syncope-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ilgro...@apache.org
Subject [2/2] syncope git commit: [SYNCOPE-706] Fix provided
Date Tue, 13 Oct 2015 07:53:28 GMT
[SYNCOPE-706] Fix provided


Project: http://git-wip-us.apache.org/repos/asf/syncope/repo
Commit: http://git-wip-us.apache.org/repos/asf/syncope/commit/a3e23c1f
Tree: http://git-wip-us.apache.org/repos/asf/syncope/tree/a3e23c1f
Diff: http://git-wip-us.apache.org/repos/asf/syncope/diff/a3e23c1f

Branch: refs/heads/master
Commit: a3e23c1f175dbdda338c4cf01d8acf6fc3c4f365
Parents: 7b2a28d
Author: Francesco Chicchiriccò <ilgrosso@apache.org>
Authored: Tue Oct 13 09:53:12 2015 +0200
Committer: Francesco Chicchiriccò <ilgrosso@apache.org>
Committed: Tue Oct 13 09:53:12 2015 +0200

----------------------------------------------------------------------
 .../client/lib/SyncopeClientFactoryBean.java    | 15 +++++++++++-
 .../core/misc/security/AuthDataAccessor.java    | 10 +++++++-
 .../security/SyncopeAuthenticationProvider.java |  6 ++---
 .../core/reference/AuthenticationITCase.java    | 24 +++++++++++++++++---
 .../syncope/fit/core/reference/GroupITCase.java |  2 +-
 .../fit/core/reference/PlainSchemaITCase.java   |  2 +-
 .../fit/core/reference/ResourceITCase.java      |  2 +-
 .../fit/core/reference/UserSelfITCase.java      | 10 ++++----
 8 files changed, 55 insertions(+), 16 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/syncope/blob/a3e23c1f/client/lib/src/main/java/org/apache/syncope/client/lib/SyncopeClientFactoryBean.java
----------------------------------------------------------------------
diff --git a/client/lib/src/main/java/org/apache/syncope/client/lib/SyncopeClientFactoryBean.java
b/client/lib/src/main/java/org/apache/syncope/client/lib/SyncopeClientFactoryBean.java
index 01a36ec..46dc302 100644
--- a/client/lib/src/main/java/org/apache/syncope/client/lib/SyncopeClientFactoryBean.java
+++ b/client/lib/src/main/java/org/apache/syncope/client/lib/SyncopeClientFactoryBean.java
@@ -225,10 +225,23 @@ public class SyncopeClientFactoryBean {
         return this;
     }
 
-    public SyncopeClient createAnonymous() {
+    /**
+     * Builds client instance with no authentication, for user self-registration and related
queries (schema,
+     * resources, ...).
+     *
+     * @return client instance with no authentication
+     */
+    public SyncopeClient create() {
         return create(null, null);
     }
 
+    /**
+     * Builds client instance with the given credentials.
+     *
+     * @param username username
+     * @param password password
+     * @return client instance with the given credentials
+     */
     public SyncopeClient create(final String username, final String password) {
         return new SyncopeClient(
                 getContentType().getMediaType(),

http://git-wip-us.apache.org/repos/asf/syncope/blob/a3e23c1f/core/misc/src/main/java/org/apache/syncope/core/misc/security/AuthDataAccessor.java
----------------------------------------------------------------------
diff --git a/core/misc/src/main/java/org/apache/syncope/core/misc/security/AuthDataAccessor.java
b/core/misc/src/main/java/org/apache/syncope/core/misc/security/AuthDataAccessor.java
index 10eb235..7dc576a 100644
--- a/core/misc/src/main/java/org/apache/syncope/core/misc/security/AuthDataAccessor.java
+++ b/core/misc/src/main/java/org/apache/syncope/core/misc/security/AuthDataAccessor.java
@@ -116,14 +116,22 @@ public class AuthDataAccessor {
         return domain;
     }
 
