You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@syncope.apache.org by gw...@apache.org on 2015/03/09 17:23:52 UTC
[1/3] syncope git commit: [SYNCOPE-651] SyncopeUser:checkToken()
should fail if token is not set on user
Repository: syncope
Updated Branches:
refs/heads/master 71b65cbe4 -> 7705b6984
[SYNCOPE-651] SyncopeUser:checkToken() should fail if token is not set on user
Project: http://git-wip-us.apache.org/repos/asf/syncope/repo
Commit: http://git-wip-us.apache.org/repos/asf/syncope/commit/3621adf4
Tree: http://git-wip-us.apache.org/repos/asf/syncope/tree/3621adf4
Diff: http://git-wip-us.apache.org/repos/asf/syncope/diff/3621adf4
Branch: refs/heads/master
Commit: 3621adf44e6c76a4faefb9782f77d90a1707ac1e
Parents: 8c38a41
Author: Guido Wimmel <gw...@apache.org>
Authored: Mon Mar 9 13:42:18 2015 +0100
Committer: Guido Wimmel <gw...@apache.org>
Committed: Mon Mar 9 13:42:18 2015 +0100
----------------------------------------------------------------------
.../apache/syncope/core/persistence/beans/user/SyncopeUser.java | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/syncope/blob/3621adf4/core/src/main/java/org/apache/syncope/core/persistence/beans/user/SyncopeUser.java
----------------------------------------------------------------------
diff --git a/core/src/main/java/org/apache/syncope/core/persistence/beans/user/SyncopeUser.java b/core/src/main/java/org/apache/syncope/core/persistence/beans/user/SyncopeUser.java
index 2bf72ac..c03ab31 100644
--- a/core/src/main/java/org/apache/syncope/core/persistence/beans/user/SyncopeUser.java
+++ b/core/src/main/java/org/apache/syncope/core/persistence/beans/user/SyncopeUser.java
@@ -427,7 +427,9 @@ public class SyncopeUser extends AbstractAttributable {
}
public boolean checkToken(final String token) {
- return this.token == null || this.token.equals(token) && !hasTokenExpired();
+ return this.token == null
+ ? token == null
+ : this.token.equals(token) && !hasTokenExpired();
}
public boolean hasTokenExpired() {
[2/3] syncope git commit: Merge branch '1_1_X' into 1_2_X
Posted by gw...@apache.org.
Merge branch '1_1_X' into 1_2_X
Project: http://git-wip-us.apache.org/repos/asf/syncope/repo
Commit: http://git-wip-us.apache.org/repos/asf/syncope/commit/7b2bb2df
Tree: http://git-wip-us.apache.org/repos/asf/syncope/tree/7b2bb2df
Diff: http://git-wip-us.apache.org/repos/asf/syncope/diff/7b2bb2df
Branch: refs/heads/master
Commit: 7b2bb2df74256fa7a72fa640c27377dd3452d849
Parents: 2465f13 3621adf
Author: Guido Wimmel <gw...@apache.org>
Authored: Mon Mar 9 16:41:35 2015 +0100
Committer: Guido Wimmel <gw...@apache.org>
Committed: Mon Mar 9 16:41:35 2015 +0100
----------------------------------------------------------------------
.../apache/syncope/core/persistence/beans/user/SyncopeUser.java | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/syncope/blob/7b2bb2df/core/src/main/java/org/apache/syncope/core/persistence/beans/user/SyncopeUser.java
----------------------------------------------------------------------
[3/3] syncope git commit: Merge branch '1_2_X'
Posted by gw...@apache.org.
