You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@syncope.apache.org by il...@apache.org on 2013/11/07 17:40:03 UTC

svn commit: r1539708 - in /syncope/trunk/core/src: main/java/org/apache/syncope/core/security/SyncopeAuthenticationProvider.java main/resources/content.xml test/java/org/apache/syncope/core/rest/AuthenticationTestITCase.java test/resources/content.xml

Author: ilgrosso
Date: Thu Nov  7 16:40:03 2013
New Revision: 1539708

URL: http://svn.apache.org/r1539708
Log:
[SYNCOPE-434] Merge from 1_1_X

Modified:
    syncope/trunk/core/src/main/java/org/apache/syncope/core/security/SyncopeAuthenticationProvider.java
    syncope/trunk/core/src/main/resources/content.xml
    syncope/trunk/core/src/test/java/org/apache/syncope/core/rest/AuthenticationTestITCase.java
    syncope/trunk/core/src/test/resources/content.xml

Modified: syncope/trunk/core/src/main/java/org/apache/syncope/core/security/SyncopeAuthenticationProvider.java
URL: http://svn.apache.org/viewvc/syncope/trunk/core/src/main/java/org/apache/syncope/core/security/SyncopeAuthenticationProvider.java?rev=1539708&r1=1539707&r2=1539708&view=diff
==============================================================================
--- syncope/trunk/core/src/main/java/org/apache/syncope/core/security/SyncopeAuthenticationProvider.java (original)
+++ syncope/trunk/core/src/main/java/org/apache/syncope/core/security/SyncopeAuthenticationProvider.java Thu Nov  7 16:40:03 2013
@@ -20,12 +20,15 @@ package org.apache.syncope.core.security
 
 import java.util.Date;
 import javax.annotation.Resource;
+import org.apache.commons.lang3.ArrayUtils;
 import org.apache.syncope.common.types.AuditElements.AuthenticationSubCategory;
 import org.apache.syncope.common.types.AuditElements.Category;
 import org.apache.syncope.common.types.AuditElements.Result;
 import org.apache.syncope.common.types.CipherAlgorithm;
 import org.apache.syncope.core.audit.AuditManager;
+import org.apache.syncope.core.persistence.beans.SyncopeConf;
 import org.apache.syncope.core.persistence.beans.user.SyncopeUser;
+import org.apache.syncope.core.persistence.dao.ConfDAO;
 import org.apache.syncope.core.persistence.dao.UserDAO;
 import org.apache.syncope.core.util.PasswordEncoder;
 import org.slf4j.Logger;
@@ -52,6 +55,9 @@ public class SyncopeAuthenticationProvid
     private AuditManager auditManager;
 
     @Autowired
+    private ConfDAO confDAO;
+
+    @Autowired
     private UserDAO userDAO;
 
     @Resource(name = "adminUser")
@@ -112,10 +118,19 @@ public class SyncopeAuthenticationProvid
         } else {
             user = userDAO.find(username);
 
-            if (user != null && user.isSuspended() != null) {
-                if (user.isSuspended()) {
+            if (user != null) {
+                if (user.isSuspended() != null && user.isSuspended()) {
                     throw new DisabledException("User " + user.getUsername() + " is suspended");
                 }
+
+                SyncopeConf authStatuses = confDAO.find("authentication.statuses", null);
+                if (authStatuses != null) {
+                    String[] statuses = authStatuses.getValue().split("\\|");
+                    if (!ArrayUtils.contains(statuses, user.getStatus())) {
+                        throw new DisabledException("User " + user.getUsername() + " not allowed to authenticate");
+                    }
+                }
+
                 authenticated = authenticate(
                         authentication.getCredentials().toString(),
                         user.getCipherAlgorithm(),

Modified: syncope/trunk/core/src/main/resources/content.xml
URL: http://svn.apache.org/viewvc/syncope/trunk/core/src/main/resources/content.xml?rev=1539708&r1=1539707&r2=1539708&view=diff
==============================================================================
--- syncope/trunk/core/src/main/resources/content.xml (original)
+++ syncope/trunk/core/src/main/resources/content.xml Thu Nov  7 16:40:03 2013
@@ -30,6 +30,8 @@ under the License.
   <SyncopeConf confKey="token.expireTime" confValue="60"/>
   <SyncopeConf confKey="selfRegistration.allowed" confValue="true"/>
   <SyncopeConf confKey="notification.maxRetries" confValue="0"/>
+  <!-- when needing to provide more values, use '|' as separator and no spaces -->
+  <SyncopeConf confKey="authentication.statuses" confValue="active"/>
     
