incubator-sling-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From enor...@apache.org
Subject svn commit: r984646 - in /sling/trunk: bundles/jcr/jackrabbit-usermanager/src/main/java/org/apache/sling/jackrabbit/usermanager/impl/post/ launchpad/integration-tests/src/main/java/org/apache/sling/launchpad/webapp/integrationtest/ launchpad/integratio...
Date Thu, 12 Aug 2010 05:42:50 GMT
Author: enorman
Date: Thu Aug 12 05:42:49 2010
New Revision: 984646

URL: http://svn.apache.org/viewvc?rev=984646&view=rev
Log:
SLING-1642 User self-registration should be disabled by default

Modified:
    sling/trunk/bundles/jcr/jackrabbit-usermanager/src/main/java/org/apache/sling/jackrabbit/usermanager/impl/post/CreateUserServlet.java
    sling/trunk/launchpad/integration-tests/src/main/java/org/apache/sling/launchpad/webapp/integrationtest/AbstractAuthenticatedTest.java
    sling/trunk/launchpad/integration-tests/src/main/java/org/apache/sling/launchpad/webapp/integrationtest/accessManager/AbstractAccessManagerTest.java
    sling/trunk/launchpad/integration-tests/src/main/java/org/apache/sling/launchpad/webapp/integrationtest/userManager/CreateUserTest.java

Modified: sling/trunk/bundles/jcr/jackrabbit-usermanager/src/main/java/org/apache/sling/jackrabbit/usermanager/impl/post/CreateUserServlet.java
URL: http://svn.apache.org/viewvc/sling/trunk/bundles/jcr/jackrabbit-usermanager/src/main/java/org/apache/sling/jackrabbit/usermanager/impl/post/CreateUserServlet.java?rev=984646&r1=984645&r2=984646&view=diff
==============================================================================
--- sling/trunk/bundles/jcr/jackrabbit-usermanager/src/main/java/org/apache/sling/jackrabbit/usermanager/impl/post/CreateUserServlet.java
(original)
+++ sling/trunk/bundles/jcr/jackrabbit-usermanager/src/main/java/org/apache/sling/jackrabbit/usermanager/impl/post/CreateUserServlet.java
Thu Aug 12 05:42:49 2010
@@ -100,7 +100,7 @@ public class CreateUserServlet extends A
      */
     private static final String PROP_SELF_REGISTRATION_ENABLED = "self.registration.enabled";
 
-    private static final Boolean DEFAULT_SELF_REGISTRATION_ENABLED = Boolean.TRUE;
+    private static final Boolean DEFAULT_SELF_REGISTRATION_ENABLED = Boolean.FALSE;
 
     private Boolean selfRegistrationEnabled = DEFAULT_SELF_REGISTRATION_ENABLED;
 

Modified: sling/trunk/launchpad/integration-tests/src/main/java/org/apache/sling/launchpad/webapp/integrationtest/AbstractAuthenticatedTest.java
URL: http://svn.apache.org/viewvc/sling/trunk/launchpad/integration-tests/src/main/java/org/apache/sling/launchpad/webapp/integrationtest/AbstractAuthenticatedTest.java?rev=984646&r1=984645&r2=984646&view=diff
==============================================================================
--- sling/trunk/launchpad/integration-tests/src/main/java/org/apache/sling/launchpad/webapp/integrationtest/AbstractAuthenticatedTest.java
(original)
+++ sling/trunk/launchpad/integration-tests/src/main/java/org/apache/sling/launchpad/webapp/integrationtest/AbstractAuthenticatedTest.java
Thu Aug 12 05:42:49 2010
@@ -164,7 +164,8 @@ public abstract class AbstractAuthentica
         postParams.add(new NameValuePair(":name", testUserId));
         postParams.add(new NameValuePair("pwd", "testPwd"));
         postParams.add(new NameValuePair("pwdConfirm", "testPwd"));
-        assertPostStatus(postUrl, HttpServletResponse.SC_OK, postParams, null);
+		Credentials creds = new UsernamePasswordCredentials("admin", "admin");
+        assertAuthenticatedPostStatus(creds, postUrl, HttpServletResponse.SC_OK, postParams,
null);
 