Merge branch '1_2_X'
Project: http://git-wip-us.apache.org/repos/asf/syncope/repo
Commit: http://git-wip-us.apache.org/repos/asf/syncope/commit/7705b698
Tree: http://git-wip-us.apache.org/repos/asf/syncope/tree/7705b698
Diff: http://git-wip-us.apache.org/repos/asf/syncope/diff/7705b698
Branch: refs/heads/master
Commit: 7705b698469901d6bbb78284310bede538eadfa0
Parents: 71b65cb 7b2bb2d
Author: Guido Wimmel <gw...@apache.org>
Authored: Mon Mar 9 17:22:07 2015 +0100
Committer: Guido Wimmel <gw...@apache.org>
Committed: Mon Mar 9 17:22:07 2015 +0100
----------------------------------------------------------------------
.../apache/syncope/core/persistence/jpa/entity/user/JPAUser.java | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/syncope/blob/7705b698/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/entity/user/JPAUser.java
----------------------------------------------------------------------
diff --cc core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/entity/user/JPAUser.java
index 6820c73,0000000..8b1e798
mode 100644,000000..100644
--- a/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/entity/user/JPAUser.java
+++ b/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/entity/user/JPAUser.java
@@@ -1,538 -1,0 +1,540 @@@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.syncope.core.persistence.jpa.entity.user;
+
+import java.util.ArrayList;
+import java.util.Calendar;
+import java.util.Date;
+import java.util.HashSet;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Set;
+import javax.persistence.Basic;
+import javax.persistence.Cacheable;
+import javax.persistence.CascadeType;
+import javax.persistence.CollectionTable;
+import javax.persistence.Column;
+import javax.persistence.ElementCollection;
+import javax.persistence.Entity;
+import javax.persistence.EnumType;
+import javax.persistence.Enumerated;
+import javax.persistence.FetchType;
+import javax.persistence.Id;
+import javax.persistence.JoinColumn;
+import javax.persistence.JoinTable;
+import javax.persistence.Lob;
+import javax.persistence.ManyToMany;
+import javax.persistence.ManyToOne;
+import javax.persistence.OneToMany;
+import javax.persistence.Table;
+import javax.persistence.Temporal;
+import javax.persistence.TemporalType;
+import javax.persistence.Transient;
+import javax.validation.Valid;
+import javax.validation.constraints.Max;
+import javax.validation.constraints.Min;
+import javax.validation.constraints.NotNull;
+import org.apache.syncope.common.lib.types.CipherAlgorithm;
+import org.apache.syncope.core.persistence.api.entity.ExternalResource;
+import org.apache.syncope.core.persistence.api.entity.membership.Membership;
+import org.apache.syncope.core.persistence.api.entity.role.Role;
+import org.apache.syncope.core.persistence.api.entity.user.SecurityQuestion;
+import org.apache.syncope.core.persistence.api.entity.user.UDerAttr;
+import org.apache.syncope.core.persistence.api.entity.user.UPlainAttr;
+import org.apache.syncope.core.persistence.api.entity.user.UVirAttr;
+import org.apache.syncope.core.persistence.api.entity.user.User;
+import org.apache.syncope.core.persistence.jpa.validation.entity.UserCheck;
+import org.apache.syncope.core.persistence.jpa.entity.AbstractSubject;
+import org.apache.syncope.core.persistence.jpa.entity.JPAExternalResource;
+import org.apache.syncope.core.persistence.jpa.entity.JPASecurityQuestion;
+import org.apache.syncope.core.persistence.jpa.entity.membership.JPAMembership;
+import org.apache.syncope.core.misc.security.Encryptor;
+import org.apache.syncope.core.misc.security.SecureRandomUtil;
+
+/**
+ * JPA user bean.