+    /**
+     * Attempts to authenticate the given credentials against internal storage and pass-through
resources (if
+     * configured): the first succeeding causes global success.
+     *
+     * @param authentication given credentials
+     * @return {@code null} if no matching user was found, authentication result otherwise
+     */
     @Transactional(noRollbackFor = DisabledException.class)
     public Pair<Long, Boolean> authenticate(final Authentication authentication) {
         Long key = null;
-        Boolean authenticated = false;
+        Boolean authenticated = null;
 
         User user = userDAO.find(authentication.getName());
         if (user != null) {
             key = user.getKey();
+            authenticated = false;
 
             if (user.isSuspended() != null && user.isSuspended()) {
                 throw new DisabledException("User " + user.getUsername() + " is suspended");

http://git-wip-us.apache.org/repos/asf/syncope/blob/a3e23c1f/core/misc/src/main/java/org/apache/syncope/core/misc/security/SyncopeAuthenticationProvider.java
----------------------------------------------------------------------
diff --git a/core/misc/src/main/java/org/apache/syncope/core/misc/security/SyncopeAuthenticationProvider.java
b/core/misc/src/main/java/org/apache/syncope/core/misc/security/SyncopeAuthenticationProvider.java
index ff7e453..313b0f1 100644
--- a/core/misc/src/main/java/org/apache/syncope/core/misc/security/SyncopeAuthenticationProvider.java
+++ b/core/misc/src/main/java/org/apache/syncope/core/misc/security/SyncopeAuthenticationProvider.java
@@ -98,7 +98,7 @@ public class SyncopeAuthenticationProvider implements AuthenticationProvider
{
         }
         SyncopeAuthenticationDetails.class.cast(authentication.getDetails()).setDomain(domainKey);
 
-        boolean authenticated;
+        Boolean authenticated;
         if (anonymousUser.equals(authentication.getName())) {
             authenticated = authentication.getCredentials().toString().equals(anonymousKey);
         } else if (adminUser.equals(authentication.getName())) {
@@ -133,7 +133,7 @@ public class SyncopeAuthenticationProvider implements AuthenticationProvider
{
                         }
                     });
             authenticated = authResult.getValue();
-            if (!authenticated) {
+            if (authenticated != null && !authenticated) {
                 AuthContextUtils.execWithAuthContext(domainKey, new Executable<Void>()
{
 
                     @Override
@@ -145,7 +145,7 @@ public class SyncopeAuthenticationProvider implements AuthenticationProvider
{
             }
         }
 
-        final boolean isAuthenticated = authenticated;
+        final boolean isAuthenticated = authenticated != null && authenticated;
         UsernamePasswordAuthenticationToken token;
         if (isAuthenticated) {
             token = AuthContextUtils.execWithAuthContext(

http://git-wip-us.apache.org/repos/asf/syncope/blob/a3e23c1f/fit/core-reference/src/test/java/org/apache/syncope/fit/core/reference/AuthenticationITCase.java
----------------------------------------------------------------------
diff --git a/fit/core-reference/src/test/java/org/apache/syncope/fit/core/reference/AuthenticationITCase.java
b/fit/core-reference/src/test/java/org/apache/syncope/fit/core/reference/AuthenticationITCase.java
index 3f82edf..262d34e 100644
--- a/fit/core-reference/src/test/java/org/apache/syncope/fit/core/reference/AuthenticationITCase.java
+++ b/fit/core-reference/src/test/java/org/apache/syncope/fit/core/reference/AuthenticationITCase.java
@@ -87,15 +87,15 @@ public class AuthenticationITCase extends AbstractITCase {
 
     @Test
     public void testReadEntitlements() {
-        // 1. as anonymous (not allowed)
+        // 1. as not authenticated (not allowed)
         try {
-            clientFactory.createAnonymous().self();
+            clientFactory.create().self();
             fail();
         } catch (AccessControlException e) {
             assertNotNull(e);
         }
 
