syncope-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ilgro...@apache.org
Subject svn commit: r1400035 - in /incubator/syncope/trunk: ./ core/src/main/java/org/apache/syncope/core/persistence/validation/entity/ core/src/main/java/org/apache/syncope/core/policy/ core/src/test/java/org/apache/syncope/core/persistence/dao/ core/src/tes...
Date Fri, 19 Oct 2012 10:41:42 GMT
Author: ilgrosso
Date: Fri Oct 19 10:41:42 2012
New Revision: 1400035

URL: http://svn.apache.org/viewvc?rev=1400035&view=rev
Log:
Merge from 1_0_X

Modified:
    incubator/syncope/trunk/   (props changed)
    incubator/syncope/trunk/core/src/main/java/org/apache/syncope/core/persistence/validation/entity/SyncopeUserValidator.java
    incubator/syncope/trunk/core/src/main/java/org/apache/syncope/core/policy/PolicyEvaluator.java
    incubator/syncope/trunk/core/src/test/java/org/apache/syncope/core/persistence/dao/MembershipTest.java
    incubator/syncope/trunk/core/src/test/java/org/apache/syncope/core/persistence/dao/RoleTest.java
    incubator/syncope/trunk/core/src/test/java/org/apache/syncope/core/persistence/dao/UserTest.java
    incubator/syncope/trunk/core/src/test/resources/content.xml

Propchange: incubator/syncope/trunk/
------------------------------------------------------------------------------
  Merged /incubator/syncope/branches/1_0_X:r1399639-1400034

Modified: incubator/syncope/trunk/core/src/main/java/org/apache/syncope/core/persistence/validation/entity/SyncopeUserValidator.java
URL: http://svn.apache.org/viewvc/incubator/syncope/trunk/core/src/main/java/org/apache/syncope/core/persistence/validation/entity/SyncopeUserValidator.java?rev=1400035&r1=1400034&r2=1400035&view=diff
==============================================================================
--- incubator/syncope/trunk/core/src/main/java/org/apache/syncope/core/persistence/validation/entity/SyncopeUserValidator.java
(original)
+++ incubator/syncope/trunk/core/src/main/java/org/apache/syncope/core/persistence/validation/entity/SyncopeUserValidator.java
Fri Oct 19 10:41:42 2012
@@ -58,7 +58,6 @@ public class SyncopeUserValidator extend
 
     @Override
     public boolean isValid(final SyncopeUser object, final ConstraintValidatorContext context)
{
-
         context.disableDefaultConstraintViolation();
 
         // ------------------------------
@@ -66,31 +65,41 @@ public class SyncopeUserValidator extend
         // ------------------------------
         LOG.debug("Password Policy enforcement");
 
-        try {
-            for (Policy policy : getPasswordPolicies(object)) {
-                // clearPassword must exist during creation/password update
-                final String password = object.getClearPassword();
-
-                // evaluate/enforce only during creation or password update
-                if (password != null) {
+        if (object.getClearPassword() != null) {
+            try {
+                int maxPPSpecHistory = 0;
+                for (Policy policy : getPasswordPolicies(object)) {
                     // evaluate policy
-                    final PasswordPolicySpec passwordPolicy = evaluator.evaluate(policy,
object);
-
+                    final PasswordPolicySpec ppSpec = evaluator.evaluate(policy, object);
                     // enforce policy
-                    ppEnforcer.enforce(passwordPolicy, policy.getType(), password);
+                    ppEnforcer.enforce(ppSpec, policy.getType(), object.getClearPassword());
+
+                    if (ppSpec.getHistoryLength() > maxPPSpecHistory) {
+                        maxPPSpecHistory = ppSpec.getHistoryLength();
+                    }
                 }
-            }
-        } catch (Exception e) {
-            LOG.debug("Invalid password");
 
-            context.buildConstraintViolationWithTemplate(e.getMessage()).addNode(
-                    EntityViolationType.InvalidPassword.toString()).addConstraintViolation();
+                // update user's password history with encrypted password
+                if (maxPPSpecHistory > 0 && object.getPassword() != null) {
+                    object.getPasswordHistory().add(object.getPassword());
+                }
+                // keep only the last maxPPSpecHistory items in user's password history
+                if (maxPPSpecHistory < object.getPasswordHistory().size()) {
+                    for (int i = 0; i < object.getPasswordHistory().size() - maxPPSpecHistory;
i++) {
+                        object.getPasswordHistory().remove(i);
+                    }
+                }
+            } catch (Exception e) {
+                LOG.debug("Invalid password");
 
