You are viewing a plain text version of this content. The canonical link for it is here.
Posted to oak-commits@jackrabbit.apache.org by an...@apache.org on 2014/07/28 15:56:57 UTC
svn commit: r1614032 - in /jackrabbit/oak/trunk/oak-core/src:
main/java/org/apache/jackrabbit/oak/security/authentication/token/
test/java/org/apache/jackrabbit/oak/security/authentication/token/
test/java/org/apache/jackrabbit/oak/security/authenticat...
Author: angela
Date: Mon Jul 28 13:56:57 2014
New Revision: 1614032
URL: http://svn.apache.org/r1614032
Log:
OAK-1985 : TokenLoginModule can't handle case insensitive userids
OAK-1984: adjust test case to match issue resolution
Modified:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenProviderImpl.java
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/token/TokenLoginModuleTest.java
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/token/TokenProviderImplTest.java
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/user/LoginModuleImplTest.java
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenProviderImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenProviderImpl.java?rev=1614032&r1=1614031&r2=1614032&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenProviderImpl.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenProviderImpl.java Mon Jul 28 13:56:57 2014
@@ -207,9 +207,11 @@ class TokenProviderImpl implements Token
@Override
public TokenInfo createToken(String userId, Map<String, ?> attributes) {
String error = "Failed to create login token. ";
- NodeUtil tokenParent = getTokenParent(userId);
+ User user = getUser(userId);
+ NodeUtil tokenParent = getTokenParent(user);
if (tokenParent != null) {
try {
+ String id = user.getID();
long creationTime = new Date().getTime();
NodeUtil tokenNode = createTokenNode(tokenParent, creationTime);
tokenNode.setString(JcrConstants.JCR_UUID, IdentifierManager.generateUUID());
@@ -218,7 +220,7 @@ class TokenProviderImpl implements Token
String nodeId = getIdentifier(tokenNode.getTree());
String token = new StringBuilder(nodeId).append(DELIM).append(key).toString();
- String keyHash = PasswordUtil.buildPasswordHash(getKeyValue(key, userId), options);
+ String keyHash = PasswordUtil.buildPasswordHash(getKeyValue(key, id), options);
tokenNode.setString(TOKEN_ATTRIBUTE_KEY, keyHash);
long exp;
@@ -237,7 +239,7 @@ class TokenProviderImpl implements Token
}
}
root.commit();
- return new TokenInfoImpl(tokenNode, token, userId);
+ return new TokenInfoImpl(tokenNode, token, id);
} catch (NoSuchAlgorithmException e) {
// error while generating login token
log.error(error, e.getMessage());
@@ -247,7 +249,7 @@ class TokenProviderImpl implements Token
} catch (CommitFailedException e) {
// conflict while committing changes
log.warn(error, e.getMessage());
- } catch (AccessDeniedException e) {
+ } catch (RepositoryException e) {
log.warn(error, e.getMessage());
}
} else {
@@ -320,7 +322,7 @@ class TokenProviderImpl implements Token
}
@Nonnull
- private static String getKeyValue(String key, String userId) {
+ private static String getKeyValue(@Nonnull String key, @Nonnull String userId) {
return key + userId;
}
@@ -359,26 +361,40 @@ class TokenProviderImpl implements Token
}
@CheckForNull
- private NodeUtil getTokenParent(String userId) {
- NodeUtil tokenParent = null;
- String parentPath = null;
+ private User getUser(String userId) {
try {
Authorizable user = userManager.getAuthorizable(userId);
if (user != null && !user.isGroup()) {
- String userPath = user.getPath();
- NodeUtil userNode = new NodeUtil(root.getTree(userPath));
- tokenParent = userNode.getChild(TOKENS_NODE_NAME);
- if (tokenParent == null) {
- tokenParent = userNode.addChild(TOKENS_NODE_NAME, TOKENS_NT_NAME);
- parentPath = userPath + '/' + TOKENS_NODE_NAME;
- root.commit();
- }
+ return (User) user;
} else {
log.debug("Cannot create login token: No corresponding node for User " + userId + '.');
}
} catch (RepositoryException e) {
// error while accessing user.
log.debug("Error while accessing user " + userId + '.', e);
+ }
+ return null;
+ }
+
+ @CheckForNull
+ private NodeUtil getTokenParent(@CheckForNull User user) {
+ if (user == null) {
+ return null;
+ }
+ NodeUtil tokenParent = null;
+ String parentPath = null;
+ try {
+ String userPath = user.getPath();
+ NodeUtil userNode = new NodeUtil(root.getTree(userPath));
+ tokenParent = userNode.getChild(TOKENS_NODE_NAME);
+ if (tokenParent == null) {
+ tokenParent = userNode.addChild(TOKENS_NODE_NAME, TOKENS_NT_NAME);
+ parentPath = userPath + '/' + TOKENS_NODE_NAME;
+ root.commit();
+ }
+ } catch (RepositoryException e) {
+ // error while creating token node.
