You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@syncope.apache.org by il...@apache.org on 2018/10/30 17:03:00 UTC
[2/3] syncope git commit: [SYNCOPE-1388] Now only POST
/user/self/mustChangePassword is allowed when mustChangePassword flag is set
on user
[SYNCOPE-1388] Now only POST /user/self/mustChangePassword is allowed when mustChangePassword flag is set on user
Project: http://git-wip-us.apache.org/repos/asf/syncope/repo
Commit: http://git-wip-us.apache.org/repos/asf/syncope/commit/01e32d2d
Tree: http://git-wip-us.apache.org/repos/asf/syncope/tree/01e32d2d
Diff: http://git-wip-us.apache.org/repos/asf/syncope/diff/01e32d2d
Branch: refs/heads/master
Commit: 01e32d2d0ad7a9f171440dcf369da6a8f72a7d4b
Parents: 9fc33d2
Author: Francesco Chicchiriccò <il...@apache.org>
Authored: Tue Oct 30 17:56:59 2018 +0100
Committer: Francesco Chicchiriccò <il...@apache.org>
Committed: Tue Oct 30 17:57:57 2018 +0100
----------------------------------------------------------------------
appveyor.yml | 6 ++---
.../console/SyncopeConsoleApplication.java | 3 +--
.../client/console/SyncopeConsoleSession.java | 24 ++++++++++++++------
.../client/console/panels/AnyTypesPanel.java | 4 ++--
.../client/enduser/SyncopeEnduserSession.java | 23 +++++++++++--------
.../resources/UserSelfChangePassword.java | 12 +---------
.../enduser/resources/UserSelfReadResource.java | 1 -
.../app/js/controllers/UserController.js | 10 ++++----
.../app/js/services/userSelfService.js | 3 ++-
.../apache/syncope/core/logic/UserLogic.java | 12 ++++++----
.../security/MustChangePasswordFilter.java | 10 ++------
.../spring/security/SyncopeJWTSSOProvider.java | 2 +-
.../client/console/pages/SAML2SPLogin.java | 1 -
.../apache/syncope/fit/core/UserSelfITCase.java | 12 +++++-----
14 files changed, 63 insertions(+), 60 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/syncope/blob/01e32d2d/appveyor.yml
----------------------------------------------------------------------
diff --git a/appveyor.yml b/appveyor.yml
index acd8bb4..f58a884 100644
--- a/appveyor.yml
+++ b/appveyor.yml
@@ -26,9 +26,9 @@ install:
(new-object System.Net.WebClient).DownloadFile('https://www.apache.org/dist/maven/maven-3/3.5.4/binaries/apache-maven-3.5.4-bin.zip', 'C:\maven-bin.zip')
[System.IO.Compression.ZipFile]::ExtractToDirectory("C:\maven-bin.zip", "C:\maven")
}
- - cmd: SET PATH=C:\maven\apache-maven-3.5.3\bin;%JAVA_HOME%\bin;=%;
- - cmd: SET JAVA_HOME=C:\Program Files\Java\jdk10
- - cmd: SET M2_HOME=C:\maven\apache-maven-3.5.3
+ - cmd: SET PATH=C:\maven\apache-maven-3.5.4\bin;%JAVA_HOME%\bin;=%;
+ - cmd: SET JAVA_HOME=C:\Program Files\Java\jdk1.8.0
+ - cmd: SET M2_HOME=C:\maven\apache-maven-3.5.4
- cmd: SET MAVEN_OPTS=-Xmx4g
- cmd: SET JAVA_OPTS=-Xmx4g
build_script:
http://git-wip-us.apache.org/repos/asf/syncope/blob/01e32d2d/client/console/src/main/java/org/apache/syncope/client/console/SyncopeConsoleApplication.java
----------------------------------------------------------------------
diff --git a/client/console/src/main/java/org/apache/syncope/client/console/SyncopeConsoleApplication.java b/client/console/src/main/java/org/apache/syncope/client/console/SyncopeConsoleApplication.java
index f03f823..3431f04 100644
--- a/client/console/src/main/java/org/apache/syncope/client/console/SyncopeConsoleApplication.java
+++ b/client/console/src/main/java/org/apache/syncope/client/console/SyncopeConsoleApplication.java
@@ -49,7 +49,6 @@ import org.apache.syncope.client.lib.SyncopeClientFactoryBean;
import org.apache.syncope.common.lib.PropertyUtils;
import org.apache.syncope.common.lib.SyncopeConstants;
import org.apache.syncope.common.lib.to.EntityTO;
-import org.apache.syncope.common.lib.types.StandardEntitlement;
import org.apache.syncope.common.rest.api.service.DomainService;
import org.apache.wicket.Page;