+ */
+@Entity
+@Table(name = JPAUser.TABLE)
+@Cacheable
+@UserCheck
+public class JPAUser extends AbstractSubject<UPlainAttr, UDerAttr, UVirAttr> implements User {
+
+ private static final long serialVersionUID = -3905046855521446823L;
+
+ public static final String TABLE = "SyncopeUser";
+
+ @Id
+ private Long id;
+
+ @Column(nullable = true)
+ private String password;
+
+ @Transient
+ private String clearPassword;
+
+ @OneToMany(cascade = CascadeType.MERGE, mappedBy = "user")
+ @Valid
+ private List<JPAMembership> memberships;
+
+ @OneToMany(cascade = CascadeType.ALL, mappedBy = "owner")
+ @Valid
+ private List<JPAUPlainAttr> plainAttrs;
+
+ @OneToMany(cascade = CascadeType.ALL, mappedBy = "owner")
+ @Valid
+ private List<JPAUDerAttr> derAttrs;
+
+ @OneToMany(cascade = CascadeType.ALL, mappedBy = "owner")
+ @Valid
+ private List<JPAUVirAttr> virAttrs;
+
+ private String workflowId;
+
+ @Column(nullable = true)
+ private String status;
+
+ @Lob
+ private String token;
+
+ @Temporal(TemporalType.TIMESTAMP)
+ private Date tokenExpireTime;
+
+ @Column(nullable = true)
+ @Enumerated(EnumType.STRING)
+ private CipherAlgorithm cipherAlgorithm;
+
+ @ElementCollection
+ @Column(name = "passwordHistoryValue")
+ @CollectionTable(name = "SyncopeUser_passwordHistory",
+ joinColumns =
+ @JoinColumn(name = "SyncopeUser_id", referencedColumnName = "id"))
+ private List<String> passwordHistory;
+
+ /**
+ * Subsequent failed logins.
+ */
+ @Column(nullable = true)
+ private Integer failedLogins;
+
+ /**
+ * Username/Login.
+ */
+ @Column(unique = true)
+ @NotNull(message = "Blank username")
+ private String username;
+
+ /**
+ * Last successful login date.
+ */
+ @Column(nullable = true)
+ @Temporal(TemporalType.TIMESTAMP)
+ private Date lastLoginDate;
+
+ /**
+ * Change password date.
+ */
+ @Column(nullable = true)
+ @Temporal(TemporalType.TIMESTAMP)
+ private Date changePwdDate;
+
+ @Basic
+ @Min(0)
+ @Max(1)
+ private Integer suspended;
+
+ /**
+ * Provisioning external resources.
+ */
+ @ManyToMany(fetch = FetchType.EAGER)
+ @JoinTable(joinColumns =
+ @JoinColumn(name = "user_id"),
+ inverseJoinColumns =
+ @JoinColumn(name = "resource_name"))
+ @Valid
+ private Set<JPAExternalResource> resources;
+
+ @ManyToOne(fetch = FetchType.EAGER, optional = true)
+ private JPASecurityQuestion securityQuestion;
+
+ @Column(nullable = true)
+ private String securityAnswer;
+
+ public JPAUser() {
+ super();
+
+ memberships = new ArrayList<>();
+ plainAttrs = new ArrayList<>();
+ derAttrs = new ArrayList<>();
+ virAttrs = new ArrayList<>();
+ passwordHistory = new ArrayList<>();
+ failedLogins = 0;
+ suspended = getBooleanAsInteger(Boolean.FALSE);
+ resources = new HashSet<>();
+ }
+
+ @Override
+ public Long getKey() {
+ return id;
+ }
+
+ @Override
+ protected Set<? extends ExternalResource> internalGetResources() {
+ return resources;
+ }
+
+ @Override
+ public boolean addMembership(final Membership membership) {
+ checkType(membership, JPAMembership.class);
+ return memberships.contains((JPAMembership) membership) || memberships.add((JPAMembership) membership);
+ }
+
+ @Override
+ public boolean removeMembership(final Membership membership) {
+ return memberships.remove(membership);
+ }
+
+ @Override
+ public Membership getMembership(final Long roleKey) {
+ Membership result = null;
+ Membership membership;
+ for (Iterator<? extends Membership> itor = getMemberships().iterator(); result == null && itor.hasNext();) {
+ membership = itor.next();
+ if (membership.getRole() != null && roleKey.equals(membership.getRole().getKey())) {
