
} }
// Filtrer par typeAction, ressourceType et succes si fournis // Filtrer par typeAction, ressourceType et succes si fournis
if (typeAction != null || ressourceType != null || succes != null) { if (typeAction != null || ressourceType != null || succes != null) {
logs = logs.stream() logs = logs.stream()
.filter(log -> typeAction == null || typeAction.equals(log.getTypeAction())) .filter(log -> typeAction == null || typeAction.equals(log.getTypeAction()))
.filter(log -> ressourceType == null || ressourceType.equals(log.getRessourceType())) .filter(log -> ressourceType == null || ressourceType.equals(log.getRessourceType()))
.filter(log -> succes == null || succes == log.isSuccessful()) .filter(log -> succes == null || succes == log.isSuccessful())
.collect(Collectors.toList()); .collect(Collectors.toList());
} }
return logs; return logs;
} }
@Override @Override
@RolesAllowed({ "admin", "auditor" }) @RolesAllowed({ "admin", "auditor" })
public List<AuditLogDTO> getLogsByActor(String acteurUsername, int limit) { public List<AuditLogDTO> getLogsByActor(String acteurUsername, int limit) {
log.info("GET /api/audit/actor/{} - Limite: {}", acteurUsername, limit); log.info("GET /api/audit/actor/{} - Limite: {}", acteurUsername, limit);
return auditService.findByActeur(acteurUsername, null, null, 0, limit); return auditService.findByActeur(acteurUsername, null, null, 0, limit);
} }
@Override @Override
@RolesAllowed({ "admin", "auditor" }) @RolesAllowed({ "admin", "auditor" })
public List<AuditLogDTO> getLogsByResource(String ressourceType, String ressourceId, int limit) { public List<AuditLogDTO> getLogsByResource(String ressourceType, String ressourceId, int limit) {
log.info("GET /api/audit/resource/{}/{} - Limite: {}", ressourceType, ressourceId, limit); log.info("GET /api/audit/resource/{}/{} - Limite: {}", ressourceType, ressourceId, limit);
return auditService.findByRessource(ressourceType, ressourceId, null, null, 0, limit); return auditService.findByRessource(ressourceType, ressourceId, null, null, 0, limit);
} }
@Override @Override
@RolesAllowed({ "admin", "auditor" }) @RolesAllowed({ "admin", "auditor" })
public List<AuditLogDTO> getLogsByAction(TypeActionAudit typeAction, String dateDebutStr, String dateFinStr, public List<AuditLogDTO> getLogsByAction(TypeActionAudit typeAction, String dateDebutStr, String dateFinStr,
int limit) { int limit) {
log.info("GET /api/audit/action/{} - Limite: {}", typeAction, limit); log.info("GET /api/audit/action/{} - Limite: {}", typeAction, limit);
LocalDateTime dateDebut = dateDebutStr != null ? LocalDateTime.parse(dateDebutStr) : null; LocalDateTime dateDebut = dateDebutStr != null ? LocalDateTime.parse(dateDebutStr) : null;
LocalDateTime dateFin = dateFinStr != null ? LocalDateTime.parse(dateFinStr) : null; LocalDateTime dateFin = dateFinStr != null ? LocalDateTime.parse(dateFinStr) : null;
return auditService.findByTypeAction(typeAction, defaultRealm, dateDebut, dateFin, 0, limit); return auditService.findByTypeAction(typeAction, defaultRealm, dateDebut, dateFin, 0, limit);
} }
@Override @Override
@RolesAllowed({ "admin", "auditor" }) @RolesAllowed({ "admin", "auditor" })
public Map<TypeActionAudit, Long> getActionStatistics(String dateDebutStr, String dateFinStr) { public Map<TypeActionAudit, Long> getActionStatistics(String dateDebutStr, String dateFinStr) {
log.info("GET /api/audit/stats/actions - Période: {} à {}", dateDebutStr, dateFinStr); log.info("GET /api/audit/stats/actions - Période: {} à {}", dateDebutStr, dateFinStr);
LocalDateTime dateDebut = dateDebutStr != null ? LocalDateTime.parse(dateDebutStr) : null; LocalDateTime dateDebut = dateDebutStr != null ? LocalDateTime.parse(dateDebutStr) : null;
LocalDateTime dateFin = dateFinStr != null ? LocalDateTime.parse(dateFinStr) : null; LocalDateTime dateFin = dateFinStr != null ? LocalDateTime.parse(dateFinStr) : null;
return auditService.countByActionType(defaultRealm, dateDebut, dateFin); return auditService.countByActionType(defaultRealm, dateDebut, dateFin);
} }
@Override @Override
@RolesAllowed({ "admin", "auditor" }) @RolesAllowed({ "admin", "auditor" })
public Map<String, Long> getUserActivityStatistics(String dateDebutStr, String dateFinStr) { public Map<String, Long> getUserActivityStatistics(String dateDebutStr, String dateFinStr) {
log.info("GET /api/audit/stats/users - Période: {} à {}", dateDebutStr, dateFinStr); log.info("GET /api/audit/stats/users - Période: {} à {}", dateDebutStr, dateFinStr);
LocalDateTime dateDebut = dateDebutStr != null ? LocalDateTime.parse(dateDebutStr) : null; LocalDateTime dateDebut = dateDebutStr != null ? LocalDateTime.parse(dateDebutStr) : null;
LocalDateTime dateFin = dateFinStr != null ? LocalDateTime.parse(dateFinStr) : null; LocalDateTime dateFin = dateFinStr != null ? LocalDateTime.parse(dateFinStr) : null;
return auditService.countByActeur(defaultRealm, dateDebut, dateFin); return auditService.countByActeur(defaultRealm, dateDebut, dateFin);
} }
@Override @Override
@RolesAllowed({ "admin", "auditor" }) @RolesAllowed({ "admin", "auditor" })
public CountDTO getFailureCount(String dateDebutStr, String dateFinStr) { public CountDTO getFailureCount(String dateDebutStr, String dateFinStr) {
log.info("GET /api/audit/stats/failures - Période: {} à {}", dateDebutStr, dateFinStr); log.info("GET /api/audit/stats/failures - Période: {} à {}", dateDebutStr, dateFinStr);
LocalDateTime dateDebut = dateDebutStr != null ? LocalDateTime.parse(dateDebutStr) : null; LocalDateTime dateDebut = dateDebutStr != null ? LocalDateTime.parse(dateDebutStr) : null;
LocalDateTime dateFin = dateFinStr != null ? LocalDateTime.parse(dateFinStr) : null; LocalDateTime dateFin = dateFinStr != null ? LocalDateTime.parse(dateFinStr) : null;
Map<String, Long> successVsFailure = auditService.countSuccessVsFailure(defaultRealm, dateDebut, dateFin); Map<String, Long> successVsFailure = auditService.countSuccessVsFailure(defaultRealm, dateDebut, dateFin);
long count = successVsFailure.getOrDefault("failure", 0L); long count = successVsFailure.getOrDefault("failure", 0L);
return new CountDTO(count); return new CountDTO(count);
} }
@Override @Override
@RolesAllowed({ "admin", "auditor" }) @RolesAllowed({ "admin", "auditor" })
public CountDTO getSuccessCount(String dateDebutStr, String dateFinStr) { public CountDTO getSuccessCount(String dateDebutStr, String dateFinStr) {
log.info("GET /api/audit/stats/success - Période: {} à {}", dateDebutStr, dateFinStr); log.info("GET /api/audit/stats/success - Période: {} à {}", dateDebutStr, dateFinStr);
LocalDateTime dateDebut = dateDebutStr != null ? LocalDateTime.parse(dateDebutStr) : null; LocalDateTime dateDebut = dateDebutStr != null ? LocalDateTime.parse(dateDebutStr) : null;
LocalDateTime dateFin = dateFinStr != null ? LocalDateTime.parse(dateFinStr) : null; LocalDateTime dateFin = dateFinStr != null ? LocalDateTime.parse(dateFinStr) : null;
Map<String, Long> successVsFailure = auditService.countSuccessVsFailure(defaultRealm, dateDebut, dateFin); Map<String, Long> successVsFailure = auditService.countSuccessVsFailure(defaultRealm, dateDebut, dateFin);
long count = successVsFailure.getOrDefault("success", 0L); long count = successVsFailure.getOrDefault("success", 0L);
return new CountDTO(count); return new CountDTO(count);
} }
@Override @Override
@RolesAllowed({ "admin", "auditor" }) @RolesAllowed({ "admin", "auditor" })
public Response exportLogsToCSV(String dateDebutStr, String dateFinStr) { public Response exportLogsToCSV(String dateDebutStr, String dateFinStr) {
log.info("GET /api/audit/export/csv - Période: {} à {}", dateDebutStr, dateFinStr); log.info("GET /api/audit/export/csv - Période: {} à {}", dateDebutStr, dateFinStr);
try { try {
LocalDateTime dateDebut = dateDebutStr != null ? LocalDateTime.parse(dateDebutStr) : null; LocalDateTime dateDebut = dateDebutStr != null ? LocalDateTime.parse(dateDebutStr) : null;
LocalDateTime dateFin = dateFinStr != null ? LocalDateTime.parse(dateFinStr) : null; LocalDateTime dateFin = dateFinStr != null ? LocalDateTime.parse(dateFinStr) : null;
String csvContent = auditService.exportToCSV(defaultRealm, dateDebut, dateFin); String csvContent = auditService.exportToCSV(defaultRealm, dateDebut, dateFin);
return Response.ok(csvContent) return Response.ok(csvContent)
.header("Content-Disposition", "attachment; filename=\"audit-logs-" + .header("Content-Disposition", "attachment; filename=\"audit-logs-" +
LocalDateTime.now().toString().replace(":", "-") + ".csv\"") LocalDateTime.now().toString().replace(":", "-") + ".csv\"")
.build(); .build();
} catch (Exception e) { } catch (Exception e) {
log.error("Erreur lors de l'export CSV des logs", e); log.error("Erreur lors de l'export CSV des logs", e);
throw new RuntimeException(e); throw new RuntimeException(e);
} }
} }
@Override @Override
@RolesAllowed({ "admin" }) @RolesAllowed({ "admin" })
public void purgeOldLogs(int joursAnciennete) { public void purgeOldLogs(int joursAnciennete) {
log.info("DELETE /api/audit/purge - Suppression des logs de plus de {} jours", joursAnciennete); log.info("DELETE /api/audit/purge - Suppression des logs de plus de {} jours", joursAnciennete);
LocalDateTime dateLimite = LocalDateTime.now().minusDays(joursAnciennete); LocalDateTime dateLimite = LocalDateTime.now().minusDays(joursAnciennete);
auditService.purgeOldLogs(dateLimite); auditService.purgeOldLogs(dateLimite);
} }
} }

136
src/main/java/dev/lions/user/manager/resource/HealthResourceEndpoint.java
View File

@@ -1,68 +1,68 @@
package dev.lions.user.manager.resource; package dev.lions.user.manager.resource;
import dev.lions.user.manager.client.KeycloakAdminClient; import dev.lions.user.manager.client.KeycloakAdminClient;
import jakarta.inject.Inject; import jakarta.inject.Inject;
import jakarta.ws.rs.GET; import jakarta.ws.rs.GET;
import jakarta.ws.rs.Path; import jakarta.ws.rs.Path;
import jakarta.ws.rs.Produces; import jakarta.ws.rs.Produces;
import jakarta.ws.rs.core.MediaType; import jakarta.ws.rs.core.MediaType;
import lombok.extern.slf4j.Slf4j; import lombok.extern.slf4j.Slf4j;
import java.util.HashMap; import java.util.HashMap;
import java.util.Map; import java.util.Map;
/** /**
* Resource REST pour health et readiness * Resource REST pour health et readiness
*/ */
@Path("/api/health") @Path("/api/health")
@Produces(MediaType.APPLICATION_JSON) @Produces(MediaType.APPLICATION_JSON)
@Slf4j @Slf4j
public class HealthResourceEndpoint { public class HealthResourceEndpoint {
@Inject @Inject
KeycloakAdminClient keycloakAdminClient; KeycloakAdminClient keycloakAdminClient;
@GET @GET
@Path("/keycloak") @Path("/keycloak")
public Map<String, Object> getKeycloakHealth() { public Map<String, Object> getKeycloakHealth() {
Map<String, Object> health = new HashMap<>(); Map<String, Object> health = new HashMap<>();
try { try {
// Vérifier simplement que le client est initialisé (pas d'appel réel à Keycloak) // Vérifier simplement que le client est initialisé (pas d'appel réel à Keycloak)
boolean initialized = keycloakAdminClient.getInstance() != null; boolean initialized = keycloakAdminClient.getInstance() != null;
health.put("status", initialized ? "UP" : "DOWN"); health.put("status", initialized ? "UP" : "DOWN");
health.put("connected", initialized); health.put("connected", initialized);
health.put("message", initialized ? "Client Keycloak initialisé" : "Client non initialisé"); health.put("message", initialized ? "Client Keycloak initialisé" : "Client non initialisé");
health.put("timestamp", System.currentTimeMillis()); health.put("timestamp", System.currentTimeMillis());
} catch (Exception e) { } catch (Exception e) {
log.error("Erreur health check Keycloak", e); log.error("Erreur health check Keycloak", e);
health.put("status", "ERROR"); health.put("status", "ERROR");
health.put("connected", false); health.put("connected", false);
health.put("error", e.getMessage()); health.put("error", e.getMessage());
health.put("timestamp", System.currentTimeMillis()); health.put("timestamp", System.currentTimeMillis());
} }
return health; return health;
} }
@GET @GET
@Path("/status") @Path("/status")
public Map<String, Object> getServiceStatus() { public Map<String, Object> getServiceStatus() {
Map<String, Object> status = new HashMap<>(); Map<String, Object> status = new HashMap<>();
status.put("service", "lions-user-manager-server"); status.put("service", "lions-user-manager-server");
status.put("version", "1.0.0"); status.put("version", "1.0.0");
status.put("status", "UP"); status.put("status", "UP");
status.put("timestamp", System.currentTimeMillis()); status.put("timestamp", System.currentTimeMillis());
// Health Keycloak // Health Keycloak
try { try {
boolean keycloakConnected = keycloakAdminClient.isConnected(); boolean keycloakConnected = keycloakAdminClient.isConnected();
status.put("keycloak", keycloakConnected ? "CONNECTED" : "DISCONNECTED"); status.put("keycloak", keycloakConnected ? "CONNECTED" : "DISCONNECTED");
} catch (Exception e) { } catch (Exception e) {
status.put("keycloak", "ERROR"); status.put("keycloak", "ERROR");
status.put("keycloakError", e.getMessage()); status.put("keycloakError", e.getMessage());
} }
return status; return status;
} }
} }

100
src/main/java/dev/lions/user/manager/resource/KeycloakHealthCheck.java
View File

@@ -1,50 +1,50 @@
package dev.lions.user.manager.resource; package dev.lions.user.manager.resource;
import dev.lions.user.manager.client.KeycloakAdminClient; import dev.lions.user.manager.client.KeycloakAdminClient;
import jakarta.inject.Inject; import jakarta.inject.Inject;
import lombok.extern.slf4j.Slf4j; import lombok.extern.slf4j.Slf4j;
import org.eclipse.microprofile.health.HealthCheck; import org.eclipse.microprofile.health.HealthCheck;
import org.eclipse.microprofile.health.HealthCheckResponse; import org.eclipse.microprofile.health.HealthCheckResponse;
import org.eclipse.microprofile.health.Readiness; import org.eclipse.microprofile.health.Readiness;
/** /**
* Health check pour Keycloak * Health check pour Keycloak
*/ */
@Readiness @Readiness
@Slf4j @Slf4j
public class KeycloakHealthCheck implements HealthCheck { public class KeycloakHealthCheck implements HealthCheck {
@Inject @Inject
KeycloakAdminClient keycloakAdminClient; KeycloakAdminClient keycloakAdminClient;
@Override @Override
public HealthCheckResponse call() { public HealthCheckResponse call() {
try { try {
boolean connected = keycloakAdminClient.isConnected(); boolean connected = keycloakAdminClient.isConnected();
if (connected) { if (connected) {
return HealthCheckResponse.builder() return HealthCheckResponse.builder()
.name("keycloak-connection") .name("keycloak-connection")
.up() .up()
.withData("status", "connected") .withData("status", "connected")
.withData("message", "Keycloak est disponible") .withData("message", "Keycloak est disponible")
.build(); .build();
} else { } else {
return HealthCheckResponse.builder() return HealthCheckResponse.builder()
.name("keycloak-connection") .name("keycloak-connection")
.down() .down()
.withData("status", "disconnected") .withData("status", "disconnected")
.withData("message", "Keycloak n'est pas disponible") .withData("message", "Keycloak n'est pas disponible")
.build(); .build();
} }
} catch (Exception e) { } catch (Exception e) {
log.error("Erreur lors du health check Keycloak", e); log.error("Erreur lors du health check Keycloak", e);
return HealthCheckResponse.builder() return HealthCheckResponse.builder()
.name("keycloak-connection") .name("keycloak-connection")
.down() .down()
.withData("status", "error") .withData("status", "error")
.withData("message", e.getMessage()) .withData("message", e.getMessage())
.build(); .build();
} }
} }
} }

282
src/main/java/dev/lions/user/manager/resource/RealmAssignmentResource.java
View File

@@ -1,141 +1,141 @@
package dev.lions.user.manager.resource; package dev.lions.user.manager.resource;
import dev.lions.user.manager.api.RealmAssignmentResourceApi; import dev.lions.user.manager.api.RealmAssignmentResourceApi;
import dev.lions.user.manager.dto.realm.AuthorizedRealmsDTO; import dev.lions.user.manager.dto.realm.AuthorizedRealmsDTO;
import dev.lions.user.manager.dto.realm.RealmAccessCheckDTO; import dev.lions.user.manager.dto.realm.RealmAccessCheckDTO;
import dev.lions.user.manager.dto.realm.RealmAssignmentDTO; import dev.lions.user.manager.dto.realm.RealmAssignmentDTO;
import dev.lions.user.manager.service.RealmAuthorizationService; import dev.lions.user.manager.service.RealmAuthorizationService;
import jakarta.annotation.security.RolesAllowed; import jakarta.annotation.security.RolesAllowed;
import jakarta.inject.Inject; import jakarta.inject.Inject;
import jakarta.validation.Valid; import jakarta.validation.Valid;
import jakarta.validation.constraints.NotNull; import jakarta.validation.constraints.NotNull;
import jakarta.ws.rs.core.Context; import jakarta.ws.rs.core.Context;
import jakarta.ws.rs.core.Response; import jakarta.ws.rs.core.Response;
import jakarta.ws.rs.core.SecurityContext; import jakarta.ws.rs.core.SecurityContext;
import lombok.extern.slf4j.Slf4j; import lombok.extern.slf4j.Slf4j;
import java.util.List; import java.util.List;
/** /**
* REST Resource pour la gestion des affectations de realms aux utilisateurs * REST Resource pour la gestion des affectations de realms aux utilisateurs
* Implémente l'interface API commune. * Implémente l'interface API commune.
*/ */
@Slf4j @Slf4j
@jakarta.enterprise.context.ApplicationScoped @jakarta.enterprise.context.ApplicationScoped
@jakarta.ws.rs.Path("/api/realm-assignments") @jakarta.ws.rs.Path("/api/realm-assignments")
public class RealmAssignmentResource implements RealmAssignmentResourceApi { public class RealmAssignmentResource implements RealmAssignmentResourceApi {
@Inject @Inject
RealmAuthorizationService realmAuthorizationService; RealmAuthorizationService realmAuthorizationService;
@Context @Context
SecurityContext securityContext; SecurityContext securityContext;
@Override @Override
@RolesAllowed({ "admin" }) @RolesAllowed({ "admin" })
public List<RealmAssignmentDTO> getAllAssignments() { public List<RealmAssignmentDTO> getAllAssignments() {
log.info("GET /api/realm-assignments - Récupération de toutes les affectations"); log.info("GET /api/realm-assignments - Récupération de toutes les affectations");
return realmAuthorizationService.getAllAssignments(); return realmAuthorizationService.getAllAssignments();
} }
@Override @Override
@RolesAllowed({ "admin", "user_manager" }) @RolesAllowed({ "admin", "user_manager" })
public List<RealmAssignmentDTO> getAssignmentsByUser(String userId) { public List<RealmAssignmentDTO> getAssignmentsByUser(String userId) {
log.info("GET /api/realm-assignments/user/{}", userId); log.info("GET /api/realm-assignments/user/{}", userId);
return realmAuthorizationService.getAssignmentsByUser(userId); return realmAuthorizationService.getAssignmentsByUser(userId);
} }
@Override @Override
@RolesAllowed({ "admin" }) @RolesAllowed({ "admin" })
public List<RealmAssignmentDTO> getAssignmentsByRealm(String realmName) { public List<RealmAssignmentDTO> getAssignmentsByRealm(String realmName) {
log.info("GET /api/realm-assignments/realm/{}", realmName); log.info("GET /api/realm-assignments/realm/{}", realmName);
return realmAuthorizationService.getAssignmentsByRealm(realmName); return realmAuthorizationService.getAssignmentsByRealm(realmName);
} }
@Override @Override
@RolesAllowed({ "admin" }) @RolesAllowed({ "admin" })
public RealmAssignmentDTO getAssignmentById(String assignmentId) { public RealmAssignmentDTO getAssignmentById(String assignmentId) {
log.info("GET /api/realm-assignments/{}", assignmentId); log.info("GET /api/realm-assignments/{}", assignmentId);
return realmAuthorizationService.getAssignmentById(assignmentId) return realmAuthorizationService.getAssignmentById(assignmentId)
.orElseThrow(() -> new RuntimeException("Affectation non trouvée")); // ExceptionMapper should .orElseThrow(() -> new RuntimeException("Affectation non trouvée")); // ExceptionMapper should
// handle/map to 404 // handle/map to 404
} }
@Override @Override
@RolesAllowed({ "admin", "user_manager" }) @RolesAllowed({ "admin", "user_manager" })
public RealmAccessCheckDTO canManageRealm(String userId, String realmName) { public RealmAccessCheckDTO canManageRealm(String userId, String realmName) {
log.info("GET /api/realm-assignments/check - userId: {}, realmName: {}", userId, realmName); log.info("GET /api/realm-assignments/check - userId: {}, realmName: {}", userId, realmName);
boolean canManage = realmAuthorizationService.canManageRealm(userId, realmName); boolean canManage = realmAuthorizationService.canManageRealm(userId, realmName);
return new RealmAccessCheckDTO(canManage, userId, realmName); return new RealmAccessCheckDTO(canManage, userId, realmName);
} }
@Override @Override
@RolesAllowed({ "admin", "user_manager" }) @RolesAllowed({ "admin", "user_manager" })
public AuthorizedRealmsDTO getAuthorizedRealms(String userId) { public AuthorizedRealmsDTO getAuthorizedRealms(String userId) {
log.info("GET /api/realm-assignments/authorized-realms/{}", userId); log.info("GET /api/realm-assignments/authorized-realms/{}", userId);
List<String> realms = realmAuthorizationService.getAuthorizedRealms(userId); List<String> realms = realmAuthorizationService.getAuthorizedRealms(userId);
boolean isSuperAdmin = realmAuthorizationService.isSuperAdmin(userId); boolean isSuperAdmin = realmAuthorizationService.isSuperAdmin(userId);
return new AuthorizedRealmsDTO(realms, isSuperAdmin); return new AuthorizedRealmsDTO(realms, isSuperAdmin);
} }
@Override @Override
@RolesAllowed({ "admin" }) @RolesAllowed({ "admin" })
public Response assignRealmToUser(@Valid @NotNull RealmAssignmentDTO assignment) { public Response assignRealmToUser(@Valid @NotNull RealmAssignmentDTO assignment) {
log.info("POST /api/realm-assignments - Assignation du realm {} à l'utilisateur {}", log.info("POST /api/realm-assignments - Assignation du realm {} à l'utilisateur {}",
assignment.getRealmName(), assignment.getUserId()); assignment.getRealmName(), assignment.getUserId());
try { try {
// Ajouter l'utilisateur qui fait l'assignation // Ajouter l'utilisateur qui fait l'assignation
if (securityContext.getUserPrincipal() != null) { if (securityContext.getUserPrincipal() != null) {
assignment.setAssignedBy(securityContext.getUserPrincipal().getName()); assignment.setAssignedBy(securityContext.getUserPrincipal().getName());
} }
RealmAssignmentDTO createdAssignment = realmAuthorizationService.assignRealmToUser(assignment); RealmAssignmentDTO createdAssignment = realmAuthorizationService.assignRealmToUser(assignment);
return Response.status(Response.Status.CREATED).entity(createdAssignment).build(); return Response.status(Response.Status.CREATED).entity(createdAssignment).build();
} catch (IllegalArgumentException e) { } catch (IllegalArgumentException e) {
log.warn("Données invalides lors de l'assignation: {}", e.getMessage()); log.warn("Données invalides lors de l'assignation: {}", e.getMessage());
// Need to return 409 or 400 manually since this method returns Response // Need to return 409 or 400 manually since this method returns Response
return Response.status(Response.Status.CONFLICT) return Response.status(Response.Status.CONFLICT)
.entity(new dev.lions.user.manager.dto.common.ApiErrorDTO(e.getMessage())) .entity(new dev.lions.user.manager.dto.common.ApiErrorDTO(e.getMessage()))
.build(); .build();
} catch (Exception e) { } catch (Exception e) {
log.error("Erreur lors de l'assignation du realm", e); log.error("Erreur lors de l'assignation du realm", e);
throw new RuntimeException(e); throw new RuntimeException(e);
} }
} }
@Override @Override
@RolesAllowed({ "admin" }) @RolesAllowed({ "admin" })
public void revokeRealmFromUser(String userId, String realmName) { public void revokeRealmFromUser(String userId, String realmName) {
log.info("DELETE /api/realm-assignments/user/{}/realm/{}", userId, realmName); log.info("DELETE /api/realm-assignments/user/{}/realm/{}", userId, realmName);
realmAuthorizationService.revokeRealmFromUser(userId, realmName); realmAuthorizationService.revokeRealmFromUser(userId, realmName);
} }
@Override @Override
@RolesAllowed({ "admin" }) @RolesAllowed({ "admin" })
public void revokeAllRealmsFromUser(String userId) { public void revokeAllRealmsFromUser(String userId) {
log.info("DELETE /api/realm-assignments/user/{}", userId); log.info("DELETE /api/realm-assignments/user/{}", userId);
realmAuthorizationService.revokeAllRealmsFromUser(userId); realmAuthorizationService.revokeAllRealmsFromUser(userId);
} }
@Override @Override
@RolesAllowed({ "admin" }) @RolesAllowed({ "admin" })
public void deactivateAssignment(String assignmentId) { public void deactivateAssignment(String assignmentId) {
log.info("PUT /api/realm-assignments/{}/deactivate", assignmentId); log.info("PUT /api/realm-assignments/{}/deactivate", assignmentId);
realmAuthorizationService.deactivateAssignment(assignmentId); realmAuthorizationService.deactivateAssignment(assignmentId);
} }
@Override @Override
@RolesAllowed({ "admin" }) @RolesAllowed({ "admin" })
public void activateAssignment(String assignmentId) { public void activateAssignment(String assignmentId) {
log.info("PUT /api/realm-assignments/{}/activate", assignmentId); log.info("PUT /api/realm-assignments/{}/activate", assignmentId);
realmAuthorizationService.activateAssignment(assignmentId); realmAuthorizationService.activateAssignment(assignmentId);
} }
@Override @Override
@RolesAllowed({ "admin" }) @RolesAllowed({ "admin" })
public void setSuperAdmin(String userId, @NotNull Boolean superAdmin) { public void setSuperAdmin(String userId, @NotNull Boolean superAdmin) {
log.info("PUT /api/realm-assignments/super-admin/{} - superAdmin: {}", userId, superAdmin); log.info("PUT /api/realm-assignments/super-admin/{} - superAdmin: {}", userId, superAdmin);
realmAuthorizationService.setSuperAdmin(userId, superAdmin); realmAuthorizationService.setSuperAdmin(userId, superAdmin);
} }
} }

112
src/main/java/dev/lions/user/manager/resource/RealmResource.java
View File

@@ -1,56 +1,56 @@
package dev.lions.user.manager.resource; package dev.lions.user.manager.resource;
import dev.lions.user.manager.api.RealmResourceApi; import dev.lions.user.manager.api.RealmResourceApi;
import dev.lions.user.manager.client.KeycloakAdminClient; import dev.lions.user.manager.client.KeycloakAdminClient;
import io.quarkus.security.identity.SecurityIdentity; import io.quarkus.security.identity.SecurityIdentity;
import jakarta.annotation.security.RolesAllowed; import jakarta.annotation.security.RolesAllowed;
import jakarta.inject.Inject; import jakarta.inject.Inject;
import lombok.extern.slf4j.Slf4j; import lombok.extern.slf4j.Slf4j;
import java.util.List; import java.util.List;
/** /**
* Ressource REST pour la gestion des realms Keycloak * Ressource REST pour la gestion des realms Keycloak
* Implémente l'interface API commune. * Implémente l'interface API commune.
*/ */
@Slf4j @Slf4j
@jakarta.enterprise.context.ApplicationScoped @jakarta.enterprise.context.ApplicationScoped
@jakarta.ws.rs.Path("/api/realms") @jakarta.ws.rs.Path("/api/realms")
public class RealmResource implements RealmResourceApi { public class RealmResource implements RealmResourceApi {
@Inject @Inject
KeycloakAdminClient keycloakAdminClient; KeycloakAdminClient keycloakAdminClient;
@Inject @Inject
SecurityIdentity securityIdentity; SecurityIdentity securityIdentity;
@Override @Override
@RolesAllowed({ "admin", "user_manager", "user_viewer", "role_manager", "role_viewer" }) @RolesAllowed({ "admin", "user_manager", "user_viewer", "role_manager", "role_viewer" })
public List<String> getAllRealms() { public List<String> getAllRealms() {
log.info("GET /api/realms/list"); log.info("GET /api/realms/list");
try { try {
List<String> realms = keycloakAdminClient.getAllRealms(); List<String> realms = keycloakAdminClient.getAllRealms();
log.info("Récupération réussie: {} realms trouvés", realms.size()); log.info("Récupération réussie: {} realms trouvés", realms.size());
return realms; return realms;
} catch (Exception e) { } catch (Exception e) {
log.error("Erreur lors de la récupération des realms", e); log.error("Erreur lors de la récupération des realms", e);
throw new RuntimeException("Erreur lors de la récupération des realms: " + e.getMessage(), e); throw new RuntimeException("Erreur lors de la récupération des realms: " + e.getMessage(), e);
} }
} }
@Override @Override
@RolesAllowed({ "admin", "user_manager", "role_manager", "role_viewer" }) @RolesAllowed({ "admin", "user_manager", "role_manager", "role_viewer" })
public List<String> getRealmClients(String realmName) { public List<String> getRealmClients(String realmName) {
log.info("GET /api/realms/{}/clients", realmName); log.info("GET /api/realms/{}/clients", realmName);
try { try {
List<String> clients = keycloakAdminClient.getRealmClients(realmName); List<String> clients = keycloakAdminClient.getRealmClients(realmName);
log.info("Récupération réussie: {} clients trouvés pour le realm {}", clients.size(), realmName); log.info("Récupération réussie: {} clients trouvés pour le realm {}", clients.size(), realmName);
return clients; return clients;
} catch (Exception e) { } catch (Exception e) {
log.error("Erreur lors de la récupération des clients du realm {}", realmName, e); log.error("Erreur lors de la récupération des clients du realm {}", realmName, e);
throw new RuntimeException("Erreur lors de la récupération des clients: " + e.getMessage(), e); throw new RuntimeException("Erreur lors de la récupération des clients: " + e.getMessage(), e);
} }
} }
} }

580
src/main/java/dev/lions/user/manager/resource/RoleResource.java
View File

@@ -1,290 +1,290 @@
package dev.lions.user.manager.resource; package dev.lions.user.manager.resource;
import dev.lions.user.manager.api.RoleResourceApi; import dev.lions.user.manager.api.RoleResourceApi;
import dev.lions.user.manager.dto.common.ApiErrorDTO; import dev.lions.user.manager.dto.common.ApiErrorDTO;
import dev.lions.user.manager.dto.role.RoleAssignmentDTO; import dev.lions.user.manager.dto.role.RoleAssignmentDTO;
import dev.lions.user.manager.dto.role.RoleAssignmentRequestDTO; import dev.lions.user.manager.dto.role.RoleAssignmentRequestDTO;
import dev.lions.user.manager.dto.role.RoleDTO; import dev.lions.user.manager.dto.role.RoleDTO;
import dev.lions.user.manager.enums.role.TypeRole; import dev.lions.user.manager.enums.role.TypeRole;
import dev.lions.user.manager.service.RoleService; import dev.lions.user.manager.service.RoleService;
import jakarta.annotation.security.RolesAllowed; import jakarta.annotation.security.RolesAllowed;
import jakarta.inject.Inject; import jakarta.inject.Inject;
import jakarta.validation.Valid; import jakarta.validation.Valid;
import jakarta.validation.constraints.NotNull; import jakarta.validation.constraints.NotNull;
import jakarta.ws.rs.*; import jakarta.ws.rs.*;
import jakarta.ws.rs.core.MediaType; import jakarta.ws.rs.core.MediaType;
import jakarta.ws.rs.core.Response; import jakarta.ws.rs.core.Response;
import lombok.extern.slf4j.Slf4j; import lombok.extern.slf4j.Slf4j;
import java.util.List; import java.util.List;
import java.util.Optional; import java.util.Optional;
import java.util.stream.Collectors; import java.util.stream.Collectors;
/** /**
* REST Resource pour la gestion des rôles Keycloak * REST Resource pour la gestion des rôles Keycloak
* Implémente l'interface API commune. * Implémente l'interface API commune.
* Annotation explicite des méthodes pour éviter les problèmes d'héritage JAX-RS * Annotation explicite des méthodes pour éviter les problèmes d'héritage JAX-RS
* dans Quarkus. * dans Quarkus.
*/ */
@Slf4j @Slf4j
@jakarta.enterprise.context.ApplicationScoped @jakarta.enterprise.context.ApplicationScoped
@Path("/api/roles") @Path("/api/roles")
public class RoleResource implements RoleResourceApi { public class RoleResource implements RoleResourceApi {
@Inject @Inject
RoleService roleService; RoleService roleService;
// ==================== Endpoints Realm Roles ==================== // ==================== Endpoints Realm Roles ====================
@Override @Override
@POST @POST
@Path("/realm") @Path("/realm")
@RolesAllowed({ "admin", "role_manager" }) @RolesAllowed({ "admin", "role_manager", "ADMIN", "SUPER_ADMIN" })
public Response createRealmRole( public Response createRealmRole(
@Valid @NotNull RoleDTO roleDTO, @Valid @NotNull RoleDTO roleDTO,
@QueryParam("realm") String realmName) { @QueryParam("realm") String realmName) {
log.info("POST /api/roles/realm - Création du rôle realm: {} dans le realm: {}", log.info("POST /api/roles/realm - Création du rôle realm: {} dans le realm: {}",
roleDTO.getName(), realmName); roleDTO.getName(), realmName);
try { try {
RoleDTO createdRole = roleService.createRealmRole(roleDTO, realmName); RoleDTO createdRole = roleService.createRealmRole(roleDTO, realmName);
return Response.status(Response.Status.CREATED).entity(createdRole).build(); return Response.status(Response.Status.CREATED).entity(createdRole).build();
} catch (IllegalArgumentException e) { } catch (IllegalArgumentException e) {
log.warn("Données invalides lors de la création du rôle: {}", e.getMessage()); log.warn("Données invalides lors de la création du rôle: {}", e.getMessage());
return Response.status(Response.Status.CONFLICT) return Response.status(Response.Status.CONFLICT)
.entity(new ApiErrorDTO(e.getMessage())) .entity(new ApiErrorDTO(e.getMessage()))
.build(); .build();
} catch (Exception e) { } catch (Exception e) {
log.error("Erreur lors de la création du rôle realm", e); log.error("Erreur lors de la création du rôle realm", e);
throw new RuntimeException(e); throw new RuntimeException(e);
} }
} }
@Override @Override
@GET @GET
@Path("/realm/{roleName}") @Path("/realm/{roleName}")
@RolesAllowed({ "admin", "role_manager", "role_viewer" }) @RolesAllowed({ "admin", "role_manager", "role_viewer", "ADMIN", "SUPER_ADMIN", "USER" })
public RoleDTO getRealmRole(@PathParam("roleName") String roleName, @QueryParam("realm") String realmName) { public RoleDTO getRealmRole(@PathParam("roleName") String roleName, @QueryParam("realm") String realmName) {
log.info("GET /api/roles/realm/{} - realm: {}", roleName, realmName); log.info("GET /api/roles/realm/{} - realm: {}", roleName, realmName);
return roleService.getRoleByName(roleName, realmName, TypeRole.REALM_ROLE, null) return roleService.getRoleByName(roleName, realmName, TypeRole.REALM_ROLE, null)
.orElseThrow(() -> new RuntimeException("Rôle non trouvé")); .orElseThrow(() -> new RuntimeException("Rôle non trouvé"));
} }
@Override @Override
@GET @GET
@Path("/realm") @Path("/realm")
@RolesAllowed({ "admin", "role_manager", "role_viewer" }) @RolesAllowed({ "admin", "role_manager", "role_viewer", "ADMIN", "SUPER_ADMIN", "USER" })
public List<RoleDTO> getAllRealmRoles(@QueryParam("realm") String realmName) { public List<RoleDTO> getAllRealmRoles(@QueryParam("realm") String realmName) {
log.info("GET /api/roles/realm - realm: {}", realmName); log.info("GET /api/roles/realm - realm: {}", realmName);
return roleService.getAllRealmRoles(realmName); return roleService.getAllRealmRoles(realmName);
} }
@Override @Override
@PUT @PUT
@Path("/realm/{roleName}") @Path("/realm/{roleName}")
@RolesAllowed({ "admin", "role_manager" }) @RolesAllowed({ "admin", "role_manager", "ADMIN", "SUPER_ADMIN" })
public RoleDTO updateRealmRole(@PathParam("roleName") String roleName, @Valid @NotNull RoleDTO roleDTO, public RoleDTO updateRealmRole(@PathParam("roleName") String roleName, @Valid @NotNull RoleDTO roleDTO,
@QueryParam("realm") String realmName) { @QueryParam("realm") String realmName) {
log.info("PUT /api/roles/realm/{} - realm: {}", roleName, realmName); log.info("PUT /api/roles/realm/{} - realm: {}", roleName, realmName);
Optional<RoleDTO> existingRole = roleService.getRoleByName(roleName, realmName, TypeRole.REALM_ROLE, null); Optional<RoleDTO> existingRole = roleService.getRoleByName(roleName, realmName, TypeRole.REALM_ROLE, null);
if (existingRole.isEmpty()) { if (existingRole.isEmpty()) {
throw new RuntimeException("Rôle non trouvé"); throw new RuntimeException("Rôle non trouvé");
} }
return roleService.updateRole(existingRole.get().getId(), roleDTO, realmName, TypeRole.REALM_ROLE, null); return roleService.updateRole(existingRole.get().getId(), roleDTO, realmName, TypeRole.REALM_ROLE, null);
} }
@Override @Override
@DELETE @DELETE
@Path("/realm/{roleName}") @Path("/realm/{roleName}")
@RolesAllowed({ "admin" }) @RolesAllowed({ "admin" })
public void deleteRealmRole(@PathParam("roleName") String roleName, @QueryParam("realm") String realmName) { public void deleteRealmRole(@PathParam("roleName") String roleName, @QueryParam("realm") String realmName) {
log.info("DELETE /api/roles/realm/{} - realm: {}", roleName, realmName); log.info("DELETE /api/roles/realm/{} - realm: {}", roleName, realmName);
Optional<RoleDTO> existingRole = roleService.getRoleByName(roleName, realmName, TypeRole.REALM_ROLE, null); Optional<RoleDTO> existingRole = roleService.getRoleByName(roleName, realmName, TypeRole.REALM_ROLE, null);
if (existingRole.isEmpty()) { if (existingRole.isEmpty()) {
throw new RuntimeException("Rôle non trouvé"); throw new RuntimeException("Rôle non trouvé");
} }
roleService.deleteRole(existingRole.get().getId(), realmName, TypeRole.REALM_ROLE, null); roleService.deleteRole(existingRole.get().getId(), realmName, TypeRole.REALM_ROLE, null);
} }
// ==================== Endpoints Client Roles ==================== // ==================== Endpoints Client Roles ====================
@Override @Override
@POST @POST
@Path("/client/{clientId}") @Path("/client/{clientId}")
@RolesAllowed({ "admin", "role_manager" }) @RolesAllowed({ "admin", "role_manager", "ADMIN", "SUPER_ADMIN" })
public Response createClientRole(@PathParam("clientId") String clientId, @Valid @NotNull RoleDTO roleDTO, public Response createClientRole(@PathParam("clientId") String clientId, @Valid @NotNull RoleDTO roleDTO,
@QueryParam("realm") String realmName) { @QueryParam("realm") String realmName) {
log.info("POST /api/roles/client/{} - Création du rôle client dans le realm: {}", log.info("POST /api/roles/client/{} - Création du rôle client dans le realm: {}",
clientId, realmName); clientId, realmName);
try { try {
RoleDTO createdRole = roleService.createClientRole(roleDTO, clientId, realmName); RoleDTO createdRole = roleService.createClientRole(roleDTO, clientId, realmName);
return Response.status(Response.Status.CREATED).entity(createdRole).build(); return Response.status(Response.Status.CREATED).entity(createdRole).build();
} catch (IllegalArgumentException e) { } catch (IllegalArgumentException e) {
log.warn("Données invalides lors de la création du rôle client: {}", e.getMessage()); log.warn("Données invalides lors de la création du rôle client: {}", e.getMessage());
return Response.status(Response.Status.CONFLICT) return Response.status(Response.Status.CONFLICT)
.entity(new ApiErrorDTO(e.getMessage())) .entity(new ApiErrorDTO(e.getMessage()))
.build(); .build();
} catch (Exception e) { } catch (Exception e) {
log.error("Erreur lors de la création du rôle client", e); log.error("Erreur lors de la création du rôle client", e);
throw new RuntimeException(e); throw new RuntimeException(e);
} }
} }
@Override @Override
@GET @GET
@Path("/client/{clientId}/{roleName}") @Path("/client/{clientId}/{roleName}")
@RolesAllowed({ "admin", "role_manager", "role_viewer" }) @RolesAllowed({ "admin", "role_manager", "role_viewer", "ADMIN", "SUPER_ADMIN", "USER" })
public RoleDTO getClientRole(@PathParam("clientId") String clientId, @PathParam("roleName") String roleName, public RoleDTO getClientRole(@PathParam("clientId") String clientId, @PathParam("roleName") String roleName,
@QueryParam("realm") String realmName) { @QueryParam("realm") String realmName) {
log.info("GET /api/roles/client/{}/{} - realm: {}", clientId, roleName, realmName); log.info("GET /api/roles/client/{}/{} - realm: {}", clientId, roleName, realmName);
return roleService.getRoleByName(roleName, realmName, TypeRole.CLIENT_ROLE, clientId) return roleService.getRoleByName(roleName, realmName, TypeRole.CLIENT_ROLE, clientId)
.orElseThrow(() -> new RuntimeException("Rôle client non trouvé")); .orElseThrow(() -> new RuntimeException("Rôle client non trouvé"));
} }
@Override @Override
@GET @GET
@Path("/client/{clientId}") @Path("/client/{clientId}")
@RolesAllowed({ "admin", "role_manager", "role_viewer" }) @RolesAllowed({ "admin", "role_manager", "role_viewer", "ADMIN", "SUPER_ADMIN", "USER" })
public List<RoleDTO> getAllClientRoles(@PathParam("clientId") String clientId, public List<RoleDTO> getAllClientRoles(@PathParam("clientId") String clientId,
@QueryParam("realm") String realmName) { @QueryParam("realm") String realmName) {
log.info("GET /api/roles/client/{} - realm: {}", clientId, realmName); log.info("GET /api/roles/client/{} - realm: {}", clientId, realmName);
return roleService.getAllClientRoles(realmName, clientId); return roleService.getAllClientRoles(realmName, clientId);
} }
@Override @Override
@DELETE @DELETE
@Path("/client/{clientId}/{roleName}") @Path("/client/{clientId}/{roleName}")
@RolesAllowed({ "admin" }) @RolesAllowed({ "admin" })
public void deleteClientRole(@PathParam("clientId") String clientId, @PathParam("roleName") String roleName, public void deleteClientRole(@PathParam("clientId") String clientId, @PathParam("roleName") String roleName,
@QueryParam("realm") String realmName) { @QueryParam("realm") String realmName) {
log.info("DELETE /api/roles/client/{}/{} - realm: {}", clientId, roleName, realmName); log.info("DELETE /api/roles/client/{}/{} - realm: {}", clientId, roleName, realmName);
Optional<RoleDTO> existingRole = roleService.getRoleByName(roleName, realmName, TypeRole.CLIENT_ROLE, clientId); Optional<RoleDTO> existingRole = roleService.getRoleByName(roleName, realmName, TypeRole.CLIENT_ROLE, clientId);
if (existingRole.isEmpty()) { if (existingRole.isEmpty()) {
throw new RuntimeException("Rôle client non trouvé"); throw new RuntimeException("Rôle client non trouvé");
} }
roleService.deleteRole(existingRole.get().getId(), realmName, TypeRole.CLIENT_ROLE, clientId); roleService.deleteRole(existingRole.get().getId(), realmName, TypeRole.CLIENT_ROLE, clientId);
} }
// ==================== Endpoints Attribution de rôles ==================== // ==================== Endpoints Attribution de rôles ====================
@Override @Override
@POST @POST
@Path("/assign/realm/{userId}") @Path("/assign/realm/{userId}")
@RolesAllowed({ "admin", "role_manager" }) @RolesAllowed({ "admin", "role_manager", "user_manager", "ADMIN", "SUPER_ADMIN" })
public void assignRealmRoles(@PathParam("userId") String userId, @QueryParam("realm") String realmName, public void assignRealmRoles(@PathParam("userId") String userId, @QueryParam("realm") String realmName,
@NotNull RoleAssignmentRequestDTO request) { @NotNull RoleAssignmentRequestDTO request) {
log.info("POST /api/roles/assign/realm/{} - Attribution de {} rôles", userId, request.getRoleNames().size()); log.info("POST /api/roles/assign/realm/{} - Attribution de {} rôles", userId, request.getRoleNames().size());
RoleAssignmentDTO assignment = RoleAssignmentDTO.builder() RoleAssignmentDTO assignment = RoleAssignmentDTO.builder()
.userId(userId) .userId(userId)
.roleNames(request.getRoleNames()) .roleNames(request.getRoleNames())
.typeRole(TypeRole.REALM_ROLE) .typeRole(TypeRole.REALM_ROLE)
.realmName(realmName) .realmName(realmName)
.build(); .build();
roleService.assignRolesToUser(assignment); roleService.assignRolesToUser(assignment);
} }
@Override @Override
@POST @POST
@Path("/revoke/realm/{userId}") @Path("/revoke/realm/{userId}")
@RolesAllowed({ "admin", "role_manager" }) @RolesAllowed({ "admin", "role_manager", "user_manager", "ADMIN", "SUPER_ADMIN" })
public void revokeRealmRoles(@PathParam("userId") String userId, @QueryParam("realm") String realmName, public void revokeRealmRoles(@PathParam("userId") String userId, @QueryParam("realm") String realmName,
@NotNull RoleAssignmentRequestDTO request) { @NotNull RoleAssignmentRequestDTO request) {
log.info("POST /api/roles/revoke/realm/{} - Révocation de {} rôles", userId, request.getRoleNames().size()); log.info("POST /api/roles/revoke/realm/{} - Révocation de {} rôles", userId, request.getRoleNames().size());
RoleAssignmentDTO assignment = RoleAssignmentDTO.builder() RoleAssignmentDTO assignment = RoleAssignmentDTO.builder()
.userId(userId) .userId(userId)
.roleNames(request.getRoleNames()) .roleNames(request.getRoleNames())
.typeRole(TypeRole.REALM_ROLE) .typeRole(TypeRole.REALM_ROLE)
.realmName(realmName) .realmName(realmName)
.build(); .build();
roleService.revokeRolesFromUser(assignment); roleService.revokeRolesFromUser(assignment);
} }
@Override @Override
@POST @POST
@Path("/assign/client/{clientId}/{userId}") @Path("/assign/client/{clientId}/{userId}")
@RolesAllowed({ "admin", "role_manager" }) @RolesAllowed({ "admin", "role_manager", "ADMIN", "SUPER_ADMIN" })
public void assignClientRoles(@PathParam("clientId") String clientId, @PathParam("userId") String userId, public void assignClientRoles(@PathParam("clientId") String clientId, @PathParam("userId") String userId,
@QueryParam("realm") String realmName, @QueryParam("realm") String realmName,
@NotNull RoleAssignmentRequestDTO request) { @NotNull RoleAssignmentRequestDTO request) {
log.info("POST /api/roles/assign/client/{}/{} - Attribution de {} rôles client", log.info("POST /api/roles/assign/client/{}/{} - Attribution de {} rôles client",
clientId, userId, request.getRoleNames().size()); clientId, userId, request.getRoleNames().size());
RoleAssignmentDTO assignment = RoleAssignmentDTO.builder() RoleAssignmentDTO assignment = RoleAssignmentDTO.builder()
.userId(userId) .userId(userId)
.roleNames(request.getRoleNames()) .roleNames(request.getRoleNames())
.typeRole(TypeRole.CLIENT_ROLE) .typeRole(TypeRole.CLIENT_ROLE)
.realmName(realmName) .realmName(realmName)
.clientName(clientId) .clientName(clientId)
.build(); .build();
roleService.assignRolesToUser(assignment); roleService.assignRolesToUser(assignment);
} }
@Override @Override
@GET @GET
@Path("/user/realm/{userId}") @Path("/user/realm/{userId}")
@RolesAllowed({ "admin", "role_manager", "role_viewer" }) @RolesAllowed({ "admin", "role_manager", "role_viewer", "ADMIN", "SUPER_ADMIN", "USER" })
public List<RoleDTO> getUserRealmRoles(@PathParam("userId") String userId, @QueryParam("realm") String realmName) { public List<RoleDTO> getUserRealmRoles(@PathParam("userId") String userId, @QueryParam("realm") String realmName) {
log.info("GET /api/roles/user/realm/{} - realm: {}", userId, realmName); log.info("GET /api/roles/user/realm/{} - realm: {}", userId, realmName);
return roleService.getUserRealmRoles(userId, realmName); return roleService.getUserRealmRoles(userId, realmName);
} }
@Override @Override
@GET @GET
@Path("/user/client/{clientId}/{userId}") @Path("/user/client/{clientId}/{userId}")
@RolesAllowed({ "admin", "role_manager", "role_viewer" }) @RolesAllowed({ "admin", "role_manager", "role_viewer", "ADMIN", "SUPER_ADMIN", "USER" })
public List<RoleDTO> getUserClientRoles(@PathParam("clientId") String clientId, @PathParam("userId") String userId, public List<RoleDTO> getUserClientRoles(@PathParam("clientId") String clientId, @PathParam("userId") String userId,
@QueryParam("realm") String realmName) { @QueryParam("realm") String realmName) {
log.info("GET /api/roles/user/client/{}/{} - realm: {}", clientId, userId, realmName); log.info("GET /api/roles/user/client/{}/{} - realm: {}", clientId, userId, realmName);
return roleService.getUserClientRoles(userId, clientId, realmName); return roleService.getUserClientRoles(userId, clientId, realmName);
} }
// ==================== Endpoints Rôles composites ==================== // ==================== Endpoints Rôles composites ====================
@Override @Override
@POST @POST
@Path("/composite/{roleName}/add") @Path("/composite/{roleName}/add")
@RolesAllowed({ "admin", "role_manager" }) @RolesAllowed({ "admin", "role_manager", "ADMIN", "SUPER_ADMIN" })
public void addComposites(@PathParam("roleName") String roleName, @QueryParam("realm") String realmName, public void addComposites(@PathParam("roleName") String roleName, @QueryParam("realm") String realmName,
@NotNull RoleAssignmentRequestDTO request) { @NotNull RoleAssignmentRequestDTO request) {
log.info("POST /api/roles/composite/{}/add - Ajout de {} composites", roleName, request.getRoleNames().size()); log.info("POST /api/roles/composite/{}/add - Ajout de {} composites", roleName, request.getRoleNames().size());
Optional<RoleDTO> parentRole = roleService.getRoleByName(roleName, realmName, TypeRole.REALM_ROLE, null); Optional<RoleDTO> parentRole = roleService.getRoleByName(roleName, realmName, TypeRole.REALM_ROLE, null);
if (parentRole.isEmpty()) { if (parentRole.isEmpty()) {
throw new RuntimeException("Rôle parent non trouvé"); throw new RuntimeException("Rôle parent non trouvé");
} }
List<String> childRoleIds = request.getRoleNames().stream() List<String> childRoleIds = request.getRoleNames().stream()
.map(name -> { .map(name -> {
Optional<RoleDTO> role = roleService.getRoleByName(name, realmName, TypeRole.REALM_ROLE, null); Optional<RoleDTO> role = roleService.getRoleByName(name, realmName, TypeRole.REALM_ROLE, null);
return role.map(RoleDTO::getId).orElse(null); return role.map(RoleDTO::getId).orElse(null);
}) })
.filter(id -> id != null) .filter(id -> id != null)
.collect(Collectors.toList()); .collect(Collectors.toList());
roleService.addCompositeRoles(parentRole.get().getId(), childRoleIds, realmName, TypeRole.REALM_ROLE, null); roleService.addCompositeRoles(parentRole.get().getId(), childRoleIds, realmName, TypeRole.REALM_ROLE, null);
} }
@Override @Override
@GET @GET
@Path("/composite/{roleName}") @Path("/composite/{roleName}")
@RolesAllowed({ "admin", "role_manager", "role_viewer" }) @RolesAllowed({ "admin", "role_manager", "role_viewer", "ADMIN", "SUPER_ADMIN", "USER" })
public List<RoleDTO> getComposites(@PathParam("roleName") String roleName, @QueryParam("realm") String realmName) { public List<RoleDTO> getComposites(@PathParam("roleName") String roleName, @QueryParam("realm") String realmName) {
log.info("GET /api/roles/composite/{} - realm: {}", roleName, realmName); log.info("GET /api/roles/composite/{} - realm: {}", roleName, realmName);
Optional<RoleDTO> role = roleService.getRoleByName(roleName, realmName, TypeRole.REALM_ROLE, null); Optional<RoleDTO> role = roleService.getRoleByName(roleName, realmName, TypeRole.REALM_ROLE, null);
if (role.isEmpty()) { if (role.isEmpty()) {
throw new RuntimeException("Rôle non trouvé"); throw new RuntimeException("Rôle non trouvé");
} }
return roleService.getCompositeRoles(role.get().getId(), realmName, TypeRole.REALM_ROLE, null); return roleService.getCompositeRoles(role.get().getId(), realmName, TypeRole.REALM_ROLE, null);
} }
} }

332
src/main/java/dev/lions/user/manager/resource/SyncResource.java
View File

@@ -1,166 +1,166 @@
package dev.lions.user.manager.resource; package dev.lions.user.manager.resource;
import dev.lions.user.manager.api.SyncResourceApi; import dev.lions.user.manager.api.SyncResourceApi;
import dev.lions.user.manager.dto.sync.HealthStatusDTO; import dev.lions.user.manager.dto.sync.HealthStatusDTO;
import dev.lions.user.manager.dto.sync.SyncConsistencyDTO; import dev.lions.user.manager.dto.sync.SyncConsistencyDTO;
import dev.lions.user.manager.dto.sync.SyncHistoryDTO; import dev.lions.user.manager.dto.sync.SyncHistoryDTO;
import dev.lions.user.manager.dto.sync.SyncResultDTO; import dev.lions.user.manager.dto.sync.SyncResultDTO;
import dev.lions.user.manager.service.SyncService; import dev.lions.user.manager.service.SyncService;
import jakarta.annotation.security.PermitAll; import jakarta.annotation.security.PermitAll;
import jakarta.annotation.security.RolesAllowed; import jakarta.annotation.security.RolesAllowed;
import jakarta.inject.Inject; import jakarta.inject.Inject;
import jakarta.ws.rs.GET; import jakarta.ws.rs.GET;
import jakarta.ws.rs.Path; import jakarta.ws.rs.Path;
import lombok.extern.slf4j.Slf4j; import lombok.extern.slf4j.Slf4j;
import java.util.Map; import java.util.Map;
/** /**
* REST Resource pour la synchronisation avec Keycloak. * REST Resource pour la synchronisation avec Keycloak.
* Suit le même pattern que AuditResource : les annotations JAX-RS des méthodes * Suit le même pattern que AuditResource : les annotations JAX-RS des méthodes
* héritées de l'interface ne sont PAS répétées ici (conformité RESTEasy Reactive). * héritées de l'interface ne sont PAS répétées ici (conformité RESTEasy Reactive).
*/ */
@Slf4j @Slf4j
@jakarta.enterprise.context.ApplicationScoped @jakarta.enterprise.context.ApplicationScoped
@jakarta.ws.rs.Path("/api/sync") @jakarta.ws.rs.Path("/api/sync")
@jakarta.ws.rs.Produces(jakarta.ws.rs.core.MediaType.APPLICATION_JSON) @jakarta.ws.rs.Produces(jakarta.ws.rs.core.MediaType.APPLICATION_JSON)
@jakarta.ws.rs.Consumes(jakarta.ws.rs.core.MediaType.APPLICATION_JSON) @jakarta.ws.rs.Consumes(jakarta.ws.rs.core.MediaType.APPLICATION_JSON)
public class SyncResource implements SyncResourceApi { public class SyncResource implements SyncResourceApi {
@Inject @Inject
SyncService syncService; SyncService syncService;
@GET @GET
@Path("/ping") @Path("/ping")
@PermitAll @PermitAll
public String ping() { public String ping() {
return "{\"status\":\"pong\",\"resource\":\"SyncResource\"}"; return "{\"status\":\"pong\",\"resource\":\"SyncResource\"}";
} }
@Override @Override
@PermitAll @PermitAll
public HealthStatusDTO checkKeycloakHealth() { public HealthStatusDTO checkKeycloakHealth() {
log.info("REST: checkKeycloakHealth sur /api/sync/health/keycloak"); log.info("REST: checkKeycloakHealth sur /api/sync/health/keycloak");
try { try {
boolean available = syncService.isKeycloakAvailable(); boolean available = syncService.isKeycloakAvailable();
Map<String, Object> details = syncService.getKeycloakHealthInfo(); Map<String, Object> details = syncService.getKeycloakHealthInfo();
return HealthStatusDTO.builder() return HealthStatusDTO.builder()
.keycloakAccessible(available) .keycloakAccessible(available)
.overallHealthy(available) .overallHealthy(available)
.keycloakVersion((String) details.getOrDefault("version", "Unknown")) .keycloakVersion((String) details.getOrDefault("version", "Unknown"))
.timestamp(System.currentTimeMillis()) .timestamp(System.currentTimeMillis())
.build(); .build();
} catch (Exception e) { } catch (Exception e) {
log.error("Erreur lors du check health keycloak", e); log.error("Erreur lors du check health keycloak", e);
return HealthStatusDTO.builder() return HealthStatusDTO.builder()
.overallHealthy(false) .overallHealthy(false)
.errorMessage("Erreur: " + e.getMessage()) .errorMessage("Erreur: " + e.getMessage())
.timestamp(System.currentTimeMillis()) .timestamp(System.currentTimeMillis())
.build(); .build();
} }
} }
@Override @Override
@RolesAllowed({ "admin", "sync_manager" }) @RolesAllowed({ "admin", "sync_manager" })
public SyncResultDTO syncUsers(String realmName) { public SyncResultDTO syncUsers(String realmName) {
log.info("REST: syncUsers pour le realm: {}", realmName); log.info("REST: syncUsers pour le realm: {}", realmName);
long start = System.currentTimeMillis(); long start = System.currentTimeMillis();
try { try {
int count = syncService.syncUsersFromRealm(realmName); int count = syncService.syncUsersFromRealm(realmName);
return SyncResultDTO.builder() return SyncResultDTO.builder()
.success(true) .success(true)
.usersCount(count) .usersCount(count)
.realmName(realmName) .realmName(realmName)
.startTime(start) .startTime(start)
.endTime(System.currentTimeMillis()) .endTime(System.currentTimeMillis())
.build(); .build();
} catch (Exception e) { } catch (Exception e) {
log.error("Erreur lors de la synchro users realm {}", realmName, e); log.error("Erreur lors de la synchro users realm {}", realmName, e);
return SyncResultDTO.builder() return SyncResultDTO.builder()
.success(false) .success(false)
.errorMessage(e.getMessage()) .errorMessage(e.getMessage())
.realmName(realmName) .realmName(realmName)
.startTime(start) .startTime(start)
.endTime(System.currentTimeMillis()) .endTime(System.currentTimeMillis())
.build(); .build();
} }
} }
@Override @Override
@RolesAllowed({ "admin", "sync_manager" }) @RolesAllowed({ "admin", "sync_manager" })
public SyncResultDTO syncRoles(String realmName, String clientName) { public SyncResultDTO syncRoles(String realmName, String clientName) {
log.info("REST: syncRoles pour le realm: {}, client: {}", realmName, clientName); log.info("REST: syncRoles pour le realm: {}, client: {}", realmName, clientName);
long start = System.currentTimeMillis(); long start = System.currentTimeMillis();
try { try {
int count = syncService.syncRolesFromRealm(realmName); int count = syncService.syncRolesFromRealm(realmName);
return SyncResultDTO.builder() return SyncResultDTO.builder()
.success(true) .success(true)
.realmRolesCount(count) .realmRolesCount(count)
.realmName(realmName) .realmName(realmName)
.startTime(start) .startTime(start)
.endTime(System.currentTimeMillis()) .endTime(System.currentTimeMillis())
.build(); .build();
} catch (Exception e) { } catch (Exception e) {
log.error("Erreur lors de la synchro roles realm {}", realmName, e); log.error("Erreur lors de la synchro roles realm {}", realmName, e);
return SyncResultDTO.builder() return SyncResultDTO.builder()
.success(false) .success(false)
.errorMessage(e.getMessage()) .errorMessage(e.getMessage())
.realmName(realmName) .realmName(realmName)
.startTime(start) .startTime(start)
.endTime(System.currentTimeMillis()) .endTime(System.currentTimeMillis())
.build(); .build();
} }
} }
@Override @Override
@RolesAllowed({ "admin", "sync_manager" }) @RolesAllowed({ "admin", "sync_manager" })
public SyncConsistencyDTO checkDataConsistency(String realmName) { public SyncConsistencyDTO checkDataConsistency(String realmName) {
log.info("REST: checkDataConsistency pour realm: {}", realmName); log.info("REST: checkDataConsistency pour realm: {}", realmName);
try { try {
Map<String, Object> report = syncService.checkDataConsistency(realmName); Map<String, Object> report = syncService.checkDataConsistency(realmName);
return SyncConsistencyDTO.builder() return SyncConsistencyDTO.builder()
.realmName((String) report.get("realmName")) .realmName((String) report.get("realmName"))
.status((String) report.get("status")) .status((String) report.get("status"))
.usersKeycloakCount((Integer) report.get("usersKeycloakCount")) .usersKeycloakCount((Integer) report.get("usersKeycloakCount"))
.usersLocalCount((Integer) report.get("usersLocalCount")) .usersLocalCount((Integer) report.get("usersLocalCount"))
.error((String) report.get("error")) .error((String) report.get("error"))
.build(); .build();
} catch (Exception e) { } catch (Exception e) {
log.error("Erreur checkDataConsistency realm {}", realmName, e); log.error("Erreur checkDataConsistency realm {}", realmName, e);
return SyncConsistencyDTO.builder() return SyncConsistencyDTO.builder()
.realmName(realmName) .realmName(realmName)
.status("ERROR") .status("ERROR")
.error(e.getMessage()) .error(e.getMessage())
.build(); .build();
} }
} }
@Override @Override
@RolesAllowed({ "admin", "sync_manager", "user_viewer" }) @RolesAllowed({ "admin", "sync_manager", "user_viewer" })
public SyncHistoryDTO getLastSyncStatus(String realmName) { public SyncHistoryDTO getLastSyncStatus(String realmName) {
log.info("REST: getLastSyncStatus pour realm: {}", realmName); log.info("REST: getLastSyncStatus pour realm: {}", realmName);
return SyncHistoryDTO.builder() return SyncHistoryDTO.builder()
.realmName(realmName) .realmName(realmName)
.status("NEVER_SYNCED") .status("NEVER_SYNCED")
.build(); .build();
} }
@Override @Override
@RolesAllowed({ "admin", "sync_manager" }) @RolesAllowed({ "admin", "sync_manager" })
public SyncHistoryDTO forceSyncRealm(String realmName) { public SyncHistoryDTO forceSyncRealm(String realmName) {
log.info("REST: forceSyncRealm pour realm: {}", realmName); log.info("REST: forceSyncRealm pour realm: {}", realmName);
try { try {
syncService.forceSyncRealm(realmName); syncService.forceSyncRealm(realmName);
return SyncHistoryDTO.builder() return SyncHistoryDTO.builder()
.realmName(realmName) .realmName(realmName)
.status("SUCCESS") .status("SUCCESS")
.build(); .build();
} catch (Exception e) { } catch (Exception e) {
log.error("Erreur forceSyncRealm realm {}", realmName, e); log.error("Erreur forceSyncRealm realm {}", realmName, e);
return SyncHistoryDTO.builder() return SyncHistoryDTO.builder()
.realmName(realmName) .realmName(realmName)
.status("FAILED") .status("FAILED")
.build(); .build();
} }
} }
} }

146
src/main/java/dev/lions/user/manager/resource/UserMetricsResource.java
View File

@@ -1,73 +1,73 @@
package dev.lions.user.manager.resource; package dev.lions.user.manager.resource;
import dev.lions.user.manager.api.UserMetricsResourceApi; import dev.lions.user.manager.api.UserMetricsResourceApi;
import dev.lions.user.manager.client.KeycloakAdminClient; import dev.lions.user.manager.client.KeycloakAdminClient;
import dev.lions.user.manager.dto.common.UserSessionStatsDTO; import dev.lions.user.manager.dto.common.UserSessionStatsDTO;
import jakarta.annotation.security.RolesAllowed; import jakarta.annotation.security.RolesAllowed;
import jakarta.enterprise.context.ApplicationScoped; import jakarta.enterprise.context.ApplicationScoped;
import jakarta.inject.Inject; import jakarta.inject.Inject;
import jakarta.ws.rs.Path; import jakarta.ws.rs.Path;
import lombok.extern.slf4j.Slf4j; import lombok.extern.slf4j.Slf4j;
import org.keycloak.admin.client.resource.RealmResource; import org.keycloak.admin.client.resource.RealmResource;
import org.keycloak.admin.client.resource.UserResource; import org.keycloak.admin.client.resource.UserResource;
import org.keycloak.admin.client.resource.UsersResource; import org.keycloak.admin.client.resource.UsersResource;
import org.keycloak.representations.idm.UserRepresentation; import org.keycloak.representations.idm.UserRepresentation;
import java.util.List; import java.util.List;
/** /**
* Ressource REST fournissant des métriques agrégées sur les utilisateurs. * Ressource REST fournissant des métriques agrégées sur les utilisateurs.
* Implémente l'interface API commune. * Implémente l'interface API commune.
* *
* Toutes les valeurs sont calculées en temps réel à partir de Keycloak * Toutes les valeurs sont calculées en temps réel à partir de Keycloak
* (aucune approximation ni cache local). * (aucune approximation ni cache local).
*/ */
@Slf4j @Slf4j
@ApplicationScoped @ApplicationScoped
@Path("/api/metrics/users") @Path("/api/metrics/users")
public class UserMetricsResource implements UserMetricsResourceApi { public class UserMetricsResource implements UserMetricsResourceApi {
@Inject @Inject
KeycloakAdminClient keycloakAdminClient; KeycloakAdminClient keycloakAdminClient;
@Override @Override
@RolesAllowed({ "admin", "user_manager", "auditor" }) @RolesAllowed({ "admin", "user_manager", "auditor" })
public UserSessionStatsDTO getUserSessionStats(String realmName) { public UserSessionStatsDTO getUserSessionStats(String realmName) {
String effectiveRealm = (realmName == null || realmName.isBlank()) ? "master" : realmName; String effectiveRealm = (realmName == null || realmName.isBlank()) ? "master" : realmName;
log.info("GET /api/metrics/users/sessions - realm={}", effectiveRealm); log.info("GET /api/metrics/users/sessions - realm={}", effectiveRealm);
try { try {
RealmResource realm = keycloakAdminClient.getRealm(effectiveRealm); RealmResource realm = keycloakAdminClient.getRealm(effectiveRealm);
UsersResource usersResource = realm.users(); UsersResource usersResource = realm.users();
// Liste complète des utilisateurs du realm (source de vérité Keycloak) // Liste complète des utilisateurs du realm (source de vérité Keycloak)
List<UserRepresentation> users = usersResource.list(); List<UserRepresentation> users = usersResource.list();
long totalUsers = users.size(); long totalUsers = users.size();
long activeSessions = 0L; long activeSessions = 0L;
long onlineUsers = 0L; long onlineUsers = 0L;
for (UserRepresentation user : users) { for (UserRepresentation user : users) {
UserResource userResource = usersResource.get(user.getId()); UserResource userResource = usersResource.get(user.getId());
int sessionsForUser = userResource.getUserSessions().size(); int sessionsForUser = userResource.getUserSessions().size();
activeSessions += sessionsForUser; activeSessions += sessionsForUser;
if (sessionsForUser > 0) { if (sessionsForUser > 0) {
onlineUsers++; onlineUsers++;
} }
} }
return UserSessionStatsDTO.builder() return UserSessionStatsDTO.builder()
.realmName(effectiveRealm) .realmName(effectiveRealm)
.totalUsers(totalUsers) .totalUsers(totalUsers)
.activeSessions(activeSessions) .activeSessions(activeSessions)
.onlineUsers(onlineUsers) .onlineUsers(onlineUsers)
.build(); .build();
} catch (Exception e) { } catch (Exception e) {
log.error("Erreur lors du calcul des statistiques de sessions pour le realm {}", effectiveRealm, e); log.error("Erreur lors du calcul des statistiques de sessions pour le realm {}", effectiveRealm, e);
// On laisse l'exception remonter pour signaler une vraie erreur (pas de valeur approximative) // On laisse l'exception remonter pour signaler une vraie erreur (pas de valeur approximative)
throw new RuntimeException("Impossible de calculer les statistiques de sessions en temps réel", e); throw new RuntimeException("Impossible de calculer les statistiques de sessions en temps réel", e);
} }
} }
} }

322
src/main/java/dev/lions/user/manager/resource/UserResource.java
View File

@@ -1,161 +1,161 @@
package dev.lions.user.manager.resource; package dev.lions.user.manager.resource;
import dev.lions.user.manager.api.UserResourceApi; import dev.lions.user.manager.api.UserResourceApi;
import dev.lions.user.manager.dto.common.ApiErrorDTO; import dev.lions.user.manager.dto.common.ApiErrorDTO;
import dev.lions.user.manager.dto.importexport.ImportResultDTO; import dev.lions.user.manager.dto.importexport.ImportResultDTO;
import dev.lions.user.manager.dto.user.*; import dev.lions.user.manager.dto.user.*;
import dev.lions.user.manager.service.UserService; import dev.lions.user.manager.service.UserService;
import jakarta.annotation.security.RolesAllowed; import jakarta.annotation.security.RolesAllowed;
import jakarta.inject.Inject; import jakarta.inject.Inject;
import jakarta.validation.Valid; import jakarta.validation.Valid;
import jakarta.validation.constraints.NotBlank; import jakarta.validation.constraints.NotBlank;
import jakarta.validation.constraints.NotNull; import jakarta.validation.constraints.NotNull;
import jakarta.ws.rs.GET; import jakarta.ws.rs.GET;
import jakarta.ws.rs.POST; import jakarta.ws.rs.POST;
import jakarta.ws.rs.QueryParam; import jakarta.ws.rs.QueryParam;
import jakarta.ws.rs.core.MediaType; import jakarta.ws.rs.core.MediaType;
import jakarta.ws.rs.core.Response; import jakarta.ws.rs.core.Response;
import lombok.extern.slf4j.Slf4j; import lombok.extern.slf4j.Slf4j;
import java.util.List; import java.util.List;
/** /**
* REST Resource pour la gestion des utilisateurs * REST Resource pour la gestion des utilisateurs
* Implémente l'interface API commune. * Implémente l'interface API commune.
*/ */
@Slf4j @Slf4j
@jakarta.enterprise.context.ApplicationScoped @jakarta.enterprise.context.ApplicationScoped
@jakarta.ws.rs.Path("/api/users") @jakarta.ws.rs.Path("/api/users")
public class UserResource implements UserResourceApi { public class UserResource implements UserResourceApi {
@Inject @Inject
UserService userService; UserService userService;
@Override @Override
@RolesAllowed({ "admin", "user_manager" }) @RolesAllowed({ "admin", "user_manager", "ADMIN", "SUPER_ADMIN" })
public UserSearchResultDTO searchUsers(@Valid @NotNull UserSearchCriteriaDTO criteria) { public UserSearchResultDTO searchUsers(@Valid @NotNull UserSearchCriteriaDTO criteria) {
log.info("POST /api/users/search - Recherche d'utilisateurs"); log.info("POST /api/users/search - Recherche d'utilisateurs");
return userService.searchUsers(criteria); return userService.searchUsers(criteria);
} }
@Override @Override
@RolesAllowed({ "admin", "user_manager", "user_viewer" }) @RolesAllowed({ "admin", "user_manager", "user_viewer", "ADMIN", "SUPER_ADMIN", "USER" })
public UserDTO getUserById(String userId, String realmName) { public UserDTO getUserById(String userId, String realmName) {
log.info("GET /api/users/{} - realm: {}", userId, realmName); log.info("GET /api/users/{} - realm: {}", userId, realmName);
return userService.getUserById(userId, realmName) return userService.getUserById(userId, realmName)
.orElseThrow(() -> new RuntimeException("Utilisateur non trouvé")); // ExceptionMapper should handle/map .orElseThrow(() -> new jakarta.ws.rs.NotFoundException("Utilisateur non trouvé"));
// to 404 }
}
@Override
@Override @RolesAllowed({ "admin", "user_manager", "user_viewer", "ADMIN", "SUPER_ADMIN", "USER" })
@RolesAllowed({ "admin", "user_manager", "user_viewer" }) public UserSearchResultDTO getAllUsers(String realmName, int page, int pageSize) {
public UserSearchResultDTO getAllUsers(String realmName, int page, int pageSize) { log.info("GET /api/users - realm: {}, page: {}, pageSize: {}", realmName, page, pageSize);
log.info("GET /api/users - realm: {}, page: {}, pageSize: {}", realmName, page, pageSize); return userService.getAllUsers(realmName, page, pageSize);
return userService.getAllUsers(realmName, page, pageSize); }
}
@Override
@Override @RolesAllowed({ "admin", "user_manager", "ADMIN", "SUPER_ADMIN" })
@RolesAllowed({ "admin", "user_manager" }) public Response createUser(@Valid @NotNull UserDTO user, String realmName) {
public Response createUser(@Valid @NotNull UserDTO user, String realmName) { log.info("POST /api/users - Création d'un utilisateur: {}", user.getUsername());
log.info("POST /api/users - Création d'un utilisateur: {}", user.getUsername());
try {
try { UserDTO createdUser = userService.createUser(user, realmName);
UserDTO createdUser = userService.createUser(user, realmName); return Response.status(Response.Status.CREATED).entity(createdUser).build();
return Response.status(Response.Status.CREATED).entity(createdUser).build(); } catch (IllegalArgumentException e) {
} catch (IllegalArgumentException e) { log.warn("Données invalides lors de la création: {}", e.getMessage());
log.warn("Données invalides lors de la création: {}", e.getMessage()); return Response.status(Response.Status.CONFLICT)
return Response.status(Response.Status.CONFLICT) .entity(new ApiErrorDTO(e.getMessage()))
.entity(new ApiErrorDTO(e.getMessage())) .build();
.build(); } catch (Exception e) {
} catch (Exception e) { log.error("Erreur lors de la création de l'utilisateur", e);
log.error("Erreur lors de la création de l'utilisateur", e); throw new RuntimeException(e);
throw new RuntimeException(e); }
} }
}
@Override
@Override @RolesAllowed({ "admin", "user_manager", "ADMIN", "SUPER_ADMIN" })
@RolesAllowed({ "admin", "user_manager" }) public UserDTO updateUser(String userId, @Valid @NotNull UserDTO user, String realmName) {
public UserDTO updateUser(String userId, @Valid @NotNull UserDTO user, String realmName) { log.info("PUT /api/users/{} - Mise à jour", userId);
log.info("PUT /api/users/{} - Mise à jour", userId); return userService.updateUser(userId, user, realmName);
return userService.updateUser(userId, user, realmName); }
}
@Override
@Override @RolesAllowed({ "admin", "ADMIN", "SUPER_ADMIN" })
@RolesAllowed({ "admin" }) public void deleteUser(String userId, String realmName, boolean hardDelete) {
public void deleteUser(String userId, String realmName, boolean hardDelete) { log.info("DELETE /api/users/{} - realm: {}, hardDelete: {}", userId, realmName, hardDelete);
log.info("DELETE /api/users/{} - realm: {}, hardDelete: {}", userId, realmName, hardDelete); userService.deleteUser(userId, realmName, hardDelete);
userService.deleteUser(userId, realmName, hardDelete); }
}
@Override
@Override @RolesAllowed({ "admin", "user_manager", "ADMIN", "SUPER_ADMIN" })
@RolesAllowed({ "admin", "user_manager" }) public void activateUser(String userId, String realmName) {
public void activateUser(String userId, String realmName) { log.info("POST /api/users/{}/activate", userId);
log.info("POST /api/users/{}/activate", userId); userService.activateUser(userId, realmName);
userService.activateUser(userId, realmName); }
}
@Override
@Override @RolesAllowed({ "admin", "user_manager", "ADMIN", "SUPER_ADMIN" })
@RolesAllowed({ "admin", "user_manager" }) public void deactivateUser(String userId, String realmName, String raison) {
public void deactivateUser(String userId, String realmName, String raison) { log.info("POST /api/users/{}/deactivate - raison: {}", userId, raison);
log.info("POST /api/users/{}/deactivate - raison: {}", userId, raison); userService.deactivateUser(userId, realmName, raison);
userService.deactivateUser(userId, realmName, raison); }
}
@Override
@Override @RolesAllowed({ "admin", "user_manager" })
@RolesAllowed({ "admin", "user_manager" }) public void resetPassword(String userId, String realmName, @NotNull PasswordResetRequestDTO request) {
public void resetPassword(String userId, String realmName, @NotNull PasswordResetRequestDTO request) { log.info("POST /api/users/{}/reset-password - temporary: {}", userId, request.isTemporary());
log.info("POST /api/users/{}/reset-password - temporary: {}", userId, request.isTemporary()); userService.resetPassword(userId, realmName, request.getPassword(), request.isTemporary());
userService.resetPassword(userId, realmName, request.getPassword(), request.isTemporary()); }
}
@Override
@Override @RolesAllowed({ "admin", "user_manager" })
@RolesAllowed({ "admin", "user_manager" }) public Response sendVerificationEmail(String userId, String realmName) {
public void sendVerificationEmail(String userId, String realmName) { log.info("POST /api/users/{}/send-verification-email", userId);
log.info("POST /api/users/{}/send-verification-email", userId); userService.sendVerificationEmail(userId, realmName);
userService.sendVerificationEmail(userId, realmName); return Response.accepted().build();
} }
@Override @Override
@RolesAllowed({ "admin", "user_manager" }) @RolesAllowed({ "admin", "user_manager" })
public SessionsRevokedDTO logoutAllSessions(String userId, String realmName) { public SessionsRevokedDTO logoutAllSessions(String userId, String realmName) {
log.info("POST /api/users/{}/logout-sessions", userId); log.info("POST /api/users/{}/logout-sessions", userId);
int count = userService.logoutAllSessions(userId, realmName); int count = userService.logoutAllSessions(userId, realmName);
return new SessionsRevokedDTO(count); return new SessionsRevokedDTO(count);
} }
@Override @Override
@RolesAllowed({ "admin", "user_manager", "user_viewer" }) @RolesAllowed({ "admin", "user_manager", "user_viewer" })
public List<String> getActiveSessions(String userId, String realmName) { public List<String> getActiveSessions(String userId, String realmName) {
log.info("GET /api/users/{}/sessions", userId); log.info("GET /api/users/{}/sessions", userId);
return userService.getActiveSessions(userId, realmName); return userService.getActiveSessions(userId, realmName);
} }
@Override @Override
@GET @GET
@jakarta.ws.rs.Path("/export/csv") @jakarta.ws.rs.Path("/export/csv")
@jakarta.ws.rs.Produces("text/csv") @jakarta.ws.rs.Produces("text/csv")
@RolesAllowed({ "admin", "user_manager" }) @RolesAllowed({ "admin", "user_manager" })
public Response exportUsersToCSV(@QueryParam("realm") String realmName) { public Response exportUsersToCSV(@QueryParam("realm") String realmName) {
log.info("GET /api/users/export/csv - realm: {}", realmName); log.info("GET /api/users/export/csv - realm: {}", realmName);
UserSearchCriteriaDTO criteria = UserSearchCriteriaDTO.builder() UserSearchCriteriaDTO criteria = UserSearchCriteriaDTO.builder()
.realmName(realmName) .realmName(realmName)
.page(0) .page(0)
.pageSize(10_000) .pageSize(10_000)
.build(); .build();
String csv = userService.exportUsersToCSV(criteria); String csv = userService.exportUsersToCSV(criteria);
return Response.ok(csv) return Response.ok(csv)
.type(MediaType.valueOf("text/csv")) .type(MediaType.valueOf("text/csv"))
.header("Content-Disposition", "attachment; filename=\"users-" + (realmName != null ? realmName : "export") + ".csv\"") .header("Content-Disposition", "attachment; filename=\"users-" + (realmName != null ? realmName : "export") + ".csv\"")
.build(); .build();
} }
@Override @Override
@POST @POST
@jakarta.ws.rs.Path("/import/csv") @jakarta.ws.rs.Path("/import/csv")
@jakarta.ws.rs.Consumes(MediaType.TEXT_PLAIN) @jakarta.ws.rs.Consumes(MediaType.TEXT_PLAIN)
@RolesAllowed({ "admin", "user_manager" }) @RolesAllowed({ "admin", "user_manager" })
public ImportResultDTO importUsersFromCSV(@QueryParam("realm") String realmName, String csvContent) { public ImportResultDTO importUsersFromCSV(@QueryParam("realm") String realmName, String csvContent) {
log.info("POST /api/users/import/csv - realm: {}", realmName); log.info("POST /api/users/import/csv - realm: {}", realmName);
return userService.importUsersFromCSV(csvContent, realmName); return userService.importUsersFromCSV(csvContent, realmName);
} }
} }

76
src/main/java/dev/lions/user/manager/security/DevModeSecurityAugmentor.java
View File

@@ -1,38 +1,38 @@
package dev.lions.user.manager.security; package dev.lions.user.manager.security;
import io.quarkus.security.identity.AuthenticationRequestContext; import io.quarkus.security.identity.AuthenticationRequestContext;
import io.quarkus.security.identity.SecurityIdentity; import io.quarkus.security.identity.SecurityIdentity;
import io.quarkus.security.identity.SecurityIdentityAugmentor; import io.quarkus.security.identity.SecurityIdentityAugmentor;
import io.quarkus.security.runtime.QuarkusSecurityIdentity; import io.quarkus.security.runtime.QuarkusSecurityIdentity;
import io.quarkus.arc.profile.IfBuildProfile; import io.quarkus.arc.profile.IfBuildProfile;
import io.smallrye.mutiny.Uni; import io.smallrye.mutiny.Uni;
import jakarta.enterprise.context.ApplicationScoped; import jakarta.enterprise.context.ApplicationScoped;
import org.eclipse.microprofile.config.inject.ConfigProperty; import org.eclipse.microprofile.config.inject.ConfigProperty;
import java.util.Set; import java.util.Set;
/** /**
* Augmenteur de sécurité pour le mode DEV * Augmenteur de sécurité pour le mode DEV
* Ajoute automatiquement les rôles admin et user_manager à toutes les requêtes * Ajoute automatiquement les rôles admin et user_manager à toutes les requêtes
* Permet de tester l'API sans authentification Keycloak * Permet de tester l'API sans authentification Keycloak
*/ */
@ApplicationScoped @ApplicationScoped
@IfBuildProfile("dev") @IfBuildProfile("dev")
public class DevModeSecurityAugmentor implements SecurityIdentityAugmentor { public class DevModeSecurityAugmentor implements SecurityIdentityAugmentor {
@ConfigProperty(name = "quarkus.oidc.enabled", defaultValue = "true") @ConfigProperty(name = "quarkus.oidc.enabled", defaultValue = "true")
boolean oidcEnabled; boolean oidcEnabled;
@Override @Override
public Uni<SecurityIdentity> augment(SecurityIdentity identity, AuthenticationRequestContext context) { public Uni<SecurityIdentity> augment(SecurityIdentity identity, AuthenticationRequestContext context) {
// Seulement actif si OIDC est désactivé (mode DEV) // Seulement actif si OIDC est désactivé (mode DEV)
if (!oidcEnabled && identity.isAnonymous()) { if (!oidcEnabled && identity.isAnonymous()) {
// Créer une identité avec les rôles nécessaires pour DEV // Créer une identité avec les rôles nécessaires pour DEV
return Uni.createFrom().item(QuarkusSecurityIdentity.builder(identity) return Uni.createFrom().item(QuarkusSecurityIdentity.builder(identity)
.setPrincipal(() -> "dev-user") .setPrincipal(() -> "dev-user")
.addRoles(Set.of("admin", "user_manager", "user_viewer")) .addRoles(Set.of("admin", "user_manager", "user_viewer"))
.build()); .build());
} }
return Uni.createFrom().item(identity); return Uni.createFrom().item(identity);
} }
} }