import org.apache.wicket.authroles.authentication.AbstractAuthenticatedWebSession;
@@ -254,7 +253,7 @@ public class SyncopeConsoleApplication extends AuthenticatedWebApplication {
@Override
public Class<? extends Page> getHomePage() {
return AuthenticatedWebSession.get().isSignedIn()
- && SyncopeConsoleSession.get().owns(StandardEntitlement.MUST_CHANGE_PASSWORD)
+ && SyncopeConsoleSession.get().getSelfTO().isMustChangePassword()
? MustChangePassword.class
: Dashboard.class;
}
http://git-wip-us.apache.org/repos/asf/syncope/blob/01e32d2d/client/console/src/main/java/org/apache/syncope/client/console/SyncopeConsoleSession.java
----------------------------------------------------------------------
diff --git a/client/console/src/main/java/org/apache/syncope/client/console/SyncopeConsoleSession.java b/client/console/src/main/java/org/apache/syncope/client/console/SyncopeConsoleSession.java
index d793da2..6f9d7a9 100644
--- a/client/console/src/main/java/org/apache/syncope/client/console/SyncopeConsoleSession.java
+++ b/client/console/src/main/java/org/apache/syncope/client/console/SyncopeConsoleSession.java
@@ -31,6 +31,7 @@ import java.util.Set;
import java.util.concurrent.Callable;
import java.util.concurrent.CompletableFuture;
import java.util.concurrent.Future;
+import javax.ws.rs.ForbiddenException;
import javax.ws.rs.core.EntityTag;
import javax.ws.rs.core.MediaType;
import org.apache.commons.collections4.list.SetUniqueList;
@@ -48,6 +49,7 @@ import org.apache.syncope.common.lib.SyncopeConstants;
import org.apache.syncope.common.lib.info.PlatformInfo;
import org.apache.syncope.common.lib.info.SystemInfo;
import org.apache.syncope.common.lib.to.UserTO;
+import org.apache.syncope.common.lib.types.StandardEntitlement;
import org.apache.syncope.common.rest.api.service.SyncopeService;
import org.apache.wicket.Session;
import org.apache.wicket.authroles.authentication.AuthenticatedWebSession;
@@ -163,7 +165,7 @@ public class SyncopeConsoleSession extends AuthenticatedWebSession {
try {
client = clientFactory.setDomain(getDomain()).create(username, password);
- refreshAuth();
+ refreshAuth(username);
authenticated = true;
} catch (Exception e) {
@@ -179,7 +181,7 @@ public class SyncopeConsoleSession extends AuthenticatedWebSession {
try {
client = clientFactory.setDomain(getDomain()).create(jwt);
- refreshAuth();
+ refreshAuth(null);
authenticated = true;
} catch (Exception e) {
@@ -270,11 +272,19 @@ public class SyncopeConsoleSession extends AuthenticatedWebSession {
return roles;
}
- public void refreshAuth() {
- Pair<Map<String, Set<String>>, UserTO> self = client.self();
- auth = self.getLeft();
- selfTO = self.getRight();
- roles = null;
+ public void refreshAuth(final String username) {
+ try {
+ Pair<Map<String, Set<String>>, UserTO> self = client.self();
+ auth = self.getLeft();
+ selfTO = self.getRight();
+ roles = null;
+ } catch (ForbiddenException e) {
+ LOG.warn("Could not read self(), probably in a {} scenario", StandardEntitlement.MUST_CHANGE_PASSWORD, e);
+
+ selfTO = new UserTO();
+ selfTO.setUsername(username);
+ selfTO.setMustChangePassword(true);
+ }
}
@SuppressWarnings("unchecked")
http://git-wip-us.apache.org/repos/asf/syncope/blob/01e32d2d/client/console/src/main/java/org/apache/syncope/client/console/panels/AnyTypesPanel.java
----------------------------------------------------------------------
diff --git a/client/console/src/main/java/org/apache/syncope/client/console/panels/AnyTypesPanel.java b/client/console/src/main/java/org/apache/syncope/client/console/panels/AnyTypesPanel.java
index 97158e5..8e407f7 100644
--- a/client/console/src/main/java/org/apache/syncope/client/console/panels/AnyTypesPanel.java
+++ b/client/console/src/main/java/org/apache/syncope/client/console/panels/AnyTypesPanel.java
@@ -75,7 +75,7 @@ public class AnyTypesPanel extends TypesDirectoryPanel<AnyTypeTO, AnyTypesPanel.
