You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@syncope.apache.org by il...@apache.org on 2017/09/20 11:12:22 UTC
[2/3] syncope git commit: [SYNCOPE-1210] Random password generation
during propagation is now correctly resource-based
[SYNCOPE-1210] Random password generation during propagation is now correctly resource-based
Project: http://git-wip-us.apache.org/repos/asf/syncope/repo
Commit: http://git-wip-us.apache.org/repos/asf/syncope/commit/a6a00da1
Tree: http://git-wip-us.apache.org/repos/asf/syncope/tree/a6a00da1
Diff: http://git-wip-us.apache.org/repos/asf/syncope/diff/a6a00da1
Branch: refs/heads/2_0_X
Commit: a6a00da11fb69fd7bfa00f4416c7a095844bf8c8
Parents: fe6b053
Author: Francesco Chicchiriccò <il...@apache.org>
Authored: Wed Sep 20 13:03:54 2017 +0200
Committer: Francesco Chicchiriccò <il...@apache.org>
Committed: Wed Sep 20 13:03:54 2017 +0200
----------------------------------------------------------------------
.../core/persistence/jpa/inner/UserTest.java | 32 ++++++--------------
.../provisioning/api/pushpull/PullActions.java | 4 +--
.../provisioning/java/MappingManagerImpl.java | 2 +-
.../java/pushpull/DefaultPullActions.java | 4 +--
.../security/DefaultPasswordGenerator.java | 29 ++++--------------
.../core/spring/security/PasswordGenerator.java | 4 +--
.../spring/security/PasswordGeneratorTest.java | 2 --
7 files changed, 22 insertions(+), 55 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/syncope/blob/a6a00da1/core/persistence-jpa/src/test/java/org/apache/syncope/core/persistence/jpa/inner/UserTest.java
----------------------------------------------------------------------
diff --git a/core/persistence-jpa/src/test/java/org/apache/syncope/core/persistence/jpa/inner/UserTest.java b/core/persistence-jpa/src/test/java/org/apache/syncope/core/persistence/jpa/inner/UserTest.java
index 2fccd24..5400c31 100644
--- a/core/persistence-jpa/src/test/java/org/apache/syncope/core/persistence/jpa/inner/UserTest.java
+++ b/core/persistence-jpa/src/test/java/org/apache/syncope/core/persistence/jpa/inner/UserTest.java
@@ -27,6 +27,7 @@ import java.util.Date;
import java.util.List;
import org.apache.syncope.common.lib.types.CipherAlgorithm;
import org.apache.syncope.core.persistence.api.attrvalue.validation.InvalidEntityException;
+import org.apache.syncope.core.persistence.api.dao.ExternalResourceDAO;
import org.apache.syncope.core.persistence.api.dao.UserDAO;
import org.apache.syncope.core.persistence.api.entity.user.UPlainAttrValue;
import org.apache.syncope.core.persistence.api.entity.user.User;
@@ -50,6 +51,9 @@ public class UserTest extends AbstractTest {
@Autowired
private RealmDAO realmDAO;
+ @Autowired
+ private ExternalResourceDAO resourceDAO;
+
@Test
public void findAll() {
List<User> list = userDAO.findAll(1, 100);
@@ -206,34 +210,16 @@ public class UserTest extends AbstractTest {
}
@Test
- public void issueSYNCOPE226() {
- User user = userDAO.find("823074dc-d280-436d-a7dd-07399fae48ec");
- String password = "";
- try {
- password = passwordGenerator.generate(user);
- } catch (InvalidPasswordRuleConf ex) {
- fail(ex.getMessage());
- }
- assertNotNull(password);
-
- user.setPassword(password, CipherAlgorithm.AES);
-
- User actual = userDAO.save(user);
- assertNotNull(actual);
- }
-
- @Test
public void testPasswordGenerator() {
- User user = userDAO.find("823074dc-d280-436d-a7dd-07399fae48ec");
-
String password = "";
try {
- password = passwordGenerator.generate(user);
-
- } catch (InvalidPasswordRuleConf ex) {
- fail(ex.getMessage());
+ password = passwordGenerator.generate(resourceDAO.find("ws-target-resource-nopropagation"));
+ } catch (InvalidPasswordRuleConf e) {
+ fail(e.getMessage());
}
assertNotNull(password);
+
+ User user = userDAO.find("c9b2dec2-00a7-4855-97c0-d854842b4b24");
user.setPassword(password, CipherAlgorithm.SHA);
userDAO.save(user);
}
http://git-wip-us.apache.org/repos/asf/syncope/blob/a6a00da1/core/provisioning-api/src/main/java/org/apache/syncope/core/provisioning/api/pushpull/PullActions.java
----------------------------------------------------------------------
diff --git a/core/provisioning-api/src/main/java/org/apache/syncope/core/provisioning/api/pushpull/PullActions.java b/core/provisioning-api/src/main/java/org/apache/syncope/core/provisioning/api/pushpull/PullActions.java
index b2907c4..c872d1b 100644
--- a/core/provisioning-api/src/main/java/org/apache/syncope/core/provisioning/api/pushpull/PullActions.java
+++ b/core/provisioning-api/src/main/java/org/apache/syncope/core/provisioning/api/pushpull/PullActions.java
@@ -134,7 +134,7 @@ public interface PullActions extends ProvisioningActions {
* @param <P> any object modifications
* @param profile profile of the pull being executed.