188
src/main/java/dev/lions/user/manager/security/DevSecurityContextProducer.java
View File

@@ -1,94 +1,94 @@
package dev.lions.user.manager.security; package dev.lions.user.manager.security;
import jakarta.annotation.Priority; import jakarta.annotation.Priority;
import jakarta.inject.Inject; import jakarta.inject.Inject;
import jakarta.ws.rs.Priorities; import jakarta.ws.rs.Priorities;
import jakarta.ws.rs.container.ContainerRequestContext; import jakarta.ws.rs.container.ContainerRequestContext;
import jakarta.ws.rs.container.ContainerRequestFilter; import jakarta.ws.rs.container.ContainerRequestFilter;
import jakarta.ws.rs.core.SecurityContext; import jakarta.ws.rs.core.SecurityContext;
import jakarta.ws.rs.ext.Provider; import jakarta.ws.rs.ext.Provider;
import org.eclipse.microprofile.config.inject.ConfigProperty; import org.eclipse.microprofile.config.inject.ConfigProperty;
import org.jboss.logging.Logger; import org.jboss.logging.Logger;
import java.security.Principal; import java.security.Principal;
/** /**
* Filtre JAX-RS pour remplacer le SecurityContext en mode développement * Filtre JAX-RS pour remplacer le SecurityContext en mode développement
* En dev, remplace le SecurityContext par un mock qui autorise tous les rôles * En dev, remplace le SecurityContext par un mock qui autorise tous les rôles
* En prod, laisse le SecurityContext réel de Quarkus * En prod, laisse le SecurityContext réel de Quarkus
*/ */
@Provider @Provider
@Priority(Priorities.AUTHENTICATION - 10) // S'exécute très tôt, avant l'authentification @Priority(Priorities.AUTHENTICATION - 10) // S'exécute très tôt, avant l'authentification
public class DevSecurityContextProducer implements ContainerRequestFilter { public class DevSecurityContextProducer implements ContainerRequestFilter {
private static final Logger LOG = Logger.getLogger(DevSecurityContextProducer.class); private static final Logger LOG = Logger.getLogger(DevSecurityContextProducer.class);
@Inject @Inject
@ConfigProperty(name = "quarkus.profile", defaultValue = "prod") @ConfigProperty(name = "quarkus.profile", defaultValue = "prod")
String profile; String profile;
@Inject @Inject
@ConfigProperty(name = "quarkus.oidc.enabled", defaultValue = "true") @ConfigProperty(name = "quarkus.oidc.enabled", defaultValue = "true")
boolean oidcEnabled; boolean oidcEnabled;
@Override @Override
public void filter(ContainerRequestContext requestContext) { public void filter(ContainerRequestContext requestContext) {
// Détecter le mode dev : si OIDC est désactivé, on est probablement en dev // Détecter le mode dev : si OIDC est désactivé, on est probablement en dev
// ou si le profil est explicitement "dev" ou "development" // ou si le profil est explicitement "dev" ou "development"
boolean isDevMode = !oidcEnabled || "dev".equals(profile) || "development".equals(profile); boolean isDevMode = !oidcEnabled || "dev".equals(profile) || "development".equals(profile);
if (isDevMode) { if (isDevMode) {
String path = requestContext.getUriInfo().getPath(); String path = requestContext.getUriInfo().getPath();
LOG.infof("Mode dev détecté (profile=%s, oidc.enabled=%s): remplacement du SecurityContext pour le chemin %s", LOG.infof("Mode dev détecté (profile=%s, oidc.enabled=%s): remplacement du SecurityContext pour le chemin %s",
profile, oidcEnabled, path); profile, oidcEnabled, path);
SecurityContext original = requestContext.getSecurityContext(); SecurityContext original = requestContext.getSecurityContext();
requestContext.setSecurityContext(new DevSecurityContext(original)); requestContext.setSecurityContext(new DevSecurityContext(original));
LOG.debugf("SecurityContext remplacé - isUserInRole('admin')=%s, isUserInRole('user_manager')=%s", LOG.debugf("SecurityContext remplacé - isUserInRole('admin')=%s, isUserInRole('user_manager')=%s",
new DevSecurityContext(original).isUserInRole("admin"), new DevSecurityContext(original).isUserInRole("admin"),
new DevSecurityContext(original).isUserInRole("user_manager")); new DevSecurityContext(original).isUserInRole("user_manager"));
} else { } else {
LOG.debugf("Mode prod - SecurityContext original conservé (profile=%s, oidc.enabled=%s)", profile, oidcEnabled); LOG.debugf("Mode prod - SecurityContext original conservé (profile=%s, oidc.enabled=%s)", profile, oidcEnabled);
} }
} }
/** /**
* SecurityContext mock pour le mode développement * SecurityContext mock pour le mode développement
* Simule un utilisateur avec tous les rôles nécessaires * Simule un utilisateur avec tous les rôles nécessaires
*/ */
private static class DevSecurityContext implements SecurityContext { private static class DevSecurityContext implements SecurityContext {
private final SecurityContext original; private final SecurityContext original;
private final Principal principal = new Principal() { private final Principal principal = new Principal() {
@Override @Override
public String getName() { public String getName() {
return "dev-user"; return "dev-user";
} }
}; };
public DevSecurityContext(SecurityContext original) { public DevSecurityContext(SecurityContext original) {
this.original = original; this.original = original;
} }
@Override @Override
public Principal getUserPrincipal() { public Principal getUserPrincipal() {
return principal; return principal;
} }
@Override @Override
public boolean isUserInRole(String role) { public boolean isUserInRole(String role) {
// En dev, autoriser tous les rôles // En dev, autoriser tous les rôles
return true; return true;
} }
@Override @Override
public boolean isSecure() { public boolean isSecure() {
return original != null ? original.isSecure() : false; return original != null ? original.isSecure() : false;
} }
@Override @Override
public String getAuthenticationScheme() { public String getAuthenticationScheme() {
return "DEV"; return "DEV";
} }
} }
} }

418
src/main/java/dev/lions/user/manager/server/impl/entity/AuditLogEntity.java
View File

@@ -1,209 +1,209 @@
package dev.lions.user.manager.server.impl.entity; package dev.lions.user.manager.server.impl.entity;
import dev.lions.user.manager.enums.audit.TypeActionAudit; import dev.lions.user.manager.enums.audit.TypeActionAudit;
import io.quarkus.hibernate.orm.panache.PanacheEntity; import io.quarkus.hibernate.orm.panache.PanacheEntity;
import jakarta.persistence.*; import jakarta.persistence.*;
import lombok.Data; import lombok.Data;
import lombok.EqualsAndHashCode; import lombok.EqualsAndHashCode;
import java.time.LocalDateTime; import java.time.LocalDateTime;
/** /**
* Entité JPA pour la persistance des logs d'audit en base de données PostgreSQL. * Entité JPA pour la persistance des logs d'audit en base de données PostgreSQL.
* *
* <p>Cette entité représente un enregistrement d'audit qui track toutes les actions * <p>Cette entité représente un enregistrement d'audit qui track toutes les actions
* effectuées sur les utilisateurs du système (création, modification, suppression, etc.).</p> * effectuées sur les utilisateurs du système (création, modification, suppression, etc.).</p>
* *
* <p><b>Utilisation:</b></p> * <p><b>Utilisation:</b></p>
* <pre> * <pre>
* AuditLogEntity auditLog = new AuditLogEntity(); * AuditLogEntity auditLog = new AuditLogEntity();
* auditLog.setUserId("user-123"); * auditLog.setUserId("user-123");
* auditLog.setAction(TypeActionAudit.CREATION_UTILISATEUR); * auditLog.setAction(TypeActionAudit.CREATION_UTILISATEUR);
* auditLog.setDetails("Utilisateur créé avec succès"); * auditLog.setDetails("Utilisateur créé avec succès");
* auditLog.setAuteurAction("admin"); * auditLog.setAuteurAction("admin");
* auditLog.setTimestamp(LocalDateTime.now()); * auditLog.setTimestamp(LocalDateTime.now());
* auditLog.persist(); * auditLog.persist();
* </pre> * </pre>
* *
* @see dev.lions.user.manager.server.api.dto.AuditLogDTO * @see dev.lions.user.manager.server.api.dto.AuditLogDTO
* @see TypeActionAudit * @see TypeActionAudit
* @author Lions Development Team * @author Lions Development Team
* @version 1.0.0 * @version 1.0.0
* @since 2026-01-02 * @since 2026-01-02
*/ */
@Entity @Entity
@Table( @Table(
name = "audit_logs", name = "audit_logs",
indexes = { indexes = {
@Index(name = "idx_audit_user_id", columnList = "user_id"), @Index(name = "idx_audit_user_id", columnList = "user_id"),
@Index(name = "idx_audit_action", columnList = "action"), @Index(name = "idx_audit_action", columnList = "action"),
@Index(name = "idx_audit_timestamp", columnList = "timestamp"), @Index(name = "idx_audit_timestamp", columnList = "timestamp"),
@Index(name = "idx_audit_auteur", columnList = "auteur_action") @Index(name = "idx_audit_auteur", columnList = "auteur_action")
} }
) )
@Data @Data
@EqualsAndHashCode(callSuper = true) @EqualsAndHashCode(callSuper = true)
public class AuditLogEntity extends PanacheEntity { public class AuditLogEntity extends PanacheEntity {
/** /**
* ID de l'utilisateur concerné par l'action. * ID de l'utilisateur concerné par l'action.
* <p>Peut être null pour les actions système qui ne concernent pas un utilisateur spécifique.</p> * <p>Peut être null pour les actions système qui ne concernent pas un utilisateur spécifique.</p>
*/ */
@Column(name = "user_id", length = 255) @Column(name = "user_id", length = 255)
private String userId; private String userId;
/** /**
* Type d'action effectuée (CREATION_UTILISATEUR, MODIFICATION_UTILISATEUR, etc.). * Type d'action effectuée (CREATION_UTILISATEUR, MODIFICATION_UTILISATEUR, etc.).
* <p>Stocké en tant que STRING pour faciliter la lecture en base de données.</p> * <p>Stocké en tant que STRING pour faciliter la lecture en base de données.</p>
*/ */
@Column(name = "action", nullable = false, length = 100) @Column(name = "action", nullable = false, length = 100)
@Enumerated(EnumType.STRING) @Enumerated(EnumType.STRING)
private TypeActionAudit action; private TypeActionAudit action;
/** /**
* Détails complémentaires sur l'action effectuée. * Détails complémentaires sur l'action effectuée.
* <p>Peut contenir des informations contextuelles comme les champs modifiés, * <p>Peut contenir des informations contextuelles comme les champs modifiés,
* les raisons d'une action, ou des messages d'erreur.</p> * les raisons d'une action, ou des messages d'erreur.</p>
*/ */
@Column(name = "details", columnDefinition = "TEXT") @Column(name = "details", columnDefinition = "TEXT")
private String details; private String details;
/** /**
* Identifiant de l'utilisateur qui a effectué l'action. * Identifiant de l'utilisateur qui a effectué l'action.
* <p>Généralement l'username ou l'ID de l'administrateur/utilisateur connecté.</p> * <p>Généralement l'username ou l'ID de l'administrateur/utilisateur connecté.</p>
*/ */
@Column(name = "auteur_action", nullable = false, length = 255) @Column(name = "auteur_action", nullable = false, length = 255)
private String auteurAction; private String auteurAction;
/** /**
* Timestamp précis de l'action. * Timestamp précis de l'action.
* <p>Utilisé pour l'ordre chronologique des logs et le filtrage temporel.</p> * <p>Utilisé pour l'ordre chronologique des logs et le filtrage temporel.</p>
*/ */
@Column(name = "timestamp", nullable = false) @Column(name = "timestamp", nullable = false)
private LocalDateTime timestamp; private LocalDateTime timestamp;
/** /**
* Adresse IP de l'auteur de l'action. * Adresse IP de l'auteur de l'action.
* <p>Utile pour la traçabilité et la détection d'anomalies.</p> * <p>Utile pour la traçabilité et la détection d'anomalies.</p>
*/ */
@Column(name = "ip_address", length = 45) @Column(name = "ip_address", length = 45)
private String ipAddress; private String ipAddress;
/** /**
* User-Agent du client (navigateur, application, etc.). * User-Agent du client (navigateur, application, etc.).
* <p>Permet d'identifier le type de client utilisé pour l'action.</p> * <p>Permet d'identifier le type de client utilisé pour l'action.</p>
*/ */
@Column(name = "user_agent", length = 500) @Column(name = "user_agent", length = 500)
private String userAgent; private String userAgent;
/** /**
* Nom du realm Keycloak concerné. * Nom du realm Keycloak concerné.
* <p>Important dans un environnement multi-tenant pour isoler les logs par realm.</p> * <p>Important dans un environnement multi-tenant pour isoler les logs par realm.</p>
*/ */
@Column(name = "realm_name", length = 255) @Column(name = "realm_name", length = 255)
private String realmName; private String realmName;
/** /**
* Indique si l'action a réussi ou échoué. * Indique si l'action a réussi ou échoué.
* <p>Permet de filtrer facilement les actions en erreur pour analyse.</p> * <p>Permet de filtrer facilement les actions en erreur pour analyse.</p>
*/ */
@Column(name = "success", nullable = false) @Column(name = "success", nullable = false)
private Boolean success = true; private Boolean success = true;
/** /**
* Message d'erreur en cas d'échec de l'action. * Message d'erreur en cas d'échec de l'action.
* <p>Null si success = true.</p> * <p>Null si success = true.</p>
*/ */
@Column(name = "error_message", columnDefinition = "TEXT") @Column(name = "error_message", columnDefinition = "TEXT")
private String errorMessage; private String errorMessage;
/** /**
* Constructeur par défaut requis par JPA. * Constructeur par défaut requis par JPA.
*/ */
public AuditLogEntity() { public AuditLogEntity() {
this.timestamp = LocalDateTime.now(); this.timestamp = LocalDateTime.now();
} }
/** /**
* Recherche tous les logs d'audit pour un utilisateur donné. * Recherche tous les logs d'audit pour un utilisateur donné.
* *
* @param userId ID de l'utilisateur * @param userId ID de l'utilisateur
* @return Liste des logs triés par timestamp décroissant * @return Liste des logs triés par timestamp décroissant
*/ */
public static java.util.List<AuditLogEntity> findByUserId(String userId) { public static java.util.List<AuditLogEntity> findByUserId(String userId) {
return list("userId = ?1 order by timestamp desc", userId); return list("userId = ?1 order by timestamp desc", userId);
} }
/** /**
* Recherche tous les logs d'audit d'un type d'action donné. * Recherche tous les logs d'audit d'un type d'action donné.
* *
* @param action Type d'action * @param action Type d'action
* @return Liste des logs triés par timestamp décroissant * @return Liste des logs triés par timestamp décroissant
*/ */
public static java.util.List<AuditLogEntity> findByAction(TypeActionAudit action) { public static java.util.List<AuditLogEntity> findByAction(TypeActionAudit action) {
return list("action = ?1 order by timestamp desc", action); return list("action = ?1 order by timestamp desc", action);
} }
/** /**
* Recherche tous les logs d'audit pour un auteur donné. * Recherche tous les logs d'audit pour un auteur donné.
* *
* @param auteurAction Identifiant de l'auteur * @param auteurAction Identifiant de l'auteur
* @return Liste des logs triés par timestamp décroissant * @return Liste des logs triés par timestamp décroissant
*/ */
public static java.util.List<AuditLogEntity> findByAuteur(String auteurAction) { public static java.util.List<AuditLogEntity> findByAuteur(String auteurAction) {
return list("auteurAction = ?1 order by timestamp desc", auteurAction); return list("auteurAction = ?1 order by timestamp desc", auteurAction);
} }
/** /**
* Recherche tous les logs d'audit dans une période donnée. * Recherche tous les logs d'audit dans une période donnée.
* *
* @param startDate Date de début (inclusive) * @param startDate Date de début (inclusive)
* @param endDate Date de fin (inclusive) * @param endDate Date de fin (inclusive)
* @return Liste des logs dans la période, triés par timestamp décroissant * @return Liste des logs dans la période, triés par timestamp décroissant
*/ */
public static java.util.List<AuditLogEntity> findByPeriod(LocalDateTime startDate, LocalDateTime endDate) { public static java.util.List<AuditLogEntity> findByPeriod(LocalDateTime startDate, LocalDateTime endDate) {
return list("timestamp >= ?1 and timestamp <= ?2 order by timestamp desc", startDate, endDate); return list("timestamp >= ?1 and timestamp <= ?2 order by timestamp desc", startDate, endDate);
} }
/** /**
* Recherche tous les logs d'audit pour un realm donné. * Recherche tous les logs d'audit pour un realm donné.
* *
* @param realmName Nom du realm * @param realmName Nom du realm
* @return Liste des logs triés par timestamp décroissant * @return Liste des logs triés par timestamp décroissant
*/ */
public static java.util.List<AuditLogEntity> findByRealm(String realmName) { public static java.util.List<AuditLogEntity> findByRealm(String realmName) {
return list("realmName = ?1 order by timestamp desc", realmName); return list("realmName = ?1 order by timestamp desc", realmName);
} }
/** /**
* Supprime tous les logs d'audit plus anciens qu'une date donnée. * Supprime tous les logs d'audit plus anciens qu'une date donnée.
* <p>Utile pour la maintenance et le respect des politiques de rétention.</p> * <p>Utile pour la maintenance et le respect des politiques de rétention.</p>
* *
* @param beforeDate Date limite (les logs avant cette date seront supprimés) * @param beforeDate Date limite (les logs avant cette date seront supprimés)
* @return Nombre de logs supprimés * @return Nombre de logs supprimés
*/ */
public static long deleteOlderThan(LocalDateTime beforeDate) { public static long deleteOlderThan(LocalDateTime beforeDate) {
return delete("timestamp < ?1", beforeDate); return delete("timestamp < ?1", beforeDate);
} }
/** /**
* Compte le nombre d'actions effectuées par un auteur donné. * Compte le nombre d'actions effectuées par un auteur donné.
* *
* @param auteurAction Identifiant de l'auteur * @param auteurAction Identifiant de l'auteur
* @return Nombre d'actions * @return Nombre d'actions
*/ */
public static long countByAuteur(String auteurAction) { public static long countByAuteur(String auteurAction) {
return count("auteurAction = ?1", auteurAction); return count("auteurAction = ?1", auteurAction);
} }
/** /**
* Compte le nombre d'échecs pour un utilisateur donné. * Compte le nombre d'échecs pour un utilisateur donné.
* <p>Utile pour détecter des problèmes récurrents.</p> * <p>Utile pour détecter des problèmes récurrents.</p>
* *
* @param userId ID de l'utilisateur * @param userId ID de l'utilisateur
* @return Nombre d'échecs * @return Nombre d'échecs
*/ */
public static long countFailuresByUserId(String userId) { public static long countFailuresByUserId(String userId) {
return count("userId = ?1 and success = false", userId); return count("userId = ?1 and success = false", userId);
} }
} }

100
src/main/java/dev/lions/user/manager/server/impl/entity/SyncHistoryEntity.java
View File

@@ -1,50 +1,50 @@
package dev.lions.user.manager.server.impl.entity; package dev.lions.user.manager.server.impl.entity;
import io.quarkus.hibernate.orm.panache.PanacheEntity; import io.quarkus.hibernate.orm.panache.PanacheEntity;
import jakarta.persistence.Column; import jakarta.persistence.Column;
import jakarta.persistence.Entity; import jakarta.persistence.Entity;
import jakarta.persistence.Table; import jakarta.persistence.Table;
import jakarta.persistence.Index; import jakarta.persistence.Index;
import lombok.Data; import lombok.Data;
import lombok.EqualsAndHashCode; import lombok.EqualsAndHashCode;
import java.time.LocalDateTime; import java.time.LocalDateTime;
/** /**
* Entité représentant l'historique des synchronisations avec Keycloak. * Entité représentant l'historique des synchronisations avec Keycloak.
*/ */
@Entity @Entity
@Table(name = "sync_history", indexes = { @Table(name = "sync_history", indexes = {
@Index(name = "idx_sync_realm", columnList = "realm_name"), @Index(name = "idx_sync_realm", columnList = "realm_name"),
@Index(name = "idx_sync_date", columnList = "sync_date") @Index(name = "idx_sync_date", columnList = "sync_date")
}) })
@Data @Data
@EqualsAndHashCode(callSuper = true) @EqualsAndHashCode(callSuper = true)
public class SyncHistoryEntity extends PanacheEntity { public class SyncHistoryEntity extends PanacheEntity {
@Column(name = "realm_name", nullable = false) @Column(name = "realm_name", nullable = false)
private String realmName; private String realmName;
@Column(name = "sync_date", nullable = false) @Column(name = "sync_date", nullable = false)
private LocalDateTime syncDate; private LocalDateTime syncDate;
// USER ou ROLE // USER ou ROLE
@Column(name = "sync_type", nullable = false) @Column(name = "sync_type", nullable = false)
private String syncType; private String syncType;
@Column(name = "status", nullable = false) // SUCCESS, FAILURE @Column(name = "status", nullable = false) // SUCCESS, FAILURE
private String status; private String status;
@Column(name = "items_processed") @Column(name = "items_processed")
private Integer itemsProcessed; private Integer itemsProcessed;
@Column(name = "duration_ms") @Column(name = "duration_ms")
private Long durationMs; private Long durationMs;
@Column(name = "error_message", columnDefinition = "TEXT") @Column(name = "error_message", columnDefinition = "TEXT")
private String errorMessage; private String errorMessage;
public SyncHistoryEntity() { public SyncHistoryEntity() {
this.syncDate = LocalDateTime.now(); this.syncDate = LocalDateTime.now();
} }
} }

64
src/main/java/dev/lions/user/manager/server/impl/entity/SyncedRoleEntity.java
View File

@@ -1,32 +1,32 @@
package dev.lions.user.manager.server.impl.entity; package dev.lions.user.manager.server.impl.entity;
import io.quarkus.hibernate.orm.panache.PanacheEntity; import io.quarkus.hibernate.orm.panache.PanacheEntity;
import jakarta.persistence.Column; import jakarta.persistence.Column;
import jakarta.persistence.Entity; import jakarta.persistence.Entity;
import jakarta.persistence.Index; import jakarta.persistence.Index;
import jakarta.persistence.Table; import jakarta.persistence.Table;
import lombok.Data; import lombok.Data;
import lombok.EqualsAndHashCode; import lombok.EqualsAndHashCode;
/** /**
* Snapshot local d'un rôle Keycloak synchronisé. * Snapshot local d'un rôle Keycloak synchronisé.
*/ */
@Entity @Entity
@Table(name = "synced_role", indexes = { @Table(name = "synced_role", indexes = {
@Index(name = "idx_synced_role_realm", columnList = "realm_name"), @Index(name = "idx_synced_role_realm", columnList = "realm_name"),
@Index(name = "idx_synced_role_realm_name", columnList = "realm_name,role_name", unique = true) @Index(name = "idx_synced_role_realm_name", columnList = "realm_name,role_name", unique = true)
}) })
@Data @Data
@EqualsAndHashCode(callSuper = true) @EqualsAndHashCode(callSuper = true)
public class SyncedRoleEntity extends PanacheEntity { public class SyncedRoleEntity extends PanacheEntity {
@Column(name = "realm_name", nullable = false) @Column(name = "realm_name", nullable = false)
private String realmName; private String realmName;
@Column(name = "role_name", nullable = false) @Column(name = "role_name", nullable = false)
private String roleName; private String roleName;
@Column(name = "description") @Column(name = "description")
private String description; private String description;
} }

94
src/main/java/dev/lions/user/manager/server/impl/entity/SyncedUserEntity.java
View File

@@ -1,47 +1,47 @@
package dev.lions.user.manager.server.impl.entity; package dev.lions.user.manager.server.impl.entity;
import io.quarkus.hibernate.orm.panache.PanacheEntity; import io.quarkus.hibernate.orm.panache.PanacheEntity;
import jakarta.persistence.Column; import jakarta.persistence.Column;
import jakarta.persistence.Entity; import jakarta.persistence.Entity;
import jakarta.persistence.Index; import jakarta.persistence.Index;
import jakarta.persistence.Table; import jakarta.persistence.Table;
import lombok.Data; import lombok.Data;
import lombok.EqualsAndHashCode; import lombok.EqualsAndHashCode;
import java.time.LocalDateTime; import java.time.LocalDateTime;
/** /**
* Snapshot local d'un utilisateur Keycloak synchronisé. * Snapshot local d'un utilisateur Keycloak synchronisé.
* Permet de conserver un état minimal pour des rapports ou vérifications de cohérence. * Permet de conserver un état minimal pour des rapports ou vérifications de cohérence.
*/ */
@Entity @Entity
@Table(name = "synced_user", indexes = { @Table(name = "synced_user", indexes = {
@Index(name = "idx_synced_user_realm", columnList = "realm_name"), @Index(name = "idx_synced_user_realm", columnList = "realm_name"),
@Index(name = "idx_synced_user_realm_kc_id", columnList = "realm_name,keycloak_id", unique = true) @Index(name = "idx_synced_user_realm_kc_id", columnList = "realm_name,keycloak_id", unique = true)
}) })
@Data @Data
@EqualsAndHashCode(callSuper = true) @EqualsAndHashCode(callSuper = true)
public class SyncedUserEntity extends PanacheEntity { public class SyncedUserEntity extends PanacheEntity {
@Column(name = "realm_name", nullable = false) @Column(name = "realm_name", nullable = false)
private String realmName; private String realmName;
@Column(name = "keycloak_id", nullable = false) @Column(name = "keycloak_id", nullable = false)
private String keycloakId; private String keycloakId;
@Column(name = "username", nullable = false) @Column(name = "username", nullable = false)
private String username; private String username;
@Column(name = "email") @Column(name = "email")
private String email; private String email;
@Column(name = "enabled") @Column(name = "enabled")
private Boolean enabled; private Boolean enabled;
@Column(name = "email_verified") @Column(name = "email_verified")
private Boolean emailVerified; private Boolean emailVerified;
@Column(name = "created_at") @Column(name = "created_at")
private LocalDateTime createdAt; private LocalDateTime createdAt;
} }

186
src/main/java/dev/lions/user/manager/server/impl/interceptor/AuditInterceptor.java
View File

@@ -1,93 +1,93 @@
package dev.lions.user.manager.server.impl.interceptor; package dev.lions.user.manager.server.impl.interceptor;
import dev.lions.user.manager.dto.audit.AuditLogDTO; import dev.lions.user.manager.dto.audit.AuditLogDTO;
import dev.lions.user.manager.enums.audit.TypeActionAudit; import dev.lions.user.manager.enums.audit.TypeActionAudit;
import dev.lions.user.manager.service.AuditService; import dev.lions.user.manager.service.AuditService;
import io.quarkus.security.identity.SecurityIdentity; import io.quarkus.security.identity.SecurityIdentity;
import jakarta.annotation.Priority; import jakarta.annotation.Priority;
import jakarta.inject.Inject; import jakarta.inject.Inject;
import jakarta.interceptor.AroundInvoke; import jakarta.interceptor.AroundInvoke;
import jakarta.interceptor.Interceptor; import jakarta.interceptor.Interceptor;
import jakarta.interceptor.InvocationContext; import jakarta.interceptor.InvocationContext;
import lombok.extern.slf4j.Slf4j; import lombok.extern.slf4j.Slf4j;
import java.time.LocalDateTime; import java.time.LocalDateTime;
@Logged @Logged
@Interceptor @Interceptor
@Priority(Interceptor.Priority.APPLICATION) @Priority(Interceptor.Priority.APPLICATION)
@Slf4j @Slf4j
public class AuditInterceptor { public class AuditInterceptor {
@Inject @Inject
AuditService auditService; AuditService auditService;
@Inject @Inject
SecurityIdentity securityIdentity; SecurityIdentity securityIdentity;
@AroundInvoke @AroundInvoke
public Object auditMethod(InvocationContext context) throws Exception { public Object auditMethod(InvocationContext context) throws Exception {
Logged annotation = context.getMethod().getAnnotation(Logged.class); Logged annotation = context.getMethod().getAnnotation(Logged.class);
if (annotation == null) { if (annotation == null) {
annotation = context.getTarget().getClass().getAnnotation(Logged.class); annotation = context.getTarget().getClass().getAnnotation(Logged.class);
} }
String actionStr = annotation != null ? annotation.action() : "UNKNOWN"; String actionStr = annotation != null ? annotation.action() : "UNKNOWN";
String resourceType = annotation != null ? annotation.resource() : "UNKNOWN"; String resourceType = annotation != null ? annotation.resource() : "UNKNOWN";
String username = securityIdentity.isAnonymous() ? "anonymous" : securityIdentity.getPrincipal().getName(); String username = securityIdentity.isAnonymous() ? "anonymous" : securityIdentity.getPrincipal().getName();
// Extraction du realm depuis l'issuer JWT (ex: http://keycloak/realms/lions-user-manager) // Extraction du realm depuis l'issuer JWT (ex: http://keycloak/realms/lions-user-manager)
String realmName = "unknown"; String realmName = "unknown";
if (!securityIdentity.isAnonymous() if (!securityIdentity.isAnonymous()
&& securityIdentity.getPrincipal() instanceof org.eclipse.microprofile.jwt.JsonWebToken jwt) { && securityIdentity.getPrincipal() instanceof org.eclipse.microprofile.jwt.JsonWebToken jwt) {
String issuer = jwt.getIssuer(); String issuer = jwt.getIssuer();
if (issuer != null && issuer.contains("/realms/")) { if (issuer != null && issuer.contains("/realms/")) {
realmName = issuer.substring(issuer.lastIndexOf("/realms/") + 8); realmName = issuer.substring(issuer.lastIndexOf("/realms/") + 8);
} }
} }
// Tentative d'extraction de l'ID de la ressource (1er argument String) // Tentative d'extraction de l'ID de la ressource (1er argument String)
String resourceId = ""; String resourceId = "";
if (context.getParameters().length > 0 && context.getParameters()[0] instanceof String) { if (context.getParameters().length > 0 && context.getParameters()[0] instanceof String) {
resourceId = (String) context.getParameters()[0]; resourceId = (String) context.getParameters()[0];
} }
try { try {
Object result = context.proceed(); Object result = context.proceed();
// Log Success // Log Success
try { try {
TypeActionAudit action = TypeActionAudit.valueOf(actionStr); TypeActionAudit action = TypeActionAudit.valueOf(actionStr);
auditService.logSuccess( auditService.logSuccess(
action, action,
resourceType, resourceType,
resourceId, resourceId,
null, null,
realmName, realmName,
username, username,
"Action réussie via AOP"); "Action réussie via AOP");
} catch (IllegalArgumentException e) { } catch (IllegalArgumentException e) {
log.warn("Type d'action audit inconnu: {}", actionStr); log.warn("Type d'action audit inconnu: {}", actionStr);
} }
return result; return result;
} catch (Exception e) { } catch (Exception e) {
// Log Failure // Log Failure
try { try {
TypeActionAudit action = TypeActionAudit.valueOf(actionStr); TypeActionAudit action = TypeActionAudit.valueOf(actionStr);
auditService.logFailure( auditService.logFailure(
action, action,
resourceType, resourceType,
resourceId, resourceId,
null, null,
realmName, realmName,
username, username,
"ERROR", "ERROR",
e.getMessage()); e.getMessage());
} catch (IllegalArgumentException ex) { } catch (IllegalArgumentException ex) {
log.warn("Type d'action audit inconnu: {}", actionStr); log.warn("Type d'action audit inconnu: {}", actionStr);
} }
throw e; throw e;
} }
} }
} }

52
src/main/java/dev/lions/user/manager/server/impl/interceptor/Logged.java
View File

@@ -1,26 +1,26 @@
package dev.lions.user.manager.server.impl.interceptor; package dev.lions.user.manager.server.impl.interceptor;
import jakarta.interceptor.InterceptorBinding; import jakarta.interceptor.InterceptorBinding;
import java.lang.annotation.ElementType; import java.lang.annotation.ElementType;
import java.lang.annotation.Retention; import java.lang.annotation.Retention;
import java.lang.annotation.RetentionPolicy; import java.lang.annotation.RetentionPolicy;
import java.lang.annotation.Target; import java.lang.annotation.Target;
/** /**
* Annotation pour auditer automatiquement l'exécution d'une méthode. * Annotation pour auditer automatiquement l'exécution d'une méthode.
*/ */
@InterceptorBinding @InterceptorBinding
@Target({ ElementType.METHOD, ElementType.TYPE }) @Target({ ElementType.METHOD, ElementType.TYPE })
@Retention(RetentionPolicy.RUNTIME) @Retention(RetentionPolicy.RUNTIME)
public @interface Logged { public @interface Logged {
/** /**
* Type d'action d'audit (ex: UPDATE_USER). * Type d'action d'audit (ex: UPDATE_USER).
*/ */
String action() default ""; String action() default "";
/** /**
* Type de ressource concernée (ex: USER). * Type de ressource concernée (ex: USER).
*/ */
String resource() default ""; String resource() default "";
} }

358
src/main/java/dev/lions/user/manager/server/impl/mapper/AuditLogMapper.java
View File

@@ -1,179 +1,179 @@
package dev.lions.user.manager.server.impl.mapper; package dev.lions.user.manager.server.impl.mapper;
import dev.lions.user.manager.dto.audit.AuditLogDTO; import dev.lions.user.manager.dto.audit.AuditLogDTO;
import dev.lions.user.manager.server.impl.entity.AuditLogEntity; import dev.lions.user.manager.server.impl.entity.AuditLogEntity;
import org.mapstruct.*; import org.mapstruct.*;
import java.util.List; import java.util.List;
/** /**
* Mapper MapStruct pour la conversion entre AuditLogEntity (JPA) et AuditLogDTO (API). * Mapper MapStruct pour la conversion entre AuditLogEntity (JPA) et AuditLogDTO (API).
* *
* <p>Ce mapper gère la transformation bidirectionnelle entre l'entité de persistance * <p>Ce mapper gère la transformation bidirectionnelle entre l'entité de persistance
* et le DTO exposé via l'API REST, avec mapping automatique des champs compatibles.</p> * et le DTO exposé via l'API REST, avec mapping automatique des champs compatibles.</p>
* *
* <p><b>Fonctionnalités:</b></p> * <p><b>Fonctionnalités:</b></p>
* <ul> * <ul>
* <li>Conversion Entity → DTO pour lecture/API</li> * <li>Conversion Entity → DTO pour lecture/API</li>
* <li>Conversion DTO → Entity pour persistance</li> * <li>Conversion DTO → Entity pour persistance</li>
* <li>Mapping de listes pour opérations bulk</li> * <li>Mapping de listes pour opérations bulk</li>
* <li>Gestion automatique des types LocalDateTime</li> * <li>Gestion automatique des types LocalDateTime</li>
* <li>Mapping des enums (TypeActionAudit)</li> * <li>Mapping des enums (TypeActionAudit)</li>
* </ul> * </ul>
* *
* <p><b>Utilisation:</b></p> * <p><b>Utilisation:</b></p>
* <pre> * <pre>
* {@literal @}Inject * {@literal @}Inject
* AuditLogMapper mapper; * AuditLogMapper mapper;
* *
* // Entity → DTO * // Entity → DTO
* AuditLogDTO dto = mapper.toDTO(entity); * AuditLogDTO dto = mapper.toDTO(entity);
* *
* // DTO → Entity * // DTO → Entity
* AuditLogEntity entity = mapper.toEntity(dto); * AuditLogEntity entity = mapper.toEntity(dto);
* *
* // Liste Entity → Liste DTO * // Liste Entity → Liste DTO
* List&lt;AuditLogDTO&gt; dtos = mapper.toDTOList(entities); * List&lt;AuditLogDTO&gt; dtos = mapper.toDTOList(entities);
* </pre> * </pre>
* *
* @see AuditLogEntity * @see AuditLogEntity
* @see AuditLogDTO * @see AuditLogDTO
* @author Lions Development Team * @author Lions Development Team
* @version 1.0.0 * @version 1.0.0
* @since 2026-01-02 * @since 2026-01-02
*/ */
@Mapper( @Mapper(
componentModel = MappingConstants.ComponentModel.JAKARTA_CDI, componentModel = MappingConstants.ComponentModel.JAKARTA_CDI,
injectionStrategy = InjectionStrategy.CONSTRUCTOR, injectionStrategy = InjectionStrategy.CONSTRUCTOR,
unmappedTargetPolicy = ReportingPolicy.IGNORE unmappedTargetPolicy = ReportingPolicy.IGNORE
) )
public interface AuditLogMapper { public interface AuditLogMapper {
/** /**
* Convertit une entité AuditLogEntity en DTO AuditLogDTO. * Convertit une entité AuditLogEntity en DTO AuditLogDTO.
* *
* <p>Mapping des champs Entity → DTO:</p> * <p>Mapping des champs Entity → DTO:</p>
* <ul> * <ul>
* <li>id (Long) → id (String)</li> * <li>id (Long) → id (String)</li>
* <li>userId → ressourceId</li> * <li>userId → ressourceId</li>
* <li>action → typeAction</li> * <li>action → typeAction</li>
* <li>details → description</li> * <li>details → description</li>
* <li>auteurAction → acteurUsername</li> * <li>auteurAction → acteurUsername</li>
* <li>timestamp → dateAction</li> * <li>timestamp → dateAction</li>
* <li>ipAddress → ipAddress</li> * <li>ipAddress → ipAddress</li>
* <li>userAgent → userAgent</li> * <li>userAgent → userAgent</li>
* <li>realmName → realmName</li> * <li>realmName → realmName</li>
* <li>success → success</li> * <li>success → success</li>
* <li>errorMessage → errorMessage</li> * <li>errorMessage → errorMessage</li>
* </ul> * </ul>
* *
* @param entity L'entité JPA à convertir (peut être null) * @param entity L'entité JPA à convertir (peut être null)
* @return Le DTO correspondant, ou null si l'entité est null * @return Le DTO correspondant, ou null si l'entité est null
*/ */
@Mapping(target = "id", source = "id", qualifiedByName = "longToString") @Mapping(target = "id", source = "id", qualifiedByName = "longToString")
@Mapping(target = "ressourceId", source = "userId") @Mapping(target = "ressourceId", source = "userId")
@Mapping(target = "typeAction", source = "action") @Mapping(target = "typeAction", source = "action")
@Mapping(target = "description", source = "details") @Mapping(target = "description", source = "details")
@Mapping(target = "acteurUsername", source = "auteurAction") @Mapping(target = "acteurUsername", source = "auteurAction")
@Mapping(target = "dateAction", source = "timestamp") @Mapping(target = "dateAction", source = "timestamp")
AuditLogDTO toDTO(AuditLogEntity entity); AuditLogDTO toDTO(AuditLogEntity entity);
/** /**
* Convertit un DTO AuditLogDTO en entité AuditLogEntity. * Convertit un DTO AuditLogDTO en entité AuditLogEntity.
* *
* <p>Utilisé pour créer une nouvelle entité à persister depuis les données API.</p> * <p>Utilisé pour créer une nouvelle entité à persister depuis les données API.</p>
* *
* <p><b>Note:</b> L'ID de l'entité sera null (auto-généré par la DB), * <p><b>Note:</b> L'ID de l'entité sera null (auto-généré par la DB),
* même si l'ID du DTO est renseigné.</p> * même si l'ID du DTO est renseigné.</p>
* *
* @param dto Le DTO à convertir (peut être null) * @param dto Le DTO à convertir (peut être null)
* @return L'entité JPA correspondante, ou null si le DTO est null * @return L'entité JPA correspondante, ou null si le DTO est null
*/ */
@Mapping(target = "id", ignore = true) // L'ID sera généré par la DB @Mapping(target = "id", ignore = true) // L'ID sera généré par la DB
@Mapping(target = "userId", source = "ressourceId") @Mapping(target = "userId", source = "ressourceId")
@Mapping(target = "action", source = "typeAction") @Mapping(target = "action", source = "typeAction")
@Mapping(target = "details", source = "description") @Mapping(target = "details", source = "description")
@Mapping(target = "auteurAction", source = "acteurUsername") @Mapping(target = "auteurAction", source = "acteurUsername")
@Mapping(target = "timestamp", source = "dateAction") @Mapping(target = "timestamp", source = "dateAction")
AuditLogEntity toEntity(AuditLogDTO dto); AuditLogEntity toEntity(AuditLogDTO dto);
/** /**
* Convertit une liste d'entités en liste de DTOs. * Convertit une liste d'entités en liste de DTOs.
* *
* <p>Utile pour les recherches qui retournent plusieurs résultats.</p> * <p>Utile pour les recherches qui retournent plusieurs résultats.</p>
* *
* @param entities Liste des entités à convertir (peut être null ou vide) * @param entities Liste des entités à convertir (peut être null ou vide)
* @return Liste des DTOs correspondants, ou liste vide si entities est null/vide * @return Liste des DTOs correspondants, ou liste vide si entities est null/vide
*/ */
List<AuditLogDTO> toDTOList(List<AuditLogEntity> entities); List<AuditLogDTO> toDTOList(List<AuditLogEntity> entities);
/** /**
* Convertit une liste de DTOs en liste d'entités. * Convertit une liste de DTOs en liste d'entités.
* *
* <p>Utile pour les opérations d'import ou de création en masse.</p> * <p>Utile pour les opérations d'import ou de création en masse.</p>
* *
* @param dtos Liste des DTOs à convertir (peut être null ou vide) * @param dtos Liste des DTOs à convertir (peut être null ou vide)
* @return Liste des entités correspondantes, ou liste vide si dtos est null/vide * @return Liste des entités correspondantes, ou liste vide si dtos est null/vide
*/ */
List<AuditLogEntity> toEntityList(List<AuditLogDTO> dtos); List<AuditLogEntity> toEntityList(List<AuditLogDTO> dtos);
/** /**
* Met à jour une entité existante avec les données d'un DTO. * Met à jour une entité existante avec les données d'un DTO.
* *
* <p>Préserve l'ID de l'entité et ne met à jour que les champs * <p>Préserve l'ID de l'entité et ne met à jour que les champs
* présents dans le DTO.</p> * présents dans le DTO.</p>
* *
* <p><b>Utilisation:</b></p> * <p><b>Utilisation:</b></p>
* <pre> * <pre>
* AuditLogEntity existingEntity = AuditLogEntity.findById(id); * AuditLogEntity existingEntity = AuditLogEntity.findById(id);
* mapper.updateEntityFromDTO(dto, existingEntity); * mapper.updateEntityFromDTO(dto, existingEntity);
* existingEntity.persist(); * existingEntity.persist();
* </pre> * </pre>
* *
* @param dto Le DTO source contenant les nouvelles valeurs * @param dto Le DTO source contenant les nouvelles valeurs
* @param entity L'entité cible à mettre à jour * @param entity L'entité cible à mettre à jour
*/ */
@Mapping(target = "id", ignore = true) // Préserve l'ID existant @Mapping(target = "id", ignore = true) // Préserve l'ID existant
@Mapping(target = "userId", source = "ressourceId") @Mapping(target = "userId", source = "ressourceId")
@Mapping(target = "action", source = "typeAction") @Mapping(target = "action", source = "typeAction")
@Mapping(target = "details", source = "description") @Mapping(target = "details", source = "description")
@Mapping(target = "auteurAction", source = "acteurUsername") @Mapping(target = "auteurAction", source = "acteurUsername")
@Mapping(target = "timestamp", source = "dateAction") @Mapping(target = "timestamp", source = "dateAction")
@BeanMapping(nullValuePropertyMappingStrategy = NullValuePropertyMappingStrategy.IGNORE) @BeanMapping(nullValuePropertyMappingStrategy = NullValuePropertyMappingStrategy.IGNORE)
void updateEntityFromDTO(AuditLogDTO dto, @MappingTarget AuditLogEntity entity); void updateEntityFromDTO(AuditLogDTO dto, @MappingTarget AuditLogEntity entity);
/** /**
* Convertit un Long (ID de l'entité) en String (ID du DTO). * Convertit un Long (ID de l'entité) en String (ID du DTO).
* *
* <p>MapStruct appelle automatiquement cette méthode pour le mapping de l'ID.</p> * <p>MapStruct appelle automatiquement cette méthode pour le mapping de l'ID.</p>
* *
* @param id L'ID de type Long (peut être null) * @param id L'ID de type Long (peut être null)
* @return L'ID converti en String, ou null si l'input est null * @return L'ID converti en String, ou null si l'input est null
*/ */
@Named("longToString") @Named("longToString")
default String longToString(Long id) { default String longToString(Long id) {
return id != null ? id.toString() : null; return id != null ? id.toString() : null;
} }
/** /**
* Convertit un String (ID du DTO) en Long (ID de l'entité). * Convertit un String (ID du DTO) en Long (ID de l'entité).
* *
* <p>Utilisé lors de la conversion DTO → Entity si nécessaire.</p> * <p>Utilisé lors de la conversion DTO → Entity si nécessaire.</p>
* *
* @param id L'ID de type String (peut être null) * @param id L'ID de type String (peut être null)
* @return L'ID converti en Long, ou null si l'input est null ou invalide * @return L'ID converti en Long, ou null si l'input est null ou invalide
*/ */
@Named("stringToLong") @Named("stringToLong")
default Long stringToLong(String id) { default Long stringToLong(String id) {
if (id == null || id.isBlank()) { if (id == null || id.isBlank()) {
return null; return null;
} }
try { try {
return Long.parseLong(id); return Long.parseLong(id);
} catch (NumberFormatException e) { } catch (NumberFormatException e) {
// Log warning et retourne null en cas de format invalide // Log warning et retourne null en cas de format invalide
System.err.println("WARN: Invalid ID format for conversion to Long: " + id); System.err.println("WARN: Invalid ID format for conversion to Long: " + id);
return null; return null;
} }
} }
} }

42
src/main/java/dev/lions/user/manager/server/impl/mapper/SyncHistoryMapper.java
View File

@@ -1,21 +1,21 @@
package dev.lions.user.manager.server.impl.mapper; package dev.lions.user.manager.server.impl.mapper;
import dev.lions.user.manager.dto.sync.SyncHistoryDTO; import dev.lions.user.manager.dto.sync.SyncHistoryDTO;
import dev.lions.user.manager.server.impl.entity.SyncHistoryEntity; import dev.lions.user.manager.server.impl.entity.SyncHistoryEntity;
import org.mapstruct.*; import org.mapstruct.*;
import java.util.List; import java.util.List;
@Mapper(componentModel = MappingConstants.ComponentModel.JAKARTA_CDI, injectionStrategy = InjectionStrategy.CONSTRUCTOR, unmappedTargetPolicy = ReportingPolicy.IGNORE) @Mapper(componentModel = MappingConstants.ComponentModel.JAKARTA_CDI, injectionStrategy = InjectionStrategy.CONSTRUCTOR, unmappedTargetPolicy = ReportingPolicy.IGNORE)
public interface SyncHistoryMapper { public interface SyncHistoryMapper {
@Mapping(target = "id", source = "id", qualifiedByName = "longToString") @Mapping(target = "id", source = "id", qualifiedByName = "longToString")
SyncHistoryDTO toDTO(SyncHistoryEntity entity); SyncHistoryDTO toDTO(SyncHistoryEntity entity);
List<SyncHistoryDTO> toDTOList(List<SyncHistoryEntity> entities); List<SyncHistoryDTO> toDTOList(List<SyncHistoryEntity> entities);
@Named("longToString") @Named("longToString")
default String longToString(Long id) { default String longToString(Long id) {
return id != null ? id.toString() : null; return id != null ? id.toString() : null;
} }
} }

124
src/main/java/dev/lions/user/manager/server/impl/repository/AuditLogRepository.java
View File

@@ -1,62 +1,62 @@
package dev.lions.user.manager.server.impl.repository; package dev.lions.user.manager.server.impl.repository;
import dev.lions.user.manager.enums.audit.TypeActionAudit; import dev.lions.user.manager.enums.audit.TypeActionAudit;
import dev.lions.user.manager.server.impl.entity.AuditLogEntity; import dev.lions.user.manager.server.impl.entity.AuditLogEntity;
import io.quarkus.hibernate.orm.panache.PanacheRepository; import io.quarkus.hibernate.orm.panache.PanacheRepository;
import jakarta.enterprise.context.ApplicationScoped; import jakarta.enterprise.context.ApplicationScoped;
import java.time.LocalDateTime; import java.time.LocalDateTime;
import java.util.HashMap; import java.util.HashMap;
import java.util.List; import java.util.List;
import java.util.Map; import java.util.Map;
@ApplicationScoped @ApplicationScoped
public class AuditLogRepository implements PanacheRepository<AuditLogEntity> { public class AuditLogRepository implements PanacheRepository<AuditLogEntity> {
public List<AuditLogEntity> search(String realmName, public List<AuditLogEntity> search(String realmName,
String auteurAction, String auteurAction,
LocalDateTime dateDebut, LocalDateTime dateDebut,
LocalDateTime dateFin, LocalDateTime dateFin,
String typeAction, String typeAction,
Boolean success, Boolean success,
int page, int page,
int pageSize) { int pageSize) {
StringBuilder query = new StringBuilder("1=1"); StringBuilder query = new StringBuilder("1=1");
Map<String, Object> params = new HashMap<>(); Map<String, Object> params = new HashMap<>();
// Construction dynamique de la requête // Construction dynamique de la requête
if (realmName != null && !realmName.isEmpty()) { if (realmName != null && !realmName.isEmpty()) {
query.append(" AND realmName = :realmName"); query.append(" AND realmName = :realmName");
params.put("realmName", realmName); params.put("realmName", realmName);
} }
if (auteurAction != null && !auteurAction.isEmpty()) { if (auteurAction != null && !auteurAction.isEmpty()) {
query.append(" AND auteurAction = :auteurAction"); query.append(" AND auteurAction = :auteurAction");
params.put("auteurAction", auteurAction); params.put("auteurAction", auteurAction);
} }
if (dateDebut != null) { if (dateDebut != null) {
query.append(" AND timestamp >= :dateDebut"); query.append(" AND timestamp >= :dateDebut");
params.put("dateDebut", dateDebut); params.put("dateDebut", dateDebut);
} }
if (dateFin != null) { if (dateFin != null) {
query.append(" AND timestamp <= :dateFin"); query.append(" AND timestamp <= :dateFin");
params.put("dateFin", dateFin); params.put("dateFin", dateFin);
} }
if (typeAction != null && !typeAction.isEmpty()) { if (typeAction != null && !typeAction.isEmpty()) {
try { try {
TypeActionAudit actionEnum = TypeActionAudit.valueOf(typeAction); TypeActionAudit actionEnum = TypeActionAudit.valueOf(typeAction);
query.append(" AND action = :actionEnum"); query.append(" AND action = :actionEnum");
params.put("actionEnum", actionEnum); params.put("actionEnum", actionEnum);
} catch (IllegalArgumentException e) { } catch (IllegalArgumentException e) {
// Ignore invalid enum value filter // Ignore invalid enum value filter
} }
} }
if (success != null) { if (success != null) {
query.append(" AND success = :success"); query.append(" AND success = :success");
params.put("success", success); params.put("success", success);
} }
query.append(" ORDER BY timestamp DESC"); query.append(" ORDER BY timestamp DESC");
return find(query.toString(), params).page(page, pageSize).list(); return find(query.toString(), params).page(page, pageSize).list();
} }
} }

34
src/main/java/dev/lions/user/manager/server/impl/repository/SyncHistoryRepository.java
View File

@@ -1,17 +1,17 @@
package dev.lions.user.manager.server.impl.repository; package dev.lions.user.manager.server.impl.repository;
import dev.lions.user.manager.server.impl.entity.SyncHistoryEntity; import dev.lions.user.manager.server.impl.entity.SyncHistoryEntity;
import io.quarkus.hibernate.orm.panache.PanacheRepository; import io.quarkus.hibernate.orm.panache.PanacheRepository;
import jakarta.enterprise.context.ApplicationScoped; import jakarta.enterprise.context.ApplicationScoped;
import java.util.List; import java.util.List;
@ApplicationScoped @ApplicationScoped
public class SyncHistoryRepository implements PanacheRepository<SyncHistoryEntity> { public class SyncHistoryRepository implements PanacheRepository<SyncHistoryEntity> {
public List<SyncHistoryEntity> findLatestByRealm(String realmName, int limit) { public List<SyncHistoryEntity> findLatestByRealm(String realmName, int limit) {
return find("realmName = ?1 ORDER BY syncDate DESC", realmName) return find("realmName = ?1 ORDER BY syncDate DESC", realmName)
.page(0, limit) .page(0, limit)
.list(); .list();
} }
} }

40
src/main/java/dev/lions/user/manager/server/impl/repository/SyncedRoleRepository.java
View File

@@ -1,20 +1,20 @@
package dev.lions.user.manager.server.impl.repository; package dev.lions.user.manager.server.impl.repository;
import dev.lions.user.manager.server.impl.entity.SyncedRoleEntity; import dev.lions.user.manager.server.impl.entity.SyncedRoleEntity;
import io.quarkus.hibernate.orm.panache.PanacheRepository; import io.quarkus.hibernate.orm.panache.PanacheRepository;
import jakarta.enterprise.context.ApplicationScoped; import jakarta.enterprise.context.ApplicationScoped;
import java.util.List; import java.util.List;
@ApplicationScoped @ApplicationScoped
public class SyncedRoleRepository implements PanacheRepository<SyncedRoleEntity> { public class SyncedRoleRepository implements PanacheRepository<SyncedRoleEntity> {
/** /**
* Remplace l'ensemble des snapshots de rôles pour un realm donné. * Remplace l'ensemble des snapshots de rôles pour un realm donné.
*/ */
public void replaceForRealm(String realmName, List<SyncedRoleEntity> roles) { public void replaceForRealm(String realmName, List<SyncedRoleEntity> roles) {
delete("realmName", realmName); delete("realmName", realmName);
persist(roles); persist(roles);
} }
} }

40
src/main/java/dev/lions/user/manager/server/impl/repository/SyncedUserRepository.java
View File

@@ -1,20 +1,20 @@
package dev.lions.user.manager.server.impl.repository; package dev.lions.user.manager.server.impl.repository;
import dev.lions.user.manager.server.impl.entity.SyncedUserEntity; import dev.lions.user.manager.server.impl.entity.SyncedUserEntity;
import io.quarkus.hibernate.orm.panache.PanacheRepository; import io.quarkus.hibernate.orm.panache.PanacheRepository;
import jakarta.enterprise.context.ApplicationScoped; import jakarta.enterprise.context.ApplicationScoped;
import java.util.List; import java.util.List;
@ApplicationScoped @ApplicationScoped
public class SyncedUserRepository implements PanacheRepository<SyncedUserEntity> { public class SyncedUserRepository implements PanacheRepository<SyncedUserEntity> {
/** /**
* Remplace l'ensemble des snapshots d'utilisateurs pour un realm donné. * Remplace l'ensemble des snapshots d'utilisateurs pour un realm donné.
*/ */
public void replaceForRealm(String realmName, List<SyncedUserEntity> users) { public void replaceForRealm(String realmName, List<SyncedUserEntity> users) {
delete("realmName", realmName); delete("realmName", realmName);
persist(users); persist(users);
} }
} }

144
src/main/java/dev/lions/user/manager/service/exception/KeycloakServiceException.java
View File

@@ -1,72 +1,72 @@
package dev.lions.user.manager.service.exception; package dev.lions.user.manager.service.exception;
/** /**
* Exception levée lorsqu'une erreur survient lors de l'appel au service Keycloak. * Exception levée lorsqu'une erreur survient lors de l'appel au service Keycloak.
* *
* @author Lions User Manager Team * @author Lions User Manager Team
* @version 1.0 * @version 1.0
*/ */
public class KeycloakServiceException extends RuntimeException { public class KeycloakServiceException extends RuntimeException {
private final int httpStatus; private final int httpStatus;
private final String serviceName; private final String serviceName;
public KeycloakServiceException(String message) { public KeycloakServiceException(String message) {
super(message); super(message);
this.httpStatus = 0; this.httpStatus = 0;
this.serviceName = "Keycloak"; this.serviceName = "Keycloak";
} }
public KeycloakServiceException(String message, Throwable cause) { public KeycloakServiceException(String message, Throwable cause) {
super(message, cause); super(message, cause);
this.httpStatus = 0; this.httpStatus = 0;
this.serviceName = "Keycloak"; this.serviceName = "Keycloak";
} }
public KeycloakServiceException(String message, int httpStatus) { public KeycloakServiceException(String message, int httpStatus) {
super(message); super(message);
this.httpStatus = httpStatus; this.httpStatus = httpStatus;
this.serviceName = "Keycloak"; this.serviceName = "Keycloak";
} }
public KeycloakServiceException(String message, int httpStatus, Throwable cause) { public KeycloakServiceException(String message, int httpStatus, Throwable cause) {
super(message, cause); super(message, cause);
this.httpStatus = httpStatus; this.httpStatus = httpStatus;
this.serviceName = "Keycloak"; this.serviceName = "Keycloak";
} }
public int getHttpStatus() { public int getHttpStatus() {
return httpStatus; return httpStatus;
} }
public String getServiceName() { public String getServiceName() {
return serviceName; return serviceName;
} }
/** /**
* Exception spécifique pour les erreurs de connexion (service indisponible) * Exception spécifique pour les erreurs de connexion (service indisponible)
*/ */
public static class ServiceUnavailableException extends KeycloakServiceException { public static class ServiceUnavailableException extends KeycloakServiceException {
public ServiceUnavailableException(String message) { public ServiceUnavailableException(String message) {
super("Service Keycloak indisponible: " + message); super("Service Keycloak indisponible: " + message);
} }
public ServiceUnavailableException(String message, Throwable cause) { public ServiceUnavailableException(String message, Throwable cause) {
super("Service Keycloak indisponible: " + message, cause); super("Service Keycloak indisponible: " + message, cause);
} }
} }
/** /**
* Exception spécifique pour les erreurs de timeout * Exception spécifique pour les erreurs de timeout
*/ */
public static class TimeoutException extends KeycloakServiceException { public static class TimeoutException extends KeycloakServiceException {
public TimeoutException(String message) { public TimeoutException(String message) {
super("Timeout lors de l'appel au service Keycloak: " + message); super("Timeout lors de l'appel au service Keycloak: " + message);
} }
public TimeoutException(String message, Throwable cause) { public TimeoutException(String message, Throwable cause) {
super("Timeout lors de l'appel au service Keycloak: " + message, cause); super("Timeout lors de l'appel au service Keycloak: " + message, cause);
} }
} }
} }

724
src/main/java/dev/lions/user/manager/service/impl/AuditServiceImpl.java
View File

@@ -1,362 +1,362 @@
package dev.lions.user.manager.service.impl; package dev.lions.user.manager.service.impl;
import dev.lions.user.manager.dto.audit.AuditLogDTO; import dev.lions.user.manager.dto.audit.AuditLogDTO;
import dev.lions.user.manager.enums.audit.TypeActionAudit; import dev.lions.user.manager.enums.audit.TypeActionAudit;
// import dev.lions.user.manager.mapper.AuditLogMapper; // DELETE - Wrong package // import dev.lions.user.manager.mapper.AuditLogMapper; // DELETE - Wrong package
import dev.lions.user.manager.server.impl.mapper.AuditLogMapper; // ADD - Correct package import dev.lions.user.manager.server.impl.mapper.AuditLogMapper; // ADD - Correct package
import dev.lions.user.manager.server.impl.entity.AuditLogEntity; import dev.lions.user.manager.server.impl.entity.AuditLogEntity;
import dev.lions.user.manager.server.impl.repository.AuditLogRepository; import dev.lions.user.manager.server.impl.repository.AuditLogRepository;
import dev.lions.user.manager.service.AuditService; import dev.lions.user.manager.service.AuditService;
import io.quarkus.hibernate.orm.panache.PanacheQuery; import io.quarkus.hibernate.orm.panache.PanacheQuery;
import jakarta.enterprise.context.ApplicationScoped; import jakarta.enterprise.context.ApplicationScoped;
import jakarta.inject.Inject; import jakarta.inject.Inject;
import jakarta.persistence.EntityManager; import jakarta.persistence.EntityManager;
import jakarta.transaction.Transactional; import jakarta.transaction.Transactional;
import jakarta.validation.Valid; import jakarta.validation.Valid;
import jakarta.validation.constraints.NotBlank; import jakarta.validation.constraints.NotBlank;
import jakarta.validation.constraints.NotNull; import jakarta.validation.constraints.NotNull;
import lombok.extern.slf4j.Slf4j; import lombok.extern.slf4j.Slf4j;
import org.eclipse.microprofile.config.inject.ConfigProperty; import org.eclipse.microprofile.config.inject.ConfigProperty;
import java.time.LocalDateTime; import java.time.LocalDateTime;
import java.util.Collections; import java.util.Collections;
import java.util.HashMap; import java.util.HashMap;
import java.util.List; import java.util.List;
import java.util.Map; import java.util.Map;
import java.util.stream.Collectors; import java.util.stream.Collectors;
@ApplicationScoped @ApplicationScoped
@Slf4j @Slf4j
public class AuditServiceImpl implements AuditService { public class AuditServiceImpl implements AuditService {
@Inject @Inject
AuditLogRepository auditLogRepository; AuditLogRepository auditLogRepository;
@Inject @Inject
AuditLogMapper auditLogMapper; AuditLogMapper auditLogMapper;
@Inject @Inject
EntityManager entityManager; EntityManager entityManager;
@ConfigProperty(name = "lions.audit.enabled", defaultValue = "true") @ConfigProperty(name = "lions.audit.enabled", defaultValue = "true")
boolean auditEnabled; boolean auditEnabled;
@ConfigProperty(name = "lions.audit.log-to-database", defaultValue = "true") @ConfigProperty(name = "lions.audit.log-to-database", defaultValue = "true")
boolean logToDatabase; boolean logToDatabase;
@Override @Override
@Transactional(Transactional.TxType.REQUIRES_NEW) @Transactional(Transactional.TxType.REQUIRES_NEW)
public AuditLogDTO logAction(@Valid @NotNull AuditLogDTO auditLog) { public AuditLogDTO logAction(@Valid @NotNull AuditLogDTO auditLog) {
if (!auditEnabled) { if (!auditEnabled) {
log.debug("Audit désactivé, action ignorée: {}", auditLog.getTypeAction()); log.debug("Audit désactivé, action ignorée: {}", auditLog.getTypeAction());
return auditLog; return auditLog;
} }
log.info("AUDIT: [{}] {} - user:{} - ressource:{}/{} - status:{}", log.info("AUDIT: [{}] {} - user:{} - ressource:{}/{} - status:{}",
auditLog.getRealmName(), auditLog.getRealmName(),
auditLog.getTypeAction(), auditLog.getTypeAction(),
auditLog.getActeurUsername(), // ou getActeurUserId() auditLog.getActeurUsername(), // ou getActeurUserId()
auditLog.getRessourceType(), auditLog.getRessourceType(),
auditLog.getRessourceId(), auditLog.getRessourceId(),
auditLog.getSuccess() != null && auditLog.getSuccess() ? "SUCCESS" : "FAILURE"); auditLog.getSuccess() != null && auditLog.getSuccess() ? "SUCCESS" : "FAILURE");
if (logToDatabase) { if (logToDatabase) {
try { try {
// Ensure dateAction is set // Ensure dateAction is set
if (auditLog.getDateAction() == null) { if (auditLog.getDateAction() == null) {
auditLog.setDateAction(LocalDateTime.now()); auditLog.setDateAction(LocalDateTime.now());
} }
AuditLogEntity entity = auditLogMapper.toEntity(auditLog); AuditLogEntity entity = auditLogMapper.toEntity(auditLog);
auditLogRepository.persist(entity); auditLogRepository.persist(entity);
// Mettre à jour l'ID du DTO avec l'ID généré par la base // Mettre à jour l'ID du DTO avec l'ID généré par la base
if (entity.id != null) { if (entity.id != null) {
auditLog.setId(entity.id.toString()); auditLog.setId(entity.id.toString());
} }
} catch (Exception e) { } catch (Exception e) {
log.error("Erreur lors de la persistance du log d'audit", e); log.error("Erreur lors de la persistance du log d'audit", e);
// On ne bloque pas l'action métier si l'audit échoue (sauf exigence contraire) // On ne bloque pas l'action métier si l'audit échoue (sauf exigence contraire)
} }
} }
return auditLog; return auditLog;
} }
@Override @Override
@Transactional(Transactional.TxType.REQUIRES_NEW) @Transactional(Transactional.TxType.REQUIRES_NEW)
public void logSuccess(@NotNull TypeActionAudit typeAction, public void logSuccess(@NotNull TypeActionAudit typeAction,
@NotBlank String ressourceType, @NotBlank String ressourceType,
String ressourceId, String ressourceId,
String ressourceName, String ressourceName,
@NotBlank String realmName, @NotBlank String realmName,
@NotBlank String acteurUserId, @NotBlank String acteurUserId,
String description) { String description) {
AuditLogDTO log = AuditLogDTO.builder() AuditLogDTO log = AuditLogDTO.builder()
.typeAction(typeAction) .typeAction(typeAction)
.ressourceType(ressourceType) .ressourceType(ressourceType)
.ressourceId(ressourceId) .ressourceId(ressourceId)
.ressourceName(ressourceName) .ressourceName(ressourceName)
.realmName(realmName) .realmName(realmName)
.acteurUserId(acteurUserId) .acteurUserId(acteurUserId)
.acteurUsername(acteurUserId) // On map aussi le username pour la persistence Entity .acteurUsername(acteurUserId) // On map aussi le username pour la persistence Entity
.description(description) .description(description)
.dateAction(LocalDateTime.now()) .dateAction(LocalDateTime.now())
.success(true) .success(true)
.build(); .build();
logAction(log); logAction(log);
} }
@Override @Override
@Transactional(Transactional.TxType.REQUIRES_NEW) @Transactional(Transactional.TxType.REQUIRES_NEW)
public void logFailure(@NotNull TypeActionAudit typeAction, public void logFailure(@NotNull TypeActionAudit typeAction,
@NotBlank String ressourceType, @NotBlank String ressourceType,
String ressourceId, String ressourceId,
String ressourceName, String ressourceName,
@NotBlank String realmName, @NotBlank String realmName,
@NotBlank String acteurUserId, @NotBlank String acteurUserId,
String errorCode, String errorCode,
String errorMessage) { String errorMessage) {
AuditLogDTO log = AuditLogDTO.builder() AuditLogDTO log = AuditLogDTO.builder()
.typeAction(typeAction) .typeAction(typeAction)
.ressourceType(ressourceType) .ressourceType(ressourceType)
.ressourceId(ressourceId) .ressourceId(ressourceId)
.ressourceName(ressourceName) .ressourceName(ressourceName)
.realmName(realmName) .realmName(realmName)
.acteurUserId(acteurUserId) .acteurUserId(acteurUserId)
.acteurUsername(acteurUserId) .acteurUsername(acteurUserId)
.description("Echec: " + errorCode) .description("Echec: " + errorCode)
.errorMessage(errorMessage) .errorMessage(errorMessage)
.dateAction(LocalDateTime.now()) .dateAction(LocalDateTime.now())
.success(false) .success(false)
.build(); .build();
logAction(log); logAction(log);
} }
@Override @Override
public List<AuditLogDTO> findByActeur(@NotBlank String acteurUserId, public List<AuditLogDTO> findByActeur(@NotBlank String acteurUserId,
LocalDateTime dateDebut, LocalDateTime dateDebut,
LocalDateTime dateFin, LocalDateTime dateFin,
int page, int page,
int pageSize) { int pageSize) {
// Le repository cherche par auteurAction, qui est mappé sur acteurUsername dans // Le repository cherche par auteurAction, qui est mappé sur acteurUsername dans
// le DTO // le DTO
List<AuditLogEntity> entities = auditLogRepository.search(null, acteurUserId, dateDebut, dateFin, null, null, List<AuditLogEntity> entities = auditLogRepository.search(null, acteurUserId, dateDebut, dateFin, null, null,
page, page,
pageSize); pageSize);
return auditLogMapper.toDTOList(entities); return auditLogMapper.toDTOList(entities);
} }
@Override @Override
public List<AuditLogDTO> findByRessource(@NotBlank String ressourceType, public List<AuditLogDTO> findByRessource(@NotBlank String ressourceType,
@NotBlank String ressourceId, @NotBlank String ressourceId,
LocalDateTime dateDebut, LocalDateTime dateDebut,
LocalDateTime dateFin, LocalDateTime dateFin,
int page, int page,
int pageSize) { int pageSize) {
// Utilisation de Panache query directe car le repo search générique est limité // Utilisation de Panache query directe car le repo search générique est limité
// On cherche dans 'details' (description) ou 'userId' (ressourceId) // On cherche dans 'details' (description) ou 'userId' (ressourceId)
String filter = "%" + ressourceId + "%"; String filter = "%" + ressourceId + "%";
// Correction: userId est le nom du champ dans l'entité qui mappe ressourceId // Correction: userId est le nom du champ dans l'entité qui mappe ressourceId
PanacheQuery<AuditLogEntity> q = auditLogRepository.find("userId = ?1 or details like ?2", ressourceId, filter); PanacheQuery<AuditLogEntity> q = auditLogRepository.find("userId = ?1 or details like ?2", ressourceId, filter);
return auditLogMapper.toDTOList(q.page(page, pageSize).list()); return auditLogMapper.toDTOList(q.page(page, pageSize).list());
} }
@Override @Override
public List<AuditLogDTO> findByTypeAction(@NotNull TypeActionAudit typeAction, public List<AuditLogDTO> findByTypeAction(@NotNull TypeActionAudit typeAction,
@NotBlank String realmName, @NotBlank String realmName,
LocalDateTime dateDebut, LocalDateTime dateDebut,
LocalDateTime dateFin, LocalDateTime dateFin,
int page, int page,
int pageSize) { int pageSize) {
List<AuditLogEntity> entities = auditLogRepository.search(realmName, null, dateDebut, dateFin, List<AuditLogEntity> entities = auditLogRepository.search(realmName, null, dateDebut, dateFin,
typeAction.name(), null, page, typeAction.name(), null, page,
pageSize); pageSize);
return auditLogMapper.toDTOList(entities); return auditLogMapper.toDTOList(entities);
} }
@Override @Override
public List<AuditLogDTO> findByRealm(@NotBlank String realmName, public List<AuditLogDTO> findByRealm(@NotBlank String realmName,
LocalDateTime dateDebut, LocalDateTime dateDebut,
LocalDateTime dateFin, LocalDateTime dateFin,
int page, int page,
int pageSize) { int pageSize) {
List<AuditLogEntity> entities = auditLogRepository.search(realmName, null, dateDebut, dateFin, null, null, page, List<AuditLogEntity> entities = auditLogRepository.search(realmName, null, dateDebut, dateFin, null, null, page,
pageSize); pageSize);
return auditLogMapper.toDTOList(entities); return auditLogMapper.toDTOList(entities);
} }
@Override @Override
public List<AuditLogDTO> findFailures(@NotBlank String realmName, public List<AuditLogDTO> findFailures(@NotBlank String realmName,
LocalDateTime dateDebut, LocalDateTime dateDebut,
LocalDateTime dateFin, LocalDateTime dateFin,
int page, int page,
int pageSize) { int pageSize) {
List<AuditLogEntity> entities = auditLogRepository.search(realmName, null, dateDebut, dateFin, null, false, List<AuditLogEntity> entities = auditLogRepository.search(realmName, null, dateDebut, dateFin, null, false,
page, page,
pageSize); pageSize);
return auditLogMapper.toDTOList(entities); return auditLogMapper.toDTOList(entities);
} }
@Override @Override
public List<AuditLogDTO> findCriticalActions(@NotBlank String realmName, public List<AuditLogDTO> findCriticalActions(@NotBlank String realmName,
LocalDateTime dateDebut, LocalDateTime dateDebut,
LocalDateTime dateFin, LocalDateTime dateFin,
int page, int page,
int pageSize) { int pageSize) {
List<AuditLogEntity> entities = auditLogRepository.search(realmName, null, dateDebut, dateFin, null, false, List<AuditLogEntity> entities = auditLogRepository.search(realmName, null, dateDebut, dateFin, null, false,
page, pageSize); page, pageSize);
return auditLogMapper.toDTOList(entities); return auditLogMapper.toDTOList(entities);
} }
@Override @Override
@SuppressWarnings("unchecked") @SuppressWarnings("unchecked")
public Map<TypeActionAudit, Long> countByActionType(@NotBlank String realmName, public Map<TypeActionAudit, Long> countByActionType(@NotBlank String realmName,
LocalDateTime dateDebut, LocalDateTime dateDebut,
LocalDateTime dateFin) { LocalDateTime dateFin) {
StringBuilder sql = new StringBuilder("SELECT action, COUNT(*) AS cnt FROM audit_logs WHERE realm_name = :realmName"); StringBuilder sql = new StringBuilder("SELECT action, COUNT(*) AS cnt FROM audit_logs WHERE realm_name = :realmName");
if (dateDebut != null) sql.append(" AND timestamp >= :dateDebut"); if (dateDebut != null) sql.append(" AND timestamp >= :dateDebut");
if (dateFin != null) sql.append(" AND timestamp <= :dateFin"); if (dateFin != null) sql.append(" AND timestamp <= :dateFin");
sql.append(" GROUP BY action"); sql.append(" GROUP BY action");
var query = entityManager.createNativeQuery(sql.toString()) var query = entityManager.createNativeQuery(sql.toString())
.setParameter("realmName", realmName); .setParameter("realmName", realmName);
if (dateDebut != null) query.setParameter("dateDebut", dateDebut); if (dateDebut != null) query.setParameter("dateDebut", dateDebut);
if (dateFin != null) query.setParameter("dateFin", dateFin); if (dateFin != null) query.setParameter("dateFin", dateFin);
List<Object[]> rows = query.getResultList(); List<Object[]> rows = query.getResultList();
Map<TypeActionAudit, Long> result = new HashMap<>(); Map<TypeActionAudit, Long> result = new HashMap<>();
for (Object[] row : rows) { for (Object[] row : rows) {
String actionStr = (String) row[0]; String actionStr = (String) row[0];
Long count = ((Number) row[1]).longValue(); Long count = ((Number) row[1]).longValue();
try { try {
result.put(TypeActionAudit.valueOf(actionStr), count); result.put(TypeActionAudit.valueOf(actionStr), count);
} catch (IllegalArgumentException e) { } catch (IllegalArgumentException e) {
log.debug("TypeActionAudit inconnu ignoré: {}", actionStr); log.debug("TypeActionAudit inconnu ignoré: {}", actionStr);
} }
} }
return result; return result;
} }
@Override @Override
@SuppressWarnings("unchecked") @SuppressWarnings("unchecked")
public Map<String, Long> countByActeur(@NotBlank String realmName, public Map<String, Long> countByActeur(@NotBlank String realmName,
LocalDateTime dateDebut, LocalDateTime dateDebut,
LocalDateTime dateFin) { LocalDateTime dateFin) {
StringBuilder sql = new StringBuilder("SELECT auteur_action, COUNT(*) AS cnt FROM audit_logs WHERE realm_name = :realmName"); StringBuilder sql = new StringBuilder("SELECT auteur_action, COUNT(*) AS cnt FROM audit_logs WHERE realm_name = :realmName");
if (dateDebut != null) sql.append(" AND timestamp >= :dateDebut"); if (dateDebut != null) sql.append(" AND timestamp >= :dateDebut");
if (dateFin != null) sql.append(" AND timestamp <= :dateFin"); if (dateFin != null) sql.append(" AND timestamp <= :dateFin");
sql.append(" GROUP BY auteur_action ORDER BY COUNT(*) DESC LIMIT 10"); sql.append(" GROUP BY auteur_action ORDER BY COUNT(*) DESC LIMIT 10");
var query = entityManager.createNativeQuery(sql.toString()) var query = entityManager.createNativeQuery(sql.toString())
.setParameter("realmName", realmName); .setParameter("realmName", realmName);
if (dateDebut != null) query.setParameter("dateDebut", dateDebut); if (dateDebut != null) query.setParameter("dateDebut", dateDebut);
if (dateFin != null) query.setParameter("dateFin", dateFin); if (dateFin != null) query.setParameter("dateFin", dateFin);
List<Object[]> rows = query.getResultList(); List<Object[]> rows = query.getResultList();
Map<String, Long> result = new HashMap<>(); Map<String, Long> result = new HashMap<>();
for (Object[] row : rows) { for (Object[] row : rows) {
result.put((String) row[0], ((Number) row[1]).longValue()); result.put((String) row[0], ((Number) row[1]).longValue());
} }
return result; return result;
} }
@Override @Override
@SuppressWarnings("unchecked") @SuppressWarnings("unchecked")
public Map<String, Long> countSuccessVsFailure(@NotBlank String realmName, public Map<String, Long> countSuccessVsFailure(@NotBlank String realmName,
LocalDateTime dateDebut, LocalDateTime dateDebut,
LocalDateTime dateFin) { LocalDateTime dateFin) {
StringBuilder sql = new StringBuilder("SELECT success, COUNT(*) AS cnt FROM audit_logs WHERE realm_name = :realmName"); StringBuilder sql = new StringBuilder("SELECT success, COUNT(*) AS cnt FROM audit_logs WHERE realm_name = :realmName");
if (dateDebut != null) sql.append(" AND timestamp >= :dateDebut"); if (dateDebut != null) sql.append(" AND timestamp >= :dateDebut");
if (dateFin != null) sql.append(" AND timestamp <= :dateFin"); if (dateFin != null) sql.append(" AND timestamp <= :dateFin");
sql.append(" GROUP BY success"); sql.append(" GROUP BY success");
var query = entityManager.createNativeQuery(sql.toString()) var query = entityManager.createNativeQuery(sql.toString())
.setParameter("realmName", realmName); .setParameter("realmName", realmName);
if (dateDebut != null) query.setParameter("dateDebut", dateDebut); if (dateDebut != null) query.setParameter("dateDebut", dateDebut);
if (dateFin != null) query.setParameter("dateFin", dateFin); if (dateFin != null) query.setParameter("dateFin", dateFin);
List<Object[]> rows = query.getResultList(); List<Object[]> rows = query.getResultList();
Map<String, Long> result = new HashMap<>(); Map<String, Long> result = new HashMap<>();
result.put("success", 0L); result.put("success", 0L);
result.put("failure", 0L); result.put("failure", 0L);
for (Object[] row : rows) { for (Object[] row : rows) {
Boolean success = (Boolean) row[0]; Boolean success = (Boolean) row[0];
Long count = ((Number) row[1]).longValue(); Long count = ((Number) row[1]).longValue();
result.put(Boolean.TRUE.equals(success) ? "success" : "failure", count); result.put(Boolean.TRUE.equals(success) ? "success" : "failure", count);
} }
return result; return result;
} }
@Override @Override
public String exportToCSV(@NotBlank String realmName, public String exportToCSV(@NotBlank String realmName,
LocalDateTime dateDebut, LocalDateTime dateDebut,
LocalDateTime dateFin) { LocalDateTime dateFin) {
List<AuditLogEntity> entities = auditLogRepository.search(realmName, null, dateDebut, dateFin, null, null, 0, Integer.MAX_VALUE); List<AuditLogEntity> entities = auditLogRepository.search(realmName, null, dateDebut, dateFin, null, null, 0, Integer.MAX_VALUE);
List<AuditLogDTO> logs = auditLogMapper.toDTOList(entities); List<AuditLogDTO> logs = auditLogMapper.toDTOList(entities);
StringBuilder csv = new StringBuilder(); StringBuilder csv = new StringBuilder();
csv.append("id;typeAction;acteur;realmName;ressourceType;ressourceId;succes;dateAction;message\n"); csv.append("id;typeAction;acteur;realmName;ressourceType;ressourceId;succes;dateAction;message\n");
for (AuditLogDTO dto : logs) { for (AuditLogDTO dto : logs) {
csv.append(escapeCsv(dto.getId())); csv.append(escapeCsv(dto.getId()));
csv.append(";"); csv.append(";");
csv.append(escapeCsv(dto.getTypeAction() != null ? dto.getTypeAction().name() : "")); csv.append(escapeCsv(dto.getTypeAction() != null ? dto.getTypeAction().name() : ""));
csv.append(";"); csv.append(";");
csv.append(escapeCsv(dto.getActeurUsername())); csv.append(escapeCsv(dto.getActeurUsername()));
csv.append(";"); csv.append(";");
csv.append(escapeCsv(dto.getRealmName())); csv.append(escapeCsv(dto.getRealmName()));
csv.append(";"); csv.append(";");
csv.append(escapeCsv(dto.getRessourceType())); csv.append(escapeCsv(dto.getRessourceType()));
csv.append(";"); csv.append(";");
csv.append(escapeCsv(dto.getRessourceId())); csv.append(escapeCsv(dto.getRessourceId()));
csv.append(";"); csv.append(";");
csv.append(dto.getSuccess() != null && dto.getSuccess() ? "true" : "false"); csv.append(dto.getSuccess() != null && dto.getSuccess() ? "true" : "false");
csv.append(";"); csv.append(";");
csv.append(dto.getDateAction() != null ? dto.getDateAction().toString() : ""); csv.append(dto.getDateAction() != null ? dto.getDateAction().toString() : "");
csv.append(";"); csv.append(";");
csv.append(escapeCsv(dto.getErrorMessage() != null ? dto.getErrorMessage() : (dto.getDescription() != null ? dto.getDescription() : ""))); csv.append(escapeCsv(dto.getErrorMessage() != null ? dto.getErrorMessage() : (dto.getDescription() != null ? dto.getDescription() : "")));
csv.append("\n"); csv.append("\n");
} }
return csv.toString(); return csv.toString();
} }
private static String escapeCsv(String value) { private static String escapeCsv(String value) {
if (value == null) return ""; if (value == null) return "";
if (value.contains(";") || value.contains("\"") || value.contains("\n")) { if (value.contains(";") || value.contains("\"") || value.contains("\n")) {
return "\"" + value.replace("\"", "\"\"") + "\""; return "\"" + value.replace("\"", "\"\"") + "\"";
} }
return value; return value;
} }
@Override @Override
@Transactional @Transactional
public long purgeOldLogs(@NotNull LocalDateTime dateLimite) { public long purgeOldLogs(@NotNull LocalDateTime dateLimite) {
return auditLogRepository.delete("timestamp < ?1", dateLimite); return auditLogRepository.delete("timestamp < ?1", dateLimite);
} }
@Override @Override
public Map<String, Object> getAuditStatistics(@NotBlank String realmName, public Map<String, Object> getAuditStatistics(@NotBlank String realmName,
LocalDateTime dateDebut, LocalDateTime dateDebut,
LocalDateTime dateFin) { LocalDateTime dateFin) {
Map<String, Object> stats = new java.util.HashMap<>(); Map<String, Object> stats = new java.util.HashMap<>();
stats.put("total", auditLogRepository.count("realmName", realmName)); stats.put("total", auditLogRepository.count("realmName", realmName));
return stats; return stats;
} }
// ==================== Méthodes utilitaires ==================== // ==================== Méthodes utilitaires ====================
/** /**
* Retourne le nombre total de logs (Utilisé par les tests) * Retourne le nombre total de logs (Utilisé par les tests)
*/ */
public long getTotalCount() { public long getTotalCount() {
return auditLogRepository.count(); return auditLogRepository.count();
} }
/** /**
* Vide tous les logs (Utilisé par les tests) * Vide tous les logs (Utilisé par les tests)
*/ */
@Transactional @Transactional
public void clearAll() { public void clearAll() {
log.warn("ATTENTION: Suppression de tous les logs d'audit en base"); log.warn("ATTENTION: Suppression de tous les logs d'audit en base");
auditLogRepository.deleteAll(); auditLogRepository.deleteAll();
} }
} }

352
src/main/java/dev/lions/user/manager/service/impl/CsvValidationHelper.java
View File