try {
if (getOriginalItem() == null || StringUtils.isBlank(getOriginalItem().getKey())) {
restClient.create(modelObject);
- SyncopeConsoleSession.get().refreshAuth();
+ SyncopeConsoleSession.get().refreshAuth(null);
} else {
restClient.update(modelObject);
}
@@ -175,7 +175,7 @@ public class AnyTypesPanel extends TypesDirectoryPanel<AnyTypeTO, AnyTypesPanel.
public void onClick(final AjaxRequestTarget target, final AnyTypeTO ignore) {
try {
restClient.delete(model.getObject().getKey());
- SyncopeConsoleSession.get().refreshAuth();
+ SyncopeConsoleSession.get().refreshAuth(null);
SyncopeConsoleSession.get().info(getString(Constants.OPERATION_SUCCEEDED));
target.add(container);
http://git-wip-us.apache.org/repos/asf/syncope/blob/01e32d2d/client/enduser/src/main/java/org/apache/syncope/client/enduser/SyncopeEnduserSession.java
----------------------------------------------------------------------
diff --git a/client/enduser/src/main/java/org/apache/syncope/client/enduser/SyncopeEnduserSession.java b/client/enduser/src/main/java/org/apache/syncope/client/enduser/SyncopeEnduserSession.java
index 9f8fe09..3b48522 100644
--- a/client/enduser/src/main/java/org/apache/syncope/client/enduser/SyncopeEnduserSession.java
+++ b/client/enduser/src/main/java/org/apache/syncope/client/enduser/SyncopeEnduserSession.java
@@ -19,12 +19,10 @@
package org.apache.syncope.client.enduser;
import java.util.List;
-import java.util.Map;
-import java.util.Set;
import java.util.stream.Collectors;
+import javax.ws.rs.ForbiddenException;
import javax.ws.rs.core.EntityTag;
import javax.ws.rs.core.MediaType;
-import org.apache.commons.lang3.tuple.Pair;
import org.apache.cxf.jaxrs.client.WebClient;
import org.apache.syncope.client.lib.AnonymousAuthenticationHandler;
import org.apache.syncope.client.lib.SyncopeClient;
@@ -33,6 +31,7 @@ import org.apache.syncope.common.lib.to.PlainSchemaTO;
import org.apache.syncope.common.lib.to.UserTO;
import org.apache.syncope.common.lib.types.AttrSchemaType;
import org.apache.syncope.common.lib.types.SchemaType;
+import org.apache.syncope.common.lib.types.StandardEntitlement;
import org.apache.syncope.common.rest.api.beans.SchemaQuery;
import org.apache.syncope.common.rest.api.service.SchemaService;
import org.apache.syncope.common.rest.api.service.SyncopeService;
@@ -87,9 +86,16 @@ public class SyncopeEnduserSession extends WebSession {
filter(object -> object.getType() != AttrSchemaType.Date).collect(Collectors.toSet()));
}
- private void afterAuthentication() {
- Pair<Map<String, Set<String>>, UserTO> self = client.self();
- selfTO = self.getRight();
+ private void afterAuthentication(final String username) {
+ try {
+ selfTO = client.self().getRight();
+ } catch (ForbiddenException e) {
+ LOG.warn("Could not read self(), probably in a {} scenario", StandardEntitlement.MUST_CHANGE_PASSWORD, e);
+
+ selfTO = new UserTO();
+ selfTO.setUsername(username);
+ selfTO.setMustChangePassword(true);
+ }
// bind explicitly this session to have a stateful behavior during http requests, unless session will
// expire for every request
@@ -104,7 +110,7 @@ public class SyncopeEnduserSession extends WebSession {
setDomain(SyncopeEnduserApplication.get().getDomain()).