* @param delta retrieved pull information
- * @param entityTO entity
+ * @param entity entity
* @param anyPatch modification
* @return pull information used for logging and to be passed to the 'after' method.
* @throws JobExecutionException in case of generic failure.
@@ -142,7 +142,7 @@ public interface PullActions extends ProvisioningActions {
<P extends AnyPatch> SyncDelta beforeUpdate(
ProvisioningProfile<?, ?> profile,
SyncDelta delta,
- EntityTO entityTO,
+ EntityTO entity,
P anyPatch)
throws JobExecutionException;
http://git-wip-us.apache.org/repos/asf/syncope/blob/a6a00da1/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/MappingManagerImpl.java
----------------------------------------------------------------------
diff --git a/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/MappingManagerImpl.java b/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/MappingManagerImpl.java
index df08c4e..571aacc 100644
--- a/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/MappingManagerImpl.java
+++ b/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/MappingManagerImpl.java
@@ -359,7 +359,7 @@ public class MappingManagerImpl implements MappingManager {
}
} else if (provision.getResource().isRandomPwdIfNotProvided()) {
try {
- passwordAttrValue = passwordGenerator.generate(user);
+ passwordAttrValue = passwordGenerator.generate(provision.getResource());
} catch (InvalidPasswordRuleConf e) {
LOG.error("Could not generate policy-compliant random password for {}", user, e);
}
http://git-wip-us.apache.org/repos/asf/syncope/blob/a6a00da1/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/pushpull/DefaultPullActions.java
----------------------------------------------------------------------
diff --git a/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/pushpull/DefaultPullActions.java b/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/pushpull/DefaultPullActions.java
index 9344835..a6871b0 100644
--- a/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/pushpull/DefaultPullActions.java
+++ b/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/pushpull/DefaultPullActions.java
@@ -40,8 +40,8 @@ public abstract class DefaultPullActions implements PullActions {
public <P extends AnyPatch> SyncDelta beforeUpdate(
final ProvisioningProfile<?, ?> profile,
final SyncDelta delta,
- final EntityTO entityTO,
- final P anyMod) throws JobExecutionException {
+ final EntityTO entity,
+ final P anyPatch) throws JobExecutionException {
return delta;
}
http://git-wip-us.apache.org/repos/asf/syncope/blob/a6a00da1/core/spring/src/main/java/org/apache/syncope/core/spring/security/DefaultPasswordGenerator.java
----------------------------------------------------------------------
diff --git a/core/spring/src/main/java/org/apache/syncope/core/spring/security/DefaultPasswordGenerator.java b/core/spring/src/main/java/org/apache/syncope/core/spring/security/DefaultPasswordGenerator.java
index ee55ea4..29d1613 100644
--- a/core/spring/src/main/java/org/apache/syncope/core/spring/security/DefaultPasswordGenerator.java
+++ b/core/spring/src/main/java/org/apache/syncope/core/spring/security/DefaultPasswordGenerator.java
@@ -24,13 +24,9 @@ import org.apache.commons.lang3.StringUtils;
import org.apache.syncope.common.lib.policy.DefaultPasswordRuleConf;
import org.apache.syncope.common.lib.policy.PasswordRuleConf;
import org.apache.syncope.core.persistence.api.entity.resource.ExternalResource;
-import org.apache.syncope.core.persistence.api.entity.user.User;
import org.apache.syncope.core.provisioning.api.utils.policy.InvalidPasswordRuleConf;
import org.apache.syncope.core.provisioning.api.utils.policy.PolicyPattern;
-import org.apache.syncope.core.persistence.api.dao.RealmDAO;
-import org.apache.syncope.core.persistence.api.dao.UserDAO;
-import org.apache.syncope.core.persistence.api.entity.Realm;
-import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.transaction.annotation.Transactional;
/**
* Generate random passwords according to given policies.