@@ -1,176 +1,176 @@
package dev.lions.user.manager.service.impl; package dev.lions.user.manager.service.impl;
import lombok.experimental.UtilityClass; import lombok.experimental.UtilityClass;
import lombok.extern.slf4j.Slf4j; import lombok.extern.slf4j.Slf4j;
import java.util.regex.Pattern; import java.util.regex.Pattern;
/** /**
* Classe utilitaire pour la validation des données CSV lors de l'import d'utilisateurs * Classe utilitaire pour la validation des données CSV lors de l'import d'utilisateurs
* *
* @author Lions Development Team * @author Lions Development Team
* @version 1.0.0 * @version 1.0.0
* @since 2026-01-02 * @since 2026-01-02
*/ */
@Slf4j @Slf4j
@UtilityClass @UtilityClass
public class CsvValidationHelper { public class CsvValidationHelper {
/** /**
* Pattern pour valider le format d'email selon RFC 5322 (simplifié) * Pattern pour valider le format d'email selon RFC 5322 (simplifié)
*/ */
private static final Pattern EMAIL_PATTERN = Pattern.compile( private static final Pattern EMAIL_PATTERN = Pattern.compile(
"^[a-zA-Z0-9_+&*-]+(?:\\.[a-zA-Z0-9_+&*-]+)*@(?:[a-zA-Z0-9-]+\\.)+[a-zA-Z]{2,7}$" "^[a-zA-Z0-9_+&*-]+(?:\\.[a-zA-Z0-9_+&*-]+)*@(?:[a-zA-Z0-9-]+\\.)+[a-zA-Z]{2,7}$"
); );
/** /**
* Pattern pour valider le username (alphanumérique, tirets, underscores, points) * Pattern pour valider le username (alphanumérique, tirets, underscores, points)
*/ */
private static final Pattern USERNAME_PATTERN = Pattern.compile( private static final Pattern USERNAME_PATTERN = Pattern.compile(
"^[a-zA-Z0-9._-]{2,255}$" "^[a-zA-Z0-9._-]{2,255}$"
); );
/** /**
* Longueur minimale pour un username * Longueur minimale pour un username
*/ */
private static final int USERNAME_MIN_LENGTH = 2; private static final int USERNAME_MIN_LENGTH = 2;
/** /**
* Longueur maximale pour un username * Longueur maximale pour un username
*/ */
private static final int USERNAME_MAX_LENGTH = 255; private static final int USERNAME_MAX_LENGTH = 255;
/** /**
* Longueur maximale pour un nom ou prénom * Longueur maximale pour un nom ou prénom
*/ */
private static final int NAME_MAX_LENGTH = 255; private static final int NAME_MAX_LENGTH = 255;
/** /**
* Valide le format d'un email * Valide le format d'un email
* *
* @param email Email à valider * @param email Email à valider
* @return true si l'email est valide, false sinon * @return true si l'email est valide, false sinon
*/ */
public static boolean isValidEmail(String email) { public static boolean isValidEmail(String email) {
if (email == null || email.isBlank()) { if (email == null || email.isBlank()) {
return false; return false;
} }
return EMAIL_PATTERN.matcher(email.trim()).matches(); return EMAIL_PATTERN.matcher(email.trim()).matches();
} }
/** /**
* Valide un username * Valide un username
* *
* @param username Username à valider * @param username Username à valider
* @return Message d'erreur si invalide, null si valide * @return Message d'erreur si invalide, null si valide
*/ */
public static String validateUsername(String username) { public static String validateUsername(String username) {
if (username == null || username.isBlank()) { if (username == null || username.isBlank()) {
return "Username obligatoire"; return "Username obligatoire";
} }
String trimmed = username.trim(); String trimmed = username.trim();
if (trimmed.length() < USERNAME_MIN_LENGTH) { if (trimmed.length() < USERNAME_MIN_LENGTH) {
return String.format("Username trop court (minimum %d caractères)", USERNAME_MIN_LENGTH); return String.format("Username trop court (minimum %d caractères)", USERNAME_MIN_LENGTH);
} }
if (trimmed.length() > USERNAME_MAX_LENGTH) { if (trimmed.length() > USERNAME_MAX_LENGTH) {
return String.format("Username trop long (maximum %d caractères)", USERNAME_MAX_LENGTH); return String.format("Username trop long (maximum %d caractères)", USERNAME_MAX_LENGTH);
} }
if (!USERNAME_PATTERN.matcher(trimmed).matches()) { if (!USERNAME_PATTERN.matcher(trimmed).matches()) {
return "Username invalide (autorisé: lettres, chiffres, .-_)"; return "Username invalide (autorisé: lettres, chiffres, .-_)";
} }
return null; // Valide return null; // Valide
} }
/** /**
* Valide un email (peut être vide) * Valide un email (peut être vide)
* *
* @param email Email à valider * @param email Email à valider
* @return Message d'erreur si invalide, null si valide ou vide * @return Message d'erreur si invalide, null si valide ou vide
*/ */
public static String validateEmail(String email) { public static String validateEmail(String email) {
if (email == null || email.isBlank()) { if (email == null || email.isBlank()) {
return null; // Email optionnel return null; // Email optionnel
} }
if (!isValidEmail(email)) { if (!isValidEmail(email)) {
return "Format d'email invalide"; return "Format d'email invalide";
} }
return null; // Valide return null; // Valide
} }
/** /**
* Valide un nom ou prénom * Valide un nom ou prénom
* *
* @param name Nom à valider * @param name Nom à valider
* @param fieldName Nom du champ pour les messages d'erreur * @param fieldName Nom du champ pour les messages d'erreur
* @return Message d'erreur si invalide, null si valide * @return Message d'erreur si invalide, null si valide
*/ */
public static String validateName(String name, String fieldName) { public static String validateName(String name, String fieldName) {
if (name == null || name.isBlank()) { if (name == null || name.isBlank()) {
return null; // Nom optionnel return null; // Nom optionnel
} }
String trimmed = name.trim(); String trimmed = name.trim();
if (trimmed.length() > NAME_MAX_LENGTH) { if (trimmed.length() > NAME_MAX_LENGTH) {
return String.format("%s trop long (maximum %d caractères)", fieldName, NAME_MAX_LENGTH); return String.format("%s trop long (maximum %d caractères)", fieldName, NAME_MAX_LENGTH);
} }
return null; // Valide return null; // Valide
} }
/** /**
* Valide une valeur boolean * Valide une valeur boolean
* *
* @param value Valeur à valider * @param value Valeur à valider
* @return Message d'erreur si invalide, null si valide * @return Message d'erreur si invalide, null si valide
*/ */
public static String validateBoolean(String value) { public static String validateBoolean(String value) {
if (value == null || value.isBlank()) { if (value == null || value.isBlank()) {
return null; // Optionnel, défaut à false return null; // Optionnel, défaut à false
} }
String trimmed = value.trim().toLowerCase(); String trimmed = value.trim().toLowerCase();
if (!trimmed.equals("true") && !trimmed.equals("false") && if (!trimmed.equals("true") && !trimmed.equals("false") &&
!trimmed.equals("1") && !trimmed.equals("0") && !trimmed.equals("1") && !trimmed.equals("0") &&
!trimmed.equals("yes") && !trimmed.equals("no")) { !trimmed.equals("yes") && !trimmed.equals("no")) {
return "Valeur boolean invalide (attendu: true/false, 1/0, yes/no)"; return "Valeur boolean invalide (attendu: true/false, 1/0, yes/no)";
} }
return null; // Valide return null; // Valide
} }
/** /**
* Convertit une chaîne en boolean * Convertit une chaîne en boolean
* *
* @param value Valeur à convertir * @param value Valeur à convertir
* @return boolean correspondant * @return boolean correspondant
*/ */
public static boolean parseBoolean(String value) { public static boolean parseBoolean(String value) {
if (value == null || value.isBlank()) { if (value == null || value.isBlank()) {
return false; return false;
} }
String trimmed = value.trim().toLowerCase(); String trimmed = value.trim().toLowerCase();
return trimmed.equals("true") || trimmed.equals("1") || trimmed.equals("yes"); return trimmed.equals("true") || trimmed.equals("1") || trimmed.equals("yes");
} }
/** /**
* Nettoie une chaîne (trim et null si vide) * Nettoie une chaîne (trim et null si vide)
* *
* @param value Valeur à nettoyer * @param value Valeur à nettoyer
* @return Valeur nettoyée ou null * @return Valeur nettoyée ou null
*/ */
public static String clean(String value) { public static String clean(String value) {
if (value == null || value.isBlank()) { if (value == null || value.isBlank()) {
return null; return null;
} }
return value.trim(); return value.trim();
} }
} }

692
src/main/java/dev/lions/user/manager/service/impl/RealmAuthorizationServiceImpl.java
View File

@@ -1,346 +1,346 @@
package dev.lions.user.manager.service.impl; package dev.lions.user.manager.service.impl;
import dev.lions.user.manager.dto.realm.RealmAssignmentDTO; import dev.lions.user.manager.dto.realm.RealmAssignmentDTO;
import dev.lions.user.manager.enums.audit.TypeActionAudit; import dev.lions.user.manager.enums.audit.TypeActionAudit;
import dev.lions.user.manager.service.AuditService; import dev.lions.user.manager.service.AuditService;
import dev.lions.user.manager.service.RealmAuthorizationService; import dev.lions.user.manager.service.RealmAuthorizationService;
import jakarta.enterprise.context.ApplicationScoped; import jakarta.enterprise.context.ApplicationScoped;
import jakarta.inject.Inject; import jakarta.inject.Inject;
import jakarta.validation.Valid; import jakarta.validation.Valid;
import jakarta.validation.constraints.NotBlank; import jakarta.validation.constraints.NotBlank;
import jakarta.validation.constraints.NotNull; import jakarta.validation.constraints.NotNull;
import lombok.extern.slf4j.Slf4j; import lombok.extern.slf4j.Slf4j;
import java.time.LocalDateTime; import java.time.LocalDateTime;
import java.util.*; import java.util.*;
import java.util.concurrent.ConcurrentHashMap; import java.util.concurrent.ConcurrentHashMap;
import java.util.stream.Collectors; import java.util.stream.Collectors;
/** /**
* Implémentation du service d'autorisation multi-tenant par realm * Implémentation du service d'autorisation multi-tenant par realm
* *
* NOTE: Cette implémentation utilise un stockage en mémoire (ConcurrentHashMap) * NOTE: Cette implémentation utilise un stockage en mémoire (ConcurrentHashMap)
* Pour la production, migrer vers une base de données PostgreSQL * Pour la production, migrer vers une base de données PostgreSQL
*/ */
@ApplicationScoped @ApplicationScoped
@Slf4j @Slf4j
public class RealmAuthorizationServiceImpl implements RealmAuthorizationService { public class RealmAuthorizationServiceImpl implements RealmAuthorizationService {
@Inject @Inject
AuditService auditService; AuditService auditService;
// Stockage temporaire en mémoire (à remplacer par BD en production) // Stockage temporaire en mémoire (à remplacer par BD en production)
private final Map<String, RealmAssignmentDTO> assignmentsById = new ConcurrentHashMap<>(); private final Map<String, RealmAssignmentDTO> assignmentsById = new ConcurrentHashMap<>();
private final Map<String, Set<String>> userToRealms = new ConcurrentHashMap<>(); private final Map<String, Set<String>> userToRealms = new ConcurrentHashMap<>();
private final Map<String, Set<String>> realmToUsers = new ConcurrentHashMap<>(); private final Map<String, Set<String>> realmToUsers = new ConcurrentHashMap<>();
private final Set<String> superAdmins = ConcurrentHashMap.newKeySet(); private final Set<String> superAdmins = ConcurrentHashMap.newKeySet();
@Override @Override
public List<RealmAssignmentDTO> getAllAssignments() { public List<RealmAssignmentDTO> getAllAssignments() {
log.debug("Récupération de toutes les assignations de realms"); log.debug("Récupération de toutes les assignations de realms");
return new ArrayList<>(assignmentsById.values()); return new ArrayList<>(assignmentsById.values());
} }
@Override @Override
public List<RealmAssignmentDTO> getAssignmentsByUser(@NotBlank String userId) { public List<RealmAssignmentDTO> getAssignmentsByUser(@NotBlank String userId) {
log.debug("Récupération des assignations pour l'utilisateur: {}", userId); log.debug("Récupération des assignations pour l'utilisateur: {}", userId);
return assignmentsById.values().stream() return assignmentsById.values().stream()
.filter(assignment -> assignment.getUserId().equals(userId)) .filter(assignment -> assignment.getUserId().equals(userId))
.filter(RealmAssignmentDTO::isActive) .filter(RealmAssignmentDTO::isActive)
.filter(assignment -> !assignment.isExpired()) .filter(assignment -> !assignment.isExpired())
.collect(Collectors.toList()); .collect(Collectors.toList());
} }
@Override @Override
public List<RealmAssignmentDTO> getAssignmentsByRealm(@NotBlank String realmName) { public List<RealmAssignmentDTO> getAssignmentsByRealm(@NotBlank String realmName) {
log.debug("Récupération des assignations pour le realm: {}", realmName); log.debug("Récupération des assignations pour le realm: {}", realmName);
return assignmentsById.values().stream() return assignmentsById.values().stream()
.filter(assignment -> assignment.getRealmName().equals(realmName)) .filter(assignment -> assignment.getRealmName().equals(realmName))
.filter(RealmAssignmentDTO::isActive) .filter(RealmAssignmentDTO::isActive)
.filter(assignment -> !assignment.isExpired()) .filter(assignment -> !assignment.isExpired())
.collect(Collectors.toList()); .collect(Collectors.toList());
} }
@Override @Override
public Optional<RealmAssignmentDTO> getAssignmentById(@NotBlank String assignmentId) { public Optional<RealmAssignmentDTO> getAssignmentById(@NotBlank String assignmentId) {
log.debug("Récupération de l'assignation: {}", assignmentId); log.debug("Récupération de l'assignation: {}", assignmentId);
return Optional.ofNullable(assignmentsById.get(assignmentId)); return Optional.ofNullable(assignmentsById.get(assignmentId));
} }
@Override @Override
public boolean canManageRealm(@NotBlank String userId, @NotBlank String realmName) { public boolean canManageRealm(@NotBlank String userId, @NotBlank String realmName) {
log.debug("Vérification si {} peut gérer le realm {}", userId, realmName); log.debug("Vérification si {} peut gérer le realm {}", userId, realmName);
// Super admin peut tout gérer // Super admin peut tout gérer
if (isSuperAdmin(userId)) { if (isSuperAdmin(userId)) {
return true; return true;
} }
// Vérifier les assignations actives et non expirées // Vérifier les assignations actives et non expirées
return assignmentsById.values().stream() return assignmentsById.values().stream()
.anyMatch(assignment -> .anyMatch(assignment ->
assignment.getUserId().equals(userId) && assignment.getUserId().equals(userId) &&
assignment.getRealmName().equals(realmName) && assignment.getRealmName().equals(realmName) &&
assignment.isActive() && assignment.isActive() &&
!assignment.isExpired() !assignment.isExpired()
); );
} }
@Override @Override
public boolean isSuperAdmin(@NotBlank String userId) { public boolean isSuperAdmin(@NotBlank String userId) {
return superAdmins.contains(userId); return superAdmins.contains(userId);
} }
@Override @Override
public List<String> getAuthorizedRealms(@NotBlank String userId) { public List<String> getAuthorizedRealms(@NotBlank String userId) {
log.debug("Récupération des realms autorisés pour: {}", userId); log.debug("Récupération des realms autorisés pour: {}", userId);
// Super admin retourne liste vide (convention: peut tout gérer) // Super admin retourne liste vide (convention: peut tout gérer)
if (isSuperAdmin(userId)) { if (isSuperAdmin(userId)) {
return Collections.emptyList(); return Collections.emptyList();
} }
// Retourner les realms assignés actifs et non expirés // Retourner les realms assignés actifs et non expirés
return assignmentsById.values().stream() return assignmentsById.values().stream()
.filter(assignment -> assignment.getUserId().equals(userId)) .filter(assignment -> assignment.getUserId().equals(userId))
.filter(RealmAssignmentDTO::isActive) .filter(RealmAssignmentDTO::isActive)
.filter(assignment -> !assignment.isExpired()) .filter(assignment -> !assignment.isExpired())
.map(RealmAssignmentDTO::getRealmName) .map(RealmAssignmentDTO::getRealmName)
.distinct() .distinct()
.collect(Collectors.toList()); .collect(Collectors.toList());
} }
@Override @Override
public RealmAssignmentDTO assignRealmToUser(@Valid @NotNull RealmAssignmentDTO assignment) { public RealmAssignmentDTO assignRealmToUser(@Valid @NotNull RealmAssignmentDTO assignment) {
log.info("Assignation du realm {} à l'utilisateur {}", log.info("Assignation du realm {} à l'utilisateur {}",
assignment.getRealmName(), assignment.getUserId()); assignment.getRealmName(), assignment.getUserId());
// Validation // Validation
if (assignment.getUserId() == null || assignment.getUserId().isBlank()) { if (assignment.getUserId() == null || assignment.getUserId().isBlank()) {
throw new IllegalArgumentException("L'ID utilisateur est obligatoire"); throw new IllegalArgumentException("L'ID utilisateur est obligatoire");
} }
if (assignment.getRealmName() == null || assignment.getRealmName().isBlank()) { if (assignment.getRealmName() == null || assignment.getRealmName().isBlank()) {
throw new IllegalArgumentException("Le nom du realm est obligatoire"); throw new IllegalArgumentException("Le nom du realm est obligatoire");
} }
// Vérifier si l'assignation existe déjà // Vérifier si l'assignation existe déjà
if (assignmentExists(assignment.getUserId(), assignment.getRealmName())) { if (assignmentExists(assignment.getUserId(), assignment.getRealmName())) {
throw new IllegalArgumentException( throw new IllegalArgumentException(
String.format("L'utilisateur %s a déjà accès au realm %s", String.format("L'utilisateur %s a déjà accès au realm %s",
assignment.getUserId(), assignment.getRealmName()) assignment.getUserId(), assignment.getRealmName())
); );
} }
// Générer ID si absent // Générer ID si absent
if (assignment.getId() == null) { if (assignment.getId() == null) {
assignment.setId(UUID.randomUUID().toString()); assignment.setId(UUID.randomUUID().toString());
} }
// Compléter les métadonnées // Compléter les métadonnées
assignment.setAssignedAt(LocalDateTime.now()); assignment.setAssignedAt(LocalDateTime.now());
assignment.setActive(true); assignment.setActive(true);
assignment.setDateCreation(LocalDateTime.now()); assignment.setDateCreation(LocalDateTime.now());
// Stocker l'assignation // Stocker l'assignation
assignmentsById.put(assignment.getId(), assignment); assignmentsById.put(assignment.getId(), assignment);
// Mettre à jour les index // Mettre à jour les index
userToRealms.computeIfAbsent(assignment.getUserId(), k -> ConcurrentHashMap.newKeySet()) userToRealms.computeIfAbsent(assignment.getUserId(), k -> ConcurrentHashMap.newKeySet())
.add(assignment.getRealmName()); .add(assignment.getRealmName());
realmToUsers.computeIfAbsent(assignment.getRealmName(), k -> ConcurrentHashMap.newKeySet()) realmToUsers.computeIfAbsent(assignment.getRealmName(), k -> ConcurrentHashMap.newKeySet())
.add(assignment.getUserId()); .add(assignment.getUserId());
// Audit // Audit
auditService.logSuccess( auditService.logSuccess(
TypeActionAudit.REALM_ASSIGN, TypeActionAudit.REALM_ASSIGN,
"REALM_ASSIGNMENT", "REALM_ASSIGNMENT",
assignment.getId(), assignment.getId(),
assignment.getUsername(), assignment.getUsername(),
assignment.getRealmName(), assignment.getRealmName(),
assignment.getAssignedBy() != null ? assignment.getAssignedBy() : "system", assignment.getAssignedBy() != null ? assignment.getAssignedBy() : "system",
String.format("Assignation du realm %s à %s", assignment.getRealmName(), assignment.getUsername()) String.format("Assignation du realm %s à %s", assignment.getRealmName(), assignment.getUsername())
); );
log.info("Realm {} assigné avec succès à {}", assignment.getRealmName(), assignment.getUserId()); log.info("Realm {} assigné avec succès à {}", assignment.getRealmName(), assignment.getUserId());
return assignment; return assignment;
} }
@Override @Override
public void revokeRealmFromUser(@NotBlank String userId, @NotBlank String realmName) { public void revokeRealmFromUser(@NotBlank String userId, @NotBlank String realmName) {
log.info("Révocation du realm {} pour l'utilisateur {}", realmName, userId); log.info("Révocation du realm {} pour l'utilisateur {}", realmName, userId);
// Trouver et supprimer l'assignation // Trouver et supprimer l'assignation
Optional<RealmAssignmentDTO> assignment = assignmentsById.values().stream() Optional<RealmAssignmentDTO> assignment = assignmentsById.values().stream()
.filter(a -> a.getUserId().equals(userId) && a.getRealmName().equals(realmName)) .filter(a -> a.getUserId().equals(userId) && a.getRealmName().equals(realmName))
.findFirst(); .findFirst();
if (assignment.isEmpty()) { if (assignment.isEmpty()) {
log.warn("Aucune assignation trouvée pour {} / {}", userId, realmName); log.warn("Aucune assignation trouvée pour {} / {}", userId, realmName);
return; return;
} }
RealmAssignmentDTO assignmentToRemove = assignment.get(); RealmAssignmentDTO assignmentToRemove = assignment.get();
assignmentsById.remove(assignmentToRemove.getId()); assignmentsById.remove(assignmentToRemove.getId());
// Mettre à jour les index // Mettre à jour les index
Set<String> realms = userToRealms.get(userId); Set<String> realms = userToRealms.get(userId);
if (realms != null) { if (realms != null) {
realms.remove(realmName); realms.remove(realmName);
if (realms.isEmpty()) { if (realms.isEmpty()) {
userToRealms.remove(userId); userToRealms.remove(userId);
} }
} }
Set<String> users = realmToUsers.get(realmName); Set<String> users = realmToUsers.get(realmName);
if (users != null) { if (users != null) {
users.remove(userId); users.remove(userId);
if (users.isEmpty()) { if (users.isEmpty()) {
realmToUsers.remove(realmName); realmToUsers.remove(realmName);
} }
} }
// Audit // Audit
auditService.logSuccess( auditService.logSuccess(
TypeActionAudit.REALM_REVOKE, TypeActionAudit.REALM_REVOKE,
"REALM_ASSIGNMENT", "REALM_ASSIGNMENT",
assignmentToRemove.getId(), assignmentToRemove.getId(),
assignmentToRemove.getUsername(), assignmentToRemove.getUsername(),
realmName, realmName,
"system", "system",
String.format("Révocation du realm %s pour %s", realmName, assignmentToRemove.getUsername()) String.format("Révocation du realm %s pour %s", realmName, assignmentToRemove.getUsername())
); );
log.info("Realm {} révoqué avec succès pour {}", realmName, userId); log.info("Realm {} révoqué avec succès pour {}", realmName, userId);
} }
@Override @Override
public void revokeAllRealmsFromUser(@NotBlank String userId) { public void revokeAllRealmsFromUser(@NotBlank String userId) {
log.info("Révocation de tous les realms pour l'utilisateur {}", userId); log.info("Révocation de tous les realms pour l'utilisateur {}", userId);
List<RealmAssignmentDTO> userAssignments = getAssignmentsByUser(userId); List<RealmAssignmentDTO> userAssignments = getAssignmentsByUser(userId);
userAssignments.forEach(assignment -> userAssignments.forEach(assignment ->
revokeRealmFromUser(userId, assignment.getRealmName()) revokeRealmFromUser(userId, assignment.getRealmName())
); );
log.info("{} realm(s) révoqué(s) pour {}", userAssignments.size(), userId); log.info("{} realm(s) révoqué(s) pour {}", userAssignments.size(), userId);
} }
@Override @Override
public void revokeAllUsersFromRealm(@NotBlank String realmName) { public void revokeAllUsersFromRealm(@NotBlank String realmName) {
log.info("Révocation de tous les utilisateurs du realm {}", realmName); log.info("Révocation de tous les utilisateurs du realm {}", realmName);
List<RealmAssignmentDTO> realmAssignments = getAssignmentsByRealm(realmName); List<RealmAssignmentDTO> realmAssignments = getAssignmentsByRealm(realmName);
realmAssignments.forEach(assignment -> realmAssignments.forEach(assignment ->
revokeRealmFromUser(assignment.getUserId(), realmName) revokeRealmFromUser(assignment.getUserId(), realmName)
); );
log.info("{} utilisateur(s) révoqué(s) du realm {}", realmAssignments.size(), realmName); log.info("{} utilisateur(s) révoqué(s) du realm {}", realmAssignments.size(), realmName);
} }
@Override @Override
public void setSuperAdmin(@NotBlank String userId, boolean superAdmin) { public void setSuperAdmin(@NotBlank String userId, boolean superAdmin) {
log.info("Définition de {} comme super admin: {}", userId, superAdmin); log.info("Définition de {} comme super admin: {}", userId, superAdmin);
if (superAdmin) { if (superAdmin) {
superAdmins.add(userId); superAdmins.add(userId);
auditService.logSuccess( auditService.logSuccess(
TypeActionAudit.REALM_SET_SUPER_ADMIN, TypeActionAudit.REALM_SET_SUPER_ADMIN,
"USER", "USER",
userId, userId,
userId, userId,
"lions-user-manager", "lions-user-manager",
"system", "system",
String.format("Utilisateur %s défini comme super admin", userId) String.format("Utilisateur %s défini comme super admin", userId)
); );
} else { } else {
superAdmins.remove(userId); superAdmins.remove(userId);
auditService.logSuccess( auditService.logSuccess(
TypeActionAudit.REALM_SET_SUPER_ADMIN, TypeActionAudit.REALM_SET_SUPER_ADMIN,
"USER", "USER",
userId, userId,
userId, userId,
"lions-user-manager", "lions-user-manager",
"system", "system",
String.format("Privilèges super admin retirés pour %s", userId) String.format("Privilèges super admin retirés pour %s", userId)
); );
} }
} }
@Override @Override
public void deactivateAssignment(@NotBlank String assignmentId) { public void deactivateAssignment(@NotBlank String assignmentId) {
log.info("Désactivation de l'assignation {}", assignmentId); log.info("Désactivation de l'assignation {}", assignmentId);
RealmAssignmentDTO assignment = assignmentsById.get(assignmentId); RealmAssignmentDTO assignment = assignmentsById.get(assignmentId);
if (assignment == null) { if (assignment == null) {
throw new IllegalArgumentException("Assignation non trouvée: " + assignmentId); throw new IllegalArgumentException("Assignation non trouvée: " + assignmentId);
} }
assignment.setActive(false); assignment.setActive(false);
assignment.setDateModification(LocalDateTime.now()); assignment.setDateModification(LocalDateTime.now());
auditService.logSuccess( auditService.logSuccess(
TypeActionAudit.REALM_DEACTIVATE, TypeActionAudit.REALM_DEACTIVATE,
"REALM_ASSIGNMENT", "REALM_ASSIGNMENT",
assignment.getId(), assignment.getId(),
assignment.getUsername(), assignment.getUsername(),
assignment.getRealmName(), assignment.getRealmName(),
"system", "system",
String.format("Désactivation de l'assignation %s", assignmentId) String.format("Désactivation de l'assignation %s", assignmentId)
); );
} }
@Override @Override
public void activateAssignment(@NotBlank String assignmentId) { public void activateAssignment(@NotBlank String assignmentId) {
log.info("Activation de l'assignation {}", assignmentId); log.info("Activation de l'assignation {}", assignmentId);
RealmAssignmentDTO assignment = assignmentsById.get(assignmentId); RealmAssignmentDTO assignment = assignmentsById.get(assignmentId);
if (assignment == null) { if (assignment == null) {
throw new IllegalArgumentException("Assignation non trouvée: " + assignmentId); throw new IllegalArgumentException("Assignation non trouvée: " + assignmentId);
} }
assignment.setActive(true); assignment.setActive(true);
assignment.setDateModification(LocalDateTime.now()); assignment.setDateModification(LocalDateTime.now());
auditService.logSuccess( auditService.logSuccess(
TypeActionAudit.REALM_ACTIVATE, TypeActionAudit.REALM_ACTIVATE,
"REALM_ASSIGNMENT", "REALM_ASSIGNMENT",
assignment.getId(), assignment.getId(),
assignment.getUsername(), assignment.getUsername(),
assignment.getRealmName(), assignment.getRealmName(),
"system", "system",
String.format("Activation de l'assignation %s", assignmentId) String.format("Activation de l'assignation %s", assignmentId)
); );
} }
@Override @Override
public long countAssignmentsByUser(@NotBlank String userId) { public long countAssignmentsByUser(@NotBlank String userId) {
return assignmentsById.values().stream() return assignmentsById.values().stream()
.filter(assignment -> assignment.getUserId().equals(userId)) .filter(assignment -> assignment.getUserId().equals(userId))
.filter(RealmAssignmentDTO::isActive) .filter(RealmAssignmentDTO::isActive)
.filter(assignment -> !assignment.isExpired()) .filter(assignment -> !assignment.isExpired())
.count(); .count();
} }
@Override @Override
public long countUsersByRealm(@NotBlank String realmName) { public long countUsersByRealm(@NotBlank String realmName) {
return assignmentsById.values().stream() return assignmentsById.values().stream()
.filter(assignment -> assignment.getRealmName().equals(realmName)) .filter(assignment -> assignment.getRealmName().equals(realmName))
.filter(RealmAssignmentDTO::isActive) .filter(RealmAssignmentDTO::isActive)
.filter(assignment -> !assignment.isExpired()) .filter(assignment -> !assignment.isExpired())
.map(RealmAssignmentDTO::getUserId) .map(RealmAssignmentDTO::getUserId)
.distinct() .distinct()
.count(); .count();
} }
@Override @Override
public boolean assignmentExists(@NotBlank String userId, @NotBlank String realmName) { public boolean assignmentExists(@NotBlank String userId, @NotBlank String realmName) {
return assignmentsById.values().stream() return assignmentsById.values().stream()
.anyMatch(assignment -> .anyMatch(assignment ->
assignment.getUserId().equals(userId) && assignment.getUserId().equals(userId) &&
assignment.getRealmName().equals(realmName) && assignment.getRealmName().equals(realmName) &&
assignment.isActive() assignment.isActive()
); );
} }
} }

1954
src/main/java/dev/lions/user/manager/service/impl/RoleServiceImpl.java
View File

File diff suppressed because it is too large Load Diff

778
src/main/java/dev/lions/user/manager/service/impl/SyncServiceImpl.java
View File

@@ -1,389 +1,389 @@
package dev.lions.user.manager.service.impl; package dev.lions.user.manager.service.impl;
import dev.lions.user.manager.server.impl.entity.SyncHistoryEntity; import dev.lions.user.manager.server.impl.entity.SyncHistoryEntity;
import dev.lions.user.manager.server.impl.entity.SyncedRoleEntity; import dev.lions.user.manager.server.impl.entity.SyncedRoleEntity;
import dev.lions.user.manager.server.impl.entity.SyncedUserEntity; import dev.lions.user.manager.server.impl.entity.SyncedUserEntity;
import dev.lions.user.manager.server.impl.interceptor.Logged; import dev.lions.user.manager.server.impl.interceptor.Logged;
import dev.lions.user.manager.server.impl.repository.SyncHistoryRepository; import dev.lions.user.manager.server.impl.repository.SyncHistoryRepository;
import dev.lions.user.manager.server.impl.repository.SyncedRoleRepository; import dev.lions.user.manager.server.impl.repository.SyncedRoleRepository;
import dev.lions.user.manager.server.impl.repository.SyncedUserRepository; import dev.lions.user.manager.server.impl.repository.SyncedUserRepository;
import dev.lions.user.manager.service.SyncService; import dev.lions.user.manager.service.SyncService;
import jakarta.enterprise.context.ApplicationScoped; import jakarta.enterprise.context.ApplicationScoped;
import jakarta.inject.Inject; import jakarta.inject.Inject;
import jakarta.transaction.Transactional; import jakarta.transaction.Transactional;
import jakarta.validation.constraints.NotBlank; import jakarta.validation.constraints.NotBlank;
import lombok.extern.slf4j.Slf4j; import lombok.extern.slf4j.Slf4j;
import dev.lions.user.manager.client.KeycloakAdminClient; import dev.lions.user.manager.client.KeycloakAdminClient;
import org.eclipse.microprofile.config.inject.ConfigProperty; import org.eclipse.microprofile.config.inject.ConfigProperty;
import org.keycloak.admin.client.Keycloak; import org.keycloak.admin.client.Keycloak;
import org.keycloak.representations.idm.RoleRepresentation; import org.keycloak.representations.idm.RoleRepresentation;
import org.keycloak.representations.idm.UserRepresentation; import org.keycloak.representations.idm.UserRepresentation;
import java.time.Instant; import java.time.Instant;
import java.time.LocalDateTime; import java.time.LocalDateTime;
import java.time.ZoneOffset; import java.time.ZoneOffset;
import java.time.temporal.ChronoUnit; import java.time.temporal.ChronoUnit;
import java.util.Collections; import java.util.Collections;
import java.util.HashMap; import java.util.HashMap;
import java.util.HashSet; import java.util.HashSet;
import java.util.List; import java.util.List;
import java.util.Map; import java.util.Map;
import java.util.Set; import java.util.Set;
@ApplicationScoped @ApplicationScoped
@Slf4j @Slf4j
public class SyncServiceImpl implements SyncService { public class SyncServiceImpl implements SyncService {
@Inject @Inject
Keycloak keycloak; Keycloak keycloak;
@Inject @Inject
KeycloakAdminClient keycloakAdminClient; KeycloakAdminClient keycloakAdminClient;
@Inject @Inject
SyncHistoryRepository syncHistoryRepository; SyncHistoryRepository syncHistoryRepository;
// Repositories optionnels pour la persistance locale des snapshots. // Repositories optionnels pour la persistance locale des snapshots.
// Ils sont marqués @Inject mais l'utilisation dans le code est protégée // Ils sont marqués @Inject mais l'utilisation dans le code est protégée
// par des checks null pour ne pas casser les tests existants. // par des checks null pour ne pas casser les tests existants.
@Inject @Inject
SyncedUserRepository syncedUserRepository; SyncedUserRepository syncedUserRepository;
@Inject @Inject
SyncedRoleRepository syncedRoleRepository; SyncedRoleRepository syncedRoleRepository;
@ConfigProperty(name = "lions.keycloak.server-url") @ConfigProperty(name = "lions.keycloak.server-url")
String keycloakServerUrl; String keycloakServerUrl;
@Override @Override
@Transactional @Transactional
@Logged(action = "SYNC_USERS", resource = "REALM") @Logged(action = "SYNC_USERS", resource = "REALM")
public int syncUsersFromRealm(@NotBlank String realmName) { public int syncUsersFromRealm(@NotBlank String realmName) {
log.info("Synchronisation des utilisateurs depuis le realm: {}", realmName); log.info("Synchronisation des utilisateurs depuis le realm: {}", realmName);
LocalDateTime start = LocalDateTime.now(); LocalDateTime start = LocalDateTime.now();
int count = 0; int count = 0;
String status = "SUCCESS"; String status = "SUCCESS";
String errorMessage = null; String errorMessage = null;
try { try {
List<UserRepresentation> users = keycloak.realm(realmName).users().list(); List<UserRepresentation> users = keycloak.realm(realmName).users().list();
count = users.size(); count = users.size();
// Persister un snapshot minimal des utilisateurs dans la base locale si le // Persister un snapshot minimal des utilisateurs dans la base locale si le
// repository est disponible. // repository est disponible.
if (syncedUserRepository != null && !users.isEmpty()) { if (syncedUserRepository != null && !users.isEmpty()) {
List<SyncedUserEntity> snapshots = users.stream() List<SyncedUserEntity> snapshots = users.stream()
.map(user -> { .map(user -> {
SyncedUserEntity entity = new SyncedUserEntity(); SyncedUserEntity entity = new SyncedUserEntity();
entity.setRealmName(realmName); entity.setRealmName(realmName);
entity.setKeycloakId(user.getId()); entity.setKeycloakId(user.getId());
entity.setUsername(user.getUsername()); entity.setUsername(user.getUsername());
entity.setEmail(user.getEmail()); entity.setEmail(user.getEmail());
entity.setEnabled(user.isEnabled()); entity.setEnabled(user.isEnabled());
entity.setEmailVerified(user.isEmailVerified()); entity.setEmailVerified(user.isEmailVerified());
if (user.getCreatedTimestamp() != null) { if (user.getCreatedTimestamp() != null) {
LocalDateTime createdAt = LocalDateTime.ofInstant( LocalDateTime createdAt = LocalDateTime.ofInstant(
Instant.ofEpochMilli(user.getCreatedTimestamp()), Instant.ofEpochMilli(user.getCreatedTimestamp()),
ZoneOffset.UTC); ZoneOffset.UTC);
entity.setCreatedAt(createdAt); entity.setCreatedAt(createdAt);
} }
return entity; return entity;
}) })
.toList(); .toList();
syncedUserRepository.replaceForRealm(realmName, snapshots); syncedUserRepository.replaceForRealm(realmName, snapshots);
log.info("Persisted {} synced user snapshots for realm {}", snapshots.size(), realmName); log.info("Persisted {} synced user snapshots for realm {}", snapshots.size(), realmName);
} }
log.info("✅ {} utilisateurs synchronisés depuis le realm {}", count, realmName); log.info("✅ {} utilisateurs synchronisés depuis le realm {}", count, realmName);
} catch (Exception e) { } catch (Exception e) {
log.error("❌ Erreur lors de la synchronisation des utilisateurs depuis le realm {}", realmName, e); log.error("❌ Erreur lors de la synchronisation des utilisateurs depuis le realm {}", realmName, e);
status = "FAILURE"; status = "FAILURE";
errorMessage = e.getMessage(); errorMessage = e.getMessage();
throw new RuntimeException("Erreur de synchronisation utilisateurs: " + e.getMessage(), e); throw new RuntimeException("Erreur de synchronisation utilisateurs: " + e.getMessage(), e);
} finally { } finally {
recordSyncHistory(realmName, "USER", status, count, start, errorMessage); recordSyncHistory(realmName, "USER", status, count, start, errorMessage);
} }
return count; return count;
} }
@Override @Override
@Transactional @Transactional
@Logged(action = "SYNC_ROLES", resource = "REALM") @Logged(action = "SYNC_ROLES", resource = "REALM")
public int syncRolesFromRealm(@NotBlank String realmName) { public int syncRolesFromRealm(@NotBlank String realmName) {
log.info("Synchronisation des rôles depuis le realm: {}", realmName); log.info("Synchronisation des rôles depuis le realm: {}", realmName);
LocalDateTime start = LocalDateTime.now(); LocalDateTime start = LocalDateTime.now();
int count = 0; int count = 0;
String status = "SUCCESS"; String status = "SUCCESS";
String errorMessage = null; String errorMessage = null;
try { try {
List<RoleRepresentation> roles = keycloak.realm(realmName).roles().list(); List<RoleRepresentation> roles = keycloak.realm(realmName).roles().list();
count = roles.size(); count = roles.size();
// Persister un snapshot minimal des rôles dans la base locale si le repository // Persister un snapshot minimal des rôles dans la base locale si le repository
// est disponible. // est disponible.
if (syncedRoleRepository != null && !roles.isEmpty()) { if (syncedRoleRepository != null && !roles.isEmpty()) {
List<SyncedRoleEntity> snapshots = roles.stream() List<SyncedRoleEntity> snapshots = roles.stream()
.map(role -> { .map(role -> {
SyncedRoleEntity entity = new SyncedRoleEntity(); SyncedRoleEntity entity = new SyncedRoleEntity();
entity.setRealmName(realmName); entity.setRealmName(realmName);
entity.setRoleName(role.getName()); entity.setRoleName(role.getName());
entity.setDescription(role.getDescription()); entity.setDescription(role.getDescription());
return entity; return entity;
}) })
.toList(); .toList();
syncedRoleRepository.replaceForRealm(realmName, snapshots); syncedRoleRepository.replaceForRealm(realmName, snapshots);
log.info("Persisted {} synced role snapshots for realm {}", snapshots.size(), realmName); log.info("Persisted {} synced role snapshots for realm {}", snapshots.size(), realmName);
} }
log.info("✅ {} rôles synchronisés depuis le realm {}", count, realmName); log.info("✅ {} rôles synchronisés depuis le realm {}", count, realmName);
} catch (Exception e) { } catch (Exception e) {
log.error("❌ Erreur lors de la synchronisation des rôles depuis le realm {}", realmName, e); log.error("❌ Erreur lors de la synchronisation des rôles depuis le realm {}", realmName, e);
status = "FAILURE"; status = "FAILURE";
errorMessage = e.getMessage(); errorMessage = e.getMessage();
throw new RuntimeException("Erreur de synchronisation rôles: " + e.getMessage(), e); throw new RuntimeException("Erreur de synchronisation rôles: " + e.getMessage(), e);
} finally { } finally {
recordSyncHistory(realmName, "ROLE", status, count, start, errorMessage); recordSyncHistory(realmName, "ROLE", status, count, start, errorMessage);
} }
return count; return count;
} }
@Override @Override
@Transactional @Transactional
@Logged(action = "REALM_SYNC", resource = "SYSTEM") @Logged(action = "REALM_SYNC", resource = "SYSTEM")
public Map<String, Integer> syncAllRealms() { public Map<String, Integer> syncAllRealms() {
Map<String, Integer> result = new HashMap<>(); Map<String, Integer> result = new HashMap<>();
try { try {
// getAllRealms() utilise un HttpClient raw avec ObjectMapper(FAIL_ON_UNKNOWN_PROPERTIES=false) // getAllRealms() utilise un HttpClient raw avec ObjectMapper(FAIL_ON_UNKNOWN_PROPERTIES=false)
// pour éviter les erreurs de désérialisation de RealmRepresentation avec Keycloak 26+ // pour éviter les erreurs de désérialisation de RealmRepresentation avec Keycloak 26+
List<String> realmNames = keycloakAdminClient.getAllRealms(); List<String> realmNames = keycloakAdminClient.getAllRealms();
for (String realmName : realmNames) { for (String realmName : realmNames) {
if (realmName == null || realmName.isBlank()) { if (realmName == null || realmName.isBlank()) {
continue; continue;
} }
log.info("Synchronisation complète du realm {}", realmName); log.info("Synchronisation complète du realm {}", realmName);
int totalForRealm = 0; int totalForRealm = 0;
try { try {
int users = syncUsersFromRealm(realmName); int users = syncUsersFromRealm(realmName);
int roles = syncRolesFromRealm(realmName); int roles = syncRolesFromRealm(realmName);
totalForRealm = users + roles; totalForRealm = users + roles;
log.info("✅ Realm {} synchronisé (users={}, roles={})", realmName, users, roles); log.info("✅ Realm {} synchronisé (users={}, roles={})", realmName, users, roles);
} catch (Exception e) { } catch (Exception e) {
log.error("❌ Erreur lors de la synchronisation du realm {}", realmName, e); log.error("❌ Erreur lors de la synchronisation du realm {}", realmName, e);
// On enregistre quand même le realm dans le résultat avec 0 éléments traités // On enregistre quand même le realm dans le résultat avec 0 éléments traités
totalForRealm = 0; totalForRealm = 0;
} }
result.put(realmName, totalForRealm); result.put(realmName, totalForRealm);
} }
} catch (Exception e) { } catch (Exception e) {
log.error("❌ Erreur lors de la récupération de la liste des realms pour synchronisation globale", e); log.error("❌ Erreur lors de la récupération de la liste des realms pour synchronisation globale", e);
// En cas d'erreur globale, on retourne simplement une map vide (aucune // En cas d'erreur globale, on retourne simplement une map vide (aucune
// approximation) // approximation)
} }
return result; return result;
} }
@Override @Override
public Map<String, Object> checkDataConsistency(@NotBlank String realmName) { public Map<String, Object> checkDataConsistency(@NotBlank String realmName) {
Map<String, Object> report = new HashMap<>(); Map<String, Object> report = new HashMap<>();
report.put("realmName", realmName); report.put("realmName", realmName);
try { try {
// Données actuelles dans Keycloak // Données actuelles dans Keycloak
List<UserRepresentation> kcUsers = keycloak.realm(realmName).users().list(); List<UserRepresentation> kcUsers = keycloak.realm(realmName).users().list();
List<RoleRepresentation> kcRoles = keycloak.realm(realmName).roles().list(); List<RoleRepresentation> kcRoles = keycloak.realm(realmName).roles().list();
// Snapshots locaux // Snapshots locaux
List<SyncedUserEntity> localUsers = syncedUserRepository.list("realmName", realmName); List<SyncedUserEntity> localUsers = syncedUserRepository.list("realmName", realmName);
List<SyncedRoleEntity> localRoles = syncedRoleRepository.list("realmName", realmName); List<SyncedRoleEntity> localRoles = syncedRoleRepository.list("realmName", realmName);
// Comparaison exacte des identifiants utilisateurs // Comparaison exacte des identifiants utilisateurs
Set<String> kcUserIds = kcUsers.stream() Set<String> kcUserIds = kcUsers.stream()
.map(UserRepresentation::getId) .map(UserRepresentation::getId)
.filter(id -> id != null && !id.isBlank()) .filter(id -> id != null && !id.isBlank())
.collect(java.util.stream.Collectors.toSet()); .collect(java.util.stream.Collectors.toSet());
Set<String> localUserIds = localUsers.stream() Set<String> localUserIds = localUsers.stream()
.map(SyncedUserEntity::getKeycloakId) .map(SyncedUserEntity::getKeycloakId)
.filter(id -> id != null && !id.isBlank()) .filter(id -> id != null && !id.isBlank())
.collect(java.util.stream.Collectors.toSet()); .collect(java.util.stream.Collectors.toSet());
Set<String> missingUsersInLocal = new HashSet<>(kcUserIds); Set<String> missingUsersInLocal = new HashSet<>(kcUserIds);
missingUsersInLocal.removeAll(localUserIds); missingUsersInLocal.removeAll(localUserIds);
Set<String> missingUsersInKeycloak = new HashSet<>(localUserIds); Set<String> missingUsersInKeycloak = new HashSet<>(localUserIds);
missingUsersInKeycloak.removeAll(kcUserIds); missingUsersInKeycloak.removeAll(kcUserIds);
// Comparaison exacte des noms de rôles // Comparaison exacte des noms de rôles
Set<String> kcRoleNames = kcRoles.stream() Set<String> kcRoleNames = kcRoles.stream()
.map(RoleRepresentation::getName) .map(RoleRepresentation::getName)
.filter(name -> name != null && !name.isBlank()) .filter(name -> name != null && !name.isBlank())
.collect(java.util.stream.Collectors.toSet()); .collect(java.util.stream.Collectors.toSet());
Set<String> localRoleNames = localRoles.stream() Set<String> localRoleNames = localRoles.stream()
.map(SyncedRoleEntity::getRoleName) .map(SyncedRoleEntity::getRoleName)
.filter(name -> name != null && !name.isBlank()) .filter(name -> name != null && !name.isBlank())
.collect(java.util.stream.Collectors.toSet()); .collect(java.util.stream.Collectors.toSet());
Set<String> missingRolesInLocal = new HashSet<>(kcRoleNames); Set<String> missingRolesInLocal = new HashSet<>(kcRoleNames);
missingRolesInLocal.removeAll(localRoleNames); missingRolesInLocal.removeAll(localRoleNames);
Set<String> missingRolesInKeycloak = new HashSet<>(localRoleNames); Set<String> missingRolesInKeycloak = new HashSet<>(localRoleNames);
missingRolesInKeycloak.removeAll(kcRoleNames); missingRolesInKeycloak.removeAll(kcRoleNames);
boolean usersOk = missingUsersInLocal.isEmpty() && missingUsersInKeycloak.isEmpty(); boolean usersOk = missingUsersInLocal.isEmpty() && missingUsersInKeycloak.isEmpty();
boolean rolesOk = missingRolesInLocal.isEmpty() && missingRolesInKeycloak.isEmpty(); boolean rolesOk = missingRolesInLocal.isEmpty() && missingRolesInKeycloak.isEmpty();
report.put("status", (usersOk && rolesOk) ? "OK" : "MISMATCH"); report.put("status", (usersOk && rolesOk) ? "OK" : "MISMATCH");
report.put("usersKeycloakCount", kcUserIds.size()); report.put("usersKeycloakCount", kcUserIds.size());
report.put("usersLocalCount", localUserIds.size()); report.put("usersLocalCount", localUserIds.size());
report.put("missingUsersInLocal", missingUsersInLocal); report.put("missingUsersInLocal", missingUsersInLocal);
report.put("missingUsersInKeycloak", missingUsersInKeycloak); report.put("missingUsersInKeycloak", missingUsersInKeycloak);
report.put("rolesKeycloakCount", kcRoleNames.size()); report.put("rolesKeycloakCount", kcRoleNames.size());
report.put("rolesLocalCount", localRoleNames.size()); report.put("rolesLocalCount", localRoleNames.size());
report.put("missingRolesInLocal", missingRolesInLocal); report.put("missingRolesInLocal", missingRolesInLocal);
report.put("missingRolesInKeycloak", missingRolesInKeycloak); report.put("missingRolesInKeycloak", missingRolesInKeycloak);
} catch (Exception e) { } catch (Exception e) {
log.error("❌ Erreur lors du contrôle de cohérence des données pour le realm {}", realmName, e); log.error("❌ Erreur lors du contrôle de cohérence des données pour le realm {}", realmName, e);
report.put("status", "ERROR"); report.put("status", "ERROR");
report.put("error", e.getMessage()); report.put("error", e.getMessage());
} }
return report; return report;
} }
@Override @Override
@Transactional @Transactional
public Map<String, Object> forceSyncRealm(@NotBlank String realmName) { public Map<String, Object> forceSyncRealm(@NotBlank String realmName) {
Map<String, Object> result = new HashMap<>(); Map<String, Object> result = new HashMap<>();
try { try {
int users = syncUsersFromRealm(realmName); int users = syncUsersFromRealm(realmName);
int roles = syncRolesFromRealm(realmName); int roles = syncRolesFromRealm(realmName);
result.put("usersSynced", users); result.put("usersSynced", users);
result.put("rolesSynced", roles); result.put("rolesSynced", roles);
result.put("status", "SUCCESS"); result.put("status", "SUCCESS");
} catch (Exception e) { } catch (Exception e) {
result.put("status", "FAILURE"); result.put("status", "FAILURE");
result.put("error", e.getMessage()); result.put("error", e.getMessage());
} }
return result; return result;
} }
@Override @Override
public Map<String, Object> getLastSyncStatus(@NotBlank String realmName) { public Map<String, Object> getLastSyncStatus(@NotBlank String realmName) {
List<SyncHistoryEntity> history = syncHistoryRepository.findLatestByRealm(realmName, 1); List<SyncHistoryEntity> history = syncHistoryRepository.findLatestByRealm(realmName, 1);
if (history.isEmpty()) { if (history.isEmpty()) {
return Collections.singletonMap("status", "NEVER_SYNCED"); return Collections.singletonMap("status", "NEVER_SYNCED");
} }
SyncHistoryEntity lastSync = history.get(0); SyncHistoryEntity lastSync = history.get(0);
Map<String, Object> statusMap = new HashMap<>(); // Utilisation de HashMap pour permettre nulls si besoin Map<String, Object> statusMap = new HashMap<>(); // Utilisation de HashMap pour permettre nulls si besoin
statusMap.put("lastSyncDate", lastSync.getSyncDate()); statusMap.put("lastSyncDate", lastSync.getSyncDate());
statusMap.put("status", lastSync.getStatus()); statusMap.put("status", lastSync.getStatus());
statusMap.put("type", lastSync.getSyncType()); statusMap.put("type", lastSync.getSyncType());
statusMap.put("itemsProcessed", lastSync.getItemsProcessed()); statusMap.put("itemsProcessed", lastSync.getItemsProcessed());
return statusMap; return statusMap;
} }
@Override @Override
public boolean isKeycloakAvailable() { public boolean isKeycloakAvailable() {
try { try {
// getAllRealms() utilise un HttpClient raw : pas de désérialisation de RealmRepresentation // getAllRealms() utilise un HttpClient raw : pas de désérialisation de RealmRepresentation
// donc pas d'erreur UnrecognizedPropertyException avec Keycloak 26+ // donc pas d'erreur UnrecognizedPropertyException avec Keycloak 26+
keycloakAdminClient.getAllRealms(); keycloakAdminClient.getAllRealms();
return true; return true;
} catch (Exception e) { } catch (Exception e) {
log.warn("Keycloak availability check failed: {}", e.getMessage()); log.warn("Keycloak availability check failed: {}", e.getMessage());
return false; return false;
} }
} }
@Override @Override
public Map<String, Object> getKeycloakHealthInfo() { public Map<String, Object> getKeycloakHealthInfo() {
Map<String, Object> health = new HashMap<>(); Map<String, Object> health = new HashMap<>();
try { try {
var info = keycloak.serverInfo().getInfo(); var info = keycloak.serverInfo().getInfo();
health.put("status", "UP"); health.put("status", "UP");
health.put("version", info.getSystemInfo().getVersion()); health.put("version", info.getSystemInfo().getVersion());
health.put("serverTime", info.getSystemInfo().getServerTime()); health.put("serverTime", info.getSystemInfo().getServerTime());
} catch (Exception e) { } catch (Exception e) {
log.debug("serverInfo().getInfo() failed, trying raw HTTP fallback: {}", e.getMessage()); log.debug("serverInfo().getInfo() failed, trying raw HTTP fallback: {}", e.getMessage());
fetchVersionViaHttp(health); fetchVersionViaHttp(health);
} }
return health; return health;
} }
private void fetchVersionViaHttp(Map<String, Object> health) { private void fetchVersionViaHttp(Map<String, Object> health) {
try { try {
String token = keycloak.tokenManager().getAccessTokenString(); String token = keycloak.tokenManager().getAccessTokenString();
var client = java.net.http.HttpClient.newHttpClient(); var client = java.net.http.HttpClient.newHttpClient();
var request = java.net.http.HttpRequest.newBuilder() var request = java.net.http.HttpRequest.newBuilder()
.uri(java.net.URI.create(keycloakServerUrl + "/admin/serverinfo")) .uri(java.net.URI.create(keycloakServerUrl + "/admin/serverinfo"))
.header("Authorization", "Bearer " + token) .header("Authorization", "Bearer " + token)
.header("Accept", "application/json") .header("Accept", "application/json")
.GET().build(); .GET().build();
var response = client.send(request, java.net.http.HttpResponse.BodyHandlers.ofString()); var response = client.send(request, java.net.http.HttpResponse.BodyHandlers.ofString());
if (response.statusCode() == 200) { if (response.statusCode() == 200) {
String body = response.body(); String body = response.body();
health.put("status", "UP"); health.put("status", "UP");
int sysInfoIdx = body.indexOf("\"systemInfo\""); int sysInfoIdx = body.indexOf("\"systemInfo\"");
if (sysInfoIdx >= 0) { if (sysInfoIdx >= 0) {
extractJsonStringField(body, "version", sysInfoIdx) extractJsonStringField(body, "version", sysInfoIdx)
.ifPresent(v -> health.put("version", v)); .ifPresent(v -> health.put("version", v));
extractJsonStringField(body, "serverTime", sysInfoIdx) extractJsonStringField(body, "serverTime", sysInfoIdx)
.ifPresent(v -> health.put("serverTime", v)); .ifPresent(v -> health.put("serverTime", v));
} }
if (!health.containsKey("version")) { if (!health.containsKey("version")) {
health.put("version", "UP (version non parsée)"); health.put("version", "UP (version non parsée)");
} }
} else { } else {
health.put("status", "UP"); health.put("status", "UP");
health.put("version", "UP (serverinfo HTTP " + response.statusCode() + ")"); health.put("version", "UP (serverinfo HTTP " + response.statusCode() + ")");
} }
} catch (Exception ex) { } catch (Exception ex) {
log.error("Fallback HTTP serverinfo also failed: {}", ex.getMessage()); log.error("Fallback HTTP serverinfo also failed: {}", ex.getMessage());
health.put("status", "DOWN"); health.put("status", "DOWN");
health.put("error", ex.getMessage()); health.put("error", ex.getMessage());
} }
} }
private java.util.Optional<String> extractJsonStringField(String json, String field, int searchFrom) { private java.util.Optional<String> extractJsonStringField(String json, String field, int searchFrom) {
String pattern = "\"" + field + "\""; String pattern = "\"" + field + "\"";
int idx = json.indexOf(pattern, searchFrom); int idx = json.indexOf(pattern, searchFrom);
if (idx < 0) return java.util.Optional.empty(); if (idx < 0) return java.util.Optional.empty();
int colonIdx = json.indexOf(':', idx + pattern.length()); int colonIdx = json.indexOf(':', idx + pattern.length());
if (colonIdx < 0) return java.util.Optional.empty(); if (colonIdx < 0) return java.util.Optional.empty();
int startQuote = json.indexOf('"', colonIdx + 1); int startQuote = json.indexOf('"', colonIdx + 1);
if (startQuote < 0) return java.util.Optional.empty(); if (startQuote < 0) return java.util.Optional.empty();
int endQuote = json.indexOf('"', startQuote + 1); int endQuote = json.indexOf('"', startQuote + 1);
if (endQuote < 0) return java.util.Optional.empty(); if (endQuote < 0) return java.util.Optional.empty();
return java.util.Optional.of(json.substring(startQuote + 1, endQuote)); return java.util.Optional.of(json.substring(startQuote + 1, endQuote));
} }
// Helper method to record history // Helper method to record history
private void recordSyncHistory(String realmName, String type, String status, int count, LocalDateTime start, private void recordSyncHistory(String realmName, String type, String status, int count, LocalDateTime start,
String errorMessage) { String errorMessage) {
try { try {
SyncHistoryEntity history = new SyncHistoryEntity(); SyncHistoryEntity history = new SyncHistoryEntity();
history.setRealmName(realmName); history.setRealmName(realmName);
history.setSyncType(type); history.setSyncType(type);
history.setStatus(status); history.setStatus(status);
history.setItemsProcessed(count); history.setItemsProcessed(count);
history.setSyncDate(LocalDateTime.now()); history.setSyncDate(LocalDateTime.now());
history.setDurationMs(ChronoUnit.MILLIS.between(start, LocalDateTime.now())); history.setDurationMs(ChronoUnit.MILLIS.between(start, LocalDateTime.now()));
history.setErrorMessage(errorMessage); history.setErrorMessage(errorMessage);
// Persist the history entity // Persist the history entity
syncHistoryRepository.persist(history); syncHistoryRepository.persist(history);
} catch (Exception e) { } catch (Exception e) {
log.error("Failed to record sync history", e); log.error("Failed to record sync history", e);
} }
} }
} }

1770
src/main/java/dev/lions/user/manager/service/impl/UserServiceImpl.java
View File

File diff suppressed because it is too large Load Diff

12
src/main/resources/META-INF/beans.xml
View File

@@ -1,6 +1,6 @@
<?xml version="1.0" encoding="UTF-8"?> <?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="https://jakarta.ee/xml/ns/jakartajsf" <beans xmlns="https://jakarta.ee/xml/ns/jakartajsf"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="https://jakarta.ee/xml/ns/jakartajsf https://jakarta.ee/xml/ns/jakartajsf/beans_3_0.xsd" xsi:schemaLocation="https://jakarta.ee/xml/ns/jakartajsf https://jakarta.ee/xml/ns/jakartajsf/beans_3_0.xsd"
bean-discovery-mode="annotated"> bean-discovery-mode="annotated">
</beans> </beans>

66
src/main/resources/META-INF/reflection-config.json
View File

@@ -1,33 +1,33 @@
[ [
{ {
"name": "dev.lions.user.manager.dto.realm.RealmAssignmentDTO", "name": "dev.lions.user.manager.dto.realm.RealmAssignmentDTO",
"allDeclaredFields": true, "allDeclaredFields": true,
"allDeclaredMethods": true, "allDeclaredMethods": true,
"allDeclaredConstructors": true "allDeclaredConstructors": true
}, },
{ {
"name": "dev.lions.user.manager.dto.role.RoleDTO", "name": "dev.lions.user.manager.dto.role.RoleDTO",
"allDeclaredFields": true, "allDeclaredFields": true,
"allDeclaredMethods": true, "allDeclaredMethods": true,
"allDeclaredConstructors": true "allDeclaredConstructors": true
}, },
{ {
"name": "dev.lions.user.manager.dto.role.RoleDTO$RoleCompositeDTO", "name": "dev.lions.user.manager.dto.role.RoleDTO$RoleCompositeDTO",
"allDeclaredFields": true, "allDeclaredFields": true,
"allDeclaredMethods": true, "allDeclaredMethods": true,
"allDeclaredConstructors": true "allDeclaredConstructors": true
}, },
{ {
"name": "dev.lions.user.manager.dto.user.UserDTO", "name": "dev.lions.user.manager.dto.user.UserDTO",
"allDeclaredFields": true, "allDeclaredFields": true,
"allDeclaredMethods": true, "allDeclaredMethods": true,
"allDeclaredConstructors": true "allDeclaredConstructors": true
}, },
{ {
"name": "dev.lions.user.manager.dto.user.UserSearchResultDTO", "name": "dev.lions.user.manager.dto.user.UserSearchResultDTO",
"allDeclaredFields": true, "allDeclaredFields": true,
"allDeclaredMethods": true, "allDeclaredMethods": true,
"allDeclaredConstructors": true "allDeclaredConstructors": true
} }
] ]

35
src/main/resources/application-dev.properties
View File

@@ -16,24 +16,39 @@ quarkus.http.cors.origins=http://localhost:3000,http://localhost:8080,http://loc
# OIDC Configuration DEV # OIDC Configuration DEV
# ============================================ # ============================================
quarkus.oidc.enabled=true quarkus.oidc.enabled=true
# realm lions-user-manager : cohérent avec le client web ET les appels inter-services
# (unionflow-server doit aussi utiliser lions-user-manager realm pour appeler LUM)
quarkus.oidc.auth-server-url=http://localhost:8180/realms/lions-user-manager quarkus.oidc.auth-server-url=http://localhost:8180/realms/lions-user-manager
quarkus.oidc.client-id=lions-user-manager-server
quarkus.oidc.credentials.secret=${KEYCLOAK_CLIENT_SECRET:V3nP8kRzW5yX2mTqBcE7aJdFuHsL4gYo}
quarkus.oidc.token.issuer=http://localhost:8180/realms/lions-user-manager quarkus.oidc.token.issuer=http://localhost:8180/realms/lions-user-manager
# Audience : les tokens doivent contenir lions-user-manager-server dans le claim aud
quarkus.oidc.token.audience=lions-user-manager-server
quarkus.oidc.tls.verification=none quarkus.oidc.tls.verification=none
# ============================================ # ============================================
# Keycloak Admin Client Configuration DEV # Keycloak Admin Client Configuration DEV
# ============================================ # ============================================
lions.keycloak.server-url=http://localhost:8180 lions.keycloak.server-url=http://localhost:8180
lions.keycloak.admin-username=admin lions.keycloak.admin-username=${KEYCLOAK_ADMIN_USERNAME:admin}
lions.keycloak.admin-password=admin lions.keycloak.admin-password=${KEYCLOAK_ADMIN_PASSWORD:admin}
lions.keycloak.connection-pool-size=5 lions.keycloak.connection-pool-size=5
lions.keycloak.timeout-seconds=30 lions.keycloak.timeout-seconds=30
lions.keycloak.authorized-realms=lions-user-manager,master,btpxpress,test-realm # Realms autorisés — uniquement ceux qui existent localement
# master est exclu par le code (skip explicite), btpxpress/test-realm n'existent pas en dev
lions.keycloak.authorized-realms=unionflow,lions-user-manager
# Clients dont le service account doit recevoir le rôle user_manager au démarrage
lions.keycloak.service-accounts.user-manager-clients=unionflow-server
# Quarkus-managed Keycloak Admin Client DEV # Quarkus-managed Keycloak Admin Client DEV
quarkus.keycloak.admin-client.server-url=${lions.keycloak.server-url} quarkus.keycloak.admin-client.server-url=http://localhost:8180
quarkus.keycloak.admin-client.username=${lions.keycloak.admin-username} quarkus.keycloak.admin-client.realm=master
quarkus.keycloak.admin-client.password=${lions.keycloak.admin-password} quarkus.keycloak.admin-client.client-id=admin-cli
quarkus.keycloak.admin-client.grant-type=PASSWORD
quarkus.keycloak.admin-client.username=${KEYCLOAK_ADMIN_USERNAME:admin}
# Valeur par défaut "admin" pour l'environnement de développement local
quarkus.keycloak.admin-client.password=${KEYCLOAK_ADMIN_PASSWORD:admin}
# ============================================ # ============================================
# Audit Configuration DEV # Audit Configuration DEV
@@ -53,7 +68,7 @@ quarkus.datasource.jdbc.url=jdbc:postgresql://${DB_HOST:localhost}:${DB_PORT:543
# ============================================ # ============================================
# Hibernate ORM Configuration DEV # Hibernate ORM Configuration DEV
# ============================================ # ============================================
quarkus.hibernate-orm.database.generation=update quarkus.hibernate-orm.schema-management.strategy=update
quarkus.hibernate-orm.log.sql=true quarkus.hibernate-orm.log.sql=true
# ============================================ # ============================================
@@ -74,11 +89,11 @@ quarkus.log.category."io.quarkus.oidc.runtime".level=DEBUG
quarkus.log.category."io.quarkus.security".level=DEBUG quarkus.log.category."io.quarkus.security".level=DEBUG
quarkus.log.category."io.quarkus.security.runtime".level=DEBUG quarkus.log.category."io.quarkus.security.runtime".level=DEBUG
quarkus.log.console.enable=true quarkus.log.console.enabled=true
quarkus.log.console.format=%d{HH:mm:ss} %-5p [%c{2.}] (%t) %s%e%n quarkus.log.console.format=%d{HH:mm:ss} %-5p [%c{2.}] (%t) %s%e%n
# File Logging pour Audit DEV # File Logging pour Audit DEV
quarkus.log.file.enable=true quarkus.log.file.enabled=true
quarkus.log.file.path=logs/dev/lions-user-manager.log quarkus.log.file.path=logs/dev/lions-user-manager.log
quarkus.log.file.rotation.max-file-size=10M quarkus.log.file.rotation.max-file-size=10M
quarkus.log.file.rotation.max-backup-index=3 quarkus.log.file.rotation.max-backup-index=3
@@ -87,7 +102,7 @@ quarkus.log.file.rotation.max-backup-index=3
# OpenAPI/Swagger Configuration DEV # OpenAPI/Swagger Configuration DEV
# ============================================ # ============================================
quarkus.swagger-ui.always-include=true quarkus.swagger-ui.always-include=true
quarkus.swagger-ui.enable=true quarkus.swagger-ui.enabled=true
# ============================================ # ============================================
# Dev Services DEV # Dev Services DEV

38
src/main/resources/application-prod.properties
View File

@@ -9,30 +9,47 @@
# HTTP Configuration PROD # HTTP Configuration PROD
# ============================================ # ============================================
quarkus.http.port=8080 quarkus.http.port=8080
# quarkus.http.root-path est une propriete build-time — passee via -Dquarkus.http.root-path dans le Dockerfile
quarkus.http.cors.origins=${CORS_ORIGINS:https://users.lions.dev,https://btpxpress.lions.dev,https://admin.lions.dev} quarkus.http.cors.origins=${CORS_ORIGINS:https://users.lions.dev,https://btpxpress.lions.dev,https://admin.lions.dev}
# Proxy forwarding pour ingress nginx (permet à Quarkus de lire X-Forwarded-* headers)
quarkus.http.proxy.proxy-address-forwarding=true
quarkus.http.proxy.allow-x-forwarded=true
quarkus.http.proxy.enable-forwarded-host=true
quarkus.http.proxy.enable-forwarded-prefix=true
# ============================================ # ============================================
# OIDC Configuration PROD # OIDC Configuration PROD
# ============================================ # ============================================
quarkus.oidc.enabled=true quarkus.oidc.enabled=true
quarkus.oidc.auth-server-url=${KEYCLOAK_AUTH_SERVER_URL:https://security.lions.dev/realms/lions-user-manager} quarkus.oidc.auth-server-url=${KEYCLOAK_AUTH_SERVER_URL:https://security.lions.dev/realms/lions-user-manager}
quarkus.oidc.client-id=${KEYCLOAK_CLIENT_ID:lions-user-manager-server}
quarkus.oidc.credentials.secret=${KEYCLOAK_CLIENT_SECRET:kUIgIVf65f5NfRLRfbtG8jDhMvMpL0m0}
quarkus.oidc.token.issuer=${KEYCLOAK_AUTH_SERVER_URL:https://security.lions.dev/realms/lions-user-manager} quarkus.oidc.token.issuer=${KEYCLOAK_AUTH_SERVER_URL:https://security.lions.dev/realms/lions-user-manager}
# Audience : les tokens doivent contenir lions-user-manager-server dans le claim aud
quarkus.oidc.token.audience=lions-user-manager-server
quarkus.oidc.tls.verification=required quarkus.oidc.tls.verification=required
# ============================================ # ============================================
# Keycloak Admin Client Configuration PROD # Keycloak Admin Client Configuration PROD
# ============================================ # ============================================
lions.keycloak.server-url=${KEYCLOAK_SERVER_URL:https://security.lions.dev} lions.keycloak.server-url=${KEYCLOAK_SERVER_URL:https://security.lions.dev}
lions.keycloak.admin-username=${KEYCLOAK_ADMIN_USERNAME} lions.keycloak.admin-username=${KEYCLOAK_ADMIN_USERNAME:admin}
lions.keycloak.admin-password=${KEYCLOAK_ADMIN_PASSWORD} lions.keycloak.admin-password=${KEYCLOAK_ADMIN_PASSWORD:KeycloakAdmin2025!}
lions.keycloak.connection-pool-size=20 lions.keycloak.connection-pool-size=20
lions.keycloak.timeout-seconds=60 lions.keycloak.timeout-seconds=60
lions.keycloak.authorized-realms=${KEYCLOAK_AUTHORIZED_REALMS:lions-user-manager,btpxpress,master,unionflow} lions.keycloak.authorized-realms=${KEYCLOAK_AUTHORIZED_REALMS:lions-user-manager,btpxpress,master,unionflow}
# En prod, l'auto-setup est désactivé par défaut (géré via LIONS_KEYCLOAK_AUTO_SETUP=true si désiré)
lions.keycloak.auto-setup.enabled=${LIONS_KEYCLOAK_AUTO_SETUP:false}
lions.keycloak.service-accounts.user-manager-clients=${LIONS_SERVICE_ACCOUNTS_USER_MANAGER:}
# Quarkus-managed Keycloak Admin Client PROD # Quarkus-managed Keycloak Admin Client PROD
quarkus.keycloak.admin-client.server-url=${lions.keycloak.server-url} quarkus.keycloak.admin-client.server-url=${KEYCLOAK_SERVER_URL:https://security.lions.dev}
quarkus.keycloak.admin-client.username=${lions.keycloak.admin-username} quarkus.keycloak.admin-client.realm=master
quarkus.keycloak.admin-client.password=${lions.keycloak.admin-password} quarkus.keycloak.admin-client.client-id=admin-cli
quarkus.keycloak.admin-client.grant-type=PASSWORD
quarkus.keycloak.admin-client.username=${KEYCLOAK_ADMIN_USERNAME:admin}
quarkus.keycloak.admin-client.password=${KEYCLOAK_ADMIN_PASSWORD:KeycloakAdmin2025!}
# ============================================ # ============================================
# Retry Configuration PROD # Retry Configuration PROD
@@ -58,7 +75,7 @@ quarkus.datasource.jdbc.url=jdbc:postgresql://${DB_HOST}:${DB_PORT:5432}/${DB_NA
# ============================================ # ============================================
# Hibernate ORM Configuration PROD # Hibernate ORM Configuration PROD
# ============================================ # ============================================
quarkus.hibernate-orm.database.generation=none quarkus.hibernate-orm.schema-management.strategy=none
quarkus.hibernate-orm.log.sql=false quarkus.hibernate-orm.log.sql=false
# ============================================ # ============================================
@@ -74,17 +91,18 @@ quarkus.log.category."dev.lions.user.manager".level=INFO
quarkus.log.category."org.keycloak".level=WARN quarkus.log.category."org.keycloak".level=WARN
quarkus.log.category."io.quarkus".level=INFO quarkus.log.category."io.quarkus".level=INFO
quarkus.log.console.enable=true quarkus.log.console.enabled=true
quarkus.log.console.format=%d{yyyy-MM-dd HH:mm:ss,SSS} %-5p [%c{3.}] (%t) %s%e%n quarkus.log.console.format=%d{yyyy-MM-dd HH:mm:ss,SSS} %-5p [%c{3.}] (%t) %s%e%n
# File Logging désactivé en PROD (logs centralisés via Kubernetes) # File Logging désactivé en PROD (logs centralisés via Kubernetes)
quarkus.log.file.enable=false quarkus.log.file.enabled=false
# ============================================ # ============================================
# OpenAPI/Swagger Configuration PROD # OpenAPI/Swagger Configuration PROD
# ============================================ # ============================================
quarkus.swagger-ui.always-include=false quarkus.swagger-ui.always-include=true
quarkus.swagger-ui.enable=false quarkus.swagger-ui.enabled=true
quarkus.swagger-ui.urls.default=/lions-user-manager/q/openapi
# ============================================ # ============================================
# Performance Tuning PROD # Performance Tuning PROD

12
src/main/resources/application.properties
View File

@@ -15,7 +15,7 @@ quarkus.application.version=1.0.0
# HTTP Configuration (COMMUNE) # HTTP Configuration (COMMUNE)
# ============================================ # ============================================
quarkus.http.host=0.0.0.0 quarkus.http.host=0.0.0.0
quarkus.http.cors=true quarkus.http.cors.enabled=true
quarkus.http.cors.methods=GET,POST,PUT,DELETE,PATCH,OPTIONS quarkus.http.cors.methods=GET,POST,PUT,DELETE,PATCH,OPTIONS
quarkus.http.cors.headers=* quarkus.http.cors.headers=*
@@ -25,13 +25,21 @@ quarkus.http.cors.headers=*
quarkus.oidc.application-type=service quarkus.oidc.application-type=service
quarkus.oidc.discovery-enabled=true quarkus.oidc.discovery-enabled=true
quarkus.oidc.roles.role-claim-path=realm_access/roles quarkus.oidc.roles.role-claim-path=realm_access/roles
quarkus.oidc.token.audience=account # Pas de vérification d'audience stricte (surchargé par application-dev.properties)
# quarkus.oidc.token.audience=account
# ============================================ # ============================================
# Keycloak Admin Client (COMMUNE) # Keycloak Admin Client (COMMUNE)
# ============================================ # ============================================
lions.keycloak.admin-realm=master lions.keycloak.admin-realm=master
lions.keycloak.admin-client-id=admin-cli lions.keycloak.admin-client-id=admin-cli
# Auto-setup des rôles au démarrage (désactiver en prod via env var LIONS_KEYCLOAK_AUTO_SETUP=false)
lions.keycloak.auto-setup.enabled=${LIONS_KEYCLOAK_AUTO_SETUP:true}
# Retry si Keycloak n'est pas prêt au démarrage (race condition docker/k8s)
lions.keycloak.auto-setup.retry-max=${LIONS_KEYCLOAK_SETUP_RETRY_MAX:5}
lions.keycloak.auto-setup.retry-delay-seconds=${LIONS_KEYCLOAK_SETUP_RETRY_DELAY:5}
# Clients dont le service account doit recevoir le rôle user_manager (surchargé par profil)
lions.keycloak.service-accounts.user-manager-clients=${LIONS_SERVICE_ACCOUNTS_USER_MANAGER:}
# Quarkus-managed Keycloak Admin Client (uses Quarkus ObjectMapper with fail-on-unknown-properties=false) # Quarkus-managed Keycloak Admin Client (uses Quarkus ObjectMapper with fail-on-unknown-properties=false)
quarkus.keycloak.admin-client.realm=${lions.keycloak.admin-realm} quarkus.keycloak.admin-client.realm=${lions.keycloak.admin-realm}

350
src/main/resources/db/migration/V1.0.0__Create_audit_logs_table.sql
View File

@@ -1,175 +1,175 @@
-- ============================================================================= -- =============================================================================
-- Migration Flyway V1.0.0 - Création de la table audit_logs -- Migration Flyway V1.0.0 - Création de la table audit_logs
-- ============================================================================= -- =============================================================================
-- Description: Création de la table pour la persistance des logs d'audit -- Description: Création de la table pour la persistance des logs d'audit
-- des actions effectuées sur le système de gestion des utilisateurs -- des actions effectuées sur le système de gestion des utilisateurs
-- --
-- Auteur: Lions Development Team -- Auteur: Lions Development Team
-- Date: 2026-01-02 -- Date: 2026-01-02
-- Version: 1.0.0 -- Version: 1.0.0
-- ============================================================================= -- =============================================================================
-- Création de la table audit_logs -- Création de la table audit_logs
CREATE TABLE IF NOT EXISTS audit_logs ( CREATE TABLE IF NOT EXISTS audit_logs (
-- Clé primaire générée automatiquement -- Clé primaire générée automatiquement
id BIGSERIAL PRIMARY KEY, id BIGSERIAL PRIMARY KEY,
-- Informations sur l'utilisateur concerné -- Informations sur l'utilisateur concerné
user_id VARCHAR(255), user_id VARCHAR(255),
-- Type d'action effectuée -- Type d'action effectuée
action VARCHAR(100) NOT NULL, action VARCHAR(100) NOT NULL,
-- Détails de l'action -- Détails de l'action
details TEXT, details TEXT,
-- Informations sur l'auteur de l'action -- Informations sur l'auteur de l'action
auteur_action VARCHAR(255) NOT NULL, auteur_action VARCHAR(255) NOT NULL,
-- Timestamp de l'action -- Timestamp de l'action
timestamp TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, timestamp TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP,
-- Informations de traçabilité réseau -- Informations de traçabilité réseau
ip_address VARCHAR(45), ip_address VARCHAR(45),
user_agent VARCHAR(500), user_agent VARCHAR(500),
-- Informations multi-tenant -- Informations multi-tenant
realm_name VARCHAR(255), realm_name VARCHAR(255),
-- Statut de l'action -- Statut de l'action
success BOOLEAN NOT NULL DEFAULT TRUE, success BOOLEAN NOT NULL DEFAULT TRUE,
error_message TEXT, error_message TEXT,
-- Métadonnées -- Métadonnées
CONSTRAINT chk_audit_action CHECK (action IN ( CONSTRAINT chk_audit_action CHECK (action IN (
-- Actions utilisateurs -- Actions utilisateurs
'CREATION_UTILISATEUR', 'CREATION_UTILISATEUR',
'MODIFICATION_UTILISATEUR', 'MODIFICATION_UTILISATEUR',
'SUPPRESSION_UTILISATEUR', 'SUPPRESSION_UTILISATEUR',
'ACTIVATION_UTILISATEUR', 'ACTIVATION_UTILISATEUR',
'DESACTIVATION_UTILISATEUR', 'DESACTIVATION_UTILISATEUR',
'VERROUILLAGE_UTILISATEUR', 'VERROUILLAGE_UTILISATEUR',
'DEVERROUILLAGE_UTILISATEUR', 'DEVERROUILLAGE_UTILISATEUR',
-- Actions mot de passe -- Actions mot de passe
'RESET_PASSWORD', 'RESET_PASSWORD',
'CHANGE_PASSWORD', 'CHANGE_PASSWORD',
'FORCE_PASSWORD_RESET', 'FORCE_PASSWORD_RESET',
-- Actions sessions -- Actions sessions
'LOGOUT_UTILISATEUR', 'LOGOUT_UTILISATEUR',
'LOGOUT_ALL_SESSIONS', 'LOGOUT_ALL_SESSIONS',
'SESSION_EXPIREE', 'SESSION_EXPIREE',
-- Actions rôles -- Actions rôles
'ATTRIBUTION_ROLE', 'ATTRIBUTION_ROLE',
'REVOCATION_ROLE', 'REVOCATION_ROLE',
'CREATION_ROLE', 'CREATION_ROLE',
'MODIFICATION_ROLE', 'MODIFICATION_ROLE',
'SUPPRESSION_ROLE', 'SUPPRESSION_ROLE',
-- Actions groupes -- Actions groupes
'AJOUT_GROUPE', 'AJOUT_GROUPE',
'RETRAIT_GROUPE', 'RETRAIT_GROUPE',
-- Actions realms -- Actions realms
'ATTRIBUTION_REALM', 'ATTRIBUTION_REALM',
'REVOCATION_REALM', 'REVOCATION_REALM',
-- Actions synchronisation -- Actions synchronisation
'SYNC_MANUEL', 'SYNC_MANUEL',
'SYNC_AUTO', 'SYNC_AUTO',
'SYNC_ERREUR', 'SYNC_ERREUR',
-- Actions import/export -- Actions import/export
'EXPORT_CSV', 'EXPORT_CSV',
'IMPORT_CSV', 'IMPORT_CSV',
-- Actions système -- Actions système
'CONNEXION_REUSSIE', 'CONNEXION_REUSSIE',
'CONNEXION_ECHOUEE', 'CONNEXION_ECHOUEE',
'TENTATIVE_ACCES_NON_AUTORISE', 'TENTATIVE_ACCES_NON_AUTORISE',
'ERREUR_SYSTEME', 'ERREUR_SYSTEME',
'CONFIGURATION_MODIFIEE' 'CONFIGURATION_MODIFIEE'
)) ))
); );
-- ============================================================================= -- =============================================================================
-- INDEX pour optimiser les requêtes -- INDEX pour optimiser les requêtes
-- ============================================================================= -- =============================================================================
-- Index sur user_id pour recherches rapides par utilisateur -- Index sur user_id pour recherches rapides par utilisateur
CREATE INDEX idx_audit_user_id ON audit_logs(user_id) CREATE INDEX idx_audit_user_id ON audit_logs(user_id)
WHERE user_id IS NOT NULL; WHERE user_id IS NOT NULL;
-- Index sur action pour filtrer par type d'action -- Index sur action pour filtrer par type d'action
CREATE INDEX idx_audit_action ON audit_logs(action); CREATE INDEX idx_audit_action ON audit_logs(action);
-- Index sur timestamp pour recherches chronologiques et tri -- Index sur timestamp pour recherches chronologiques et tri
CREATE INDEX idx_audit_timestamp ON audit_logs(timestamp DESC); CREATE INDEX idx_audit_timestamp ON audit_logs(timestamp DESC);
-- Index sur auteur_action pour tracer les actions d'un administrateur -- Index sur auteur_action pour tracer les actions d'un administrateur
CREATE INDEX idx_audit_auteur ON audit_logs(auteur_action); CREATE INDEX idx_audit_auteur ON audit_logs(auteur_action);
-- Index sur realm_name pour isolation multi-tenant -- Index sur realm_name pour isolation multi-tenant
CREATE INDEX idx_audit_realm ON audit_logs(realm_name) CREATE INDEX idx_audit_realm ON audit_logs(realm_name)
WHERE realm_name IS NOT NULL; WHERE realm_name IS NOT NULL;
-- Index composite pour recherches fréquentes -- Index composite pour recherches fréquentes
CREATE INDEX idx_audit_user_timestamp ON audit_logs(user_id, timestamp DESC) CREATE INDEX idx_audit_user_timestamp ON audit_logs(user_id, timestamp DESC)
WHERE user_id IS NOT NULL; WHERE user_id IS NOT NULL;
-- Index sur success pour identifier rapidement les échecs -- Index sur success pour identifier rapidement les échecs
CREATE INDEX idx_audit_failures ON audit_logs(success, timestamp DESC) CREATE INDEX idx_audit_failures ON audit_logs(success, timestamp DESC)
WHERE success = FALSE; WHERE success = FALSE;
-- ============================================================================= -- =============================================================================
-- COMMENTAIRES sur les colonnes -- COMMENTAIRES sur les colonnes
-- ============================================================================= -- =============================================================================
COMMENT ON TABLE audit_logs IS 'Table de persistance des logs d''audit pour traçabilité complète'; COMMENT ON TABLE audit_logs IS 'Table de persistance des logs d''audit pour traçabilité complète';
COMMENT ON COLUMN audit_logs.id IS 'Identifiant unique auto-incrémenté du log'; COMMENT ON COLUMN audit_logs.id IS 'Identifiant unique auto-incrémenté du log';
COMMENT ON COLUMN audit_logs.user_id IS 'ID de l''utilisateur concerné par l''action (null pour actions système)'; COMMENT ON COLUMN audit_logs.user_id IS 'ID de l''utilisateur concerné par l''action (null pour actions système)';
COMMENT ON COLUMN audit_logs.action IS 'Type d''action effectuée (enum TypeActionAudit)'; COMMENT ON COLUMN audit_logs.action IS 'Type d''action effectuée (enum TypeActionAudit)';
COMMENT ON COLUMN audit_logs.details IS 'Détails complémentaires sur l''action'; COMMENT ON COLUMN audit_logs.details IS 'Détails complémentaires sur l''action';
COMMENT ON COLUMN audit_logs.auteur_action IS 'Identifiant de l''utilisateur ayant effectué l''action'; COMMENT ON COLUMN audit_logs.auteur_action IS 'Identifiant de l''utilisateur ayant effectué l''action';
COMMENT ON COLUMN audit_logs.timestamp IS 'Date et heure précise de l''action'; COMMENT ON COLUMN audit_logs.timestamp IS 'Date et heure précise de l''action';
COMMENT ON COLUMN audit_logs.ip_address IS 'Adresse IP du client ayant effectué l''action'; COMMENT ON COLUMN audit_logs.ip_address IS 'Adresse IP du client ayant effectué l''action';
COMMENT ON COLUMN audit_logs.user_agent IS 'User-Agent du navigateur/client'; COMMENT ON COLUMN audit_logs.user_agent IS 'User-Agent du navigateur/client';
COMMENT ON COLUMN audit_logs.realm_name IS 'Nom du realm Keycloak concerné (multi-tenant)'; COMMENT ON COLUMN audit_logs.realm_name IS 'Nom du realm Keycloak concerné (multi-tenant)';
COMMENT ON COLUMN audit_logs.success IS 'Indique si l''action a réussi (true) ou échoué (false)'; COMMENT ON COLUMN audit_logs.success IS 'Indique si l''action a réussi (true) ou échoué (false)';
COMMENT ON COLUMN audit_logs.error_message IS 'Message d''erreur en cas d''échec (null si success=true)'; COMMENT ON COLUMN audit_logs.error_message IS 'Message d''erreur en cas d''échec (null si success=true)';
-- ============================================================================= -- =============================================================================
-- POLITIQUE DE RÉTENTION (optionnel - à activer selon besoins) -- POLITIQUE DE RÉTENTION (optionnel - à activer selon besoins)
-- ============================================================================= -- =============================================================================
-- Fonction pour nettoyer automatiquement les vieux logs -- Fonction pour nettoyer automatiquement les vieux logs
-- Décommenter et adapter la période de rétention selon les besoins -- Décommenter et adapter la période de rétention selon les besoins
/* /*
CREATE OR REPLACE FUNCTION cleanup_old_audit_logs() RETURNS void AS $$ CREATE OR REPLACE FUNCTION cleanup_old_audit_logs() RETURNS void AS $$
BEGIN BEGIN
-- Supprime les logs de plus de 365 jours (configurable) -- Supprime les logs de plus de 365 jours (configurable)
DELETE FROM audit_logs DELETE FROM audit_logs
WHERE timestamp < CURRENT_TIMESTAMP - INTERVAL '365 days'; WHERE timestamp < CURRENT_TIMESTAMP - INTERVAL '365 days';
RAISE NOTICE 'Logs d''audit plus anciens que 365 jours supprimés'; RAISE NOTICE 'Logs d''audit plus anciens que 365 jours supprimés';
END; END;
$$ LANGUAGE plpgsql; $$ LANGUAGE plpgsql;
-- Créer un job CRON (nécessite extension pg_cron) -- Créer un job CRON (nécessite extension pg_cron)
-- SELECT cron.schedule('cleanup-audit-logs', '0 2 * * 0', 'SELECT cleanup_old_audit_logs()'); -- SELECT cron.schedule('cleanup-audit-logs', '0 2 * * 0', 'SELECT cleanup_old_audit_logs()');
*/ */
-- ============================================================================= -- =============================================================================
-- GRANTS (à adapter selon les rôles de votre base de données) -- GRANTS (à adapter selon les rôles de votre base de données)
-- ============================================================================= -- =============================================================================
-- GRANT SELECT, INSERT ON audit_logs TO lions_app_user; -- GRANT SELECT, INSERT ON audit_logs TO lions_app_user;
-- GRANT USAGE, SELECT ON SEQUENCE audit_logs_id_seq TO lions_app_user; -- GRANT USAGE, SELECT ON SEQUENCE audit_logs_id_seq TO lions_app_user;
-- ============================================================================= -- =============================================================================
-- FIN DE LA MIGRATION -- FIN DE LA MIGRATION
-- ============================================================================= -- =============================================================================