create(username, password);
- afterAuthentication();
+ afterAuthentication(username);
authenticated = true;
} catch (Exception e) {
@@ -121,7 +127,7 @@ public class SyncopeEnduserSession extends WebSession {
client = SyncopeEnduserApplication.get().getClientFactory().
setDomain(SyncopeEnduserApplication.get().getDomain()).create(jwt);
- afterAuthentication();
+ afterAuthentication(null);
authenticated = true;
} catch (Exception e) {
@@ -190,5 +196,4 @@ public class SyncopeEnduserSession extends WebSession {
public void setXsrfTokenGenerated(final boolean xsrfTokenGenerated) {
this.xsrfTokenGenerated = xsrfTokenGenerated;
}
-
}
http://git-wip-us.apache.org/repos/asf/syncope/blob/01e32d2d/client/enduser/src/main/java/org/apache/syncope/client/enduser/resources/UserSelfChangePassword.java
----------------------------------------------------------------------
diff --git a/client/enduser/src/main/java/org/apache/syncope/client/enduser/resources/UserSelfChangePassword.java b/client/enduser/src/main/java/org/apache/syncope/client/enduser/resources/UserSelfChangePassword.java
index 2d476e8..e18cd28 100644
--- a/client/enduser/src/main/java/org/apache/syncope/client/enduser/resources/UserSelfChangePassword.java
+++ b/client/enduser/src/main/java/org/apache/syncope/client/enduser/resources/UserSelfChangePassword.java
@@ -18,7 +18,6 @@
*/
package org.apache.syncope.client.enduser.resources;
-import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.util.Map;
import javax.servlet.http.HttpServletRequest;
@@ -56,16 +55,7 @@ public class UserSelfChangePassword extends BaseResource {
mustChangePassword(parameters.get("newPassword")[0]);
response.setTextEncoding(StandardCharsets.UTF_8.name());
-
- response.setWriteCallback(new WriteCallback() {
-
- @Override
- public void writeData(final Attributes attributes) throws IOException {
- attributes.getResponse().write("Password changed correctly");
- }
- });
-
- response.setStatusCode(Response.Status.OK.getStatusCode());
+ response.setStatusCode(Response.Status.NO_CONTENT.getStatusCode());
} catch (final Exception e) {
LOG.error("Error while updating user", e);
response.setError(Response.Status.BAD_REQUEST.getStatusCode(), new StringBuilder()
http://git-wip-us.apache.org/repos/asf/syncope/blob/01e32d2d/client/enduser/src/main/java/org/apache/syncope/client/enduser/resources/UserSelfReadResource.java
----------------------------------------------------------------------
diff --git a/client/enduser/src/main/java/org/apache/syncope/client/enduser/resources/UserSelfReadResource.java b/client/enduser/src/main/java/org/apache/syncope/client/enduser/resources/UserSelfReadResource.java
index 3e8e2ce..c58be85 100644
--- a/client/enduser/src/main/java/org/apache/syncope/client/enduser/resources/UserSelfReadResource.java
+++ b/client/enduser/src/main/java/org/apache/syncope/client/enduser/resources/UserSelfReadResource.java
@@ -149,5 +149,4 @@ public class UserSelfReadResource extends BaseUserSelfResource {
attrs.clear();
}
}
-
}
http://git-wip-us.apache.org/repos/asf/syncope/blob/01e32d2d/client/enduser/src/main/resources/META-INF/resources/app/js/controllers/UserController.js
----------------------------------------------------------------------
diff --git a/client/enduser/src/main/resources/META-INF/resources/app/js/controllers/UserController.js b/client/enduser/src/main/resources/META-INF/resources/app/js/controllers/UserController.js
index 7718db7..f919b08 100644
--- a/client/enduser/src/main/resources/META-INF/resources/app/js/controllers/UserController.js
+++ b/client/enduser/src/main/resources/META-INF/resources/app/js/controllers/UserController.js
@@ -341,7 +341,6 @@ angular.module("self").controller("UserController", ['$scope', '$rootScope', '$l
$scope.user = UserUtil.getUnwrappedUser(response);
$scope.user.password = undefined;
