You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@syncope.apache.org by il...@apache.org on 2017/09/20 10:44:49 UTC
syncope git commit: [SYNCOPE-1210] Random password generation during
propagation is now correctly resource-based
Repository: syncope
Updated Branches:
refs/heads/1_2_X 9ad14b17a -> 59a9d66b9
[SYNCOPE-1210] Random password generation during propagation is now correctly resource-based
Project: http://git-wip-us.apache.org/repos/asf/syncope/repo
Commit: http://git-wip-us.apache.org/repos/asf/syncope/commit/59a9d66b
Tree: http://git-wip-us.apache.org/repos/asf/syncope/tree/59a9d66b
Diff: http://git-wip-us.apache.org/repos/asf/syncope/diff/59a9d66b
Branch: refs/heads/1_2_X
Commit: 59a9d66b90874c64c19fefd2c1cb51c24bb7ec18
Parents: 9ad14b1
Author: Francesco Chicchiriccò <il...@apache.org>
Authored: Wed Sep 20 12:44:42 2017 +0200
Committer: Francesco Chicchiriccò <il...@apache.org>
Committed: Wed Sep 20 12:44:42 2017 +0200
----------------------------------------------------------------------
.../syncope/core/connid/PasswordGenerator.java | 34 ++++----------------
.../apache/syncope/core/util/MappingUtil.java | 6 ++--
.../core/connid/PasswordGeneratorTest.java | 31 ++++++------------
3 files changed, 19 insertions(+), 52 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/syncope/blob/59a9d66b/core/src/main/java/org/apache/syncope/core/connid/PasswordGenerator.java
----------------------------------------------------------------------
diff --git a/core/src/main/java/org/apache/syncope/core/connid/PasswordGenerator.java b/core/src/main/java/org/apache/syncope/core/connid/PasswordGenerator.java
index 108dcb3..0ef7ecb 100644
--- a/core/src/main/java/org/apache/syncope/core/connid/PasswordGenerator.java
+++ b/core/src/main/java/org/apache/syncope/core/connid/PasswordGenerator.java
@@ -25,14 +25,11 @@ import org.apache.commons.lang3.StringUtils;
import org.apache.syncope.common.types.PasswordPolicySpec;
import org.apache.syncope.core.persistence.beans.ExternalResource;
import org.apache.syncope.core.persistence.beans.PasswordPolicy;
-import org.apache.syncope.core.persistence.beans.role.SyncopeRole;
-import org.apache.syncope.core.persistence.beans.user.SyncopeUser;
-import org.apache.syncope.core.persistence.dao.PolicyDAO;
import org.apache.syncope.core.policy.PolicyPattern;
import org.apache.syncope.core.util.InvalidPasswordPolicySpecException;
import org.apache.syncope.core.util.SecureRandomUtil;
-import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
+import org.springframework.transaction.annotation.Transactional;
/**
* Generate random passwords according to given policies.
@@ -49,10 +46,7 @@ public class PasswordGenerator {
private static final int VERY_MAX_LENGTH = 64;
- private static final int MIN_LENGTH_IF_ZERO = 6;
-
- @Autowired
- private PolicyDAO policyDAO;
+ private static final int MIN_LENGTH_IF_ZERO = 8;
public String generate(final List<PasswordPolicySpec> ppSpecs)
throws InvalidPasswordPolicySpecException {
@@ -64,30 +58,16 @@ public class PasswordGenerator {
return generate(policySpec);
}
- public String generate(final SyncopeUser user)
+ @Transactional(readOnly = true)
+ public String generate(final ExternalResource resource)
throws InvalidPasswordPolicySpecException {
List<PasswordPolicySpec> ppSpecs = new ArrayList<PasswordPolicySpec>();
- PasswordPolicy globalPP = policyDAO.getGlobalPasswordPolicy();
- if (globalPP != null && globalPP.getSpecification(PasswordPolicySpec.class) != null) {
- ppSpecs.add(globalPP.getSpecification(PasswordPolicySpec.class));
- }
-
- for (SyncopeRole role : user.getRoles()) {
- if (role.getPasswordPolicy() != null
- && role.getPasswordPolicy().getSpecification(PasswordPolicySpec.class) != null) {
-
- ppSpecs.add(role.getPasswordPolicy().getSpecification(PasswordPolicySpec.class));
- }
- }
+ if (resource.getPasswordPolicy() != null
+ && resource.getPasswordPolicy().getSpecification(PasswordPolicySpec.class) != null) {
- for (ExternalResource resource : user.getResources()) {
