You are viewing a plain text version of this content. The canonical link for it is here.
Posted to oak-commits@jackrabbit.apache.org by an...@apache.org on 2013/09/04 11:52:20 UTC
svn commit: r1519963 - in /jackrabbit/oak/trunk/oak-core/src:
main/java/org/apache/jackrabbit/oak/spi/security/user/action/PasswordChangeAction.java
test/java/org/apache/jackrabbit/oak/spi/security/user/action/PasswordChangeActionTest.java
Author: angela
Date: Wed Sep 4 09:52:20 2013
New Revision: 1519963
URL: http://svn.apache.org/r1519963
Log:
OAK-50: user mgt
- add PasswordChangeAction
Added:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/action/PasswordChangeAction.java
- copied, changed from r1519606, jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/action/PasswordValidationAction.java
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/user/action/PasswordChangeActionTest.java
Copied: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/action/PasswordChangeAction.java (from r1519606, jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/action/PasswordValidationAction.java)
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/action/PasswordChangeAction.java?p2=jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/action/PasswordChangeAction.java&p1=jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/action/PasswordValidationAction.java&r1=1519606&r2=1519963&rev=1519963&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/action/PasswordValidationAction.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/action/PasswordChangeAction.java Wed Sep 4 09:52:20 2013
@@ -16,10 +16,8 @@
*/
package org.apache.jackrabbit.oak.spi.security.user.action;
-import java.util.regex.Pattern;
-import java.util.regex.PatternSyntaxException;
+import javax.annotation.CheckForNull;
import javax.annotation.Nonnull;
-import javax.annotation.Nullable;
import javax.jcr.RepositoryException;
import javax.jcr.nodetype.ConstraintViolationException;
@@ -28,84 +26,41 @@ import org.apache.jackrabbit.oak.api.Roo
import org.apache.jackrabbit.oak.namepath.NamePathMapper;
import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters;
import org.apache.jackrabbit.oak.spi.security.SecurityProvider;
+import org.apache.jackrabbit.oak.spi.security.user.UserConstants;
import org.apache.jackrabbit.oak.spi.security.user.util.PasswordUtil;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
+import org.apache.jackrabbit.oak.util.TreeUtil;
/**
- * {@code PasswordValidationAction} provides a simple password validation
- * mechanism with the following configurable option:
+ * {@code PasswordChangeAction} asserts that the upon
+ * {@link #onPasswordChange(org.apache.jackrabbit.api.security.user.User, String,
+ * org.apache.jackrabbit.oak.api.Root, org.apache.jackrabbit.oak.namepath.NamePathMapper)}
+ * a different, non-null password is specified.
*
- * <ul>
- * <li><strong>constraint</strong>: a regular expression that can be compiled
- * to a {@link java.util.regex.Pattern} defining validation rules for a password.</li>
- * </ul>
- *
- * <p>The password validation is executed on user creation and upon password
- * change. It throws a {@code ConstraintViolationException} if the password
- * validation fails.</p>
- *
- * @see org.apache.jackrabbit.api.security.user.UserManager#createUser(String, String)
* @see org.apache.jackrabbit.api.security.user.User#changePassword(String)
* @see org.apache.jackrabbit.api.security.user.User#changePassword(String, String)
*/
-public class PasswordValidationAction extends AbstractAuthorizableAction {
-
- private static final Logger log = LoggerFactory.getLogger(PasswordValidationAction.class);
-
- public static final String CONSTRAINT = "constraint";
+public class PasswordChangeAction extends AbstractAuthorizableAction {
- private Pattern pattern;
-
- //-----------------------------------------< AbstractAuthorizableAction >---
@Override
protected void init(SecurityProvider securityProvider, ConfigurationParameters config) {
- String constraint = config.getNullableConfigValue(CONSTRAINT, (String) null);
- if (constraint != null) {
- setConstraint(constraint);
- }
+ // nothing to do
}
//-------------------------------------------------< AuthorizableAction >---
@Override
- public void onCreate(User user, String password, Root root, NamePathMapper namePathMapper) throws RepositoryException {
- validatePassword(password, false);
- }
-
- @Override
public void onPasswordChange(User user, String newPassword, Root root, NamePathMapper namePathMapper) throws RepositoryException {
- validatePassword(newPassword, true);
- }
-
- //------------------------------------------------------< Configuration >---
- /**
- * Set the password constraint.