-        // 2. as authenticated anonymous (used by admin console)
+        // 2. as anonymous
         Pair<Map<String, Set<String>>, UserTO> self = clientFactory.create(ANONYMOUS_UNAME,
ANONYMOUS_KEY).self();
         assertEquals(1, self.getKey().size());
         assertTrue(self.getKey().keySet().contains(Entitlement.ANONYMOUS));
@@ -467,4 +467,22 @@ public class AuthenticationITCase extends AbstractITCase {
         self = clientFactory.create(user.getUsername(), "password234").self();
         assertNotNull(self);
     }
+
+    @Test
+    public void issueSYNCOPE706() {
+        String username = getUUIDString();
+        try {
+            userService.getUserKey(username);
+            fail();
+        } catch (SyncopeClientException e) {
+            assertEquals(ClientExceptionType.NotFound, e.getType());
+        }
+
+        try {
+            clientFactory.create(username, "anypassword").self();
+            fail();
+        } catch (AccessControlException e) {
+            assertNotNull(e.getMessage());
+        }
+    }
 }

http://git-wip-us.apache.org/repos/asf/syncope/blob/a3e23c1f/fit/core-reference/src/test/java/org/apache/syncope/fit/core/reference/GroupITCase.java
----------------------------------------------------------------------
diff --git a/fit/core-reference/src/test/java/org/apache/syncope/fit/core/reference/GroupITCase.java
b/fit/core-reference/src/test/java/org/apache/syncope/fit/core/reference/GroupITCase.java
index f1cc587..1abb943 100644
--- a/fit/core-reference/src/test/java/org/apache/syncope/fit/core/reference/GroupITCase.java
+++ b/fit/core-reference/src/test/java/org/apache/syncope/fit/core/reference/GroupITCase.java
@@ -584,7 +584,7 @@ public class GroupITCase extends AbstractITCase {
 
     @Test
     public void anonymous() {
-        GroupService unauthenticated = clientFactory.createAnonymous().getService(GroupService.class);
+        GroupService unauthenticated = clientFactory.create().getService(GroupService.class);
         try {
             unauthenticated.
                     list(SyncopeClient.getAnySearchQueryBuilder().realm(SyncopeConstants.ROOT_REALM).build());

http://git-wip-us.apache.org/repos/asf/syncope/blob/a3e23c1f/fit/core-reference/src/test/java/org/apache/syncope/fit/core/reference/PlainSchemaITCase.java
----------------------------------------------------------------------
diff --git a/fit/core-reference/src/test/java/org/apache/syncope/fit/core/reference/PlainSchemaITCase.java
b/fit/core-reference/src/test/java/org/apache/syncope/fit/core/reference/PlainSchemaITCase.java
index 679288c..ad35195 100644
--- a/fit/core-reference/src/test/java/org/apache/syncope/fit/core/reference/PlainSchemaITCase.java
+++ b/fit/core-reference/src/test/java/org/apache/syncope/fit/core/reference/PlainSchemaITCase.java
@@ -318,7 +318,7 @@ public class PlainSchemaITCase extends AbstractITCase {
 
     @Test
     public void anonymous() {
-        SchemaService unauthenticated = clientFactory.createAnonymous().getService(SchemaService.class);
+        SchemaService unauthenticated = clientFactory.create().getService(SchemaService.class);
         try {
             unauthenticated.list(SchemaType.VIRTUAL);
             fail();

http://git-wip-us.apache.org/repos/asf/syncope/blob/a3e23c1f/fit/core-reference/src/test/java/org/apache/syncope/fit/core/reference/ResourceITCase.java
----------------------------------------------------------------------
diff --git a/fit/core-reference/src/test/java/org/apache/syncope/fit/core/reference/ResourceITCase.java
b/fit/core-reference/src/test/java/org/apache/syncope/fit/core/reference/ResourceITCase.java
index 99aa93b..07433b7 100644
--- a/fit/core-reference/src/test/java/org/apache/syncope/fit/core/reference/ResourceITCase.java
+++ b/fit/core-reference/src/test/java/org/apache/syncope/fit/core/reference/ResourceITCase.java
@@ -511,7 +511,7 @@ public class ResourceITCase extends AbstractITCase {
 