+ result = membership;
+ }
+ }
+ return result;
+ }
+
+ @Override
+ public List<? extends Membership> getMemberships() {
+ return memberships;
+ }
+
+ @Override
+ public List<Role> getRoles() {
+ List<Role> result = new ArrayList<>();
+
+ for (Membership membership : memberships) {
+ if (membership.getRole() != null) {
+ result.add(membership.getRole());
+ }
+ }
+
+ return result;
+ }
+
+ @Override
+ public Set<Long> getRoleKeys() {
+ List<Role> roles = getRoles();
+
+ Set<Long> result = new HashSet<>(roles.size());
+ for (Role role : roles) {
+ result.add(role.getKey());
+ }
+
+ return result;
+ }
+
+ @Override
+ public Set<ExternalResource> getResources() {
+ Set<ExternalResource> result = new HashSet<>();
+ result.addAll(super.getResources());
+ for (Role role : getRoles()) {
+ result.addAll(role.getResources());
+ }
+
+ return result;
+ }
+
+ @Override
+ public Set<? extends ExternalResource> getOwnResources() {
+ return super.getResources();
+ }
+
+ @Override
+ public String getPassword() {
+ return password;
+ }
+
+ @Override
+ public String getClearPassword() {
+ return clearPassword;
+ }
+
+ @Override
+ public void removeClearPassword() {
+ clearPassword = null;
+ }
+
+ @Override
+ public void setEncodedPassword(final String password, final CipherAlgorithm cipherAlgoritm) {
+ // clear password
+ this.clearPassword = null;
+
+ this.password = password;
+ this.cipherAlgorithm = cipherAlgoritm;
+ }
+
+ @Override
+ public void setPassword(final String password, final CipherAlgorithm cipherAlgoritm) {
+ // clear password
+ this.clearPassword = password;
+
+ try {
+ this.password = Encryptor.getInstance().encode(password, cipherAlgoritm);
+ this.cipherAlgorithm = cipherAlgoritm;
+ } catch (Exception e) {
+ LOG.error("Could not encode password", e);
+ this.password = null;
+ }
+ }
+
+ @Override
+ public CipherAlgorithm getCipherAlgorithm() {
+ return cipherAlgorithm;
+ }
+
+ @Override
+ public boolean canDecodePassword() {
+ return this.cipherAlgorithm != null && this.cipherAlgorithm.isInvertible();
+ }
+
+ @Override
+ public boolean addPlainAttr(final UPlainAttr attr) {
+ checkType(attr, JPAUPlainAttr.class);
+ return plainAttrs.add((JPAUPlainAttr) attr);
+ }
+
+ @Override
+ public boolean removePlainAttr(final UPlainAttr attr) {
+ checkType(attr, JPAUPlainAttr.class);
+ return plainAttrs.remove((JPAUPlainAttr) attr);
+ }
+
+ @Override
+ public List<? extends UPlainAttr> getPlainAttrs() {
+ return plainAttrs;
+ }
+
+ @Override
+ public boolean addDerAttr(final UDerAttr attr) {
+ checkType(attr, JPAUDerAttr.class);
+ return derAttrs.add((JPAUDerAttr) attr);
+ }
+
+ @Override
+ public boolean removeDerAttr(final UDerAttr attr) {
+ checkType(attr, JPAUDerAttr.class);
+ return derAttrs.remove((JPAUDerAttr) attr);
+ }
+
+ @Override
+ public List<? extends UDerAttr> getDerAttrs() {
+ return derAttrs;
+ }
+
+ @Override
+ public boolean addVirAttr(final UVirAttr attr) {
+ checkType(attr, JPAUVirAttr.class);
+ return virAttrs.add((JPAUVirAttr) attr);
+ }
+
+ @Override
+ public boolean removeVirAttr(final UVirAttr attr) {
+ checkType(attr, JPAUVirAttr.class);
+ return virAttrs.remove((JPAUVirAttr) attr);
+ }
+
+ @Override
+ public List<? extends UVirAttr> getVirAttrs() {
+ return virAttrs;
+ }
+
+ @Override
+ public String getWorkflowId() {
+ return workflowId;
+ }
+
+ @Override
+ public void setWorkflowId(final String workflowId) {
+ this.workflowId = workflowId;
+ }
+
+ @Override
+ public String getStatus() {
+ return status;
+ }
+
+ @Override