-
$scope.initialSecurityQuestion = $scope.user.securityQuestion;
// initialize already assigned resources
$scope.dynamicForm.selectedResources = $scope.user.resources;
@@ -520,7 +519,7 @@ angular.module("self").controller("UserController", ['$scope', '$rootScope', '$l
+ $filter('translate')(["SUCCESSFULLY_UPDATED"]).SUCCESSFULLY_UPDATED
});
}, function (response) {
- console.info("Error during user update: ", response);
+ console.error("Error during user update: ", response);
var errorMessage;
// parse error response
if (response !== undefined) {
@@ -614,8 +613,11 @@ angular.module("self").controller("UserController", ['$scope', '$rootScope', '$l
//check if password and confirmPassword are equals using angular built-in validation
if (ValidationExecutor.validate(currentForm, $scope)) {
if (user && user.password) {
- UserSelfService.changePassword({"newPassword": user.password}).then(function (data) {
- $scope.logout(data);
+ UserSelfService.changePassword({"newPassword": user.password}).then(function (response) {
+ console.debug("User " + user.username + " password successfully CHANGED");
+ $scope.logout({
+ successMessage: $filter('translate')(["PASSWORD_UPDATED"]).PASSWORD_UPDATED
+ });
}, function (response) {
var errorMessage;
// parse error response
http://git-wip-us.apache.org/repos/asf/syncope/blob/01e32d2d/client/enduser/src/main/resources/META-INF/resources/app/js/services/userSelfService.js
----------------------------------------------------------------------
diff --git a/client/enduser/src/main/resources/META-INF/resources/app/js/services/userSelfService.js b/client/enduser/src/main/resources/META-INF/resources/app/js/services/userSelfService.js
index 2920814..b7e05d3 100644
--- a/client/enduser/src/main/resources/META-INF/resources/app/js/services/userSelfService.js
+++ b/client/enduser/src/main/resources/META-INF/resources/app/js/services/userSelfService.js
@@ -115,8 +115,9 @@ angular.module('login')
}
})
.then(function (response) {
- return response.data || response.statusText;
+ return response;
}, function (response) {
+ console.error("Something went wrong during passwod change, exit with status: ", response);
return $q.reject(response.data || response.statusText);
});
};
http://git-wip-us.apache.org/repos/asf/syncope/blob/01e32d2d/core/logic/src/main/java/org/apache/syncope/core/logic/UserLogic.java
----------------------------------------------------------------------
diff --git a/core/logic/src/main/java/org/apache/syncope/core/logic/UserLogic.java b/core/logic/src/main/java/org/apache/syncope/core/logic/UserLogic.java
index dace468..56a01b4 100644
--- a/core/logic/src/main/java/org/apache/syncope/core/logic/UserLogic.java
+++ b/core/logic/src/main/java/org/apache/syncope/core/logic/UserLogic.java
@@ -85,7 +85,7 @@ public class UserLogic extends AbstractAnyLogic<UserTO, UserPatch> {
@Autowired
protected SyncopeLogic syncopeLogic;
- @PreAuthorize("isAuthenticated()")
+ @PreAuthorize("isAuthenticated() and not(hasRole('" + StandardEntitlement.MUST_CHANGE_PASSWORD + "'))")
@Transactional(readOnly = true)
public Pair<String, UserTO> selfRead() {
return Pair.of(
@@ -164,7 +164,9 @@ public class UserLogic extends AbstractAnyLogic<UserTO, UserPatch> {
binder.returnUserTO(binder.getUserTO(created.getKey())), created.getRight(), before.getRight());
}
- @PreAuthorize("isAuthenticated() and not(hasRole('" + StandardEntitlement.ANONYMOUS + "'))")
+ @PreAuthorize("isAuthenticated() "
+ + "and not(hasRole('" + StandardEntitlement.ANONYMOUS + "')) "
+ + "and not(hasRole('" + StandardEntitlement.MUST_CHANGE_PASSWORD + "'))")
public ProvisioningResult<UserTO> selfUpdate(final UserPatch userPatch, final boolean nullPriorityAsync) {
UserTO userTO = binder.getAuthenticatedUserTO();
userPatch.setKey(userTO.getKey());
