You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@syncope.apache.org by il...@apache.org on 2015/08/26 16:54:10 UTC
[2/7] syncope git commit: [SYNCOPE-686] Enriching UserMod's
pwdPropRequest when using AES and adding resources to users via roles
[SYNCOPE-686] Enriching UserMod's pwdPropRequest when using AES and adding resources to users via roles
Project: http://git-wip-us.apache.org/repos/asf/syncope/repo
Commit: http://git-wip-us.apache.org/repos/asf/syncope/commit/a1737d35
Tree: http://git-wip-us.apache.org/repos/asf/syncope/tree/a1737d35
Diff: http://git-wip-us.apache.org/repos/asf/syncope/diff/a1737d35
Branch: refs/heads/master
Commit: a1737d35ad33c426e89a48259f0655ba3736ac6c
Parents: 4ae3e2c
Author: Francesco Chicchiriccò <il...@apache.org>
Authored: Wed Aug 26 16:26:23 2015 +0200
Committer: Francesco Chicchiriccò <il...@apache.org>
Committed: Wed Aug 26 16:26:23 2015 +0200
----------------------------------------------------------------------
.../core/rest/controller/UserController.java | 3 +-
.../syncope/core/rest/data/UserDataBinder.java | 15 +++
.../syncope/core/rest/RoleTestITCase.java | 2 +-
.../syncope/core/rest/UserTestITCase.java | 107 ++++++++++++++-----
4 files changed, 97 insertions(+), 30 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/syncope/blob/a1737d35/core/src/main/java/org/apache/syncope/core/rest/controller/UserController.java
----------------------------------------------------------------------
diff --git a/core/src/main/java/org/apache/syncope/core/rest/controller/UserController.java b/core/src/main/java/org/apache/syncope/core/rest/controller/UserController.java
index 5cbd5de..68843a7 100644
--- a/core/src/main/java/org/apache/syncope/core/rest/controller/UserController.java
+++ b/core/src/main/java/org/apache/syncope/core/rest/controller/UserController.java
@@ -272,7 +272,8 @@ public class UserController extends AbstractSubjectController<UserTO, UserMod> {
removeMemberships = true;
}
}
- //Actual operations: workflow, propagation, notification
+
+ // Actual operations: workflow, propagation, notification
WorkflowResult<Map.Entry<UserMod, Boolean>> updated = uwfAdapter.update(actual);
List<PropagationTask> tasks = propagationManager.getUserUpdateTaskIds(updated);
http://git-wip-us.apache.org/repos/asf/syncope/blob/a1737d35/core/src/main/java/org/apache/syncope/core/rest/data/UserDataBinder.java
----------------------------------------------------------------------
diff --git a/core/src/main/java/org/apache/syncope/core/rest/data/UserDataBinder.java b/core/src/main/java/org/apache/syncope/core/rest/data/UserDataBinder.java
index 3ac56fc..fcd67c2 100644
--- a/core/src/main/java/org/apache/syncope/core/rest/data/UserDataBinder.java
+++ b/core/src/main/java/org/apache/syncope/core/rest/data/UserDataBinder.java
@@ -30,6 +30,7 @@ import org.apache.syncope.common.SyncopeClientCompositeException;
import org.apache.syncope.common.SyncopeClientException;
import org.apache.syncope.common.mod.AttributeMod;
import org.apache.syncope.common.mod.MembershipMod;
+import org.apache.syncope.common.mod.StatusMod;
import org.apache.syncope.common.mod.UserMod;
import org.apache.syncope.common.to.MembershipTO;
import org.apache.syncope.common.to.UserTO;
@@ -379,6 +380,20 @@ public class UserDataBinder extends AbstractAttributableDataBinder {
user.addMembership(membership);
toBeProvisioned.addAll(role.getResourceNames());
+
+ // SYNCOPE-686: if password is invertible and we are adding resources with password mapping,
+ // ensure that they are counted for password propagation
+ if (toBeUpdated.canDecodePassword()) {
+ for (ExternalResource resource : role.getResources()) {
+ if (resource.getUmapping().getPasswordItem() != null) {
+ if (userMod.getPwdPropRequest() == null) {
+ userMod.setPwdPropRequest(new StatusMod());
+ }
+
+ userMod.getPwdPropRequest().getResourceNames().add(resource.getName());
+ }
+ }
+ }
}
propByRes.merge(fill(membership, membershipMod,
http://git-wip-us.apache.org/repos/asf/syncope/blob/a1737d35/core/src/test/java/org/apache/syncope/core/rest/RoleTestITCase.java
----------------------------------------------------------------------
diff --git a/core/src/test/java/org/apache/syncope/core/rest/RoleTestITCase.java b/core/src/test/java/org/apache/syncope/core/rest/RoleTestITCase.java
index 6e384d4..5f0feb0 100644
--- a/core/src/test/java/org/apache/syncope/core/rest/RoleTestITCase.java
+++ b/core/src/test/java/org/apache/syncope/core/rest/RoleTestITCase.java
@@ -71,7 +71,7 @@ import org.junit.runners.MethodSorters;
@FixMethodOrder(MethodSorters.JVM)
public class RoleTestITCase extends AbstractTest {
- private RoleTO buildBasicRoleTO(final String name) {
+ public static RoleTO buildBasicRoleTO(final String name) {
RoleTO roleTO = new RoleTO();
roleTO.setName(name + getUUIDString());
roleTO.setParent(8L);
http://git-wip-us.apache.org/repos/asf/syncope/blob/a1737d35/core/src/test/java/org/apache/syncope/core/rest/UserTestITCase.java
