You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@syncope.apache.org by sk...@apache.org on 2020/02/26 11:42:45 UTC
[syncope] 02/03: [SYNCOPE-1537] Ensure proper password management
for Linked Accounts
This is an automated email from the ASF dual-hosted git repository.
skylark17 pushed a commit to branch SYNCOPE-1537
in repository https://gitbox.apache.org/repos/asf/syncope.git
commit 5e4af6a9ca68211f9db0761f55c7bc9f849dc4f3
Author: Francesco Chicchiriccò <il...@apache.org>
AuthorDate: Tue Feb 25 12:58:55 2020 +0100
[SYNCOPE-1537] Ensure proper password management for Linked Accounts
---
.../provisioning/java/data/UserDataBinderImpl.java | 29 +++++++++++++---------
1 file changed, 17 insertions(+), 12 deletions(-)
diff --git a/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/data/UserDataBinderImpl.java b/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/data/UserDataBinderImpl.java
index c04495a..771c3df 100644
--- a/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/data/UserDataBinderImpl.java
+++ b/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/data/UserDataBinderImpl.java
@@ -181,7 +181,9 @@ public class UserDataBinderImpl extends AbstractAnyDataBinder implements UserDat
}.get();
account.setUsername(accountTO.getUsername());
- if (StringUtils.isNotBlank(accountTO.getPassword())) {
+ if (StringUtils.isBlank(accountTO.getPassword())) {
+ account.setEncodedPassword(null, null);
+ } else if (!accountTO.getPassword().equals(account.getPassword())) {
account.setPassword(accountTO.getPassword(), CipherAlgorithm.AES);
}
account.setSuspended(accountTO.isSuspended());
@@ -366,13 +368,18 @@ public class UserDataBinderImpl extends AbstractAnyDataBinder implements UserDat
setRealm(user, userPatch);
// password
- if (userPatch.getPassword() != null && StringUtils.isNotBlank(userPatch.getPassword().getValue())) {
- if (userPatch.getPassword().isOnSyncope()) {
- setPassword(user, userPatch.getPassword().getValue(), scce);
- user.setChangePwdDate(new Date());
- }
+ if (userPatch.getPassword() != null) {
+ if (userPatch.getPassword().getOperation() == PatchOperation.DELETE) {
+ user.setEncodedPassword(null, null);
+ propByRes.addAll(ResourceOperation.UPDATE, userPatch.getPassword().getResources());
+ } else if (StringUtils.isNotBlank(userPatch.getPassword().getValue())) {
+ if (userPatch.getPassword().isOnSyncope()) {
+ setPassword(user, userPatch.getPassword().getValue(), scce);
+ user.setChangePwdDate(new Date());
+ }
- propByRes.addAll(ResourceOperation.UPDATE, userPatch.getPassword().getResources());
+ propByRes.addAll(ResourceOperation.UPDATE, userPatch.getPassword().getResources());
+ }
}
// username
@@ -620,11 +627,9 @@ public class UserDataBinderImpl extends AbstractAnyDataBinder implements UserDat
invalidValues);
}
});
- user.getLinkedAccounts().forEach(account -> {
- propByLinkedAccount.add(
- ResourceOperation.CREATE,
- Pair.of(account.getResource().getKey(), account.getConnObjectKeyValue()));
- });
+ user.getLinkedAccounts().forEach(account -> propByLinkedAccount.add(
+ ResourceOperation.CREATE,
+ Pair.of(account.getResource().getKey(), account.getConnObjectKeyValue())));
// finalize resource management
reasons.entrySet().stream().