@@ -46,28 +42,15 @@ public class DefaultPasswordGenerator implements PasswordGenerator {
private static final int VERY_MAX_LENGTH = 64;
- private static final int MIN_LENGTH_IF_ZERO = 6;
-
- @Autowired
- private UserDAO userDAO;
-
- @Autowired
- private RealmDAO realmDAO;
+ private static final int MIN_LENGTH_IF_ZERO = 8;
+ @Transactional(readOnly = true)
@Override
- public String generate(final User user) throws InvalidPasswordRuleConf {
+ public String generate(final ExternalResource resource) throws InvalidPasswordRuleConf {
List<PasswordRuleConf> ruleConfs = new ArrayList<>();
- for (Realm ancestor : realmDAO.findAncestors(user.getRealm())) {
- if (ancestor.getPasswordPolicy() != null) {
- ruleConfs.addAll(ancestor.getPasswordPolicy().getRuleConfs());
- }
- }
-
- for (ExternalResource resource : userDAO.findAllResources(user)) {
- if (resource.getPasswordPolicy() != null) {
- ruleConfs.addAll(resource.getPasswordPolicy().getRuleConfs());
- }
+ if (resource.getPasswordPolicy() != null) {
+ ruleConfs.addAll(resource.getPasswordPolicy().getRuleConfs());
}
return generate(ruleConfs);
http://git-wip-us.apache.org/repos/asf/syncope/blob/a6a00da1/core/spring/src/main/java/org/apache/syncope/core/spring/security/PasswordGenerator.java
----------------------------------------------------------------------
diff --git a/core/spring/src/main/java/org/apache/syncope/core/spring/security/PasswordGenerator.java b/core/spring/src/main/java/org/apache/syncope/core/spring/security/PasswordGenerator.java
index ad6b56b..06b73e4 100644
--- a/core/spring/src/main/java/org/apache/syncope/core/spring/security/PasswordGenerator.java
+++ b/core/spring/src/main/java/org/apache/syncope/core/spring/security/PasswordGenerator.java
@@ -20,12 +20,12 @@ package org.apache.syncope.core.spring.security;
import java.util.List;
import org.apache.syncope.common.lib.policy.PasswordRuleConf;
+import org.apache.syncope.core.persistence.api.entity.resource.ExternalResource;
import org.apache.syncope.core.provisioning.api.utils.policy.InvalidPasswordRuleConf;
-import org.apache.syncope.core.persistence.api.entity.user.User;
public interface PasswordGenerator {
- String generate(User user) throws InvalidPasswordRuleConf;
+ String generate(ExternalResource resource) throws InvalidPasswordRuleConf;
String generate(List<PasswordRuleConf> ruleConfs) throws InvalidPasswordRuleConf;
http://git-wip-us.apache.org/repos/asf/syncope/blob/a6a00da1/core/spring/src/test/java/org/apache/syncope/core/spring/security/PasswordGeneratorTest.java
----------------------------------------------------------------------
diff --git a/core/spring/src/test/java/org/apache/syncope/core/spring/security/PasswordGeneratorTest.java b/core/spring/src/test/java/org/apache/syncope/core/spring/security/PasswordGeneratorTest.java
index 02c0ba4..a18ef15 100644
--- a/core/spring/src/test/java/org/apache/syncope/core/spring/security/PasswordGeneratorTest.java
+++ b/core/spring/src/test/java/org/apache/syncope/core/spring/security/PasswordGeneratorTest.java
@@ -18,8 +18,6 @@
*/
package org.apache.syncope.core.spring.security;
-import org.apache.syncope.core.spring.security.DefaultPasswordGenerator;
-
import static org.junit.Assert.assertTrue;
import static org.junit.Assert.assertNotNull;
import static org.junit.Assert.fail;