         return testUserId;
     }

Modified: sling/trunk/launchpad/integration-tests/src/main/java/org/apache/sling/launchpad/webapp/integrationtest/accessManager/AbstractAccessManagerTest.java
URL: http://svn.apache.org/viewvc/sling/trunk/launchpad/integration-tests/src/main/java/org/apache/sling/launchpad/webapp/integrationtest/accessManager/AbstractAccessManagerTest.java?rev=984646&r1=984645&r2=984646&view=diff
==============================================================================
--- sling/trunk/launchpad/integration-tests/src/main/java/org/apache/sling/launchpad/webapp/integrationtest/accessManager/AbstractAccessManagerTest.java
(original)
+++ sling/trunk/launchpad/integration-tests/src/main/java/org/apache/sling/launchpad/webapp/integrationtest/accessManager/AbstractAccessManagerTest.java
Thu Aug 12 05:42:49 2010
@@ -162,7 +162,8 @@ public abstract class AbstractAccessMana
 		postParams.add(new NameValuePair(":name", testUserId));
 		postParams.add(new NameValuePair("pwd", "testPwd"));
 		postParams.add(new NameValuePair("pwdConfirm", "testPwd"));
-		assertPostStatus(postUrl, HttpServletResponse.SC_OK, postParams, null);
+		Credentials creds = new UsernamePasswordCredentials("admin", "admin");
+		assertAuthenticatedPostStatus(creds, postUrl, HttpServletResponse.SC_OK, postParams, null);
 		
 		return testUserId;
 	}

Modified: sling/trunk/launchpad/integration-tests/src/main/java/org/apache/sling/launchpad/webapp/integrationtest/userManager/CreateUserTest.java
URL: http://svn.apache.org/viewvc/sling/trunk/launchpad/integration-tests/src/main/java/org/apache/sling/launchpad/webapp/integrationtest/userManager/CreateUserTest.java?rev=984646&r1=984645&r2=984646&view=diff
==============================================================================
--- sling/trunk/launchpad/integration-tests/src/main/java/org/apache/sling/launchpad/webapp/integrationtest/userManager/CreateUserTest.java
(original)
+++ sling/trunk/launchpad/integration-tests/src/main/java/org/apache/sling/launchpad/webapp/integrationtest/userManager/CreateUserTest.java
Thu Aug 12 05:42:49 2010
@@ -63,11 +63,11 @@ public class CreateUserTest extends Abst
 		postParams.add(new NameValuePair("marker", testUserId));
 		postParams.add(new NameValuePair("pwd", "testPwd"));
 		postParams.add(new NameValuePair("pwdConfirm", "testPwd"));
-		assertPostStatus(postUrl, HttpServletResponse.SC_OK, postParams, null);
+		Credentials creds = new UsernamePasswordCredentials("admin", "admin");
+		assertAuthenticatedPostStatus(creds, postUrl, HttpServletResponse.SC_OK, postParams, null);
 
 		//fetch the user profile json to verify the settings
 		String getUrl = HTTP_BASE_URL + "/system/userManager/user/" + testUserId + ".json";
-		Credentials creds = new UsernamePasswordCredentials("admin", "admin");
 		String json = getAuthenticatedContent(creds, getUrl, CONTENT_TYPE_JSON, null, HttpServletResponse.SC_OK);
 		assertNotNull(json);
 		JSONObject jsonObj = new JSONObject(json);
@@ -81,7 +81,8 @@ public class CreateUserTest extends Abst
         String postUrl = HTTP_BASE_URL + "/system/userManager/user.create.html";
 
 		List<NameValuePair> postParams = new ArrayList<NameValuePair>();
-		assertPostStatus(postUrl, HttpServletResponse.SC_INTERNAL_SERVER_ERROR, postParams, null);
+		Credentials creds = new UsernamePasswordCredentials("admin", "admin");
+		assertAuthenticatedPostStatus(creds, postUrl, HttpServletResponse.SC_INTERNAL_SERVER_ERROR,
postParams, null);
 	}
 
 	public void testCreateUserMissingPwd() throws IOException {
@@ -90,7 +91,8 @@ public class CreateUserTest extends Abst
         String userId = "testUser" + (counter++);
 		List<NameValuePair> postParams = new ArrayList<NameValuePair>();
 		postParams.add(new NameValuePair(":name", userId));
-		assertPostStatus(postUrl, HttpServletResponse.SC_INTERNAL_SERVER_ERROR, postParams, null);
+		Credentials creds = new UsernamePasswordCredentials("admin", "admin");
+		assertAuthenticatedPostStatus(creds, postUrl, HttpServletResponse.SC_INTERNAL_SERVER_ERROR,
postParams, null);
 	}
 