@@ -264,7 +266,7 @@ public class UserLogic extends AbstractAnyLogic<UserTO, UserPatch> {
Collections.<String>emptySet());
}
- @PreAuthorize("isAuthenticated()")
+ @PreAuthorize("isAuthenticated() and not(hasRole('" + StandardEntitlement.MUST_CHANGE_PASSWORD + "'))")
public ProvisioningResult<UserTO> selfStatus(final StatusPatch statusPatch, final boolean nullPriorityAsync) {
statusPatch.setKey(userDAO.findKey(AuthContextUtils.getUsername()));
Pair<String, List<PropagationStatus>> updated = setStatusOnWfAdapter(statusPatch, nullPriorityAsync);
@@ -316,7 +318,9 @@ public class UserLogic extends AbstractAnyLogic<UserTO, UserPatch> {
provisioningManager.confirmPasswordReset(user.getKey(), token, password);
}
- @PreAuthorize("isAuthenticated() and not(hasRole('" + StandardEntitlement.ANONYMOUS + "'))")
+ @PreAuthorize("isAuthenticated() "
+ + "and not(hasRole('" + StandardEntitlement.ANONYMOUS + "')) "
+ + "and not(hasRole('" + StandardEntitlement.MUST_CHANGE_PASSWORD + "'))")
public ProvisioningResult<UserTO> selfDelete(final boolean nullPriorityAsync) {
UserTO userTO = binder.getAuthenticatedUserTO();
return doDelete(userTO, true, nullPriorityAsync);
http://git-wip-us.apache.org/repos/asf/syncope/blob/01e32d2d/core/spring/src/main/java/org/apache/syncope/core/spring/security/MustChangePasswordFilter.java
----------------------------------------------------------------------
diff --git a/core/spring/src/main/java/org/apache/syncope/core/spring/security/MustChangePasswordFilter.java b/core/spring/src/main/java/org/apache/syncope/core/spring/security/MustChangePasswordFilter.java
index c901c0b..15ea6a9 100644
--- a/core/spring/src/main/java/org/apache/syncope/core/spring/security/MustChangePasswordFilter.java
+++ b/core/spring/src/main/java/org/apache/syncope/core/spring/security/MustChangePasswordFilter.java
@@ -25,7 +25,6 @@ import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
-import org.apache.commons.lang3.ArrayUtils;
import org.apache.syncope.common.lib.types.StandardEntitlement;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.core.context.SecurityContextHolder;
@@ -33,10 +32,6 @@ import org.springframework.security.web.servletapi.SecurityContextHolderAwareReq
public class MustChangePasswordFilter implements Filter {
- private static final String[] ALLOWED = new String[] {
- "/users/self", "/users/self/changePassword"
- };
-
@Override
public void init(final FilterConfig filterConfig) throws ServletException {
// not used
@@ -58,8 +53,8 @@ public class MustChangePasswordFilter implements Filter {
SecurityContextHolderAwareRequestWrapper wrapper =
SecurityContextHolderAwareRequestWrapper.class.cast(request);
- if (isMustChangePassword && "GET".equalsIgnoreCase(wrapper.getMethod())
- && !ArrayUtils.contains(ALLOWED, wrapper.getPathInfo())) {
+ if (isMustChangePassword && !"POST".equalsIgnoreCase(wrapper.getMethod())
+ && !"/users/self/changePassword".equals(wrapper.getPathInfo())) {
throw new AccessDeniedException("Please change your password first");
}
@@ -67,5 +62,4 @@ public class MustChangePasswordFilter implements Filter {
chain.doFilter(request, response);
}
-
}
http://git-wip-us.apache.org/repos/asf/syncope/blob/01e32d2d/core/spring/src/main/java/org/apache/syncope/core/spring/security/SyncopeJWTSSOProvider.java
----------------------------------------------------------------------
diff --git a/core/spring/src/main/java/org/apache/syncope/core/spring/security/SyncopeJWTSSOProvider.java b/core/spring/src/main/java/org/apache/syncope/core/spring/security/SyncopeJWTSSOProvider.java
index 08715e1..279cd6f 100644
--- a/core/spring/src/main/java/org/apache/syncope/core/spring/security/SyncopeJWTSSOProvider.java
+++ b/core/spring/src/main/java/org/apache/syncope/core/spring/security/SyncopeJWTSSOProvider.java
@@ -87,7 +87,7 @@ public class SyncopeJWTSSOProvider implements JWTSSOProvider {