-            return false;
-        } finally {
-            // password has been validated, let's remove its
-            // clear version
-            object.removeClearPassword();
+                context.buildConstraintViolationWithTemplate(e.getMessage()).addNode(
+                        EntityViolationType.InvalidPassword.toString()).addConstraintViolation();
+
+                return false;
+            } finally {
+                // password has been validated, let's remove its clear version
+                object.removeClearPassword();
+            }
         }
         // ------------------------------
 

Modified: incubator/syncope/trunk/core/src/main/java/org/apache/syncope/core/policy/PolicyEvaluator.java
URL: http://svn.apache.org/viewvc/incubator/syncope/trunk/core/src/main/java/org/apache/syncope/core/policy/PolicyEvaluator.java?rev=1400035&r1=1400034&r2=1400035&view=diff
==============================================================================
--- incubator/syncope/trunk/core/src/main/java/org/apache/syncope/core/policy/PolicyEvaluator.java
(original)
+++ incubator/syncope/trunk/core/src/main/java/org/apache/syncope/core/policy/PolicyEvaluator.java
Fri Oct 19 10:41:42 2012
@@ -18,12 +18,7 @@
  */
 package org.apache.syncope.core.policy;
 
-import java.util.ArrayList;
 import java.util.List;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.springframework.beans.BeanUtils;
-import org.springframework.stereotype.Component;
 import org.apache.syncope.core.persistence.beans.AbstractAttr;
 import org.apache.syncope.core.persistence.beans.AbstractAttributable;
 import org.apache.syncope.core.persistence.beans.Policy;
@@ -31,6 +26,10 @@ import org.apache.syncope.core.persisten
 import org.apache.syncope.types.AbstractPolicySpec;
 import org.apache.syncope.types.AccountPolicySpec;
 import org.apache.syncope.types.PasswordPolicySpec;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.beans.BeanUtils;
+import org.springframework.stereotype.Component;
 
 @Component
 public class PolicyEvaluator {
@@ -51,17 +50,17 @@ public class PolicyEvaluator {
             switch (policy.getType()) {
                 case PASSWORD:
                 case GLOBAL_PASSWORD:
-                    final PasswordPolicySpec pspec = policy.getSpecification();
-                    final PasswordPolicySpec passwordPolicy = new PasswordPolicySpec();
+                    final PasswordPolicySpec ppSpec = policy.getSpecification();
+                    final PasswordPolicySpec evaluatedPPSpec = new PasswordPolicySpec();
 
-                    BeanUtils.copyProperties(pspec, passwordPolicy, new String[]{"schemasNotPermitted"});
+                    BeanUtils.copyProperties(ppSpec, evaluatedPPSpec, new String[]{"schemasNotPermitted"});
 
-                    for (String schema : pspec.getSchemasNotPermitted()) {
+                    for (String schema : ppSpec.getSchemasNotPermitted()) {
                         attribute = attributable.getAttribute(schema);
                         if (attribute != null) {
                             values = attribute.getValuesAsStrings();
                             if (values != null && !values.isEmpty()) {
-                                passwordPolicy.getWordsNotPermitted().add(values.get(0));
+                                evaluatedPPSpec.getWordsNotPermitted().add(values.get(0));
                             }
                         }
                     }
@@ -69,27 +68,16 @@ public class PolicyEvaluator {
                     // Password history verification and update
 
                     if (!(attributable instanceof SyncopeUser)) {
-                        LOG.error("Cannot check previous passwords. attributable is not a
user object: " + attributable.getClass().toString());
-                        result = (T) passwordPolicy;
+                        LOG.error("Cannot check previous passwords. attributable is not a
user object: {}",
+                                attributable.getClass().getName());
+                        result = (T) evaluatedPPSpec;
                         break;
                     }
                     SyncopeUser user = (SyncopeUser) attributable;
-                    final String password = user.getPassword();
-                    final List<String> passwordHistory = user.getPasswordHistory();
-
-                    if (user.verifyPasswordHistory(user.getClearPassword(), pspec.getHistoryLength()))
{
-                        passwordPolicy.getWordsNotPermitted().add(user.getClearPassword());
-                    } else {
-                        if (pspec.getHistoryLength() > 0 && password != null)
{
-                            passwordHistory.add(password);
-                        }
-                        if (pspec.getHistoryLength() < passwordHistory.size()) {
-                            for (int i = 0; i < passwordHistory.size() - pspec.getHistoryLength();
i++) {
-                                passwordHistory.remove(i);
-                            }
-                        }
+                    if (user.verifyPasswordHistory(user.getClearPassword(), ppSpec.getHistoryLength()))
{
+                        evaluatedPPSpec.getWordsNotPermitted().add(user.getClearPassword());
                     }
-                    result = (T) passwordPolicy;
+                    result = (T) evaluatedPPSpec;
                     break;
                 case ACCOUNT:
                 case GLOBAL_ACCOUNT:

Modified: incubator/syncope/trunk/core/src/test/java/org/apache/syncope/core/persistence/dao/MembershipTest.java
URL: http://svn.apache.org/viewvc/incubator/syncope/trunk/core/src/test/java/org/apache/syncope/core/persistence/dao/MembershipTest.java?rev=1400035&r1=1400034&r2=1400035&view=diff
==============================================================================
--- incubator/syncope/trunk/core/src/test/java/org/apache/syncope/core/persistence/dao/MembershipTest.java
(original)
+++ incubator/syncope/trunk/core/src/test/java/org/apache/syncope/core/persistence/dao/MembershipTest.java
Fri Oct 19 10:41:42 2012
@@ -18,9 +18,6 @@
  */
 package org.apache.syncope.core.persistence.dao;
 
-import org.apache.syncope.core.persistence.dao.UserDAO;
-import org.apache.syncope.core.persistence.dao.RoleDAO;
-import org.apache.syncope.core.persistence.dao.MembershipDAO;
 import static org.junit.Assert.*;
 
 import java.util.List;
@@ -47,7 +44,7 @@ public class MembershipTest extends Abst
     @Test
     public void findAll() {
         List<Membership> list = membershipDAO.findAll();
-        assertEquals(6, list.size());
+        assertEquals(7, list.size());
     }
 
     @Test

Modified: incubator/syncope/trunk/core/src/test/java/org/apache/syncope/core/persistence/dao/RoleTest.java
URL: http://svn.apache.org/viewvc/incubator/syncope/trunk/core/src/test/java/org/apache/syncope/core/persistence/dao/RoleTest.java?rev=1400035&r1=1400034&r2=1400035&view=diff
==============================================================================
--- incubator/syncope/trunk/core/src/test/java/org/apache/syncope/core/persistence/dao/RoleTest.java
(original)
+++ incubator/syncope/trunk/core/src/test/java/org/apache/syncope/core/persistence/dao/RoleTest.java
Fri Oct 19 10:41:42 2012
@@ -18,8 +18,6 @@
  */
 package org.apache.syncope.core.persistence.dao;
 
-import org.apache.syncope.core.persistence.dao.PolicyDAO;
-import org.apache.syncope.core.persistence.dao.RoleDAO;
 import static org.junit.Assert.*;
 
 import java.util.List;
@@ -43,12 +41,12 @@ public class RoleTest extends AbstractTe
     @Test
     public void findAll() {
         List<SyncopeRole> list = roleDAO.findAll();
-        assertEquals("did not get expected number of roles ", 13, list.size());
+        assertEquals("did not get expected number of roles ", 14, list.size());
     }
 
     @Test
     public void findChildren() {
-        assertEquals(2, roleDAO.findChildren(4L).size());
+        assertEquals(3, roleDAO.findChildren(4L).size());
     }
 
     @Test

Modified: incubator/syncope/trunk/core/src/test/java/org/apache/syncope/core/persistence/dao/UserTest.java
URL: http://svn.apache.org/viewvc/incubator/syncope/trunk/core/src/test/java/org/apache/syncope/core/persistence/dao/UserTest.java?rev=1400035&r1=1400034&r2=1400035&view=diff
==============================================================================
--- incubator/syncope/trunk/core/src/test/java/org/apache/syncope/core/persistence/dao/UserTest.java
(original)
+++ incubator/syncope/trunk/core/src/test/java/org/apache/syncope/core/persistence/dao/UserTest.java
Fri Oct 19 10:41:42 2012
@@ -18,8 +18,6 @@
  */
 package org.apache.syncope.core.persistence.dao;
 