----------------------------------------------------------------------
diff --git a/core/src/test/java/org/apache/syncope/core/rest/UserTestITCase.java b/core/src/test/java/org/apache/syncope/core/rest/UserTestITCase.java
index 7d5493c..269f0a8 100644
--- a/core/src/test/java/org/apache/syncope/core/rest/UserTestITCase.java
+++ b/core/src/test/java/org/apache/syncope/core/rest/UserTestITCase.java
@@ -1552,38 +1552,40 @@ public class UserTestITCase extends AbstractTest {
pwdCipherAlgo.getValues().set(0, "AES");
configurationService.set(pwdCipherAlgo.getSchema(), pwdCipherAlgo);
- // 3. create user with no resources
- UserTO userTO = getUniqueSampleTO("syncope136_AES@apache.org");
- userTO.getResources().clear();
-
- userTO = createUser(userTO);
- assertNotNull(userTO);
-
- // 4. update user, assign a propagation primary resource but don't provide any password
- UserMod userMod = new UserMod();
- userMod.setId(userTO.getId());
- userMod.getResourcesToAdd().add(RESOURCE_NAME_WS1);
+ try {
+ // 3. create user with no resources
+ UserTO userTO = getUniqueSampleTO("syncope136_AES@apache.org");
+ userTO.getResources().clear();
- final StatusMod st = new StatusMod();
- st.setOnSyncope(false);
- st.getResourceNames().add(RESOURCE_NAME_WS1);
- userMod.setPwdPropRequest(st);
+ userTO = createUser(userTO);
+ assertNotNull(userTO);
- userTO = updateUser(userMod);
- assertNotNull(userTO);
+ // 4. update user, assign a propagation primary resource but don't provide any password
+ UserMod userMod = new UserMod();
+ userMod.setId(userTO.getId());
+ userMod.getResourcesToAdd().add(RESOURCE_NAME_WS1);
- // 5. verify that propagation was successful
- List<PropagationStatus> props = userTO.getPropagationStatusTOs();
- assertNotNull(props);
- assertEquals(1, props.size());
- PropagationStatus prop = props.iterator().next();
- assertNotNull(prop);
- assertEquals(RESOURCE_NAME_WS1, prop.getResource());
- assertEquals(PropagationTaskExecStatus.SUBMITTED, prop.getStatus());
+ final StatusMod st = new StatusMod();
+ st.setOnSyncope(false);
+ st.getResourceNames().add(RESOURCE_NAME_WS1);
+ userMod.setPwdPropRequest(st);
- // 6. restore initial cipher algorithm
- pwdCipherAlgo.getValues().set(0, origpwdCipherAlgo);
- configurationService.set(pwdCipherAlgo.getSchema(), pwdCipherAlgo);
+ userTO = updateUser(userMod);
+ assertNotNull(userTO);
+
+ // 5. verify that propagation was successful
+ List<PropagationStatus> props = userTO.getPropagationStatusTOs();
+ assertNotNull(props);
+ assertEquals(1, props.size());
+ PropagationStatus prop = props.iterator().next();
+ assertNotNull(prop);
+ assertEquals(RESOURCE_NAME_WS1, prop.getResource());
+ assertEquals(PropagationTaskExecStatus.SUBMITTED, prop.getStatus());
+ } finally {
+ // restore initial cipher algorithm
+ pwdCipherAlgo.getValues().set(0, origpwdCipherAlgo);
+ configurationService.set(pwdCipherAlgo.getSchema(), pwdCipherAlgo);
+ }
}
@Test
@@ -2533,4 +2535,53 @@ public class UserTestITCase extends AbstractTest {
assertNotNull(connObjectTO);
assertEquals("newPostalAddress", connObjectTO.getAttrMap().get("postalAddress").getValues().get(0));
}
+
+ @Test
+ public void issueSYNCOPE686() {
+ // 1. read configured cipher algorithm in order to be able to restore it at the end of test
+ AttributeTO pwdCipherAlgo = configurationService.read("password.cipher.algorithm");
+ String origpwdCipherAlgo = pwdCipherAlgo.getValues().get(0);
+
+ // 2. set AES password cipher algorithm
+ pwdCipherAlgo.getValues().set(0, "AES");
+ configurationService.set(pwdCipherAlgo.getSchema(), pwdCipherAlgo);
+
+ try {
+ // 3. create role with LDAP resource assigned
+ RoleTO role = RoleTestITCase.buildBasicRoleTO("syncope686");
+ role.getResources().add(RESOURCE_NAME_LDAP);
+ role = createRole(role);
+ assertNotNull(role);
+
+ // 4. create user with no resources
+ UserTO userTO = getUniqueSampleTO("syncope686@apache.org");
+ userTO.getResources().clear();
+
+ userTO = createUser(userTO);
+ assertNotNull(userTO);
+
+ // 5. update user with the new role, and don't provide any password
+ UserMod userMod = new UserMod();
+ userMod.setId(userTO.getId());
+ MembershipMod membMod = new MembershipMod();
+ membMod.setRole(role.getId());
+ userMod.getMembershipsToAdd().add(membMod);
+
+ userTO = updateUser(userMod);
+ assertNotNull(userTO);
+
+ // 5. verify that propagation was successful
+ List<PropagationStatus> props = userTO.getPropagationStatusTOs();
+ assertNotNull(props);
+ assertEquals(1, props.size());
+ PropagationStatus prop = props.iterator().next();
+ assertNotNull(prop);
+ assertEquals(RESOURCE_NAME_LDAP, prop.getResource());
+ assertEquals(PropagationTaskExecStatus.SUCCESS, prop.getStatus());
+ } finally {
+ // restore initial cipher algorithm
+ pwdCipherAlgo.getValues().set(0, origpwdCipherAlgo);
+ configurationService.set(pwdCipherAlgo.getSchema(), pwdCipherAlgo);
+ }
+ }
}