170
src/main/resources/db/migration/V2.0.0__Create_sync_tables.sql
View File

@@ -1,85 +1,85 @@
-- ============================================================================= -- =============================================================================
-- Migration Flyway V2.0.0 - Création des tables de synchronisation Keycloak -- Migration Flyway V2.0.0 - Création des tables de synchronisation Keycloak
-- ============================================================================= -- =============================================================================
-- Description: Tables pour la persistance des snapshots et de l'historique -- Description: Tables pour la persistance des snapshots et de l'historique
-- des synchronisations entre l'application et Keycloak. -- des synchronisations entre l'application et Keycloak.
-- --
-- Entités correspondantes: -- Entités correspondantes:
-- SyncHistoryEntity → sync_history -- SyncHistoryEntity → sync_history
-- SyncedUserEntity → synced_user -- SyncedUserEntity → synced_user
-- SyncedRoleEntity → synced_role -- SyncedRoleEntity → synced_role
-- --
-- Auteur: Lions Development Team -- Auteur: Lions Development Team
-- Date: 2026-02-17 -- Date: 2026-02-17
-- Version: 2.0.0 -- Version: 2.0.0
-- ============================================================================= -- =============================================================================
-- ============================================================================= -- =============================================================================
-- TABLE sync_history : historique des opérations de synchronisation -- TABLE sync_history : historique des opérations de synchronisation
-- ============================================================================= -- =============================================================================
CREATE TABLE IF NOT EXISTS sync_history ( CREATE TABLE IF NOT EXISTS sync_history (
id BIGSERIAL PRIMARY KEY, id BIGSERIAL PRIMARY KEY,
realm_name VARCHAR(255) NOT NULL, realm_name VARCHAR(255) NOT NULL,
sync_date TIMESTAMP NOT NULL, sync_date TIMESTAMP NOT NULL,
sync_type VARCHAR(50) NOT NULL, -- 'USER' ou 'ROLE' sync_type VARCHAR(50) NOT NULL, -- 'USER' ou 'ROLE'
status VARCHAR(50) NOT NULL, -- 'SUCCESS' ou 'FAILURE' status VARCHAR(50) NOT NULL, -- 'SUCCESS' ou 'FAILURE'
items_processed INTEGER, items_processed INTEGER,
duration_ms BIGINT, duration_ms BIGINT,
error_message TEXT error_message TEXT
); );
CREATE INDEX IF NOT EXISTS idx_sync_realm ON sync_history(realm_name); CREATE INDEX IF NOT EXISTS idx_sync_realm ON sync_history(realm_name);
CREATE INDEX IF NOT EXISTS idx_sync_date ON sync_history(sync_date DESC); CREATE INDEX IF NOT EXISTS idx_sync_date ON sync_history(sync_date DESC);
COMMENT ON TABLE sync_history IS 'Historique des synchronisations Keycloak (users et rôles)'; COMMENT ON TABLE sync_history IS 'Historique des synchronisations Keycloak (users et rôles)';
COMMENT ON COLUMN sync_history.sync_type IS 'Type de synchronisation : USER ou ROLE'; COMMENT ON COLUMN sync_history.sync_type IS 'Type de synchronisation : USER ou ROLE';
COMMENT ON COLUMN sync_history.status IS 'Résultat : SUCCESS ou FAILURE'; COMMENT ON COLUMN sync_history.status IS 'Résultat : SUCCESS ou FAILURE';
-- ============================================================================= -- =============================================================================
-- TABLE synced_user : snapshot local des utilisateurs Keycloak synchronisés -- TABLE synced_user : snapshot local des utilisateurs Keycloak synchronisés
-- ============================================================================= -- =============================================================================
CREATE TABLE IF NOT EXISTS synced_user ( CREATE TABLE IF NOT EXISTS synced_user (
id BIGSERIAL PRIMARY KEY, id BIGSERIAL PRIMARY KEY,
realm_name VARCHAR(255) NOT NULL, realm_name VARCHAR(255) NOT NULL,
keycloak_id VARCHAR(255) NOT NULL, keycloak_id VARCHAR(255) NOT NULL,
username VARCHAR(255) NOT NULL, username VARCHAR(255) NOT NULL,
email VARCHAR(255), email VARCHAR(255),
enabled BOOLEAN, enabled BOOLEAN,
email_verified BOOLEAN, email_verified BOOLEAN,
created_at TIMESTAMP, created_at TIMESTAMP,
CONSTRAINT uq_synced_user_realm_kc UNIQUE (realm_name, keycloak_id) CONSTRAINT uq_synced_user_realm_kc UNIQUE (realm_name, keycloak_id)
); );
CREATE INDEX IF NOT EXISTS idx_synced_user_realm CREATE INDEX IF NOT EXISTS idx_synced_user_realm
ON synced_user(realm_name); ON synced_user(realm_name);
CREATE UNIQUE INDEX IF NOT EXISTS idx_synced_user_realm_kc_id CREATE UNIQUE INDEX IF NOT EXISTS idx_synced_user_realm_kc_id
ON synced_user(realm_name, keycloak_id); ON synced_user(realm_name, keycloak_id);
COMMENT ON TABLE synced_user IS 'Snapshot local des utilisateurs Keycloak pour rapports et vérifications'; COMMENT ON TABLE synced_user IS 'Snapshot local des utilisateurs Keycloak pour rapports et vérifications';
COMMENT ON COLUMN synced_user.keycloak_id IS 'UUID Keycloak de l''utilisateur'; COMMENT ON COLUMN synced_user.keycloak_id IS 'UUID Keycloak de l''utilisateur';
-- ============================================================================= -- =============================================================================
-- TABLE synced_role : snapshot local des rôles Keycloak synchronisés -- TABLE synced_role : snapshot local des rôles Keycloak synchronisés
-- ============================================================================= -- =============================================================================
CREATE TABLE IF NOT EXISTS synced_role ( CREATE TABLE IF NOT EXISTS synced_role (
id BIGSERIAL PRIMARY KEY, id BIGSERIAL PRIMARY KEY,
realm_name VARCHAR(255) NOT NULL, realm_name VARCHAR(255) NOT NULL,
role_name VARCHAR(255) NOT NULL, role_name VARCHAR(255) NOT NULL,
description VARCHAR(500), description VARCHAR(500),
CONSTRAINT uq_synced_role_realm_name UNIQUE (realm_name, role_name) CONSTRAINT uq_synced_role_realm_name UNIQUE (realm_name, role_name)
); );
CREATE INDEX IF NOT EXISTS idx_synced_role_realm CREATE INDEX IF NOT EXISTS idx_synced_role_realm
ON synced_role(realm_name); ON synced_role(realm_name);
CREATE UNIQUE INDEX IF NOT EXISTS idx_synced_role_realm_name CREATE UNIQUE INDEX IF NOT EXISTS idx_synced_role_realm_name
ON synced_role(realm_name, role_name); ON synced_role(realm_name, role_name);
COMMENT ON TABLE synced_role IS 'Snapshot local des rôles Keycloak pour rapports et vérifications'; COMMENT ON TABLE synced_role IS 'Snapshot local des rôles Keycloak pour rapports et vérifications';
COMMENT ON COLUMN synced_role.role_name IS 'Nom du rôle realm dans Keycloak'; COMMENT ON COLUMN synced_role.role_name IS 'Nom du rôle realm dans Keycloak';
-- ============================================================================= -- =============================================================================
-- FIN DE LA MIGRATION -- FIN DE LA MIGRATION
-- ============================================================================= -- =============================================================================

428
src/test/java/dev/lions/user/manager/client/KeycloakAdminClientImplCompleteTest.java
View File

@@ -1,163 +1,265 @@
package dev.lions.user.manager.client; package dev.lions.user.manager.client;
import org.junit.jupiter.api.BeforeEach; import com.sun.net.httpserver.HttpServer;
import org.junit.jupiter.api.Test; import org.junit.jupiter.api.AfterEach;
import org.junit.jupiter.api.extension.ExtendWith; import org.junit.jupiter.api.BeforeEach;
import org.keycloak.admin.client.Keycloak; import org.junit.jupiter.api.Test;
import org.keycloak.admin.client.resource.RealmResource; import org.junit.jupiter.api.extension.ExtendWith;
import org.keycloak.admin.client.resource.RolesResource; import org.keycloak.admin.client.Keycloak;
import org.keycloak.admin.client.resource.UsersResource; import org.keycloak.admin.client.resource.RealmResource;
import org.keycloak.admin.client.token.TokenManager; import org.keycloak.admin.client.resource.RolesResource;
import org.keycloak.representations.info.ServerInfoRepresentation; import org.keycloak.admin.client.resource.UsersResource;
import org.keycloak.admin.client.resource.ServerInfoResource; import org.keycloak.admin.client.token.TokenManager;
import org.mockito.InjectMocks; import org.keycloak.representations.info.ServerInfoRepresentation;
import org.mockito.Mock; import org.keycloak.admin.client.resource.ServerInfoResource;
import org.mockito.junit.jupiter.MockitoExtension; import org.mockito.InjectMocks;
import org.mockito.Mock;
import jakarta.ws.rs.NotFoundException; import org.mockito.junit.jupiter.MockitoExtension;
import java.lang.reflect.Field;
import java.util.List; import jakarta.ws.rs.NotFoundException;
import java.lang.reflect.Field;
import static org.junit.jupiter.api.Assertions.*; import java.lang.reflect.Method;
import static org.mockito.Mockito.*; import java.net.InetSocketAddress;
import java.nio.charset.StandardCharsets;
/** import java.util.List;
* Tests complets pour KeycloakAdminClientImpl
*/ import static org.junit.jupiter.api.Assertions.*;
@ExtendWith(MockitoExtension.class) import static org.mockito.Mockito.*;
class KeycloakAdminClientImplCompleteTest {
/**
@Mock * Tests complets pour KeycloakAdminClientImpl
Keycloak mockKeycloak; */
@ExtendWith(MockitoExtension.class)
@InjectMocks class KeycloakAdminClientImplCompleteTest {
KeycloakAdminClientImpl client;
@Mock
private void setField(String fieldName, Object value) throws Exception { Keycloak mockKeycloak;
Field field = KeycloakAdminClientImpl.class.getDeclaredField(fieldName);
field.setAccessible(true); @Mock
field.set(client, value); TokenManager mockTokenManager;
}
@InjectMocks
@BeforeEach KeycloakAdminClientImpl client;
void setUp() throws Exception {
setField("serverUrl", "http://localhost:8180"); private HttpServer localServer;
setField("adminRealm", "master"); private int localPort;
setField("adminClientId", "admin-cli");
setField("adminUsername", "admin"); private void setField(String fieldName, Object value) throws Exception {
} Field field = KeycloakAdminClientImpl.class.getDeclaredField(fieldName);
field.setAccessible(true);
@Test field.set(client, value);
void testGetInstance() { }
Keycloak result = client.getInstance();
assertSame(mockKeycloak, result); @BeforeEach
} void setUp() throws Exception {
setField("serverUrl", "http://localhost:8180");
@Test setField("adminRealm", "master");
void testGetRealm_Success() { setField("adminClientId", "admin-cli");
RealmResource mockRealmResource = mock(RealmResource.class); setField("adminUsername", "admin");
when(mockKeycloak.realm("test-realm")).thenReturn(mockRealmResource); }
RealmResource result = client.getRealm("test-realm"); @AfterEach
assertSame(mockRealmResource, result); void tearDown() {
} if (localServer != null) {
localServer.stop(0);
@Test localServer = null;
void testGetRealm_Exception() { }
when(mockKeycloak.realm("bad-realm")).thenThrow(new RuntimeException("Connection error")); }
assertThrows(RuntimeException.class, () -> client.getRealm("bad-realm")); private int startLocalServer(String path, String responseBody, int statusCode) throws Exception {
} localServer = HttpServer.create(new InetSocketAddress(0), 0);
localServer.createContext(path, exchange -> {
@Test byte[] bytes = responseBody.getBytes(StandardCharsets.UTF_8);
void testGetUsers() { exchange.sendResponseHeaders(statusCode, bytes.length);
RealmResource mockRealmResource = mock(RealmResource.class); exchange.getResponseBody().write(bytes);
UsersResource mockUsersResource = mock(UsersResource.class); exchange.getResponseBody().close();
when(mockKeycloak.realm("test-realm")).thenReturn(mockRealmResource); });
when(mockRealmResource.users()).thenReturn(mockUsersResource); localServer.start();
return localServer.getAddress().getPort();
UsersResource result = client.getUsers("test-realm"); }
assertSame(mockUsersResource, result);
} @Test
void testGetInstance() {
@Test Keycloak result = client.getInstance();
void testGetRoles() { assertSame(mockKeycloak, result);
RealmResource mockRealmResource = mock(RealmResource.class); }
RolesResource mockRolesResource = mock(RolesResource.class);
when(mockKeycloak.realm("test-realm")).thenReturn(mockRealmResource); @Test
when(mockRealmResource.roles()).thenReturn(mockRolesResource); void testGetRealm_Success() {
RealmResource mockRealmResource = mock(RealmResource.class);
RolesResource result = client.getRoles("test-realm"); when(mockKeycloak.realm("test-realm")).thenReturn(mockRealmResource);
assertSame(mockRolesResource, result);
} RealmResource result = client.getRealm("test-realm");
assertSame(mockRealmResource, result);
@Test }
void testIsConnected_True() {
ServerInfoResource mockServerInfoResource = mock(ServerInfoResource.class); @Test
when(mockKeycloak.serverInfo()).thenReturn(mockServerInfoResource); void testGetRealm_Exception() {
when(mockServerInfoResource.getInfo()).thenReturn(mock(ServerInfoRepresentation.class)); when(mockKeycloak.realm("bad-realm")).thenThrow(new RuntimeException("Connection error"));
assertTrue(client.isConnected()); assertThrows(RuntimeException.class, () -> client.getRealm("bad-realm"));
} }
@Test @Test
void testIsConnected_False() { void testGetUsers() {
when(mockKeycloak.serverInfo()).thenThrow(new RuntimeException("Connection refused")); RealmResource mockRealmResource = mock(RealmResource.class);
UsersResource mockUsersResource = mock(UsersResource.class);
assertFalse(client.isConnected()); when(mockKeycloak.realm("test-realm")).thenReturn(mockRealmResource);
} when(mockRealmResource.users()).thenReturn(mockUsersResource);
@Test UsersResource result = client.getUsers("test-realm");
void testRealmExists_True() { assertSame(mockUsersResource, result);
RealmResource mockRealmResource = mock(RealmResource.class); }
RolesResource mockRolesResource = mock(RolesResource.class);
when(mockKeycloak.realm("test-realm")).thenReturn(mockRealmResource); @Test
when(mockRealmResource.roles()).thenReturn(mockRolesResource); void testGetRoles() {
when(mockRolesResource.list()).thenReturn(List.of()); RealmResource mockRealmResource = mock(RealmResource.class);
RolesResource mockRolesResource = mock(RolesResource.class);
assertTrue(client.realmExists("test-realm")); when(mockKeycloak.realm("test-realm")).thenReturn(mockRealmResource);
} when(mockRealmResource.roles()).thenReturn(mockRolesResource);
@Test RolesResource result = client.getRoles("test-realm");
void testRealmExists_NotFound() { assertSame(mockRolesResource, result);
RealmResource mockRealmResource = mock(RealmResource.class); }
RolesResource mockRolesResource = mock(RolesResource.class);
when(mockKeycloak.realm("missing")).thenReturn(mockRealmResource); @Test
when(mockRealmResource.roles()).thenReturn(mockRolesResource); void testIsConnected_True() {
when(mockRolesResource.list()).thenThrow(new NotFoundException("Not found")); when(mockKeycloak.tokenManager()).thenReturn(mockTokenManager);
when(mockTokenManager.getAccessTokenString()).thenReturn("fake-token");
assertFalse(client.realmExists("missing"));
} assertTrue(client.isConnected());
}
@Test
void testRealmExists_OtherException() { @Test
when(mockKeycloak.realm("error-realm")).thenThrow(new RuntimeException("Other error")); void testIsConnected_False() {
when(mockKeycloak.tokenManager()).thenThrow(new RuntimeException("Connection refused"));
assertTrue(client.realmExists("error-realm"));
} assertFalse(client.isConnected());
}
@Test
void testGetAllRealms_TokenError() { @Test
// When token retrieval fails, getAllRealms should throw void testRealmExists_True() {
when(mockKeycloak.tokenManager()).thenThrow(new RuntimeException("Token error")); RealmResource mockRealmResource = mock(RealmResource.class);
RolesResource mockRolesResource = mock(RolesResource.class);
assertThrows(RuntimeException.class, () -> client.getAllRealms()); when(mockKeycloak.realm("test-realm")).thenReturn(mockRealmResource);
} when(mockRealmResource.roles()).thenReturn(mockRolesResource);
when(mockRolesResource.list()).thenReturn(List.of());
@Test
void testGetAllRealms_NullTokenManager() { assertTrue(client.realmExists("test-realm"));
when(mockKeycloak.tokenManager()).thenReturn(null); }
assertThrows(RuntimeException.class, () -> client.getAllRealms()); @Test
} void testRealmExists_NotFound() {
RealmResource mockRealmResource = mock(RealmResource.class);
@Test RolesResource mockRolesResource = mock(RolesResource.class);
void testClose() { when(mockKeycloak.realm("missing")).thenReturn(mockRealmResource);
assertDoesNotThrow(() -> client.close()); when(mockRealmResource.roles()).thenReturn(mockRolesResource);
} when(mockRolesResource.list()).thenThrow(new NotFoundException("Not found"));
@Test assertFalse(client.realmExists("missing"));
void testReconnect() { }
assertDoesNotThrow(() -> client.reconnect());
} @Test
} void testRealmExists_OtherException() {
when(mockKeycloak.realm("error-realm")).thenThrow(new RuntimeException("Other error"));
assertTrue(client.realmExists("error-realm"));
}
@Test
void testGetAllRealms_TokenError() {
// When token retrieval fails, getAllRealms should throw
when(mockKeycloak.tokenManager()).thenThrow(new RuntimeException("Token error"));
assertThrows(RuntimeException.class, () -> client.getAllRealms());
}
@Test
void testGetAllRealms_NullTokenManager() {
when(mockKeycloak.tokenManager()).thenReturn(null);
assertThrows(RuntimeException.class, () -> client.getAllRealms());
}
@Test
void testClose() {
assertDoesNotThrow(() -> client.close());
}
@Test
void testReconnect() {
assertDoesNotThrow(() -> client.reconnect());
}
@Test
void testInit() throws Exception {
// init() est appelé @PostConstruct — l'appeler via réflexion pour couvrir la méthode
Method initMethod = KeycloakAdminClientImpl.class.getDeclaredMethod("init");
initMethod.setAccessible(true);
assertDoesNotThrow(() -> initMethod.invoke(client));
}
@Test
void testGetAllRealms_Success() throws Exception {
// Démarrer un serveur HTTP local qui retourne une liste de realms JSON
String realmsJson = "[{\"realm\":\"master\",\"id\":\"1\"},{\"realm\":\"lions\",\"id\":\"2\"}]";
localPort = startLocalServer("/admin/realms", realmsJson, 200);
setField("serverUrl", "http://localhost:" + localPort);
when(mockKeycloak.tokenManager()).thenReturn(mockTokenManager);
when(mockTokenManager.getAccessTokenString()).thenReturn("fake-token");
List<String> realms = client.getAllRealms();
assertNotNull(realms);
assertEquals(2, realms.size());
assertTrue(realms.contains("master"));
assertTrue(realms.contains("lions"));
}
@Test
void testGetAllRealms_NonOkResponse() throws Exception {
localPort = startLocalServer("/admin/realms", "Forbidden", 403);
setField("serverUrl", "http://localhost:" + localPort);
when(mockKeycloak.tokenManager()).thenReturn(mockTokenManager);
when(mockTokenManager.getAccessTokenString()).thenReturn("fake-token");
assertThrows(RuntimeException.class, () -> client.getAllRealms());
}
@Test
void testGetRealmClients_Success() throws Exception {
String clientsJson = "[{\"clientId\":\"admin-cli\",\"id\":\"1\"},{\"clientId\":\"account\",\"id\":\"2\"}]";
localPort = startLocalServer("/admin/realms/master/clients", clientsJson, 200);
setField("serverUrl", "http://localhost:" + localPort);
when(mockKeycloak.tokenManager()).thenReturn(mockTokenManager);
when(mockTokenManager.getAccessTokenString()).thenReturn("fake-token");
List<String> clients = client.getRealmClients("master");
assertNotNull(clients);
assertEquals(2, clients.size());
assertTrue(clients.contains("admin-cli"));
assertTrue(clients.contains("account"));
}
@Test
void testGetRealmClients_NonOkResponse() throws Exception {
localPort = startLocalServer("/admin/realms/bad/clients", "Not Found", 404);
setField("serverUrl", "http://localhost:" + localPort);
when(mockKeycloak.tokenManager()).thenReturn(mockTokenManager);
when(mockTokenManager.getAccessTokenString()).thenReturn("fake-token");
assertThrows(RuntimeException.class, () -> client.getRealmClients("bad"));
}
@Test
void testGetRealmClients_TokenError() {
when(mockKeycloak.tokenManager()).thenThrow(new RuntimeException("Token error"));
assertThrows(RuntimeException.class, () -> client.getRealmClients("master"));
}
}

312
src/test/java/dev/lions/user/manager/client/KeycloakAdminClientImplTest.java
View File

@@ -1,154 +1,158 @@
package dev.lions.user.manager.client; package dev.lions.user.manager.client;
import org.junit.jupiter.api.BeforeEach; import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test; import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.extension.ExtendWith; import org.junit.jupiter.api.extension.ExtendWith;
import org.keycloak.admin.client.Keycloak; import org.keycloak.admin.client.Keycloak;
import org.keycloak.admin.client.resource.RealmResource; import org.keycloak.admin.client.resource.RealmResource;
import org.keycloak.admin.client.resource.RolesResource; import org.keycloak.admin.client.resource.RolesResource;
import org.keycloak.admin.client.resource.ServerInfoResource; import org.keycloak.admin.client.resource.ServerInfoResource;
import org.keycloak.admin.client.resource.UsersResource; import org.keycloak.admin.client.resource.UsersResource;
import org.keycloak.representations.info.ServerInfoRepresentation; import org.keycloak.admin.client.token.TokenManager;
import org.mockito.InjectMocks; import org.keycloak.representations.info.ServerInfoRepresentation;
import org.mockito.Mock; import org.mockito.InjectMocks;
import org.mockito.junit.jupiter.MockitoExtension; import org.mockito.Mock;
import org.mockito.junit.jupiter.MockitoExtension;
import jakarta.ws.rs.NotFoundException;
import java.lang.reflect.Field; import jakarta.ws.rs.NotFoundException;
import java.lang.reflect.Field;
import static org.junit.jupiter.api.Assertions.*;
import static org.mockito.Mockito.*; import static org.junit.jupiter.api.Assertions.*;
import static org.mockito.Mockito.*;
@ExtendWith(MockitoExtension.class)
class KeycloakAdminClientImplTest { @ExtendWith(MockitoExtension.class)
class KeycloakAdminClientImplTest {
@InjectMocks
KeycloakAdminClientImpl client; @InjectMocks
KeycloakAdminClientImpl client;
@Mock
Keycloak keycloak; @Mock
Keycloak keycloak;
@Mock
RealmResource realmResource; @Mock
RealmResource realmResource;
@Mock
UsersResource usersResource; @Mock
UsersResource usersResource;
@Mock
RolesResource rolesResource; @Mock
RolesResource rolesResource;
@Mock
ServerInfoResource serverInfoResource; @Mock
ServerInfoResource serverInfoResource;
private void setField(Object target, String fieldName, Object value) throws Exception {
Field field = target.getClass().getDeclaredField(fieldName); @Mock
field.setAccessible(true); TokenManager tokenManager;
field.set(target, value);
} private void setField(Object target, String fieldName, Object value) throws Exception {
Field field = target.getClass().getDeclaredField(fieldName);
@BeforeEach field.setAccessible(true);
void setUp() throws Exception { field.set(target, value);
setField(client, "serverUrl", "http://localhost:8180"); }
setField(client, "adminRealm", "master");
setField(client, "adminClientId", "admin-cli"); @BeforeEach
setField(client, "adminUsername", "admin"); void setUp() throws Exception {
} setField(client, "serverUrl", "http://localhost:8180");
setField(client, "adminRealm", "master");
@Test setField(client, "adminClientId", "admin-cli");
void testGetInstance() { setField(client, "adminUsername", "admin");
Keycloak result = client.getInstance(); }
assertNotNull(result);
assertEquals(keycloak, result); @Test
} void testGetInstance() {
Keycloak result = client.getInstance();
@Test assertNotNull(result);
void testGetRealm() { assertEquals(keycloak, result);
when(keycloak.realm("test-realm")).thenReturn(realmResource); }
RealmResource result = client.getRealm("test-realm"); @Test
void testGetRealm() {
assertNotNull(result); when(keycloak.realm("test-realm")).thenReturn(realmResource);
assertEquals(realmResource, result);
} RealmResource result = client.getRealm("test-realm");
@Test assertNotNull(result);
void testGetRealmThrowsException() { assertEquals(realmResource, result);
when(keycloak.realm("bad-realm")).thenThrow(new RuntimeException("Connection failed")); }
assertThrows(RuntimeException.class, () -> client.getRealm("bad-realm")); @Test
} void testGetRealmThrowsException() {
when(keycloak.realm("bad-realm")).thenThrow(new RuntimeException("Connection failed"));
@Test
void testGetUsers() { assertThrows(RuntimeException.class, () -> client.getRealm("bad-realm"));
when(keycloak.realm("test-realm")).thenReturn(realmResource); }
when(realmResource.users()).thenReturn(usersResource);
@Test
UsersResource result = client.getUsers("test-realm"); void testGetUsers() {
when(keycloak.realm("test-realm")).thenReturn(realmResource);
assertNotNull(result); when(realmResource.users()).thenReturn(usersResource);
assertEquals(usersResource, result);
} UsersResource result = client.getUsers("test-realm");
@Test assertNotNull(result);
void testGetRoles() { assertEquals(usersResource, result);
when(keycloak.realm("test-realm")).thenReturn(realmResource); }
when(realmResource.roles()).thenReturn(rolesResource);
@Test
RolesResource result = client.getRoles("test-realm"); void testGetRoles() {
when(keycloak.realm("test-realm")).thenReturn(realmResource);
assertNotNull(result); when(realmResource.roles()).thenReturn(rolesResource);
assertEquals(rolesResource, result);
} RolesResource result = client.getRoles("test-realm");
@Test assertNotNull(result);
void testIsConnected_true() { assertEquals(rolesResource, result);
when(keycloak.serverInfo()).thenReturn(serverInfoResource); }
when(serverInfoResource.getInfo()).thenReturn(new ServerInfoRepresentation());
@Test
assertTrue(client.isConnected()); void testIsConnected_true() {
} when(keycloak.tokenManager()).thenReturn(tokenManager);
when(tokenManager.getAccessTokenString()).thenReturn("fake-token");
@Test
void testIsConnected_false_exception() { assertTrue(client.isConnected());
when(keycloak.serverInfo()).thenThrow(new RuntimeException("Connection refused")); }
assertFalse(client.isConnected()); @Test
} void testIsConnected_false_exception() {
when(keycloak.tokenManager()).thenThrow(new RuntimeException("Connection refused"));
@Test
void testRealmExists_true() { assertFalse(client.isConnected());
when(keycloak.realm("test-realm")).thenReturn(realmResource); }
when(realmResource.roles()).thenReturn(rolesResource);
when(rolesResource.list()).thenReturn(java.util.Collections.emptyList()); @Test
void testRealmExists_true() {
assertTrue(client.realmExists("test-realm")); when(keycloak.realm("test-realm")).thenReturn(realmResource);
} when(realmResource.roles()).thenReturn(rolesResource);
when(rolesResource.list()).thenReturn(java.util.Collections.emptyList());
@Test
void testRealmExists_notFound() { assertTrue(client.realmExists("test-realm"));
when(keycloak.realm("missing-realm")).thenReturn(realmResource); }
when(realmResource.roles()).thenReturn(rolesResource);
when(rolesResource.list()).thenThrow(new NotFoundException("Realm not found")); @Test
void testRealmExists_notFound() {
assertFalse(client.realmExists("missing-realm")); when(keycloak.realm("missing-realm")).thenReturn(realmResource);
} when(realmResource.roles()).thenReturn(rolesResource);
when(rolesResource.list()).thenThrow(new NotFoundException("Realm not found"));
@Test
void testRealmExists_otherException() { assertFalse(client.realmExists("missing-realm"));
when(keycloak.realm("problem-realm")).thenReturn(realmResource); }
when(realmResource.roles()).thenReturn(rolesResource);
when(rolesResource.list()).thenThrow(new RuntimeException("Some other error")); @Test
void testRealmExists_otherException() {
assertTrue(client.realmExists("problem-realm")); when(keycloak.realm("problem-realm")).thenReturn(realmResource);
} when(realmResource.roles()).thenReturn(rolesResource);
when(rolesResource.list()).thenThrow(new RuntimeException("Some other error"));
@Test
void testClose() { assertTrue(client.realmExists("problem-realm"));
assertDoesNotThrow(() -> client.close()); }
}
@Test
@Test void testClose() {
void testReconnect() { assertDoesNotThrow(() -> client.close());
assertDoesNotThrow(() -> client.reconnect()); }
}
} @Test
void testReconnect() {
assertDoesNotThrow(() -> client.reconnect());
}
}

106
src/test/java/dev/lions/user/manager/config/JacksonConfigTest.java Normal file
View File

@@ -0,0 +1,106 @@
package dev.lions.user.manager.config;
import com.fasterxml.jackson.databind.DeserializationFeature;
import com.fasterxml.jackson.databind.ObjectMapper;
import org.junit.jupiter.api.Test;
import static org.junit.jupiter.api.Assertions.*;
/**
* Tests pour JacksonConfig et KeycloakJacksonCustomizer.
*/
class JacksonConfigTest {
@Test
void testJacksonConfig_DisablesFailOnUnknownProperties() {
JacksonConfig config = new JacksonConfig();
ObjectMapper mapper = new ObjectMapper();
// Avant : comportement par défaut (fail = true)
assertTrue(mapper.isEnabled(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES));
config.customize(mapper);
// Après : doit être désactivé
assertFalse(mapper.isEnabled(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES));
}
@Test
void testJacksonConfig_CustomizeCalledMultipleTimes() {
JacksonConfig config = new JacksonConfig();
ObjectMapper mapper = new ObjectMapper();
config.customize(mapper);
config.customize(mapper); // idempotent
assertFalse(mapper.isEnabled(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES));
}
@Test
void testKeycloakJacksonCustomizer_AddsMixins() {
KeycloakJacksonCustomizer customizer = new KeycloakJacksonCustomizer();
ObjectMapper mapper = new ObjectMapper();
customizer.customize(mapper);
// Vérifie que des mix-ins ont été ajoutés pour les classes Keycloak
assertNotNull(mapper.findMixInClassFor(org.keycloak.representations.idm.RealmRepresentation.class));
assertNotNull(mapper.findMixInClassFor(org.keycloak.representations.idm.UserRepresentation.class));
assertNotNull(mapper.findMixInClassFor(org.keycloak.representations.idm.RoleRepresentation.class));
}
@Test
void testKeycloakJacksonCustomizer_MixinIgnoresUnknownProperties() throws Exception {
KeycloakJacksonCustomizer customizer = new KeycloakJacksonCustomizer();
ObjectMapper mapper = new ObjectMapper();
customizer.customize(mapper);
// Le mix-in doit permettre la désérialisation avec des champs inconnus
String jsonWithUnknownField = "{\"id\":\"test\",\"unknownField\":\"value\",\"realm\":\"test\"}";
// Ne doit pas lancer d'exception
assertDoesNotThrow(() ->
mapper.readValue(jsonWithUnknownField, org.keycloak.representations.idm.RealmRepresentation.class)
);
}
@Test
void testKeycloakJacksonCustomizer_UserRepresentation_WithUnknownField() throws Exception {
KeycloakJacksonCustomizer customizer = new KeycloakJacksonCustomizer();
ObjectMapper mapper = new ObjectMapper();
customizer.customize(mapper);
String json = "{\"id\":\"user-1\",\"username\":\"test\",\"bruteForceStatus\":\"someValue\"}";
assertDoesNotThrow(() ->
mapper.readValue(json, org.keycloak.representations.idm.UserRepresentation.class)
);
}
/**
* Couvre KeycloakJacksonCustomizer.java L31 :
* le constructeur par défaut de la classe abstraite imbriquée IgnoreUnknownMixin.
* JaCoCo instrumente le constructeur par défaut implicite des classes abstraites ;
* instancier une sous-classe concrète anonyme déclenche l'appel à ce constructeur.
*/
@Test
void testIgnoreUnknownMixin_ConstructorIsCovered() throws Exception {
// Récupérer la classe interne via reflection
Class<?> mixinClass = Class.forName(
"dev.lions.user.manager.config.KeycloakJacksonCustomizer$IgnoreUnknownMixin");
// Créer une sous-classe concrète via un proxy ByteBuddy n'est pas disponible ici ;
// on utilise javassist/objenesis ou simplement ProxyFactory de Mockito.
// La façon la plus simple : utiliser Mockito pour créer un mock de la classe abstraite.
Object instance = org.mockito.Mockito.mock(mixinClass);
assertNotNull(instance);
}
/**
* Couvre L31 via instanciation directe d'une sous-classe anonyme (même package).
* La sous-classe anonyme appelle super() → constructeur implicite de IgnoreUnknownMixin.
*/
@Test
void testIgnoreUnknownMixin_AnonymousSubclass_CoversL31() {
KeycloakJacksonCustomizer.IgnoreUnknownMixin mixin = new KeycloakJacksonCustomizer.IgnoreUnknownMixin() {};
assertNotNull(mixin);
}
}

778
src/test/java/dev/lions/user/manager/config/KeycloakTestUserConfigCompleteTest.java
View File

@@ -1,356 +1,422 @@
package dev.lions.user.manager.config; package dev.lions.user.manager.config;
import io.quarkus.runtime.StartupEvent; import io.quarkus.runtime.StartupEvent;
import jakarta.ws.rs.NotFoundException; import jakarta.ws.rs.NotFoundException;
import jakarta.ws.rs.core.Response; import jakarta.ws.rs.core.Response;
import org.junit.jupiter.api.BeforeEach; import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test; import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.extension.ExtendWith; import org.junit.jupiter.api.extension.ExtendWith;
import org.keycloak.admin.client.Keycloak; import org.keycloak.admin.client.Keycloak;
import org.keycloak.admin.client.KeycloakBuilder; import org.keycloak.admin.client.KeycloakBuilder;
import org.keycloak.admin.client.resource.*; import org.keycloak.admin.client.resource.*;
import org.keycloak.representations.idm.*; import org.keycloak.representations.idm.*;
import org.mockito.MockedStatic; import org.mockito.MockedStatic;
import org.mockito.junit.jupiter.MockitoExtension; import org.mockito.junit.jupiter.MockitoExtension;
import java.lang.reflect.Method; import java.lang.reflect.Method;
import java.net.URI; import java.net.URI;
import java.util.ArrayList; import java.util.ArrayList;
import java.util.Arrays; import java.util.Arrays;
import java.util.Collections; import java.util.Collections;
import java.util.List; import java.util.List;
import static org.junit.jupiter.api.Assertions.*; import static org.junit.jupiter.api.Assertions.*;
import static org.mockito.ArgumentMatchers.*; import static org.mockito.ArgumentMatchers.*;
import static org.mockito.Mockito.*; import static org.mockito.Mockito.*;
/** /**
* Tests complets pour KeycloakTestUserConfig pour atteindre 100% de couverture * Tests complets pour KeycloakTestUserConfig pour atteindre 100% de couverture
* Teste toutes les méthodes privées via la méthode publique onStart * Teste toutes les méthodes privées via la méthode publique onStart
*/ */
@ExtendWith(MockitoExtension.class) @ExtendWith(MockitoExtension.class)
class KeycloakTestUserConfigCompleteTest { class KeycloakTestUserConfigCompleteTest {
private KeycloakTestUserConfig config; private KeycloakTestUserConfig config;
private Keycloak adminClient; private Keycloak adminClient;
private RealmsResource realmsResource; private RealmsResource realmsResource;
private RealmResource realmResource; private RealmResource realmResource;
private RolesResource rolesResource; private RolesResource rolesResource;
private RoleResource roleResource; private RoleResource roleResource;
private UsersResource usersResource; private UsersResource usersResource;
private UserResource userResource; private UserResource userResource;
private ClientsResource clientsResource; private ClientsResource clientsResource;
private ClientResource clientResource; private ClientResource clientResource;
private ClientScopesResource clientScopesResource; private ClientScopesResource clientScopesResource;
private ClientScopeResource clientScopeResource; private ClientScopeResource clientScopeResource;
@BeforeEach @BeforeEach
void setUp() throws Exception { void setUp() throws Exception {
config = new KeycloakTestUserConfig(); config = new KeycloakTestUserConfig();
// Injecter les valeurs via reflection // Injecter les valeurs via reflection
setField("profile", "dev"); setField("profile", "dev");
setField("keycloakServerUrl", "http://localhost:8080"); setField("keycloakServerUrl", "http://localhost:8080");
setField("adminRealm", "master"); setField("adminRealm", "master");
setField("adminUsername", "admin"); setField("adminUsername", "admin");
setField("adminPassword", "admin"); setField("adminPassword", "admin");
setField("authorizedRealms", "lions-user-manager"); setField("authorizedRealms", "lions-user-manager");
// Mocks pour Keycloak // Mocks pour Keycloak
adminClient = mock(Keycloak.class); adminClient = mock(Keycloak.class);
realmsResource = mock(RealmsResource.class); realmsResource = mock(RealmsResource.class);
realmResource = mock(RealmResource.class); realmResource = mock(RealmResource.class);
rolesResource = mock(RolesResource.class); rolesResource = mock(RolesResource.class);
roleResource = mock(RoleResource.class); roleResource = mock(RoleResource.class);
usersResource = mock(UsersResource.class); usersResource = mock(UsersResource.class);
userResource = mock(UserResource.class); userResource = mock(UserResource.class);
clientsResource = mock(ClientsResource.class); clientsResource = mock(ClientsResource.class);
clientResource = mock(ClientResource.class); clientResource = mock(ClientResource.class);
clientScopesResource = mock(ClientScopesResource.class); clientScopesResource = mock(ClientScopesResource.class);
clientScopeResource = mock(ClientScopeResource.class); clientScopeResource = mock(ClientScopeResource.class);
} }
private void setField(String fieldName, Object value) throws Exception { private void setField(String fieldName, Object value) throws Exception {
java.lang.reflect.Field field = KeycloakTestUserConfig.class.getDeclaredField(fieldName); java.lang.reflect.Field field = KeycloakTestUserConfig.class.getDeclaredField(fieldName);
field.setAccessible(true); field.setAccessible(true);
field.set(config, value); field.set(config, value);
} }
@Test @Test
void testOnStart_DevMode() { void testOnStart_DevMode() {
// Le code est désactivé, donc onStart devrait juste logger et retourner // Le code est désactivé, donc onStart devrait juste logger et retourner
StartupEvent event = mock(StartupEvent.class); StartupEvent event = mock(StartupEvent.class);
// Ne devrait pas lancer d'exception // Ne devrait pas lancer d'exception
assertDoesNotThrow(() -> config.onStart(event)); assertDoesNotThrow(() -> config.onStart(event));
} }
@Test @Test
void testEnsureRealmExists_RealmExists() throws Exception { void testEnsureRealmExists_RealmExists() throws Exception {
when(adminClient.realms()).thenReturn(realmsResource); when(adminClient.realms()).thenReturn(realmsResource);
when(realmsResource.realm("lions-user-manager")).thenReturn(realmResource); when(realmsResource.realm("lions-user-manager")).thenReturn(realmResource);
when(realmResource.toRepresentation()).thenReturn(new RealmRepresentation()); when(realmResource.toRepresentation()).thenReturn(new RealmRepresentation());
Method method = KeycloakTestUserConfig.class.getDeclaredMethod("ensureRealmExists", Keycloak.class); Method method = KeycloakTestUserConfig.class.getDeclaredMethod("ensureRealmExists", Keycloak.class);
method.setAccessible(true); method.setAccessible(true);
assertDoesNotThrow(() -> method.invoke(config, adminClient)); assertDoesNotThrow(() -> method.invoke(config, adminClient));
verify(realmResource).toRepresentation(); verify(realmResource).toRepresentation();
} }
@Test @Test
void testEnsureRealmExists_RealmNotFound() throws Exception { void testEnsureRealmExists_RealmNotFound() throws Exception {
when(adminClient.realms()).thenReturn(realmsResource); when(adminClient.realms()).thenReturn(realmsResource);
when(realmsResource.realm("lions-user-manager")).thenReturn(realmResource); when(realmsResource.realm("lions-user-manager")).thenReturn(realmResource);
when(realmResource.toRepresentation()).thenThrow(new NotFoundException()); when(realmResource.toRepresentation()).thenThrow(new NotFoundException());
doNothing().when(realmsResource).create(any(RealmRepresentation.class)); doNothing().when(realmsResource).create(any(RealmRepresentation.class));
Method method = KeycloakTestUserConfig.class.getDeclaredMethod("ensureRealmExists", Keycloak.class); Method method = KeycloakTestUserConfig.class.getDeclaredMethod("ensureRealmExists", Keycloak.class);
method.setAccessible(true); method.setAccessible(true);
assertDoesNotThrow(() -> method.invoke(config, adminClient)); assertDoesNotThrow(() -> method.invoke(config, adminClient));
verify(realmResource).toRepresentation(); verify(realmResource).toRepresentation();
} }
@Test @Test
void testEnsureRolesExist_AllRolesExist() throws Exception { void testEnsureRolesExist_AllRolesExist() throws Exception {
when(adminClient.realms()).thenReturn(realmsResource); when(adminClient.realms()).thenReturn(realmsResource);
when(realmsResource.realm("lions-user-manager")).thenReturn(realmResource); when(realmsResource.realm("lions-user-manager")).thenReturn(realmResource);
when(realmResource.roles()).thenReturn(rolesResource); when(realmResource.roles()).thenReturn(rolesResource);
when(rolesResource.get(anyString())).thenReturn(roleResource); when(rolesResource.get(anyString())).thenReturn(roleResource);
when(roleResource.toRepresentation()).thenReturn(new RoleRepresentation()); when(roleResource.toRepresentation()).thenReturn(new RoleRepresentation());
Method method = KeycloakTestUserConfig.class.getDeclaredMethod("ensureRolesExist", Keycloak.class); Method method = KeycloakTestUserConfig.class.getDeclaredMethod("ensureRolesExist", Keycloak.class);
method.setAccessible(true); method.setAccessible(true);
assertDoesNotThrow(() -> method.invoke(config, adminClient)); assertDoesNotThrow(() -> method.invoke(config, adminClient));
} }
@Test @Test
void testEnsureRolesExist_RoleNotFound() throws Exception { void testEnsureRolesExist_RoleNotFound() throws Exception {
when(adminClient.realms()).thenReturn(realmsResource); when(adminClient.realms()).thenReturn(realmsResource);
when(realmsResource.realm("lions-user-manager")).thenReturn(realmResource); when(realmsResource.realm("lions-user-manager")).thenReturn(realmResource);
when(realmResource.roles()).thenReturn(rolesResource); when(realmResource.roles()).thenReturn(rolesResource);
when(rolesResource.get(anyString())).thenReturn(roleResource); when(rolesResource.get(anyString())).thenReturn(roleResource);
when(roleResource.toRepresentation()) when(roleResource.toRepresentation())
.thenThrow(new NotFoundException()) .thenThrow(new NotFoundException())
.thenReturn(new RoleRepresentation()); .thenReturn(new RoleRepresentation());
doNothing().when(rolesResource).create(any(RoleRepresentation.class)); doNothing().when(rolesResource).create(any(RoleRepresentation.class));
Method method = KeycloakTestUserConfig.class.getDeclaredMethod("ensureRolesExist", Keycloak.class); Method method = KeycloakTestUserConfig.class.getDeclaredMethod("ensureRolesExist", Keycloak.class);
method.setAccessible(true); method.setAccessible(true);
assertDoesNotThrow(() -> method.invoke(config, adminClient)); assertDoesNotThrow(() -> method.invoke(config, adminClient));
} }
@Test @Test
void testEnsureTestUserExists_UserExists() throws Exception { void testEnsureTestUserExists_UserExists() throws Exception {
when(adminClient.realms()).thenReturn(realmsResource); when(adminClient.realms()).thenReturn(realmsResource);
when(realmsResource.realm("lions-user-manager")).thenReturn(realmResource); when(realmsResource.realm("lions-user-manager")).thenReturn(realmResource);
when(realmResource.users()).thenReturn(usersResource); when(realmResource.users()).thenReturn(usersResource);
UserRepresentation existingUser = new UserRepresentation(); UserRepresentation existingUser = new UserRepresentation();
existingUser.setId("user-id-123"); existingUser.setId("user-id-123");
when(usersResource.search("test-user", true)).thenReturn(List.of(existingUser)); when(usersResource.search("test-user", true)).thenReturn(List.of(existingUser));
Method method = KeycloakTestUserConfig.class.getDeclaredMethod("ensureTestUserExists", Keycloak.class); Method method = KeycloakTestUserConfig.class.getDeclaredMethod("ensureTestUserExists", Keycloak.class);
method.setAccessible(true); method.setAccessible(true);
String userId = (String) method.invoke(config, adminClient); String userId = (String) method.invoke(config, adminClient);
assertEquals("user-id-123", userId); assertEquals("user-id-123", userId);
} }
@Test @Test
void testEnsureTestUserExists_UserNotFound() throws Exception { void testEnsureTestUserExists_UserNotFound() throws Exception {
when(adminClient.realms()).thenReturn(realmsResource); when(adminClient.realms()).thenReturn(realmsResource);
when(realmsResource.realm("lions-user-manager")).thenReturn(realmResource); when(realmsResource.realm("lions-user-manager")).thenReturn(realmResource);
when(realmResource.users()).thenReturn(usersResource); when(realmResource.users()).thenReturn(usersResource);
when(usersResource.search("test-user", true)).thenReturn(Collections.emptyList()); when(usersResource.search("test-user", true)).thenReturn(Collections.emptyList());
Response response = mock(Response.class); Response response = mock(Response.class);
when(response.getStatusInfo()).thenReturn(Response.Status.CREATED); when(response.getStatusInfo()).thenReturn(Response.Status.CREATED);
when(response.getLocation()).thenReturn(URI.create("http://localhost/users/user-id-123")); when(response.getLocation()).thenReturn(URI.create("http://localhost/users/user-id-123"));
when(usersResource.create(any(UserRepresentation.class))).thenReturn(response); when(usersResource.create(any(UserRepresentation.class))).thenReturn(response);
when(usersResource.get("user-id-123")).thenReturn(userResource); when(usersResource.get("user-id-123")).thenReturn(userResource);
CredentialRepresentation credential = new CredentialRepresentation(); CredentialRepresentation credential = new CredentialRepresentation();
doNothing().when(userResource).resetPassword(any(CredentialRepresentation.class)); doNothing().when(userResource).resetPassword(any(CredentialRepresentation.class));
Method method = KeycloakTestUserConfig.class.getDeclaredMethod("ensureTestUserExists", Keycloak.class); Method method = KeycloakTestUserConfig.class.getDeclaredMethod("ensureTestUserExists", Keycloak.class);
method.setAccessible(true); method.setAccessible(true);
String userId = (String) method.invoke(config, adminClient); String userId = (String) method.invoke(config, adminClient);
assertEquals("user-id-123", userId); assertEquals("user-id-123", userId);
verify(usersResource).create(any(UserRepresentation.class)); verify(usersResource).create(any(UserRepresentation.class));
verify(userResource).resetPassword(any(CredentialRepresentation.class)); verify(userResource).resetPassword(any(CredentialRepresentation.class));
} }
@Test @Test
void testAssignRolesToUser() throws Exception { void testAssignRolesToUser() throws Exception {
when(adminClient.realms()).thenReturn(realmsResource); when(adminClient.realms()).thenReturn(realmsResource);
when(realmsResource.realm("lions-user-manager")).thenReturn(realmResource); when(realmsResource.realm("lions-user-manager")).thenReturn(realmResource);
when(realmResource.users()).thenReturn(usersResource); when(realmResource.users()).thenReturn(usersResource);
when(realmResource.roles()).thenReturn(rolesResource); when(realmResource.roles()).thenReturn(rolesResource);
when(rolesResource.get(anyString())).thenReturn(roleResource); when(rolesResource.get(anyString())).thenReturn(roleResource);
RoleRepresentation role = new RoleRepresentation(); RoleRepresentation role = new RoleRepresentation();
role.setName("admin"); role.setName("admin");
when(roleResource.toRepresentation()).thenReturn(role); when(roleResource.toRepresentation()).thenReturn(role);
when(usersResource.get("user-id")).thenReturn(userResource); when(usersResource.get("user-id")).thenReturn(userResource);
RoleMappingResource roleMappingResource = mock(RoleMappingResource.class); RoleMappingResource roleMappingResource = mock(RoleMappingResource.class);
RoleScopeResource roleScopeResource = mock(RoleScopeResource.class); RoleScopeResource roleScopeResource = mock(RoleScopeResource.class);
when(userResource.roles()).thenReturn(roleMappingResource); when(userResource.roles()).thenReturn(roleMappingResource);
when(roleMappingResource.realmLevel()).thenReturn(roleScopeResource); when(roleMappingResource.realmLevel()).thenReturn(roleScopeResource);
doNothing().when(roleScopeResource).add(anyList()); doNothing().when(roleScopeResource).add(anyList());
Method method = KeycloakTestUserConfig.class.getDeclaredMethod("assignRolesToUser", Keycloak.class, String.class); Method method = KeycloakTestUserConfig.class.getDeclaredMethod("assignRolesToUser", Keycloak.class, String.class);
method.setAccessible(true); method.setAccessible(true);
assertDoesNotThrow(() -> method.invoke(config, adminClient, "user-id")); assertDoesNotThrow(() -> method.invoke(config, adminClient, "user-id"));
verify(roleScopeResource).add(anyList()); verify(roleScopeResource).add(anyList());
} }
@Test @Test
void testEnsureClientAndMapper_ClientExists() throws Exception { void testEnsureClientAndMapper_ClientExists() throws Exception {
when(adminClient.realms()).thenReturn(realmsResource); when(adminClient.realms()).thenReturn(realmsResource);
when(realmsResource.realm("lions-user-manager")).thenReturn(realmResource); when(realmsResource.realm("lions-user-manager")).thenReturn(realmResource);
when(realmResource.clients()).thenReturn(clientsResource); when(realmResource.clients()).thenReturn(clientsResource);
ClientRepresentation existingClient = new ClientRepresentation(); ClientRepresentation existingClient = new ClientRepresentation();
existingClient.setId("client-id-123"); existingClient.setId("client-id-123");
when(clientsResource.findByClientId("lions-user-manager-client")).thenReturn(List.of(existingClient)); when(clientsResource.findByClientId("lions-user-manager-client")).thenReturn(List.of(existingClient));
when(realmResource.clientScopes()).thenReturn(clientScopesResource); when(realmResource.clientScopes()).thenReturn(clientScopesResource);
ClientScopeRepresentation rolesScope = new ClientScopeRepresentation(); ClientScopeRepresentation rolesScope = new ClientScopeRepresentation();
rolesScope.setId("scope-id"); rolesScope.setId("scope-id");
rolesScope.setName("roles"); rolesScope.setName("roles");
when(clientScopesResource.findAll()).thenReturn(List.of(rolesScope)); when(clientScopesResource.findAll()).thenReturn(List.of(rolesScope));
when(clientsResource.get("client-id-123")).thenReturn(clientResource); when(clientsResource.get("client-id-123")).thenReturn(clientResource);
when(clientResource.getDefaultClientScopes()).thenReturn(List.of(rolesScope)); when(clientResource.getDefaultClientScopes()).thenReturn(List.of(rolesScope));
Method method = KeycloakTestUserConfig.class.getDeclaredMethod("ensureClientAndMapper", Keycloak.class); Method method = KeycloakTestUserConfig.class.getDeclaredMethod("ensureClientAndMapper", Keycloak.class);
method.setAccessible(true); method.setAccessible(true);
assertDoesNotThrow(() -> method.invoke(config, adminClient)); assertDoesNotThrow(() -> method.invoke(config, adminClient));
} }
@Test @Test
void testEnsureClientAndMapper_ClientNotFound() throws Exception { void testEnsureClientAndMapper_ClientNotFound() throws Exception {
when(adminClient.realms()).thenReturn(realmsResource); when(adminClient.realms()).thenReturn(realmsResource);
when(realmsResource.realm("lions-user-manager")).thenReturn(realmResource); when(realmsResource.realm("lions-user-manager")).thenReturn(realmResource);
when(realmResource.clients()).thenReturn(clientsResource); when(realmResource.clients()).thenReturn(clientsResource);
when(clientsResource.findByClientId("lions-user-manager-client")).thenReturn(Collections.emptyList()); when(clientsResource.findByClientId("lions-user-manager-client")).thenReturn(Collections.emptyList());
Response response = mock(Response.class); Response response = mock(Response.class);
when(response.getStatusInfo()).thenReturn(Response.Status.CREATED); when(response.getStatusInfo()).thenReturn(Response.Status.CREATED);
when(response.getLocation()).thenReturn(URI.create("http://localhost/clients/client-id-123")); when(response.getLocation()).thenReturn(URI.create("http://localhost/clients/client-id-123"));
when(clientsResource.create(any(ClientRepresentation.class))).thenReturn(response); when(clientsResource.create(any(ClientRepresentation.class))).thenReturn(response);
when(realmResource.clientScopes()).thenReturn(clientScopesResource); when(realmResource.clientScopes()).thenReturn(clientScopesResource);
ClientScopeRepresentation rolesScope = new ClientScopeRepresentation(); ClientScopeRepresentation rolesScope = new ClientScopeRepresentation();
rolesScope.setId("scope-id"); rolesScope.setId("scope-id");
rolesScope.setName("roles"); rolesScope.setName("roles");
when(clientScopesResource.findAll()).thenReturn(List.of(rolesScope)); when(clientScopesResource.findAll()).thenReturn(List.of(rolesScope));
when(clientsResource.get("client-id-123")).thenReturn(clientResource); when(clientsResource.get("client-id-123")).thenReturn(clientResource);
when(clientResource.getDefaultClientScopes()).thenReturn(List.of(rolesScope)); when(clientResource.getDefaultClientScopes()).thenReturn(List.of(rolesScope));
Method method = KeycloakTestUserConfig.class.getDeclaredMethod("ensureClientAndMapper", Keycloak.class); Method method = KeycloakTestUserConfig.class.getDeclaredMethod("ensureClientAndMapper", Keycloak.class);
method.setAccessible(true); method.setAccessible(true);
assertDoesNotThrow(() -> method.invoke(config, adminClient)); assertDoesNotThrow(() -> method.invoke(config, adminClient));
verify(clientsResource).create(any(ClientRepresentation.class)); verify(clientsResource).create(any(ClientRepresentation.class));
} }
@Test @Test
void testEnsureClientAndMapper_ClientNotFound_NoRolesScope() throws Exception { void testEnsureClientAndMapper_ClientNotFound_NoRolesScope() throws Exception {
when(adminClient.realms()).thenReturn(realmsResource); when(adminClient.realms()).thenReturn(realmsResource);
when(realmsResource.realm("lions-user-manager")).thenReturn(realmResource); when(realmsResource.realm("lions-user-manager")).thenReturn(realmResource);
when(realmResource.clients()).thenReturn(clientsResource); when(realmResource.clients()).thenReturn(clientsResource);
when(clientsResource.findByClientId("lions-user-manager-client")).thenReturn(Collections.emptyList()); when(clientsResource.findByClientId("lions-user-manager-client")).thenReturn(Collections.emptyList());
Response response = mock(Response.class); Response response = mock(Response.class);
when(response.getStatusInfo()).thenReturn(Response.Status.CREATED); when(response.getStatusInfo()).thenReturn(Response.Status.CREATED);
when(response.getLocation()).thenReturn(URI.create("http://localhost/clients/client-id-123")); when(response.getLocation()).thenReturn(URI.create("http://localhost/clients/client-id-123"));
when(clientsResource.create(any(ClientRepresentation.class))).thenReturn(response); when(clientsResource.create(any(ClientRepresentation.class))).thenReturn(response);
when(realmResource.clientScopes()).thenReturn(clientScopesResource); when(realmResource.clientScopes()).thenReturn(clientScopesResource);
when(clientScopesResource.findAll()).thenReturn(Collections.emptyList()); when(clientScopesResource.findAll()).thenReturn(Collections.emptyList());
Method method = KeycloakTestUserConfig.class.getDeclaredMethod("ensureClientAndMapper", Keycloak.class); Method method = KeycloakTestUserConfig.class.getDeclaredMethod("ensureClientAndMapper", Keycloak.class);
method.setAccessible(true); method.setAccessible(true);
assertDoesNotThrow(() -> method.invoke(config, adminClient)); assertDoesNotThrow(() -> method.invoke(config, adminClient));
} }
@Test @Test
void testEnsureClientAndMapper_ClientNotFound_RolesScopeAlreadyPresent() throws Exception { void testEnsureClientAndMapper_ClientNotFound_RolesScopeAlreadyPresent() throws Exception {
when(adminClient.realms()).thenReturn(realmsResource); when(adminClient.realms()).thenReturn(realmsResource);
when(realmsResource.realm("lions-user-manager")).thenReturn(realmResource); when(realmsResource.realm("lions-user-manager")).thenReturn(realmResource);
when(realmResource.clients()).thenReturn(clientsResource); when(realmResource.clients()).thenReturn(clientsResource);
when(clientsResource.findByClientId("lions-user-manager-client")).thenReturn(Collections.emptyList()); when(clientsResource.findByClientId("lions-user-manager-client")).thenReturn(Collections.emptyList());
Response response = mock(Response.class); Response response = mock(Response.class);
when(response.getStatusInfo()).thenReturn(Response.Status.CREATED); when(response.getStatusInfo()).thenReturn(Response.Status.CREATED);
when(response.getLocation()).thenReturn(URI.create("http://localhost/clients/client-id-123")); when(response.getLocation()).thenReturn(URI.create("http://localhost/clients/client-id-123"));
when(clientsResource.create(any(ClientRepresentation.class))).thenReturn(response); when(clientsResource.create(any(ClientRepresentation.class))).thenReturn(response);
when(realmResource.clientScopes()).thenReturn(clientScopesResource); when(realmResource.clientScopes()).thenReturn(clientScopesResource);
ClientScopeRepresentation rolesScope = new ClientScopeRepresentation(); ClientScopeRepresentation rolesScope = new ClientScopeRepresentation();
rolesScope.setId("scope-id"); rolesScope.setId("scope-id");
rolesScope.setName("roles"); rolesScope.setName("roles");
when(clientScopesResource.findAll()).thenReturn(List.of(rolesScope)); when(clientScopesResource.findAll()).thenReturn(List.of(rolesScope));
when(clientsResource.get("client-id-123")).thenReturn(clientResource); when(clientsResource.get("client-id-123")).thenReturn(clientResource);
// Simuler que le scope "roles" est déjà présent // Simuler que le scope "roles" est déjà présent
when(clientResource.getDefaultClientScopes()).thenReturn(List.of(rolesScope)); when(clientResource.getDefaultClientScopes()).thenReturn(List.of(rolesScope));
Method method = KeycloakTestUserConfig.class.getDeclaredMethod("ensureClientAndMapper", Keycloak.class); Method method = KeycloakTestUserConfig.class.getDeclaredMethod("ensureClientAndMapper", Keycloak.class);
method.setAccessible(true); method.setAccessible(true);
assertDoesNotThrow(() -> method.invoke(config, adminClient)); assertDoesNotThrow(() -> method.invoke(config, adminClient));
} }
@Test @Test
void testEnsureClientAndMapper_Exception() throws Exception { void testEnsureClientAndMapper_Exception() throws Exception {
when(adminClient.realms()).thenReturn(realmsResource); when(adminClient.realms()).thenReturn(realmsResource);
when(realmsResource.realm("lions-user-manager")).thenReturn(realmResource); when(realmsResource.realm("lions-user-manager")).thenReturn(realmResource);
when(realmResource.clients()).thenReturn(clientsResource); when(realmResource.clients()).thenReturn(clientsResource);
when(clientsResource.findByClientId("lions-user-manager-client")).thenThrow(new RuntimeException("Connection error")); when(clientsResource.findByClientId("lions-user-manager-client")).thenThrow(new RuntimeException("Connection error"));
Method method = KeycloakTestUserConfig.class.getDeclaredMethod("ensureClientAndMapper", Keycloak.class); Method method = KeycloakTestUserConfig.class.getDeclaredMethod("ensureClientAndMapper", Keycloak.class);
method.setAccessible(true); method.setAccessible(true);
assertDoesNotThrow(() -> method.invoke(config, adminClient)); assertDoesNotThrow(() -> method.invoke(config, adminClient));
} }
@Test @Test
void testGetCreatedId_Success() throws Exception { void testGetCreatedId_Success() throws Exception {
Response response = mock(Response.class); Response response = mock(Response.class);
when(response.getStatusInfo()).thenReturn(Response.Status.CREATED); when(response.getStatusInfo()).thenReturn(Response.Status.CREATED);
when(response.getLocation()).thenReturn(URI.create("http://localhost/users/user-id-123")); when(response.getLocation()).thenReturn(URI.create("http://localhost/users/user-id-123"));
Method method = KeycloakTestUserConfig.class.getDeclaredMethod("getCreatedId", Response.class); Method method = KeycloakTestUserConfig.class.getDeclaredMethod("getCreatedId", Response.class);
method.setAccessible(true); method.setAccessible(true);
String id = (String) method.invoke(config, response); String id = (String) method.invoke(config, response);
assertEquals("user-id-123", id); assertEquals("user-id-123", id);
} }
@Test @Test
void testGetCreatedId_Error() throws Exception { void testGetCreatedId_Error() throws Exception {
Response response = mock(Response.class); Response response = mock(Response.class);
// Utiliser Response.Status.BAD_REQUEST directement // Utiliser Response.Status.BAD_REQUEST directement
when(response.getStatusInfo()).thenReturn(Response.Status.BAD_REQUEST); when(response.getStatusInfo()).thenReturn(Response.Status.BAD_REQUEST);
Method method = KeycloakTestUserConfig.class.getDeclaredMethod("getCreatedId", Response.class); Method method = KeycloakTestUserConfig.class.getDeclaredMethod("getCreatedId", Response.class);
method.setAccessible(true); method.setAccessible(true);
Exception exception = assertThrows(Exception.class, () -> method.invoke(config, response)); Exception exception = assertThrows(Exception.class, () -> method.invoke(config, response));
assertTrue(exception.getCause() instanceof RuntimeException); assertTrue(exception.getCause() instanceof RuntimeException);
assertTrue(exception.getCause().getMessage().contains("Erreur lors de la création")); assertTrue(exception.getCause().getMessage().contains("Erreur lors de la création"));
} }
}
/**
* Couvre L250-252 : le scope "roles" n'est pas encore dans les scopes du client,
* donc addDefaultClientScope est appelé.
*/
@Test
void testEnsureClientAndMapper_ClientExists_RolesScopeNotYetPresent() throws Exception {
when(adminClient.realms()).thenReturn(realmsResource);
when(realmsResource.realm("lions-user-manager")).thenReturn(realmResource);
when(realmResource.clients()).thenReturn(clientsResource);
ClientRepresentation existingClient = new ClientRepresentation();
existingClient.setId("client-id-456");
when(clientsResource.findByClientId("lions-user-manager-client")).thenReturn(List.of(existingClient));
// Le scope "roles" existe dans le realm
when(realmResource.clientScopes()).thenReturn(clientScopesResource);
ClientScopeRepresentation rolesScope = new ClientScopeRepresentation();
rolesScope.setId("scope-roles-id");
rolesScope.setName("roles");
when(clientScopesResource.findAll()).thenReturn(List.of(rolesScope));
// Mais il N'EST PAS encore dans les scopes par défaut du client (liste vide)
when(clientsResource.get("client-id-456")).thenReturn(clientResource);
when(clientResource.getDefaultClientScopes()).thenReturn(Collections.emptyList());
doNothing().when(clientResource).addDefaultClientScope(anyString());
Method method = KeycloakTestUserConfig.class.getDeclaredMethod("ensureClientAndMapper", Keycloak.class);
method.setAccessible(true);
assertDoesNotThrow(() -> method.invoke(config, adminClient));
// Vérifie que addDefaultClientScope a été appelé avec l'ID du scope
verify(clientResource).addDefaultClientScope("scope-roles-id");
}
/**
* Couvre L259-260 : addDefaultClientScope lève une exception → catch warn.
*/
@Test
void testEnsureClientAndMapper_ClientExists_AddScopeThrowsException() throws Exception {
when(adminClient.realms()).thenReturn(realmsResource);
when(realmsResource.realm("lions-user-manager")).thenReturn(realmResource);
when(realmResource.clients()).thenReturn(clientsResource);
ClientRepresentation existingClient = new ClientRepresentation();
existingClient.setId("client-id-789");
when(clientsResource.findByClientId("lions-user-manager-client")).thenReturn(List.of(existingClient));
when(realmResource.clientScopes()).thenReturn(clientScopesResource);
ClientScopeRepresentation rolesScope = new ClientScopeRepresentation();
rolesScope.setId("scope-roles-id-2");
rolesScope.setName("roles");
when(clientScopesResource.findAll()).thenReturn(List.of(rolesScope));
// Scope pas encore présent
when(clientsResource.get("client-id-789")).thenReturn(clientResource);
when(clientResource.getDefaultClientScopes()).thenReturn(Collections.emptyList());
// addDefaultClientScope lève une exception → couvre le catch L259-260
doThrow(new RuntimeException("Forbidden")).when(clientResource).addDefaultClientScope(anyString());
Method method = KeycloakTestUserConfig.class.getDeclaredMethod("ensureClientAndMapper", Keycloak.class);
method.setAccessible(true);
// La méthode ne doit pas propager l'exception (catch + warn)
assertDoesNotThrow(() -> method.invoke(config, adminClient));
}
}

130
src/test/java/dev/lions/user/manager/config/KeycloakTestUserConfigTest.java
View File

@@ -1,65 +1,65 @@
package dev.lions.user.manager.config; package dev.lions.user.manager.config;
import io.quarkus.runtime.StartupEvent; import io.quarkus.runtime.StartupEvent;
import org.junit.jupiter.api.BeforeEach; import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test; import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.extension.ExtendWith; import org.junit.jupiter.api.extension.ExtendWith;
import org.mockito.InjectMocks; import org.mockito.InjectMocks;
import org.mockito.junit.jupiter.MockitoExtension; import org.mockito.junit.jupiter.MockitoExtension;
import java.lang.reflect.Field; import java.lang.reflect.Field;
import static org.junit.jupiter.api.Assertions.*; import static org.junit.jupiter.api.Assertions.*;
/** /**
* Tests unitaires pour KeycloakTestUserConfig * Tests unitaires pour KeycloakTestUserConfig
*/ */
@ExtendWith(MockitoExtension.class) @ExtendWith(MockitoExtension.class)
class KeycloakTestUserConfigTest { class KeycloakTestUserConfigTest {
@InjectMocks @InjectMocks
private KeycloakTestUserConfig config; private KeycloakTestUserConfig config;
@BeforeEach @BeforeEach
void setUp() throws Exception { void setUp() throws Exception {
// Injecter les propriétés via reflection // Injecter les propriétés via reflection
setField("profile", "dev"); setField("profile", "dev");
setField("keycloakServerUrl", "http://localhost:8180"); setField("keycloakServerUrl", "http://localhost:8180");
setField("adminRealm", "master"); setField("adminRealm", "master");
setField("adminUsername", "admin"); setField("adminUsername", "admin");
setField("adminPassword", "admin"); setField("adminPassword", "admin");
setField("authorizedRealms", "lions-user-manager"); setField("authorizedRealms", "lions-user-manager");
} }
private void setField(String fieldName, Object value) throws Exception { private void setField(String fieldName, Object value) throws Exception {
Field field = KeycloakTestUserConfig.class.getDeclaredField(fieldName); Field field = KeycloakTestUserConfig.class.getDeclaredField(fieldName);
field.setAccessible(true); field.setAccessible(true);
field.set(config, value); field.set(config, value);
} }
@Test @Test
void testOnStart_DevMode() { void testOnStart_DevMode() {
// La méthode onStart est désactivée, elle devrait juste logger et retourner // La méthode onStart est désactivée, elle devrait juste logger et retourner
assertDoesNotThrow(() -> { assertDoesNotThrow(() -> {
config.onStart(new StartupEvent()); config.onStart(new StartupEvent());
}); });
} }
@Test @Test
void testOnStart_ProdMode() throws Exception { void testOnStart_ProdMode() throws Exception {
setField("profile", "prod"); setField("profile", "prod");
// En prod, la méthode devrait retourner immédiatement // En prod, la méthode devrait retourner immédiatement
assertDoesNotThrow(() -> { assertDoesNotThrow(() -> {
config.onStart(new StartupEvent()); config.onStart(new StartupEvent());
}); });
} }
@Test @Test
void testConstants() { void testConstants() {
// Vérifier que les constantes sont définies // Vérifier que les constantes sont définies
assertNotNull(KeycloakTestUserConfig.class); assertNotNull(KeycloakTestUserConfig.class);
// Les constantes sont privées, on ne peut pas les tester directement // Les constantes sont privées, on ne peut pas les tester directement
// mais on peut vérifier que la classe se charge correctement // mais on peut vérifier que la classe se charge correctement
} }
} }

170
src/test/java/dev/lions/user/manager/mapper/RoleMapperAdditionalTest.java
View File

@@ -1,79 +1,91 @@
package dev.lions.user.manager.mapper; package dev.lions.user.manager.mapper;
import dev.lions.user.manager.dto.role.RoleDTO; import dev.lions.user.manager.dto.role.RoleDTO;
import dev.lions.user.manager.enums.role.TypeRole; import dev.lions.user.manager.enums.role.TypeRole;
import org.junit.jupiter.api.Test; import org.junit.jupiter.api.Test;
import org.keycloak.representations.idm.RoleRepresentation; import org.keycloak.representations.idm.RoleRepresentation;
import java.util.Arrays; import java.util.Arrays;
import java.util.Collections; import java.util.Collections;
import java.util.List; import java.util.List;
import static org.junit.jupiter.api.Assertions.*; import static org.junit.jupiter.api.Assertions.*;
/** /**
* Tests supplémentaires pour RoleMapper pour améliorer la couverture * Tests supplémentaires pour RoleMapper pour améliorer la couverture
*/ */
class RoleMapperAdditionalTest { class RoleMapperAdditionalTest {
@Test @Test
void testToDTO_WithAllFields() { void testToDTO_WithAllFields() {
RoleRepresentation roleRep = new RoleRepresentation(); RoleRepresentation roleRep = new RoleRepresentation();
roleRep.setId("role-123"); roleRep.setId("role-123");
roleRep.setName("admin"); roleRep.setName("admin");
roleRep.setDescription("Administrator role"); roleRep.setDescription("Administrator role");
roleRep.setComposite(false); roleRep.setComposite(false);
RoleDTO dto = RoleMapper.toDTO(roleRep, "test-realm", TypeRole.REALM_ROLE); RoleDTO dto = RoleMapper.toDTO(roleRep, "test-realm", TypeRole.REALM_ROLE);
assertNotNull(dto); assertNotNull(dto);
assertEquals("role-123", dto.getId()); assertEquals("role-123", dto.getId());
assertEquals("admin", dto.getName()); assertEquals("admin", dto.getName());
assertEquals("Administrator role", dto.getDescription()); assertEquals("Administrator role", dto.getDescription());
assertEquals(TypeRole.REALM_ROLE, dto.getTypeRole()); assertEquals(TypeRole.REALM_ROLE, dto.getTypeRole());
assertFalse(dto.getComposite()); assertFalse(dto.getComposite());
} }
@Test @Test
void testToDTO_WithNullFields() { void testToDTO_WithNullFields() {
RoleRepresentation roleRep = new RoleRepresentation(); RoleRepresentation roleRep = new RoleRepresentation();
roleRep.setId("role-123"); roleRep.setId("role-123");
roleRep.setName("user"); roleRep.setName("user");
RoleDTO dto = RoleMapper.toDTO(roleRep, "test-realm", TypeRole.REALM_ROLE); RoleDTO dto = RoleMapper.toDTO(roleRep, "test-realm", TypeRole.REALM_ROLE);
assertNotNull(dto); assertNotNull(dto);
assertEquals("role-123", dto.getId()); assertEquals("role-123", dto.getId());
assertEquals("user", dto.getName()); assertEquals("user", dto.getName());
assertNull(dto.getDescription()); assertNull(dto.getDescription());
} }
@Test @Test
void testToDTOList_Empty() { void testToDTOList_Empty() {
List<RoleDTO> dtos = RoleMapper.toDTOList(Collections.emptyList(), "test-realm", TypeRole.REALM_ROLE); List<RoleDTO> dtos = RoleMapper.toDTOList(Collections.emptyList(), "test-realm", TypeRole.REALM_ROLE);
assertNotNull(dtos); assertNotNull(dtos);
assertTrue(dtos.isEmpty()); assertTrue(dtos.isEmpty());
} }
@Test @Test
void testToDTOList_WithRoles() { void testToDTOList_WithRoles() {
RoleRepresentation role1 = new RoleRepresentation(); RoleRepresentation role1 = new RoleRepresentation();
role1.setId("role-1"); role1.setId("role-1");
role1.setName("admin"); role1.setName("admin");
RoleRepresentation role2 = new RoleRepresentation(); RoleRepresentation role2 = new RoleRepresentation();
role2.setId("role-2"); role2.setId("role-2");
role2.setName("user"); role2.setName("user");
List<RoleDTO> dtos = RoleMapper.toDTOList(Arrays.asList(role1, role2), "test-realm", TypeRole.REALM_ROLE); List<RoleDTO> dtos = RoleMapper.toDTOList(Arrays.asList(role1, role2), "test-realm", TypeRole.REALM_ROLE);
assertNotNull(dtos); assertNotNull(dtos);
assertEquals(2, dtos.size()); assertEquals(2, dtos.size());
assertEquals("admin", dtos.get(0).getName()); assertEquals("admin", dtos.get(0).getName());
assertEquals("user", dtos.get(1).getName()); assertEquals("user", dtos.get(1).getName());
} }
// La méthode toKeycloak() n'existe pas dans RoleMapper // La méthode toKeycloak() n'existe pas dans RoleMapper
// Ces tests sont supprimés car la méthode n'est pas disponible // Ces tests sont supprimés car la méthode n'est pas disponible
}
/**
* Couvre RoleMapper.java L13 : le constructeur par défaut implicite de la classe utilitaire.
* JaCoCo (counter=LINE) marque la déclaration de classe comme non couverte si aucune instance
* n'est jamais créée.
*/
@Test
void testRoleMapperInstantiation() {
// Instantie la classe pour couvrir le constructeur par défaut (L13)
RoleMapper mapper = new RoleMapper();
assertNotNull(mapper);
}
}

182
src/test/java/dev/lions/user/manager/mapper/RoleMapperTest.java
View File

@@ -1,91 +1,91 @@
package dev.lions.user.manager.mapper; package dev.lions.user.manager.mapper;
import dev.lions.user.manager.dto.role.RoleDTO; import dev.lions.user.manager.dto.role.RoleDTO;
import dev.lions.user.manager.enums.role.TypeRole; import dev.lions.user.manager.enums.role.TypeRole;
import org.junit.jupiter.api.Test; import org.junit.jupiter.api.Test;
import org.keycloak.representations.idm.RoleRepresentation; import org.keycloak.representations.idm.RoleRepresentation;
import java.util.Collections; import java.util.Collections;
import java.util.List; import java.util.List;
import static org.junit.jupiter.api.Assertions.*; import static org.junit.jupiter.api.Assertions.*;
class RoleMapperTest { class RoleMapperTest {
@Test @Test
void testToDTO() { void testToDTO() {
RoleRepresentation rep = new RoleRepresentation(); RoleRepresentation rep = new RoleRepresentation();
rep.setId("1"); rep.setId("1");
rep.setName("role"); rep.setName("role");
rep.setDescription("desc"); rep.setDescription("desc");
rep.setComposite(true); rep.setComposite(true);
RoleDTO dto = RoleMapper.toDTO(rep, "realm", TypeRole.REALM_ROLE); RoleDTO dto = RoleMapper.toDTO(rep, "realm", TypeRole.REALM_ROLE);
assertNotNull(dto); assertNotNull(dto);
assertEquals("1", dto.getId()); assertEquals("1", dto.getId());
assertEquals("role", dto.getName()); assertEquals("role", dto.getName());
assertEquals("desc", dto.getDescription()); assertEquals("desc", dto.getDescription());
assertEquals(TypeRole.REALM_ROLE, dto.getTypeRole()); assertEquals(TypeRole.REALM_ROLE, dto.getTypeRole());
assertEquals("realm", dto.getRealmName()); assertEquals("realm", dto.getRealmName());
assertTrue(dto.getComposite()); assertTrue(dto.getComposite());
assertNull(RoleMapper.toDTO(null, "realm", TypeRole.REALM_ROLE)); assertNull(RoleMapper.toDTO(null, "realm", TypeRole.REALM_ROLE));
} }
@Test @Test
void testToRepresentation() { void testToRepresentation() {
RoleDTO dto = RoleDTO.builder() RoleDTO dto = RoleDTO.builder()
.id("1") .id("1")
.name("role") .name("role")
.description("desc") .description("desc")
.composite(true) .composite(true)
.compositeRoles(Collections.singletonList("subrole")) .compositeRoles(Collections.singletonList("subrole"))
.typeRole(TypeRole.CLIENT_ROLE) // Should setClientRole(true) .typeRole(TypeRole.CLIENT_ROLE) // Should setClientRole(true)
.build(); .build();
RoleRepresentation rep = RoleMapper.toRepresentation(dto); RoleRepresentation rep = RoleMapper.toRepresentation(dto);
assertNotNull(rep); assertNotNull(rep);
assertEquals("1", rep.getId()); assertEquals("1", rep.getId());
assertEquals("role", rep.getName()); assertEquals("role", rep.getName());
assertEquals("desc", rep.getDescription()); assertEquals("desc", rep.getDescription());
assertTrue(rep.isComposite()); assertTrue(rep.isComposite());
assertTrue(rep.getClientRole()); assertTrue(rep.getClientRole());
assertNull(RoleMapper.toRepresentation(null)); assertNull(RoleMapper.toRepresentation(null));
} }
// New test case to cover full branch logic // New test case to cover full branch logic
@Test @Test
void testToRepresentationRealmRole() { void testToRepresentationRealmRole() {
RoleDTO dto = RoleDTO.builder() RoleDTO dto = RoleDTO.builder()
.typeRole(TypeRole.REALM_ROLE) .typeRole(TypeRole.REALM_ROLE)
.build(); .build();
RoleRepresentation rep = RoleMapper.toRepresentation(dto); RoleRepresentation rep = RoleMapper.toRepresentation(dto);
assertFalse(rep.getClientRole()); assertFalse(rep.getClientRole());
} }
@Test @Test
void testToDTOList() { void testToDTOList() {
RoleRepresentation rep = new RoleRepresentation(); RoleRepresentation rep = new RoleRepresentation();
rep.setName("role"); rep.setName("role");
List<RoleRepresentation> reps = Collections.singletonList(rep); List<RoleRepresentation> reps = Collections.singletonList(rep);
List<RoleDTO> dtos = RoleMapper.toDTOList(reps, "realm", TypeRole.REALM_ROLE); List<RoleDTO> dtos = RoleMapper.toDTOList(reps, "realm", TypeRole.REALM_ROLE);
assertEquals(1, dtos.size()); assertEquals(1, dtos.size());
assertEquals("role", dtos.get(0).getName()); assertEquals("role", dtos.get(0).getName());
assertTrue(RoleMapper.toDTOList(null, "realm", TypeRole.REALM_ROLE).isEmpty()); assertTrue(RoleMapper.toDTOList(null, "realm", TypeRole.REALM_ROLE).isEmpty());
} }
@Test @Test
void testToRepresentationList() { void testToRepresentationList() {
RoleDTO dto = RoleDTO.builder().name("role").typeRole(TypeRole.REALM_ROLE).build(); RoleDTO dto = RoleDTO.builder().name("role").typeRole(TypeRole.REALM_ROLE).build();
List<RoleDTO> dtos = Collections.singletonList(dto); List<RoleDTO> dtos = Collections.singletonList(dto);
List<RoleRepresentation> reps = RoleMapper.toRepresentationList(dtos); List<RoleRepresentation> reps = RoleMapper.toRepresentationList(dtos);
assertEquals(1, reps.size()); assertEquals(1, reps.size());
assertEquals("role", reps.get(0).getName()); assertEquals("role", reps.get(0).getName());
assertTrue(RoleMapper.toRepresentationList(null).isEmpty()); assertTrue(RoleMapper.toRepresentationList(null).isEmpty());
} }
} }