   <!-- Authentication and authorization -->
   <Entitlement name="SCHEMA_LIST"/>

Modified: syncope/trunk/core/src/test/java/org/apache/syncope/core/rest/AuthenticationTestITCase.java
URL: http://svn.apache.org/viewvc/syncope/trunk/core/src/test/java/org/apache/syncope/core/rest/AuthenticationTestITCase.java?rev=1539708&r1=1539707&r2=1539708&view=diff
==============================================================================
--- syncope/trunk/core/src/test/java/org/apache/syncope/core/rest/AuthenticationTestITCase.java (original)
+++ syncope/trunk/core/src/test/java/org/apache/syncope/core/rest/AuthenticationTestITCase.java Thu Nov  7 16:40:03 2013
@@ -27,6 +27,7 @@ import static org.junit.Assert.fail;
 import java.security.AccessControlException;
 import java.util.HashSet;
 import java.util.List;
+import java.util.Map;
 import java.util.Set;
 
 import javax.ws.rs.core.Response;
@@ -35,6 +36,7 @@ import org.apache.syncope.common.mod.Sta
 
 import org.apache.syncope.common.search.AttributeCond;
 import org.apache.syncope.common.search.NodeCond;
+import org.apache.syncope.common.services.EntitlementService;
 import org.apache.syncope.common.services.InvalidSearchConditionException;
 import org.apache.syncope.common.services.SchemaService;
 import org.apache.syncope.common.services.UserService;
@@ -44,12 +46,16 @@ import org.apache.syncope.common.to.Memb
 import org.apache.syncope.common.to.RoleTO;
 import org.apache.syncope.common.to.SchemaTO;
 import org.apache.syncope.common.to.UserTO;
+import org.apache.syncope.common.to.WorkflowFormPropertyTO;
+import org.apache.syncope.common.to.WorkflowFormTO;
 import org.apache.syncope.common.types.AttributableType;
 import org.apache.syncope.common.types.AttributeSchemaType;
 import org.apache.syncope.common.types.SchemaType;
 import org.apache.syncope.common.types.ClientExceptionType;
 import org.apache.syncope.common.util.CollectionWrapper;
 import org.apache.syncope.common.validation.SyncopeClientException;
+import org.apache.syncope.core.workflow.ActivitiDetector;
+import org.junit.Assume;
 import org.junit.FixMethodOrder;
 import org.junit.Test;
 import org.junit.runners.MethodSorters;
@@ -356,4 +362,42 @@ public class AuthenticationTestITCase ex
         role1User = response.readEntity(UserTO.class);
         assertNotNull(role1User);
     }
+
+    @Test
+    public void issueSYNCOPE434() {
+        Assume.assumeTrue(ActivitiDetector.isActivitiEnabledForUsers());
+
+        // 1. create user with role 9 (users with role 9 are defined in workflow as subject to approval)
+        UserTO userTO = UserTestITCase.getUniqueSampleTO("createWithReject@syncope.apache.org");
+        MembershipTO membershipTO = new MembershipTO();
+        membershipTO.setRoleId(9L);
+        userTO.getMemberships().add(membershipTO);
+
+        userTO = createUser(userTO);
+        assertNotNull(userTO);
+        assertEquals("createApproval", userTO.getStatus());
+
+        // 2. try to authenticate: fail
+        EntitlementService myEntitlementService = clientFactory.create(userTO.getUsername(), "password123").
+                getService(EntitlementService.class);
+        try {
+            myEntitlementService.getOwnEntitlements();
+            fail();
+        } catch (AccessControlException e) {
+            assertNotNull(e);
+        }
+
+        // 3. approve user
+        WorkflowFormTO form = userWorkflowService.getFormForUser(userTO.getId());
+        form = userWorkflowService.claimForm(form.getTaskId());
+        Map<String, WorkflowFormPropertyTO> props = form.getPropertyMap();
+        props.get("approve").setValue(Boolean.TRUE.toString());
+        form.setProperties(props.values());
+        userTO = userWorkflowService.submitForm(form);
+        assertNotNull(userTO);
+        assertEquals("active", userTO.getStatus());
+
+        // 4. try to authenticate again: success
+        assertNotNull(myEntitlementService.getOwnEntitlements());
+    }
 }

Modified: syncope/trunk/core/src/test/resources/content.xml
URL: http://svn.apache.org/viewvc/syncope/trunk/core/src/test/resources/content.xml?rev=1539708&r1=1539707&r2=1539708&view=diff
==============================================================================
--- syncope/trunk/core/src/test/resources/content.xml (original)
+++ syncope/trunk/core/src/test/resources/content.xml Thu Nov  7 16:40:03 2013
@@ -30,6 +30,8 @@ under the License.
   <SyncopeConf confKey="token.expireTime" confValue="60"/>
   <SyncopeConf confKey="selfRegistration.allowed" confValue="true"/>
   <SyncopeConf confKey="notification.maxRetries" confValue="3"/>
+  <!-- when needing to provide more values, use '|' as separator and no spaces -->
+  <SyncopeConf confKey="authentication.statuses" confValue="active"/>
 
   <!-- sample policies -->
   <Policy DTYPE="SyncPolicy" id="1" description="sync policy 1" type="GLOBAL_SYNC" specification="%3Corg.apache.syncope.common.types.SyncPolicySpec%2F%3E"/>