- if (resource.getPasswordPolicy() != null
- && resource.getPasswordPolicy().getSpecification(PasswordPolicySpec.class) != null) {
-
- ppSpecs.add(resource.getPasswordPolicy().getSpecification(PasswordPolicySpec.class));
- }
+ ppSpecs.add(resource.getPasswordPolicy().getSpecification(PasswordPolicySpec.class));
}
PasswordPolicySpec policySpec = merge(ppSpecs);
http://git-wip-us.apache.org/repos/asf/syncope/blob/59a9d66b/core/src/main/java/org/apache/syncope/core/util/MappingUtil.java
----------------------------------------------------------------------
diff --git a/core/src/main/java/org/apache/syncope/core/util/MappingUtil.java b/core/src/main/java/org/apache/syncope/core/util/MappingUtil.java
index ae89206..edda35d 100644
--- a/core/src/main/java/org/apache/syncope/core/util/MappingUtil.java
+++ b/core/src/main/java/org/apache/syncope/core/util/MappingUtil.java
@@ -354,7 +354,7 @@ public final class MappingUtil {
}
} else if (resource.isRandomPwdIfNotProvided()) {
try {
- passwordAttrValue = passwordGenerator.generate(user);
+ passwordAttrValue = passwordGenerator.generate(resource);
} catch (InvalidPasswordPolicySpecException e) {
LOG.error("Could not generate policy-compliant random password for {}", user, e);
}
@@ -377,8 +377,8 @@ public final class MappingUtil {
} else {
result = new AbstractMap.SimpleEntry<String, Attribute>(
null, objValues.isEmpty()
- ? AttributeBuilder.build(extAttrName)
- : AttributeBuilder.build(extAttrName, objValues.iterator().next()));
+ ? AttributeBuilder.build(extAttrName)
+ : AttributeBuilder.build(extAttrName, objValues.iterator().next()));
}
}
}
http://git-wip-us.apache.org/repos/asf/syncope/blob/59a9d66b/core/src/test/java/org/apache/syncope/core/connid/PasswordGeneratorTest.java
----------------------------------------------------------------------
diff --git a/core/src/test/java/org/apache/syncope/core/connid/PasswordGeneratorTest.java b/core/src/test/java/org/apache/syncope/core/connid/PasswordGeneratorTest.java
index 54fb4d6..6293deb 100644
--- a/core/src/test/java/org/apache/syncope/core/connid/PasswordGeneratorTest.java
+++ b/core/src/test/java/org/apache/syncope/core/connid/PasswordGeneratorTest.java
@@ -29,6 +29,7 @@ import org.apache.syncope.common.types.CipherAlgorithm;
import org.apache.syncope.common.types.PasswordPolicySpec;
import org.apache.syncope.core.AbstractNonDAOTest;
import org.apache.syncope.core.persistence.beans.user.SyncopeUser;
+import org.apache.syncope.core.persistence.dao.ResourceDAO;
import org.apache.syncope.core.persistence.dao.UserDAO;
import org.apache.syncope.core.policy.PolicyPattern;
import org.apache.syncope.core.util.InvalidPasswordPolicySpecException;
@@ -45,20 +46,8 @@ public class PasswordGeneratorTest extends AbstractNonDAOTest {
@Autowired
private UserDAO userDAO;
- @Test
- public void forUser() {
- SyncopeUser user = userDAO.find(5L);
- String password = null;
- try {
- password = passwordGenerator.generate(user);
- } catch (InvalidPasswordPolicySpecException ex) {
- fail(ex.getMessage());
- }
- assertNotNull(password);
-
- user.setPassword(password, CipherAlgorithm.SHA);
- userDAO.save(user);
- }
+ @Autowired
+ private ResourceDAO resourceDAO;
private PasswordPolicySpec createBasePasswordPolicySpec() {
PasswordPolicySpec basePasswordPolicySpec = new PasswordPolicySpec();
@@ -144,20 +133,18 @@ public class PasswordGeneratorTest extends AbstractNonDAOTest {
}
@Test
- public void issueSYNCOPE226() {
- SyncopeUser user = userDAO.find(5L);
- String password = null;
+ public void testPasswordGenerator() {
+ String password = "";
try {
- password = passwordGenerator.generate(user);
+ password = passwordGenerator.generate(resourceDAO.find("ws-target-resource-nopropagation"));
} catch (InvalidPasswordPolicySpecException e) {
fail(e.getMessage());
}
assertNotNull(password);
- user.setPassword(password, CipherAlgorithm.AES);
-
- SyncopeUser actual = userDAO.save(user);
- assertNotNull(actual);
+ SyncopeUser user = userDAO.find(4L);
+ user.setPassword(password, CipherAlgorithm.SHA);
+ userDAO.save(user);
}
@Test