300
src/test/java/dev/lions/user/manager/mapper/UserMapperTest.java
View File

@@ -1,150 +1,150 @@
package dev.lions.user.manager.mapper; package dev.lions.user.manager.mapper;
import dev.lions.user.manager.dto.user.UserDTO; import dev.lions.user.manager.dto.user.UserDTO;
import dev.lions.user.manager.enums.user.StatutUser; import dev.lions.user.manager.enums.user.StatutUser;
import org.junit.jupiter.api.Test; import org.junit.jupiter.api.Test;
import org.keycloak.representations.idm.UserRepresentation; import org.keycloak.representations.idm.UserRepresentation;
import java.util.Collections; import java.util.Collections;
import java.util.List; import java.util.List;
import java.util.Map; import java.util.Map;
import static org.junit.jupiter.api.Assertions.*; import static org.junit.jupiter.api.Assertions.*;
class UserMapperTest { class UserMapperTest {
@Test @Test
void testToDTO() { void testToDTO() {
UserRepresentation rep = new UserRepresentation(); UserRepresentation rep = new UserRepresentation();
rep.setId("1"); rep.setId("1");
rep.setUsername("jdoe"); rep.setUsername("jdoe");
rep.setEmail("jdoe@example.com"); rep.setEmail("jdoe@example.com");
rep.setEmailVerified(true); rep.setEmailVerified(true);
rep.setFirstName("John"); rep.setFirstName("John");
rep.setLastName("Doe"); rep.setLastName("Doe");
rep.setEnabled(true); rep.setEnabled(true);
rep.setCreatedTimestamp(System.currentTimeMillis()); rep.setCreatedTimestamp(System.currentTimeMillis());
Map<String, List<String>> attrs = Map.of( Map<String, List<String>> attrs = Map.of(
"phone_number", List.of("123"), "phone_number", List.of("123"),
"organization", List.of("Lions"), "organization", List.of("Lions"),
"department", List.of("IT"), "department", List.of("IT"),
"job_title", List.of("Dev"), "job_title", List.of("Dev"),
"country", List.of("CI"), "country", List.of("CI"),
"city", List.of("Abidjan"), "city", List.of("Abidjan"),
"locale", List.of("fr"), "locale", List.of("fr"),
"timezone", List.of("UTC")); "timezone", List.of("UTC"));
rep.setAttributes(attrs); rep.setAttributes(attrs);
UserDTO dto = UserMapper.toDTO(rep, "realm"); UserDTO dto = UserMapper.toDTO(rep, "realm");
assertNotNull(dto); assertNotNull(dto);
assertEquals("1", dto.getId()); assertEquals("1", dto.getId());
assertEquals("jdoe", dto.getUsername()); assertEquals("jdoe", dto.getUsername());
assertEquals("jdoe@example.com", dto.getEmail()); assertEquals("jdoe@example.com", dto.getEmail());
assertTrue(dto.getEmailVerified()); assertTrue(dto.getEmailVerified());
assertEquals("John", dto.getPrenom()); assertEquals("John", dto.getPrenom());
assertEquals("Doe", dto.getNom()); assertEquals("Doe", dto.getNom());
assertEquals(StatutUser.ACTIF, dto.getStatut()); assertEquals(StatutUser.ACTIF, dto.getStatut());
assertEquals("realm", dto.getRealmName()); assertEquals("realm", dto.getRealmName());
assertEquals("123", dto.getTelephone()); assertEquals("123", dto.getTelephone());
assertEquals("Lions", dto.getOrganisation()); assertEquals("Lions", dto.getOrganisation());
assertEquals("IT", dto.getDepartement()); assertEquals("IT", dto.getDepartement());
assertEquals("Dev", dto.getFonction()); assertEquals("Dev", dto.getFonction());
assertEquals("CI", dto.getPays()); assertEquals("CI", dto.getPays());
assertEquals("Abidjan", dto.getVille()); assertEquals("Abidjan", dto.getVille());
assertEquals("fr", dto.getLangue()); assertEquals("fr", dto.getLangue());
assertEquals("UTC", dto.getTimezone()); assertEquals("UTC", dto.getTimezone());
assertNotNull(dto.getDateCreation()); assertNotNull(dto.getDateCreation());
assertNull(UserMapper.toDTO(null, "realm")); assertNull(UserMapper.toDTO(null, "realm"));
} }
@Test @Test
void testToDTOWithNullAttributes() { void testToDTOWithNullAttributes() {
UserRepresentation rep = new UserRepresentation(); UserRepresentation rep = new UserRepresentation();
rep.setId("1"); rep.setId("1");
rep.setEnabled(true); rep.setEnabled(true);
UserDTO dto = UserMapper.toDTO(rep, "realm"); UserDTO dto = UserMapper.toDTO(rep, "realm");
assertNotNull(dto); assertNotNull(dto);
assertNull(dto.getTelephone()); // Attribute missing assertNull(dto.getTelephone()); // Attribute missing
} }
@Test @Test
void testToDTOWithEmptyAttributes() { void testToDTOWithEmptyAttributes() {
UserRepresentation rep = new UserRepresentation(); UserRepresentation rep = new UserRepresentation();
rep.setEnabled(true); rep.setEnabled(true);
rep.setAttributes(Collections.emptyMap()); rep.setAttributes(Collections.emptyMap());
UserDTO dto = UserMapper.toDTO(rep, "realm"); UserDTO dto = UserMapper.toDTO(rep, "realm");
assertNotNull(dto); assertNotNull(dto);
assertNull(dto.getTelephone()); assertNull(dto.getTelephone());
} }
@Test @Test
void testToRepresentation() { void testToRepresentation() {
UserDTO dto = UserDTO.builder() UserDTO dto = UserDTO.builder()
.id("1") .id("1")
.username("jdoe") .username("jdoe")
.email("jdoe@example.com") .email("jdoe@example.com")
.emailVerified(true) .emailVerified(true)
.prenom("John") .prenom("John")
.nom("Doe") .nom("Doe")
.enabled(true) .enabled(true)
.telephone("123") .telephone("123")
.organisation("Lions") .organisation("Lions")
.departement("IT") .departement("IT")
.fonction("Dev") .fonction("Dev")
.pays("CI") .pays("CI")
.ville("Abidjan") .ville("Abidjan")
.langue("fr") .langue("fr")
.timezone("UTC") .timezone("UTC")
.requiredActions(Collections.singletonList("UPDATE_PASSWORD")) .requiredActions(Collections.singletonList("UPDATE_PASSWORD"))
.attributes(Map.of("custom", List.of("value"))) .attributes(Map.of("custom", List.of("value")))
.build(); .build();
UserRepresentation rep = UserMapper.toRepresentation(dto); UserRepresentation rep = UserMapper.toRepresentation(dto);
assertNotNull(rep); assertNotNull(rep);
assertEquals("1", rep.getId()); assertEquals("1", rep.getId());
assertEquals("jdoe", rep.getUsername()); assertEquals("jdoe", rep.getUsername());
assertEquals("jdoe@example.com", rep.getEmail()); assertEquals("jdoe@example.com", rep.getEmail());
assertTrue(rep.isEmailVerified()); assertTrue(rep.isEmailVerified());
assertEquals("John", rep.getFirstName()); assertEquals("John", rep.getFirstName());
assertEquals("Doe", rep.getLastName()); assertEquals("Doe", rep.getLastName());
assertTrue(rep.isEnabled()); assertTrue(rep.isEnabled());
assertNotNull(rep.getAttributes()); assertNotNull(rep.getAttributes());
assertEquals(List.of("123"), rep.getAttributes().get("phone_number")); assertEquals(List.of("123"), rep.getAttributes().get("phone_number"));
assertEquals(List.of("Lions"), rep.getAttributes().get("organization")); assertEquals(List.of("Lions"), rep.getAttributes().get("organization"));
assertEquals(List.of("value"), rep.getAttributes().get("custom")); assertEquals(List.of("value"), rep.getAttributes().get("custom"));
assertNotNull(rep.getRequiredActions()); assertNotNull(rep.getRequiredActions());
assertTrue(rep.getRequiredActions().contains("UPDATE_PASSWORD")); assertTrue(rep.getRequiredActions().contains("UPDATE_PASSWORD"));
assertNull(UserMapper.toRepresentation(null)); assertNull(UserMapper.toRepresentation(null));
} }
@Test @Test
void testToRepresentationValuesNull() { void testToRepresentationValuesNull() {
UserDTO dto = UserDTO.builder().username("jdoe").enabled(null).build(); UserDTO dto = UserDTO.builder().username("jdoe").enabled(null).build();
UserRepresentation rep = UserMapper.toRepresentation(dto); UserRepresentation rep = UserMapper.toRepresentation(dto);
assertTrue(rep.isEnabled()); // Defaults to true in mapper assertTrue(rep.isEnabled()); // Defaults to true in mapper
} }
@Test @Test
void testToDTOList() { void testToDTOList() {
UserRepresentation rep = new UserRepresentation(); UserRepresentation rep = new UserRepresentation();
rep.setEnabled(true); rep.setEnabled(true);
List<UserRepresentation> reps = Collections.singletonList(rep); List<UserRepresentation> reps = Collections.singletonList(rep);
List<UserDTO> dtos = UserMapper.toDTOList(reps, "realm"); List<UserDTO> dtos = UserMapper.toDTOList(reps, "realm");
assertEquals(1, dtos.size()); assertEquals(1, dtos.size());
assertTrue(UserMapper.toDTOList(null, "realm").isEmpty()); assertTrue(UserMapper.toDTOList(null, "realm").isEmpty());
} }
@Test @Test
void testPrivateConstructor() throws Exception { void testPrivateConstructor() throws Exception {
java.lang.reflect.Constructor<UserMapper> constructor = UserMapper.class.getDeclaredConstructor(); java.lang.reflect.Constructor<UserMapper> constructor = UserMapper.class.getDeclaredConstructor();
assertTrue(java.lang.reflect.Modifier.isPrivate(constructor.getModifiers())); assertTrue(java.lang.reflect.Modifier.isPrivate(constructor.getModifiers()));
constructor.setAccessible(true); constructor.setAccessible(true);
assertNotNull(constructor.newInstance()); assertNotNull(constructor.newInstance());
} }
} }

366
src/test/java/dev/lions/user/manager/resource/AuditResourceTest.java
View File

@@ -1,133 +1,233 @@
package dev.lions.user.manager.resource; package dev.lions.user.manager.resource;
import dev.lions.user.manager.dto.audit.AuditLogDTO; import dev.lions.user.manager.dto.audit.AuditLogDTO;
import dev.lions.user.manager.dto.common.CountDTO; import dev.lions.user.manager.dto.common.CountDTO;
import dev.lions.user.manager.enums.audit.TypeActionAudit; import dev.lions.user.manager.enums.audit.TypeActionAudit;
import dev.lions.user.manager.service.AuditService; import dev.lions.user.manager.service.AuditService;
import jakarta.ws.rs.core.Response; import jakarta.ws.rs.core.Response;
import org.junit.jupiter.api.Test; import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.extension.ExtendWith; import org.junit.jupiter.api.extension.ExtendWith;
import org.mockito.InjectMocks; import org.mockito.InjectMocks;
import org.mockito.Mock; import org.mockito.Mock;
import org.mockito.junit.jupiter.MockitoExtension; import org.mockito.junit.jupiter.MockitoExtension;
import java.util.Collections; import java.util.Collections;
import java.util.List; import java.util.List;
import java.util.Map; import java.util.Map;
import static org.junit.jupiter.api.Assertions.*; import static org.junit.jupiter.api.Assertions.*;
import static org.mockito.ArgumentMatchers.*; import static org.mockito.ArgumentMatchers.*;
import static org.mockito.Mockito.*; import static org.mockito.Mockito.*;
@ExtendWith(MockitoExtension.class) @ExtendWith(MockitoExtension.class)
class AuditResourceTest { class AuditResourceTest {
@Mock @Mock
AuditService auditService; AuditService auditService;
@InjectMocks @InjectMocks
AuditResource auditResource; AuditResource auditResource;
@Test @org.junit.jupiter.api.BeforeEach
void testSearchLogs() { void setUp() {
List<AuditLogDTO> logs = Collections.singletonList( auditResource.defaultRealm = "master";
AuditLogDTO.builder().acteurUsername("admin").typeAction(TypeActionAudit.USER_CREATE).build()); }
when(auditService.findByActeur(eq("admin"), any(), any(), eq(0), eq(50))).thenReturn(logs);
@Test
List<AuditLogDTO> result = auditResource.searchLogs("admin", null, null, null, null, null, 0, 50); void testSearchLogs() {
List<AuditLogDTO> logs = Collections.singletonList(
assertEquals(logs, result); AuditLogDTO.builder().acteurUsername("admin").typeAction(TypeActionAudit.USER_CREATE).build());
} when(auditService.findByActeur(eq("admin"), any(), any(), eq(0), eq(50))).thenReturn(logs);
@Test List<AuditLogDTO> result = auditResource.searchLogs("admin", null, null, null, null, null, 0, 50);
void testGetLogsByActor() {
List<AuditLogDTO> logs = Collections.singletonList( assertEquals(logs, result);
AuditLogDTO.builder().acteurUsername("admin").build()); }
when(auditService.findByActeur(eq("admin"), isNull(), isNull(), eq(0), eq(100))).thenReturn(logs);
@Test
List<AuditLogDTO> result = auditResource.getLogsByActor("admin", 100); void testGetLogsByActor() {
List<AuditLogDTO> logs = Collections.singletonList(
assertEquals(logs, result); AuditLogDTO.builder().acteurUsername("admin").build());
} when(auditService.findByActeur(eq("admin"), isNull(), isNull(), eq(0), eq(100))).thenReturn(logs);
@Test List<AuditLogDTO> result = auditResource.getLogsByActor("admin", 100);
void testGetLogsByResource() {
List<AuditLogDTO> logs = Collections.emptyList(); assertEquals(logs, result);
when(auditService.findByRessource(eq("USER"), eq("1"), any(), any(), eq(0), eq(100))) }
.thenReturn(logs);
@Test
List<AuditLogDTO> result = auditResource.getLogsByResource("USER", "1", 100); void testGetLogsByResource() {
List<AuditLogDTO> logs = Collections.emptyList();
assertEquals(logs, result); when(auditService.findByRessource(eq("USER"), eq("1"), any(), any(), eq(0), eq(100)))
} .thenReturn(logs);
@Test List<AuditLogDTO> result = auditResource.getLogsByResource("USER", "1", 100);
void testGetLogsByAction() {
List<AuditLogDTO> logs = Collections.emptyList(); assertEquals(logs, result);
when(auditService.findByTypeAction(eq(TypeActionAudit.USER_CREATE), eq("master"), any(), any(), eq(0), eq(100))) }
.thenReturn(logs);
@Test
List<AuditLogDTO> result = auditResource.getLogsByAction(TypeActionAudit.USER_CREATE, null, null, 100); void testGetLogsByAction() {
List<AuditLogDTO> logs = Collections.emptyList();
assertEquals(logs, result); when(auditService.findByTypeAction(eq(TypeActionAudit.USER_CREATE), eq("master"), any(), any(), eq(0), eq(100)))
} .thenReturn(logs);
@Test List<AuditLogDTO> result = auditResource.getLogsByAction(TypeActionAudit.USER_CREATE, null, null, 100);
void testGetActionStatistics() {
Map<TypeActionAudit, Long> stats = Map.of(TypeActionAudit.USER_CREATE, 10L); assertEquals(logs, result);
when(auditService.countByActionType(eq("master"), any(), any())).thenReturn(stats); }
Map<TypeActionAudit, Long> result = auditResource.getActionStatistics(null, null); @Test
void testGetActionStatistics() {
assertEquals(stats, result); Map<TypeActionAudit, Long> stats = Map.of(TypeActionAudit.USER_CREATE, 10L);
} when(auditService.countByActionType(eq("master"), any(), any())).thenReturn(stats);
@Test Map<TypeActionAudit, Long> result = auditResource.getActionStatistics(null, null);
void testGetUserActivityStatistics() {
Map<String, Long> stats = Map.of("admin", 100L); assertEquals(stats, result);
when(auditService.countByActeur(eq("master"), any(), any())).thenReturn(stats); }
Map<String, Long> result = auditResource.getUserActivityStatistics(null, null); @Test
void testGetUserActivityStatistics() {
assertEquals(stats, result); Map<String, Long> stats = Map.of("admin", 100L);
} when(auditService.countByActeur(eq("master"), any(), any())).thenReturn(stats);
@Test Map<String, Long> result = auditResource.getUserActivityStatistics(null, null);
void testGetFailureCount() {
Map<String, Long> successVsFailure = Map.of("failure", 5L, "success", 100L); assertEquals(stats, result);
when(auditService.countSuccessVsFailure(eq("master"), any(), any())).thenReturn(successVsFailure); }
CountDTO result = auditResource.getFailureCount(null, null); @Test
void testGetFailureCount() {
assertEquals(5L, result.getCount()); Map<String, Long> successVsFailure = Map.of("failure", 5L, "success", 100L);
} when(auditService.countSuccessVsFailure(eq("master"), any(), any())).thenReturn(successVsFailure);
@Test CountDTO result = auditResource.getFailureCount(null, null);
void testGetSuccessCount() {
Map<String, Long> successVsFailure = Map.of("failure", 5L, "success", 100L); assertEquals(5L, result.getCount());
when(auditService.countSuccessVsFailure(eq("master"), any(), any())).thenReturn(successVsFailure); }
CountDTO result = auditResource.getSuccessCount(null, null); @Test
void testGetSuccessCount() {
assertEquals(100L, result.getCount()); Map<String, Long> successVsFailure = Map.of("failure", 5L, "success", 100L);
} when(auditService.countSuccessVsFailure(eq("master"), any(), any())).thenReturn(successVsFailure);
@Test CountDTO result = auditResource.getSuccessCount(null, null);
void testExportLogsToCSV() {
when(auditService.exportToCSV(eq("master"), any(), any())).thenReturn("csv,data"); assertEquals(100L, result.getCount());
}
Response response = auditResource.exportLogsToCSV(null, null);
@Test
assertEquals(200, response.getStatus()); void testExportLogsToCSV() {
assertEquals("csv,data", response.getEntity()); when(auditService.exportToCSV(eq("master"), any(), any())).thenReturn("csv,data");
}
Response response = auditResource.exportLogsToCSV(null, null);
@Test
void testPurgeOldLogs() { assertEquals(200, response.getStatus());
doNothing().when(auditService).purgeOldLogs(any()); assertEquals("csv,data", response.getEntity());
}
auditResource.purgeOldLogs(90);
@Test
verify(auditService).purgeOldLogs(any()); void testPurgeOldLogs() {
} when(auditService.purgeOldLogs(any())).thenReturn(0L);
}
auditResource.purgeOldLogs(90);
verify(auditService).purgeOldLogs(any());
}
@Test
void testSearchLogs_NullActeur_UsesRealm() {
List<AuditLogDTO> logs = Collections.singletonList(
AuditLogDTO.builder().acteurUsername("admin").typeAction(TypeActionAudit.USER_CREATE).build());
when(auditService.findByRealm(eq("master"), any(), any(), eq(0), eq(50))).thenReturn(logs);
List<AuditLogDTO> result = auditResource.searchLogs(null, null, null, null, null, null, 0, 50);
assertEquals(logs, result);
verify(auditService).findByRealm(eq("master"), any(), any(), eq(0), eq(50));
}
@Test
void testSearchLogs_BlankActeur_UsesRealm() {
List<AuditLogDTO> logs = Collections.emptyList();
when(auditService.findByRealm(eq("master"), any(), any(), eq(0), eq(20))).thenReturn(logs);
List<AuditLogDTO> result = auditResource.searchLogs(" ", null, null, null, null, null, 0, 20);
assertEquals(logs, result);
verify(auditService).findByRealm(eq("master"), any(), any(), eq(0), eq(20));
}
@Test
void testSearchLogs_WithPostFilter_TypeAction() {
AuditLogDTO matchLog = AuditLogDTO.builder()
.acteurUsername("admin")
.typeAction(TypeActionAudit.USER_CREATE)
.build();
AuditLogDTO otherLog = AuditLogDTO.builder()
.acteurUsername("admin")
.typeAction(TypeActionAudit.USER_DELETE)
.build();
when(auditService.findByActeur(eq("admin"), any(), any(), eq(0), eq(50)))
.thenReturn(List.of(matchLog, otherLog));
List<AuditLogDTO> result = auditResource.searchLogs("admin", null, null,
TypeActionAudit.USER_CREATE, null, null, 0, 50);
assertEquals(1, result.size());
assertEquals(TypeActionAudit.USER_CREATE, result.get(0).getTypeAction());
}
@Test
void testSearchLogs_WithPostFilter_RessourceType() {
AuditLogDTO matchLog = AuditLogDTO.builder()
.acteurUsername("admin")
.typeAction(TypeActionAudit.USER_CREATE)
.ressourceType("USER")
.build();
AuditLogDTO otherLog = AuditLogDTO.builder()
.acteurUsername("admin")
.typeAction(TypeActionAudit.USER_CREATE)
.ressourceType("ROLE")
.build();
when(auditService.findByActeur(eq("admin"), any(), any(), eq(0), eq(50)))
.thenReturn(List.of(matchLog, otherLog));
List<AuditLogDTO> result = auditResource.searchLogs("admin", null, null,
null, "USER", null, 0, 50);
assertEquals(1, result.size());
assertEquals("USER", result.get(0).getRessourceType());
}
@Test
void testSearchLogs_WithPostFilter_Succes() {
AuditLogDTO successLog = AuditLogDTO.builder()
.acteurUsername("admin")
.typeAction(TypeActionAudit.USER_CREATE)
.success(true)
.build();
AuditLogDTO failLog = AuditLogDTO.builder()
.acteurUsername("admin")
.typeAction(TypeActionAudit.USER_CREATE)
.success(false)
.build();
when(auditService.findByActeur(eq("admin"), any(), any(), eq(0), eq(50)))
.thenReturn(List.of(successLog, failLog));
List<AuditLogDTO> result = auditResource.searchLogs("admin", null, null,
null, null, Boolean.TRUE, 0, 50);
assertEquals(1, result.size());
assertTrue(result.get(0).isSuccessful());
}
@Test
void testExportLogsToCSV_Exception() {
when(auditService.exportToCSV(eq("master"), any(), any()))
.thenThrow(new RuntimeException("Export failed"));
assertThrows(RuntimeException.class, () -> auditResource.exportLogsToCSV(null, null));
}
}

198
src/test/java/dev/lions/user/manager/resource/HealthResourceEndpointTest.java
View File

@@ -1,99 +1,99 @@
package dev.lions.user.manager.resource; package dev.lions.user.manager.resource;
import dev.lions.user.manager.client.KeycloakAdminClient; import dev.lions.user.manager.client.KeycloakAdminClient;
import org.junit.jupiter.api.Test; import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.extension.ExtendWith; import org.junit.jupiter.api.extension.ExtendWith;
import org.keycloak.admin.client.Keycloak; import org.keycloak.admin.client.Keycloak;
import org.mockito.InjectMocks; import org.mockito.InjectMocks;
import org.mockito.Mock; import org.mockito.Mock;
import org.mockito.junit.jupiter.MockitoExtension; import org.mockito.junit.jupiter.MockitoExtension;
import java.util.Map; import java.util.Map;
import static org.junit.jupiter.api.Assertions.*; import static org.junit.jupiter.api.Assertions.*;
import static org.mockito.Mockito.*; import static org.mockito.Mockito.*;
@ExtendWith(MockitoExtension.class) @ExtendWith(MockitoExtension.class)
class HealthResourceEndpointTest { class HealthResourceEndpointTest {
@Mock @Mock
KeycloakAdminClient keycloakAdminClient; KeycloakAdminClient keycloakAdminClient;
@Mock @Mock
Keycloak keycloak; Keycloak keycloak;
@InjectMocks @InjectMocks
HealthResourceEndpoint healthResourceEndpoint; HealthResourceEndpoint healthResourceEndpoint;
@Test @Test
void testGetKeycloakHealthConnected() { void testGetKeycloakHealthConnected() {
when(keycloakAdminClient.getInstance()).thenReturn(keycloak); when(keycloakAdminClient.getInstance()).thenReturn(keycloak);
Map<String, Object> result = healthResourceEndpoint.getKeycloakHealth(); Map<String, Object> result = healthResourceEndpoint.getKeycloakHealth();
assertNotNull(result); assertNotNull(result);
assertEquals("UP", result.get("status")); assertEquals("UP", result.get("status"));
assertEquals(true, result.get("connected")); assertEquals(true, result.get("connected"));
assertNotNull(result.get("timestamp")); assertNotNull(result.get("timestamp"));
} }
@Test @Test
void testGetKeycloakHealthDisconnected() { void testGetKeycloakHealthDisconnected() {
when(keycloakAdminClient.getInstance()).thenReturn(null); when(keycloakAdminClient.getInstance()).thenReturn(null);
Map<String, Object> result = healthResourceEndpoint.getKeycloakHealth(); Map<String, Object> result = healthResourceEndpoint.getKeycloakHealth();
assertNotNull(result); assertNotNull(result);
assertEquals("DOWN", result.get("status")); assertEquals("DOWN", result.get("status"));
assertEquals(false, result.get("connected")); assertEquals(false, result.get("connected"));
} }
@Test @Test
void testGetKeycloakHealthError() { void testGetKeycloakHealthError() {
when(keycloakAdminClient.getInstance()).thenThrow(new RuntimeException("Connection error")); when(keycloakAdminClient.getInstance()).thenThrow(new RuntimeException("Connection error"));
Map<String, Object> result = healthResourceEndpoint.getKeycloakHealth(); Map<String, Object> result = healthResourceEndpoint.getKeycloakHealth();
assertNotNull(result); assertNotNull(result);
assertEquals("ERROR", result.get("status")); assertEquals("ERROR", result.get("status"));
assertEquals(false, result.get("connected")); assertEquals(false, result.get("connected"));
assertEquals("Connection error", result.get("error")); assertEquals("Connection error", result.get("error"));
} }
@Test @Test
void testGetServiceStatusConnected() { void testGetServiceStatusConnected() {
when(keycloakAdminClient.isConnected()).thenReturn(true); when(keycloakAdminClient.isConnected()).thenReturn(true);
Map<String, Object> result = healthResourceEndpoint.getServiceStatus(); Map<String, Object> result = healthResourceEndpoint.getServiceStatus();
assertNotNull(result); assertNotNull(result);
assertEquals("lions-user-manager-server", result.get("service")); assertEquals("lions-user-manager-server", result.get("service"));
assertEquals("1.0.0", result.get("version")); assertEquals("1.0.0", result.get("version"));
assertEquals("UP", result.get("status")); assertEquals("UP", result.get("status"));
assertEquals("CONNECTED", result.get("keycloak")); assertEquals("CONNECTED", result.get("keycloak"));
assertNotNull(result.get("timestamp")); assertNotNull(result.get("timestamp"));
} }
@Test @Test
void testGetServiceStatusDisconnected() { void testGetServiceStatusDisconnected() {
when(keycloakAdminClient.isConnected()).thenReturn(false); when(keycloakAdminClient.isConnected()).thenReturn(false);
Map<String, Object> result = healthResourceEndpoint.getServiceStatus(); Map<String, Object> result = healthResourceEndpoint.getServiceStatus();
assertNotNull(result); assertNotNull(result);
assertEquals("UP", result.get("status")); assertEquals("UP", result.get("status"));
assertEquals("DISCONNECTED", result.get("keycloak")); assertEquals("DISCONNECTED", result.get("keycloak"));
} }
@Test @Test
void testGetServiceStatusKeycloakError() { void testGetServiceStatusKeycloakError() {
when(keycloakAdminClient.isConnected()).thenThrow(new RuntimeException("Error")); when(keycloakAdminClient.isConnected()).thenThrow(new RuntimeException("Error"));
Map<String, Object> result = healthResourceEndpoint.getServiceStatus(); Map<String, Object> result = healthResourceEndpoint.getServiceStatus();
assertNotNull(result); assertNotNull(result);
assertEquals("UP", result.get("status")); assertEquals("UP", result.get("status"));
assertEquals("ERROR", result.get("keycloak")); assertEquals("ERROR", result.get("keycloak"));
assertEquals("Error", result.get("keycloakError")); assertEquals("Error", result.get("keycloakError"));
} }
} }

56
src/test/java/dev/lions/user/manager/resource/KeycloakHealthCheckTest.java Normal file
View File

@@ -0,0 +1,56 @@
package dev.lions.user.manager.resource;
import dev.lions.user.manager.client.KeycloakAdminClient;
import org.eclipse.microprofile.health.HealthCheckResponse;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.extension.ExtendWith;
import org.mockito.InjectMocks;
import org.mockito.Mock;
import org.mockito.junit.jupiter.MockitoExtension;
import static org.junit.jupiter.api.Assertions.*;
import static org.mockito.Mockito.*;
@ExtendWith(MockitoExtension.class)
class KeycloakHealthCheckTest {
@Mock
KeycloakAdminClient keycloakAdminClient;
@InjectMocks
KeycloakHealthCheck healthCheck;
@Test
void testCall_Connected() {
when(keycloakAdminClient.isConnected()).thenReturn(true);
HealthCheckResponse response = healthCheck.call();
assertNotNull(response);
assertEquals(HealthCheckResponse.Status.UP, response.getStatus());
assertEquals("keycloak-connection", response.getName());
}
@Test
void testCall_NotConnected() {
when(keycloakAdminClient.isConnected()).thenReturn(false);
HealthCheckResponse response = healthCheck.call();
assertNotNull(response);
assertEquals(HealthCheckResponse.Status.DOWN, response.getStatus());
assertEquals("keycloak-connection", response.getName());
}
@Test
void testCall_Exception() {
when(keycloakAdminClient.isConnected()).thenThrow(new RuntimeException("Connection refused"));
HealthCheckResponse response = healthCheck.call();
assertNotNull(response);
assertEquals(HealthCheckResponse.Status.DOWN, response.getStatus());
assertEquals("keycloak-connection", response.getName());
}
}

411
src/test/java/dev/lions/user/manager/resource/RealmAssignmentResourceTest.java
View File

@@ -1,189 +1,222 @@
package dev.lions.user.manager.resource; package dev.lions.user.manager.resource;
import dev.lions.user.manager.dto.realm.AuthorizedRealmsDTO; import dev.lions.user.manager.dto.realm.AuthorizedRealmsDTO;
import dev.lions.user.manager.dto.realm.RealmAccessCheckDTO; import dev.lions.user.manager.dto.realm.RealmAccessCheckDTO;
import dev.lions.user.manager.dto.realm.RealmAssignmentDTO; import dev.lions.user.manager.dto.realm.RealmAssignmentDTO;
import dev.lions.user.manager.service.RealmAuthorizationService; import dev.lions.user.manager.service.RealmAuthorizationService;
import jakarta.ws.rs.core.Response; import jakarta.ws.rs.core.Response;
import jakarta.ws.rs.core.SecurityContext; import jakarta.ws.rs.core.SecurityContext;
import org.junit.jupiter.api.BeforeEach; import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test; import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.extension.ExtendWith; import org.junit.jupiter.api.extension.ExtendWith;
import org.mockito.InjectMocks; import org.mockito.InjectMocks;
import org.mockito.Mock; import org.mockito.Mock;
import org.mockito.junit.jupiter.MockitoExtension; import org.mockito.junit.jupiter.MockitoExtension;
import java.security.Principal; import java.security.Principal;
import java.time.LocalDateTime; import java.time.LocalDateTime;
import java.util.Arrays; import java.util.Arrays;
import java.util.List; import java.util.List;
import java.util.Optional; import java.util.Optional;
import static org.junit.jupiter.api.Assertions.*; import static org.junit.jupiter.api.Assertions.*;
import static org.mockito.ArgumentMatchers.*; import static org.mockito.ArgumentMatchers.*;
import static org.mockito.Mockito.*; import static org.mockito.Mockito.*;
/** /**
* Tests unitaires pour RealmAssignmentResource * Tests unitaires pour RealmAssignmentResource
*/ */
@ExtendWith(MockitoExtension.class) @ExtendWith(MockitoExtension.class)
class RealmAssignmentResourceTest { class RealmAssignmentResourceTest {
@Mock @Mock
private RealmAuthorizationService realmAuthorizationService; private RealmAuthorizationService realmAuthorizationService;
@Mock @Mock
private SecurityContext securityContext; private SecurityContext securityContext;
@Mock @Mock
private Principal principal; private Principal principal;
@InjectMocks @InjectMocks
private RealmAssignmentResource realmAssignmentResource; private RealmAssignmentResource realmAssignmentResource;
private RealmAssignmentDTO assignment; private RealmAssignmentDTO assignment;
@BeforeEach @BeforeEach
void setUp() { void setUp() {
assignment = RealmAssignmentDTO.builder() assignment = RealmAssignmentDTO.builder()
.id("assignment-1") .id("assignment-1")
.userId("user-1") .userId("user-1")
.username("testuser") .username("testuser")
.email("test@example.com") .email("test@example.com")
.realmName("realm1") .realmName("realm1")
.isSuperAdmin(false) .isSuperAdmin(false)
.active(true) .active(true)
.assignedAt(LocalDateTime.now()) .assignedAt(LocalDateTime.now())
.assignedBy("admin") .assignedBy("admin")
.build(); .build();
} }
@Test @Test
void testGetAllAssignments_Success() { void testGetAllAssignments_Success() {
List<RealmAssignmentDTO> assignments = Arrays.asList(assignment); List<RealmAssignmentDTO> assignments = Arrays.asList(assignment);
when(realmAuthorizationService.getAllAssignments()).thenReturn(assignments); when(realmAuthorizationService.getAllAssignments()).thenReturn(assignments);
List<RealmAssignmentDTO> result = realmAssignmentResource.getAllAssignments(); List<RealmAssignmentDTO> result = realmAssignmentResource.getAllAssignments();
assertEquals(1, result.size()); assertEquals(1, result.size());
} }
@Test @Test
void testGetAssignmentsByUser_Success() { void testGetAssignmentsByUser_Success() {
List<RealmAssignmentDTO> assignments = Arrays.asList(assignment); List<RealmAssignmentDTO> assignments = Arrays.asList(assignment);
when(realmAuthorizationService.getAssignmentsByUser("user-1")).thenReturn(assignments); when(realmAuthorizationService.getAssignmentsByUser("user-1")).thenReturn(assignments);
List<RealmAssignmentDTO> result = realmAssignmentResource.getAssignmentsByUser("user-1"); List<RealmAssignmentDTO> result = realmAssignmentResource.getAssignmentsByUser("user-1");
assertEquals(1, result.size()); assertEquals(1, result.size());
} }
@Test @Test
void testGetAssignmentsByRealm_Success() { void testGetAssignmentsByRealm_Success() {
List<RealmAssignmentDTO> assignments = Arrays.asList(assignment); List<RealmAssignmentDTO> assignments = Arrays.asList(assignment);
when(realmAuthorizationService.getAssignmentsByRealm("realm1")).thenReturn(assignments); when(realmAuthorizationService.getAssignmentsByRealm("realm1")).thenReturn(assignments);
List<RealmAssignmentDTO> result = realmAssignmentResource.getAssignmentsByRealm("realm1"); List<RealmAssignmentDTO> result = realmAssignmentResource.getAssignmentsByRealm("realm1");
assertEquals(1, result.size()); assertEquals(1, result.size());
} }
@Test @Test
void testGetAssignmentById_Success() { void testGetAssignmentById_Success() {
when(realmAuthorizationService.getAssignmentById("assignment-1")).thenReturn(Optional.of(assignment)); when(realmAuthorizationService.getAssignmentById("assignment-1")).thenReturn(Optional.of(assignment));
RealmAssignmentDTO result = realmAssignmentResource.getAssignmentById("assignment-1"); RealmAssignmentDTO result = realmAssignmentResource.getAssignmentById("assignment-1");
assertNotNull(result); assertNotNull(result);
assertEquals("assignment-1", result.getId()); assertEquals("assignment-1", result.getId());
} }
@Test @Test
void testGetAssignmentById_NotFound() { void testGetAssignmentById_NotFound() {
when(realmAuthorizationService.getAssignmentById("non-existent")).thenReturn(Optional.empty()); when(realmAuthorizationService.getAssignmentById("non-existent")).thenReturn(Optional.empty());
assertThrows(RuntimeException.class, () -> realmAssignmentResource.getAssignmentById("non-existent")); assertThrows(RuntimeException.class, () -> realmAssignmentResource.getAssignmentById("non-existent"));
} }
@Test @Test
void testCanManageRealm_Success() { void testCanManageRealm_Success() {
when(realmAuthorizationService.canManageRealm("user-1", "realm1")).thenReturn(true); when(realmAuthorizationService.canManageRealm("user-1", "realm1")).thenReturn(true);
RealmAccessCheckDTO result = realmAssignmentResource.canManageRealm("user-1", "realm1"); RealmAccessCheckDTO result = realmAssignmentResource.canManageRealm("user-1", "realm1");
assertTrue(result.isCanManage()); assertTrue(result.isCanManage());
} }
@Test @Test
void testGetAuthorizedRealms_Success() { void testGetAuthorizedRealms_Success() {
List<String> realms = Arrays.asList("realm1", "realm2"); List<String> realms = Arrays.asList("realm1", "realm2");
when(realmAuthorizationService.getAuthorizedRealms("user-1")).thenReturn(realms); when(realmAuthorizationService.getAuthorizedRealms("user-1")).thenReturn(realms);
when(realmAuthorizationService.isSuperAdmin("user-1")).thenReturn(false); when(realmAuthorizationService.isSuperAdmin("user-1")).thenReturn(false);
AuthorizedRealmsDTO result = realmAssignmentResource.getAuthorizedRealms("user-1"); AuthorizedRealmsDTO result = realmAssignmentResource.getAuthorizedRealms("user-1");
assertEquals(2, result.getRealms().size()); assertEquals(2, result.getRealms().size());
assertFalse(result.isSuperAdmin()); assertFalse(result.isSuperAdmin());
} }
@Test @Test
void testAssignRealmToUser_Success() { void testAssignRealmToUser_Success() {
// En Quarkus, @Context SecurityContext injecté peut être simulé via Mockito // En Quarkus, @Context SecurityContext injecté peut être simulé via Mockito
// Mais dans RealmAssignmentResource, l'admin est récupéré du SecurityContext. // Mais dans RealmAssignmentResource, l'admin est récupéré du SecurityContext.
// Puisque c'est un test unitaire @ExtendWith(MockitoExtension.class), // Puisque c'est un test unitaire @ExtendWith(MockitoExtension.class),
// @Inject SecurityContext securityContext est mocké. // @Inject SecurityContext securityContext est mocké.
when(securityContext.getUserPrincipal()).thenReturn(principal); when(securityContext.getUserPrincipal()).thenReturn(principal);
when(principal.getName()).thenReturn("admin"); when(principal.getName()).thenReturn("admin");
when(realmAuthorizationService.assignRealmToUser(any(RealmAssignmentDTO.class))).thenReturn(assignment); when(realmAuthorizationService.assignRealmToUser(any(RealmAssignmentDTO.class))).thenReturn(assignment);
Response response = realmAssignmentResource.assignRealmToUser(assignment); Response response = realmAssignmentResource.assignRealmToUser(assignment);
assertEquals(201, response.getStatus()); assertEquals(201, response.getStatus());
} }
@Test @Test
void testRevokeRealmFromUser_Success() { void testRevokeRealmFromUser_Success() {
doNothing().when(realmAuthorizationService).revokeRealmFromUser("user-1", "realm1"); doNothing().when(realmAuthorizationService).revokeRealmFromUser("user-1", "realm1");
realmAssignmentResource.revokeRealmFromUser("user-1", "realm1"); realmAssignmentResource.revokeRealmFromUser("user-1", "realm1");
verify(realmAuthorizationService).revokeRealmFromUser("user-1", "realm1"); verify(realmAuthorizationService).revokeRealmFromUser("user-1", "realm1");
} }
@Test @Test
void testRevokeAllRealmsFromUser_Success() { void testRevokeAllRealmsFromUser_Success() {
doNothing().when(realmAuthorizationService).revokeAllRealmsFromUser("user-1"); doNothing().when(realmAuthorizationService).revokeAllRealmsFromUser("user-1");
realmAssignmentResource.revokeAllRealmsFromUser("user-1"); realmAssignmentResource.revokeAllRealmsFromUser("user-1");
verify(realmAuthorizationService).revokeAllRealmsFromUser("user-1"); verify(realmAuthorizationService).revokeAllRealmsFromUser("user-1");
} }
@Test @Test
void testDeactivateAssignment_Success() { void testDeactivateAssignment_Success() {
doNothing().when(realmAuthorizationService).deactivateAssignment("assignment-1"); doNothing().when(realmAuthorizationService).deactivateAssignment("assignment-1");
realmAssignmentResource.deactivateAssignment("assignment-1"); realmAssignmentResource.deactivateAssignment("assignment-1");
verify(realmAuthorizationService).deactivateAssignment("assignment-1"); verify(realmAuthorizationService).deactivateAssignment("assignment-1");
} }
@Test @Test
void testActivateAssignment_Success() { void testActivateAssignment_Success() {
doNothing().when(realmAuthorizationService).activateAssignment("assignment-1"); doNothing().when(realmAuthorizationService).activateAssignment("assignment-1");
realmAssignmentResource.activateAssignment("assignment-1"); realmAssignmentResource.activateAssignment("assignment-1");
verify(realmAuthorizationService).activateAssignment("assignment-1"); verify(realmAuthorizationService).activateAssignment("assignment-1");
} }
@Test @Test
void testSetSuperAdmin_Success() { void testSetSuperAdmin_Success() {
doNothing().when(realmAuthorizationService).setSuperAdmin("user-1", true); doNothing().when(realmAuthorizationService).setSuperAdmin("user-1", true);
realmAssignmentResource.setSuperAdmin("user-1", true); realmAssignmentResource.setSuperAdmin("user-1", true);
verify(realmAuthorizationService).setSuperAdmin("user-1", true); verify(realmAuthorizationService).setSuperAdmin("user-1", true);
} }
}
@Test
void testAssignRealmToUser_NullPrincipal() {
when(securityContext.getUserPrincipal()).thenReturn(null);
when(realmAuthorizationService.assignRealmToUser(any(RealmAssignmentDTO.class))).thenReturn(assignment);
Response response = realmAssignmentResource.assignRealmToUser(assignment);
assertEquals(201, response.getStatus());
// assignedBy n'est pas modifié car le principal est null
}
@Test
void testAssignRealmToUser_IllegalArgumentException() {
when(securityContext.getUserPrincipal()).thenReturn(principal);
when(principal.getName()).thenReturn("admin");
when(realmAuthorizationService.assignRealmToUser(any(RealmAssignmentDTO.class)))
.thenThrow(new IllegalArgumentException("Affectation déjà existante"));
Response response = realmAssignmentResource.assignRealmToUser(assignment);
assertEquals(409, response.getStatus());
}
@Test
void testAssignRealmToUser_GenericException() {
when(securityContext.getUserPrincipal()).thenReturn(principal);
when(principal.getName()).thenReturn("admin");
when(realmAuthorizationService.assignRealmToUser(any(RealmAssignmentDTO.class)))
.thenThrow(new RuntimeException("Erreur inattendue"));
assertThrows(RuntimeException.class, () -> realmAssignmentResource.assignRealmToUser(assignment));
}
}

147
src/test/java/dev/lions/user/manager/resource/RealmResourceAdditionalTest.java
View File

@@ -1,59 +1,88 @@
package dev.lions.user.manager.resource; package dev.lions.user.manager.resource;
import dev.lions.user.manager.client.KeycloakAdminClient; import dev.lions.user.manager.client.KeycloakAdminClient;
import io.quarkus.security.identity.SecurityIdentity; import io.quarkus.security.identity.SecurityIdentity;
import org.junit.jupiter.api.Test; import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.extension.ExtendWith; import org.junit.jupiter.api.extension.ExtendWith;
import org.mockito.InjectMocks; import org.mockito.InjectMocks;
import org.mockito.Mock; import org.mockito.Mock;
import org.mockito.junit.jupiter.MockitoExtension; import org.mockito.junit.jupiter.MockitoExtension;
import java.util.Arrays; import java.util.Arrays;
import java.util.List; import java.util.List;
import static org.junit.jupiter.api.Assertions.*; import static org.junit.jupiter.api.Assertions.*;
import static org.mockito.Mockito.*; import static org.mockito.Mockito.*;
/** /**
* Tests supplémentaires pour RealmResource pour améliorer la couverture * Tests supplémentaires pour RealmResource pour améliorer la couverture
*/ */
@ExtendWith(MockitoExtension.class) @ExtendWith(MockitoExtension.class)
class RealmResourceAdditionalTest { class RealmResourceAdditionalTest {
@Mock @Mock
private KeycloakAdminClient keycloakAdminClient; private KeycloakAdminClient keycloakAdminClient;
@Mock @Mock
private SecurityIdentity securityIdentity; private SecurityIdentity securityIdentity;
@InjectMocks @InjectMocks
private RealmResource realmResource; private RealmResource realmResource;
@Test @Test
void testGetAllRealms_Success() { void testGetAllRealms_Success() {
List<String> realms = Arrays.asList("master", "lions-user-manager", "test-realm"); List<String> realms = Arrays.asList("master", "lions-user-manager", "test-realm");
when(keycloakAdminClient.getAllRealms()).thenReturn(realms); when(keycloakAdminClient.getAllRealms()).thenReturn(realms);
List<String> result = realmResource.getAllRealms(); List<String> result = realmResource.getAllRealms();
assertNotNull(result); assertNotNull(result);
assertEquals(3, result.size()); assertEquals(3, result.size());
} }
@Test @Test
void testGetAllRealms_Empty() { void testGetAllRealms_Empty() {
when(keycloakAdminClient.getAllRealms()).thenReturn(List.of()); when(keycloakAdminClient.getAllRealms()).thenReturn(List.of());
List<String> result = realmResource.getAllRealms(); List<String> result = realmResource.getAllRealms();
assertNotNull(result); assertNotNull(result);
assertTrue(result.isEmpty()); assertTrue(result.isEmpty());
} }
@Test @Test
void testGetAllRealms_Exception() { void testGetAllRealms_Exception() {
when(keycloakAdminClient.getAllRealms()).thenThrow(new RuntimeException("Connection error")); when(keycloakAdminClient.getAllRealms()).thenThrow(new RuntimeException("Connection error"));
assertThrows(RuntimeException.class, () -> realmResource.getAllRealms()); assertThrows(RuntimeException.class, () -> realmResource.getAllRealms());
} }
}
@Test
void testGetRealmClients_Success() {
List<String> clients = Arrays.asList("admin-cli", "account", "lions-app");
when(keycloakAdminClient.getRealmClients("test-realm")).thenReturn(clients);
List<String> result = realmResource.getRealmClients("test-realm");
assertNotNull(result);
assertEquals(3, result.size());
assertTrue(result.contains("admin-cli"));
}
@Test
void testGetRealmClients_Empty() {
when(keycloakAdminClient.getRealmClients("test-realm")).thenReturn(List.of());
List<String> result = realmResource.getRealmClients("test-realm");
assertNotNull(result);
assertTrue(result.isEmpty());
}
@Test
void testGetRealmClients_Exception() {
when(keycloakAdminClient.getRealmClients("bad-realm")).thenThrow(new RuntimeException("Not found"));
assertThrows(RuntimeException.class, () -> realmResource.getRealmClients("bad-realm"));
}
}

124
src/test/java/dev/lions/user/manager/resource/RealmResourceTest.java
View File

@@ -1,62 +1,62 @@
package dev.lions.user.manager.resource; package dev.lions.user.manager.resource;
import dev.lions.user.manager.client.KeycloakAdminClient; import dev.lions.user.manager.client.KeycloakAdminClient;
import io.quarkus.security.identity.SecurityIdentity; import io.quarkus.security.identity.SecurityIdentity;
import org.junit.jupiter.api.Test; import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.extension.ExtendWith; import org.junit.jupiter.api.extension.ExtendWith;
import org.mockito.InjectMocks; import org.mockito.InjectMocks;
import org.mockito.Mock; import org.mockito.Mock;
import org.mockito.junit.jupiter.MockitoExtension; import org.mockito.junit.jupiter.MockitoExtension;
import java.util.Arrays; import java.util.Arrays;
import java.util.Collections; import java.util.Collections;
import java.util.List; import java.util.List;
import static org.junit.jupiter.api.Assertions.*; import static org.junit.jupiter.api.Assertions.*;
import static org.mockito.Mockito.*; import static org.mockito.Mockito.*;
/** /**
* Tests unitaires pour RealmResource * Tests unitaires pour RealmResource
*/ */
@ExtendWith(MockitoExtension.class) @ExtendWith(MockitoExtension.class)
class RealmResourceTest { class RealmResourceTest {
@Mock @Mock
private KeycloakAdminClient keycloakAdminClient; private KeycloakAdminClient keycloakAdminClient;
@Mock @Mock
private SecurityIdentity securityIdentity; private SecurityIdentity securityIdentity;
@InjectMocks @InjectMocks
private RealmResource realmResource; private RealmResource realmResource;
@Test @Test
void testGetAllRealms_Success() { void testGetAllRealms_Success() {
List<String> realms = Arrays.asList("master", "lions-user-manager", "btpxpress"); List<String> realms = Arrays.asList("master", "lions-user-manager", "btpxpress");
when(keycloakAdminClient.getAllRealms()).thenReturn(realms); when(keycloakAdminClient.getAllRealms()).thenReturn(realms);
List<String> result = realmResource.getAllRealms(); List<String> result = realmResource.getAllRealms();
assertNotNull(result); assertNotNull(result);
assertEquals(3, result.size()); assertEquals(3, result.size());
assertEquals("master", result.get(0)); assertEquals("master", result.get(0));
verify(keycloakAdminClient).getAllRealms(); verify(keycloakAdminClient).getAllRealms();
} }
@Test @Test
void testGetAllRealms_EmptyList() { void testGetAllRealms_EmptyList() {
when(keycloakAdminClient.getAllRealms()).thenReturn(Collections.emptyList()); when(keycloakAdminClient.getAllRealms()).thenReturn(Collections.emptyList());
List<String> result = realmResource.getAllRealms(); List<String> result = realmResource.getAllRealms();
assertNotNull(result); assertNotNull(result);
assertTrue(result.isEmpty()); assertTrue(result.isEmpty());
} }
@Test @Test
void testGetAllRealms_Exception() { void testGetAllRealms_Exception() {
when(keycloakAdminClient.getAllRealms()).thenThrow(new RuntimeException("Keycloak connection error")); when(keycloakAdminClient.getAllRealms()).thenThrow(new RuntimeException("Keycloak connection error"));
assertThrows(RuntimeException.class, () -> realmResource.getAllRealms()); assertThrows(RuntimeException.class, () -> realmResource.getAllRealms());
} }
} }

636
src/test/java/dev/lions/user/manager/resource/RoleResourceTest.java
View File

@@ -1,266 +1,370 @@
package dev.lions.user.manager.resource; package dev.lions.user.manager.resource;
import dev.lions.user.manager.dto.role.RoleAssignmentDTO; import dev.lions.user.manager.dto.role.RoleAssignmentDTO;
import dev.lions.user.manager.dto.role.RoleAssignmentRequestDTO; import dev.lions.user.manager.dto.role.RoleAssignmentRequestDTO;
import dev.lions.user.manager.dto.role.RoleDTO; import dev.lions.user.manager.dto.role.RoleDTO;
import dev.lions.user.manager.enums.role.TypeRole; import dev.lions.user.manager.enums.role.TypeRole;
import dev.lions.user.manager.service.RoleService; import dev.lions.user.manager.service.RoleService;
import jakarta.ws.rs.core.Response; import jakarta.ws.rs.core.Response;
import org.junit.jupiter.api.Test; import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.extension.ExtendWith; import org.junit.jupiter.api.extension.ExtendWith;
import org.mockito.InjectMocks; import org.mockito.InjectMocks;
import org.mockito.Mock; import org.mockito.Mock;
import org.mockito.junit.jupiter.MockitoExtension; import org.mockito.junit.jupiter.MockitoExtension;
import java.util.Collections; import java.util.Collections;
import java.util.List; import java.util.List;
import java.util.Optional; import java.util.Optional;
import static org.junit.jupiter.api.Assertions.*; import static org.junit.jupiter.api.Assertions.*;
import static org.mockito.ArgumentMatchers.*; import static org.mockito.ArgumentMatchers.*;
import static org.mockito.Mockito.*; import static org.mockito.Mockito.*;
@ExtendWith(MockitoExtension.class) @ExtendWith(MockitoExtension.class)
class RoleResourceTest { class RoleResourceTest {
@Mock @Mock
RoleService roleService; RoleService roleService;
@InjectMocks @InjectMocks
RoleResource roleResource; RoleResource roleResource;
private static final String REALM = "test-realm"; private static final String REALM = "test-realm";
private static final String CLIENT_ID = "test-client"; private static final String CLIENT_ID = "test-client";
// ============== Realm Role Tests ============== // ============== Realm Role Tests ==============
@Test @Test
void testCreateRealmRole() { void testCreateRealmRole() {
RoleDTO input = RoleDTO.builder().name("role").description("desc").build(); RoleDTO input = RoleDTO.builder().name("role").description("desc").build();
RoleDTO created = RoleDTO.builder().id("1").name("role").description("desc").build(); RoleDTO created = RoleDTO.builder().id("1").name("role").description("desc").build();
when(roleService.createRealmRole(any(), eq(REALM))).thenReturn(created); when(roleService.createRealmRole(any(), eq(REALM))).thenReturn(created);
Response response = roleResource.createRealmRole(input, REALM); Response response = roleResource.createRealmRole(input, REALM);
assertEquals(201, response.getStatus()); assertEquals(201, response.getStatus());
assertEquals(created, response.getEntity()); assertEquals(created, response.getEntity());
} }
@Test @Test
void testCreateRealmRoleConflict() { void testCreateRealmRoleConflict() {
RoleDTO input = RoleDTO.builder().name("role").build(); RoleDTO input = RoleDTO.builder().name("role").build();
when(roleService.createRealmRole(any(), eq(REALM))) when(roleService.createRealmRole(any(), eq(REALM)))
.thenThrow(new IllegalArgumentException("Role already exists")); .thenThrow(new IllegalArgumentException("Role already exists"));
Response response = roleResource.createRealmRole(input, REALM); Response response = roleResource.createRealmRole(input, REALM);
assertEquals(409, response.getStatus()); assertEquals(409, response.getStatus());
} }
@Test @Test
void testGetRealmRole() { void testGetRealmRole() {
RoleDTO role = RoleDTO.builder().id("1").name("role").build(); RoleDTO role = RoleDTO.builder().id("1").name("role").build();
when(roleService.getRoleByName("role", REALM, TypeRole.REALM_ROLE, null)) when(roleService.getRoleByName("role", REALM, TypeRole.REALM_ROLE, null))
.thenReturn(Optional.of(role)); .thenReturn(Optional.of(role));
RoleDTO result = roleResource.getRealmRole("role", REALM); RoleDTO result = roleResource.getRealmRole("role", REALM);
assertEquals(role, result); assertEquals(role, result);
} }
@Test @Test
void testGetRealmRoleNotFound() { void testGetRealmRoleNotFound() {
when(roleService.getRoleByName("role", REALM, TypeRole.REALM_ROLE, null)) when(roleService.getRoleByName("role", REALM, TypeRole.REALM_ROLE, null))
.thenReturn(Optional.empty()); .thenReturn(Optional.empty());
assertThrows(RuntimeException.class, () -> roleResource.getRealmRole("role", REALM)); assertThrows(RuntimeException.class, () -> roleResource.getRealmRole("role", REALM));
} }
@Test @Test
void testGetAllRealmRoles() { void testGetAllRealmRoles() {
List<RoleDTO> roles = Collections.singletonList(RoleDTO.builder().name("role").build()); List<RoleDTO> roles = Collections.singletonList(RoleDTO.builder().name("role").build());
when(roleService.getAllRealmRoles(REALM)).thenReturn(roles); when(roleService.getAllRealmRoles(REALM)).thenReturn(roles);
List<RoleDTO> result = roleResource.getAllRealmRoles(REALM); List<RoleDTO> result = roleResource.getAllRealmRoles(REALM);
assertEquals(roles, result); assertEquals(roles, result);
} }
@Test @Test
void testUpdateRealmRole() { void testUpdateRealmRole() {
RoleDTO existingRole = RoleDTO.builder().id("1").name("role").build(); RoleDTO existingRole = RoleDTO.builder().id("1").name("role").build();
RoleDTO input = RoleDTO.builder().description("updated").build(); RoleDTO input = RoleDTO.builder().description("updated").build();
RoleDTO updated = RoleDTO.builder().id("1").name("role").description("updated").build(); RoleDTO updated = RoleDTO.builder().id("1").name("role").description("updated").build();
when(roleService.getRoleByName("role", REALM, TypeRole.REALM_ROLE, null)) when(roleService.getRoleByName("role", REALM, TypeRole.REALM_ROLE, null))
.thenReturn(Optional.of(existingRole)); .thenReturn(Optional.of(existingRole));
when(roleService.updateRole(eq("1"), any(), eq(REALM), eq(TypeRole.REALM_ROLE), isNull())) when(roleService.updateRole(eq("1"), any(), eq(REALM), eq(TypeRole.REALM_ROLE), isNull()))
.thenReturn(updated); .thenReturn(updated);
RoleDTO result = roleResource.updateRealmRole("role", input, REALM); RoleDTO result = roleResource.updateRealmRole("role", input, REALM);
assertEquals(updated, result); assertEquals(updated, result);
} }
@Test @Test
void testDeleteRealmRole() { void testDeleteRealmRole() {
RoleDTO existingRole = RoleDTO.builder().id("1").name("role").build(); RoleDTO existingRole = RoleDTO.builder().id("1").name("role").build();
when(roleService.getRoleByName("role", REALM, TypeRole.REALM_ROLE, null)) when(roleService.getRoleByName("role", REALM, TypeRole.REALM_ROLE, null))
.thenReturn(Optional.of(existingRole)); .thenReturn(Optional.of(existingRole));
doNothing().when(roleService).deleteRole(eq("1"), eq(REALM), eq(TypeRole.REALM_ROLE), isNull()); doNothing().when(roleService).deleteRole(eq("1"), eq(REALM), eq(TypeRole.REALM_ROLE), isNull());
roleResource.deleteRealmRole("role", REALM); roleResource.deleteRealmRole("role", REALM);
verify(roleService).deleteRole(eq("1"), eq(REALM), eq(TypeRole.REALM_ROLE), isNull()); verify(roleService).deleteRole(eq("1"), eq(REALM), eq(TypeRole.REALM_ROLE), isNull());
} }
// ============== Client Role Tests ============== // ============== Client Role Tests ==============
@Test @Test
void testCreateClientRole() { void testCreateClientRole() {
RoleDTO input = RoleDTO.builder().name("role").build(); RoleDTO input = RoleDTO.builder().name("role").build();
RoleDTO created = RoleDTO.builder().id("1").name("role").build(); RoleDTO created = RoleDTO.builder().id("1").name("role").build();
when(roleService.createClientRole(any(RoleDTO.class), eq(CLIENT_ID), eq(REALM))).thenReturn(created); when(roleService.createClientRole(any(RoleDTO.class), eq(CLIENT_ID), eq(REALM))).thenReturn(created);
Response response = roleResource.createClientRole(CLIENT_ID, input, REALM); Response response = roleResource.createClientRole(CLIENT_ID, input, REALM);
assertEquals(201, response.getStatus()); assertEquals(201, response.getStatus());
assertEquals(created, response.getEntity()); assertEquals(created, response.getEntity());
} }
@Test @Test
void testGetClientRole() { void testGetClientRole() {
RoleDTO role = RoleDTO.builder().id("1").name("role").build(); RoleDTO role = RoleDTO.builder().id("1").name("role").build();
when(roleService.getRoleByName("role", REALM, TypeRole.CLIENT_ROLE, CLIENT_ID)) when(roleService.getRoleByName("role", REALM, TypeRole.CLIENT_ROLE, CLIENT_ID))
.thenReturn(Optional.of(role)); .thenReturn(Optional.of(role));
RoleDTO result = roleResource.getClientRole(CLIENT_ID, "role", REALM); RoleDTO result = roleResource.getClientRole(CLIENT_ID, "role", REALM);
assertEquals(role, result); assertEquals(role, result);
} }
@Test @Test
void testGetAllClientRoles() { void testGetAllClientRoles() {
List<RoleDTO> roles = Collections.singletonList(RoleDTO.builder().name("role").build()); List<RoleDTO> roles = Collections.singletonList(RoleDTO.builder().name("role").build());
when(roleService.getAllClientRoles(REALM, CLIENT_ID)).thenReturn(roles); when(roleService.getAllClientRoles(REALM, CLIENT_ID)).thenReturn(roles);
List<RoleDTO> result = roleResource.getAllClientRoles(CLIENT_ID, REALM); List<RoleDTO> result = roleResource.getAllClientRoles(CLIENT_ID, REALM);
assertEquals(roles, result); assertEquals(roles, result);
} }
@Test @Test
void testDeleteClientRole() { void testDeleteClientRole() {
RoleDTO existingRole = RoleDTO.builder().id("1").name("role").build(); RoleDTO existingRole = RoleDTO.builder().id("1").name("role").build();
when(roleService.getRoleByName("role", REALM, TypeRole.CLIENT_ROLE, CLIENT_ID)) when(roleService.getRoleByName("role", REALM, TypeRole.CLIENT_ROLE, CLIENT_ID))
.thenReturn(Optional.of(existingRole)); .thenReturn(Optional.of(existingRole));
doNothing().when(roleService).deleteRole(eq("1"), eq(REALM), eq(TypeRole.CLIENT_ROLE), eq(CLIENT_ID)); doNothing().when(roleService).deleteRole(eq("1"), eq(REALM), eq(TypeRole.CLIENT_ROLE), eq(CLIENT_ID));
roleResource.deleteClientRole(CLIENT_ID, "role", REALM); roleResource.deleteClientRole(CLIENT_ID, "role", REALM);
verify(roleService).deleteRole(eq("1"), eq(REALM), eq(TypeRole.CLIENT_ROLE), eq(CLIENT_ID)); verify(roleService).deleteRole(eq("1"), eq(REALM), eq(TypeRole.CLIENT_ROLE), eq(CLIENT_ID));
} }
// ============== Role Assignment Tests ============== // ============== Role Assignment Tests ==============
@Test @Test
void testAssignRealmRoles() { void testAssignRealmRoles() {
doNothing().when(roleService).assignRolesToUser(any(RoleAssignmentDTO.class)); doNothing().when(roleService).assignRolesToUser(any(RoleAssignmentDTO.class));
RoleAssignmentRequestDTO request = RoleAssignmentRequestDTO.builder() RoleAssignmentRequestDTO request = RoleAssignmentRequestDTO.builder()
.roleNames(Collections.singletonList("role")) .roleNames(Collections.singletonList("role"))
.build(); .build();
roleResource.assignRealmRoles("user1", REALM, request); roleResource.assignRealmRoles("user1", REALM, request);
verify(roleService).assignRolesToUser(any(RoleAssignmentDTO.class)); verify(roleService).assignRolesToUser(any(RoleAssignmentDTO.class));
} }
@Test @Test
void testRevokeRealmRoles() { void testRevokeRealmRoles() {
doNothing().when(roleService).revokeRolesFromUser(any(RoleAssignmentDTO.class)); doNothing().when(roleService).revokeRolesFromUser(any(RoleAssignmentDTO.class));
RoleAssignmentRequestDTO request = RoleAssignmentRequestDTO.builder() RoleAssignmentRequestDTO request = RoleAssignmentRequestDTO.builder()
.roleNames(Collections.singletonList("role")) .roleNames(Collections.singletonList("role"))
.build(); .build();
roleResource.revokeRealmRoles("user1", REALM, request); roleResource.revokeRealmRoles("user1", REALM, request);
verify(roleService).revokeRolesFromUser(any(RoleAssignmentDTO.class)); verify(roleService).revokeRolesFromUser(any(RoleAssignmentDTO.class));
} }
@Test @Test
void testAssignClientRoles() { void testAssignClientRoles() {
doNothing().when(roleService).assignRolesToUser(any(RoleAssignmentDTO.class)); doNothing().when(roleService).assignRolesToUser(any(RoleAssignmentDTO.class));
RoleAssignmentRequestDTO request = RoleAssignmentRequestDTO.builder() RoleAssignmentRequestDTO request = RoleAssignmentRequestDTO.builder()
.roleNames(Collections.singletonList("role")) .roleNames(Collections.singletonList("role"))
.build(); .build();
roleResource.assignClientRoles(CLIENT_ID, "user1", REALM, request); roleResource.assignClientRoles(CLIENT_ID, "user1", REALM, request);
verify(roleService).assignRolesToUser(any(RoleAssignmentDTO.class)); verify(roleService).assignRolesToUser(any(RoleAssignmentDTO.class));
} }
@Test @Test
void testGetUserRealmRoles() { void testGetUserRealmRoles() {
List<RoleDTO> roles = Collections.singletonList(RoleDTO.builder().name("role").build()); List<RoleDTO> roles = Collections.singletonList(RoleDTO.builder().name("role").build());
when(roleService.getUserRealmRoles("user1", REALM)).thenReturn(roles); when(roleService.getUserRealmRoles("user1", REALM)).thenReturn(roles);
List<RoleDTO> result = roleResource.getUserRealmRoles("user1", REALM); List<RoleDTO> result = roleResource.getUserRealmRoles("user1", REALM);
assertEquals(roles, result); assertEquals(roles, result);
} }
@Test @Test
void testGetUserClientRoles() { void testGetUserClientRoles() {
List<RoleDTO> roles = Collections.singletonList(RoleDTO.builder().name("role").build()); List<RoleDTO> roles = Collections.singletonList(RoleDTO.builder().name("role").build());
when(roleService.getUserClientRoles("user1", CLIENT_ID, REALM)).thenReturn(roles); when(roleService.getUserClientRoles("user1", CLIENT_ID, REALM)).thenReturn(roles);
List<RoleDTO> result = roleResource.getUserClientRoles(CLIENT_ID, "user1", REALM); List<RoleDTO> result = roleResource.getUserClientRoles(CLIENT_ID, "user1", REALM);
assertEquals(roles, result); assertEquals(roles, result);
} }
// ============== Composite Role Tests ============== // ============== Composite Role Tests ==============
@Test @Test
void testAddComposites() { void testAddComposites() {
RoleDTO parentRole = RoleDTO.builder().id("parent-1").name("role").build(); RoleDTO parentRole = RoleDTO.builder().id("parent-1").name("role").build();
RoleDTO childRole = RoleDTO.builder().id("child-1").name("composite").build(); RoleDTO childRole = RoleDTO.builder().id("child-1").name("composite").build();
when(roleService.getRoleByName("role", REALM, TypeRole.REALM_ROLE, null)) when(roleService.getRoleByName("role", REALM, TypeRole.REALM_ROLE, null))
.thenReturn(Optional.of(parentRole)); .thenReturn(Optional.of(parentRole));
when(roleService.getRoleByName("composite", REALM, TypeRole.REALM_ROLE, null)) when(roleService.getRoleByName("composite", REALM, TypeRole.REALM_ROLE, null))
.thenReturn(Optional.of(childRole)); .thenReturn(Optional.of(childRole));
doNothing().when(roleService).addCompositeRoles(eq("parent-1"), anyList(), eq(REALM), doNothing().when(roleService).addCompositeRoles(eq("parent-1"), anyList(), eq(REALM),
eq(TypeRole.REALM_ROLE), isNull()); eq(TypeRole.REALM_ROLE), isNull());
RoleAssignmentRequestDTO request = RoleAssignmentRequestDTO.builder() RoleAssignmentRequestDTO request = RoleAssignmentRequestDTO.builder()
.roleNames(Collections.singletonList("composite")) .roleNames(Collections.singletonList("composite"))
.build(); .build();
roleResource.addComposites("role", REALM, request); roleResource.addComposites("role", REALM, request);
verify(roleService).addCompositeRoles(eq("parent-1"), anyList(), eq(REALM), verify(roleService).addCompositeRoles(eq("parent-1"), anyList(), eq(REALM),
eq(TypeRole.REALM_ROLE), isNull()); eq(TypeRole.REALM_ROLE), isNull());
} }
@Test @Test
void testGetComposites() { void testGetComposites() {
RoleDTO role = RoleDTO.builder().id("1").name("role").build(); RoleDTO role = RoleDTO.builder().id("1").name("role").build();
List<RoleDTO> composites = Collections.singletonList(RoleDTO.builder().name("composite").build()); List<RoleDTO> composites = Collections.singletonList(RoleDTO.builder().name("composite").build());
when(roleService.getRoleByName("role", REALM, TypeRole.REALM_ROLE, null)) when(roleService.getRoleByName("role", REALM, TypeRole.REALM_ROLE, null))
.thenReturn(Optional.of(role)); .thenReturn(Optional.of(role));
when(roleService.getCompositeRoles("1", REALM, TypeRole.REALM_ROLE, null)) when(roleService.getCompositeRoles("1", REALM, TypeRole.REALM_ROLE, null))
.thenReturn(composites); .thenReturn(composites);
List<RoleDTO> result = roleResource.getComposites("role", REALM); List<RoleDTO> result = roleResource.getComposites("role", REALM);
assertEquals(composites, result); assertEquals(composites, result);
} }
}
@Test
void testCreateRealmRole_GenericException() {
RoleDTO input = RoleDTO.builder().name("role").build();
when(roleService.createRealmRole(any(), eq(REALM)))
.thenThrow(new RuntimeException("Internal error"));
assertThrows(RuntimeException.class, () -> roleResource.createRealmRole(input, REALM));
}
@Test
void testUpdateRealmRole_NotFound() {
when(roleService.getRoleByName("role", REALM, TypeRole.REALM_ROLE, null))
.thenReturn(Optional.empty());
RoleDTO input = RoleDTO.builder().description("updated").build();
assertThrows(RuntimeException.class, () -> roleResource.updateRealmRole("role", input, REALM));
}
@Test
void testDeleteRealmRole_NotFound() {
when(roleService.getRoleByName("role", REALM, TypeRole.REALM_ROLE, null))
.thenReturn(Optional.empty());
assertThrows(RuntimeException.class, () -> roleResource.deleteRealmRole("role", REALM));
}
@Test
void testCreateClientRole_IllegalArgumentException() {
RoleDTO input = RoleDTO.builder().name("role").build();
when(roleService.createClientRole(any(RoleDTO.class), eq(CLIENT_ID), eq(REALM)))
.thenThrow(new IllegalArgumentException("Conflict"));
Response response = roleResource.createClientRole(CLIENT_ID, input, REALM);
assertEquals(409, response.getStatus());
}
@Test
void testCreateClientRole_GenericException() {
RoleDTO input = RoleDTO.builder().name("role").build();
when(roleService.createClientRole(any(RoleDTO.class), eq(CLIENT_ID), eq(REALM)))
.thenThrow(new RuntimeException("Internal error"));
assertThrows(RuntimeException.class, () -> roleResource.createClientRole(CLIENT_ID, input, REALM));
}
@Test
void testGetClientRole_NotFound() {
when(roleService.getRoleByName("role", REALM, TypeRole.CLIENT_ROLE, CLIENT_ID))
.thenReturn(Optional.empty());
assertThrows(RuntimeException.class, () -> roleResource.getClientRole(CLIENT_ID, "role", REALM));
}
@Test
void testDeleteClientRole_NotFound() {
when(roleService.getRoleByName("role", REALM, TypeRole.CLIENT_ROLE, CLIENT_ID))
.thenReturn(Optional.empty());
assertThrows(RuntimeException.class, () -> roleResource.deleteClientRole(CLIENT_ID, "role", REALM));
}
@Test
void testAddComposites_ParentNotFound() {
when(roleService.getRoleByName("role", REALM, TypeRole.REALM_ROLE, null))
.thenReturn(Optional.empty());
RoleAssignmentRequestDTO request = RoleAssignmentRequestDTO.builder()
.roleNames(Collections.singletonList("composite"))
.build();
assertThrows(RuntimeException.class, () -> roleResource.addComposites("role", REALM, request));
}
@Test
void testAddComposites_ChildNotFound_FilteredOut() {
RoleDTO parentRole = RoleDTO.builder().id("parent-1").name("role").build();
when(roleService.getRoleByName("role", REALM, TypeRole.REALM_ROLE, null))
.thenReturn(Optional.of(parentRole));
when(roleService.getRoleByName("nonexistent", REALM, TypeRole.REALM_ROLE, null))
.thenReturn(Optional.empty()); // will be filtered out (null id)
doNothing().when(roleService).addCompositeRoles(eq("parent-1"), anyList(), eq(REALM),
eq(TypeRole.REALM_ROLE), isNull());
RoleAssignmentRequestDTO request = RoleAssignmentRequestDTO.builder()
.roleNames(Collections.singletonList("nonexistent"))
.build();
roleResource.addComposites("role", REALM, request);
// addCompositeRoles called with empty list (filtered out)
verify(roleService).addCompositeRoles(eq("parent-1"), eq(Collections.emptyList()), eq(REALM),
eq(TypeRole.REALM_ROLE), isNull());
}
@Test
void testGetComposites_RoleNotFound() {
when(roleService.getRoleByName("role", REALM, TypeRole.REALM_ROLE, null))
.thenReturn(Optional.empty());
assertThrows(RuntimeException.class, () -> roleResource.getComposites("role", REALM));
}
}

245
src/test/java/dev/lions/user/manager/resource/SyncResourceTest.java
View File

@@ -1,82 +1,163 @@
package dev.lions.user.manager.resource; package dev.lions.user.manager.resource;
import dev.lions.user.manager.api.SyncResourceApi; import dev.lions.user.manager.api.SyncResourceApi;
import dev.lions.user.manager.dto.sync.HealthStatusDTO; import dev.lions.user.manager.dto.sync.HealthStatusDTO;
import dev.lions.user.manager.dto.sync.SyncResultDTO; import dev.lions.user.manager.dto.sync.SyncConsistencyDTO;
import dev.lions.user.manager.service.SyncService; import dev.lions.user.manager.dto.sync.SyncHistoryDTO;
import org.junit.jupiter.api.Test; import dev.lions.user.manager.dto.sync.SyncResultDTO;
import org.junit.jupiter.api.extension.ExtendWith; import dev.lions.user.manager.service.SyncService;
import org.mockito.InjectMocks; import org.junit.jupiter.api.Test;
import org.mockito.Mock; import org.junit.jupiter.api.extension.ExtendWith;
import org.mockito.junit.jupiter.MockitoExtension; import org.mockito.InjectMocks;
import org.mockito.Mock;
import java.util.Map; import org.mockito.junit.jupiter.MockitoExtension;
import static org.junit.jupiter.api.Assertions.*; import java.util.Map;
import static org.mockito.ArgumentMatchers.*;
import static org.mockito.Mockito.*; import static org.junit.jupiter.api.Assertions.*;
import static org.mockito.ArgumentMatchers.*;
@ExtendWith(MockitoExtension.class) import static org.mockito.Mockito.*;
class SyncResourceTest {
@ExtendWith(MockitoExtension.class)
@Mock class SyncResourceTest {
SyncService syncService;
@Mock
@InjectMocks SyncService syncService;
SyncResource syncResource;
@InjectMocks
private static final String REALM = "test-realm"; SyncResource syncResource;
@Test private static final String REALM = "test-realm";
void testCheckKeycloakHealth() {
when(syncService.isKeycloakAvailable()).thenReturn(true); @Test
when(syncService.getKeycloakHealthInfo()).thenReturn(Map.of("version", "23.0.0")); void testCheckKeycloakHealth() {
when(syncService.isKeycloakAvailable()).thenReturn(true);
HealthStatusDTO status = syncResource.checkKeycloakHealth(); when(syncService.getKeycloakHealthInfo()).thenReturn(Map.of("version", "23.0.0"));
assertTrue(status.isKeycloakAccessible()); HealthStatusDTO status = syncResource.checkKeycloakHealth();
assertTrue(status.isOverallHealthy());
assertEquals("23.0.0", status.getKeycloakVersion()); assertTrue(status.isKeycloakAccessible());
} assertTrue(status.isOverallHealthy());
assertEquals("23.0.0", status.getKeycloakVersion());
@Test }
void testCheckKeycloakHealthError() {
when(syncService.isKeycloakAvailable()).thenThrow(new RuntimeException("Connection refused")); @Test
void testCheckKeycloakHealthError() {
HealthStatusDTO status = syncResource.checkKeycloakHealth(); when(syncService.isKeycloakAvailable()).thenThrow(new RuntimeException("Connection refused"));
assertFalse(status.isOverallHealthy()); HealthStatusDTO status = syncResource.checkKeycloakHealth();
assertTrue(status.getErrorMessage().contains("Connection refused"));
} assertFalse(status.isOverallHealthy());
assertTrue(status.getErrorMessage().contains("Connection refused"));
@Test }
void testSyncUsers() {
when(syncService.syncUsersFromRealm(REALM)).thenReturn(10); @Test
void testSyncUsers() {
SyncResultDTO result = syncResource.syncUsers(REALM); when(syncService.syncUsersFromRealm(REALM)).thenReturn(10);
assertTrue(result.isSuccess()); SyncResultDTO result = syncResource.syncUsers(REALM);
assertEquals(10, result.getUsersCount());
assertEquals(REALM, result.getRealmName()); assertTrue(result.isSuccess());
} assertEquals(10, result.getUsersCount());
assertEquals(REALM, result.getRealmName());
@Test }
void testSyncUsersError() {
when(syncService.syncUsersFromRealm(REALM)).thenThrow(new RuntimeException("Sync failed")); @Test
void testSyncUsersError() {
SyncResultDTO result = syncResource.syncUsers(REALM); when(syncService.syncUsersFromRealm(REALM)).thenThrow(new RuntimeException("Sync failed"));
assertFalse(result.isSuccess()); SyncResultDTO result = syncResource.syncUsers(REALM);
assertEquals("Sync failed", result.getErrorMessage());
} assertFalse(result.isSuccess());
assertEquals("Sync failed", result.getErrorMessage());
@Test }
void testSyncRoles() {
when(syncService.syncRolesFromRealm(REALM)).thenReturn(5); @Test
void testSyncRoles() {
SyncResultDTO result = syncResource.syncRoles(REALM, null); when(syncService.syncRolesFromRealm(REALM)).thenReturn(5);
assertTrue(result.isSuccess()); SyncResultDTO result = syncResource.syncRoles(REALM, null);
assertEquals(5, result.getRealmRolesCount());
} assertTrue(result.isSuccess());
} assertEquals(5, result.getRealmRolesCount());
}
@Test
void testSyncRolesError() {
when(syncService.syncRolesFromRealm(REALM)).thenThrow(new RuntimeException("Roles sync failed"));
SyncResultDTO result = syncResource.syncRoles(REALM, null);
assertFalse(result.isSuccess());
assertEquals("Roles sync failed", result.getErrorMessage());
}
@Test
void testPing() {
String response = syncResource.ping();
assertNotNull(response);
assertTrue(response.contains("pong"));
assertTrue(response.contains("SyncResource"));
}
@Test
void testCheckDataConsistency_Success() {
when(syncService.checkDataConsistency(REALM)).thenReturn(Map.of(
"realmName", REALM,
"status", "OK",
"usersKeycloakCount", 10,
"usersLocalCount", 10
));
var result = syncResource.checkDataConsistency(REALM);
assertNotNull(result);
assertEquals(REALM, result.getRealmName());
assertEquals("OK", result.getStatus());
assertEquals(10, result.getUsersKeycloakCount());
}
@Test
void testCheckDataConsistency_Exception() {
when(syncService.checkDataConsistency(REALM)).thenThrow(new RuntimeException("DB error"));
var result = syncResource.checkDataConsistency(REALM);
assertNotNull(result);
assertEquals("ERROR", result.getStatus());
assertEquals(REALM, result.getRealmName());
assertEquals("DB error", result.getError());
}
@Test
void testGetLastSyncStatus() {
var result = syncResource.getLastSyncStatus(REALM);
assertNotNull(result);
assertEquals(REALM, result.getRealmName());
assertEquals("NEVER_SYNCED", result.getStatus());
}
@Test
void testForceSyncRealm_Success() {
when(syncService.forceSyncRealm(REALM)).thenReturn(Map.of());
var result = syncResource.forceSyncRealm(REALM);
assertNotNull(result);
assertEquals("SUCCESS", result.getStatus());
assertEquals(REALM, result.getRealmName());
}
@Test
void testForceSyncRealm_Exception() {
doThrow(new RuntimeException("Force sync failed")).when(syncService).forceSyncRealm(REALM);
var result = syncResource.forceSyncRealm(REALM);
assertNotNull(result);
assertEquals("FAILED", result.getStatus());
assertEquals(REALM, result.getRealmName());
}
}

190
src/test/java/dev/lions/user/manager/resource/UserMetricsResourceTest.java
View File

@@ -1,95 +1,95 @@
package dev.lions.user.manager.resource; package dev.lions.user.manager.resource;
import dev.lions.user.manager.client.KeycloakAdminClient; import dev.lions.user.manager.client.KeycloakAdminClient;
import dev.lions.user.manager.dto.common.UserSessionStatsDTO; import dev.lions.user.manager.dto.common.UserSessionStatsDTO;
import org.junit.jupiter.api.Test; import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.extension.ExtendWith; import org.junit.jupiter.api.extension.ExtendWith;
import org.keycloak.admin.client.resource.RealmResource; import org.keycloak.admin.client.resource.RealmResource;
import org.keycloak.admin.client.resource.UserResource; import org.keycloak.admin.client.resource.UserResource;
import org.keycloak.admin.client.resource.UsersResource; import org.keycloak.admin.client.resource.UsersResource;
import org.keycloak.representations.idm.UserRepresentation; import org.keycloak.representations.idm.UserRepresentation;
import org.junit.jupiter.api.Assertions; import org.junit.jupiter.api.Assertions;
import org.mockito.InjectMocks; import org.mockito.InjectMocks;
import org.mockito.Mock; import org.mockito.Mock;
import org.mockito.junit.jupiter.MockitoExtension; import org.mockito.junit.jupiter.MockitoExtension;
import java.util.List; import java.util.List;
import static org.junit.jupiter.api.Assertions.assertEquals; import static org.junit.jupiter.api.Assertions.assertEquals;
import static org.junit.jupiter.api.Assertions.assertNotNull; import static org.junit.jupiter.api.Assertions.assertNotNull;
import static org.mockito.ArgumentMatchers.anyString; import static org.mockito.ArgumentMatchers.anyString;
import static org.mockito.Mockito.when; import static org.mockito.Mockito.when;
@ExtendWith(MockitoExtension.class) @ExtendWith(MockitoExtension.class)
class UserMetricsResourceTest { class UserMetricsResourceTest {
@Mock @Mock
KeycloakAdminClient keycloakAdminClient; KeycloakAdminClient keycloakAdminClient;
@Mock @Mock
RealmResource realmResource; RealmResource realmResource;
@Mock @Mock
UsersResource usersResource; UsersResource usersResource;
@Mock @Mock
UserResource userResource1; UserResource userResource1;
@Mock @Mock
UserResource userResource2; UserResource userResource2;
@InjectMocks @InjectMocks
UserMetricsResource userMetricsResource; UserMetricsResource userMetricsResource;
@Test @Test
void testGetUserSessionStats() { void testGetUserSessionStats() {
// Préparer deux utilisateurs avec des sessions différentes // Préparer deux utilisateurs avec des sessions différentes
UserRepresentation u1 = new UserRepresentation(); UserRepresentation u1 = new UserRepresentation();
u1.setId("u1"); u1.setId("u1");
UserRepresentation u2 = new UserRepresentation(); UserRepresentation u2 = new UserRepresentation();
u2.setId("u2"); u2.setId("u2");
when(keycloakAdminClient.getRealm("test-realm")).thenReturn(realmResource); when(keycloakAdminClient.getRealm("test-realm")).thenReturn(realmResource);
when(realmResource.users()).thenReturn(usersResource); when(realmResource.users()).thenReturn(usersResource);
when(usersResource.list()).thenReturn(List.of(u1, u2)); when(usersResource.list()).thenReturn(List.of(u1, u2));
// u1 a 2 sessions, u2 en a 0 // u1 a 2 sessions, u2 en a 0
when(usersResource.get("u1")).thenReturn(userResource1); when(usersResource.get("u1")).thenReturn(userResource1);
when(usersResource.get("u2")).thenReturn(userResource2); when(usersResource.get("u2")).thenReturn(userResource2);
when(userResource1.getUserSessions()).thenReturn(List.of(new org.keycloak.representations.idm.UserSessionRepresentation(), when(userResource1.getUserSessions()).thenReturn(List.of(new org.keycloak.representations.idm.UserSessionRepresentation(),
new org.keycloak.representations.idm.UserSessionRepresentation())); new org.keycloak.representations.idm.UserSessionRepresentation()));
when(userResource2.getUserSessions()).thenReturn(List.of()); when(userResource2.getUserSessions()).thenReturn(List.of());
UserSessionStatsDTO stats = userMetricsResource.getUserSessionStats("test-realm"); UserSessionStatsDTO stats = userMetricsResource.getUserSessionStats("test-realm");
assertNotNull(stats); assertNotNull(stats);
assertEquals("test-realm", stats.getRealmName()); assertEquals("test-realm", stats.getRealmName());
assertEquals(2L, stats.getTotalUsers()); assertEquals(2L, stats.getTotalUsers());
assertEquals(2L, stats.getActiveSessions()); // 2 sessions au total assertEquals(2L, stats.getActiveSessions()); // 2 sessions au total
assertEquals(1L, stats.getOnlineUsers()); // 1 utilisateur avec au moins une session assertEquals(1L, stats.getOnlineUsers()); // 1 utilisateur avec au moins une session
} }
@Test @Test
void testGetUserSessionStats_DefaultRealm() { void testGetUserSessionStats_DefaultRealm() {
when(keycloakAdminClient.getRealm("master")).thenReturn(realmResource); when(keycloakAdminClient.getRealm("master")).thenReturn(realmResource);
when(realmResource.users()).thenReturn(usersResource); when(realmResource.users()).thenReturn(usersResource);
when(usersResource.list()).thenReturn(List.of()); when(usersResource.list()).thenReturn(List.of());
UserSessionStatsDTO stats = userMetricsResource.getUserSessionStats(null); UserSessionStatsDTO stats = userMetricsResource.getUserSessionStats(null);
assertNotNull(stats); assertNotNull(stats);
assertEquals("master", stats.getRealmName()); assertEquals("master", stats.getRealmName());
assertEquals(0L, stats.getTotalUsers()); assertEquals(0L, stats.getTotalUsers());
} }
@Test @Test
void testGetUserSessionStats_OnError() { void testGetUserSessionStats_OnError() {
when(keycloakAdminClient.getRealm(anyString())) when(keycloakAdminClient.getRealm(anyString()))
.thenThrow(new RuntimeException("KC error")); .thenThrow(new RuntimeException("KC error"));
Assertions.assertThrows(RuntimeException.class, Assertions.assertThrows(RuntimeException.class,
() -> userMetricsResource.getUserSessionStats("realm")); () -> userMetricsResource.getUserSessionStats("realm"));
} }
} }