     @Test
     public void anonymous() {
-        ResourceService unauthenticated = clientFactory.createAnonymous().getService(ResourceService.class);
+        ResourceService unauthenticated = clientFactory.create().getService(ResourceService.class);
         try {
             unauthenticated.list();
             fail();

http://git-wip-us.apache.org/repos/asf/syncope/blob/a3e23c1f/fit/core-reference/src/test/java/org/apache/syncope/fit/core/reference/UserSelfITCase.java
----------------------------------------------------------------------
diff --git a/fit/core-reference/src/test/java/org/apache/syncope/fit/core/reference/UserSelfITCase.java
b/fit/core-reference/src/test/java/org/apache/syncope/fit/core/reference/UserSelfITCase.java
index 97df025..083d439 100644
--- a/fit/core-reference/src/test/java/org/apache/syncope/fit/core/reference/UserSelfITCase.java
+++ b/fit/core-reference/src/test/java/org/apache/syncope/fit/core/reference/UserSelfITCase.java
@@ -82,7 +82,7 @@ public class UserSelfITCase extends AbstractITCase {
         }
 
         // 2. self-registration as anonymous: works
-        SyncopeClient anonClient = clientFactory.createAnonymous();
+        SyncopeClient anonClient = clientFactory.create();
         UserTO self = anonClient.getService(UserSelfService.class).
                 create(UserITCase.getUniqueSampleTO("anonymous@syncope.apache.org"), true).
                 readEntity(UserTO.class);
@@ -99,7 +99,7 @@ public class UserSelfITCase extends AbstractITCase {
         userTO.getMemberships().add(new MembershipTO.Builder().group(3L).build());
         userTO.getResources().add(RESOURCE_NAME_TESTDB);
 
-        SyncopeClient anonClient = clientFactory.createAnonymous();
+        SyncopeClient anonClient = clientFactory.create();
         userTO = anonClient.getService(UserSelfService.class).
                 create(userTO, true).
                 readEntity(UserTO.class);
@@ -243,7 +243,7 @@ public class UserSelfITCase extends AbstractITCase {
     public void noContent() throws IOException {
         Assume.assumeTrue(ActivitiDetector.isActivitiEnabledForUsers(syncopeService));
 
-        SyncopeClient anonClient = clientFactory.createAnonymous();
+        SyncopeClient anonClient = clientFactory.create();
         UserSelfService noContentService = anonClient.prefer(UserSelfService.class, Preference.RETURN_NO_CONTENT);
 
         UserTO user = UserITCase.getUniqueSampleTO("nocontent-anonymous@syncope.apache.org");
@@ -278,7 +278,7 @@ public class UserSelfITCase extends AbstractITCase {
         assertNotNull(read);
 
         // 3. request password reset (as anonymous) providing the expected security answer
-        SyncopeClient anonClient = clientFactory.createAnonymous();
+        SyncopeClient anonClient = clientFactory.create();
         try {
             anonClient.getService(UserSelfService.class).requestPasswordReset(user.getUsername(),
"WRONG");
             fail();
@@ -329,7 +329,7 @@ public class UserSelfITCase extends AbstractITCase {
         assertNotNull(read);
 
         // 3. request password reset (as anonymous) with no security answer
-        SyncopeClient anonClient = clientFactory.createAnonymous();
+        SyncopeClient anonClient = clientFactory.create();
         anonClient.getService(UserSelfService.class).requestPasswordReset(user.getUsername(),
null);
 
         // 4. get token (normally sent via e-mail, now reading as admin)


Mime
View raw message