+ log.debug("Error while creating token node ", e.getMessage());
} catch (CommitFailedException e) {
// conflict while creating token store for this user -> refresh and
// try to get the tree from the updated root.
Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/token/TokenLoginModuleTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/token/TokenLoginModuleTest.java?rev=1614032&r1=1614031&r2=1614032&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/token/TokenLoginModuleTest.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/token/TokenLoginModuleTest.java Mon Jul 28 13:56:57 2014
@@ -30,7 +30,6 @@ import org.apache.jackrabbit.oak.api.Roo
import org.apache.jackrabbit.oak.spi.security.authentication.token.TokenConfiguration;
import org.apache.jackrabbit.oak.spi.security.authentication.token.TokenInfo;
import org.apache.jackrabbit.oak.spi.security.authentication.token.TokenProvider;
-import org.junit.Ignore;
import org.junit.Test;
import static org.junit.Assert.assertEquals;
@@ -151,22 +150,4 @@ public class TokenLoginModuleTest extend
cs.close();
}
}
-
- @Ignore("OAK-1985")
- @Test
- public void testValidTokenCredentialsCaseInsensitive() throws Exception {
- Root root = adminSession.getLatestRoot();
- TokenConfiguration tokenConfig = getSecurityProvider().getConfiguration(TokenConfiguration.class);
- TokenProvider tp = tokenConfig.getTokenProvider(root);
-
- SimpleCredentials sc = (SimpleCredentials) getAdminCredentials();
- sc = new SimpleCredentials(sc.getUserID().toUpperCase(), sc.getPassword());
- TokenInfo info = tp.createToken(sc.getUserID(), Collections.<String, Object>emptyMap());
- ContentSession cs = login(new TokenCredentials(info.getToken()));
- try {
- assertEquals(sc.getUserID(), cs.getAuthInfo().getUserID());
- } finally {
- cs.close();
- }
- }
}
\ No newline at end of file
Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/token/TokenProviderImplTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/token/TokenProviderImplTest.java?rev=1614032&r1=1614031&r2=1614032&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/token/TokenProviderImplTest.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/token/TokenProviderImplTest.java Mon Jul 28 13:56:57 2014
@@ -360,6 +360,27 @@ public class TokenProviderImplTest exten
}
}
+ /**
+ * @see OAK-1985
+ */
+ @Test
+ public void testTokenValidationIsCaseInsensitive() throws Exception {
+ Root root = adminSession.getLatestRoot();
+ TokenConfiguration tokenConfig = getSecurityProvider().getConfiguration(TokenConfiguration.class);
+ TokenProvider tp = tokenConfig.getTokenProvider(root);
+
+ String userId = ((SimpleCredentials) getAdminCredentials()).getUserID();
+ TokenInfo info = tp.createToken(userId.toUpperCase(), Collections.<String, Object>emptyMap());
+
+ assertTrue(info.matches(new TokenCredentials(info.getToken())));
+ assertEquals(userId, info.getUserId());
+
+ info = tp.getTokenInfo(info.getToken());
+
+ assertTrue(info.matches(new TokenCredentials(info.getToken())));
+ assertEquals(userId, info.getUserId());
+ }
+
//--------------------------------------------------------------------------
private static void assertTokenInfo(TokenInfo info, String userId) {
assertNotNull(info);
Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/user/LoginModuleImplTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/user/LoginModuleImplTest.java?rev=1614032&r1=1614031&r2=1614032&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/user/LoginModuleImplTest.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/user/LoginModuleImplTest.java Mon Jul 28 13:56:57 2014
@@ -36,7 +36,6 @@ import org.apache.jackrabbit.oak.spi.sec
import org.apache.jackrabbit.oak.spi.security.user.UserConfiguration;
import org.apache.jackrabbit.oak.spi.security.user.UserConstants;
import org.apache.jackrabbit.oak.spi.security.user.util.UserUtil;
-import org.junit.Ignore;
import org.junit.Test;
import static org.junit.Assert.assertEquals;
@@ -162,15 +161,14 @@ public class LoginModuleImplTest extends
}
}
- @Ignore("OAK-1984")
@Test
- public void testCaseInsensitiveUserIdOnAuthInfo() throws Exception {
+ public void testUserLoginIsCaseInsensitive2() throws Exception {
ContentSession cs = null;
try {
createTestUser();
cs = login(new SimpleCredentials(USER_ID_CASED, USER_PW.toCharArray()));
AuthInfo authInfo = cs.getAuthInfo();
- assertEquals(USER_ID, authInfo.getUserID());
+ assertEquals(USER_ID_CASED, authInfo.getUserID());
} finally {
if (cs != null) {
cs.close();