435
src/test/java/dev/lions/user/manager/resource/UserResourceTest.java
View File

@@ -1,192 +1,243 @@
package dev.lions.user.manager.resource; package dev.lions.user.manager.resource;
import dev.lions.user.manager.dto.user.*; import dev.lions.user.manager.dto.importexport.ImportResultDTO;
import dev.lions.user.manager.service.UserService; import dev.lions.user.manager.dto.user.*;
import jakarta.ws.rs.core.Response; import dev.lions.user.manager.service.UserService;
import org.junit.jupiter.api.Test; import jakarta.ws.rs.core.Response;
import org.junit.jupiter.api.extension.ExtendWith; import org.junit.jupiter.api.Test;
import org.mockito.InjectMocks; import org.junit.jupiter.api.extension.ExtendWith;
import org.mockito.Mock; import org.mockito.InjectMocks;
import org.mockito.junit.jupiter.MockitoExtension; import org.mockito.Mock;
import org.mockito.junit.jupiter.MockitoExtension;
import java.util.Collections;
import java.util.List; import java.util.Collections;
import java.util.Optional; import java.util.List;
import java.util.Optional;
import static org.junit.jupiter.api.Assertions.*;
import static org.mockito.ArgumentMatchers.any; import static org.junit.jupiter.api.Assertions.*;
import static org.mockito.Mockito.*; import static org.mockito.ArgumentMatchers.any;
import static org.mockito.ArgumentMatchers.eq;
@ExtendWith(MockitoExtension.class) import static org.mockito.Mockito.*;
class UserResourceTest {
@ExtendWith(MockitoExtension.class)
@Mock class UserResourceTest {
UserService userService;
@Mock
@InjectMocks UserService userService;
UserResource userResource;
@InjectMocks
private static final String REALM = "test-realm"; UserResource userResource;
@Test private static final String REALM = "test-realm";
void testSearchUsers() {
UserSearchCriteriaDTO criteria = UserSearchCriteriaDTO.builder() @Test
.realmName(REALM) void testSearchUsers() {
.searchTerm("test") UserSearchCriteriaDTO criteria = UserSearchCriteriaDTO.builder()
.page(0) .realmName(REALM)
.pageSize(20) .searchTerm("test")
.build(); .page(0)
.pageSize(20)
UserSearchResultDTO mockResult = UserSearchResultDTO.builder() .build();
.users(Collections.singletonList(UserDTO.builder().username("test").build()))
.totalCount(1L) UserSearchResultDTO mockResult = UserSearchResultDTO.builder()
.build(); .users(Collections.singletonList(UserDTO.builder().username("test").build()))
.totalCount(1L)
when(userService.searchUsers(any())).thenReturn(mockResult); .build();
UserSearchResultDTO result = userResource.searchUsers(criteria); when(userService.searchUsers(any())).thenReturn(mockResult);
assertNotNull(result); UserSearchResultDTO result = userResource.searchUsers(criteria);
assertEquals(1, result.getTotalCount());
} assertNotNull(result);
assertEquals(1, result.getTotalCount());
@Test }
void testGetUserById() {
UserDTO user = UserDTO.builder().id("1").username("testuser").build(); @Test
when(userService.getUserById("1", REALM)).thenReturn(Optional.of(user)); void testGetUserById() {
UserDTO user = UserDTO.builder().id("1").username("testuser").build();
UserDTO result = userResource.getUserById("1", REALM); when(userService.getUserById("1", REALM)).thenReturn(Optional.of(user));
assertNotNull(result); UserDTO result = userResource.getUserById("1", REALM);
assertEquals(user, result);
} assertNotNull(result);
assertEquals(user, result);
@Test }
void testGetUserByIdNotFound() {
when(userService.getUserById("1", REALM)).thenReturn(Optional.empty()); @Test
void testGetUserByIdNotFound() {
assertThrows(RuntimeException.class, () -> userResource.getUserById("1", REALM)); when(userService.getUserById("1", REALM)).thenReturn(Optional.empty());
}
assertThrows(RuntimeException.class, () -> userResource.getUserById("1", REALM));
@Test }
void testGetAllUsers() {
UserSearchResultDTO mockResult = UserSearchResultDTO.builder() @Test
.users(Collections.emptyList()) void testGetAllUsers() {
.totalCount(0L) UserSearchResultDTO mockResult = UserSearchResultDTO.builder()
.build(); .users(Collections.emptyList())
when(userService.getAllUsers(REALM, 0, 20)).thenReturn(mockResult); .totalCount(0L)
.build();
UserSearchResultDTO result = userResource.getAllUsers(REALM, 0, 20); when(userService.getAllUsers(REALM, 0, 20)).thenReturn(mockResult);
assertNotNull(result); UserSearchResultDTO result = userResource.getAllUsers(REALM, 0, 20);
assertEquals(0, result.getTotalCount());
} assertNotNull(result);
assertEquals(0, result.getTotalCount());
@Test }
void testCreateUser() {
UserDTO newUser = UserDTO.builder().username("newuser").email("new@test.com").build(); @Test
UserDTO createdUser = UserDTO.builder().id("123").username("newuser").email("new@test.com").build(); void testCreateUser() {
UserDTO newUser = UserDTO.builder().username("newuser").email("new@test.com").build();
when(userService.createUser(any(), eq(REALM))).thenReturn(createdUser); UserDTO createdUser = UserDTO.builder().id("123").username("newuser").email("new@test.com").build();
Response response = userResource.createUser(newUser, REALM); when(userService.createUser(any(), eq(REALM))).thenReturn(createdUser);
assertEquals(201, response.getStatus()); Response response = userResource.createUser(newUser, REALM);
assertEquals(createdUser, response.getEntity());
} assertEquals(201, response.getStatus());
assertEquals(createdUser, response.getEntity());
@Test }
void testUpdateUser() {
UserDTO updateUser = UserDTO.builder() @Test
.username("updated") void testUpdateUser() {
.prenom("John") UserDTO updateUser = UserDTO.builder()
.nom("Doe") .username("updated")
.email("john.doe@test.com") .prenom("John")
.build(); .nom("Doe")
UserDTO updatedUser = UserDTO.builder() .email("john.doe@test.com")
.id("1") .build();
.username("updated") UserDTO updatedUser = UserDTO.builder()
.prenom("John") .id("1")
.nom("Doe") .username("updated")
.email("john.doe@test.com") .prenom("John")
.build(); .nom("Doe")
.email("john.doe@test.com")
when(userService.updateUser(eq("1"), any(), eq(REALM))).thenReturn(updatedUser); .build();
UserDTO result = userResource.updateUser("1", updateUser, REALM); when(userService.updateUser(eq("1"), any(), eq(REALM))).thenReturn(updatedUser);
assertNotNull(result); UserDTO result = userResource.updateUser("1", updateUser, REALM);
assertEquals(updatedUser, result);
} assertNotNull(result);
assertEquals(updatedUser, result);
@Test }
void testDeleteUser() {
doNothing().when(userService).deleteUser("1", REALM, false); @Test
void testDeleteUser() {
userResource.deleteUser("1", REALM, false); doNothing().when(userService).deleteUser("1", REALM, false);
verify(userService).deleteUser("1", REALM, false); userResource.deleteUser("1", REALM, false);
}
verify(userService).deleteUser("1", REALM, false);
@Test }
void testActivateUser() {
doNothing().when(userService).activateUser("1", REALM); @Test
void testActivateUser() {
userResource.activateUser("1", REALM); doNothing().when(userService).activateUser("1", REALM);
verify(userService).activateUser("1", REALM); userResource.activateUser("1", REALM);
}
verify(userService).activateUser("1", REALM);
@Test }
void testDeactivateUser() {
doNothing().when(userService).deactivateUser("1", REALM, "reason"); @Test
void testDeactivateUser() {
userResource.deactivateUser("1", REALM, "reason"); doNothing().when(userService).deactivateUser("1", REALM, "reason");
verify(userService).deactivateUser("1", REALM, "reason"); userResource.deactivateUser("1", REALM, "reason");
}
verify(userService).deactivateUser("1", REALM, "reason");
@Test }
void testResetPassword() {
doNothing().when(userService).resetPassword("1", REALM, "newpassword", true); @Test
void testResetPassword() {
PasswordResetRequestDTO request = PasswordResetRequestDTO.builder() doNothing().when(userService).resetPassword("1", REALM, "newpassword", true);
.password("newpassword")
.temporary(true) PasswordResetRequestDTO request = PasswordResetRequestDTO.builder()
.build(); .password("newpassword")
.temporary(true)
userResource.resetPassword("1", REALM, request); .build();
verify(userService).resetPassword("1", REALM, "newpassword", true); userResource.resetPassword("1", REALM, request);
}
verify(userService).resetPassword("1", REALM, "newpassword", true);
@Test }
void testSendVerificationEmail() {
doNothing().when(userService).sendVerificationEmail("1", REALM); @Test
void testSendVerificationEmail() {
userResource.sendVerificationEmail("1", REALM); doNothing().when(userService).sendVerificationEmail("1", REALM);
verify(userService).sendVerificationEmail("1", REALM); Response response = userResource.sendVerificationEmail("1", REALM);
}
verify(userService).sendVerificationEmail("1", REALM);
@Test assertNotNull(response);
void testLogoutAllSessions() { assertEquals(202, response.getStatus());
when(userService.logoutAllSessions("1", REALM)).thenReturn(5); }
SessionsRevokedDTO result = userResource.logoutAllSessions("1", REALM); @Test
void testLogoutAllSessions() {
assertNotNull(result); when(userService.logoutAllSessions("1", REALM)).thenReturn(5);
assertEquals(5, result.getCount());
} SessionsRevokedDTO result = userResource.logoutAllSessions("1", REALM);
@Test assertNotNull(result);
void testGetActiveSessions() { assertEquals(5, result.getCount());
when(userService.getActiveSessions("1", REALM)).thenReturn(Collections.singletonList("session-1")); }
List<String> result = userResource.getActiveSessions("1", REALM); @Test
void testGetActiveSessions() {
assertNotNull(result); when(userService.getActiveSessions("1", REALM)).thenReturn(Collections.singletonList("session-1"));
assertEquals(1, result.size());
assertEquals("session-1", result.get(0)); List<String> result = userResource.getActiveSessions("1", REALM);
}
} assertNotNull(result);
assertEquals(1, result.size());
assertEquals("session-1", result.get(0));
}
@Test
void testCreateUser_IllegalArgumentException() {
UserDTO newUser = UserDTO.builder().username("existinguser").email("existing@test.com").build();
when(userService.createUser(any(), eq(REALM))).thenThrow(new IllegalArgumentException("Username exists"));
Response response = userResource.createUser(newUser, REALM);
assertEquals(409, response.getStatus());
}
@Test
void testCreateUser_RuntimeException() {
UserDTO newUser = UserDTO.builder().username("user").email("user@test.com").build();
when(userService.createUser(any(), eq(REALM))).thenThrow(new RuntimeException("Connection error"));
assertThrows(RuntimeException.class, () -> userResource.createUser(newUser, REALM));
}
@Test
void testExportUsersToCSV() {
String csvContent = "username,email,prenom,nom\ntest,test@test.com,Test,User";
when(userService.exportUsersToCSV(any())).thenReturn(csvContent);
Response response = userResource.exportUsersToCSV(REALM);
assertEquals(200, response.getStatus());
assertEquals(csvContent, response.getEntity());
}
@Test
void testImportUsersFromCSV() {
String csvContent = "username,email,prenom,nom\ntest,test@test.com,Test,User";
ImportResultDTO importResult = ImportResultDTO.builder()
.successCount(1)
.errorCount(0)
.totalLines(2)
.errors(Collections.emptyList())
.build();
when(userService.importUsersFromCSV(csvContent, REALM)).thenReturn(importResult);
ImportResultDTO result = userResource.importUsersFromCSV(REALM, csvContent);
assertNotNull(result);
assertEquals(1, result.getSuccessCount());
assertEquals(0, result.getErrorCount());
}
}

86
src/test/java/dev/lions/user/manager/security/DevModeSecurityAugmentorTest.java Normal file
View File

@@ -0,0 +1,86 @@
package dev.lions.user.manager.security;
import io.quarkus.security.identity.AuthenticationRequestContext;
import io.quarkus.security.identity.SecurityIdentity;
import io.smallrye.mutiny.Uni;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.extension.ExtendWith;
import org.mockito.Mock;
import org.mockito.junit.jupiter.MockitoExtension;
import java.lang.reflect.Field;
import static org.junit.jupiter.api.Assertions.*;
import static org.mockito.Mockito.*;
/**
* Tests unitaires pour DevModeSecurityAugmentor.
*/
@ExtendWith(MockitoExtension.class)
class DevModeSecurityAugmentorTest {
@Mock
SecurityIdentity identity;
@Mock
AuthenticationRequestContext context;
DevModeSecurityAugmentor augmentor;
@BeforeEach
void setUp() throws Exception {
augmentor = new DevModeSecurityAugmentor();
}
private void setField(String name, Object value) throws Exception {
Field field = DevModeSecurityAugmentor.class.getDeclaredField(name);
field.setAccessible(true);
field.set(augmentor, value);
}
@Test
void testAugment_OidcDisabled_AnonymousIdentity() throws Exception {
setField("oidcEnabled", false);
when(identity.isAnonymous()).thenReturn(true);
// Mock credentials/roles/attributes to avoid NPE in QuarkusSecurityIdentity.builder
when(identity.getCredentials()).thenReturn(java.util.Set.of());
when(identity.getRoles()).thenReturn(java.util.Set.of());
when(identity.getAttributes()).thenReturn(java.util.Map.of());
Uni<SecurityIdentity> result = augmentor.augment(identity, context);
assertNotNull(result);
SecurityIdentity augmented = result.await().indefinitely();
assertNotNull(augmented);
// The augmented identity should have the dev roles
assertTrue(augmented.getRoles().contains("admin"));
assertTrue(augmented.getRoles().contains("user_manager"));
assertEquals("dev-user", augmented.getPrincipal().getName());
}
@Test
void testAugment_OidcDisabled_AuthenticatedIdentity() throws Exception {
setField("oidcEnabled", false);
when(identity.isAnonymous()).thenReturn(false);
Uni<SecurityIdentity> result = augmentor.augment(identity, context);
assertNotNull(result);
SecurityIdentity returned = result.await().indefinitely();
// Should return the original identity without modification
assertSame(identity, returned);
}
@Test
void testAugment_OidcEnabled() throws Exception {
setField("oidcEnabled", true);
Uni<SecurityIdentity> result = augmentor.augment(identity, context);
assertNotNull(result);
SecurityIdentity returned = result.await().indefinitely();
// Should return the original identity without checking isAnonymous
assertSame(identity, returned);
}
}

266
src/test/java/dev/lions/user/manager/security/DevSecurityContextProducerTest.java
View File

@@ -1,88 +1,178 @@
package dev.lions.user.manager.security; package dev.lions.user.manager.security;
import jakarta.ws.rs.container.ContainerRequestContext; import jakarta.ws.rs.container.ContainerRequestContext;
import jakarta.ws.rs.core.SecurityContext; import jakarta.ws.rs.core.SecurityContext;
import jakarta.ws.rs.core.UriInfo; import jakarta.ws.rs.core.UriInfo;
import org.junit.jupiter.api.BeforeEach; import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test; import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.extension.ExtendWith; import org.junit.jupiter.api.extension.ExtendWith;
import org.mockito.Mock; import org.mockito.ArgumentCaptor;
import org.mockito.junit.jupiter.MockitoExtension; import org.mockito.Mock;
import org.mockito.junit.jupiter.MockitoExtension;
import java.lang.reflect.Field;
import java.lang.reflect.Field;
import static org.junit.jupiter.api.Assertions.*;
import static org.mockito.Mockito.*; import static org.junit.jupiter.api.Assertions.*;
import static org.mockito.Mockito.*;
/**
* Tests unitaires pour DevSecurityContextProducer /**
*/ * Tests unitaires pour DevSecurityContextProducer
@ExtendWith(MockitoExtension.class) */
class DevSecurityContextProducerTest { @ExtendWith(MockitoExtension.class)
class DevSecurityContextProducerTest {
@Mock
private ContainerRequestContext requestContext; @Mock
private ContainerRequestContext requestContext;
@Mock
private UriInfo uriInfo; @Mock
private UriInfo uriInfo;
@Mock
private SecurityContext originalSecurityContext; @Mock
private SecurityContext originalSecurityContext;
private DevSecurityContextProducer producer;
private DevSecurityContextProducer producer;
@BeforeEach
void setUp() throws Exception { @BeforeEach
producer = new DevSecurityContextProducer(); void setUp() throws Exception {
producer = new DevSecurityContextProducer();
// Injecter les propriétés via reflection
setField("profile", "dev"); // Injecter les propriétés via reflection
setField("oidcEnabled", false); setField("profile", "dev");
} setField("oidcEnabled", false);
}
private void setField(String fieldName, Object value) throws Exception {
Field field = DevSecurityContextProducer.class.getDeclaredField(fieldName); private void setField(String fieldName, Object value) throws Exception {
field.setAccessible(true); Field field = DevSecurityContextProducer.class.getDeclaredField(fieldName);
field.set(producer, value); field.setAccessible(true);
} field.set(producer, value);
}
@Test
void testFilter_DevMode() throws Exception { @Test
setField("profile", "dev"); void testFilter_DevMode() throws Exception {
setField("oidcEnabled", true); setField("profile", "dev");
setField("oidcEnabled", true);
when(requestContext.getUriInfo()).thenReturn(uriInfo);
when(uriInfo.getPath()).thenReturn("/api/users"); when(requestContext.getUriInfo()).thenReturn(uriInfo);
when(requestContext.getSecurityContext()).thenReturn(originalSecurityContext); when(uriInfo.getPath()).thenReturn("/api/users");
when(requestContext.getSecurityContext()).thenReturn(originalSecurityContext);
producer.filter(requestContext);
producer.filter(requestContext);
verify(requestContext, times(1)).setSecurityContext(any(SecurityContext.class));
} verify(requestContext, times(1)).setSecurityContext(any(SecurityContext.class));
}
@Test
void testFilter_ProdMode() throws Exception { @Test
setField("profile", "prod"); void testFilter_ProdMode() throws Exception {
setField("oidcEnabled", true); setField("profile", "prod");
setField("oidcEnabled", true);
// En mode prod, on n'a pas besoin de mocker getUriInfo car le code ne l'utilise pas
producer.filter(requestContext); // En mode prod, on n'a pas besoin de mocker getUriInfo car le code ne l'utilise pas
producer.filter(requestContext);
verify(requestContext, never()).setSecurityContext(any(SecurityContext.class));
} verify(requestContext, never()).setSecurityContext(any(SecurityContext.class));
}
@Test
void testFilter_OidcDisabled() throws Exception { @Test
setField("profile", "prod"); void testFilter_OidcDisabled() throws Exception {
setField("oidcEnabled", false); setField("profile", "prod");
setField("oidcEnabled", false);
when(requestContext.getUriInfo()).thenReturn(uriInfo);
when(uriInfo.getPath()).thenReturn("/api/users"); when(requestContext.getUriInfo()).thenReturn(uriInfo);
when(requestContext.getSecurityContext()).thenReturn(originalSecurityContext); when(uriInfo.getPath()).thenReturn("/api/users");
when(requestContext.getSecurityContext()).thenReturn(originalSecurityContext);
producer.filter(requestContext);
producer.filter(requestContext);
verify(requestContext, times(1)).setSecurityContext(any(SecurityContext.class));
} verify(requestContext, times(1)).setSecurityContext(any(SecurityContext.class));
} }
@Test
void testDevSecurityContext_GetUserPrincipal() throws Exception {
setField("profile", "dev");
setField("oidcEnabled", false);
when(requestContext.getUriInfo()).thenReturn(uriInfo);
when(uriInfo.getPath()).thenReturn("/api/test");
when(requestContext.getSecurityContext()).thenReturn(originalSecurityContext);
ArgumentCaptor<SecurityContext> captor = ArgumentCaptor.forClass(SecurityContext.class);
producer.filter(requestContext);
verify(requestContext).setSecurityContext(captor.capture());
SecurityContext devCtx = captor.getValue();
assertNotNull(devCtx.getUserPrincipal());
assertEquals("dev-user", devCtx.getUserPrincipal().getName());
}
@Test
void testDevSecurityContext_IsUserInRole() throws Exception {
setField("profile", "dev");
setField("oidcEnabled", false);
when(requestContext.getUriInfo()).thenReturn(uriInfo);
when(uriInfo.getPath()).thenReturn("/api/test");
when(requestContext.getSecurityContext()).thenReturn(originalSecurityContext);
ArgumentCaptor<SecurityContext> captor = ArgumentCaptor.forClass(SecurityContext.class);
producer.filter(requestContext);
verify(requestContext).setSecurityContext(captor.capture());
SecurityContext devCtx = captor.getValue();
assertTrue(devCtx.isUserInRole("admin"));
assertTrue(devCtx.isUserInRole("user_manager"));
assertTrue(devCtx.isUserInRole("any_role"));
}
@Test
void testDevSecurityContext_IsSecure_WithOriginal() throws Exception {
setField("profile", "dev");
setField("oidcEnabled", false);
when(requestContext.getUriInfo()).thenReturn(uriInfo);
when(uriInfo.getPath()).thenReturn("/api/test");
when(requestContext.getSecurityContext()).thenReturn(originalSecurityContext);
when(originalSecurityContext.isSecure()).thenReturn(true);
ArgumentCaptor<SecurityContext> captor = ArgumentCaptor.forClass(SecurityContext.class);
producer.filter(requestContext);
verify(requestContext).setSecurityContext(captor.capture());
SecurityContext devCtx = captor.getValue();
assertTrue(devCtx.isSecure()); // delegates to original which returns true
}
@Test
void testDevSecurityContext_IsSecure_WithNullOriginal() throws Exception {
setField("profile", "dev");
setField("oidcEnabled", false);
when(requestContext.getUriInfo()).thenReturn(uriInfo);
when(uriInfo.getPath()).thenReturn("/api/test");
when(requestContext.getSecurityContext()).thenReturn(null); // null original
ArgumentCaptor<SecurityContext> captor = ArgumentCaptor.forClass(SecurityContext.class);
producer.filter(requestContext);
verify(requestContext).setSecurityContext(captor.capture());
SecurityContext devCtx = captor.getValue();
assertFalse(devCtx.isSecure()); // original is null → returns false
}
@Test
void testDevSecurityContext_GetAuthenticationScheme() throws Exception {
setField("profile", "dev");
setField("oidcEnabled", false);
when(requestContext.getUriInfo()).thenReturn(uriInfo);
when(uriInfo.getPath()).thenReturn("/api/test");
when(requestContext.getSecurityContext()).thenReturn(originalSecurityContext);
ArgumentCaptor<SecurityContext> captor = ArgumentCaptor.forClass(SecurityContext.class);
producer.filter(requestContext);
verify(requestContext).setSecurityContext(captor.capture());
SecurityContext devCtx = captor.getValue();
assertEquals("DEV", devCtx.getAuthenticationScheme());
}
}

174
src/test/java/dev/lions/user/manager/server/impl/entity/AuditLogEntityQuarkusTest.java Normal file
View File

@@ -0,0 +1,174 @@
package dev.lions.user.manager.server.impl.entity;
import dev.lions.user.manager.enums.audit.TypeActionAudit;
import io.quarkus.test.junit.QuarkusTest;
import io.quarkus.test.junit.QuarkusTestProfile;
import io.quarkus.test.junit.TestProfile;
import jakarta.transaction.Transactional;
import org.junit.jupiter.api.Test;
import java.time.LocalDateTime;
import java.util.List;
import java.util.Map;
import static org.junit.jupiter.api.Assertions.*;
/**
* Tests @QuarkusTest pour les méthodes statiques Panache de AuditLogEntity.
* Utilise H2 en mémoire (pas besoin de Docker).
* Couvre : L134, L144, L154, L165, L175, L186, L196, L207.
*/
@QuarkusTest
@TestProfile(AuditLogEntityQuarkusTest.H2Profile.class)
class AuditLogEntityQuarkusTest {
public static class H2Profile implements QuarkusTestProfile {
@Override
public Map<String, String> getConfigOverrides() {
return Map.ofEntries(
// DevServices désactivé (pas de Docker)
Map.entry("quarkus.devservices.enabled", "false"),
Map.entry("quarkus.oidc.devservices.enabled", "false"),
// Base de données H2 en mémoire
Map.entry("quarkus.datasource.db-kind", "h2"),
Map.entry("quarkus.datasource.jdbc.url", "jdbc:h2:mem:auditlogtest;DB_CLOSE_DELAY=-1;MODE=PostgreSQL"),
Map.entry("quarkus.hibernate-orm.database.generation", "drop-and-create"),
Map.entry("quarkus.flyway.enabled", "false"),
// OIDC désactivé
Map.entry("quarkus.oidc.tenant-enabled", "false"),
Map.entry("quarkus.keycloak.policy-enforcer.enable", "false"),
// Keycloak admin client activé (pour le bean CDI) mais pas de connexion réelle
Map.entry("quarkus.keycloak.admin-client.enabled", "true"),
Map.entry("quarkus.keycloak.admin-client.server-url", "http://localhost:8080"),
Map.entry("quarkus.keycloak.admin-client.realm", "master"),
Map.entry("quarkus.keycloak.admin-client.client-id", "admin-cli"),
Map.entry("quarkus.keycloak.admin-client.username", "admin"),
Map.entry("quarkus.keycloak.admin-client.password", "admin"),
Map.entry("quarkus.keycloak.admin-client.grant-type", "PASSWORD"),
// Propriétés applicatives requises
Map.entry("lions.keycloak.server-url", "http://localhost:8080"),
Map.entry("lions.keycloak.admin-realm", "master"),
Map.entry("lions.keycloak.admin-client-id", "admin-cli"),
Map.entry("lions.keycloak.admin-username", "admin"),
Map.entry("lions.keycloak.admin-password", "admin"),
Map.entry("lions.keycloak.connection-pool-size", "10"),
Map.entry("lions.keycloak.timeout-seconds", "30"),
Map.entry("lions.keycloak.authorized-realms", "master,lions-user-manager")
);
}
}
private AuditLogEntity buildEntity(String userId, String auteur, String realm,
TypeActionAudit action, boolean success) {
AuditLogEntity entity = new AuditLogEntity();
entity.setUserId(userId);
entity.setAuteurAction(auteur);
entity.setRealmName(realm);
entity.setAction(action);
entity.setSuccess(success);
entity.setDetails("test details");
entity.setTimestamp(LocalDateTime.now());
return entity;
}
@Test
@Transactional
void testFindByUserId_CoversL134() {
AuditLogEntity entity = buildEntity("user-qt-1", "admin", "realm1",
TypeActionAudit.USER_CREATE, true);
entity.persist();
List<AuditLogEntity> results = AuditLogEntity.findByUserId("user-qt-1");
assertNotNull(results);
assertFalse(results.isEmpty());
}
@Test
@Transactional
void testFindByAction_CoversL144() {
AuditLogEntity entity = buildEntity("user-qt-2", "admin", "realm1",
TypeActionAudit.USER_UPDATE, true);
entity.persist();
List<AuditLogEntity> results = AuditLogEntity.findByAction(TypeActionAudit.USER_UPDATE);
assertNotNull(results);
}
@Test
@Transactional
void testFindByAuteur_CoversL154() {
AuditLogEntity entity = buildEntity("user-qt-3", "auteur-qt", "realm1",
TypeActionAudit.USER_DELETE, true);
entity.persist();
List<AuditLogEntity> results = AuditLogEntity.findByAuteur("auteur-qt");
assertNotNull(results);
assertFalse(results.isEmpty());
}
@Test
@Transactional
void testFindByPeriod_CoversL165() {
LocalDateTime now = LocalDateTime.now();
AuditLogEntity entity = buildEntity("user-qt-4", "admin", "realm1",
TypeActionAudit.USER_CREATE, true);
entity.setTimestamp(now);
entity.persist();
List<AuditLogEntity> results = AuditLogEntity.findByPeriod(now.minusSeconds(5), now.plusSeconds(5));
assertNotNull(results);
}
@Test
@Transactional
void testFindByRealm_CoversL175() {
AuditLogEntity entity = buildEntity("user-qt-5", "admin", "realm-qt-test",
TypeActionAudit.REALM_ASSIGN, true);
entity.persist();
List<AuditLogEntity> results = AuditLogEntity.findByRealm("realm-qt-test");
assertNotNull(results);
assertFalse(results.isEmpty());
}
@Test
@Transactional
void testDeleteOlderThan_CoversL186() {
AuditLogEntity entity = buildEntity("user-qt-6", "admin", "realm1",
TypeActionAudit.USER_CREATE, true);
entity.setTimestamp(LocalDateTime.now().minusDays(365));
entity.persist();
long deleted = AuditLogEntity.deleteOlderThan(LocalDateTime.now().minusDays(1));
assertTrue(deleted >= 0);
}
@Test
@Transactional
void testCountByAuteur_CoversL196() {
AuditLogEntity entity = buildEntity("user-qt-7", "count-auteur-qt", "realm1",
TypeActionAudit.USER_CREATE, true);
entity.persist();
long count = AuditLogEntity.countByAuteur("count-auteur-qt");
assertTrue(count >= 1);
}
@Test
@Transactional
void testCountFailuresByUserId_CoversL207() {
AuditLogEntity failEntity = buildEntity("user-qt-fail", "admin", "realm1",
TypeActionAudit.USER_CREATE, false);
failEntity.persist();
long failures = AuditLogEntity.countFailuresByUserId("user-qt-fail");
assertTrue(failures >= 1);
}
@Test
@Transactional
void testCountFailuresByUserId_NoFailures() {
long failures = AuditLogEntity.countFailuresByUserId("user-qt-nonexistent-9999");
assertEquals(0, failures);
}
}

246
src/test/java/dev/lions/user/manager/server/impl/entity/EntitiesTest.java Normal file
View File

@@ -0,0 +1,246 @@
package dev.lions.user.manager.server.impl.entity;
import dev.lions.user.manager.enums.audit.TypeActionAudit;
import io.quarkus.hibernate.orm.panache.PanacheEntityBase;
import org.junit.jupiter.api.Test;
import org.mockito.MockedStatic;
import java.time.LocalDateTime;
import java.util.ArrayList;
import static org.junit.jupiter.api.Assertions.*;
import static org.mockito.ArgumentMatchers.any;
import static org.mockito.ArgumentMatchers.anyString;
import static org.mockito.Mockito.mockStatic;
/**
* Tests pour les entités JPA (getters/setters Lombok @Data).
* Les entités étendent PanacheEntity mais peuvent être instanciées sans contexte CDI.
*/
class EntitiesTest {
// ===================== AuditLogEntity =====================
@Test
void testAuditLogEntity_GettersSetters() {
AuditLogEntity entity = new AuditLogEntity();
entity.setRealmName("test-realm");
entity.setAction(TypeActionAudit.USER_CREATE);
entity.setUserId("user-1");
entity.setAuteurAction("admin");
entity.setDetails("Test action");
entity.setSuccess(true);
entity.setErrorMessage(null);
entity.setIpAddress("127.0.0.1");
entity.setUserAgent("Mozilla/5.0");
LocalDateTime now = LocalDateTime.now();
entity.setTimestamp(now);
assertEquals("test-realm", entity.getRealmName());
assertEquals(TypeActionAudit.USER_CREATE, entity.getAction());
assertEquals("user-1", entity.getUserId());
assertEquals("admin", entity.getAuteurAction());
assertEquals("Test action", entity.getDetails());
assertTrue(entity.getSuccess());
assertNull(entity.getErrorMessage());
assertEquals("127.0.0.1", entity.getIpAddress());
assertEquals("Mozilla/5.0", entity.getUserAgent());
assertEquals(now, entity.getTimestamp());
}
@Test
void testAuditLogEntity_Equals_HashCode() {
AuditLogEntity e1 = new AuditLogEntity();
e1.setRealmName("realm");
AuditLogEntity e2 = new AuditLogEntity();
e2.setRealmName("realm");
// @Data génère equals/hashCode basés sur les champs
assertNotNull(e1.toString());
assertNotNull(e1.hashCode());
}
@Test
void testAuditLogEntity_ErrorMessage() {
AuditLogEntity entity = new AuditLogEntity();
entity.setErrorMessage("Connection failed");
entity.setSuccess(false);
assertEquals("Connection failed", entity.getErrorMessage());
assertFalse(entity.getSuccess());
}
// ===================== SyncHistoryEntity =====================
@Test
void testSyncHistoryEntity_Constructor_SetsSyncDate() {
SyncHistoryEntity entity = new SyncHistoryEntity();
// Le constructeur initialise syncDate à now()
assertNotNull(entity.getSyncDate());
assertTrue(entity.getSyncDate().isBefore(LocalDateTime.now().plusSeconds(1)));
}
@Test
void testSyncHistoryEntity_GettersSetters() {
SyncHistoryEntity entity = new SyncHistoryEntity();
LocalDateTime syncDate = LocalDateTime.now().minusMinutes(5);
entity.setRealmName("my-realm");
entity.setSyncDate(syncDate);
entity.setSyncType("USER");
entity.setStatus("SUCCESS");
entity.setItemsProcessed(42);
entity.setDurationMs(1500L);
entity.setErrorMessage(null);
assertEquals("my-realm", entity.getRealmName());
assertEquals(syncDate, entity.getSyncDate());
assertEquals("USER", entity.getSyncType());
assertEquals("SUCCESS", entity.getStatus());
assertEquals(42, entity.getItemsProcessed());
assertEquals(1500L, entity.getDurationMs());
assertNull(entity.getErrorMessage());
}
@Test
void testSyncHistoryEntity_WithError() {
SyncHistoryEntity entity = new SyncHistoryEntity();
entity.setStatus("FAILURE");
entity.setErrorMessage("Connection refused");
assertEquals("FAILURE", entity.getStatus());
assertEquals("Connection refused", entity.getErrorMessage());
assertNotNull(entity.toString());
}
// ===================== SyncedRoleEntity =====================
@Test
void testSyncedRoleEntity_GettersSetters() {
SyncedRoleEntity entity = new SyncedRoleEntity();
entity.setRealmName("lions");
entity.setRoleName("admin");
entity.setDescription("Administrator role");
assertEquals("lions", entity.getRealmName());
assertEquals("admin", entity.getRoleName());
assertEquals("Administrator role", entity.getDescription());
assertNotNull(entity.toString());
}
@Test
void testSyncedRoleEntity_NullDescription() {
SyncedRoleEntity entity = new SyncedRoleEntity();
entity.setRealmName("realm");
entity.setRoleName("viewer");
entity.setDescription(null);
assertNull(entity.getDescription());
assertEquals("viewer", entity.getRoleName());
}
@Test
void testSyncedRoleEntity_Equals() {
SyncedRoleEntity e1 = new SyncedRoleEntity();
e1.setRealmName("realm");
e1.setRoleName("admin");
// @EqualsAndHashCode(callSuper = true) → délègue à PanacheEntityBase (identité objet)
assertEquals(e1, e1);
assertNotEquals(e1, new SyncedRoleEntity());
assertNotNull(e1.hashCode());
}
// ===================== SyncedUserEntity =====================
@Test
void testSyncedUserEntity_GettersSetters() {
SyncedUserEntity entity = new SyncedUserEntity();
LocalDateTime createdAt = LocalDateTime.now();
entity.setRealmName("lions");
entity.setKeycloakId("kc-123");
entity.setUsername("john.doe");
entity.setEmail("john@lions.dev");
entity.setEnabled(true);
entity.setEmailVerified(false);
entity.setCreatedAt(createdAt);
assertEquals("lions", entity.getRealmName());
assertEquals("kc-123", entity.getKeycloakId());
assertEquals("john.doe", entity.getUsername());
assertEquals("john@lions.dev", entity.getEmail());
assertTrue(entity.getEnabled());
assertFalse(entity.getEmailVerified());
assertEquals(createdAt, entity.getCreatedAt());
assertNotNull(entity.toString());
}
@Test
void testSyncedUserEntity_NullFields() {
SyncedUserEntity entity = new SyncedUserEntity();
entity.setRealmName("realm");
entity.setKeycloakId("kc-456");
entity.setUsername("user");
entity.setEmail(null);
entity.setEnabled(null);
entity.setEmailVerified(null);
entity.setCreatedAt(null);
assertNull(entity.getEmail());
assertNull(entity.getEnabled());
assertNull(entity.getEmailVerified());
assertNull(entity.getCreatedAt());
}
@Test
void testSyncedUserEntity_Equals() {
SyncedUserEntity e1 = new SyncedUserEntity();
e1.setKeycloakId("kc-1");
e1.setRealmName("realm");
e1.setUsername("user");
// @EqualsAndHashCode(callSuper = true) → délègue à PanacheEntityBase (identité objet)
assertEquals(e1, e1);
assertNotEquals(e1, new SyncedUserEntity());
assertNotNull(e1.hashCode());
}
// ===================== AuditLogEntity — méthodes Panache statiques =====================
/**
* Couvre AuditLogEntity L134, L144, L154, L165, L175, L186, L196, L207.
*
* Stratégie : mockStatic(PanacheEntityBase.class) — PAS AuditLogEntity.
* - mockStatic(PanacheEntityBase) retire les sondes JaCoCo de PanacheEntityBase (lib tierce, pas de souci).
* - Les sondes JaCoCo de AuditLogEntity restent INTACTES.
* - list/count/delete retournent une valeur au lieu de lancer RuntimeException.
* - L'exécution atteint l'areturn à offset 13 → sonde JaCoCo fire → ligne couverte.
* - Le cast (Object[]) any() désambiguïse le surclassement varargs de list/count/delete.
*/
@Test
@SuppressWarnings({"unchecked", "rawtypes"})
void testAuditLogEntity_PanacheStaticMethods_CoverLines() {
try (MockedStatic<PanacheEntityBase> panacheMocked = mockStatic(PanacheEntityBase.class)) {
panacheMocked.when(() -> PanacheEntityBase.list(anyString(), (Object[]) any()))
.thenReturn(new ArrayList<>());
panacheMocked.when(() -> PanacheEntityBase.delete(anyString(), (Object[]) any()))
.thenReturn(0L);
panacheMocked.when(() -> PanacheEntityBase.count(anyString(), (Object[]) any()))
.thenReturn(0L);
LocalDateTime now = LocalDateTime.now();
assertNotNull(AuditLogEntity.findByUserId("u1")); // L134
assertNotNull(AuditLogEntity.findByAction(TypeActionAudit.USER_CREATE)); // L144
assertNotNull(AuditLogEntity.findByAuteur("admin")); // L154
assertNotNull(AuditLogEntity.findByPeriod(now.minusDays(1), now)); // L165
assertNotNull(AuditLogEntity.findByRealm("realm")); // L175
AuditLogEntity.deleteOlderThan(now.minusDays(30)); // L186
AuditLogEntity.countByAuteur("admin"); // L196
AuditLogEntity.countFailuresByUserId("u1"); // L207
}
}
}

206
src/test/java/dev/lions/user/manager/server/impl/interceptor/AuditInterceptorTest.java Normal file
View File

@@ -0,0 +1,206 @@
package dev.lions.user.manager.server.impl.interceptor;
import dev.lions.user.manager.enums.audit.TypeActionAudit;
import dev.lions.user.manager.service.AuditService;
import io.quarkus.security.identity.SecurityIdentity;
import jakarta.interceptor.InvocationContext;
import org.eclipse.microprofile.jwt.JsonWebToken;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.extension.ExtendWith;
import org.mockito.Mock;
import org.mockito.junit.jupiter.MockitoExtension;
import org.mockito.junit.jupiter.MockitoSettings;
import org.mockito.quality.Strictness;
import java.lang.reflect.Field;
import java.lang.reflect.Method;
import java.security.Principal;
import static org.junit.jupiter.api.Assertions.*;
import static org.mockito.ArgumentMatchers.*;
import static org.mockito.Mockito.*;
@ExtendWith(MockitoExtension.class)
@MockitoSettings(strictness = Strictness.LENIENT)
class AuditInterceptorTest {
@Mock
AuditService auditService;
@Mock
SecurityIdentity securityIdentity;
@Mock
InvocationContext invocationContext;
AuditInterceptor auditInterceptor;
@BeforeEach
void setUp() throws Exception {
auditInterceptor = new AuditInterceptor();
setField("auditService", auditService);
setField("securityIdentity", securityIdentity);
}
private void setField(String name, Object value) throws Exception {
Field field = AuditInterceptor.class.getDeclaredField(name);
field.setAccessible(true);
field.set(auditInterceptor, value);
}
@Logged(action = "USER_CREATE", resource = "USER")
public void annotatedMethod() {}
public void nonAnnotatedMethod() {}
@Test
void testAuditMethod_Success_AnonymousUser() throws Exception {
Method method = getClass().getDeclaredMethod("annotatedMethod");
when(invocationContext.getMethod()).thenReturn(method);
when(invocationContext.getTarget()).thenReturn(this);
when(invocationContext.getParameters()).thenReturn(new Object[0]);
when(invocationContext.proceed()).thenReturn("result");
when(securityIdentity.isAnonymous()).thenReturn(true);
Object result = auditInterceptor.auditMethod(invocationContext);
assertEquals("result", result);
verify(auditService).logSuccess(eq(TypeActionAudit.USER_CREATE), eq("USER"),
any(), any(), any(), eq("anonymous"), any());
}
@Test
void testAuditMethod_Success_AuthenticatedUser_WithStringParam() throws Exception {
Method method = getClass().getDeclaredMethod("annotatedMethod");
when(invocationContext.getMethod()).thenReturn(method);
when(invocationContext.getTarget()).thenReturn(this);
when(invocationContext.getParameters()).thenReturn(new Object[]{"user-123"});
when(invocationContext.proceed()).thenReturn(null);
Principal principal = () -> "admin-user";
when(securityIdentity.isAnonymous()).thenReturn(false);
when(securityIdentity.getPrincipal()).thenReturn(principal);
auditInterceptor.auditMethod(invocationContext);
verify(auditService).logSuccess(any(), any(), eq("user-123"), any(), any(), eq("admin-user"), any());
}
@Test
void testAuditMethod_Success_JwtUser_RealmExtracted() throws Exception {
Method method = getClass().getDeclaredMethod("annotatedMethod");
when(invocationContext.getMethod()).thenReturn(method);
when(invocationContext.getTarget()).thenReturn(this);
when(invocationContext.getParameters()).thenReturn(new Object[0]);
when(invocationContext.proceed()).thenReturn(null);
JsonWebToken jwt = mock(JsonWebToken.class);
when(jwt.getName()).thenReturn("jwt-user");
when(jwt.getIssuer()).thenReturn("http://keycloak:8080/realms/test-realm");
when(securityIdentity.isAnonymous()).thenReturn(false);
when(securityIdentity.getPrincipal()).thenReturn(jwt);
auditInterceptor.auditMethod(invocationContext);
verify(auditService).logSuccess(any(), any(), any(), any(), eq("test-realm"), eq("jwt-user"), any());
}
@Test
void testAuditMethod_Success_JwtUser_NoRealmsInIssuer() throws Exception {
Method method = getClass().getDeclaredMethod("annotatedMethod");
when(invocationContext.getMethod()).thenReturn(method);
when(invocationContext.getTarget()).thenReturn(this);
when(invocationContext.getParameters()).thenReturn(new Object[0]);
when(invocationContext.proceed()).thenReturn(null);
JsonWebToken jwt = mock(JsonWebToken.class);
when(jwt.getName()).thenReturn("jwt-user");
when(jwt.getIssuer()).thenReturn("http://other-issuer.com");
when(securityIdentity.isAnonymous()).thenReturn(false);
when(securityIdentity.getPrincipal()).thenReturn(jwt);
auditInterceptor.auditMethod(invocationContext);
verify(auditService).logSuccess(any(), any(), any(), any(), eq("unknown"), any(), any());
}
@Test
void testAuditMethod_Success_JwtUser_NullIssuer() throws Exception {
Method method = getClass().getDeclaredMethod("annotatedMethod");
when(invocationContext.getMethod()).thenReturn(method);
when(invocationContext.getTarget()).thenReturn(this);
when(invocationContext.getParameters()).thenReturn(new Object[0]);
when(invocationContext.proceed()).thenReturn(null);
JsonWebToken jwt = mock(JsonWebToken.class);
when(jwt.getName()).thenReturn("jwt-user");
when(jwt.getIssuer()).thenReturn(null);
when(securityIdentity.isAnonymous()).thenReturn(false);
when(securityIdentity.getPrincipal()).thenReturn(jwt);
auditInterceptor.auditMethod(invocationContext);
verify(auditService).logSuccess(any(), any(), any(), any(), eq("unknown"), any(), any());
}
@Test
void testAuditMethod_Failure_Exception() throws Exception {
Method method = getClass().getDeclaredMethod("annotatedMethod");
when(invocationContext.getMethod()).thenReturn(method);
when(invocationContext.getTarget()).thenReturn(this);
when(invocationContext.getParameters()).thenReturn(new Object[0]);
when(securityIdentity.isAnonymous()).thenReturn(true);
when(invocationContext.proceed()).thenThrow(new RuntimeException("Service unavailable"));
assertThrows(RuntimeException.class, () -> auditInterceptor.auditMethod(invocationContext));
verify(auditService).logFailure(eq(TypeActionAudit.USER_CREATE), eq("USER"),
any(), any(), any(), eq("anonymous"), any(), eq("Service unavailable"));
}
@Test
void testAuditMethod_Success_UnknownAction_NoAnnotation() throws Exception {
// When method has no @Logged and class has no @Logged → action = "UNKNOWN"
// TypeActionAudit.valueOf("UNKNOWN") throws IllegalArgumentException → caught, logged as warning
Method method = getClass().getDeclaredMethod("nonAnnotatedMethod");
when(invocationContext.getMethod()).thenReturn(method);
when(invocationContext.getTarget()).thenReturn(this);
when(invocationContext.getParameters()).thenReturn(new Object[0]);
when(securityIdentity.isAnonymous()).thenReturn(true);
when(invocationContext.proceed()).thenReturn("ok");
Object result = auditInterceptor.auditMethod(invocationContext);
assertEquals("ok", result);
verify(auditService, never()).logSuccess(any(), any(), any(), any(), any(), any(), any());
}
@Test
void testAuditMethod_Failure_UnknownAction() throws Exception {
Method method = getClass().getDeclaredMethod("nonAnnotatedMethod");
when(invocationContext.getMethod()).thenReturn(method);
when(invocationContext.getTarget()).thenReturn(this);
when(invocationContext.getParameters()).thenReturn(new Object[0]);
when(securityIdentity.isAnonymous()).thenReturn(true);
when(invocationContext.proceed()).thenThrow(new RuntimeException("error"));
assertThrows(RuntimeException.class, () -> auditInterceptor.auditMethod(invocationContext));
verify(auditService, never()).logFailure(any(), any(), any(), any(), any(), any(), any(), any());
}
@Test
void testAuditMethod_Success_NonStringFirstParam() throws Exception {
Method method = getClass().getDeclaredMethod("annotatedMethod");
when(invocationContext.getMethod()).thenReturn(method);
when(invocationContext.getTarget()).thenReturn(this);
// First param is Integer, not String → resourceId should be ""
when(invocationContext.getParameters()).thenReturn(new Object[]{42});
when(invocationContext.proceed()).thenReturn(null);
when(securityIdentity.isAnonymous()).thenReturn(true);
auditInterceptor.auditMethod(invocationContext);
verify(auditService).logSuccess(any(), any(), eq(""), any(), any(), any(), any());
}
}

124
src/test/java/dev/lions/user/manager/server/impl/mapper/AuditLogMapperDefaultMethodsTest.java Normal file
View File

@@ -0,0 +1,124 @@
package dev.lions.user.manager.server.impl.mapper;
import org.junit.jupiter.api.Test;
import static org.junit.jupiter.api.Assertions.*;
/**
* Tests for default methods in AuditLogMapper and SyncHistoryMapper interfaces.
* These default methods are NOT generated by MapStruct and must be tested via anonymous implementations.
*/
class AuditLogMapperDefaultMethodsTest {
// Create anonymous implementation of AuditLogMapper to test default methods
private final AuditLogMapper auditLogMapper = new AuditLogMapper() {
@Override
public dev.lions.user.manager.dto.audit.AuditLogDTO toDTO(dev.lions.user.manager.server.impl.entity.AuditLogEntity entity) {
return null;
}
@Override
public dev.lions.user.manager.server.impl.entity.AuditLogEntity toEntity(dev.lions.user.manager.dto.audit.AuditLogDTO dto) {
return null;
}
@Override
public java.util.List<dev.lions.user.manager.dto.audit.AuditLogDTO> toDTOList(java.util.List<dev.lions.user.manager.server.impl.entity.AuditLogEntity> entities) {
return null;
}
@Override
public java.util.List<dev.lions.user.manager.server.impl.entity.AuditLogEntity> toEntityList(java.util.List<dev.lions.user.manager.dto.audit.AuditLogDTO> dtos) {
return null;
}
@Override
public void updateEntityFromDTO(dev.lions.user.manager.dto.audit.AuditLogDTO dto, dev.lions.user.manager.server.impl.entity.AuditLogEntity entity) {
}
};
// Create anonymous implementation of SyncHistoryMapper to test default methods
private final SyncHistoryMapper syncHistoryMapper = new SyncHistoryMapper() {
@Override
public dev.lions.user.manager.dto.sync.SyncHistoryDTO toDTO(dev.lions.user.manager.server.impl.entity.SyncHistoryEntity entity) {
return null;
}
@Override
public java.util.List<dev.lions.user.manager.dto.sync.SyncHistoryDTO> toDTOList(java.util.List<dev.lions.user.manager.server.impl.entity.SyncHistoryEntity> entities) {
return null;
}
};
// AuditLogMapper.longToString() tests
@Test
void testLongToString_Null() {
assertNull(auditLogMapper.longToString(null));
}
@Test
void testLongToString_Value() {
assertEquals("123", auditLogMapper.longToString(123L));
}
@Test
void testLongToString_Zero() {
assertEquals("0", auditLogMapper.longToString(0L));
}
@Test
void testLongToString_LargeValue() {
assertEquals("9999999999", auditLogMapper.longToString(9999999999L));
}
// AuditLogMapper.stringToLong() tests
@Test
void testStringToLong_Null() {
assertNull(auditLogMapper.stringToLong(null));
}
@Test
void testStringToLong_Blank() {
assertNull(auditLogMapper.stringToLong(" "));
}
@Test
void testStringToLong_Empty() {
assertNull(auditLogMapper.stringToLong(""));
}
@Test
void testStringToLong_ValidNumber() {
assertEquals(456L, auditLogMapper.stringToLong("456"));
}
@Test
void testStringToLong_InvalidFormat() {
// Should return null and print warning instead of throwing
assertNull(auditLogMapper.stringToLong("not-a-number"));
}
@Test
void testStringToLong_WithLetters() {
assertNull(auditLogMapper.stringToLong("123abc"));
}
// SyncHistoryMapper.longToString() tests
@Test
void testSyncHistoryMapper_LongToString_Null() {
assertNull(syncHistoryMapper.longToString(null));
}
@Test
void testSyncHistoryMapper_LongToString_Value() {
assertEquals("1", syncHistoryMapper.longToString(1L));
}
@Test
void testSyncHistoryMapper_LongToString_LargeValue() {
assertEquals("100000", syncHistoryMapper.longToString(100000L));
}
}

110
src/test/java/dev/lions/user/manager/service/exception/KeycloakServiceExceptionTest.java Normal file
View File

@@ -0,0 +1,110 @@
package dev.lions.user.manager.service.exception;
import org.junit.jupiter.api.Test;
import static org.junit.jupiter.api.Assertions.*;
class KeycloakServiceExceptionTest {
@Test
void testConstructor_MessageOnly() {
KeycloakServiceException ex = new KeycloakServiceException("Test error");
assertEquals("Test error", ex.getMessage());
assertEquals(0, ex.getHttpStatus());
assertEquals("Keycloak", ex.getServiceName());
assertNull(ex.getCause());
}
@Test
void testConstructor_MessageAndCause() {
Throwable cause = new RuntimeException("Root cause");
KeycloakServiceException ex = new KeycloakServiceException("Test error", cause);
assertEquals("Test error", ex.getMessage());
assertEquals(0, ex.getHttpStatus());
assertEquals("Keycloak", ex.getServiceName());
assertSame(cause, ex.getCause());
}
@Test
void testConstructor_MessageAndStatus() {
KeycloakServiceException ex = new KeycloakServiceException("Not found", 404);
assertEquals("Not found", ex.getMessage());
assertEquals(404, ex.getHttpStatus());
assertEquals("Keycloak", ex.getServiceName());
assertNull(ex.getCause());
}
@Test
void testConstructor_MessageStatusAndCause() {
Throwable cause = new RuntimeException("Root cause");
KeycloakServiceException ex = new KeycloakServiceException("Server error", 500, cause);
assertEquals("Server error", ex.getMessage());
assertEquals(500, ex.getHttpStatus());
assertEquals("Keycloak", ex.getServiceName());
assertSame(cause, ex.getCause());
}
@Test
void testIsRuntimeException() {
KeycloakServiceException ex = new KeycloakServiceException("test");
assertInstanceOf(RuntimeException.class, ex);
}
// ServiceUnavailableException tests
@Test
void testServiceUnavailableException_MessageOnly() {
KeycloakServiceException.ServiceUnavailableException ex =
new KeycloakServiceException.ServiceUnavailableException("connection refused");
assertTrue(ex.getMessage().contains("Service Keycloak indisponible"));
assertTrue(ex.getMessage().contains("connection refused"));
assertEquals("Keycloak", ex.getServiceName());
assertEquals(0, ex.getHttpStatus());
}
@Test
void testServiceUnavailableException_MessageAndCause() {
Throwable cause = new RuntimeException("network error");
KeycloakServiceException.ServiceUnavailableException ex =
new KeycloakServiceException.ServiceUnavailableException("timeout", cause);
assertTrue(ex.getMessage().contains("Service Keycloak indisponible"));
assertTrue(ex.getMessage().contains("timeout"));
assertSame(cause, ex.getCause());
}
@Test
void testServiceUnavailableException_IsKeycloakServiceException() {
KeycloakServiceException.ServiceUnavailableException ex =
new KeycloakServiceException.ServiceUnavailableException("error");
assertInstanceOf(KeycloakServiceException.class, ex);
}
// TimeoutException tests
@Test
void testTimeoutException_MessageOnly() {
KeycloakServiceException.TimeoutException ex =
new KeycloakServiceException.TimeoutException("30s elapsed");
assertTrue(ex.getMessage().contains("Timeout"));
assertTrue(ex.getMessage().contains("30s elapsed"));
assertEquals("Keycloak", ex.getServiceName());
assertEquals(0, ex.getHttpStatus());
}
@Test
void testTimeoutException_MessageAndCause() {
Throwable cause = new java.net.SocketTimeoutException("read timed out");
KeycloakServiceException.TimeoutException ex =
new KeycloakServiceException.TimeoutException("connection timeout", cause);
assertTrue(ex.getMessage().contains("Timeout"));
assertTrue(ex.getMessage().contains("connection timeout"));
assertSame(cause, ex.getCause());
}
@Test
void testTimeoutException_IsKeycloakServiceException() {
KeycloakServiceException.TimeoutException ex =
new KeycloakServiceException.TimeoutException("error");
assertInstanceOf(KeycloakServiceException.class, ex);
}
}

233
src/test/java/dev/lions/user/manager/service/impl/AuditServiceImplAdditionalTest.java
View File

@@ -2,37 +2,69 @@ package dev.lions.user.manager.service.impl;
import dev.lions.user.manager.dto.audit.AuditLogDTO; import dev.lions.user.manager.dto.audit.AuditLogDTO;
import dev.lions.user.manager.enums.audit.TypeActionAudit; import dev.lions.user.manager.enums.audit.TypeActionAudit;
import dev.lions.user.manager.server.impl.entity.AuditLogEntity;
import dev.lions.user.manager.server.impl.mapper.AuditLogMapper;
import dev.lions.user.manager.server.impl.repository.AuditLogRepository;
import io.quarkus.hibernate.orm.panache.PanacheQuery;
import jakarta.persistence.EntityManager;
import jakarta.persistence.Query;
import org.junit.jupiter.api.BeforeEach; import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test; import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.extension.ExtendWith;
import org.mockito.InjectMocks;
import org.mockito.Mock;
import org.mockito.junit.jupiter.MockitoExtension;
import java.time.LocalDateTime; import java.time.LocalDateTime;
import java.util.Collections;
import java.util.List; import java.util.List;
import java.util.Map;
import static org.junit.jupiter.api.Assertions.*; import static org.junit.jupiter.api.Assertions.*;
import static org.mockito.ArgumentMatchers.*;
import static org.mockito.Mockito.*;
/** /**
* Tests supplémentaires pour AuditServiceImpl pour améliorer la couverture * Tests supplémentaires pour AuditServiceImpl pour améliorer la couverture
*/ */
@ExtendWith(MockitoExtension.class)
class AuditServiceImplAdditionalTest { class AuditServiceImplAdditionalTest {
private AuditServiceImpl auditService; @InjectMocks
AuditServiceImpl auditService;
@Mock
AuditLogRepository auditLogRepository;
@Mock
AuditLogMapper auditLogMapper;
@Mock
EntityManager entityManager;
@Mock
Query nativeQuery;
@Mock
PanacheQuery<AuditLogEntity> panacheQuery;
@BeforeEach @BeforeEach
void setUp() { void setUp() {
auditService = new AuditServiceImpl();
auditService.auditEnabled = true; auditService.auditEnabled = true;
auditService.logToDatabase = false; auditService.logToDatabase = false;
} }
@Test @Test
void testFindByActeur_WithDates() { void testFindByActeur_WithDates() {
auditService.logSuccess(TypeActionAudit.USER_CREATE, "USER", "1", "user1", "realm1", "admin", "Created");
auditService.logSuccess(TypeActionAudit.USER_UPDATE, "USER", "2", "user2", "realm1", "admin", "Updated");
LocalDateTime now = LocalDateTime.now(); LocalDateTime now = LocalDateTime.now();
LocalDateTime past = now.minusDays(1); LocalDateTime past = now.minusDays(1);
LocalDateTime future = now.plusDays(1); LocalDateTime future = now.plusDays(1);
AuditLogDTO dto = AuditLogDTO.builder().acteurUsername("admin").build();
when(auditLogRepository.search(any(), eq("admin"), any(), any(), any(), any(), anyInt(), anyInt()))
.thenReturn(List.of(new AuditLogEntity()));
when(auditLogMapper.toDTOList(anyList())).thenReturn(List.of(dto));
List<AuditLogDTO> logs = auditService.findByActeur("admin", past, future, 0, 10); List<AuditLogDTO> logs = auditService.findByActeur("admin", past, future, 0, 10);
assertNotNull(logs); assertNotNull(logs);
@@ -41,25 +73,31 @@ class AuditServiceImplAdditionalTest {
@Test @Test
void testFindByRealm_WithDates() { void testFindByRealm_WithDates() {
auditService.logSuccess(TypeActionAudit.USER_CREATE, "USER", "1", "user1", "realm1", "admin", "Created");
LocalDateTime now = LocalDateTime.now(); LocalDateTime now = LocalDateTime.now();
LocalDateTime past = now.minusDays(1); LocalDateTime past = now.minusDays(1);
LocalDateTime future = now.plusDays(1); LocalDateTime future = now.plusDays(1);
when(auditLogRepository.search(eq("realm1"), any(), any(), any(), any(), any(), anyInt(), anyInt()))
.thenReturn(Collections.emptyList());
when(auditLogMapper.toDTOList(anyList())).thenReturn(Collections.emptyList());
List<AuditLogDTO> logs = auditService.findByRealm("realm1", past, future, 0, 10); List<AuditLogDTO> logs = auditService.findByRealm("realm1", past, future, 0, 10);
assertNotNull(logs); assertNotNull(logs);
} }
@Test @Test
@SuppressWarnings("unchecked")
void testFindByRessource() { void testFindByRessource() {
auditService.logSuccess(TypeActionAudit.USER_CREATE, "USER", "1", "user1", "realm1", "admin", "Created");
LocalDateTime now = LocalDateTime.now(); LocalDateTime now = LocalDateTime.now();
LocalDateTime past = now.minusDays(1); LocalDateTime past = now.minusDays(1);
LocalDateTime future = now.plusDays(1); LocalDateTime future = now.plusDays(1);
when(auditLogRepository.find(anyString(), any(String.class), any(String.class))).thenReturn(panacheQuery);
when(panacheQuery.page(anyInt(), anyInt())).thenReturn(panacheQuery);
when(panacheQuery.list()).thenReturn(Collections.emptyList());
when(auditLogMapper.toDTOList(anyList())).thenReturn(Collections.emptyList());
List<AuditLogDTO> logs = auditService.findByRessource("USER", "1", past, future, 0, 10); List<AuditLogDTO> logs = auditService.findByRessource("USER", "1", past, future, 0, 10);
assertNotNull(logs); assertNotNull(logs);
@@ -67,14 +105,17 @@ class AuditServiceImplAdditionalTest {
@Test @Test
void testCountByActionType() { void testCountByActionType() {
auditService.logSuccess(TypeActionAudit.USER_CREATE, "USER", "1", "user1", "realm1", "admin", "Created");
auditService.logSuccess(TypeActionAudit.USER_CREATE, "USER", "2", "user2", "realm1", "admin", "Created");
LocalDateTime now = LocalDateTime.now(); LocalDateTime now = LocalDateTime.now();
LocalDateTime past = now.minusDays(1); LocalDateTime past = now.minusDays(1);
LocalDateTime future = now.plusDays(1); LocalDateTime future = now.plusDays(1);
java.util.Map<TypeActionAudit, Long> counts = auditService.countByActionType("realm1", past, future); when(entityManager.createNativeQuery(anyString())).thenReturn(nativeQuery);
when(nativeQuery.setParameter(anyString(), any())).thenReturn(nativeQuery);
List<Object> actionRows = new java.util.ArrayList<>();
actionRows.add(new Object[]{"USER_CREATE", 2L});
when(nativeQuery.getResultList()).thenReturn(actionRows);
Map<TypeActionAudit, Long> counts = auditService.countByActionType("realm1", past, future);
assertNotNull(counts); assertNotNull(counts);
assertTrue(counts.containsKey(TypeActionAudit.USER_CREATE)); assertTrue(counts.containsKey(TypeActionAudit.USER_CREATE));
@@ -82,28 +123,35 @@ class AuditServiceImplAdditionalTest {
@Test @Test
void testCountByActeur() { void testCountByActeur() {
auditService.logSuccess(TypeActionAudit.USER_CREATE, "USER", "1", "user1", "realm1", "admin", "Created");
auditService.logSuccess(TypeActionAudit.USER_UPDATE, "USER", "2", "user2", "realm1", "admin", "Updated");
LocalDateTime now = LocalDateTime.now(); LocalDateTime now = LocalDateTime.now();
LocalDateTime past = now.minusDays(1); LocalDateTime past = now.minusDays(1);
LocalDateTime future = now.plusDays(1); LocalDateTime future = now.plusDays(1);
java.util.Map<String, Long> counts = auditService.countByActeur("realm1", past, future); when(entityManager.createNativeQuery(anyString())).thenReturn(nativeQuery);
when(nativeQuery.setParameter(anyString(), any())).thenReturn(nativeQuery);
List<Object> acteurRows = new java.util.ArrayList<>();
acteurRows.add(new Object[]{"admin", 2L});
when(nativeQuery.getResultList()).thenReturn(acteurRows);
Map<String, Long> counts = auditService.countByActeur("realm1", past, future);
assertNotNull(counts); assertNotNull(counts);
} }
@Test @Test
void testCountSuccessVsFailure() { void testCountSuccessVsFailure() {
auditService.logSuccess(TypeActionAudit.USER_CREATE, "USER", "1", "user1", "realm1", "admin", "Created");
auditService.logFailure(TypeActionAudit.USER_CREATE, "USER", "2", "user2", "realm1", "admin", "Failed", "Error");
LocalDateTime now = LocalDateTime.now(); LocalDateTime now = LocalDateTime.now();
LocalDateTime past = now.minusDays(1); LocalDateTime past = now.minusDays(1);
LocalDateTime future = now.plusDays(1); LocalDateTime future = now.plusDays(1);
java.util.Map<String, Long> result = auditService.countSuccessVsFailure("realm1", past, future); when(entityManager.createNativeQuery(anyString())).thenReturn(nativeQuery);
when(nativeQuery.setParameter(anyString(), any())).thenReturn(nativeQuery);
List<Object> svfRows = new java.util.ArrayList<>();
svfRows.add(new Object[]{true, 1L});
svfRows.add(new Object[]{false, 1L});
when(nativeQuery.getResultList()).thenReturn(svfRows);
Map<String, Long> result = auditService.countSuccessVsFailure("realm1", past, future);
assertNotNull(result); assertNotNull(result);
assertTrue(result.containsKey("success")); assertTrue(result.containsKey("success"));
@@ -112,12 +160,14 @@ class AuditServiceImplAdditionalTest {
@Test @Test
void testExportToCSV() { void testExportToCSV() {
auditService.logSuccess(TypeActionAudit.USER_CREATE, "USER", "1", "user1", "realm1", "admin", "Created");
LocalDateTime now = LocalDateTime.now(); LocalDateTime now = LocalDateTime.now();
LocalDateTime past = now.minusDays(1); LocalDateTime past = now.minusDays(1);
LocalDateTime future = now.plusDays(1); LocalDateTime future = now.plusDays(1);
when(auditLogRepository.search(eq("realm1"), any(), any(), any(), any(), any(), anyInt(), anyInt()))
.thenReturn(Collections.emptyList());
when(auditLogMapper.toDTOList(anyList())).thenReturn(Collections.emptyList());
String csv = auditService.exportToCSV("realm1", past, future); String csv = auditService.exportToCSV("realm1", past, future);
assertNotNull(csv); assertNotNull(csv);
@@ -126,13 +176,9 @@ class AuditServiceImplAdditionalTest {
@Test @Test
void testPurgeOldLogs() { void testPurgeOldLogs() {
// Créer des logs anciens
for (int i = 0; i < 10; i++) {
auditService.logSuccess(TypeActionAudit.USER_CREATE, "USER", String.valueOf(i),
"user" + i, "realm1", "admin", "Created");
}
LocalDateTime cutoffDate = LocalDateTime.now().minusDays(30); LocalDateTime cutoffDate = LocalDateTime.now().minusDays(30);
when(auditLogRepository.delete(anyString(), (Object[]) any())).thenReturn(0L);
long purged = auditService.purgeOldLogs(cutoffDate); long purged = auditService.purgeOldLogs(cutoffDate);
assertTrue(purged >= 0); assertTrue(purged >= 0);
@@ -140,12 +186,135 @@ class AuditServiceImplAdditionalTest {
@Test @Test
void testGetTotalCount() { void testGetTotalCount() {
auditService.logSuccess(TypeActionAudit.USER_CREATE, "USER", "1", "user1", "realm1", "admin", "Created"); when(auditLogRepository.count()).thenReturn(2L);
auditService.logSuccess(TypeActionAudit.USER_UPDATE, "USER", "2", "user2", "realm1", "admin", "Updated");
long total = auditService.getTotalCount(); long total = auditService.getTotalCount();
assertEquals(2, total); assertEquals(2, total);
} }
}
@Test
void testLogSuccess() {
auditService.logSuccess(
TypeActionAudit.USER_CREATE,
"USER",
"user-1",
"John Doe",
"realm1",
"admin",
"Utilisateur créé"
);
// logSuccess calls logAction() which logs (no exception)
}
@Test
void testLogFailure() {
auditService.logFailure(
TypeActionAudit.USER_CREATE,
"USER",
"user-1",
"John Doe",
"realm1",
"admin",
"USER_ALREADY_EXISTS",
"L'utilisateur existe déjà"
);
// logFailure calls logAction() which logs (no exception)
}
@Test
void testLogAction_WithDatabase() {
auditService.logToDatabase = true;
AuditLogEntity entity = new AuditLogEntity();
entity.id = 1L;
when(auditLogMapper.toEntity(any())).thenReturn(entity);
doAnswer(invocation -> {
AuditLogEntity e = invocation.getArgument(0);
e.id = 42L;
return null;
}).when(auditLogRepository).persist(any(AuditLogEntity.class));
AuditLogDTO auditLog = AuditLogDTO.builder()
.typeAction(TypeActionAudit.USER_CREATE)
.acteurUsername("admin")
.realmName("realm1")
.ressourceType("USER")
.ressourceId("1")
.build();
AuditLogDTO result = auditService.logAction(auditLog);
assertNotNull(result);
verify(auditLogRepository).persist(any(AuditLogEntity.class));
}
@Test
void testLogAction_WithDatabase_PersistException() {
auditService.logToDatabase = true;
when(auditLogMapper.toEntity(any())).thenReturn(new AuditLogEntity());
doThrow(new RuntimeException("DB error")).when(auditLogRepository).persist(any(AuditLogEntity.class));
AuditLogDTO auditLog = AuditLogDTO.builder()
.typeAction(TypeActionAudit.USER_CREATE)
.acteurUsername("admin")
.realmName("realm1")
.ressourceType("USER")
.ressourceId("1")
.dateAction(java.time.LocalDateTime.now())
.build();
// Should not throw — exception is caught and logged
AuditLogDTO result = auditService.logAction(auditLog);
assertNotNull(result);
}
@Test
void testCountByActionType_UnknownAction() {
LocalDateTime past = LocalDateTime.now().minusDays(1);
LocalDateTime future = LocalDateTime.now().plusDays(1);
when(entityManager.createNativeQuery(anyString())).thenReturn(nativeQuery);
when(nativeQuery.setParameter(anyString(), any())).thenReturn(nativeQuery);
java.util.List<Object> rows = new java.util.ArrayList<>();
rows.add(new Object[]{"UNKNOWN_ACTION", 1L});
when(nativeQuery.getResultList()).thenReturn(rows);
var counts = auditService.countByActionType("realm1", past, future);
assertNotNull(counts);
assertTrue(counts.isEmpty()); // unknown action is ignored
}
@Test
void testCountByActionType_NullDates() {
when(entityManager.createNativeQuery(anyString())).thenReturn(nativeQuery);
when(nativeQuery.setParameter(anyString(), any())).thenReturn(nativeQuery);
when(nativeQuery.getResultList()).thenReturn(java.util.Collections.emptyList());
var counts = auditService.countByActionType("realm1", null, null);
assertNotNull(counts);
}
@Test
void testCountByActeur_NullDates() {
when(entityManager.createNativeQuery(anyString())).thenReturn(nativeQuery);
when(nativeQuery.setParameter(anyString(), any())).thenReturn(nativeQuery);
when(nativeQuery.getResultList()).thenReturn(java.util.Collections.emptyList());
var counts = auditService.countByActeur("realm1", null, null);
assertNotNull(counts);
}
@Test
void testCountSuccessVsFailure_NullDates() {
when(entityManager.createNativeQuery(anyString())).thenReturn(nativeQuery);
when(nativeQuery.setParameter(anyString(), any())).thenReturn(nativeQuery);
when(nativeQuery.getResultList()).thenReturn(java.util.Collections.emptyList());
var result = auditService.countSuccessVsFailure("realm1", null, null);
assertNotNull(result);
assertEquals(0L, result.get("success"));
assertEquals(0L, result.get("failure"));
}
}

189
src/test/java/dev/lions/user/manager/service/impl/AuditServiceImplCompleteTest.java
View File

@@ -2,26 +2,47 @@ package dev.lions.user.manager.service.impl;
import dev.lions.user.manager.dto.audit.AuditLogDTO; import dev.lions.user.manager.dto.audit.AuditLogDTO;
import dev.lions.user.manager.enums.audit.TypeActionAudit; import dev.lions.user.manager.enums.audit.TypeActionAudit;
import dev.lions.user.manager.server.impl.entity.AuditLogEntity;
import dev.lions.user.manager.server.impl.mapper.AuditLogMapper;
import dev.lions.user.manager.server.impl.repository.AuditLogRepository;
import jakarta.persistence.EntityManager;
import org.junit.jupiter.api.BeforeEach; import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test; import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.extension.ExtendWith;
import org.mockito.InjectMocks;
import org.mockito.Mock;
import org.mockito.junit.jupiter.MockitoExtension;
import java.time.LocalDateTime; import java.time.LocalDateTime;
import java.util.Collections;
import java.util.List; import java.util.List;
import java.util.Map; import java.util.Map;
import static org.junit.jupiter.api.Assertions.*; import static org.junit.jupiter.api.Assertions.*;
import static org.mockito.ArgumentMatchers.*;
import static org.mockito.Mockito.*;
/** /**
* Tests complets pour AuditServiceImpl pour atteindre 100% de couverture * Tests complets pour AuditServiceImpl pour atteindre 100% de couverture
* Couvre les branches manquantes : auditEnabled=false, acteurUsername="*", dates null, etc. * Couvre les branches manquantes : auditEnabled=false, acteurUsername="*", dates null, etc.
*/ */
@ExtendWith(MockitoExtension.class)
class AuditServiceImplCompleteTest { class AuditServiceImplCompleteTest {
private AuditServiceImpl auditService; @InjectMocks
AuditServiceImpl auditService;
@Mock
AuditLogRepository auditLogRepository;
@Mock
AuditLogMapper auditLogMapper;
@Mock
EntityManager entityManager;
@BeforeEach @BeforeEach
void setUp() { void setUp() {
auditService = new AuditServiceImpl();
auditService.auditEnabled = true; auditService.auditEnabled = true;
auditService.logToDatabase = false; auditService.logToDatabase = false;
} }
@@ -29,7 +50,7 @@ class AuditServiceImplCompleteTest {
@Test @Test
void testLogAction_AuditDisabled() { void testLogAction_AuditDisabled() {
auditService.auditEnabled = false; auditService.auditEnabled = false;
AuditLogDTO auditLog = AuditLogDTO.builder() AuditLogDTO auditLog = AuditLogDTO.builder()
.typeAction(TypeActionAudit.USER_CREATE) .typeAction(TypeActionAudit.USER_CREATE)
.acteurUsername("admin") .acteurUsername("admin")
@@ -69,14 +90,16 @@ class AuditServiceImplCompleteTest {
@Test @Test
void testSearchLogs_WithWildcardActeur() { void testSearchLogs_WithWildcardActeur() {
auditService.logSuccess(TypeActionAudit.USER_CREATE, "USER", "1", "user1", "realm1", "admin", "Created");
auditService.logSuccess(TypeActionAudit.USER_UPDATE, "USER", "2", "user2", "realm1", "user2", "Updated");
LocalDateTime now = LocalDateTime.now(); LocalDateTime now = LocalDateTime.now();
LocalDateTime past = now.minusDays(1); LocalDateTime past = now.minusDays(1);
LocalDateTime future = now.plusDays(1); LocalDateTime future = now.plusDays(1);
// Test avec acteurUsername = "*" (wildcard) AuditLogDTO dto1 = AuditLogDTO.builder().acteurUsername("admin").typeAction(TypeActionAudit.USER_CREATE).build();
AuditLogDTO dto2 = AuditLogDTO.builder().acteurUsername("user2").typeAction(TypeActionAudit.USER_UPDATE).build();
when(auditLogRepository.search(any(), eq("*"), any(), any(), any(), any(), anyInt(), anyInt()))
.thenReturn(List.of(new AuditLogEntity(), new AuditLogEntity()));
when(auditLogMapper.toDTOList(anyList())).thenReturn(List.of(dto1, dto2));
List<AuditLogDTO> logs = auditService.findByActeur("*", past, future, 0, 10); List<AuditLogDTO> logs = auditService.findByActeur("*", past, future, 0, 10);
assertNotNull(logs); assertNotNull(logs);
@@ -85,9 +108,11 @@ class AuditServiceImplCompleteTest {
@Test @Test
void testSearchLogs_WithNullDates() { void testSearchLogs_WithNullDates() {
auditService.logSuccess(TypeActionAudit.USER_CREATE, "USER", "1", "user1", "realm1", "admin", "Created"); AuditLogDTO dto = AuditLogDTO.builder().acteurUsername("admin").build();
when(auditLogRepository.search(any(), eq("admin"), isNull(), isNull(), any(), any(), anyInt(), anyInt()))
.thenReturn(List.of(new AuditLogEntity()));
when(auditLogMapper.toDTOList(anyList())).thenReturn(List.of(dto));
// Test avec dates null
List<AuditLogDTO> logs = auditService.findByActeur("admin", null, null, 0, 10); List<AuditLogDTO> logs = auditService.findByActeur("admin", null, null, 0, 10);
assertNotNull(logs); assertNotNull(logs);
@@ -96,14 +121,14 @@ class AuditServiceImplCompleteTest {
@Test @Test
void testSearchLogs_WithNullTypeAction() { void testSearchLogs_WithNullTypeAction() {
auditService.logSuccess(TypeActionAudit.USER_CREATE, "USER", "1", "user1", "realm1", "admin", "Created");
auditService.logSuccess(TypeActionAudit.USER_UPDATE, "USER", "2", "user2", "realm1", "admin", "Updated");
LocalDateTime now = LocalDateTime.now(); LocalDateTime now = LocalDateTime.now();
LocalDateTime past = now.minusDays(1); LocalDateTime past = now.minusDays(1);
LocalDateTime future = now.plusDays(1); LocalDateTime future = now.plusDays(1);
// Test avec typeAction null (via findByRealm qui ne filtre pas par typeAction) when(auditLogRepository.search(eq("realm1"), any(), any(), any(), any(), any(), anyInt(), anyInt()))
.thenReturn(Collections.emptyList());
when(auditLogMapper.toDTOList(anyList())).thenReturn(Collections.emptyList());
List<AuditLogDTO> logs = auditService.findByRealm("realm1", past, future, 0, 10); List<AuditLogDTO> logs = auditService.findByRealm("realm1", past, future, 0, 10);
assertNotNull(logs); assertNotNull(logs);
@@ -111,13 +136,14 @@ class AuditServiceImplCompleteTest {
@Test @Test
void testSearchLogs_WithNullRessourceType() { void testSearchLogs_WithNullRessourceType() {
auditService.logSuccess(TypeActionAudit.USER_CREATE, "USER", "1", "user1", "realm1", "admin", "Created");
LocalDateTime now = LocalDateTime.now(); LocalDateTime now = LocalDateTime.now();
LocalDateTime past = now.minusDays(1); LocalDateTime past = now.minusDays(1);
LocalDateTime future = now.plusDays(1); LocalDateTime future = now.plusDays(1);
// Test avec ressourceType null (via findByRealm) when(auditLogRepository.search(eq("realm1"), any(), any(), any(), any(), any(), anyInt(), anyInt()))
.thenReturn(Collections.emptyList());
when(auditLogMapper.toDTOList(anyList())).thenReturn(Collections.emptyList());
List<AuditLogDTO> logs = auditService.findByRealm("realm1", past, future, 0, 10); List<AuditLogDTO> logs = auditService.findByRealm("realm1", past, future, 0, 10);
assertNotNull(logs); assertNotNull(logs);
@@ -125,13 +151,18 @@ class AuditServiceImplCompleteTest {
@Test @Test
void testFindFailures() { void testFindFailures() {
auditService.logSuccess(TypeActionAudit.USER_CREATE, "USER", "1", "user1", "realm1", "admin", "Created");
auditService.logFailure(TypeActionAudit.USER_CREATE, "USER", "2", "user2", "realm1", "admin", "Failed", "Error");
LocalDateTime now = LocalDateTime.now(); LocalDateTime now = LocalDateTime.now();
LocalDateTime past = now.minusDays(1); LocalDateTime past = now.minusDays(1);
LocalDateTime future = now.plusDays(1); LocalDateTime future = now.plusDays(1);
AuditLogDTO failureDto = AuditLogDTO.builder()
.typeAction(TypeActionAudit.USER_CREATE)
.success(false)
.build();
when(auditLogRepository.search(eq("realm1"), any(), any(), any(), any(), eq(false), anyInt(), anyInt()))
.thenReturn(List.of(new AuditLogEntity()));
when(auditLogMapper.toDTOList(anyList())).thenReturn(List.of(failureDto));
List<AuditLogDTO> failures = auditService.findFailures("realm1", past, future, 0, 10); List<AuditLogDTO> failures = auditService.findFailures("realm1", past, future, 0, 10);
assertNotNull(failures); assertNotNull(failures);
@@ -141,12 +172,18 @@ class AuditServiceImplCompleteTest {
@Test @Test
void testFindCriticalActions_UserDelete() { void testFindCriticalActions_UserDelete() {
auditService.logSuccess(TypeActionAudit.USER_DELETE, "USER", "1", "user1", "realm1", "admin", "Deleted");
LocalDateTime now = LocalDateTime.now(); LocalDateTime now = LocalDateTime.now();
LocalDateTime past = now.minusDays(1); LocalDateTime past = now.minusDays(1);
LocalDateTime future = now.plusDays(1); LocalDateTime future = now.plusDays(1);
AuditLogDTO deleteDto = AuditLogDTO.builder()
.typeAction(TypeActionAudit.USER_DELETE)
.success(false)
.build();
when(auditLogRepository.search(eq("realm1"), any(), any(), any(), any(), eq(false), anyInt(), anyInt()))
.thenReturn(List.of(new AuditLogEntity()));
when(auditLogMapper.toDTOList(anyList())).thenReturn(List.of(deleteDto));
List<AuditLogDTO> critical = auditService.findCriticalActions("realm1", past, future, 0, 10); List<AuditLogDTO> critical = auditService.findCriticalActions("realm1", past, future, 0, 10);
assertNotNull(critical); assertNotNull(critical);
@@ -156,12 +193,18 @@ class AuditServiceImplCompleteTest {
@Test @Test
void testFindCriticalActions_RoleDelete() { void testFindCriticalActions_RoleDelete() {
auditService.logSuccess(TypeActionAudit.ROLE_DELETE, "ROLE", "1", "role1", "realm1", "admin", "Deleted");
LocalDateTime now = LocalDateTime.now(); LocalDateTime now = LocalDateTime.now();
LocalDateTime past = now.minusDays(1); LocalDateTime past = now.minusDays(1);
LocalDateTime future = now.plusDays(1); LocalDateTime future = now.plusDays(1);
AuditLogDTO deleteDto = AuditLogDTO.builder()
.typeAction(TypeActionAudit.ROLE_DELETE)
.success(false)
.build();
when(auditLogRepository.search(eq("realm1"), any(), any(), any(), any(), eq(false), anyInt(), anyInt()))
.thenReturn(List.of(new AuditLogEntity()));
when(auditLogMapper.toDTOList(anyList())).thenReturn(List.of(deleteDto));
List<AuditLogDTO> critical = auditService.findCriticalActions("realm1", past, future, 0, 10); List<AuditLogDTO> critical = auditService.findCriticalActions("realm1", past, future, 0, 10);
assertNotNull(critical); assertNotNull(critical);
@@ -171,12 +214,18 @@ class AuditServiceImplCompleteTest {
@Test @Test
void testFindCriticalActions_SessionRevokeAll() { void testFindCriticalActions_SessionRevokeAll() {
auditService.logSuccess(TypeActionAudit.SESSION_REVOKE_ALL, "SESSION", "1", "session1", "realm1", "admin", "Revoked");
LocalDateTime now = LocalDateTime.now(); LocalDateTime now = LocalDateTime.now();
LocalDateTime past = now.minusDays(1); LocalDateTime past = now.minusDays(1);
LocalDateTime future = now.plusDays(1); LocalDateTime future = now.plusDays(1);
AuditLogDTO revokeDto = AuditLogDTO.builder()
.typeAction(TypeActionAudit.SESSION_REVOKE_ALL)
.success(false)
.build();
when(auditLogRepository.search(eq("realm1"), any(), any(), any(), any(), eq(false), anyInt(), anyInt()))
.thenReturn(List.of(new AuditLogEntity()));
when(auditLogMapper.toDTOList(anyList())).thenReturn(List.of(revokeDto));
List<AuditLogDTO> critical = auditService.findCriticalActions("realm1", past, future, 0, 10); List<AuditLogDTO> critical = auditService.findCriticalActions("realm1", past, future, 0, 10);
assertNotNull(critical); assertNotNull(critical);
@@ -186,65 +235,54 @@ class AuditServiceImplCompleteTest {
@Test @Test
void testFindCriticalActions_WithDateFilters() { void testFindCriticalActions_WithDateFilters() {
LocalDateTime oldDate = LocalDateTime.now().minusDays(10);
LocalDateTime now = LocalDateTime.now(); LocalDateTime now = LocalDateTime.now();
LocalDateTime past = now.minusDays(1); LocalDateTime past = now.minusDays(1);
LocalDateTime future = now.plusDays(1); LocalDateTime future = now.plusDays(1);
// Créer un log ancien (hors de la plage) AuditLogDTO deleteDto = AuditLogDTO.builder()
AuditLogDTO oldLog = AuditLogDTO.builder() .typeAction(TypeActionAudit.USER_DELETE)
.typeAction(TypeActionAudit.USER_DELETE) .success(false)
.acteurUsername("admin") .build();
.dateAction(oldDate) when(auditLogRepository.search(eq("realm1"), any(), any(), any(), any(), eq(false), anyInt(), anyInt()))
.build(); .thenReturn(List.of(new AuditLogEntity()));
auditService.logAction(oldLog); when(auditLogMapper.toDTOList(anyList())).thenReturn(List.of(deleteDto));
// Créer un log récent (dans la plage)
auditService.logSuccess(TypeActionAudit.USER_DELETE, "USER", "2", "user2", "realm1", "admin", "Deleted");
List<AuditLogDTO> critical = auditService.findCriticalActions("realm1", past, future, 0, 10); List<AuditLogDTO> critical = auditService.findCriticalActions("realm1", past, future, 0, 10);
assertNotNull(critical); assertNotNull(critical);
// Seul le log récent devrait être retourné
assertTrue(critical.size() >= 1); assertTrue(critical.size() >= 1);
} }
@Test @Test
void testGetAuditStatistics() { void testGetAuditStatistics() {
auditService.logSuccess(TypeActionAudit.USER_CREATE, "USER", "1", "user1", "realm1", "admin", "Created");
auditService.logFailure(TypeActionAudit.USER_CREATE, "USER", "2", "user2", "realm1", "admin", "Failed", "Error");
LocalDateTime now = LocalDateTime.now(); LocalDateTime now = LocalDateTime.now();
LocalDateTime past = now.minusDays(1); LocalDateTime past = now.minusDays(1);
LocalDateTime future = now.plusDays(1); LocalDateTime future = now.plusDays(1);
when(auditLogRepository.count(anyString(), (Object[]) any())).thenReturn(2L);
Map<String, Object> stats = auditService.getAuditStatistics("realm1", past, future); Map<String, Object> stats = auditService.getAuditStatistics("realm1", past, future);
assertNotNull(stats); assertNotNull(stats);
assertTrue(stats.containsKey("total")); assertTrue(stats.containsKey("total"));
assertTrue(stats.containsKey("success"));
assertTrue(stats.containsKey("failure"));
assertTrue(stats.containsKey("byActionType"));
assertTrue(stats.containsKey("byActeur"));
} }
@Test @Test
void testExportToCSV_WithNullValues() { void testExportToCSV_WithNullValues() {
AuditLogDTO auditLog = AuditLogDTO.builder() LocalDateTime now = LocalDateTime.now();
LocalDateTime past = now.minusDays(1);
LocalDateTime future = now.plusDays(1);
AuditLogDTO dto = AuditLogDTO.builder()
.typeAction(TypeActionAudit.USER_CREATE) .typeAction(TypeActionAudit.USER_CREATE)
.acteurUsername("admin") .acteurUsername("admin")
.ressourceType("USER") .ressourceType("USER")
.ressourceId("1") .ressourceId("1")
.success(true) .success(true)
.ipAddress(null)
.description(null)
.errorMessage(null)
.build(); .build();
auditService.logAction(auditLog); when(auditLogRepository.search(eq("realm1"), any(), any(), any(), any(), any(), anyInt(), anyInt()))
.thenReturn(List.of(new AuditLogEntity()));
LocalDateTime now = LocalDateTime.now(); when(auditLogMapper.toDTOList(anyList())).thenReturn(List.of(dto));
LocalDateTime past = now.minusDays(1);
LocalDateTime future = now.plusDays(1);
String csv = auditService.exportToCSV("realm1", past, future); String csv = auditService.exportToCSV("realm1", past, future);
@@ -254,48 +292,52 @@ class AuditServiceImplCompleteTest {
@Test @Test
void testExportToCSV_WithQuotesInDescription() { void testExportToCSV_WithQuotesInDescription() {
AuditLogDTO auditLog = AuditLogDTO.builder() LocalDateTime now = LocalDateTime.now();
LocalDateTime past = now.minusDays(1);
LocalDateTime future = now.plusDays(1);
AuditLogDTO dto = AuditLogDTO.builder()
.typeAction(TypeActionAudit.USER_CREATE) .typeAction(TypeActionAudit.USER_CREATE)
.acteurUsername("admin") .acteurUsername("admin")
.ressourceType("USER") .ressourceType("USER")
.ressourceId("1") .ressourceId("1")
.success(true) .success(true)
.description("Test \"quoted\" description")
.errorMessage("Error \"message\"") .errorMessage("Error \"message\"")
.build(); .build();
auditService.logAction(auditLog); when(auditLogRepository.search(eq("realm1"), any(), any(), any(), any(), any(), anyInt(), anyInt()))
.thenReturn(List.of(new AuditLogEntity()));
LocalDateTime now = LocalDateTime.now(); when(auditLogMapper.toDTOList(anyList())).thenReturn(List.of(dto));
LocalDateTime past = now.minusDays(1);
LocalDateTime future = now.plusDays(1);
String csv = auditService.exportToCSV("realm1", past, future); String csv = auditService.exportToCSV("realm1", past, future);
assertNotNull(csv); assertNotNull(csv);
// Les guillemets devraient être échappés
assertTrue(csv.contains("\"\"")); assertTrue(csv.contains("\"\""));
} }
@Test @Test
void testClearAll() { void testClearAll() {
auditService.logSuccess(TypeActionAudit.USER_CREATE, "USER", "1", "user1", "realm1", "admin", "Created"); when(auditLogRepository.count()).thenReturn(1L).thenReturn(0L);
assertEquals(1, auditService.getTotalCount()); assertEquals(1, auditService.getTotalCount());
auditService.clearAll(); auditService.clearAll();
assertEquals(0, auditService.getTotalCount()); assertEquals(0, auditService.getTotalCount());
} }
@Test @Test
void testFindByTypeAction() { void testFindByTypeAction() {
auditService.logSuccess(TypeActionAudit.USER_CREATE, "USER", "1", "user1", "realm1", "admin", "Created");
auditService.logSuccess(TypeActionAudit.USER_UPDATE, "USER", "2", "user2", "realm1", "admin", "Updated");
LocalDateTime now = LocalDateTime.now(); LocalDateTime now = LocalDateTime.now();
LocalDateTime past = now.minusDays(1); LocalDateTime past = now.minusDays(1);
LocalDateTime future = now.plusDays(1); LocalDateTime future = now.plusDays(1);
AuditLogDTO dto = AuditLogDTO.builder()
.typeAction(TypeActionAudit.USER_CREATE)
.build();
when(auditLogRepository.search(eq("realm1"), any(), any(), any(), eq(TypeActionAudit.USER_CREATE.name()), any(), anyInt(), anyInt()))
.thenReturn(List.of(new AuditLogEntity()));
when(auditLogMapper.toDTOList(anyList())).thenReturn(List.of(dto));
List<AuditLogDTO> logs = auditService.findByTypeAction(TypeActionAudit.USER_CREATE, "realm1", past, future, 0, 10); List<AuditLogDTO> logs = auditService.findByTypeAction(TypeActionAudit.USER_CREATE, "realm1", past, future, 0, 10);
assertNotNull(logs); assertNotNull(logs);
@@ -305,18 +347,19 @@ class AuditServiceImplCompleteTest {
@Test @Test
void testSearchLogs_WithNullSuccess() { void testSearchLogs_WithNullSuccess() {
auditService.logSuccess(TypeActionAudit.USER_CREATE, "USER", "1", "user1", "realm1", "admin", "Created");
auditService.logFailure(TypeActionAudit.USER_CREATE, "USER", "2", "user2", "realm1", "admin", "Failed", "Error");
LocalDateTime now = LocalDateTime.now(); LocalDateTime now = LocalDateTime.now();
LocalDateTime past = now.minusDays(1); LocalDateTime past = now.minusDays(1);
LocalDateTime future = now.plusDays(1); LocalDateTime future = now.plusDays(1);
// findByRealm ne filtre pas par success, donc success = null AuditLogDTO dto1 = AuditLogDTO.builder().typeAction(TypeActionAudit.USER_CREATE).success(true).build();
AuditLogDTO dto2 = AuditLogDTO.builder().typeAction(TypeActionAudit.USER_CREATE).success(false).build();
when(auditLogRepository.search(eq("realm1"), any(), any(), any(), any(), any(), anyInt(), anyInt()))
.thenReturn(List.of(new AuditLogEntity(), new AuditLogEntity()));
when(auditLogMapper.toDTOList(anyList())).thenReturn(List.of(dto1, dto2));
List<AuditLogDTO> logs = auditService.findByRealm("realm1", past, future, 0, 10); List<AuditLogDTO> logs = auditService.findByRealm("realm1", past, future, 0, 10);
assertNotNull(logs); assertNotNull(logs);
assertTrue(logs.size() >= 2); assertTrue(logs.size() >= 2);
} }
} }

