Add new event to track scim credential updates

wso2-extensions · Mar 8, 2024 · 7c411f8 · 7c411f8
1 parent b3d8c67
commit 7c411f8
Show file tree

Hide file tree

Showing 3 changed files with 84 additions and 0 deletions.
diff --git a/...cim2.common/src/main/java/org/wso2/carbon/identity/scim2/common/impl/SCIMUserManager.java b/...cim2.common/src/main/java/org/wso2/carbon/identity/scim2/common/impl/SCIMUserManager.java
@@ -41,7 +41,9 @@
 import org.wso2.carbon.identity.claim.metadata.mgt.util.ClaimConstants;
 import org.wso2.carbon.identity.core.util.IdentityTenantUtil;
 import org.wso2.carbon.identity.core.util.IdentityUtil;
+import org.wso2.carbon.identity.event.IdentityEventConstants;
 import org.wso2.carbon.identity.event.IdentityEventException;
+import org.wso2.carbon.identity.event.event.Event;
 import org.wso2.carbon.identity.mgt.policy.PolicyViolationException;
 import org.wso2.carbon.identity.provisioning.IdentityProvisioningConstants;
 import org.wso2.carbon.identity.role.v2.mgt.core.exception.IdentityRoleManagementException;
@@ -1114,6 +1116,7 @@ public User updateUser(User user, Map<String, Boolean> requiredAttributes) throw
             // If password is updated, set it separately.
             if (user.getPassword() != null) {
                 carbonUM.updateCredentialByAdminWithID(user.getId(), user.getPassword());
+                publishEvent(user, IdentityEventConstants.Event.POST_UPDATE_CREDENTIAL_BY_SCIM, false);
             }
 
             updateUserClaims(user, oldClaimList, claimValuesInLocalDialect);
@@ -1299,6 +1302,7 @@ public User updateUser(User user, Map<String, Boolean> requiredAttributes,
             // If password is updated, set it separately.
             if (user.getPassword() != null) {
                 carbonUM.updateCredentialByAdminWithID(user.getId(), user.getPassword());
+                publishEvent(user, IdentityEventConstants.Event.POST_UPDATE_CREDENTIAL_BY_SCIM, true);
             }
 
             updateUserClaims(user, oldClaimList, claimValuesInLocalDialect, allSimpleMultiValuedClaimsList);
@@ -6272,4 +6276,35 @@ private List<String> addDomainToNames(String userStoreDomainName, List<String> g
         return groupsList.stream().map(groupName -> UserCoreUtil.addDomainToName(groupName, userStoreDomainName))
                 .collect(Collectors.toList());
     }
+
+    /**
+     * Publish event for credential updates.
+     *
+     * @param user      User object.
+     * @param eventName Name of the event.
+     * @param isAdminUpdate   Indicates whether the user is an admin.
+     * @throws BadRequestException If the request is invalid.
+     * @throws UserStoreException  If an error occurs related to the user store.
+     * @throws CharonException     If an error occurs during the event handling.
+     */
+    private void publishEvent(User user, String eventName, Boolean isAdminUpdate)
+            throws BadRequestException, UserStoreException, CharonException {
+
+        HashMap<String, Object> properties = new HashMap<>();
+        properties.put(IdentityEventConstants.EventProperty.USER_NAME,
+                UserCoreUtil.removeDomainFromName(user.getUsername()));
+        properties.put(IdentityEventConstants.EventProperty.TENANT_DOMAIN, tenantDomain);
+        properties.put(IdentityEventConstants.EventProperty.TENANT_ID, carbonUM.getTenantId());
+        properties.put(IdentityEventConstants.EventProperty.USER_STORE_DOMAIN,
+                IdentityUtil.extractDomainFromName(user.getUsername()));
+        properties.put(IdentityEventConstants.EventProperty.CREDENTIAL, user.getPassword());
+        properties.put(IdentityEventConstants.EventProperty.IS_ADMIN_UPDATE, isAdminUpdate);
+
+        Event identityMgtEvent = new Event(eventName, properties);
+        try {
+            SCIMCommonComponentHolder.getIdentityEventService().handleEvent(identityMgtEvent);
+        } catch (IdentityEventException e) {
+            throw new BadRequestException("Error occurred publishing event", ResponseCodeConstants.INVALID_VALUE);
+        }
+    }
 }
diff --git a/...mon/src/main/java/org/wso2/carbon/identity/scim2/common/internal/SCIMCommonComponent.java b/...mon/src/main/java/org/wso2/carbon/identity/scim2/common/internal/SCIMCommonComponent.java
@@ -32,6 +32,7 @@
 import org.wso2.carbon.identity.core.util.IdentityCoreInitializedEvent;
 import org.wso2.carbon.identity.core.util.IdentityUtil;
 import org.wso2.carbon.identity.event.handler.AbstractEventHandler;
+import org.wso2.carbon.identity.event.services.IdentityEventService;
 import org.wso2.carbon.identity.organization.management.service.OrganizationManager;
 import org.wso2.carbon.identity.role.mgt.core.RoleManagementService;
 import org.wso2.carbon.identity.scim2.common.extenstion.SCIMUserStoreErrorResolver;
@@ -361,6 +362,32 @@ protected void unsetOrganizationManager(OrganizationManager organizationManager)
         SCIMCommonComponentHolder.setOrganizationManager(null);
     }
 
