jackrabbit-oak-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ang...@apache.org
Subject svn commit: r1519963 - in /jackrabbit/oak/trunk/oak-core/src: main/java/org/apache/jackrabbit/oak/spi/security/user/action/PasswordChangeAction.java test/java/org/apache/jackrabbit/oak/spi/security/user/action/PasswordChangeActionTest.java
Date Wed, 04 Sep 2013 09:52:20 GMT
Author: angela
Date: Wed Sep  4 09:52:20 2013
New Revision: 1519963

URL: http://svn.apache.org/r1519963
Log:
OAK-50: user mgt

- add PasswordChangeAction

Added:
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/action/PasswordChangeAction.java
      - copied, changed from r1519606, jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/action/PasswordValidationAction.java
    jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/user/action/PasswordChangeActionTest.java

Copied: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/action/PasswordChangeAction.java
(from r1519606, jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/action/PasswordValidationAction.java)
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/action/PasswordChangeAction.java?p2=jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/action/PasswordChangeAction.java&p1=jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/action/PasswordValidationAction.java&r1=1519606&r2=1519963&rev=1519963&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/action/PasswordValidationAction.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/action/PasswordChangeAction.java
Wed Sep  4 09:52:20 2013
@@ -16,10 +16,8 @@
  */
 package org.apache.jackrabbit.oak.spi.security.user.action;
 
-import java.util.regex.Pattern;
-import java.util.regex.PatternSyntaxException;
+import javax.annotation.CheckForNull;
 import javax.annotation.Nonnull;
-import javax.annotation.Nullable;
 import javax.jcr.RepositoryException;
 import javax.jcr.nodetype.ConstraintViolationException;
 
@@ -28,84 +26,41 @@ import org.apache.jackrabbit.oak.api.Roo
 import org.apache.jackrabbit.oak.namepath.NamePathMapper;
 import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters;
 import org.apache.jackrabbit.oak.spi.security.SecurityProvider;
+import org.apache.jackrabbit.oak.spi.security.user.UserConstants;
 import org.apache.jackrabbit.oak.spi.security.user.util.PasswordUtil;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
+import org.apache.jackrabbit.oak.util.TreeUtil;
 
 /**
- * {@code PasswordValidationAction} provides a simple password validation
- * mechanism with the following configurable option:
+ * {@code PasswordChangeAction} asserts that the upon
+ * {@link #onPasswordChange(org.apache.jackrabbit.api.security.user.User, String,
+ * org.apache.jackrabbit.oak.api.Root, org.apache.jackrabbit.oak.namepath.NamePathMapper)}
+ * a different, non-null password is specified.
  *
- * <ul>
- *     <li><strong>constraint</strong>: a regular expression that can be
compiled
- *     to a {@link java.util.regex.Pattern} defining validation rules for a password.</li>
- * </ul>
- *
- * <p>The password validation is executed on user creation and upon password
- * change. It throws a {@code ConstraintViolationException} if the password
- * validation fails.</p>
- *
- * @see org.apache.jackrabbit.api.security.user.UserManager#createUser(String, String)
  * @see org.apache.jackrabbit.api.security.user.User#changePassword(String)
  * @see org.apache.jackrabbit.api.security.user.User#changePassword(String, String)
  */
-public class PasswordValidationAction extends AbstractAuthorizableAction {
-
-    private static final Logger log = LoggerFactory.getLogger(PasswordValidationAction.class);
-
-    public static final String CONSTRAINT = "constraint";
+public class PasswordChangeAction extends AbstractAuthorizableAction {
 
-    private Pattern pattern;
-
-    //-----------------------------------------< AbstractAuthorizableAction >---
     @Override
     protected void init(SecurityProvider securityProvider, ConfigurationParameters config)
{
-        String constraint = config.getNullableConfigValue(CONSTRAINT, (String) null);
-        if (constraint != null) {
-            setConstraint(constraint);
-        }
+        // nothing to do
     }
 