-import org.apache.syncope.core.persistence.dao.EntitlementDAO;
-import org.apache.syncope.core.persistence.dao.UserDAO;
 import static org.junit.Assert.*;
 
 import java.util.Date;
@@ -119,7 +117,7 @@ public class UserTest extends AbstractTe
         assertNotNull("did not find expected user", user);
         user = userDAO.find(3L);
         assertNotNull("did not find expected user", user);
-        user = userDAO.find(5L);
+        user = userDAO.find(6L);
         assertNull("found user but did not expect it", user);
     }
 
@@ -129,7 +127,7 @@ public class UserTest extends AbstractTe
         assertNotNull("did not find expected user", user);
         user = userDAO.find("user3");
         assertNotNull("did not find expected user", user);
-        user = userDAO.find("user5");
+        user = userDAO.find("user6");
         assertNull("found user but did not expect it", user);
     }
 
@@ -189,4 +187,14 @@ public class UserTest extends AbstractTe
         SyncopeUser actual = userDAO.save(user);
         assertNotNull(actual);
     }
+
+    @Test
+    public void issueSYNCOPE226() {
+        SyncopeUser user = userDAO.find(5L);
+
+        user.setPassword("123password", CipherAlgorithm.AES, 0);
+
+        SyncopeUser actual = userDAO.save(user);
+        assertNotNull(actual);
+    }
 }

Modified: incubator/syncope/trunk/core/src/test/resources/content.xml
URL: http://svn.apache.org/viewvc/incubator/syncope/trunk/core/src/test/resources/content.xml?rev=1400035&r1=1400034&r2=1400035&view=diff
==============================================================================
--- incubator/syncope/trunk/core/src/test/resources/content.xml (original)
+++ incubator/syncope/trunk/core/src/test/resources/content.xml Fri Oct 19 10:41:42 2012
@@ -40,6 +40,7 @@ under the License.
   <Policy DTYPE="AccountPolicy" id="5" description="global account policy" type="GLOBAL_ACCOUNT"
specification="%3Corg.apache.syncope.types.AccountPolicySpec%3E%0A++%3CmaxLength%3E0%3C%2FmaxLength%3E%0A++%3CminLength%3E0%3C%2FminLength%3E%0A++%3CallUpperCase%3Efalse%3C%2FallUpperCase%3E%0A++%3CallLowerCase%3Efalse%3C%2FallLowerCase%3E%0A++%3CpropagateSuspension%3Efalse%3C%2FpropagateSuspension%3E%0A++%3CpermittedLoginRetries%3E0%3C%2FpermittedLoginRetries%3E%0A%3C%2Forg.apache.syncope.types.AccountPolicySpec%3E"/>
   <Policy DTYPE="AccountPolicy" id="6" description="sample account policy" type="ACCOUNT"
specification="%3Corg.apache.syncope.types.AccountPolicySpec%3E%0A++%3CmaxLength%3E0%3C%2FmaxLength%3E%0A++%3CminLength%3E4%3C%2FminLength%3E%0A++%3CprefixesNotPermitted%3E%0A++++%3Cstring%3Enotpermitted1%3C%2Fstring%3E%0A++++%3Cstring%3Enotpermitted2%3C%2Fstring%3E%0A++%3C%2FprefixesNotPermitted%3E%0A++%3CallUpperCase%3Efalse%3C%2FallUpperCase%3E%0A++%3CallLowerCase%3Efalse%3C%2FallLowerCase%3E%0A++%3CpropagateSuspension%3Efalse%3C%2FpropagateSuspension%3E%0A++%3CpermittedLoginRetries%3E3%3C%2FpermittedLoginRetries%3E%0A%3C%2Forg.apache.syncope.types.AccountPolicySpec%3E"/>
   <Policy DTYPE="SyncPolicy" id="7" description="sync policy 1" type="SYNC" specification="%3Corg.apache.syncope.types.SyncPolicySpec%2F%3E"/>
+  <Policy DTYPE="PasswordPolicy" id="8" description="sample password policy" type="PASSWORD"
specification="%3Corg.apache.syncope.types.PasswordPolicySpec%3E%0A++%3ChistoryLength%3E0%3C%2FhistoryLength%3E%0A++%3CmaxLength%3E0%3C%2FmaxLength%3E%0A++%3CminLength%3E10%3C%2FminLength%3E%0A++%3CnonAlphanumericRequired%3Efalse%3C%2FnonAlphanumericRequired%3E%0A++%3CalphanumericRequired%3Efalse%3C%2FalphanumericRequired%3E%0A++%3CdigitRequired%3Etrue%3C%2FdigitRequired%3E%0A++%3ClowercaseRequired%3Efalse%3C%2FlowercaseRequired%3E%0A++%3CuppercaseRequired%3Efalse%3C%2FuppercaseRequired%3E%0A++%3CmustStartWithDigit%3Efalse%3C%2FmustStartWithDigit%3E%0A++%3CmustntStartWithDigit%3Efalse%3C%2FmustntStartWithDigit%3E%0A++%3CmustEndWithDigit%3Efalse%3C%2FmustEndWithDigit%3E%0A++%3CmustntEndWithDigit%3Efalse%3C%2FmustntEndWithDigit%3E%0A++%3CmustStartWithNonAlpha%3Efalse%3C%2FmustStartWithNonAlpha%3E%0A++%3CmustStartWithAlpha%3Efalse%3C%2FmustStartWithAlpha%3E%0A++%3CmustntStartWithNonAlph
 a%3Efalse%3C%2FmustntStartWithNonAlpha%3E%0A++%3CmustntStartWithAlpha%3Efalse%3C%2FmustntStartWithAlpha%3E%0A++%3CmustEndWithNonAlpha%3Efalse%3C%2FmustEndWithNonAlpha%3E%0A++%3CmustEndWithAlpha%3Efalse%3C%2FmustEndWithAlpha%3E%0A++%3CmustntEndWithNonAlpha%3Efalse%3C%2FmustntEndWithNonAlpha%3E%0A++%3CmustntEndWithAlpha%3Efalse%3C%2FmustntEndWithAlpha%3E%0A++%3CprefixesNotPermitted%3E%0A++++%3Cstring%3Enotpermitted1%3C%2Fstring%3E%0A++++%3Cstring%3Enotpermitted2%3C%2Fstring%3E%0A++%3C%2FprefixesNotPermitted%3E%0A%3C%2Forg.apache.syncope.types.PasswordPolicySpec%3E"/>
     