 	public void testCreateUserWrongConfirmPwd() throws IOException {
@@ -101,7 +103,8 @@ public class CreateUserTest extends Abst
 		postParams.add(new NameValuePair(":name", userId));
 		postParams.add(new NameValuePair("pwd", "testPwd"));
 		postParams.add(new NameValuePair("pwdConfirm", "testPwd2"));
-		assertPostStatus(postUrl, HttpServletResponse.SC_INTERNAL_SERVER_ERROR, postParams, null);
+		Credentials creds = new UsernamePasswordCredentials("admin", "admin");
+		assertAuthenticatedPostStatus(creds, postUrl, HttpServletResponse.SC_INTERNAL_SERVER_ERROR,
postParams, null);
 	}
 
 	public void testCreateUserUserAlreadyExists() throws IOException {
@@ -112,10 +115,11 @@ public class CreateUserTest extends Abst
 		postParams.add(new NameValuePair(":name", testUserId));
 		postParams.add(new NameValuePair("pwd", "testPwd"));
 		postParams.add(new NameValuePair("pwdConfirm", "testPwd"));
-		assertPostStatus(postUrl, HttpServletResponse.SC_OK, postParams, null);
+		Credentials creds = new UsernamePasswordCredentials("admin", "admin");
+		assertAuthenticatedPostStatus(creds, postUrl, HttpServletResponse.SC_OK, postParams, null);
 
 		//post the same info again, should fail
-		assertPostStatus(postUrl, HttpServletResponse.SC_INTERNAL_SERVER_ERROR, postParams, null);
+		assertAuthenticatedPostStatus(creds, postUrl, HttpServletResponse.SC_INTERNAL_SERVER_ERROR,
postParams, null);
 	}
 
 	/*
@@ -139,11 +143,11 @@ public class CreateUserTest extends Abst
 		postParams.add(new NameValuePair("pwdConfirm", "testPwd"));
 		postParams.add(new NameValuePair("displayName", "My Test User"));
 		postParams.add(new NameValuePair("url", "http://www.apache.org"));
-		assertPostStatus(postUrl, HttpServletResponse.SC_OK, postParams, null);
+		Credentials creds = new UsernamePasswordCredentials("admin", "admin");
+		assertAuthenticatedPostStatus(creds, postUrl, HttpServletResponse.SC_OK, postParams, null);
 
 		//fetch the user profile json to verify the settings
 		String getUrl = HTTP_BASE_URL + "/system/userManager/user/" + testUserId + ".json";
-		Credentials creds = new UsernamePasswordCredentials("admin", "admin");
 		String json = getAuthenticatedContent(creds, getUrl, CONTENT_TYPE_JSON, null, HttpServletResponse.SC_OK);
 		assertNotNull(json);
 		JSONObject jsonObj = new JSONObject(json);
@@ -154,4 +158,21 @@ public class CreateUserTest extends Abst
 		assertFalse(jsonObj.has("pwd"));
 		assertFalse(jsonObj.has("pwdConfirm"));
 	}
+
+	/**
+	 * Test for SLING-1642 to verify that user self-registration by the anonymous
+	 * user is not allowed by default.
+	 */
+	public void testAnonymousSelfRegistrationDisabled() throws IOException {
+        String postUrl = HTTP_BASE_URL + "/system/userManager/user.create.html";
+
+		String userId = "testUser" + (counter++);
+		List<NameValuePair> postParams = new ArrayList<NameValuePair>();
+		postParams.add(new NameValuePair(":name", userId));
+		postParams.add(new NameValuePair("pwd", "testPwd"));
+		postParams.add(new NameValuePair("pwdConfirm", "testPwd"));
+		//user create without logging in as a privileged user should return a 500 error
+		httpClient.getState().clearCredentials();
+		assertPostStatus(postUrl, HttpServletResponse.SC_INTERNAL_SERVER_ERROR, postParams, null);
+	}
 }



Mime
View raw message