     //-------------------------------------------------< AuthorizableAction >---
     @Override
-    public void onCreate(User user, String password, Root root, NamePathMapper namePathMapper)
throws RepositoryException {
-        validatePassword(password, false);
-    }
-
-    @Override
     public void onPasswordChange(User user, String newPassword, Root root, NamePathMapper
namePathMapper) throws RepositoryException {
-        validatePassword(newPassword, true);
-    }
-
-    //------------------------------------------------------< Configuration >---
-    /**
-     * Set the password constraint.
-     *
-     * @param constraint A regular expression that can be used to validate a new password.
-     */
-    public void setConstraint(@Nonnull String constraint) {
-        try {
-            pattern = Pattern.compile(constraint);
-        } catch (PatternSyntaxException e) {
-            log.warn("Invalid password constraint: ", e.getMessage());
+        if (newPassword == null) {
+            throw new ConstraintViolationException("Expected a new password that is not null.");
+        }
+        String pwHash = getPasswordHash(root, user);
+        if (PasswordUtil.isSame(pwHash, newPassword)) {
+            throw new ConstraintViolationException("New password is identical to the old
password.");
         }
     }
 
     //------------------------------------------------------------< private >---
-    /**
-     * Validate the specified password.
-     *
-     * @param password The password to be validated
-     * @param forceMatch If true the specified password is always validated;
-     * otherwise only if it is a plain text password.
-     * @throws RepositoryException If the specified password is too short or
-     * doesn't match the specified password pattern.
-     */
-    private void validatePassword(@Nullable String password, boolean forceMatch) throws RepositoryException
{
-        if (password != null && (forceMatch || PasswordUtil.isPlainTextPassword(password)))
{
-            if (pattern != null && !pattern.matcher(password).matches()) {
-                throw new ConstraintViolationException("Password violates password constraint
(" + pattern.pattern() + ").");
-            }
-        }
+    @CheckForNull
+    private String getPasswordHash(@Nonnull Root root, @Nonnull User user) throws RepositoryException
{
+        return TreeUtil.getString(root.getTree(user.getPath()), UserConstants.REP_PASSWORD);
     }
 }
\ No newline at end of file

Added: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/user/action/PasswordChangeActionTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/user/action/PasswordChangeActionTest.java?rev=1519963&view=auto
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/user/action/PasswordChangeActionTest.java
(added)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/user/action/PasswordChangeActionTest.java
Wed Sep  4 09:52:20 2013
@@ -0,0 +1,75 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.oak.spi.security.user.action;
+
+import java.util.UUID;
+import javax.jcr.nodetype.ConstraintViolationException;
+
+import org.apache.jackrabbit.api.security.user.User;
+import org.apache.jackrabbit.oak.AbstractSecurityTest;
+import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters;
+import org.junit.Before;
+import org.junit.Test;
+
+import static org.junit.Assert.fail;
+
+public class PasswordChangeActionTest extends AbstractSecurityTest {
+
+    private PasswordChangeAction pwChangeAction;
+
+    @Before
+    public void before() throws Exception {
+        super.before();
+        pwChangeAction = new PasswordChangeAction();
+        pwChangeAction.init(getSecurityProvider(), ConfigurationParameters.EMPTY);
+    }
+
+    @Test
+    public void testNullPassword() throws Exception {
+        try {
+            pwChangeAction.onPasswordChange(getTestUser(), null, root, getNamePathMapper());
+            fail("ConstraintViolationException expected.");
+        } catch (ConstraintViolationException e) {
+            // success
+        }
+    }
+
+    @Test
+    public void testSamePassword() throws Exception {
+        try {
+            User user = getTestUser();
+            String pw = user.getID();
+            pwChangeAction.onPasswordChange(user, pw, root, getNamePathMapper());
+            fail("ConstraintViolationException expected.");
+        } catch (ConstraintViolationException e) {
+            // success
+        }
+    }
+
+    @Test
+    public void testPasswordChange() throws Exception {
+        pwChangeAction.onPasswordChange(getTestUser(), "changedPassword", root, getNamePathMapper());
+    }
+
+    @Test
+    public void testUserWithoutPassword() throws Exception {
+        String uid = "testUser" + UUID.randomUUID();
+        User user = getUserManager(root).createUser(uid, null);
+
+        pwChangeAction.onPasswordChange(user, "changedPassword", root, getNamePathMapper());
+    }
+}
\ No newline at end of file



Mime
View raw message