   <SyncopeUser id="1" workflowId="0" status="active" password="5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8"
cipherAlgorithm="SHA1"
                username="user1" creationDate="2010-10-20 11:00:00"/>
@@ -49,6 +50,8 @@ under the License.
                username="user3" creationDate="2010-10-20 11:00:00"/>
   <SyncopeUser id="4" workflowId="0" status="active" password="5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8"
cipherAlgorithm="SHA1"
                username="user4" creationDate="2010-10-20 11:00:00"/>
+  <SyncopeUser id="5" workflowId="0" status="active" password="5f4dcc3b5aa765d61d8327deb882cf99"
cipherAlgorithm="MD5"
+               username="user5" creationDate="2010-10-20 11:00:00"/>
 
   <SyncopeRole id="1" name="root"/>
   <SyncopeRole id="2" name="child" parent_id="1"/>
@@ -77,6 +80,12 @@ under the License.
   <SyncopeRole id="11" name="roleForWorkflowOptIn" parent_id="1"/>
   <SyncopeRole id="12" name="aRoleForPropagation" parent_id="1"/>
   <SyncopeRole id="13" name="bRoleForPropagation" parent_id="1"/>
+  <SyncopeRole id="14"
+               name="artDirector" parent_id="4"
+               inheritAttributes="1" inheritDerivedAttributes="1" inheritVirtualAttributes="1"
+               inheritPasswordPolicy="0" inheritAccountPolicy="0"
+               passwordPolicy_id="8"
+               accountPolicy_id="6"/>
 
   <Membership id="1" syncopeUser_id="1" syncopeRole_id="1"/>
   <Membership id="2" syncopeUser_id="2" syncopeRole_id="1"/>
@@ -84,6 +93,7 @@ under the License.
   <Membership id="4" syncopeUser_id="4" syncopeRole_id="7"/>
   <Membership id="5" syncopeUser_id="1" syncopeRole_id="8"/>
   <Membership id="6" syncopeUser_id="2" syncopeRole_id="3"/>
+  <Membership id="7" syncopeUser_id="5" syncopeRole_id="14"/>
 
   <USchema name="fullname" type="String"
            mandatoryCondition="true" multivalue="0" uniqueConstraint="1" readonly="0"/>



Mime
View raw message