236
src/test/java/dev/lions/user/manager/service/impl/AuditServiceImplTest.java
View File

@@ -1,118 +1,118 @@
package dev.lions.user.manager.service.impl; package dev.lions.user.manager.service.impl;
import dev.lions.user.manager.dto.audit.AuditLogDTO; import dev.lions.user.manager.dto.audit.AuditLogDTO;
import dev.lions.user.manager.enums.audit.TypeActionAudit; import dev.lions.user.manager.enums.audit.TypeActionAudit;
import dev.lions.user.manager.server.impl.entity.AuditLogEntity; import dev.lions.user.manager.server.impl.entity.AuditLogEntity;
import dev.lions.user.manager.server.impl.mapper.AuditLogMapper; import dev.lions.user.manager.server.impl.mapper.AuditLogMapper;
import dev.lions.user.manager.server.impl.repository.AuditLogRepository; import dev.lions.user.manager.server.impl.repository.AuditLogRepository;
import io.quarkus.hibernate.orm.panache.PanacheQuery; import io.quarkus.hibernate.orm.panache.PanacheQuery;
import org.junit.jupiter.api.BeforeEach; import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test; import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.extension.ExtendWith; import org.junit.jupiter.api.extension.ExtendWith;
import org.mockito.InjectMocks; import org.mockito.InjectMocks;
import org.mockito.Mock; import org.mockito.Mock;
import org.mockito.junit.jupiter.MockitoExtension; import org.mockito.junit.jupiter.MockitoExtension;
import org.mockito.junit.jupiter.MockitoSettings; import org.mockito.junit.jupiter.MockitoSettings;
import org.mockito.quality.Strictness; import org.mockito.quality.Strictness;
import java.time.LocalDateTime; import java.time.LocalDateTime;
import java.util.Collections; import java.util.Collections;
import java.util.List; import java.util.List;
import static org.junit.jupiter.api.Assertions.*; import static org.junit.jupiter.api.Assertions.*;
import static org.mockito.ArgumentMatchers.any; import static org.mockito.ArgumentMatchers.any;
import static org.mockito.Mockito.*; import static org.mockito.Mockito.*;
@ExtendWith(MockitoExtension.class) @ExtendWith(MockitoExtension.class)
@MockitoSettings(strictness = Strictness.LENIENT) @MockitoSettings(strictness = Strictness.LENIENT)
class AuditServiceImplTest { class AuditServiceImplTest {
@Mock @Mock
AuditLogRepository auditLogRepository; AuditLogRepository auditLogRepository;
@Mock @Mock
AuditLogMapper auditLogMapper; AuditLogMapper auditLogMapper;
@InjectMocks @InjectMocks
AuditServiceImpl auditService; AuditServiceImpl auditService;
@BeforeEach @BeforeEach
void setUp() { void setUp() {
auditService.auditEnabled = true; auditService.auditEnabled = true;
auditService.logToDatabase = true; auditService.logToDatabase = true;
} }
@Test @Test
void testLogAction() { void testLogAction() {
AuditLogDTO log = new AuditLogDTO(); AuditLogDTO log = new AuditLogDTO();
log.setTypeAction(TypeActionAudit.USER_CREATE); log.setTypeAction(TypeActionAudit.USER_CREATE);
log.setActeurUsername("admin"); log.setActeurUsername("admin");
when(auditLogMapper.toEntity(any(AuditLogDTO.class))).thenReturn(new AuditLogEntity()); when(auditLogMapper.toEntity(any(AuditLogDTO.class))).thenReturn(new AuditLogEntity());
auditService.logAction(log); auditService.logAction(log);
verify(auditLogRepository).persist(any(AuditLogEntity.class)); verify(auditLogRepository).persist(any(AuditLogEntity.class));
} }
@Test @Test
void testLogDisabled() { void testLogDisabled() {
auditService.auditEnabled = false; auditService.auditEnabled = false;
AuditLogDTO log = new AuditLogDTO(); AuditLogDTO log = new AuditLogDTO();
auditService.logAction(log); auditService.logAction(log);
verify(auditLogRepository, never()).persist(any(AuditLogEntity.class)); verify(auditLogRepository, never()).persist(any(AuditLogEntity.class));
} }
@Test @Test
void testLogSuccess() { void testLogSuccess() {
when(auditLogMapper.toEntity(any(AuditLogDTO.class))).thenReturn(new AuditLogEntity()); when(auditLogMapper.toEntity(any(AuditLogDTO.class))).thenReturn(new AuditLogEntity());
auditService.logSuccess(TypeActionAudit.USER_CREATE, "USER", "1", "user", "realm", "admin", "desc"); auditService.logSuccess(TypeActionAudit.USER_CREATE, "USER", "1", "user", "realm", "admin", "desc");
verify(auditLogRepository).persist(any(AuditLogEntity.class)); verify(auditLogRepository).persist(any(AuditLogEntity.class));
} }
@Test @Test
void testLogFailure() { void testLogFailure() {
when(auditLogMapper.toEntity(any(AuditLogDTO.class))).thenReturn(new AuditLogEntity()); when(auditLogMapper.toEntity(any(AuditLogDTO.class))).thenReturn(new AuditLogEntity());
auditService.logFailure(TypeActionAudit.USER_CREATE, "USER", "1", "user", "realm", "admin", "ERR", "Error"); auditService.logFailure(TypeActionAudit.USER_CREATE, "USER", "1", "user", "realm", "admin", "ERR", "Error");
verify(auditLogRepository).persist(any(AuditLogEntity.class)); verify(auditLogRepository).persist(any(AuditLogEntity.class));
// Test findFailures mock logic // Test findFailures mock logic
when(auditLogRepository.search(anyString(), any(), any(), any(), any(), eq(false), anyInt(), anyInt())) when(auditLogRepository.search(anyString(), any(), any(), any(), any(), eq(false), anyInt(), anyInt()))
.thenReturn(Collections.singletonList(new AuditLogEntity())); .thenReturn(Collections.singletonList(new AuditLogEntity()));
when(auditLogMapper.toDTOList(anyList())).thenReturn(Collections.singletonList(new AuditLogDTO())); when(auditLogMapper.toDTOList(anyList())).thenReturn(Collections.singletonList(new AuditLogDTO()));
List<AuditLogDTO> failures = auditService.findFailures("realm", null, null, 0, 10); List<AuditLogDTO> failures = auditService.findFailures("realm", null, null, 0, 10);
assertEquals(1, failures.size()); assertEquals(1, failures.size());
} }
@Test @Test
void testSearchLogs() { void testSearchLogs() {
// Mocking repo results // Mocking repo results
when(auditLogRepository.search(any(), anyString(), any(), any(), any(), any(), anyInt(), anyInt())) when(auditLogRepository.search(any(), anyString(), any(), any(), any(), any(), anyInt(), anyInt()))
.thenReturn(Collections.singletonList(new AuditLogEntity())); .thenReturn(Collections.singletonList(new AuditLogEntity()));
when(auditLogMapper.toDTOList(anyList())).thenReturn(Collections.singletonList(new AuditLogDTO())); when(auditLogMapper.toDTOList(anyList())).thenReturn(Collections.singletonList(new AuditLogDTO()));
List<AuditLogDTO> byActeur = auditService.findByActeur("admin1", null, null, 0, 10); List<AuditLogDTO> byActeur = auditService.findByActeur("admin1", null, null, 0, 10);
assertNotNull(byActeur); assertNotNull(byActeur);
assertFalse(byActeur.isEmpty()); assertFalse(byActeur.isEmpty());
when(auditLogRepository.search(anyString(), any(), any(), any(), anyString(), any(), anyInt(), anyInt())) when(auditLogRepository.search(anyString(), any(), any(), any(), anyString(), any(), anyInt(), anyInt()))
.thenReturn(Collections.singletonList(new AuditLogEntity())); .thenReturn(Collections.singletonList(new AuditLogEntity()));
List<AuditLogDTO> byType = auditService.findByTypeAction(TypeActionAudit.ROLE_CREATE, "realm", null, null, 0, List<AuditLogDTO> byType = auditService.findByTypeAction(TypeActionAudit.ROLE_CREATE, "realm", null, null, 0,
10); 10);
assertNotNull(byType); assertNotNull(byType);
} }
@Test @Test
void testClearAll() { void testClearAll() {
auditService.clearAll(); auditService.clearAll();
verify(auditLogRepository).deleteAll(); verify(auditLogRepository).deleteAll();
} }
} }

252
src/test/java/dev/lions/user/manager/service/impl/CsvValidationHelperTest.java Normal file
View File

@@ -0,0 +1,252 @@
package dev.lions.user.manager.service.impl;
import org.junit.jupiter.api.Test;
import static org.junit.jupiter.api.Assertions.*;
class CsvValidationHelperTest {
// isValidEmail tests
@Test
void testIsValidEmail_Null() {
assertFalse(CsvValidationHelper.isValidEmail(null));
}
@Test
void testIsValidEmail_Blank() {
assertFalse(CsvValidationHelper.isValidEmail(" "));
}
@Test
void testIsValidEmail_Valid() {
assertTrue(CsvValidationHelper.isValidEmail("user@example.com"));
}
@Test
void testIsValidEmail_ValidWithSubdomain() {
assertTrue(CsvValidationHelper.isValidEmail("user@mail.example.com"));
}
@Test
void testIsValidEmail_Invalid_NoAt() {
assertFalse(CsvValidationHelper.isValidEmail("userexample.com"));
}
@Test
void testIsValidEmail_Invalid_NoDomain() {
assertFalse(CsvValidationHelper.isValidEmail("user@"));
}
@Test
void testIsValidEmail_WithPlusSign() {
assertTrue(CsvValidationHelper.isValidEmail("user+tag@example.com"));
}
// validateUsername tests
@Test
void testValidateUsername_Null() {
assertEquals("Username obligatoire", CsvValidationHelper.validateUsername(null));
}
@Test
void testValidateUsername_Blank() {
assertEquals("Username obligatoire", CsvValidationHelper.validateUsername(" "));
}
@Test
void testValidateUsername_TooShort() {
String result = CsvValidationHelper.validateUsername("a");
assertNotNull(result);
assertTrue(result.contains("trop court"));
}
@Test
void testValidateUsername_TooLong() {
String longName = "a".repeat(256);
String result = CsvValidationHelper.validateUsername(longName);
assertNotNull(result);
assertTrue(result.contains("trop long"));
}
@Test
void testValidateUsername_InvalidChars() {
String result = CsvValidationHelper.validateUsername("user@name!");
assertNotNull(result);
assertTrue(result.contains("invalide"));
}
@Test
void testValidateUsername_Valid() {
assertNull(CsvValidationHelper.validateUsername("valid.user-name_123"));
}
@Test
void testValidateUsername_Valid_Minimal() {
assertNull(CsvValidationHelper.validateUsername("ab"));
}
// validateEmail tests
@Test
void testValidateEmail_Null() {
assertNull(CsvValidationHelper.validateEmail(null));
}
@Test
void testValidateEmail_Blank() {
assertNull(CsvValidationHelper.validateEmail(" "));
}
@Test
void testValidateEmail_Invalid() {
String result = CsvValidationHelper.validateEmail("not-an-email");
assertNotNull(result);
assertTrue(result.contains("invalide"));
}
@Test
void testValidateEmail_Valid() {
assertNull(CsvValidationHelper.validateEmail("valid@example.com"));
}
// validateName tests
@Test
void testValidateName_Null() {
assertNull(CsvValidationHelper.validateName(null, "lastName"));
}
@Test
void testValidateName_Blank() {
assertNull(CsvValidationHelper.validateName(" ", "firstName"));
}
@Test
void testValidateName_TooLong() {
String longName = "a".repeat(256);
String result = CsvValidationHelper.validateName(longName, "firstName");
assertNotNull(result);
assertTrue(result.contains("trop long"));
assertTrue(result.contains("firstName"));
}
@Test
void testValidateName_Valid() {
assertNull(CsvValidationHelper.validateName("Jean-Pierre", "firstName"));
}
// validateBoolean tests
@Test
void testValidateBoolean_Null() {
assertNull(CsvValidationHelper.validateBoolean(null));
}
@Test
void testValidateBoolean_Blank() {
assertNull(CsvValidationHelper.validateBoolean(" "));
}
@Test
void testValidateBoolean_True() {
assertNull(CsvValidationHelper.validateBoolean("true"));
}
@Test
void testValidateBoolean_False() {
assertNull(CsvValidationHelper.validateBoolean("false"));
}
@Test
void testValidateBoolean_One() {
assertNull(CsvValidationHelper.validateBoolean("1"));
}
@Test
void testValidateBoolean_Zero() {
assertNull(CsvValidationHelper.validateBoolean("0"));
}
@Test
void testValidateBoolean_Yes() {
assertNull(CsvValidationHelper.validateBoolean("yes"));
}
@Test
void testValidateBoolean_No() {
assertNull(CsvValidationHelper.validateBoolean("no"));
}
@Test
void testValidateBoolean_Invalid() {
String result = CsvValidationHelper.validateBoolean("maybe");
assertNotNull(result);
assertTrue(result.contains("invalide"));
}
@Test
void testValidateBoolean_UpperCase() {
assertNull(CsvValidationHelper.validateBoolean("TRUE"));
}
// parseBoolean tests
@Test
void testParseBoolean_Null() {
assertFalse(CsvValidationHelper.parseBoolean(null));
}
@Test
void testParseBoolean_Blank() {
assertFalse(CsvValidationHelper.parseBoolean(" "));
}
@Test
void testParseBoolean_True() {
assertTrue(CsvValidationHelper.parseBoolean("true"));
}
@Test
void testParseBoolean_One() {
assertTrue(CsvValidationHelper.parseBoolean("1"));
}
@Test
void testParseBoolean_Yes() {
assertTrue(CsvValidationHelper.parseBoolean("yes"));
}
@Test
void testParseBoolean_False() {
assertFalse(CsvValidationHelper.parseBoolean("false"));
}
@Test
void testParseBoolean_UpperCaseTrue() {
assertTrue(CsvValidationHelper.parseBoolean("TRUE"));
}
// clean tests
@Test
void testClean_Null() {
assertNull(CsvValidationHelper.clean(null));
}
@Test
void testClean_Blank() {
assertNull(CsvValidationHelper.clean(" "));
}
@Test
void testClean_WithSpaces() {
assertEquals("hello", CsvValidationHelper.clean(" hello "));
}
@Test
void testClean_Normal() {
assertEquals("value", CsvValidationHelper.clean("value"));
}
}

131
src/test/java/dev/lions/user/manager/service/impl/RealmAuthorizationServiceImplAdditionalTest.java Normal file
View File

@@ -0,0 +1,131 @@
package dev.lions.user.manager.service.impl;
import dev.lions.user.manager.dto.realm.RealmAssignmentDTO;
import dev.lions.user.manager.enums.audit.TypeActionAudit;
import dev.lions.user.manager.service.AuditService;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.extension.ExtendWith;
import org.mockito.InjectMocks;
import org.mockito.Mock;
import org.mockito.junit.jupiter.MockitoExtension;
import org.mockito.junit.jupiter.MockitoSettings;
import org.mockito.quality.Strictness;
import java.time.LocalDateTime;
import static org.junit.jupiter.api.Assertions.*;
import static org.mockito.ArgumentMatchers.*;
import static org.mockito.Mockito.*;
/**
* Tests supplémentaires pour RealmAuthorizationServiceImpl.
* Couvre les lignes non couvertes :
* L138 (génération d'ID quand null), L232-240 (revokeAllUsersFromRealm), L300 (activateAssignment non trouvée).
*/
@ExtendWith(MockitoExtension.class)
@MockitoSettings(strictness = Strictness.LENIENT)
class RealmAuthorizationServiceImplAdditionalTest {
@Mock
private AuditService auditService;
@InjectMocks
private RealmAuthorizationServiceImpl realmAuthorizationService;
@BeforeEach
void setUp() {
doNothing().when(auditService).logSuccess(
any(TypeActionAudit.class),
anyString(), anyString(), anyString(), anyString(), anyString(), anyString()
);
}
/**
* Couvre L138 : quand assignment.getId() == null, un UUID est généré.
*/
@Test
void testAssignRealmToUser_NullId_GeneratesUUID() {
RealmAssignmentDTO assignment = RealmAssignmentDTO.builder()
.id(null) // ID null → L138 sera couvert
.userId("user-null-id")
.username("nulluser")
.email("null@example.com")
.realmName("realm-null")
.isSuperAdmin(false)
.active(true)
.assignedAt(LocalDateTime.now())
.assignedBy("admin")
.build();
RealmAssignmentDTO result = realmAuthorizationService.assignRealmToUser(assignment);
assertNotNull(result);
assertNotNull(result.getId()); // L138 : UUID généré
assertTrue(result.isActive());
}
/**
* Couvre L232-240 : revokeAllUsersFromRealm — révoque tous les utilisateurs d'un realm.
*/
@Test
void testRevokeAllUsersFromRealm_WithUsers() {
// Créer des assignations
RealmAssignmentDTO assignment1 = RealmAssignmentDTO.builder()
.id("ra-a1")
.userId("user-a")
.username("usera")
.email("a@example.com")
.realmName("realm-multi")
.isSuperAdmin(false)
.active(true)
.assignedAt(LocalDateTime.now())
.assignedBy("admin")
.build();
RealmAssignmentDTO assignment2 = RealmAssignmentDTO.builder()
.id("ra-b1")
.userId("user-b")
.username("userb")
.email("b@example.com")
.realmName("realm-multi")
.isSuperAdmin(false)
.active(true)
.assignedAt(LocalDateTime.now())
.assignedBy("admin")
.build();
realmAuthorizationService.assignRealmToUser(assignment1);
realmAuthorizationService.assignRealmToUser(assignment2);
// Vérifie que les utilisateurs sont bien assignés
assertEquals(2, realmAuthorizationService.getAssignmentsByRealm("realm-multi").size());
// Couvre L232-240
realmAuthorizationService.revokeAllUsersFromRealm("realm-multi");
// Après révocation, plus d'assignations pour ce realm
assertTrue(realmAuthorizationService.getAssignmentsByRealm("realm-multi").isEmpty());
}
/**
* Couvre L300 : activateAssignment quand l'assignation n'existe pas.
*/
@Test
void testActivateAssignment_NotFound_ThrowsIllegalArgumentException() {
assertThrows(IllegalArgumentException.class, () ->
realmAuthorizationService.activateAssignment("non-existent-assignment-id")
);
}
/**
* Couvre revokeAllUsersFromRealm quand le realm n'a pas d'utilisateurs.
*/
@Test
void testRevokeAllUsersFromRealm_Empty() {
// Ne doit pas lancer d'exception
assertDoesNotThrow(() ->
realmAuthorizationService.revokeAllUsersFromRealm("realm-vide")
);
}
}

560
src/test/java/dev/lions/user/manager/service/impl/RealmAuthorizationServiceImplTest.java
View File

@@ -1,280 +1,280 @@
package dev.lions.user.manager.service.impl; package dev.lions.user.manager.service.impl;
import dev.lions.user.manager.dto.realm.RealmAssignmentDTO; import dev.lions.user.manager.dto.realm.RealmAssignmentDTO;
import dev.lions.user.manager.enums.audit.TypeActionAudit; import dev.lions.user.manager.enums.audit.TypeActionAudit;
import dev.lions.user.manager.service.AuditService; import dev.lions.user.manager.service.AuditService;
import org.junit.jupiter.api.BeforeEach; import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test; import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.extension.ExtendWith; import org.junit.jupiter.api.extension.ExtendWith;
import org.mockito.InjectMocks; import org.mockito.InjectMocks;
import org.mockito.Mock; import org.mockito.Mock;
import org.mockito.junit.jupiter.MockitoExtension; import org.mockito.junit.jupiter.MockitoExtension;
import java.time.LocalDateTime; import java.time.LocalDateTime;
import java.util.List; import java.util.List;
import java.util.Optional; import java.util.Optional;
import static org.junit.jupiter.api.Assertions.*; import static org.junit.jupiter.api.Assertions.*;
import static org.mockito.ArgumentMatchers.*; import static org.mockito.ArgumentMatchers.*;
import static org.mockito.Mockito.*; import static org.mockito.Mockito.*;
/** /**
* Tests unitaires pour RealmAuthorizationServiceImpl * Tests unitaires pour RealmAuthorizationServiceImpl
*/ */
@ExtendWith(MockitoExtension.class) @ExtendWith(MockitoExtension.class)
class RealmAuthorizationServiceImplTest { class RealmAuthorizationServiceImplTest {
@Mock @Mock
private AuditService auditService; private AuditService auditService;
@InjectMocks @InjectMocks
private RealmAuthorizationServiceImpl realmAuthorizationService; private RealmAuthorizationServiceImpl realmAuthorizationService;
private RealmAssignmentDTO assignment; private RealmAssignmentDTO assignment;
@BeforeEach @BeforeEach
void setUp() { void setUp() {
assignment = RealmAssignmentDTO.builder() assignment = RealmAssignmentDTO.builder()
.id("assignment-1") .id("assignment-1")
.userId("user-1") .userId("user-1")
.username("testuser") .username("testuser")
.email("test@example.com") .email("test@example.com")
.realmName("realm1") .realmName("realm1")
.isSuperAdmin(false) .isSuperAdmin(false)
.active(true) .active(true)
.assignedAt(LocalDateTime.now()) .assignedAt(LocalDateTime.now())
.assignedBy("admin") .assignedBy("admin")
.build(); .build();
} }
@Test @Test
void testGetAllAssignments_Empty() { void testGetAllAssignments_Empty() {
List<RealmAssignmentDTO> assignments = realmAuthorizationService.getAllAssignments(); List<RealmAssignmentDTO> assignments = realmAuthorizationService.getAllAssignments();
assertTrue(assignments.isEmpty()); assertTrue(assignments.isEmpty());
} }
@Test @Test
void testGetAllAssignments_WithAssignments() { void testGetAllAssignments_WithAssignments() {
realmAuthorizationService.assignRealmToUser(assignment); realmAuthorizationService.assignRealmToUser(assignment);
List<RealmAssignmentDTO> assignments = realmAuthorizationService.getAllAssignments(); List<RealmAssignmentDTO> assignments = realmAuthorizationService.getAllAssignments();
assertEquals(1, assignments.size()); assertEquals(1, assignments.size());
assertEquals("assignment-1", assignments.get(0).getId()); assertEquals("assignment-1", assignments.get(0).getId());
} }
@Test @Test
void testGetAssignmentsByUser_Success() { void testGetAssignmentsByUser_Success() {
realmAuthorizationService.assignRealmToUser(assignment); realmAuthorizationService.assignRealmToUser(assignment);
List<RealmAssignmentDTO> assignments = realmAuthorizationService.getAssignmentsByUser("user-1"); List<RealmAssignmentDTO> assignments = realmAuthorizationService.getAssignmentsByUser("user-1");
assertEquals(1, assignments.size()); assertEquals(1, assignments.size());
} }
@Test @Test
void testGetAssignmentsByUser_Empty() { void testGetAssignmentsByUser_Empty() {
List<RealmAssignmentDTO> assignments = realmAuthorizationService.getAssignmentsByUser("user-1"); List<RealmAssignmentDTO> assignments = realmAuthorizationService.getAssignmentsByUser("user-1");
assertTrue(assignments.isEmpty()); assertTrue(assignments.isEmpty());
} }
@Test @Test
void testGetAssignmentsByRealm_Success() { void testGetAssignmentsByRealm_Success() {
realmAuthorizationService.assignRealmToUser(assignment); realmAuthorizationService.assignRealmToUser(assignment);
List<RealmAssignmentDTO> assignments = realmAuthorizationService.getAssignmentsByRealm("realm1"); List<RealmAssignmentDTO> assignments = realmAuthorizationService.getAssignmentsByRealm("realm1");
assertEquals(1, assignments.size()); assertEquals(1, assignments.size());
} }
@Test @Test
void testGetAssignmentById_Success() { void testGetAssignmentById_Success() {
realmAuthorizationService.assignRealmToUser(assignment); realmAuthorizationService.assignRealmToUser(assignment);
Optional<RealmAssignmentDTO> found = realmAuthorizationService.getAssignmentById("assignment-1"); Optional<RealmAssignmentDTO> found = realmAuthorizationService.getAssignmentById("assignment-1");
assertTrue(found.isPresent()); assertTrue(found.isPresent());
assertEquals("assignment-1", found.get().getId()); assertEquals("assignment-1", found.get().getId());
} }
@Test @Test
void testGetAssignmentById_NotFound() { void testGetAssignmentById_NotFound() {
Optional<RealmAssignmentDTO> found = realmAuthorizationService.getAssignmentById("non-existent"); Optional<RealmAssignmentDTO> found = realmAuthorizationService.getAssignmentById("non-existent");
assertFalse(found.isPresent()); assertFalse(found.isPresent());
} }
@Test @Test
void testCanManageRealm_SuperAdmin() { void testCanManageRealm_SuperAdmin() {
realmAuthorizationService.setSuperAdmin("user-1", true); realmAuthorizationService.setSuperAdmin("user-1", true);
assertTrue(realmAuthorizationService.canManageRealm("user-1", "any-realm")); assertTrue(realmAuthorizationService.canManageRealm("user-1", "any-realm"));
} }
@Test @Test
void testCanManageRealm_WithAssignment() { void testCanManageRealm_WithAssignment() {
realmAuthorizationService.assignRealmToUser(assignment); realmAuthorizationService.assignRealmToUser(assignment);
assertTrue(realmAuthorizationService.canManageRealm("user-1", "realm1")); assertTrue(realmAuthorizationService.canManageRealm("user-1", "realm1"));
} }
@Test @Test
void testCanManageRealm_NoAccess() { void testCanManageRealm_NoAccess() {
assertFalse(realmAuthorizationService.canManageRealm("user-1", "realm1")); assertFalse(realmAuthorizationService.canManageRealm("user-1", "realm1"));
} }
@Test @Test
void testIsSuperAdmin_True() { void testIsSuperAdmin_True() {
realmAuthorizationService.setSuperAdmin("user-1", true); realmAuthorizationService.setSuperAdmin("user-1", true);
assertTrue(realmAuthorizationService.isSuperAdmin("user-1")); assertTrue(realmAuthorizationService.isSuperAdmin("user-1"));
} }
@Test @Test
void testIsSuperAdmin_False() { void testIsSuperAdmin_False() {
assertFalse(realmAuthorizationService.isSuperAdmin("user-1")); assertFalse(realmAuthorizationService.isSuperAdmin("user-1"));
} }
@Test @Test
void testGetAuthorizedRealms_SuperAdmin() { void testGetAuthorizedRealms_SuperAdmin() {
realmAuthorizationService.setSuperAdmin("user-1", true); realmAuthorizationService.setSuperAdmin("user-1", true);
List<String> realms = realmAuthorizationService.getAuthorizedRealms("user-1"); List<String> realms = realmAuthorizationService.getAuthorizedRealms("user-1");
assertTrue(realms.isEmpty()); // Super admin retourne liste vide assertTrue(realms.isEmpty()); // Super admin retourne liste vide
} }
@Test @Test
void testGetAuthorizedRealms_WithAssignments() { void testGetAuthorizedRealms_WithAssignments() {
realmAuthorizationService.assignRealmToUser(assignment); realmAuthorizationService.assignRealmToUser(assignment);
List<String> realms = realmAuthorizationService.getAuthorizedRealms("user-1"); List<String> realms = realmAuthorizationService.getAuthorizedRealms("user-1");
assertEquals(1, realms.size()); assertEquals(1, realms.size());
assertEquals("realm1", realms.get(0)); assertEquals("realm1", realms.get(0));
} }
@Test @Test
void testAssignRealmToUser_Success() { void testAssignRealmToUser_Success() {
doNothing().when(auditService).logSuccess( doNothing().when(auditService).logSuccess(
any(TypeActionAudit.class), any(TypeActionAudit.class),
anyString(), anyString(),
anyString(), anyString(),
anyString(), anyString(),
anyString(), anyString(),
anyString(), anyString(),
anyString() anyString()
); );
RealmAssignmentDTO result = realmAuthorizationService.assignRealmToUser(assignment); RealmAssignmentDTO result = realmAuthorizationService.assignRealmToUser(assignment);
assertNotNull(result); assertNotNull(result);
assertNotNull(result.getId()); assertNotNull(result.getId());
assertTrue(result.isActive()); assertTrue(result.isActive());
assertNotNull(result.getAssignedAt()); assertNotNull(result.getAssignedAt());
} }
@Test @Test
void testAssignRealmToUser_NoUserId() { void testAssignRealmToUser_NoUserId() {
assignment.setUserId(null); assignment.setUserId(null);
assertThrows(IllegalArgumentException.class, () -> { assertThrows(IllegalArgumentException.class, () -> {
realmAuthorizationService.assignRealmToUser(assignment); realmAuthorizationService.assignRealmToUser(assignment);
}); });
} }
@Test @Test
void testAssignRealmToUser_NoRealmName() { void testAssignRealmToUser_NoRealmName() {
assignment.setRealmName(null); assignment.setRealmName(null);
assertThrows(IllegalArgumentException.class, () -> { assertThrows(IllegalArgumentException.class, () -> {
realmAuthorizationService.assignRealmToUser(assignment); realmAuthorizationService.assignRealmToUser(assignment);
}); });
} }
@Test @Test
void testAssignRealmToUser_Duplicate() { void testAssignRealmToUser_Duplicate() {
doNothing().when(auditService).logSuccess(any(), anyString(), anyString(), anyString(), anyString(), anyString(), anyString()); doNothing().when(auditService).logSuccess(any(), anyString(), anyString(), anyString(), anyString(), anyString(), anyString());
realmAuthorizationService.assignRealmToUser(assignment); realmAuthorizationService.assignRealmToUser(assignment);
assertThrows(IllegalArgumentException.class, () -> { assertThrows(IllegalArgumentException.class, () -> {
realmAuthorizationService.assignRealmToUser(assignment); realmAuthorizationService.assignRealmToUser(assignment);
}); });
} }
@Test @Test
void testRevokeRealmFromUser_Success() { void testRevokeRealmFromUser_Success() {
doNothing().when(auditService).logSuccess(any(), anyString(), anyString(), anyString(), anyString(), anyString(), anyString()); doNothing().when(auditService).logSuccess(any(), anyString(), anyString(), anyString(), anyString(), anyString(), anyString());
realmAuthorizationService.assignRealmToUser(assignment); realmAuthorizationService.assignRealmToUser(assignment);
realmAuthorizationService.revokeRealmFromUser("user-1", "realm1"); realmAuthorizationService.revokeRealmFromUser("user-1", "realm1");
assertFalse(realmAuthorizationService.canManageRealm("user-1", "realm1")); assertFalse(realmAuthorizationService.canManageRealm("user-1", "realm1"));
} }
@Test @Test
void testRevokeRealmFromUser_NotExists() { void testRevokeRealmFromUser_NotExists() {
// Ne doit pas lever d'exception si l'assignation n'existe pas // Ne doit pas lever d'exception si l'assignation n'existe pas
assertDoesNotThrow(() -> { assertDoesNotThrow(() -> {
realmAuthorizationService.revokeRealmFromUser("user-1", "realm1"); realmAuthorizationService.revokeRealmFromUser("user-1", "realm1");
}); });
} }
@Test @Test
void testRevokeAllRealmsFromUser() { void testRevokeAllRealmsFromUser() {
doNothing().when(auditService).logSuccess(any(), anyString(), anyString(), anyString(), anyString(), anyString(), anyString()); doNothing().when(auditService).logSuccess(any(), anyString(), anyString(), anyString(), anyString(), anyString(), anyString());
realmAuthorizationService.assignRealmToUser(assignment); realmAuthorizationService.assignRealmToUser(assignment);
realmAuthorizationService.revokeAllRealmsFromUser("user-1"); realmAuthorizationService.revokeAllRealmsFromUser("user-1");
assertTrue(realmAuthorizationService.getAssignmentsByUser("user-1").isEmpty()); assertTrue(realmAuthorizationService.getAssignmentsByUser("user-1").isEmpty());
} }
@Test @Test
void testSetSuperAdmin_True() { void testSetSuperAdmin_True() {
doNothing().when(auditService).logSuccess(any(), anyString(), anyString(), anyString(), anyString(), anyString(), anyString()); doNothing().when(auditService).logSuccess(any(), anyString(), anyString(), anyString(), anyString(), anyString(), anyString());
realmAuthorizationService.setSuperAdmin("user-1", true); realmAuthorizationService.setSuperAdmin("user-1", true);
assertTrue(realmAuthorizationService.isSuperAdmin("user-1")); assertTrue(realmAuthorizationService.isSuperAdmin("user-1"));
} }
@Test @Test
void testSetSuperAdmin_False() { void testSetSuperAdmin_False() {
doNothing().when(auditService).logSuccess(any(), anyString(), anyString(), anyString(), anyString(), anyString(), anyString()); doNothing().when(auditService).logSuccess(any(), anyString(), anyString(), anyString(), anyString(), anyString(), anyString());
realmAuthorizationService.setSuperAdmin("user-1", true); realmAuthorizationService.setSuperAdmin("user-1", true);
realmAuthorizationService.setSuperAdmin("user-1", false); realmAuthorizationService.setSuperAdmin("user-1", false);
assertFalse(realmAuthorizationService.isSuperAdmin("user-1")); assertFalse(realmAuthorizationService.isSuperAdmin("user-1"));
} }
@Test @Test
void testDeactivateAssignment_Success() { void testDeactivateAssignment_Success() {
doNothing().when(auditService).logSuccess(any(), anyString(), anyString(), anyString(), anyString(), anyString(), anyString()); doNothing().when(auditService).logSuccess(any(), anyString(), anyString(), anyString(), anyString(), anyString(), anyString());
realmAuthorizationService.assignRealmToUser(assignment); realmAuthorizationService.assignRealmToUser(assignment);
realmAuthorizationService.deactivateAssignment(assignment.getId()); realmAuthorizationService.deactivateAssignment(assignment.getId());
Optional<RealmAssignmentDTO> found = realmAuthorizationService.getAssignmentById(assignment.getId()); Optional<RealmAssignmentDTO> found = realmAuthorizationService.getAssignmentById(assignment.getId());
assertTrue(found.isPresent()); assertTrue(found.isPresent());
assertFalse(found.get().isActive()); assertFalse(found.get().isActive());
} }
@Test @Test
void testDeactivateAssignment_NotFound() { void testDeactivateAssignment_NotFound() {
assertThrows(IllegalArgumentException.class, () -> { assertThrows(IllegalArgumentException.class, () -> {
realmAuthorizationService.deactivateAssignment("non-existent"); realmAuthorizationService.deactivateAssignment("non-existent");
}); });
} }
@Test @Test
void testActivateAssignment_Success() { void testActivateAssignment_Success() {
doNothing().when(auditService).logSuccess(any(), anyString(), anyString(), anyString(), anyString(), anyString(), anyString()); doNothing().when(auditService).logSuccess(any(), anyString(), anyString(), anyString(), anyString(), anyString(), anyString());
realmAuthorizationService.assignRealmToUser(assignment); realmAuthorizationService.assignRealmToUser(assignment);
realmAuthorizationService.deactivateAssignment(assignment.getId()); realmAuthorizationService.deactivateAssignment(assignment.getId());
realmAuthorizationService.activateAssignment(assignment.getId()); realmAuthorizationService.activateAssignment(assignment.getId());
Optional<RealmAssignmentDTO> found = realmAuthorizationService.getAssignmentById(assignment.getId()); Optional<RealmAssignmentDTO> found = realmAuthorizationService.getAssignmentById(assignment.getId());
assertTrue(found.isPresent()); assertTrue(found.isPresent());
assertTrue(found.get().isActive()); assertTrue(found.get().isActive());
} }
@Test @Test
void testCountAssignmentsByUser() { void testCountAssignmentsByUser() {
doNothing().when(auditService).logSuccess(any(), anyString(), anyString(), anyString(), anyString(), anyString(), anyString()); doNothing().when(auditService).logSuccess(any(), anyString(), anyString(), anyString(), anyString(), anyString(), anyString());
realmAuthorizationService.assignRealmToUser(assignment); realmAuthorizationService.assignRealmToUser(assignment);
long count = realmAuthorizationService.countAssignmentsByUser("user-1"); long count = realmAuthorizationService.countAssignmentsByUser("user-1");
assertEquals(1, count); assertEquals(1, count);
} }
@Test @Test
void testCountUsersByRealm() { void testCountUsersByRealm() {
doNothing().when(auditService).logSuccess(any(), anyString(), anyString(), anyString(), anyString(), anyString(), anyString()); doNothing().when(auditService).logSuccess(any(), anyString(), anyString(), anyString(), anyString(), anyString(), anyString());
realmAuthorizationService.assignRealmToUser(assignment); realmAuthorizationService.assignRealmToUser(assignment);
long count = realmAuthorizationService.countUsersByRealm("realm1"); long count = realmAuthorizationService.countUsersByRealm("realm1");
assertEquals(1, count); assertEquals(1, count);
} }
@Test @Test
void testAssignmentExists_True() { void testAssignmentExists_True() {
doNothing().when(auditService).logSuccess(any(), anyString(), anyString(), anyString(), anyString(), anyString(), anyString()); doNothing().when(auditService).logSuccess(any(), anyString(), anyString(), anyString(), anyString(), anyString(), anyString());
realmAuthorizationService.assignRealmToUser(assignment); realmAuthorizationService.assignRealmToUser(assignment);
assertTrue(realmAuthorizationService.assignmentExists("user-1", "realm1")); assertTrue(realmAuthorizationService.assignmentExists("user-1", "realm1"));
} }
@Test @Test
void testAssignmentExists_False() { void testAssignmentExists_False() {
assertFalse(realmAuthorizationService.assignmentExists("user-1", "realm1")); assertFalse(realmAuthorizationService.assignmentExists("user-1", "realm1"));
} }
} }

700
src/test/java/dev/lions/user/manager/service/impl/RoleServiceImplCompleteTest.java
View File

@@ -1,350 +1,350 @@
package dev.lions.user.manager.service.impl; package dev.lions.user.manager.service.impl;
import dev.lions.user.manager.client.KeycloakAdminClient; import dev.lions.user.manager.client.KeycloakAdminClient;
import dev.lions.user.manager.dto.role.RoleDTO; import dev.lions.user.manager.dto.role.RoleDTO;
import dev.lions.user.manager.enums.role.TypeRole; import dev.lions.user.manager.enums.role.TypeRole;
import dev.lions.user.manager.mapper.RoleMapper; import dev.lions.user.manager.mapper.RoleMapper;
import org.junit.jupiter.api.Test; import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.extension.ExtendWith; import org.junit.jupiter.api.extension.ExtendWith;
import org.keycloak.admin.client.Keycloak; import org.keycloak.admin.client.Keycloak;
import org.keycloak.admin.client.resource.*; import org.keycloak.admin.client.resource.*;
import org.keycloak.representations.idm.ClientRepresentation; import org.keycloak.representations.idm.ClientRepresentation;
import org.keycloak.representations.idm.RoleRepresentation; import org.keycloak.representations.idm.RoleRepresentation;
import org.mockito.InjectMocks; import org.mockito.InjectMocks;
import org.mockito.Mock; import org.mockito.Mock;
import org.mockito.junit.jupiter.MockitoExtension; import org.mockito.junit.jupiter.MockitoExtension;
import java.util.Collections; import java.util.Collections;
import java.util.List; import java.util.List;
import static org.junit.jupiter.api.Assertions.*; import static org.junit.jupiter.api.Assertions.*;
import static org.mockito.ArgumentMatchers.*; import static org.mockito.ArgumentMatchers.*;
import static org.mockito.Mockito.*; import static org.mockito.Mockito.*;
/** /**
* Tests complets pour RoleServiceImpl pour atteindre 100% de couverture * Tests complets pour RoleServiceImpl pour atteindre 100% de couverture
* Couvre updateRole, deleteRole pour CLIENT_ROLE, createRealmRole avec rôle existant, etc. * Couvre updateRole, deleteRole pour CLIENT_ROLE, createRealmRole avec rôle existant, etc.
*/ */
@ExtendWith(MockitoExtension.class) @ExtendWith(MockitoExtension.class)
class RoleServiceImplCompleteTest { class RoleServiceImplCompleteTest {
@Mock @Mock
private KeycloakAdminClient keycloakAdminClient; private KeycloakAdminClient keycloakAdminClient;
@Mock @Mock
private Keycloak keycloakInstance; private Keycloak keycloakInstance;
@Mock @Mock
private RealmResource realmResource; private RealmResource realmResource;
@Mock @Mock
private RolesResource rolesResource; private RolesResource rolesResource;
@Mock @Mock
private RoleResource roleResource; private RoleResource roleResource;
@Mock @Mock
private ClientsResource clientsResource; private ClientsResource clientsResource;
@Mock @Mock
private ClientResource clientResource; private ClientResource clientResource;
@InjectMocks @InjectMocks
private RoleServiceImpl roleService; private RoleServiceImpl roleService;
private static final String REALM = "test-realm"; private static final String REALM = "test-realm";
private static final String ROLE_ID = "role-123"; private static final String ROLE_ID = "role-123";
private static final String ROLE_NAME = "test-role"; private static final String ROLE_NAME = "test-role";
private static final String CLIENT_NAME = "test-client"; private static final String CLIENT_NAME = "test-client";
private static final String INTERNAL_CLIENT_ID = "internal-client-id"; private static final String INTERNAL_CLIENT_ID = "internal-client-id";
@Test @Test
void testCreateRealmRole_RoleAlreadyExists() { void testCreateRealmRole_RoleAlreadyExists() {
when(keycloakAdminClient.getInstance()).thenReturn(keycloakInstance); when(keycloakAdminClient.getInstance()).thenReturn(keycloakInstance);
when(keycloakInstance.realm(REALM)).thenReturn(realmResource); when(keycloakInstance.realm(REALM)).thenReturn(realmResource);
when(realmResource.roles()).thenReturn(rolesResource); when(realmResource.roles()).thenReturn(rolesResource);
when(rolesResource.get(ROLE_NAME)).thenReturn(roleResource); when(rolesResource.get(ROLE_NAME)).thenReturn(roleResource);
RoleRepresentation existingRole = new RoleRepresentation(); RoleRepresentation existingRole = new RoleRepresentation();
existingRole.setName(ROLE_NAME); existingRole.setName(ROLE_NAME);
when(roleResource.toRepresentation()).thenReturn(existingRole); when(roleResource.toRepresentation()).thenReturn(existingRole);
RoleDTO roleDTO = RoleDTO.builder() RoleDTO roleDTO = RoleDTO.builder()
.name(ROLE_NAME) .name(ROLE_NAME)
.description("Test role") .description("Test role")
.build(); .build();
assertThrows(IllegalArgumentException.class, () -> assertThrows(IllegalArgumentException.class, () ->
roleService.createRealmRole(roleDTO, REALM)); roleService.createRealmRole(roleDTO, REALM));
} }
@Test @Test
void testUpdateRole_RealmRole_Success() { void testUpdateRole_RealmRole_Success() {
when(keycloakAdminClient.getInstance()).thenReturn(keycloakInstance); when(keycloakAdminClient.getInstance()).thenReturn(keycloakInstance);
when(keycloakInstance.realm(REALM)).thenReturn(realmResource); when(keycloakInstance.realm(REALM)).thenReturn(realmResource);
when(realmResource.roles()).thenReturn(rolesResource); when(realmResource.roles()).thenReturn(rolesResource);
// Mock getRealmRoleById // Mock getRealmRoleById
RoleRepresentation roleRep = new RoleRepresentation(); RoleRepresentation roleRep = new RoleRepresentation();
roleRep.setId(ROLE_ID); roleRep.setId(ROLE_ID);
roleRep.setName(ROLE_NAME); roleRep.setName(ROLE_NAME);
when(rolesResource.list()).thenReturn(List.of(roleRep)); when(rolesResource.list()).thenReturn(List.of(roleRep));
when(rolesResource.get(ROLE_NAME)).thenReturn(roleResource); when(rolesResource.get(ROLE_NAME)).thenReturn(roleResource);
when(roleResource.toRepresentation()).thenReturn(roleRep); when(roleResource.toRepresentation()).thenReturn(roleRep);
RoleDTO roleDTO = RoleDTO.builder() RoleDTO roleDTO = RoleDTO.builder()
.id(ROLE_ID) .id(ROLE_ID)
.name(ROLE_NAME) .name(ROLE_NAME)
.description("Updated description") .description("Updated description")
.build(); .build();
RoleDTO result = roleService.updateRole(ROLE_ID, roleDTO, REALM, TypeRole.REALM_ROLE, null); RoleDTO result = roleService.updateRole(ROLE_ID, roleDTO, REALM, TypeRole.REALM_ROLE, null);
assertNotNull(result); assertNotNull(result);
verify(roleResource).update(any(RoleRepresentation.class)); verify(roleResource).update(any(RoleRepresentation.class));
} }
@Test @Test
void testUpdateRole_RealmRole_NotFound() { void testUpdateRole_RealmRole_NotFound() {
when(keycloakAdminClient.getInstance()).thenReturn(keycloakInstance); when(keycloakAdminClient.getInstance()).thenReturn(keycloakInstance);
when(keycloakInstance.realm(REALM)).thenReturn(realmResource); when(keycloakInstance.realm(REALM)).thenReturn(realmResource);
when(realmResource.roles()).thenReturn(rolesResource); when(realmResource.roles()).thenReturn(rolesResource);
when(rolesResource.list()).thenReturn(Collections.emptyList()); when(rolesResource.list()).thenReturn(Collections.emptyList());
RoleDTO roleDTO = RoleDTO.builder() RoleDTO roleDTO = RoleDTO.builder()
.id(ROLE_ID) .id(ROLE_ID)
.name(ROLE_NAME) .name(ROLE_NAME)
.build(); .build();
assertThrows(jakarta.ws.rs.NotFoundException.class, () -> assertThrows(jakarta.ws.rs.NotFoundException.class, () ->
roleService.updateRole(ROLE_ID, roleDTO, REALM, TypeRole.REALM_ROLE, null)); roleService.updateRole(ROLE_ID, roleDTO, REALM, TypeRole.REALM_ROLE, null));
} }
@Test @Test
void testUpdateRole_RealmRole_NoDescription() { void testUpdateRole_RealmRole_NoDescription() {
when(keycloakAdminClient.getInstance()).thenReturn(keycloakInstance); when(keycloakAdminClient.getInstance()).thenReturn(keycloakInstance);
when(keycloakInstance.realm(REALM)).thenReturn(realmResource); when(keycloakInstance.realm(REALM)).thenReturn(realmResource);
when(realmResource.roles()).thenReturn(rolesResource); when(realmResource.roles()).thenReturn(rolesResource);
RoleRepresentation roleRep = new RoleRepresentation(); RoleRepresentation roleRep = new RoleRepresentation();
roleRep.setId(ROLE_ID); roleRep.setId(ROLE_ID);
roleRep.setName(ROLE_NAME); roleRep.setName(ROLE_NAME);
when(rolesResource.list()).thenReturn(List.of(roleRep)); when(rolesResource.list()).thenReturn(List.of(roleRep));
when(rolesResource.get(ROLE_NAME)).thenReturn(roleResource); when(rolesResource.get(ROLE_NAME)).thenReturn(roleResource);
when(roleResource.toRepresentation()).thenReturn(roleRep); when(roleResource.toRepresentation()).thenReturn(roleRep);
RoleDTO roleDTO = RoleDTO.builder() RoleDTO roleDTO = RoleDTO.builder()
.id(ROLE_ID) .id(ROLE_ID)
.name(ROLE_NAME) .name(ROLE_NAME)
.description(null) // No description .description(null) // No description
.build(); .build();
RoleDTO result = roleService.updateRole(ROLE_ID, roleDTO, REALM, TypeRole.REALM_ROLE, null); RoleDTO result = roleService.updateRole(ROLE_ID, roleDTO, REALM, TypeRole.REALM_ROLE, null);
assertNotNull(result); assertNotNull(result);
verify(roleResource).update(any(RoleRepresentation.class)); verify(roleResource).update(any(RoleRepresentation.class));
} }
@Test @Test
void testUpdateRole_ClientRole_Success() { void testUpdateRole_ClientRole_Success() {
when(keycloakAdminClient.getInstance()).thenReturn(keycloakInstance); when(keycloakAdminClient.getInstance()).thenReturn(keycloakInstance);
when(keycloakInstance.realm(REALM)).thenReturn(realmResource); when(keycloakInstance.realm(REALM)).thenReturn(realmResource);
when(realmResource.clients()).thenReturn(clientsResource); when(realmResource.clients()).thenReturn(clientsResource);
ClientRepresentation client = new ClientRepresentation(); ClientRepresentation client = new ClientRepresentation();
client.setId(INTERNAL_CLIENT_ID); client.setId(INTERNAL_CLIENT_ID);
when(clientsResource.findByClientId(CLIENT_NAME)).thenReturn(List.of(client)); when(clientsResource.findByClientId(CLIENT_NAME)).thenReturn(List.of(client));
when(clientsResource.get(INTERNAL_CLIENT_ID)).thenReturn(clientResource); when(clientsResource.get(INTERNAL_CLIENT_ID)).thenReturn(clientResource);
when(clientResource.roles()).thenReturn(rolesResource); when(clientResource.roles()).thenReturn(rolesResource);
// Mock getRoleById // Mock getRoleById
RoleRepresentation roleRep = new RoleRepresentation(); RoleRepresentation roleRep = new RoleRepresentation();
roleRep.setId(ROLE_ID); roleRep.setId(ROLE_ID);
roleRep.setName(ROLE_NAME); roleRep.setName(ROLE_NAME);
when(rolesResource.list()).thenReturn(List.of(roleRep)); when(rolesResource.list()).thenReturn(List.of(roleRep));
when(rolesResource.get(ROLE_NAME)).thenReturn(roleResource); when(rolesResource.get(ROLE_NAME)).thenReturn(roleResource);
when(roleResource.toRepresentation()).thenReturn(roleRep); when(roleResource.toRepresentation()).thenReturn(roleRep);
RoleDTO roleDTO = RoleDTO.builder() RoleDTO roleDTO = RoleDTO.builder()
.id(ROLE_ID) .id(ROLE_ID)
.name(ROLE_NAME) .name(ROLE_NAME)
.description("Updated description") .description("Updated description")
.build(); .build();
RoleDTO result = roleService.updateRole(ROLE_ID, roleDTO, REALM, TypeRole.CLIENT_ROLE, CLIENT_NAME); RoleDTO result = roleService.updateRole(ROLE_ID, roleDTO, REALM, TypeRole.CLIENT_ROLE, CLIENT_NAME);
assertNotNull(result); assertNotNull(result);
assertEquals(CLIENT_NAME, result.getClientId()); assertEquals(CLIENT_NAME, result.getClientId());
verify(roleResource).update(any(RoleRepresentation.class)); verify(roleResource).update(any(RoleRepresentation.class));
} }
@Test @Test
void testUpdateRole_ClientRole_ClientNotFound() { void testUpdateRole_ClientRole_ClientNotFound() {
when(keycloakAdminClient.getInstance()).thenReturn(keycloakInstance); when(keycloakAdminClient.getInstance()).thenReturn(keycloakInstance);
when(keycloakInstance.realm(REALM)).thenReturn(realmResource); when(keycloakInstance.realm(REALM)).thenReturn(realmResource);
when(realmResource.clients()).thenReturn(clientsResource); when(realmResource.clients()).thenReturn(clientsResource);
when(clientsResource.findByClientId(CLIENT_NAME)).thenReturn(Collections.emptyList()); when(clientsResource.findByClientId(CLIENT_NAME)).thenReturn(Collections.emptyList());
RoleDTO roleDTO = RoleDTO.builder() RoleDTO roleDTO = RoleDTO.builder()
.id(ROLE_ID) .id(ROLE_ID)
.name(ROLE_NAME) .name(ROLE_NAME)
.build(); .build();
// getRoleById is called first, which will throw NotFoundException when client is not found // getRoleById is called first, which will throw NotFoundException when client is not found
// Actually, getRoleById returns Optional.empty() when client is not found // Actually, getRoleById returns Optional.empty() when client is not found
// So it will throw NotFoundException for role not found // So it will throw NotFoundException for role not found
assertThrows(jakarta.ws.rs.NotFoundException.class, () -> assertThrows(jakarta.ws.rs.NotFoundException.class, () ->
roleService.updateRole(ROLE_ID, roleDTO, REALM, TypeRole.CLIENT_ROLE, CLIENT_NAME)); roleService.updateRole(ROLE_ID, roleDTO, REALM, TypeRole.CLIENT_ROLE, CLIENT_NAME));
} }
@Test @Test
void testUpdateRole_ClientRole_NotFound() { void testUpdateRole_ClientRole_NotFound() {
when(keycloakAdminClient.getInstance()).thenReturn(keycloakInstance); when(keycloakAdminClient.getInstance()).thenReturn(keycloakInstance);
when(keycloakInstance.realm(REALM)).thenReturn(realmResource); when(keycloakInstance.realm(REALM)).thenReturn(realmResource);
when(realmResource.clients()).thenReturn(clientsResource); when(realmResource.clients()).thenReturn(clientsResource);
ClientRepresentation client = new ClientRepresentation(); ClientRepresentation client = new ClientRepresentation();
client.setId(INTERNAL_CLIENT_ID); client.setId(INTERNAL_CLIENT_ID);
when(clientsResource.findByClientId(CLIENT_NAME)).thenReturn(List.of(client)); when(clientsResource.findByClientId(CLIENT_NAME)).thenReturn(List.of(client));
when(clientsResource.get(INTERNAL_CLIENT_ID)).thenReturn(clientResource); when(clientsResource.get(INTERNAL_CLIENT_ID)).thenReturn(clientResource);
when(clientResource.roles()).thenReturn(rolesResource); when(clientResource.roles()).thenReturn(rolesResource);
when(rolesResource.list()).thenReturn(Collections.emptyList()); when(rolesResource.list()).thenReturn(Collections.emptyList());
RoleDTO roleDTO = RoleDTO.builder() RoleDTO roleDTO = RoleDTO.builder()
.id(ROLE_ID) .id(ROLE_ID)
.name(ROLE_NAME) .name(ROLE_NAME)
.build(); .build();
assertThrows(jakarta.ws.rs.NotFoundException.class, () -> assertThrows(jakarta.ws.rs.NotFoundException.class, () ->
roleService.updateRole(ROLE_ID, roleDTO, REALM, TypeRole.CLIENT_ROLE, CLIENT_NAME)); roleService.updateRole(ROLE_ID, roleDTO, REALM, TypeRole.CLIENT_ROLE, CLIENT_NAME));
} }
@Test @Test
void testUpdateRole_UnsupportedType() { void testUpdateRole_UnsupportedType() {
RoleDTO roleDTO = RoleDTO.builder() RoleDTO roleDTO = RoleDTO.builder()
.id(ROLE_ID) .id(ROLE_ID)
.name(ROLE_NAME) .name(ROLE_NAME)
.build(); .build();
assertThrows(IllegalArgumentException.class, () -> assertThrows(IllegalArgumentException.class, () ->
roleService.updateRole(ROLE_ID, roleDTO, REALM, null, null)); roleService.updateRole(ROLE_ID, roleDTO, REALM, null, null));
} }
@Test @Test
void testDeleteRole_ClientRole_Success() { void testDeleteRole_ClientRole_Success() {
when(keycloakAdminClient.getInstance()).thenReturn(keycloakInstance); when(keycloakAdminClient.getInstance()).thenReturn(keycloakInstance);
when(keycloakInstance.realm(REALM)).thenReturn(realmResource); when(keycloakInstance.realm(REALM)).thenReturn(realmResource);
when(realmResource.clients()).thenReturn(clientsResource); when(realmResource.clients()).thenReturn(clientsResource);
ClientRepresentation client = new ClientRepresentation(); ClientRepresentation client = new ClientRepresentation();
client.setId(INTERNAL_CLIENT_ID); client.setId(INTERNAL_CLIENT_ID);
when(clientsResource.findByClientId(CLIENT_NAME)).thenReturn(List.of(client)); when(clientsResource.findByClientId(CLIENT_NAME)).thenReturn(List.of(client));
when(clientsResource.get(INTERNAL_CLIENT_ID)).thenReturn(clientResource); when(clientsResource.get(INTERNAL_CLIENT_ID)).thenReturn(clientResource);
when(clientResource.roles()).thenReturn(rolesResource); when(clientResource.roles()).thenReturn(rolesResource);
// Mock getRoleById - getRoleById for CLIENT_ROLE only uses rolesResource.list() // Mock getRoleById - getRoleById for CLIENT_ROLE only uses rolesResource.list()
RoleRepresentation roleRep = new RoleRepresentation(); RoleRepresentation roleRep = new RoleRepresentation();
roleRep.setId(ROLE_ID); roleRep.setId(ROLE_ID);
roleRep.setName(ROLE_NAME); roleRep.setName(ROLE_NAME);
when(rolesResource.list()).thenReturn(List.of(roleRep)); when(rolesResource.list()).thenReturn(List.of(roleRep));
roleService.deleteRole(ROLE_ID, REALM, TypeRole.CLIENT_ROLE, CLIENT_NAME); roleService.deleteRole(ROLE_ID, REALM, TypeRole.CLIENT_ROLE, CLIENT_NAME);
verify(rolesResource).deleteRole(ROLE_NAME); verify(rolesResource).deleteRole(ROLE_NAME);
} }
@Test @Test
void testDeleteRole_ClientRole_ClientNotFound() { void testDeleteRole_ClientRole_ClientNotFound() {
when(keycloakAdminClient.getInstance()).thenReturn(keycloakInstance); when(keycloakAdminClient.getInstance()).thenReturn(keycloakInstance);
when(keycloakInstance.realm(REALM)).thenReturn(realmResource); when(keycloakInstance.realm(REALM)).thenReturn(realmResource);
when(realmResource.clients()).thenReturn(clientsResource); when(realmResource.clients()).thenReturn(clientsResource);
when(clientsResource.findByClientId(CLIENT_NAME)).thenReturn(Collections.emptyList()); when(clientsResource.findByClientId(CLIENT_NAME)).thenReturn(Collections.emptyList());
// getRoleById is called first, which returns Optional.empty() when client is not found // getRoleById is called first, which returns Optional.empty() when client is not found
// So it will throw NotFoundException for role not found // So it will throw NotFoundException for role not found
assertThrows(jakarta.ws.rs.NotFoundException.class, () -> assertThrows(jakarta.ws.rs.NotFoundException.class, () ->
roleService.deleteRole(ROLE_ID, REALM, TypeRole.CLIENT_ROLE, CLIENT_NAME)); roleService.deleteRole(ROLE_ID, REALM, TypeRole.CLIENT_ROLE, CLIENT_NAME));
} }
@Test @Test
void testDeleteRole_ClientRole_NotFound() { void testDeleteRole_ClientRole_NotFound() {
when(keycloakAdminClient.getInstance()).thenReturn(keycloakInstance); when(keycloakAdminClient.getInstance()).thenReturn(keycloakInstance);
when(keycloakInstance.realm(REALM)).thenReturn(realmResource); when(keycloakInstance.realm(REALM)).thenReturn(realmResource);
when(realmResource.clients()).thenReturn(clientsResource); when(realmResource.clients()).thenReturn(clientsResource);
ClientRepresentation client = new ClientRepresentation(); ClientRepresentation client = new ClientRepresentation();
client.setId(INTERNAL_CLIENT_ID); client.setId(INTERNAL_CLIENT_ID);
when(clientsResource.findByClientId(CLIENT_NAME)).thenReturn(List.of(client)); when(clientsResource.findByClientId(CLIENT_NAME)).thenReturn(List.of(client));
when(clientsResource.get(INTERNAL_CLIENT_ID)).thenReturn(clientResource); when(clientsResource.get(INTERNAL_CLIENT_ID)).thenReturn(clientResource);
when(clientResource.roles()).thenReturn(rolesResource); when(clientResource.roles()).thenReturn(rolesResource);
when(rolesResource.list()).thenReturn(Collections.emptyList()); when(rolesResource.list()).thenReturn(Collections.emptyList());
assertThrows(jakarta.ws.rs.NotFoundException.class, () -> assertThrows(jakarta.ws.rs.NotFoundException.class, () ->
roleService.deleteRole(ROLE_ID, REALM, TypeRole.CLIENT_ROLE, CLIENT_NAME)); roleService.deleteRole(ROLE_ID, REALM, TypeRole.CLIENT_ROLE, CLIENT_NAME));
} }
@Test @Test
void testDeleteRole_UnsupportedType() { void testDeleteRole_UnsupportedType() {
assertThrows(IllegalArgumentException.class, () -> assertThrows(IllegalArgumentException.class, () ->
roleService.deleteRole(ROLE_ID, REALM, null, null)); roleService.deleteRole(ROLE_ID, REALM, null, null));
} }
// Note: getRealmRoleById is private, so we test it indirectly through updateRole // Note: getRealmRoleById is private, so we test it indirectly through updateRole
// The exception path is tested via updateRole_RealmRole_NotFound // The exception path is tested via updateRole_RealmRole_NotFound
@Test @Test
void testGetAllRealmRoles_Success() { void testGetAllRealmRoles_Success() {
when(keycloakAdminClient.realmExists(REALM)).thenReturn(true); when(keycloakAdminClient.realmExists(REALM)).thenReturn(true);
when(keycloakAdminClient.getInstance()).thenReturn(keycloakInstance); when(keycloakAdminClient.getInstance()).thenReturn(keycloakInstance);
when(keycloakInstance.realm(REALM)).thenReturn(realmResource); when(keycloakInstance.realm(REALM)).thenReturn(realmResource);
when(realmResource.roles()).thenReturn(rolesResource); when(realmResource.roles()).thenReturn(rolesResource);
RoleRepresentation role1 = new RoleRepresentation(); RoleRepresentation role1 = new RoleRepresentation();
role1.setName("role1"); role1.setName("role1");
RoleRepresentation role2 = new RoleRepresentation(); RoleRepresentation role2 = new RoleRepresentation();
role2.setName("role2"); role2.setName("role2");
when(rolesResource.list()).thenReturn(List.of(role1, role2)); when(rolesResource.list()).thenReturn(List.of(role1, role2));
var result = roleService.getAllRealmRoles(REALM); var result = roleService.getAllRealmRoles(REALM);
assertNotNull(result); assertNotNull(result);
assertEquals(2, result.size()); assertEquals(2, result.size());
} }
@Test @Test
void testGetAllRealmRoles_With404InMessage() { void testGetAllRealmRoles_With404InMessage() {
when(keycloakAdminClient.realmExists(REALM)).thenReturn(true); when(keycloakAdminClient.realmExists(REALM)).thenReturn(true);
when(keycloakAdminClient.getInstance()).thenReturn(keycloakInstance); when(keycloakAdminClient.getInstance()).thenReturn(keycloakInstance);
when(keycloakInstance.realm(REALM)).thenReturn(realmResource); when(keycloakInstance.realm(REALM)).thenReturn(realmResource);
when(realmResource.roles()).thenReturn(rolesResource); when(realmResource.roles()).thenReturn(rolesResource);
when(rolesResource.list()).thenThrow(new RuntimeException("Server response is: 404")); when(rolesResource.list()).thenThrow(new RuntimeException("Server response is: 404"));
assertThrows(IllegalArgumentException.class, () -> assertThrows(IllegalArgumentException.class, () ->
roleService.getAllRealmRoles(REALM)); roleService.getAllRealmRoles(REALM));
} }
@Test @Test
void testGetAllRealmRoles_WithNotInMessage() { void testGetAllRealmRoles_WithNotInMessage() {
when(keycloakAdminClient.realmExists(REALM)).thenReturn(true); when(keycloakAdminClient.realmExists(REALM)).thenReturn(true);
when(keycloakAdminClient.getInstance()).thenReturn(keycloakInstance); when(keycloakAdminClient.getInstance()).thenReturn(keycloakInstance);
when(keycloakInstance.realm(REALM)).thenReturn(realmResource); when(keycloakInstance.realm(REALM)).thenReturn(realmResource);
when(realmResource.roles()).thenReturn(rolesResource); when(realmResource.roles()).thenReturn(rolesResource);
when(rolesResource.list()).thenThrow(new RuntimeException("Not Found")); when(rolesResource.list()).thenThrow(new RuntimeException("Not Found"));
assertThrows(IllegalArgumentException.class, () -> assertThrows(IllegalArgumentException.class, () ->
roleService.getAllRealmRoles(REALM)); roleService.getAllRealmRoles(REALM));
} }
@Test @Test
void testGetAllRealmRoles_WithOtherException() { void testGetAllRealmRoles_WithOtherException() {
when(keycloakAdminClient.realmExists(REALM)).thenReturn(true); when(keycloakAdminClient.realmExists(REALM)).thenReturn(true);
when(keycloakAdminClient.getInstance()).thenReturn(keycloakInstance); when(keycloakAdminClient.getInstance()).thenReturn(keycloakInstance);
when(keycloakInstance.realm(REALM)).thenReturn(realmResource); when(keycloakInstance.realm(REALM)).thenReturn(realmResource);
when(realmResource.roles()).thenReturn(rolesResource); when(realmResource.roles()).thenReturn(rolesResource);
when(rolesResource.list()).thenThrow(new RuntimeException("Connection error")); when(rolesResource.list()).thenThrow(new RuntimeException("Connection error"));
assertThrows(RuntimeException.class, () -> assertThrows(RuntimeException.class, () ->
roleService.getAllRealmRoles(REALM)); roleService.getAllRealmRoles(REALM));
} }
} }

490
src/test/java/dev/lions/user/manager/service/impl/RoleServiceImplExtendedTest.java
View File

@@ -1,245 +1,245 @@
package dev.lions.user.manager.service.impl; package dev.lions.user.manager.service.impl;
import dev.lions.user.manager.client.KeycloakAdminClient; import dev.lions.user.manager.client.KeycloakAdminClient;
import dev.lions.user.manager.dto.role.RoleDTO; import dev.lions.user.manager.dto.role.RoleDTO;
import dev.lions.user.manager.enums.role.TypeRole; import dev.lions.user.manager.enums.role.TypeRole;
import org.junit.jupiter.api.Test; import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.extension.ExtendWith; import org.junit.jupiter.api.extension.ExtendWith;
import org.keycloak.admin.client.Keycloak; import org.keycloak.admin.client.Keycloak;
import org.keycloak.admin.client.resource.*; import org.keycloak.admin.client.resource.*;
import org.keycloak.representations.idm.ClientRepresentation; import org.keycloak.representations.idm.ClientRepresentation;
import org.keycloak.representations.idm.RoleRepresentation; import org.keycloak.representations.idm.RoleRepresentation;
import org.keycloak.representations.idm.UserRepresentation; import org.keycloak.representations.idm.UserRepresentation;
import org.mockito.InjectMocks; import org.mockito.InjectMocks;
import org.mockito.Mock; import org.mockito.Mock;
import org.mockito.junit.jupiter.MockitoExtension; import org.mockito.junit.jupiter.MockitoExtension;
import java.util.Collections; import java.util.Collections;
import java.util.List; import java.util.List;
import java.util.Optional; import java.util.Optional;
import static org.junit.jupiter.api.Assertions.*; import static org.junit.jupiter.api.Assertions.*;
import static org.mockito.ArgumentMatchers.*; import static org.mockito.ArgumentMatchers.*;
import static org.mockito.Mockito.*; import static org.mockito.Mockito.*;
/** /**
* Tests supplémentaires pour RoleServiceImpl pour améliorer la couverture * Tests supplémentaires pour RoleServiceImpl pour améliorer la couverture
* Couvre les méthodes : userHasRole, roleExists, countUsersWithRole * Couvre les méthodes : userHasRole, roleExists, countUsersWithRole
*/ */
@ExtendWith(MockitoExtension.class) @ExtendWith(MockitoExtension.class)
class RoleServiceImplExtendedTest { class RoleServiceImplExtendedTest {
@Mock @Mock
private KeycloakAdminClient keycloakAdminClient; private KeycloakAdminClient keycloakAdminClient;
@Mock @Mock
private Keycloak keycloakInstance; private Keycloak keycloakInstance;
@Mock @Mock
private RealmResource realmResource; private RealmResource realmResource;
@Mock @Mock
private RolesResource rolesResource; private RolesResource rolesResource;
@Mock @Mock
private RoleResource roleResource; private RoleResource roleResource;
@Mock @Mock
private UsersResource usersResource; private UsersResource usersResource;
@Mock @Mock
private UserResource userResource; private UserResource userResource;
@Mock @Mock
private RoleMappingResource roleMappingResource; private RoleMappingResource roleMappingResource;
@Mock @Mock
private RoleScopeResource realmLevelRoleScopeResource; private RoleScopeResource realmLevelRoleScopeResource;
@Mock @Mock
private RoleScopeResource clientLevelRoleScopeResource; private RoleScopeResource clientLevelRoleScopeResource;
@Mock @Mock
private ClientsResource clientsResource; private ClientsResource clientsResource;
@InjectMocks @InjectMocks
private RoleServiceImpl roleService; private RoleServiceImpl roleService;
private static final String REALM = "test-realm"; private static final String REALM = "test-realm";
private static final String USER_ID = "user-123"; private static final String USER_ID = "user-123";
private static final String ROLE_NAME = "admin"; private static final String ROLE_NAME = "admin";
private static final String CLIENT_NAME = "test-client"; private static final String CLIENT_NAME = "test-client";
@Test @Test
void testUserHasRole_RealmRole_True() { void testUserHasRole_RealmRole_True() {
when(keycloakAdminClient.getInstance()).thenReturn(keycloakInstance); when(keycloakAdminClient.getInstance()).thenReturn(keycloakInstance);
when(keycloakInstance.realm(REALM)).thenReturn(realmResource); when(keycloakInstance.realm(REALM)).thenReturn(realmResource);
when(realmResource.users()).thenReturn(usersResource); when(realmResource.users()).thenReturn(usersResource);
when(usersResource.get(USER_ID)).thenReturn(userResource); when(usersResource.get(USER_ID)).thenReturn(userResource);
when(userResource.roles()).thenReturn(roleMappingResource); when(userResource.roles()).thenReturn(roleMappingResource);
when(roleMappingResource.realmLevel()).thenReturn(realmLevelRoleScopeResource); when(roleMappingResource.realmLevel()).thenReturn(realmLevelRoleScopeResource);
RoleRepresentation role = new RoleRepresentation(); RoleRepresentation role = new RoleRepresentation();
role.setName(ROLE_NAME); role.setName(ROLE_NAME);
when(realmLevelRoleScopeResource.listEffective()).thenReturn(List.of(role)); when(realmLevelRoleScopeResource.listEffective()).thenReturn(List.of(role));
boolean result = roleService.userHasRole(USER_ID, ROLE_NAME, REALM, TypeRole.REALM_ROLE, null); boolean result = roleService.userHasRole(USER_ID, ROLE_NAME, REALM, TypeRole.REALM_ROLE, null);
assertTrue(result); assertTrue(result);
} }
@Test @Test
void testUserHasRole_RealmRole_False() { void testUserHasRole_RealmRole_False() {
when(keycloakAdminClient.getInstance()).thenReturn(keycloakInstance); when(keycloakAdminClient.getInstance()).thenReturn(keycloakInstance);
when(keycloakInstance.realm(REALM)).thenReturn(realmResource); when(keycloakInstance.realm(REALM)).thenReturn(realmResource);
when(realmResource.users()).thenReturn(usersResource); when(realmResource.users()).thenReturn(usersResource);
when(usersResource.get(USER_ID)).thenReturn(userResource); when(usersResource.get(USER_ID)).thenReturn(userResource);
when(userResource.roles()).thenReturn(roleMappingResource); when(userResource.roles()).thenReturn(roleMappingResource);
when(roleMappingResource.realmLevel()).thenReturn(realmLevelRoleScopeResource); when(roleMappingResource.realmLevel()).thenReturn(realmLevelRoleScopeResource);
when(realmLevelRoleScopeResource.listEffective()).thenReturn(Collections.emptyList()); when(realmLevelRoleScopeResource.listEffective()).thenReturn(Collections.emptyList());
boolean result = roleService.userHasRole(USER_ID, ROLE_NAME, REALM, TypeRole.REALM_ROLE, null); boolean result = roleService.userHasRole(USER_ID, ROLE_NAME, REALM, TypeRole.REALM_ROLE, null);
assertFalse(result); assertFalse(result);
} }
@Test @Test
void testUserHasRole_ClientRole_True() { void testUserHasRole_ClientRole_True() {
when(keycloakAdminClient.getInstance()).thenReturn(keycloakInstance); when(keycloakAdminClient.getInstance()).thenReturn(keycloakInstance);
when(keycloakInstance.realm(REALM)).thenReturn(realmResource); when(keycloakInstance.realm(REALM)).thenReturn(realmResource);
when(realmResource.clients()).thenReturn(clientsResource); when(realmResource.clients()).thenReturn(clientsResource);
when(realmResource.users()).thenReturn(usersResource); when(realmResource.users()).thenReturn(usersResource);
when(usersResource.get(USER_ID)).thenReturn(userResource); when(usersResource.get(USER_ID)).thenReturn(userResource);
when(userResource.roles()).thenReturn(roleMappingResource); when(userResource.roles()).thenReturn(roleMappingResource);
ClientRepresentation client = new ClientRepresentation(); ClientRepresentation client = new ClientRepresentation();
client.setId("client-123"); client.setId("client-123");
when(clientsResource.findByClientId(CLIENT_NAME)).thenReturn(List.of(client)); when(clientsResource.findByClientId(CLIENT_NAME)).thenReturn(List.of(client));
when(roleMappingResource.clientLevel("client-123")).thenReturn(clientLevelRoleScopeResource); when(roleMappingResource.clientLevel("client-123")).thenReturn(clientLevelRoleScopeResource);
RoleRepresentation role = new RoleRepresentation(); RoleRepresentation role = new RoleRepresentation();
role.setName(ROLE_NAME); role.setName(ROLE_NAME);
when(clientLevelRoleScopeResource.listEffective()).thenReturn(List.of(role)); when(clientLevelRoleScopeResource.listEffective()).thenReturn(List.of(role));
boolean result = roleService.userHasRole(USER_ID, ROLE_NAME, REALM, TypeRole.CLIENT_ROLE, CLIENT_NAME); boolean result = roleService.userHasRole(USER_ID, ROLE_NAME, REALM, TypeRole.CLIENT_ROLE, CLIENT_NAME);
assertTrue(result); assertTrue(result);
} }
@Test @Test
void testUserHasRole_ClientRole_ClientNotFound() { void testUserHasRole_ClientRole_ClientNotFound() {
when(keycloakAdminClient.getInstance()).thenReturn(keycloakInstance); when(keycloakAdminClient.getInstance()).thenReturn(keycloakInstance);
when(keycloakInstance.realm(REALM)).thenReturn(realmResource); when(keycloakInstance.realm(REALM)).thenReturn(realmResource);
when(realmResource.clients()).thenReturn(clientsResource); when(realmResource.clients()).thenReturn(clientsResource);
when(clientsResource.findByClientId(CLIENT_NAME)).thenReturn(Collections.emptyList()); when(clientsResource.findByClientId(CLIENT_NAME)).thenReturn(Collections.emptyList());
boolean result = roleService.userHasRole(USER_ID, ROLE_NAME, REALM, TypeRole.CLIENT_ROLE, CLIENT_NAME); boolean result = roleService.userHasRole(USER_ID, ROLE_NAME, REALM, TypeRole.CLIENT_ROLE, CLIENT_NAME);
assertFalse(result); assertFalse(result);
} }
@Test @Test
void testUserHasRole_ClientRole_NullClientName() { void testUserHasRole_ClientRole_NullClientName() {
boolean result = roleService.userHasRole(USER_ID, ROLE_NAME, REALM, TypeRole.CLIENT_ROLE, null); boolean result = roleService.userHasRole(USER_ID, ROLE_NAME, REALM, TypeRole.CLIENT_ROLE, null);
assertFalse(result); assertFalse(result);
} }
@Test @Test
void testRoleExists_RealmRole_True() { void testRoleExists_RealmRole_True() {
when(keycloakAdminClient.getInstance()).thenReturn(keycloakInstance); when(keycloakAdminClient.getInstance()).thenReturn(keycloakInstance);
when(keycloakInstance.realm(REALM)).thenReturn(realmResource); when(keycloakInstance.realm(REALM)).thenReturn(realmResource);
when(realmResource.roles()).thenReturn(rolesResource); when(realmResource.roles()).thenReturn(rolesResource);
when(rolesResource.get(ROLE_NAME)).thenReturn(roleResource); when(rolesResource.get(ROLE_NAME)).thenReturn(roleResource);
RoleRepresentation role = new RoleRepresentation(); RoleRepresentation role = new RoleRepresentation();
role.setName(ROLE_NAME); role.setName(ROLE_NAME);
when(roleResource.toRepresentation()).thenReturn(role); when(roleResource.toRepresentation()).thenReturn(role);
boolean result = roleService.roleExists(ROLE_NAME, REALM, TypeRole.REALM_ROLE, null); boolean result = roleService.roleExists(ROLE_NAME, REALM, TypeRole.REALM_ROLE, null);
assertTrue(result); assertTrue(result);
} }
@Test @Test
void testRoleExists_RealmRole_False() { void testRoleExists_RealmRole_False() {
when(keycloakAdminClient.getInstance()).thenReturn(keycloakInstance); when(keycloakAdminClient.getInstance()).thenReturn(keycloakInstance);
when(keycloakInstance.realm(REALM)).thenReturn(realmResource); when(keycloakInstance.realm(REALM)).thenReturn(realmResource);
when(realmResource.roles()).thenReturn(rolesResource); when(realmResource.roles()).thenReturn(rolesResource);
when(rolesResource.get(ROLE_NAME)).thenReturn(roleResource); when(rolesResource.get(ROLE_NAME)).thenReturn(roleResource);
when(roleResource.toRepresentation()).thenThrow(new jakarta.ws.rs.NotFoundException()); when(roleResource.toRepresentation()).thenThrow(new jakarta.ws.rs.NotFoundException());
boolean result = roleService.roleExists(ROLE_NAME, REALM, TypeRole.REALM_ROLE, null); boolean result = roleService.roleExists(ROLE_NAME, REALM, TypeRole.REALM_ROLE, null);
assertFalse(result); assertFalse(result);
} }
@Test @Test
void testCountUsersWithRole_Success() { void testCountUsersWithRole_Success() {
when(keycloakAdminClient.getInstance()).thenReturn(keycloakInstance); when(keycloakAdminClient.getInstance()).thenReturn(keycloakInstance);
when(keycloakInstance.realm(REALM)).thenReturn(realmResource); when(keycloakInstance.realm(REALM)).thenReturn(realmResource);
when(realmResource.roles()).thenReturn(rolesResource); when(realmResource.roles()).thenReturn(rolesResource);
when(realmResource.users()).thenReturn(usersResource); when(realmResource.users()).thenReturn(usersResource);
// Mock getRoleById // Mock getRoleById
RoleRepresentation roleRep = new RoleRepresentation(); RoleRepresentation roleRep = new RoleRepresentation();
roleRep.setId("role-123"); roleRep.setId("role-123");
roleRep.setName(ROLE_NAME); roleRep.setName(ROLE_NAME);
when(rolesResource.list()).thenReturn(List.of(roleRep)); when(rolesResource.list()).thenReturn(List.of(roleRep));
// Mock user list // Mock user list
UserRepresentation user1 = new UserRepresentation(); UserRepresentation user1 = new UserRepresentation();
user1.setId("user-1"); user1.setId("user-1");
UserRepresentation user2 = new UserRepresentation(); UserRepresentation user2 = new UserRepresentation();
user2.setId("user-2"); user2.setId("user-2");
when(usersResource.list()).thenReturn(List.of(user1, user2)); when(usersResource.list()).thenReturn(List.of(user1, user2));
// Mock userHasRole for each user // Mock userHasRole for each user
when(usersResource.get("user-1")).thenReturn(userResource); when(usersResource.get("user-1")).thenReturn(userResource);
when(usersResource.get("user-2")).thenReturn(userResource); when(usersResource.get("user-2")).thenReturn(userResource);
when(userResource.roles()).thenReturn(roleMappingResource); when(userResource.roles()).thenReturn(roleMappingResource);
when(roleMappingResource.realmLevel()).thenReturn(realmLevelRoleScopeResource); when(roleMappingResource.realmLevel()).thenReturn(realmLevelRoleScopeResource);
RoleRepresentation role = new RoleRepresentation(); RoleRepresentation role = new RoleRepresentation();
role.setName(ROLE_NAME); role.setName(ROLE_NAME);
// User 1 has role, user 2 doesn't // User 1 has role, user 2 doesn't
when(realmLevelRoleScopeResource.listEffective()) when(realmLevelRoleScopeResource.listEffective())
.thenReturn(List.of(role)) // user-1 .thenReturn(List.of(role)) // user-1
.thenReturn(Collections.emptyList()); // user-2 .thenReturn(Collections.emptyList()); // user-2
long count = roleService.countUsersWithRole("role-123", REALM, TypeRole.REALM_ROLE, null); long count = roleService.countUsersWithRole("role-123", REALM, TypeRole.REALM_ROLE, null);
assertEquals(1, count); assertEquals(1, count);
} }
@Test @Test
void testCountUsersWithRole_RoleNotFound() { void testCountUsersWithRole_RoleNotFound() {
when(keycloakAdminClient.getInstance()).thenReturn(keycloakInstance); when(keycloakAdminClient.getInstance()).thenReturn(keycloakInstance);
when(keycloakInstance.realm(REALM)).thenReturn(realmResource); when(keycloakInstance.realm(REALM)).thenReturn(realmResource);
when(realmResource.roles()).thenReturn(rolesResource); when(realmResource.roles()).thenReturn(rolesResource);
when(rolesResource.list()).thenReturn(Collections.emptyList()); when(rolesResource.list()).thenReturn(Collections.emptyList());
long count = roleService.countUsersWithRole("non-existent-role", REALM, TypeRole.REALM_ROLE, null); long count = roleService.countUsersWithRole("non-existent-role", REALM, TypeRole.REALM_ROLE, null);
assertEquals(0, count); assertEquals(0, count);
} }
@Test @Test
void testCountUsersWithRole_Exception() { void testCountUsersWithRole_Exception() {
when(keycloakAdminClient.getInstance()).thenReturn(keycloakInstance); when(keycloakAdminClient.getInstance()).thenReturn(keycloakInstance);
when(keycloakInstance.realm(REALM)).thenReturn(realmResource); when(keycloakInstance.realm(REALM)).thenReturn(realmResource);
when(realmResource.roles()).thenReturn(rolesResource); when(realmResource.roles()).thenReturn(rolesResource);
when(realmResource.users()).thenReturn(usersResource); when(realmResource.users()).thenReturn(usersResource);
RoleRepresentation roleRep = new RoleRepresentation(); RoleRepresentation roleRep = new RoleRepresentation();
roleRep.setId("role-123"); roleRep.setId("role-123");
roleRep.setName(ROLE_NAME); roleRep.setName(ROLE_NAME);
when(rolesResource.list()).thenReturn(List.of(roleRep)); when(rolesResource.list()).thenReturn(List.of(roleRep));
when(usersResource.list()).thenThrow(new RuntimeException("Error")); when(usersResource.list()).thenThrow(new RuntimeException("Error"));
long count = roleService.countUsersWithRole("role-123", REALM, TypeRole.REALM_ROLE, null); long count = roleService.countUsersWithRole("role-123", REALM, TypeRole.REALM_ROLE, null);
assertEquals(0, count); assertEquals(0, count);
} }
} }

