fineract-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From my...@apache.org
Subject [fineract-cn-provisioner] 40/50: Fix to make provisioner usefully survive multiple retries against assignIdentityManager.
Date Mon, 22 Jan 2018 15:16:38 GMT
This is an automated email from the ASF dual-hosted git repository.

myrle pushed a commit to branch develop
in repository https://gitbox.apache.org/repos/asf/fineract-cn-provisioner.git

commit a3b4689fab85f9baa4be8752c273b089b4cea0ee
Author: Myrle Krantz <myrle@apache.org>
AuthorDate: Tue Jul 18 09:26:55 2017 +0200

    Fix to make provisioner usefully survive multiple retries against assignIdentityManager.
---
 .../applications/IdentityServiceInitializer.java        | 17 ++++++++++++-----
 1 file changed, 12 insertions(+), 5 deletions(-)

diff --git a/service/src/main/java/io/mifos/provisioner/internal/service/applications/IdentityServiceInitializer.java
b/service/src/main/java/io/mifos/provisioner/internal/service/applications/IdentityServiceInitializer.java
index 036ed1e..054cdf4 100644
--- a/service/src/main/java/io/mifos/provisioner/internal/service/applications/IdentityServiceInitializer.java
+++ b/service/src/main/java/io/mifos/provisioner/internal/service/applications/IdentityServiceInitializer.java
@@ -23,7 +23,10 @@ import io.mifos.anubis.api.v1.domain.PermittableEndpoint;
 import io.mifos.core.api.util.InvalidTokenException;
 import io.mifos.core.lang.ServiceException;
 import io.mifos.core.lang.TenantContextHolder;
-import io.mifos.identity.api.v1.client.*;
+import io.mifos.identity.api.v1.client.ApplicationPermissionAlreadyExistsException;
+import io.mifos.identity.api.v1.client.CallEndpointSetAlreadyExistsException;
+import io.mifos.identity.api.v1.client.IdentityManager;
+import io.mifos.identity.api.v1.client.PermittableGroupAlreadyExistsException;
 import io.mifos.identity.api.v1.domain.CallEndpointSet;
 import io.mifos.identity.api.v1.domain.Permission;
 import io.mifos.identity.api.v1.domain.PermittableGroup;
@@ -33,7 +36,6 @@ import io.mifos.provisioner.config.ProvisionerConstants;
 import io.mifos.provisioner.internal.listener.EventExpectation;
 import io.mifos.provisioner.internal.listener.IdentityListener;
 import io.mifos.tool.crypto.HashGenerator;
-import org.apache.commons.lang.RandomStringUtils;
 import org.slf4j.Logger;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Qualifier;
@@ -98,12 +100,17 @@ public class IdentityServiceInitializer {
     try (final AutoCloseable ignored
                  = applicationCallContextProvider.getApplicationCallContext(tenantIdentifier,
applicationName)) {
       final IdentityManager identityService = applicationCallContextProvider.getApplication(IdentityManager.class,
identityManagerUri);
-      final String randomPassword = RandomStringUtils.random(8, true, true);
-      this.logger.debug("Generated password for tenant super user '{}' is '{}'.", tenantIdentifier,
randomPassword);
+      // When running behind a gateway, calls to provisioner can be repeated multiple times.
 This leads
+      // to repeated regeneration of the password, when only one password is returned.  As
a result the
+      // real password gets replaced with a wrong one with a high probability.  Provisioning
scripts then
+      // fail when they try to log in to identity for further provisioning. For this reason,
return a
+      // constant password, and change it immediately in the provisioning script.
+      final String nonRandomPassword = "ChangeThisPassword";
+      this.logger.debug("Initial password for tenant super user '{}' is '{}'. This should
be changed immediately.", tenantIdentifier, nonRandomPassword);
 
       final byte[] salt = Base64Utils.encode(("antony" + tenantIdentifier + this.domain).getBytes());
 
-      final String encodedPassword = Base64Utils.encodeToString(randomPassword.getBytes());
+      final String encodedPassword = Base64Utils.encodeToString(nonRandomPassword.getBytes());
 
       final byte[] hash = this.hashGenerator.hash(encodedPassword, salt, ProvisionerConstants.ITERATION_COUNT,
ProvisionerConstants.HASH_LENGTH);
       final String encodedPasswordHash = Base64Utils.encodeToString(hash);

-- 
To stop receiving notification emails like this one, please contact
myrle@apache.org.

Mime
View raw message