+    /**
+     * Unset identityEventService service implementation.
+     *
+     * @param identityEventService IdentityEventService
+     */
+    protected void unsetIdentityEventService(IdentityEventService identityEventService) {
+
+        SCIMCommonComponentHolder.setIdentityEventService(null);
+    }
+
+    /**
+     * Set IdentityEventService implementation
+     *
+     * @param identityEventService IdentityEventService
+     */
+    @Reference(
+            name = "IdentityEventService",
+            service = org.wso2.carbon.identity.event.services.IdentityEventService.class,
+            cardinality = ReferenceCardinality.MANDATORY,
+            policy = ReferencePolicy.DYNAMIC,
+            unbind = "unsetIdentityEventService")
+    protected void setIdentityEventService(IdentityEventService identityEventService) {
+
+        SCIMCommonComponentHolder.setIdentityEventService(identityEventService);
+    }
+
     @Deactivate
     protected void deactivate(ComponentContext context) {
 

diff --git a/...c/main/java/org/wso2/carbon/identity/scim2/common/internal/SCIMCommonComponentHolder.java b/...c/main/java/org/wso2/carbon/identity/scim2/common/internal/SCIMCommonComponentHolder.java
@@ -19,6 +19,7 @@
 package org.wso2.carbon.identity.scim2.common.internal;
 
 import org.wso2.carbon.identity.claim.metadata.mgt.ClaimMetadataManagementService;
+import org.wso2.carbon.identity.event.services.IdentityEventService;
 import org.wso2.carbon.identity.organization.management.service.OrganizationManager;
 import org.wso2.carbon.identity.scim2.common.extenstion.SCIMUserStoreErrorResolver;
 import org.wso2.carbon.idp.mgt.IdpManager;
@@ -43,6 +44,7 @@ public class SCIMCommonComponentHolder {
     private static org.wso2.carbon.identity.role.v2.mgt.core.RoleManagementService roleManagementServiceV2;
     private static OrganizationManager organizationManager;
     private static IdpManager idpManager;
+    private static IdentityEventService identityEventService;
     private static final List<SCIMUserStoreErrorResolver> scimUserStoreErrorResolvers = new ArrayList<>();
 
     /**
@@ -203,4 +205,24 @@ public static void removeScimUserStoreErrorResolver(SCIMUserStoreErrorResolver s
         scimUserStoreErrorResolvers.remove(scimUserStoreErrorResolver);
         scimUserStoreErrorResolvers.sort(Comparator.comparing(SCIMUserStoreErrorResolver::getOrder).reversed());
     }
+
+    /**
+     * Get IdentityEvent service.
+     *
+     * @return IdentityEventService.
+     */
+    public static IdentityEventService getIdentityEventService() {
+
+        return identityEventService;
+    }
+
+    /**
+     * Set IdentityEvent service.
+     *
+     * @param identityEventService IdentityEventService.
+     */
+    public static void setIdentityEventService(IdentityEventService identityEventService) {
+
+        SCIMCommonComponentHolder.identityEventService = identityEventService;
+    }
 }