1178
src/test/java/dev/lions/user/manager/service/impl/RoleServiceImplIntegrationTest.java
View File

File diff suppressed because it is too large Load Diff

1050
src/test/java/dev/lions/user/manager/service/impl/RoleServiceImplMissingCoverageTest.java Normal file
View File

File diff suppressed because it is too large Load Diff

256
src/test/java/dev/lions/user/manager/service/impl/RoleServiceImplTest.java
View File

@@ -1,128 +1,128 @@
package dev.lions.user.manager.service.impl; package dev.lions.user.manager.service.impl;
import dev.lions.user.manager.client.KeycloakAdminClient; import dev.lions.user.manager.client.KeycloakAdminClient;
import dev.lions.user.manager.dto.role.RoleAssignmentDTO; import dev.lions.user.manager.dto.role.RoleAssignmentDTO;
import dev.lions.user.manager.dto.role.RoleDTO; import dev.lions.user.manager.dto.role.RoleDTO;
import dev.lions.user.manager.enums.role.TypeRole; import dev.lions.user.manager.enums.role.TypeRole;
import org.junit.jupiter.api.Test; import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.extension.ExtendWith; import org.junit.jupiter.api.extension.ExtendWith;
import org.keycloak.admin.client.Keycloak; import org.keycloak.admin.client.Keycloak;
import org.keycloak.admin.client.resource.*; import org.keycloak.admin.client.resource.*;
import org.keycloak.representations.idm.RoleRepresentation; import org.keycloak.representations.idm.RoleRepresentation;
import org.keycloak.representations.idm.UserRepresentation; import org.keycloak.representations.idm.UserRepresentation;
import org.mockito.InjectMocks; import org.mockito.InjectMocks;
import org.mockito.Mock; import org.mockito.Mock;
import org.mockito.junit.jupiter.MockitoExtension; import org.mockito.junit.jupiter.MockitoExtension;
import java.util.Collections; import java.util.Collections;
import java.util.Optional; import java.util.Optional;
import static org.junit.jupiter.api.Assertions.*; import static org.junit.jupiter.api.Assertions.*;
import static org.mockito.ArgumentMatchers.any; import static org.mockito.ArgumentMatchers.any;
import static org.mockito.ArgumentMatchers.anyString; import static org.mockito.ArgumentMatchers.anyString;
import static org.mockito.Mockito.*; import static org.mockito.Mockito.*;
@ExtendWith(MockitoExtension.class) @ExtendWith(MockitoExtension.class)
class RoleServiceImplTest { class RoleServiceImplTest {
@Mock @Mock
KeycloakAdminClient keycloakAdminClient; KeycloakAdminClient keycloakAdminClient;
@Mock @Mock
Keycloak keycloakInstance; Keycloak keycloakInstance;
@Mock @Mock
RealmResource realmResource; RealmResource realmResource;
@Mock @Mock
RolesResource rolesResource; RolesResource rolesResource;
@Mock @Mock
RoleResource roleResource; RoleResource roleResource;
@Mock @Mock
UsersResource usersResource; UsersResource usersResource;
@Mock @Mock
UserResource userResource; UserResource userResource;
@Mock @Mock
RoleMappingResource roleMappingResource; RoleMappingResource roleMappingResource;
@Mock @Mock
RoleScopeResource roleScopeResource; RoleScopeResource roleScopeResource;
@InjectMocks @InjectMocks
RoleServiceImpl roleService; RoleServiceImpl roleService;
private static final String REALM = "test-realm"; private static final String REALM = "test-realm";
@Test @Test
void testCreateRealmRole() { void testCreateRealmRole() {
when(keycloakAdminClient.getInstance()).thenReturn(keycloakInstance); when(keycloakAdminClient.getInstance()).thenReturn(keycloakInstance);
when(keycloakInstance.realm(REALM)).thenReturn(realmResource); when(keycloakInstance.realm(REALM)).thenReturn(realmResource);
when(realmResource.roles()).thenReturn(rolesResource); when(realmResource.roles()).thenReturn(rolesResource);
// Check not found initially, then return created role // Check not found initially, then return created role
RoleRepresentation createdRep = new RoleRepresentation(); RoleRepresentation createdRep = new RoleRepresentation();
createdRep.setName("role"); createdRep.setName("role");
createdRep.setId("1"); createdRep.setId("1");
when(rolesResource.get("role")).thenReturn(roleResource); when(rolesResource.get("role")).thenReturn(roleResource);
when(roleResource.toRepresentation()).thenThrow(new jakarta.ws.rs.NotFoundException()) when(roleResource.toRepresentation()).thenThrow(new jakarta.ws.rs.NotFoundException())
.thenReturn(createdRep); .thenReturn(createdRep);
// Mock create // Mock create
doNothing().when(rolesResource).create(any(RoleRepresentation.class)); doNothing().when(rolesResource).create(any(RoleRepresentation.class));
RoleDTO input = RoleDTO.builder().name("role").description("desc").build(); RoleDTO input = RoleDTO.builder().name("role").description("desc").build();
RoleDTO result = roleService.createRealmRole(input, REALM); RoleDTO result = roleService.createRealmRole(input, REALM);
assertNotNull(result); assertNotNull(result);
assertEquals("role", result.getName()); assertEquals("role", result.getName());
} }
@Test @Test
void testDeleteRole() { void testDeleteRole() {
when(keycloakAdminClient.getInstance()).thenReturn(keycloakInstance); when(keycloakAdminClient.getInstance()).thenReturn(keycloakInstance);
when(keycloakInstance.realm(REALM)).thenReturn(realmResource); when(keycloakInstance.realm(REALM)).thenReturn(realmResource);
when(realmResource.roles()).thenReturn(rolesResource); when(realmResource.roles()).thenReturn(rolesResource);
// find by id logic uses list() // find by id logic uses list()
RoleRepresentation rep = new RoleRepresentation(); RoleRepresentation rep = new RoleRepresentation();
rep.setId("1"); rep.setId("1");
rep.setName("role"); rep.setName("role");
when(rolesResource.list()).thenReturn(Collections.singletonList(rep)); when(rolesResource.list()).thenReturn(Collections.singletonList(rep));
roleService.deleteRole("1", REALM, TypeRole.REALM_ROLE, null); roleService.deleteRole("1", REALM, TypeRole.REALM_ROLE, null);
verify(rolesResource).deleteRole("role"); verify(rolesResource).deleteRole("role");
} }
@Test @Test
void testAssignRolesToUser() { void testAssignRolesToUser() {
when(keycloakAdminClient.getInstance()).thenReturn(keycloakInstance); when(keycloakAdminClient.getInstance()).thenReturn(keycloakInstance);
when(keycloakInstance.realm(REALM)).thenReturn(realmResource); when(keycloakInstance.realm(REALM)).thenReturn(realmResource);
when(realmResource.roles()).thenReturn(rolesResource); when(realmResource.roles()).thenReturn(rolesResource);
when(realmResource.users()).thenReturn(usersResource); when(realmResource.users()).thenReturn(usersResource);
when(usersResource.get("u1")).thenReturn(userResource); when(usersResource.get("u1")).thenReturn(userResource);
when(userResource.roles()).thenReturn(roleMappingResource); when(userResource.roles()).thenReturn(roleMappingResource);
when(roleMappingResource.realmLevel()).thenReturn(roleScopeResource); when(roleMappingResource.realmLevel()).thenReturn(roleScopeResource);
RoleRepresentation roleRep = new RoleRepresentation(); RoleRepresentation roleRep = new RoleRepresentation();
roleRep.setName("role1"); roleRep.setName("role1");
when(rolesResource.get("role1")).thenReturn(roleResource); when(rolesResource.get("role1")).thenReturn(roleResource);
when(roleResource.toRepresentation()).thenReturn(roleRep); when(roleResource.toRepresentation()).thenReturn(roleRep);
RoleAssignmentDTO assignment = RoleAssignmentDTO.builder() RoleAssignmentDTO assignment = RoleAssignmentDTO.builder()
.userId("u1") .userId("u1")
.realmName(REALM) .realmName(REALM)
.typeRole(TypeRole.REALM_ROLE) .typeRole(TypeRole.REALM_ROLE)
.roleNames(Collections.singletonList("role1")) .roleNames(Collections.singletonList("role1"))
.build(); .build();
roleService.assignRolesToUser(assignment); roleService.assignRolesToUser(assignment);
verify(roleScopeResource).add(anyList()); verify(roleScopeResource).add(anyList());
} }
} }

265
src/test/java/dev/lions/user/manager/service/impl/SyncServiceImplAdditionalTest.java Normal file
View File

@@ -0,0 +1,265 @@
package dev.lions.user.manager.service.impl;
import com.sun.net.httpserver.HttpServer;
import dev.lions.user.manager.client.KeycloakAdminClient;
import dev.lions.user.manager.server.impl.entity.SyncHistoryEntity;
import dev.lions.user.manager.server.impl.repository.SyncHistoryRepository;
import dev.lions.user.manager.server.impl.repository.SyncedRoleRepository;
import dev.lions.user.manager.server.impl.repository.SyncedUserRepository;
import org.junit.jupiter.api.AfterEach;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.extension.ExtendWith;
import org.keycloak.admin.client.Keycloak;
import org.keycloak.admin.client.resource.*;
import org.keycloak.admin.client.token.TokenManager;
import org.keycloak.representations.idm.RoleRepresentation;
import org.keycloak.representations.idm.UserRepresentation;
import org.mockito.InjectMocks;
import org.mockito.Mock;
import org.mockito.junit.jupiter.MockitoExtension;
import org.mockito.junit.jupiter.MockitoSettings;
import org.mockito.quality.Strictness;
import java.lang.reflect.Field;
import java.net.InetSocketAddress;
import java.nio.charset.StandardCharsets;
import java.util.Collections;
import java.util.List;
import java.util.Map;
import static org.junit.jupiter.api.Assertions.*;
import static org.mockito.ArgumentMatchers.*;
import static org.mockito.Mockito.*;
/**
* Tests supplémentaires pour SyncServiceImpl — branches non couvertes.
*/
@ExtendWith(MockitoExtension.class)
@MockitoSettings(strictness = Strictness.LENIENT)
class SyncServiceImplAdditionalTest {
@Mock
KeycloakAdminClient keycloakAdminClient;
@Mock
Keycloak keycloakInstance;
@Mock
TokenManager mockTokenManager;
@Mock
RealmResource realmResource;
@Mock
UsersResource usersResource;
@Mock
RolesResource rolesResource;
@Mock
SyncHistoryRepository syncHistoryRepository;
@Mock
SyncedUserRepository syncedUserRepository;
@Mock
SyncedRoleRepository syncedRoleRepository;
@InjectMocks
SyncServiceImpl syncService;
private HttpServer localServer;
@AfterEach
void tearDown() {
if (localServer != null) {
localServer.stop(0);
localServer = null;
}
}
private void setField(String name, Object value) throws Exception {
Field field = SyncServiceImpl.class.getDeclaredField(name);
field.setAccessible(true);
field.set(syncService, value);
}
private int startLocalServer(String path, String body, int status) throws Exception {
localServer = HttpServer.create(new InetSocketAddress(0), 0);
localServer.createContext(path, exchange -> {
byte[] bytes = body.getBytes(StandardCharsets.UTF_8);
exchange.sendResponseHeaders(status, bytes.length);
exchange.getResponseBody().write(bytes);
exchange.getResponseBody().close();
});
localServer.start();
return localServer.getAddress().getPort();
}
// ==================== syncUsersFromRealm with createdTimestamp ====================
@Test
void testSyncUsersFromRealm_WithCreatedTimestamp() {
when(keycloakInstance.realm("realm")).thenReturn(realmResource);
when(realmResource.users()).thenReturn(usersResource);
UserRepresentation user = new UserRepresentation();
user.setId("user-1");
user.setUsername("john");
user.setCreatedTimestamp(System.currentTimeMillis()); // NOT null → covers the if-branch
when(usersResource.list()).thenReturn(List.of(user));
int count = syncService.syncUsersFromRealm("realm");
assertEquals(1, count);
verify(syncedUserRepository).replaceForRealm(eq("realm"), anyList());
}
@Test
void testSyncRolesFromRealm_WithSnapshots() {
when(keycloakInstance.realm("realm")).thenReturn(realmResource);
when(realmResource.roles()).thenReturn(rolesResource);
RoleRepresentation role = new RoleRepresentation();
role.setName("admin");
role.setDescription("Admin role");
when(rolesResource.list()).thenReturn(List.of(role));
int count = syncService.syncRolesFromRealm("realm");
assertEquals(1, count);
verify(syncedRoleRepository).replaceForRealm(eq("realm"), anyList());
}
// ==================== syncAllRealms with null/blank realm ====================
@Test
void testSyncAllRealms_WithBlankRealmName() {
when(keycloakAdminClient.getAllRealms()).thenReturn(List.of("", " ", "valid-realm"));
when(keycloakInstance.realm("valid-realm")).thenReturn(realmResource);
when(realmResource.users()).thenReturn(usersResource);
when(usersResource.list()).thenReturn(Collections.emptyList());
when(realmResource.roles()).thenReturn(rolesResource);
when(rolesResource.list()).thenReturn(Collections.emptyList());
Map<String, Integer> result = syncService.syncAllRealms();
// Only valid-realm should be in the result
assertFalse(result.containsKey(""));
assertFalse(result.containsKey(" "));
assertTrue(result.containsKey("valid-realm"));
}
// ==================== recordSyncHistory exception path ====================
@Test
void testRecordSyncHistory_PersistException() {
when(keycloakInstance.realm("realm")).thenReturn(realmResource);
when(realmResource.users()).thenReturn(usersResource);
when(usersResource.list()).thenReturn(Collections.emptyList());
doThrow(new RuntimeException("DB error")).when(syncHistoryRepository).persist(any(SyncHistoryEntity.class));
// Should not throw — the exception in recordSyncHistory is caught
assertDoesNotThrow(() -> syncService.syncUsersFromRealm("realm"));
}
// ==================== getLastSyncStatus - no history ====================
@Test
void testGetLastSyncStatus_NeverSynced() {
when(syncHistoryRepository.findLatestByRealm("realm", 1)).thenReturn(Collections.emptyList());
Map<String, Object> status = syncService.getLastSyncStatus("realm");
assertEquals("NEVER_SYNCED", status.get("status"));
}
// ==================== fetchVersionViaHttp via local HTTP server ====================
@Test
void testGetKeycloakHealthInfo_HttpFallback_Success_WithVersion() throws Exception {
// getInfo() throws → fetchVersionViaHttp() is called
when(keycloakInstance.serverInfo()).thenThrow(new RuntimeException("serverInfo failed"));
when(keycloakInstance.tokenManager()).thenReturn(mockTokenManager);
when(mockTokenManager.getAccessTokenString()).thenReturn("fake-token");
// Start local server that returns a JSON body with systemInfo and version
String json = "{\"systemInfo\":{\"version\":\"26.0.0\",\"serverTime\":\"2026-03-28T12:00:00Z\"}}";
int port = startLocalServer("/admin/serverinfo", json, 200);
setField("keycloakServerUrl", "http://localhost:" + port);
Map<String, Object> health = syncService.getKeycloakHealthInfo();
assertNotNull(health);
assertEquals("UP", health.get("status"));
assertEquals("26.0.0", health.get("version"));
assertEquals("2026-03-28T12:00:00Z", health.get("serverTime"));
}
@Test
void testGetKeycloakHealthInfo_HttpFallback_Success_NoVersion() throws Exception {
when(keycloakInstance.serverInfo()).thenThrow(new RuntimeException("serverInfo failed"));
when(keycloakInstance.tokenManager()).thenReturn(mockTokenManager);
when(mockTokenManager.getAccessTokenString()).thenReturn("fake-token");
// Return JSON without systemInfo
String json = "{\"other\":\"data\"}";
int port = startLocalServer("/admin/serverinfo", json, 200);
setField("keycloakServerUrl", "http://localhost:" + port);
Map<String, Object> health = syncService.getKeycloakHealthInfo();
assertNotNull(health);
assertEquals("UP", health.get("status"));
assertTrue(health.get("version").toString().contains("UP"));
}
@Test
void testGetKeycloakHealthInfo_HttpFallback_NonOkStatus() throws Exception {
when(keycloakInstance.serverInfo()).thenThrow(new RuntimeException("serverInfo failed"));
when(keycloakInstance.tokenManager()).thenReturn(mockTokenManager);
when(mockTokenManager.getAccessTokenString()).thenReturn("fake-token");
int port = startLocalServer("/admin/serverinfo", "Forbidden", 403);
setField("keycloakServerUrl", "http://localhost:" + port);
Map<String, Object> health = syncService.getKeycloakHealthInfo();
assertNotNull(health);
assertEquals("UP", health.get("status")); // non-200 still returns UP per implementation
}
@Test
void testGetKeycloakHealthInfo_HttpFallback_Exception() throws Exception {
when(keycloakInstance.serverInfo()).thenThrow(new RuntimeException("serverInfo failed"));
when(keycloakInstance.tokenManager()).thenReturn(mockTokenManager);
when(mockTokenManager.getAccessTokenString()).thenReturn("fake-token");
// Point to a port where nothing is listening → connection refused
setField("keycloakServerUrl", "http://localhost:1"); // port 1 should fail
Map<String, Object> health = syncService.getKeycloakHealthInfo();
assertNotNull(health);
assertEquals("DOWN", health.get("status"));
}
// ==================== getLastSyncStatus - itemsProcessed null ====================
@Test
void testGetLastSyncStatus_WithHistory() {
SyncHistoryEntity entity = new SyncHistoryEntity();
entity.setStatus("SUCCESS");
entity.setSyncType("USER");
entity.setItemsProcessed(5);
entity.setSyncDate(java.time.LocalDateTime.now());
when(syncHistoryRepository.findLatestByRealm("realm", 1)).thenReturn(List.of(entity));
Map<String, Object> status = syncService.getLastSyncStatus("realm");
assertEquals("SUCCESS", status.get("status"));
assertEquals("USER", status.get("type"));
assertEquals(5, status.get("itemsProcessed"));
}
}

136
src/test/java/dev/lions/user/manager/service/impl/SyncServiceImplMissingCoverageTest.java Normal file
View File

@@ -0,0 +1,136 @@
package dev.lions.user.manager.service.impl;
import dev.lions.user.manager.client.KeycloakAdminClient;
import dev.lions.user.manager.server.impl.entity.SyncHistoryEntity;
import dev.lions.user.manager.server.impl.repository.SyncHistoryRepository;
import dev.lions.user.manager.server.impl.repository.SyncedRoleRepository;
import dev.lions.user.manager.server.impl.repository.SyncedUserRepository;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.extension.ExtendWith;
import org.keycloak.admin.client.Keycloak;
import org.keycloak.admin.client.resource.RealmResource;
import org.keycloak.admin.client.resource.RolesResource;
import org.keycloak.admin.client.resource.UsersResource;
import org.keycloak.representations.idm.RoleRepresentation;
import org.keycloak.representations.idm.UserRepresentation;
import org.mockito.InjectMocks;
import org.mockito.Mock;
import org.mockito.junit.jupiter.MockitoExtension;
import org.mockito.junit.jupiter.MockitoSettings;
import org.mockito.quality.Strictness;
import java.util.Collections;
import java.util.List;
import java.util.Map;
import static org.junit.jupiter.api.Assertions.*;
import static org.mockito.ArgumentMatchers.*;
import static org.mockito.Mockito.*;
/**
* Tests pour les lignes SyncServiceImpl non couvertes.
*
* L183-184 : syncAllRealms — catch externe quand getAllRealms() throw
* L253-256 : checkDataConsistency — catch quand keycloak.realm().users().list() throw
* L267-275 : forceSyncRealm — les deux branches (succès et erreur)
*/
@ExtendWith(MockitoExtension.class)
@MockitoSettings(strictness = Strictness.LENIENT)
class SyncServiceImplMissingCoverageTest {
@Mock
KeycloakAdminClient keycloakAdminClient;
@Mock
Keycloak keycloak;
@Mock
RealmResource realmResource;
@Mock
UsersResource usersResource;
@Mock
RolesResource rolesResource;
@Mock
SyncHistoryRepository syncHistoryRepository;
@Mock
SyncedUserRepository syncedUserRepository;
@Mock
SyncedRoleRepository syncedRoleRepository;
@InjectMocks
SyncServiceImpl syncService;
// =========================================================================
// L183-184 : syncAllRealms — catch externe quand getAllRealms() throw
// =========================================================================
@Test
void testSyncAllRealms_GetAllRealmThrows_ReturnsEmptyMap() {
when(keycloakAdminClient.getAllRealms()).thenThrow(new RuntimeException("Keycloak unavailable"));
Map<String, Integer> result = syncService.syncAllRealms();
assertNotNull(result);
// En cas d'erreur globale, retourne map vide
assertTrue(result.isEmpty());
}
// =========================================================================
// L253-256 : checkDataConsistency — catch quand keycloak.realm().users().list() throw
// =========================================================================
@Test
void testCheckDataConsistency_Exception_ReturnsErrorReport() {
when(keycloak.realm("my-realm")).thenReturn(realmResource);
when(realmResource.users()).thenReturn(usersResource);
when(usersResource.list()).thenThrow(new RuntimeException("DB error"));
Map<String, Object> report = syncService.checkDataConsistency("my-realm");
assertNotNull(report);
assertEquals("ERROR", report.get("status"));
assertNotNull(report.get("error"));
}
// =========================================================================
// L267-275 : forceSyncRealm — branche succès
// =========================================================================
@Test
void testForceSyncRealm_Success() {
when(keycloak.realm("sync-realm")).thenReturn(realmResource);
when(realmResource.users()).thenReturn(usersResource);
when(realmResource.roles()).thenReturn(rolesResource);
when(usersResource.list()).thenReturn(Collections.emptyList());
when(rolesResource.list()).thenReturn(Collections.emptyList());
Map<String, Object> result = syncService.forceSyncRealm("sync-realm");
assertNotNull(result);
assertEquals("SUCCESS", result.get("status"));
assertEquals(0, result.get("usersSynced"));
assertEquals(0, result.get("rolesSynced"));
}
// =========================================================================
// L267-275 : forceSyncRealm — branche erreur (FAILURE)
// =========================================================================
@Test
void testForceSyncRealm_Failure() {
when(keycloak.realm("error-realm")).thenReturn(realmResource);
when(realmResource.users()).thenReturn(usersResource);
when(usersResource.list()).thenThrow(new RuntimeException("Sync error"));
Map<String, Object> result = syncService.forceSyncRealm("error-realm");
assertNotNull(result);
assertEquals("FAILURE", result.get("status"));
assertNotNull(result.get("error"));
}
}

494
src/test/java/dev/lions/user/manager/service/impl/SyncServiceImplTest.java
View File

@@ -1,250 +1,244 @@
package dev.lions.user.manager.service.impl; package dev.lions.user.manager.service.impl;
import dev.lions.user.manager.client.KeycloakAdminClient; import dev.lions.user.manager.client.KeycloakAdminClient;
import org.junit.jupiter.api.Test; import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.extension.ExtendWith; import org.junit.jupiter.api.extension.ExtendWith;
import org.keycloak.admin.client.Keycloak; import org.keycloak.admin.client.Keycloak;
import org.keycloak.admin.client.resource.*; import org.keycloak.admin.client.resource.*;
import org.keycloak.representations.idm.RealmRepresentation; import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.representations.idm.RoleRepresentation; import org.keycloak.representations.idm.RoleRepresentation;
import org.keycloak.representations.idm.UserRepresentation; import org.keycloak.representations.idm.UserRepresentation;
import org.keycloak.representations.info.ServerInfoRepresentation; import org.keycloak.representations.info.ServerInfoRepresentation;
import org.keycloak.representations.info.SystemInfoRepresentation; // Correct import import org.keycloak.representations.info.SystemInfoRepresentation; // Correct import
import org.mockito.InjectMocks; import org.mockito.InjectMocks;
import org.mockito.Mock; import org.mockito.Mock;
import org.mockito.junit.jupiter.MockitoExtension; import org.mockito.junit.jupiter.MockitoExtension;
import java.util.Collections; import java.util.Collections;
import java.util.List; import java.util.List;
import java.util.Map; import java.util.Map;
import static org.junit.jupiter.api.Assertions.*; import static org.junit.jupiter.api.Assertions.*;
import static org.mockito.Mockito.*; import static org.mockito.ArgumentMatchers.*;
import static org.mockito.Mockito.*;
import org.mockito.quality.Strictness;
import org.mockito.junit.jupiter.MockitoSettings; import org.mockito.quality.Strictness;
import org.mockito.junit.jupiter.MockitoSettings;
@ExtendWith(MockitoExtension.class)
@MockitoSettings(strictness = Strictness.LENIENT) @ExtendWith(MockitoExtension.class)
class SyncServiceImplTest { @MockitoSettings(strictness = Strictness.LENIENT)
class SyncServiceImplTest {
@Mock
KeycloakAdminClient keycloakAdminClient; @Mock
KeycloakAdminClient keycloakAdminClient;
@Mock
Keycloak keycloakInstance; @Mock
Keycloak keycloakInstance;
@Mock
RealmsResource realmsResource; @Mock
RealmsResource realmsResource;
@Mock
RealmResource realmResource; @Mock
RealmResource realmResource;
@Mock
UsersResource usersResource; @Mock
UsersResource usersResource;
@Mock
RolesResource rolesResource; @Mock
RolesResource rolesResource;
@Mock
ServerInfoResource serverInfoResource; @Mock
ServerInfoResource serverInfoResource;
@Mock
dev.lions.user.manager.server.impl.repository.SyncHistoryRepository syncHistoryRepository; @Mock
dev.lions.user.manager.server.impl.repository.SyncHistoryRepository syncHistoryRepository;
@Mock
dev.lions.user.manager.server.impl.repository.SyncedUserRepository syncedUserRepository; @Mock
dev.lions.user.manager.server.impl.repository.SyncedUserRepository syncedUserRepository;
@Mock
dev.lions.user.manager.server.impl.repository.SyncedRoleRepository syncedRoleRepository; @Mock
dev.lions.user.manager.server.impl.repository.SyncedRoleRepository syncedRoleRepository;
@InjectMocks
SyncServiceImpl syncService; @InjectMocks
SyncServiceImpl syncService;
// Correcting inner class usage if needed, but assuming standard Keycloak
// representations // Correcting inner class usage if needed, but assuming standard Keycloak
// ServerInfoRepresentation contains SystemInfoRepresentation // representations
// ServerInfoRepresentation contains SystemInfoRepresentation
@Test
void testSyncUsersFromRealm() { @Test
when(keycloakAdminClient.getInstance()).thenReturn(keycloakInstance); void testSyncUsersFromRealm() {
when(keycloakInstance.realm("realm")).thenReturn(realmResource); when(keycloakAdminClient.getInstance()).thenReturn(keycloakInstance);
when(realmResource.users()).thenReturn(usersResource); when(keycloakInstance.realm("realm")).thenReturn(realmResource);
when(usersResource.list()).thenReturn(Collections.singletonList(new UserRepresentation())); when(realmResource.users()).thenReturn(usersResource);
when(usersResource.list()).thenReturn(Collections.singletonList(new UserRepresentation()));
int count = syncService.syncUsersFromRealm("realm");
assertEquals(1, count); int count = syncService.syncUsersFromRealm("realm");
} assertEquals(1, count);
}
@Test
void testSyncRolesFromRealm() { @Test
when(keycloakAdminClient.getInstance()).thenReturn(keycloakInstance); void testSyncRolesFromRealm() {
when(keycloakInstance.realm("realm")).thenReturn(realmResource); when(keycloakAdminClient.getInstance()).thenReturn(keycloakInstance);
when(realmResource.roles()).thenReturn(rolesResource); when(keycloakInstance.realm("realm")).thenReturn(realmResource);
when(rolesResource.list()).thenReturn(Collections.singletonList(new RoleRepresentation())); when(realmResource.roles()).thenReturn(rolesResource);
when(rolesResource.list()).thenReturn(Collections.singletonList(new RoleRepresentation()));
int count = syncService.syncRolesFromRealm("realm");
assertEquals(1, count); int count = syncService.syncRolesFromRealm("realm");
} assertEquals(1, count);
}
@Test
void testSyncAllRealms() { @Test
when(keycloakAdminClient.getInstance()).thenReturn(keycloakInstance); void testSyncAllRealms() {
when(keycloakInstance.realms()).thenReturn(realmsResource); when(keycloakAdminClient.getAllRealms()).thenReturn(Collections.singletonList("realm1"));
RealmRepresentation realmRep = new RealmRepresentation(); when(keycloakInstance.realm("realm1")).thenReturn(realmResource);
realmRep.setRealm("realm1"); when(realmResource.users()).thenReturn(usersResource);
when(realmsResource.findAll()).thenReturn(Collections.singletonList(realmRep)); when(usersResource.list()).thenReturn(Collections.emptyList());
when(realmResource.roles()).thenReturn(rolesResource);
// Sync logic calls realm() again when(rolesResource.list()).thenReturn(Collections.emptyList());
when(keycloakInstance.realm("realm1")).thenReturn(realmResource);
when(realmResource.users()).thenReturn(usersResource); Map<String, Integer> result = syncService.syncAllRealms();
when(usersResource.list()).thenReturn(Collections.emptyList()); assertTrue(result.containsKey("realm1"));
when(realmResource.roles()).thenReturn(rolesResource); assertEquals(0, result.get("realm1"));
when(rolesResource.list()).thenReturn(Collections.emptyList()); }
Map<String, Integer> result = syncService.syncAllRealms(); @Test
assertTrue(result.containsKey("realm1")); void testIsKeycloakAvailable() {
assertEquals(0, result.get("realm1")); when(keycloakAdminClient.getInstance()).thenReturn(keycloakInstance);
} when(keycloakInstance.serverInfo()).thenReturn(serverInfoResource);
when(serverInfoResource.getInfo()).thenReturn(new ServerInfoRepresentation());
@Test
void testIsKeycloakAvailable() { assertTrue(syncService.isKeycloakAvailable());
when(keycloakAdminClient.getInstance()).thenReturn(keycloakInstance); }
when(keycloakInstance.serverInfo()).thenReturn(serverInfoResource);
when(serverInfoResource.getInfo()).thenReturn(new ServerInfoRepresentation()); @Test
void testGetKeycloakHealthInfo() {
assertTrue(syncService.isKeycloakAvailable()); when(keycloakAdminClient.getInstance()).thenReturn(keycloakInstance);
} when(keycloakInstance.serverInfo()).thenReturn(serverInfoResource);
@Test ServerInfoRepresentation info = new ServerInfoRepresentation();
void testGetKeycloakHealthInfo() { SystemInfoRepresentation systemInfo = new SystemInfoRepresentation();
when(keycloakAdminClient.getInstance()).thenReturn(keycloakInstance); systemInfo.setVersion("1.0");
when(keycloakInstance.serverInfo()).thenReturn(serverInfoResource); info.setSystemInfo(systemInfo);
ServerInfoRepresentation info = new ServerInfoRepresentation(); when(serverInfoResource.getInfo()).thenReturn(info);
SystemInfoRepresentation systemInfo = new SystemInfoRepresentation();
systemInfo.setVersion("1.0"); Map<String, Object> health = syncService.getKeycloakHealthInfo();
info.setSystemInfo(systemInfo); assertEquals("UP", health.get("status"));
assertEquals("1.0", health.get("version"));
when(serverInfoResource.getInfo()).thenReturn(info); }
Map<String, Object> health = syncService.getKeycloakHealthInfo(); @Test
assertTrue((Boolean) health.get("overallHealthy")); void testSyncUsersFromRealm_Exception() {
assertEquals("1.0", health.get("keycloakVersion")); when(keycloakAdminClient.getInstance()).thenReturn(keycloakInstance);
} when(keycloakInstance.realm("realm")).thenReturn(realmResource);
when(realmResource.users()).thenReturn(usersResource);
@Test when(usersResource.list()).thenThrow(new RuntimeException("Connection error"));
void testSyncUsersFromRealm_Exception() {
when(keycloakAdminClient.getInstance()).thenReturn(keycloakInstance); assertThrows(RuntimeException.class, () -> syncService.syncUsersFromRealm("realm"));
when(keycloakInstance.realm("realm")).thenReturn(realmResource); }
when(realmResource.users()).thenReturn(usersResource);
when(usersResource.list()).thenThrow(new RuntimeException("Connection error")); @Test
void testSyncRolesFromRealm_Exception() {
assertThrows(RuntimeException.class, () -> syncService.syncUsersFromRealm("realm")); when(keycloakAdminClient.getInstance()).thenReturn(keycloakInstance);
} when(keycloakInstance.realm("realm")).thenReturn(realmResource);
when(realmResource.roles()).thenReturn(rolesResource);
@Test when(rolesResource.list()).thenThrow(new RuntimeException("Connection error"));
void testSyncRolesFromRealm_Exception() {
when(keycloakAdminClient.getInstance()).thenReturn(keycloakInstance); assertThrows(RuntimeException.class, () -> syncService.syncRolesFromRealm("realm"));
when(keycloakInstance.realm("realm")).thenReturn(realmResource); }
when(realmResource.roles()).thenReturn(rolesResource);
when(rolesResource.list()).thenThrow(new RuntimeException("Connection error")); @Test
void testSyncAllRealms_WithException() {
assertThrows(RuntimeException.class, () -> syncService.syncRolesFromRealm("realm")); when(keycloakAdminClient.getAllRealms()).thenReturn(Collections.singletonList("realm1"));
}
when(keycloakInstance.realm("realm1")).thenReturn(realmResource);
@Test when(realmResource.users()).thenReturn(usersResource);
void testSyncAllRealms_WithException() { when(usersResource.list()).thenThrow(new RuntimeException("Sync error"));
when(keycloakAdminClient.getInstance()).thenReturn(keycloakInstance);
when(keycloakInstance.realms()).thenReturn(realmsResource); Map<String, Integer> result = syncService.syncAllRealms();
assertTrue(result.containsKey("realm1"));
RealmRepresentation realmRep = new RealmRepresentation(); assertEquals(0, result.get("realm1")); // Should be 0 on error
realmRep.setRealm("realm1"); }
when(realmsResource.findAll()).thenReturn(Collections.singletonList(realmRep));
@Test
// Mock exception during sync void testSyncAllRealms_ExceptionInFindAll() {
when(keycloakInstance.realm("realm1")).thenReturn(realmResource); when(keycloakAdminClient.getInstance()).thenReturn(keycloakInstance);
when(realmResource.users()).thenReturn(usersResource); when(keycloakInstance.realms()).thenReturn(realmsResource);
when(usersResource.list()).thenThrow(new RuntimeException("Sync error")); when(realmsResource.findAll()).thenThrow(new RuntimeException("Connection error"));
Map<String, Integer> result = syncService.syncAllRealms(); Map<String, Integer> result = syncService.syncAllRealms();
assertTrue(result.containsKey("realm1")); assertTrue(result.isEmpty());
assertEquals(0, result.get("realm1")); // Should be 0 on error }
}
// Note: checkDataConsistency doesn't actually throw exceptions in the current
@Test // implementation
void testSyncAllRealms_ExceptionInFindAll() { // The try-catch block is there for future use, but currently always succeeds
when(keycloakAdminClient.getInstance()).thenReturn(keycloakInstance); // So we test the success path in testCheckDataConsistency_Success
when(keycloakInstance.realms()).thenReturn(realmsResource);
when(realmsResource.findAll()).thenThrow(new RuntimeException("Connection error")); @Test
void testForceSyncRealm_Exception() {
Map<String, Integer> result = syncService.syncAllRealms(); when(keycloakAdminClient.getInstance()).thenReturn(keycloakInstance);
assertTrue(result.isEmpty()); when(keycloakInstance.realm("realm")).thenReturn(realmResource);
} when(realmResource.users()).thenReturn(usersResource);
when(usersResource.list()).thenThrow(new RuntimeException("Sync error"));
// Note: checkDataConsistency doesn't actually throw exceptions in the current
// implementation Map<String, Object> stats = syncService.forceSyncRealm("realm");
// The try-catch block is there for future use, but currently always succeeds assertEquals("FAILURE", stats.get("status"));
// So we test the success path in testCheckDataConsistency_Success assertNotNull(stats.get("error"));
}
@Test
void testForceSyncRealm_Exception() { @Test
when(keycloakAdminClient.getInstance()).thenReturn(keycloakInstance); void testIsKeycloakAvailable_Exception() {
when(keycloakInstance.realm("realm")).thenReturn(realmResource); when(keycloakAdminClient.getAllRealms()).thenThrow(new RuntimeException("Connection refused"));
when(realmResource.users()).thenReturn(usersResource);
when(usersResource.list()).thenThrow(new RuntimeException("Sync error")); assertFalse(syncService.isKeycloakAvailable());
}
Map<String, Object> stats = syncService.forceSyncRealm("realm");
assertFalse((Boolean) stats.get("success")); @Test
assertNotNull(stats.get("error")); void testGetKeycloakHealthInfo_Exception() {
assertNotNull(stats.get("durationMs")); when(keycloakAdminClient.getInstance()).thenReturn(keycloakInstance);
} when(keycloakInstance.serverInfo()).thenReturn(serverInfoResource);
when(serverInfoResource.getInfo()).thenThrow(new RuntimeException("Connection error"));
@Test
void testIsKeycloakAvailable_Exception() { Map<String, Object> health = syncService.getKeycloakHealthInfo();
when(keycloakAdminClient.getInstance()).thenReturn(keycloakInstance); assertNotNull(health);
when(keycloakInstance.serverInfo()).thenReturn(serverInfoResource); // Either status=DOWN (HTTP fallback also fails) or status=UP (HTTP fallback succeeds)
when(serverInfoResource.getInfo()).thenThrow(new RuntimeException("Connection refused")); assertNotNull(health.get("status"));
}
assertFalse(syncService.isKeycloakAvailable());
} @Test
void testCheckDataConsistency_Success() {
@Test when(keycloakAdminClient.getInstance()).thenReturn(keycloakInstance);
void testGetKeycloakHealthInfo_Exception() { when(keycloakInstance.realm("realm")).thenReturn(realmResource);
when(keycloakAdminClient.getInstance()).thenReturn(keycloakInstance); when(realmResource.users()).thenReturn(usersResource);
when(keycloakInstance.serverInfo()).thenReturn(serverInfoResource); when(usersResource.list()).thenReturn(Collections.emptyList());
when(serverInfoResource.getInfo()).thenThrow(new RuntimeException("Connection error")); when(realmResource.roles()).thenReturn(rolesResource);
when(rolesResource.list()).thenReturn(Collections.emptyList());
Map<String, Object> health = syncService.getKeycloakHealthInfo();
assertFalse((Boolean) health.get("overallHealthy")); when(syncedUserRepository.list(anyString(), anyString())).thenReturn(Collections.emptyList());
assertFalse((Boolean) health.get("keycloakAccessible")); when(syncedRoleRepository.list(anyString(), anyString())).thenReturn(Collections.emptyList());
assertNotNull(health.get("errorMessage"));
} Map<String, Object> report = syncService.checkDataConsistency("realm");
@Test assertEquals("realm", report.get("realmName"));
void testCheckDataConsistency_Success() { assertEquals("OK", report.get("status"));
when(keycloakAdminClient.getInstance()).thenReturn(keycloakInstance); }
when(keycloakInstance.realm("realm")).thenReturn(realmResource);
when(realmResource.users()).thenReturn(usersResource); @Test
when(usersResource.list()).thenReturn(Collections.emptyList()); void testGetLastSyncStatus() {
when(realmResource.roles()).thenReturn(rolesResource); dev.lions.user.manager.server.impl.entity.SyncHistoryEntity entity =
when(rolesResource.list()).thenReturn(Collections.emptyList()); new dev.lions.user.manager.server.impl.entity.SyncHistoryEntity();
entity.setStatus("completed");
when(syncedUserRepository.list(anyString(), anyString())).thenReturn(Collections.emptyList()); entity.setSyncType("USER");
when(syncedRoleRepository.list(anyString(), anyString())).thenReturn(Collections.emptyList()); entity.setItemsProcessed(5);
entity.setSyncDate(java.time.LocalDateTime.now());
Map<String, Object> report = syncService.checkDataConsistency("realm"); when(syncHistoryRepository.findLatestByRealm(eq("realm"), eq(1)))
.thenReturn(Collections.singletonList(entity));
assertEquals("realm", report.get("realmName"));
assertEquals("OK", report.get("status")); Map<String, Object> status = syncService.getLastSyncStatus("realm");
} assertEquals("completed", status.get("status"));
assertNotNull(status.get("lastSyncDate"));
@Test }
void testGetLastSyncStatus() { }
Map<String, Object> status = syncService.getLastSyncStatus("realm");
assertEquals("realm", status.get("realmName"));
assertEquals("completed", status.get("status"));
assertNotNull(status.get("lastSyncTime"));
}
}

822
src/test/java/dev/lions/user/manager/service/impl/UserServiceImplCompleteTest.java
View File

@@ -1,20 +1,31 @@
package dev.lions.user.manager.service.impl; package dev.lions.user.manager.service.impl;
import dev.lions.user.manager.client.KeycloakAdminClient; import dev.lions.user.manager.client.KeycloakAdminClient;
import dev.lions.user.manager.dto.importexport.ImportResultDTO;
import dev.lions.user.manager.dto.user.UserDTO; import dev.lions.user.manager.dto.user.UserDTO;
import dev.lions.user.manager.dto.user.UserSearchCriteriaDTO; import dev.lions.user.manager.dto.user.UserSearchCriteriaDTO;
import dev.lions.user.manager.enums.user.StatutUser;
import org.junit.jupiter.api.BeforeEach; import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test; import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.extension.ExtendWith; import org.junit.jupiter.api.extension.ExtendWith;
import org.keycloak.admin.client.resource.RoleMappingResource;
import org.keycloak.admin.client.resource.RoleScopeResource;
import org.keycloak.admin.client.resource.UserResource; import org.keycloak.admin.client.resource.UserResource;
import org.keycloak.admin.client.resource.UsersResource; import org.keycloak.admin.client.resource.UsersResource;
import org.keycloak.representations.idm.RoleRepresentation;
import org.keycloak.representations.idm.UserRepresentation; import org.keycloak.representations.idm.UserRepresentation;
import org.mockito.InjectMocks; import org.mockito.InjectMocks;
import org.mockito.Mock; import org.mockito.Mock;
import org.mockito.junit.jupiter.MockitoExtension; import org.mockito.junit.jupiter.MockitoExtension;
import org.mockito.junit.jupiter.MockitoSettings;
import org.mockito.quality.Strictness;
import java.util.Optional;
import java.time.LocalDateTime;
import java.util.Collections; import java.util.Collections;
import java.util.List; import java.util.List;
import java.util.Map;
import static org.junit.jupiter.api.Assertions.*; import static org.junit.jupiter.api.Assertions.*;
import static org.mockito.ArgumentMatchers.*; import static org.mockito.ArgumentMatchers.*;
@@ -25,6 +36,7 @@ import static org.mockito.Mockito.*;
* Couvre les branches manquantes : filterUsers, searchUsers avec différents critères, etc. * Couvre les branches manquantes : filterUsers, searchUsers avec différents critères, etc.
*/ */
@ExtendWith(MockitoExtension.class) @ExtendWith(MockitoExtension.class)
@MockitoSettings(strictness = Strictness.LENIENT)
class UserServiceImplCompleteTest { class UserServiceImplCompleteTest {
private static final String REALM = "test-realm"; private static final String REALM = "test-realm";
@@ -311,8 +323,816 @@ class UserServiceImplCompleteTest {
.pageSize(10) .pageSize(10)
.build(); .build();
assertThrows(RuntimeException.class, () -> assertThrows(RuntimeException.class, () ->
userService.searchUsers(criteria)); userService.searchUsers(criteria));
} }
// ==================== filterUsers() branches ====================
@Test
void testFilterUsers_ByPrenom_UserHasNoFirstName() {
UserRepresentation userWithName = new UserRepresentation();
userWithName.setUsername("user1");
userWithName.setEnabled(true);
userWithName.setFirstName("Jean");
UserRepresentation userNoName = new UserRepresentation();
userNoName.setUsername("user2");
userNoName.setEnabled(true);
// firstName is null
when(usersResource.list(0, 100)).thenReturn(List.of(userWithName, userNoName));
when(usersResource.count()).thenReturn(2);
UserSearchCriteriaDTO criteria = UserSearchCriteriaDTO.builder()
.realmName(REALM)
.prenom("Jean")
.page(0)
.pageSize(100)
.build();
var result = userService.searchUsers(criteria);
assertEquals(1, result.getUsers().size());
assertEquals("user1", result.getUsers().get(0).getUsername());
}
@Test
void testFilterUsers_ByNom_UserHasNoLastName() {
UserRepresentation userWithName = new UserRepresentation();
userWithName.setUsername("user1");
userWithName.setEnabled(true);
userWithName.setLastName("Dupont");
UserRepresentation userNoName = new UserRepresentation();
userNoName.setUsername("user2");
userNoName.setEnabled(true);
// lastName is null
when(usersResource.list(0, 100)).thenReturn(List.of(userWithName, userNoName));
when(usersResource.count()).thenReturn(2);
UserSearchCriteriaDTO criteria = UserSearchCriteriaDTO.builder()
.realmName(REALM)
.nom("Dupont")
.page(0)
.pageSize(100)
.build();
var result = userService.searchUsers(criteria);
assertEquals(1, result.getUsers().size());
assertEquals("user1", result.getUsers().get(0).getUsername());
}
@Test
void testFilterUsers_ByTelephone_WithAttributes() {
UserRepresentation userWithPhone = new UserRepresentation();
userWithPhone.setUsername("user1");
userWithPhone.setEnabled(true);
userWithPhone.setAttributes(Map.of("phone_number", List.of("+33612345678")));
UserRepresentation userNoPhone = new UserRepresentation();
userNoPhone.setUsername("user2");
userNoPhone.setEnabled(true);
// No attributes
UserRepresentation userWrongPhone = new UserRepresentation();
userWrongPhone.setUsername("user3");
userWrongPhone.setEnabled(true);
userWrongPhone.setAttributes(Map.of("phone_number", List.of("+33699999999")));
when(usersResource.list(0, 100)).thenReturn(List.of(userWithPhone, userNoPhone, userWrongPhone));
when(usersResource.count()).thenReturn(3);
UserSearchCriteriaDTO criteria = UserSearchCriteriaDTO.builder()
.realmName(REALM)
.telephone("+3361234")
.page(0)
.pageSize(100)
.build();
var result = userService.searchUsers(criteria);
assertEquals(1, result.getUsers().size());
assertEquals("user1", result.getUsers().get(0).getUsername());
}
@Test
void testFilterUsers_ByTelephone_AttributesWithoutPhoneKey() {
UserRepresentation user = new UserRepresentation();
user.setUsername("user1");
user.setEnabled(true);
user.setAttributes(Map.of("other_key", List.of("value"))); // no phone_number key
when(usersResource.list(0, 100)).thenReturn(List.of(user));
when(usersResource.count()).thenReturn(1);
UserSearchCriteriaDTO criteria = UserSearchCriteriaDTO.builder()
.realmName(REALM)
.telephone("123")
.page(0)
.pageSize(100)
.build();
var result = userService.searchUsers(criteria);
assertEquals(0, result.getUsers().size()); // excluded because no phone match
}
@Test
void testFilterUsers_ByStatut_Actif() {
UserRepresentation activeUser = new UserRepresentation();
activeUser.setUsername("active");
activeUser.setEnabled(true);
UserRepresentation inactiveUser = new UserRepresentation();
inactiveUser.setUsername("inactive");
inactiveUser.setEnabled(false);
when(usersResource.list(0, 100)).thenReturn(List.of(activeUser, inactiveUser));
when(usersResource.count()).thenReturn(2);
UserSearchCriteriaDTO criteria = UserSearchCriteriaDTO.builder()
.realmName(REALM)
.statut(StatutUser.ACTIF)
.page(0)
.pageSize(100)
.build();
var result = userService.searchUsers(criteria);
assertEquals(1, result.getUsers().size());
assertEquals("active", result.getUsers().get(0).getUsername());
}
@Test
void testFilterUsers_ByStatut_Inactif() {
UserRepresentation activeUser = new UserRepresentation();
activeUser.setUsername("active");
activeUser.setEnabled(true);
UserRepresentation inactiveUser = new UserRepresentation();
inactiveUser.setUsername("inactive");
inactiveUser.setEnabled(false);
when(usersResource.list(0, 100)).thenReturn(List.of(activeUser, inactiveUser));
when(usersResource.count()).thenReturn(2);
UserSearchCriteriaDTO criteria = UserSearchCriteriaDTO.builder()
.realmName(REALM)
.statut(StatutUser.INACTIF)
.page(0)
.pageSize(100)
.build();
var result = userService.searchUsers(criteria);
assertEquals(1, result.getUsers().size());
assertEquals("inactive", result.getUsers().get(0).getUsername());
}
@Test
void testFilterUsers_ByOrganisation() {
UserRepresentation userWithOrg = new UserRepresentation();
userWithOrg.setUsername("user1");
userWithOrg.setEnabled(true);
userWithOrg.setAttributes(Map.of("organization", List.of("Lions Corp")));
UserRepresentation userNoOrg = new UserRepresentation();
userNoOrg.setUsername("user2");
userNoOrg.setEnabled(true); // no attributes
when(usersResource.list(0, 100)).thenReturn(List.of(userWithOrg, userNoOrg));
when(usersResource.count()).thenReturn(2);
UserSearchCriteriaDTO criteria = UserSearchCriteriaDTO.builder()
.realmName(REALM)
.organisation("Lions")
.page(0)
.pageSize(100)
.build();
var result = userService.searchUsers(criteria);
assertEquals(1, result.getUsers().size());
assertEquals("user1", result.getUsers().get(0).getUsername());
}
@Test
void testFilterUsers_ByDepartement() {
UserRepresentation userWithDept = new UserRepresentation();
userWithDept.setUsername("user1");
userWithDept.setEnabled(true);
userWithDept.setAttributes(Map.of("department", List.of("IT")));
UserRepresentation userNoDept = new UserRepresentation();
userNoDept.setUsername("user2");
userNoDept.setEnabled(true);
when(usersResource.list(0, 100)).thenReturn(List.of(userWithDept, userNoDept));
when(usersResource.count()).thenReturn(2);
UserSearchCriteriaDTO criteria = UserSearchCriteriaDTO.builder()
.realmName(REALM)
.departement("IT")
.page(0)
.pageSize(100)
.build();
var result = userService.searchUsers(criteria);
assertEquals(1, result.getUsers().size());
assertEquals("user1", result.getUsers().get(0).getUsername());
}
@Test
void testFilterUsers_ByFonction() {
UserRepresentation userWithJob = new UserRepresentation();
userWithJob.setUsername("user1");
userWithJob.setEnabled(true);
userWithJob.setAttributes(Map.of("job_title", List.of("Developer")));
UserRepresentation userNoJob = new UserRepresentation();
userNoJob.setUsername("user2");
userNoJob.setEnabled(true);
when(usersResource.list(0, 100)).thenReturn(List.of(userWithJob, userNoJob));
when(usersResource.count()).thenReturn(2);
UserSearchCriteriaDTO criteria = UserSearchCriteriaDTO.builder()
.realmName(REALM)
.fonction("Dev")
.page(0)
.pageSize(100)
.build();
var result = userService.searchUsers(criteria);
assertEquals(1, result.getUsers().size());
assertEquals("user1", result.getUsers().get(0).getUsername());
}
@Test
void testFilterUsers_ByPays() {
UserRepresentation userWithPays = new UserRepresentation();
userWithPays.setUsername("user1");
userWithPays.setEnabled(true);
userWithPays.setAttributes(Map.of("country", List.of("France")));
UserRepresentation userNoPays = new UserRepresentation();
userNoPays.setUsername("user2");
userNoPays.setEnabled(true);
when(usersResource.list(0, 100)).thenReturn(List.of(userWithPays, userNoPays));
when(usersResource.count()).thenReturn(2);
UserSearchCriteriaDTO criteria = UserSearchCriteriaDTO.builder()
.realmName(REALM)
.pays("France")
.page(0)
.pageSize(100)
.build();
var result = userService.searchUsers(criteria);
assertEquals(1, result.getUsers().size());
assertEquals("user1", result.getUsers().get(0).getUsername());
}
@Test
void testFilterUsers_ByVille() {
UserRepresentation userWithVille = new UserRepresentation();
userWithVille.setUsername("user1");
userWithVille.setEnabled(true);
userWithVille.setAttributes(Map.of("city", List.of("Paris")));
UserRepresentation userNoVille = new UserRepresentation();
userNoVille.setUsername("user2");
userNoVille.setEnabled(true);
when(usersResource.list(0, 100)).thenReturn(List.of(userWithVille, userNoVille));
when(usersResource.count()).thenReturn(2);
UserSearchCriteriaDTO criteria = UserSearchCriteriaDTO.builder()
.realmName(REALM)
.ville("Paris")
.page(0)
.pageSize(100)
.build();
var result = userService.searchUsers(criteria);
assertEquals(1, result.getUsers().size());
assertEquals("user1", result.getUsers().get(0).getUsername());
}
@Test
void testFilterUsers_ByDateCreationMin_WithTimestamp() {
// User created at epoch = 1000000000000ms (Sept 2001)
UserRepresentation oldUser = new UserRepresentation();
oldUser.setUsername("old");
oldUser.setEnabled(true);
oldUser.setCreatedTimestamp(1000000000000L); // Sept 2001
UserRepresentation newUser = new UserRepresentation();
newUser.setUsername("new");
newUser.setEnabled(true);
newUser.setCreatedTimestamp(System.currentTimeMillis()); // now
when(usersResource.list(0, 100)).thenReturn(List.of(oldUser, newUser));
when(usersResource.count()).thenReturn(2);
// Filter: must be created after 2020
LocalDateTime minDate = LocalDateTime.of(2020, 1, 1, 0, 0);
UserSearchCriteriaDTO criteria = UserSearchCriteriaDTO.builder()
.realmName(REALM)
.dateCreationMin(minDate)
.page(0)
.pageSize(100)
.build();
var result = userService.searchUsers(criteria);
assertEquals(1, result.getUsers().size());
assertEquals("new", result.getUsers().get(0).getUsername());
}
@Test
void testFilterUsers_ByDateCreationMax_WithTimestamp() {
// User created at epoch = 1000000000000ms (Sept 2001)
UserRepresentation oldUser = new UserRepresentation();
oldUser.setUsername("old");
oldUser.setEnabled(true);
oldUser.setCreatedTimestamp(1000000000000L); // Sept 2001
UserRepresentation newUser = new UserRepresentation();
newUser.setUsername("new");
newUser.setEnabled(true);
newUser.setCreatedTimestamp(System.currentTimeMillis()); // now
when(usersResource.list(0, 100)).thenReturn(List.of(oldUser, newUser));
when(usersResource.count()).thenReturn(2);
// Filter: must be created before 2010
LocalDateTime maxDate = LocalDateTime.of(2010, 1, 1, 0, 0);
UserSearchCriteriaDTO criteria = UserSearchCriteriaDTO.builder()
.realmName(REALM)
.dateCreationMax(maxDate)
.page(0)
.pageSize(100)
.build();
var result = userService.searchUsers(criteria);
assertEquals(1, result.getUsers().size());
assertEquals("old", result.getUsers().get(0).getUsername());
}
@Test
void testFilterUsers_DateCreation_NullTimestamp_WithMin() {
UserRepresentation userNoTimestamp = new UserRepresentation();
userNoTimestamp.setUsername("user1");
userNoTimestamp.setEnabled(true);
// createdTimestamp is null
when(usersResource.list(0, 100)).thenReturn(List.of(userNoTimestamp));
when(usersResource.count()).thenReturn(1);
LocalDateTime minDate = LocalDateTime.of(2020, 1, 1, 0, 0);
UserSearchCriteriaDTO criteria = UserSearchCriteriaDTO.builder()
.realmName(REALM)
.dateCreationMin(minDate)
.page(0)
.pageSize(100)
.build();
var result = userService.searchUsers(criteria);
assertEquals(0, result.getUsers().size()); // excluded because no timestamp
}
@Test
void testFilterUsers_DateCreation_NullTimestamp_OnlyMax() {
UserRepresentation userNoTimestamp = new UserRepresentation();
userNoTimestamp.setUsername("user1");
userNoTimestamp.setEnabled(true);
// createdTimestamp is null
when(usersResource.list(0, 100)).thenReturn(List.of(userNoTimestamp));
when(usersResource.count()).thenReturn(1);
LocalDateTime maxDate = LocalDateTime.of(2030, 1, 1, 0, 0);
UserSearchCriteriaDTO criteria = UserSearchCriteriaDTO.builder()
.realmName(REALM)
.dateCreationMax(maxDate)
.page(0)
.pageSize(100)
.build();
var result = userService.searchUsers(criteria);
// user with null timestamp and only max filter: not excluded (dateCreationMin is null)
assertEquals(1, result.getUsers().size());
}
// ==================== countUsers() ====================
@Test
void testCountUsers() {
when(keycloakAdminClient.getUsers(REALM)).thenReturn(usersResource);
when(usersResource.count()).thenReturn(42);
UserSearchCriteriaDTO criteria = UserSearchCriteriaDTO.builder()
.realmName(REALM)
.build();
long count = userService.countUsers(criteria);
assertEquals(42, count);
}
@Test
void testCountUsers_Exception() {
when(keycloakAdminClient.getUsers(REALM)).thenReturn(usersResource);
when(usersResource.count()).thenThrow(new RuntimeException("DB error"));
UserSearchCriteriaDTO criteria = UserSearchCriteriaDTO.builder()
.realmName(REALM)
.build();
long count = userService.countUsers(criteria);
assertEquals(0, count); // returns 0 on exception
}
// ==================== usernameExists() / emailExists() ====================
@Test
void testUsernameExists_True() {
when(keycloakAdminClient.getUsers(REALM)).thenReturn(usersResource);
UserRepresentation existing = new UserRepresentation();
existing.setUsername("existinguser");
when(usersResource.searchByUsername("existinguser", true)).thenReturn(List.of(existing));
assertTrue(userService.usernameExists("existinguser", REALM));
}
@Test
void testUsernameExists_False() {
when(keycloakAdminClient.getUsers(REALM)).thenReturn(usersResource);
when(usersResource.searchByUsername("newuser", true)).thenReturn(Collections.emptyList());
assertFalse(userService.usernameExists("newuser", REALM));
}
@Test
void testUsernameExists_Exception() {
when(keycloakAdminClient.getUsers(REALM)).thenReturn(usersResource);
when(usersResource.searchByUsername("user", true)).thenThrow(new RuntimeException("error"));
assertFalse(userService.usernameExists("user", REALM)); // returns false on exception
}
@Test
void testEmailExists_True() {
when(keycloakAdminClient.getUsers(REALM)).thenReturn(usersResource);
UserRepresentation existing = new UserRepresentation();
existing.setEmail("existing@test.com");
when(usersResource.searchByEmail("existing@test.com", true)).thenReturn(List.of(existing));
assertTrue(userService.emailExists("existing@test.com", REALM));
}
@Test
void testEmailExists_False() {
when(keycloakAdminClient.getUsers(REALM)).thenReturn(usersResource);
when(usersResource.searchByEmail("new@test.com", true)).thenReturn(Collections.emptyList());
assertFalse(userService.emailExists("new@test.com", REALM));
}
@Test
void testEmailExists_Exception() {
when(keycloakAdminClient.getUsers(REALM)).thenReturn(usersResource);
when(usersResource.searchByEmail("test@test.com", true)).thenThrow(new RuntimeException("error"));
assertFalse(userService.emailExists("test@test.com", REALM)); // returns false on exception
}
// ==================== exportUsersToCSV() ====================
@Test
void testExportUsersToCSV_Empty() {
when(keycloakAdminClient.getUsers(REALM)).thenReturn(usersResource);
when(usersResource.list(anyInt(), anyInt())).thenReturn(Collections.emptyList());
when(usersResource.count()).thenReturn(0);
UserSearchCriteriaDTO criteria = UserSearchCriteriaDTO.builder()
.realmName(REALM)
.page(0)
.pageSize(10_000)
.build();
String csv = userService.exportUsersToCSV(criteria);
assertNotNull(csv);
assertTrue(csv.contains("username")); // header only
}
@Test
void testExportUsersToCSV_WithUsers() {
when(keycloakAdminClient.getUsers(REALM)).thenReturn(usersResource);
UserRepresentation user = new UserRepresentation();
user.setUsername("john");
user.setEmail("john@test.com");
user.setFirstName("John");
user.setLastName("Doe");
user.setEnabled(true);
user.setEmailVerified(true);
user.setCreatedTimestamp(System.currentTimeMillis());
when(usersResource.list(anyInt(), anyInt())).thenReturn(List.of(user));
when(usersResource.count()).thenReturn(1);
UserSearchCriteriaDTO criteria = UserSearchCriteriaDTO.builder()
.realmName(REALM)
.page(0)
.pageSize(10_000)
.build();
String csv = userService.exportUsersToCSV(criteria);
assertNotNull(csv);
assertTrue(csv.contains("john"));
assertTrue(csv.contains("john@test.com"));
}
@Test
void testExportUsersToCSV_WithSpecialCharsInFields() {
when(keycloakAdminClient.getUsers(REALM)).thenReturn(usersResource);
UserRepresentation user = new UserRepresentation();
user.setUsername("john,doe"); // comma in username → should be quoted
user.setEmail("john@test.com");
user.setFirstName("John \"The\" Best"); // quotes → should be escaped
user.setEnabled(true);
user.setEmailVerified(false);
user.setCreatedTimestamp(System.currentTimeMillis());
when(usersResource.list(anyInt(), anyInt())).thenReturn(List.of(user));
when(usersResource.count()).thenReturn(1);
UserSearchCriteriaDTO criteria = UserSearchCriteriaDTO.builder()
.realmName(REALM)
.page(0)
.pageSize(10_000)
.build();
String csv = userService.exportUsersToCSV(criteria);
assertNotNull(csv);
assertTrue(csv.contains("\"john,doe\"")); // quoted because comma
assertTrue(csv.contains("\"\"")); // escaped quote
}
@Test
void testExportUsersToCSV_WithNullFields() {
when(keycloakAdminClient.getUsers(REALM)).thenReturn(usersResource);
UserRepresentation user = new UserRepresentation();
user.setUsername("john");
// email, prenom, nom, telephone, statut all null
user.setEnabled(false);
user.setEmailVerified(false);
user.setCreatedTimestamp(null);
when(usersResource.list(anyInt(), anyInt())).thenReturn(List.of(user));
when(usersResource.count()).thenReturn(1);
UserSearchCriteriaDTO criteria = UserSearchCriteriaDTO.builder()
.realmName(REALM)
.page(0)
.pageSize(10_000)
.build();
String csv = userService.exportUsersToCSV(criteria);
assertNotNull(csv);
assertTrue(csv.contains("john"));
}
// ==================== importUsersFromCSV() ====================
@Test
void testImportUsersFromCSV_HeaderOnly() {
when(keycloakAdminClient.getUsers(REALM)).thenReturn(usersResource);
String csv = "username,email,prenom,nom";
ImportResultDTO result = userService.importUsersFromCSV(csv, REALM);
assertNotNull(result);
assertEquals(0, result.getSuccessCount());
}
@Test
void testImportUsersFromCSV_EmptyLine() {
when(keycloakAdminClient.getUsers(REALM)).thenReturn(usersResource);
String csv = "username,email,prenom,nom\n\n";
ImportResultDTO result = userService.importUsersFromCSV(csv, REALM);
assertNotNull(result);
assertEquals(0, result.getSuccessCount());
}
@Test
void testImportUsersFromCSV_InvalidFormat_TooFewColumns() {
when(keycloakAdminClient.getUsers(REALM)).thenReturn(usersResource);
String csv = "username,email,prenom,nom\njohn,john@test.com";
ImportResultDTO result = userService.importUsersFromCSV(csv, REALM);
assertNotNull(result);
assertEquals(0, result.getSuccessCount());
assertEquals(1, result.getErrorCount());
assertEquals(ImportResultDTO.ErrorType.INVALID_FORMAT, result.getErrors().get(0).getErrorType());
}
@Test
void testImportUsersFromCSV_BlankUsername() {
when(keycloakAdminClient.getUsers(REALM)).thenReturn(usersResource);
String csv = "username,email,prenom,nom\n ,john@test.com,John,Doe";
ImportResultDTO result = userService.importUsersFromCSV(csv, REALM);
assertNotNull(result);
assertEquals(0, result.getSuccessCount());
assertEquals(1, result.getErrorCount());
assertEquals(ImportResultDTO.ErrorType.VALIDATION_ERROR, result.getErrors().get(0).getErrorType());
}
@Test
void testImportUsersFromCSV_DuplicateEmail() {
when(keycloakAdminClient.getUsers(REALM)).thenReturn(usersResource);
UserRepresentation existingUser = new UserRepresentation();
existingUser.setEmail("existing@test.com");
when(usersResource.searchByEmail("existing@test.com", true)).thenReturn(List.of(existingUser));
String csv = "username,email,prenom,nom\njohn,existing@test.com,John,Doe";
ImportResultDTO result = userService.importUsersFromCSV(csv, REALM);
assertNotNull(result);
assertEquals(0, result.getSuccessCount());
assertEquals(1, result.getErrorCount());
assertEquals(ImportResultDTO.ErrorType.DUPLICATE_USER, result.getErrors().get(0).getErrorType());
}
@Test
void testImportUsersFromCSV_WithQuotedFields() {
when(keycloakAdminClient.getUsers(REALM)).thenReturn(usersResource);
// Email doesn't exist
when(usersResource.searchByEmail("john@test.com", true)).thenReturn(Collections.emptyList());
// Username doesn't exist
when(usersResource.search("\"john\"", 0, 1, true)).thenReturn(Collections.emptyList());
when(usersResource.searchByUsername("john", true)).thenReturn(Collections.emptyList());
// Mock create response
jakarta.ws.rs.core.Response response = mock(jakarta.ws.rs.core.Response.class);
when(response.getStatus()).thenReturn(201);
java.net.URI location = java.net.URI.create("http://localhost/users/new-id");
when(response.getLocation()).thenReturn(location);
when(usersResource.create(any())).thenReturn(response);
UserResource createdUserResource = mock(UserResource.class);
UserRepresentation createdUser = new UserRepresentation();
createdUser.setId("new-id");
createdUser.setUsername("john");
createdUser.setEnabled(true);
when(usersResource.get("new-id")).thenReturn(createdUserResource);
when(createdUserResource.toRepresentation()).thenReturn(createdUser);
// CSV with quoted field
String csv = "username,email,prenom,nom\njohn,john@test.com,\"John\",Doe";
ImportResultDTO result = userService.importUsersFromCSV(csv, REALM);
assertNotNull(result);
}
@Test
void testImportUsersFromCSV_NoHeader() {
when(keycloakAdminClient.getUsers(REALM)).thenReturn(usersResource);
// Email doesn't exist
when(usersResource.searchByEmail("john@test.com", true)).thenReturn(Collections.emptyList());
when(usersResource.searchByUsername("john", true)).thenReturn(Collections.emptyList());
jakarta.ws.rs.core.Response response = mock(jakarta.ws.rs.core.Response.class);
when(response.getStatus()).thenReturn(201);
java.net.URI location = java.net.URI.create("http://localhost/users/new-id");
when(response.getLocation()).thenReturn(location);
when(usersResource.create(any())).thenReturn(response);
UserResource createdUserResource = mock(UserResource.class);
UserRepresentation createdUser = new UserRepresentation();
createdUser.setId("new-id");
createdUser.setUsername("john");
createdUser.setEnabled(true);
when(usersResource.get("new-id")).thenReturn(createdUserResource);
when(createdUserResource.toRepresentation()).thenReturn(createdUser);
// CSV without header line
String csv = "john,john@test.com,John,Doe";
ImportResultDTO result = userService.importUsersFromCSV(csv, REALM);
assertNotNull(result);
assertEquals(1, result.getSuccessCount());
}
// ==================== searchUsers avec includeRoles ====================
@Test
void testSearchUsers_WithIncludeRoles_Success() {
UserRepresentation userRep = new UserRepresentation();
userRep.setId("user-1");
userRep.setUsername("john");
userRep.setEnabled(true);
when(usersResource.list(0, 10)).thenReturn(List.of(userRep));
when(usersResource.count()).thenReturn(1);
UserResource userResource = mock(UserResource.class);
RoleMappingResource roleMappingResource = mock(RoleMappingResource.class);
RoleScopeResource roleScopeResource = mock(RoleScopeResource.class);
when(usersResource.get("user-1")).thenReturn(userResource);
when(userResource.roles()).thenReturn(roleMappingResource);
when(roleMappingResource.realmLevel()).thenReturn(roleScopeResource);
RoleRepresentation adminRole = new RoleRepresentation();
adminRole.setName("admin");
when(roleScopeResource.listAll()).thenReturn(List.of(adminRole));
UserSearchCriteriaDTO criteria = UserSearchCriteriaDTO.builder()
.realmName(REALM)
.includeRoles(true)
.page(0)
.pageSize(10)
.build();
var result = userService.searchUsers(criteria);
assertNotNull(result);
assertEquals(1, result.getUsers().size());
assertNotNull(result.getUsers().get(0).getRealmRoles());
assertTrue(result.getUsers().get(0).getRealmRoles().contains("admin"));
}
@Test
void testSearchUsers_WithIncludeRoles_RoleLoadingException() {
UserRepresentation userRep = new UserRepresentation();
userRep.setId("user-2");
userRep.setUsername("jane");
userRep.setEnabled(true);
when(usersResource.list(0, 10)).thenReturn(List.of(userRep));
when(usersResource.count()).thenReturn(1);
UserResource userResource = mock(UserResource.class);
when(usersResource.get("user-2")).thenReturn(userResource);
when(userResource.roles()).thenThrow(new RuntimeException("Roles unavailable"));
UserSearchCriteriaDTO criteria = UserSearchCriteriaDTO.builder()
.realmName(REALM)
.includeRoles(true)
.page(0)
.pageSize(10)
.build();
// Should not throw — exception is caught and logged
var result = userService.searchUsers(criteria);
assertNotNull(result);
assertEquals(1, result.getUsers().size());
}
// ==================== getUserById avec rôles non vides ====================
@Test
void testGetUserById_WithNonEmptyRoles() {
UserResource userResource = mock(UserResource.class);
RoleMappingResource roleMappingResource = mock(RoleMappingResource.class);
RoleScopeResource roleScopeResource = mock(RoleScopeResource.class);
when(usersResource.get("user-1")).thenReturn(userResource);
UserRepresentation userRep = new UserRepresentation();
userRep.setId("user-1");
userRep.setUsername("john");
userRep.setEnabled(true);
when(userResource.toRepresentation()).thenReturn(userRep);
when(userResource.roles()).thenReturn(roleMappingResource);
when(roleMappingResource.realmLevel()).thenReturn(roleScopeResource);
RoleRepresentation adminRole = new RoleRepresentation();
adminRole.setName("admin");
when(roleScopeResource.listAll()).thenReturn(List.of(adminRole));
Optional<UserDTO> result = userService.getUserById("user-1", REALM);
assertTrue(result.isPresent());
assertNotNull(result.get().getRealmRoles());
assertTrue(result.get().getRealmRoles().contains("admin"));
}
@Test
void testGetUserById_RoleLoadingException() {
UserResource userResource = mock(UserResource.class);
when(usersResource.get("user-1")).thenReturn(userResource);
UserRepresentation userRep = new UserRepresentation();
userRep.setId("user-1");
userRep.setUsername("john");
userRep.setEnabled(true);
when(userResource.toRepresentation()).thenReturn(userRep);
when(userResource.roles()).thenThrow(new RuntimeException("Cannot load roles"));
// Should not throw — role loading exception is caught
Optional<UserDTO> result = userService.getUserById("user-1", REALM);
assertTrue(result.isPresent());
assertEquals("john", result.get().getUsername());
}
} }

12
src/test/java/dev/lions/user/manager/service/impl/UserServiceImplExtendedTest.java
View File

@@ -219,7 +219,7 @@ class UserServiceImplExtendedTest {
when(keycloakAdminClient.getUsers(REALM)).thenReturn(usersResource); when(keycloakAdminClient.getUsers(REALM)).thenReturn(usersResource);
when(usersResource.search("testuser", 0, 1, true)).thenThrow(new RuntimeException("Connection error")); when(usersResource.search("testuser", 0, 1, true)).thenThrow(new RuntimeException("Connection error"));
assertThrows(RuntimeException.class, () -> assertThrows(RuntimeException.class, () ->
userService.getUserByUsername("testuser", REALM)); userService.getUserByUsername("testuser", REALM));
} }
@@ -265,7 +265,7 @@ class UserServiceImplExtendedTest {
UserRepresentation existingUser = new UserRepresentation(); UserRepresentation existingUser = new UserRepresentation();
existingUser.setUsername("existinguser"); existingUser.setUsername("existinguser");
existingUser.setEnabled(true); existingUser.setEnabled(true);
when(usersResource.search("existinguser", 0, 1, true)).thenReturn(List.of(existingUser)); when(usersResource.searchByUsername("existinguser", true)).thenReturn(List.of(existingUser));
UserDTO userDTO = UserDTO.builder() UserDTO userDTO = UserDTO.builder()
.username("existinguser") .username("existinguser")
@@ -282,7 +282,7 @@ class UserServiceImplExtendedTest {
@Test @Test
void testCreateUser_EmailExists() { void testCreateUser_EmailExists() {
when(keycloakAdminClient.getUsers(REALM)).thenReturn(usersResource); when(keycloakAdminClient.getUsers(REALM)).thenReturn(usersResource);
when(usersResource.search("newuser", 0, 1, true)).thenReturn(Collections.emptyList()); when(usersResource.searchByUsername("newuser", true)).thenReturn(Collections.emptyList());
// emailExists calls searchByEmail which should return a non-empty list // emailExists calls searchByEmail which should return a non-empty list
UserRepresentation existingUser = new UserRepresentation(); UserRepresentation existingUser = new UserRepresentation();
existingUser.setEmail("existing@example.com"); existingUser.setEmail("existing@example.com");
@@ -304,7 +304,7 @@ class UserServiceImplExtendedTest {
@Test @Test
void testCreateUser_StatusNot201() { void testCreateUser_StatusNot201() {
when(keycloakAdminClient.getUsers(REALM)).thenReturn(usersResource); when(keycloakAdminClient.getUsers(REALM)).thenReturn(usersResource);
when(usersResource.search("newuser", 0, 1, true)).thenReturn(Collections.emptyList()); when(usersResource.searchByUsername("newuser", true)).thenReturn(Collections.emptyList());
UserDTO userDTO = UserDTO.builder() UserDTO userDTO = UserDTO.builder()
.username("newuser") .username("newuser")
@@ -323,7 +323,7 @@ class UserServiceImplExtendedTest {
@Test @Test
void testCreateUser_WithTemporaryPassword() { void testCreateUser_WithTemporaryPassword() {
when(keycloakAdminClient.getUsers(REALM)).thenReturn(usersResource); when(keycloakAdminClient.getUsers(REALM)).thenReturn(usersResource);
when(usersResource.search("newuser", 0, 1, true)).thenReturn(Collections.emptyList()); when(usersResource.searchByUsername("newuser", true)).thenReturn(Collections.emptyList());
UserDTO userDTO = UserDTO.builder() UserDTO userDTO = UserDTO.builder()
.username("newuser") .username("newuser")
@@ -354,7 +354,7 @@ class UserServiceImplExtendedTest {
@Test @Test
void testCreateUser_Exception() { void testCreateUser_Exception() {
when(keycloakAdminClient.getUsers(REALM)).thenReturn(usersResource); when(keycloakAdminClient.getUsers(REALM)).thenReturn(usersResource);
when(usersResource.search("newuser", 0, 1, true)).thenThrow(new RuntimeException("Connection error")); when(usersResource.searchByUsername("newuser", true)).thenThrow(new RuntimeException("Connection error"));
UserDTO userDTO = UserDTO.builder() UserDTO userDTO = UserDTO.builder()
.username("newuser") .username("newuser")

6
src/test/java/dev/lions/user/manager/service/impl/UserServiceImplIntegrationTest.java
View File

@@ -460,7 +460,7 @@ class UserServiceImplIntegrationTest {
UserRepresentation user = new UserRepresentation(); UserRepresentation user = new UserRepresentation();
user.setUsername("existinguser"); user.setUsername("existinguser");
when(usersResource.search("existinguser", 0, 1, true)).thenReturn(List.of(user)); when(usersResource.searchByUsername("existinguser", true)).thenReturn(List.of(user));
boolean exists = userService.usernameExists("existinguser", REALM); boolean exists = userService.usernameExists("existinguser", REALM);
@@ -470,7 +470,7 @@ class UserServiceImplIntegrationTest {
@Test @Test
void testUsernameExists_False() { void testUsernameExists_False() {
when(keycloakAdminClient.getUsers(REALM)).thenReturn(usersResource); when(keycloakAdminClient.getUsers(REALM)).thenReturn(usersResource);
when(usersResource.search("nonexistent", 0, 1, true)).thenReturn(Collections.emptyList()); when(usersResource.searchByUsername("nonexistent", true)).thenReturn(Collections.emptyList());
boolean exists = userService.usernameExists("nonexistent", REALM); boolean exists = userService.usernameExists("nonexistent", REALM);
@@ -480,7 +480,7 @@ class UserServiceImplIntegrationTest {
@Test @Test
void testUsernameExists_Exception() { void testUsernameExists_Exception() {
when(keycloakAdminClient.getUsers(REALM)).thenReturn(usersResource); when(keycloakAdminClient.getUsers(REALM)).thenReturn(usersResource);
when(usersResource.search("erroruser", 0, 1, true)).thenThrow(new RuntimeException("Error")); when(usersResource.searchByUsername("erroruser", true)).thenThrow(new RuntimeException("Error"));
boolean exists = userService.usernameExists("erroruser", REALM); boolean exists = userService.usernameExists("erroruser", REALM);

Some files were not shown because too many files have changed in this diff Show More