Set<SyncopeGrantedAuthority> authorities = Collections.emptySet();
if (user != null) {
AccessToken accessToken = accessTokenDAO.find(jwtClaims.getTokenId());
- if (accessToken.getAuthorities() != null) {
+ if (accessToken != null && accessToken.getAuthorities() != null) {
try {
authorities = POJOHelper.deserialize(
ENCRYPTOR.decode(new String(accessToken.getAuthorities()), CipherAlgorithm.AES),
http://git-wip-us.apache.org/repos/asf/syncope/blob/01e32d2d/ext/saml2sp/client-console/src/main/java/org/apache/syncope/client/console/pages/SAML2SPLogin.java
----------------------------------------------------------------------
diff --git a/ext/saml2sp/client-console/src/main/java/org/apache/syncope/client/console/pages/SAML2SPLogin.java b/ext/saml2sp/client-console/src/main/java/org/apache/syncope/client/console/pages/SAML2SPLogin.java
index 69f8294..d6b10c9 100644
--- a/ext/saml2sp/client-console/src/main/java/org/apache/syncope/client/console/pages/SAML2SPLogin.java
+++ b/ext/saml2sp/client-console/src/main/java/org/apache/syncope/client/console/pages/SAML2SPLogin.java
@@ -68,5 +68,4 @@ public class SAML2SPLogin extends WebPage {
}
strategy.remove();
}
-
}
http://git-wip-us.apache.org/repos/asf/syncope/blob/01e32d2d/fit/core-reference/src/test/java/org/apache/syncope/fit/core/UserSelfITCase.java
----------------------------------------------------------------------
diff --git a/fit/core-reference/src/test/java/org/apache/syncope/fit/core/UserSelfITCase.java b/fit/core-reference/src/test/java/org/apache/syncope/fit/core/UserSelfITCase.java
index 63db20e..162cb88 100644
--- a/fit/core-reference/src/test/java/org/apache/syncope/fit/core/UserSelfITCase.java
+++ b/fit/core-reference/src/test/java/org/apache/syncope/fit/core/UserSelfITCase.java
@@ -57,7 +57,7 @@ import org.apache.syncope.common.lib.types.ClientExceptionType;
import org.apache.syncope.common.lib.types.PatchOperation;
import org.apache.syncope.common.rest.api.beans.AnyQuery;
import org.apache.syncope.common.rest.api.beans.UserRequestFormQuery;
-import org.apache.syncope.common.rest.api.service.ResourceService;
+import org.apache.syncope.common.rest.api.service.AccessTokenService;
import org.apache.syncope.common.rest.api.service.UserRequestService;
import org.apache.syncope.common.rest.api.service.UserSelfService;
import org.apache.syncope.common.rest.api.service.UserService;
@@ -377,10 +377,10 @@ public class UserSelfITCase extends AbstractITCase {
// 0. access as vivaldi -> succeed
SyncopeClient vivaldiClient = clientFactory.create("vivaldi", "password321");
- Pair<Map<String, Set<String>>, UserTO> self = vivaldiClient.self();
- assertFalse(self.getRight().isMustChangePassword());
+ Response response = vivaldiClient.getService(AccessTokenService.class).refresh();
+ assertEquals(Response.Status.NO_CONTENT.getStatusCode(), response.getStatus());
- // 1. update user vivaldi (3) requirig password update
+ // 1. update user vivaldi requiring password update
userPatch = new UserPatch();
userPatch.setKey("b3cbc78d-32e6-4bd4-92e0-bbe07566a2ee");
userPatch.setMustChangePassword(new BooleanReplacePatchItem.Builder().value(true).build());
@@ -389,7 +389,7 @@ public class UserSelfITCase extends AbstractITCase {
// 2. attempt to access -> fail
try {
- vivaldiClient.getService(ResourceService.class).list();
+ vivaldiClient.self();
fail("This should not happen");
} catch (ForbiddenException e) {
assertNotNull(e);
@@ -400,7 +400,7 @@ public class UserSelfITCase extends AbstractITCase {
vivaldiClient.getService(UserSelfService.class).mustChangePassword("password123");
// 4. verify it worked
- self = clientFactory.create("vivaldi", "password123").self();
+ Pair<Map<String, Set<String>>, UserTO> self = clientFactory.create("vivaldi", "password123").self();
assertFalse(self.getRight().isMustChangePassword());
}