+ public void setStatus(final String status) {
+ this.status = status;
+ }
+
+ @Override
+ public void generateToken(final int tokenLength, final int tokenExpireTime) {
+ this.token = SecureRandomUtil.generateRandomPassword(tokenLength);
+
+ Calendar calendar = Calendar.getInstance();
+ calendar.add(Calendar.MINUTE, tokenExpireTime);
+ this.tokenExpireTime = calendar.getTime();
+ }
+
+ @Override
+ public void removeToken() {
+ this.token = null;
+ this.tokenExpireTime = null;
+ }
+
+ @Override
+ public String getToken() {
+ return token;
+ }
+
+ @Override
+ public Date getTokenExpireTime() {
+ return tokenExpireTime == null
+ ? null
+ : new Date(tokenExpireTime.getTime());
+ }
+
+ @Override
+ public boolean checkToken(final String token) {
- return this.token == null || this.token.equals(token) && !hasTokenExpired();
++ return this.token == null
++ ? token == null
++ : this.token.equals(token) && !hasTokenExpired();
+ }
+
+ @Override
+ public boolean hasTokenExpired() {
+ return tokenExpireTime == null
+ ? false
+ : tokenExpireTime.before(new Date());
+ }
+
+ @Override
+ public void setCipherAlgorithm(final CipherAlgorithm cipherAlgorithm) {
+ this.cipherAlgorithm = cipherAlgorithm;
+ }
+
+ @Override
+ public List<String> getPasswordHistory() {
+ return passwordHistory;
+ }
+
+ @Override
+ public Date getChangePwdDate() {
+ return changePwdDate == null
+ ? null
+ : new Date(changePwdDate.getTime());
+ }
+
+ @Override
+ public void setChangePwdDate(final Date changePwdDate) {
+ this.changePwdDate = changePwdDate == null
+ ? null
+ : new Date(changePwdDate.getTime());
+ }
+
+ @Override
+ public Integer getFailedLogins() {
+ return failedLogins == null ? 0 : failedLogins;
+ }
+
+ @Override
+ public void setFailedLogins(final Integer failedLogins) {
+ this.failedLogins = failedLogins;
+ }
+
+ @Override
+ public Date getLastLoginDate() {
+ return lastLoginDate == null
+ ? null
+ : new Date(lastLoginDate.getTime());
+ }
+
+ @Override
+ public void setLastLoginDate(final Date lastLoginDate) {
+ this.lastLoginDate = lastLoginDate == null
+ ? null
+ : new Date(lastLoginDate.getTime());
+ }
+
+ @Override
+ public String getUsername() {
+ return username;
+ }
+
+ @Override
+ public void setUsername(final String username) {
+ this.username = username;
+ }
+
+ @Override
+ public void setSuspended(final Boolean suspended) {
+ this.suspended = getBooleanAsInteger(suspended);
+ }
+
+ @Override
+ public Boolean isSuspended() {
+ return suspended == null ? null : isBooleanAsInteger(suspended);
+ }
+
+ @Override
+ public boolean verifyPasswordHistory(final String password, final int size) {
+ boolean res = false;
+
+ if (size > 0) {
+ try {
+ res = passwordHistory.subList(size >= passwordHistory.size()
+ ? 0
+ : passwordHistory.size() - size, passwordHistory.size()).contains(cipherAlgorithm == null
+ ? password
+ : Encryptor.getInstance().encode(password, cipherAlgorithm));
+ } catch (Exception e) {
+ LOG.error("Error evaluating password history", e);
+ }
+ }
+
+ return res;
+ }
+
+ @Override
+ public SecurityQuestion getSecurityQuestion() {
+ return securityQuestion;
+ }
+
+ @Override
+ public void setSecurityQuestion(final SecurityQuestion securityQuestion) {
+ checkType(securityQuestion, JPASecurityQuestion.class);
+ this.securityQuestion = (JPASecurityQuestion) securityQuestion;
+ }
+
+ @Override
+ public String getSecurityAnswer() {
+ return securityAnswer;
+ }
+
+ @Override
+ public void setSecurityAnswer(final String securityAnswer) {
+ this.securityAnswer = securityAnswer;
+ }
+
+}