- *
- * @param constraint A regular expression that can be used to validate a new password.
- */
- public void setConstraint(@Nonnull String constraint) {
- try {
- pattern = Pattern.compile(constraint);
- } catch (PatternSyntaxException e) {
- log.warn("Invalid password constraint: ", e.getMessage());
+ if (newPassword == null) {
+ throw new ConstraintViolationException("Expected a new password that is not null.");
+ }
+ String pwHash = getPasswordHash(root, user);
+ if (PasswordUtil.isSame(pwHash, newPassword)) {
+ throw new ConstraintViolationException("New password is identical to the old password.");
}
}
//------------------------------------------------------------< private >---
- /**
- * Validate the specified password.
- *
- * @param password The password to be validated
- * @param forceMatch If true the specified password is always validated;
- * otherwise only if it is a plain text password.
- * @throws RepositoryException If the specified password is too short or
- * doesn't match the specified password pattern.
- */
- private void validatePassword(@Nullable String password, boolean forceMatch) throws RepositoryException {
- if (password != null && (forceMatch || PasswordUtil.isPlainTextPassword(password))) {
- if (pattern != null && !pattern.matcher(password).matches()) {
- throw new ConstraintViolationException("Password violates password constraint (" + pattern.pattern() + ").");
- }
- }
+ @CheckForNull
+ private String getPasswordHash(@Nonnull Root root, @Nonnull User user) throws RepositoryException {
+ return TreeUtil.getString(root.getTree(user.getPath()), UserConstants.REP_PASSWORD);
}
}
\ No newline at end of file
Added: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/user/action/PasswordChangeActionTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/user/action/PasswordChangeActionTest.java?rev=1519963&view=auto
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/user/action/PasswordChangeActionTest.java (added)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/user/action/PasswordChangeActionTest.java Wed Sep 4 09:52:20 2013
@@ -0,0 +1,75 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.oak.spi.security.user.action;
+
+import java.util.UUID;
+import javax.jcr.nodetype.ConstraintViolationException;
+
+import org.apache.jackrabbit.api.security.user.User;
+import org.apache.jackrabbit.oak.AbstractSecurityTest;
+import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters;
+import org.junit.Before;
+import org.junit.Test;
+
+import static org.junit.Assert.fail;
+
+public class PasswordChangeActionTest extends AbstractSecurityTest {
+
+ private PasswordChangeAction pwChangeAction;
+
+ @Before
+ public void before() throws Exception {
+ super.before();
+ pwChangeAction = new PasswordChangeAction();
+ pwChangeAction.init(getSecurityProvider(), ConfigurationParameters.EMPTY);
+ }
+
+ @Test
+ public void testNullPassword() throws Exception {
+ try {
+ pwChangeAction.onPasswordChange(getTestUser(), null, root, getNamePathMapper());
+ fail("ConstraintViolationException expected.");
+ } catch (ConstraintViolationException e) {
+ // success
+ }
+ }
+
+ @Test
+ public void testSamePassword() throws Exception {
+ try {
+ User user = getTestUser();
+ String pw = user.getID();
+ pwChangeAction.onPasswordChange(user, pw, root, getNamePathMapper());
+ fail("ConstraintViolationException expected.");
+ } catch (ConstraintViolationException e) {
+ // success
+ }
+ }
+
+ @Test
+ public void testPasswordChange() throws Exception {
+ pwChangeAction.onPasswordChange(getTestUser(), "changedPassword", root, getNamePathMapper());
+ }
+
+ @Test
+ public void testUserWithoutPassword() throws Exception {
+ String uid = "testUser" + UUID.randomUUID();
+ User user = getUserManager(root).createUser(uid, null);
+
+ pwChangeAction.onPasswordChange(user, "changedPassword", root, getNamePathMapper());
+ }
+}
\ No newline at end of file