syncope-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ilgro...@apache.org
Subject syncope git commit: [SYNCOPE-1210] Random password generation during propagation is now correctly resource-based
Date Wed, 20 Sep 2017 10:44:49 GMT
Repository: syncope
Updated Branches:
  refs/heads/1_2_X 9ad14b17a -> 59a9d66b9


[SYNCOPE-1210] Random password generation during propagation is now correctly resource-based


Project: http://git-wip-us.apache.org/repos/asf/syncope/repo
Commit: http://git-wip-us.apache.org/repos/asf/syncope/commit/59a9d66b
Tree: http://git-wip-us.apache.org/repos/asf/syncope/tree/59a9d66b
Diff: http://git-wip-us.apache.org/repos/asf/syncope/diff/59a9d66b

Branch: refs/heads/1_2_X
Commit: 59a9d66b90874c64c19fefd2c1cb51c24bb7ec18
Parents: 9ad14b1
Author: Francesco Chicchiriccò <ilgrosso@apache.org>
Authored: Wed Sep 20 12:44:42 2017 +0200
Committer: Francesco Chicchiriccò <ilgrosso@apache.org>
Committed: Wed Sep 20 12:44:42 2017 +0200

----------------------------------------------------------------------
 .../syncope/core/connid/PasswordGenerator.java  | 34 ++++----------------
 .../apache/syncope/core/util/MappingUtil.java   |  6 ++--
 .../core/connid/PasswordGeneratorTest.java      | 31 ++++++------------
 3 files changed, 19 insertions(+), 52 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/syncope/blob/59a9d66b/core/src/main/java/org/apache/syncope/core/connid/PasswordGenerator.java
----------------------------------------------------------------------
diff --git a/core/src/main/java/org/apache/syncope/core/connid/PasswordGenerator.java b/core/src/main/java/org/apache/syncope/core/connid/PasswordGenerator.java
index 108dcb3..0ef7ecb 100644
--- a/core/src/main/java/org/apache/syncope/core/connid/PasswordGenerator.java
+++ b/core/src/main/java/org/apache/syncope/core/connid/PasswordGenerator.java
@@ -25,14 +25,11 @@ import org.apache.commons.lang3.StringUtils;
 import org.apache.syncope.common.types.PasswordPolicySpec;
 import org.apache.syncope.core.persistence.beans.ExternalResource;
 import org.apache.syncope.core.persistence.beans.PasswordPolicy;
-import org.apache.syncope.core.persistence.beans.role.SyncopeRole;
-import org.apache.syncope.core.persistence.beans.user.SyncopeUser;
-import org.apache.syncope.core.persistence.dao.PolicyDAO;
 import org.apache.syncope.core.policy.PolicyPattern;
 import org.apache.syncope.core.util.InvalidPasswordPolicySpecException;
 import org.apache.syncope.core.util.SecureRandomUtil;
-import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Component;
+import org.springframework.transaction.annotation.Transactional;
 
 /**
  * Generate random passwords according to given policies.
@@ -49,10 +46,7 @@ public class PasswordGenerator {
 
     private static final int VERY_MAX_LENGTH = 64;
 
-    private static final int MIN_LENGTH_IF_ZERO = 6;
-
-    @Autowired
-    private PolicyDAO policyDAO;
+    private static final int MIN_LENGTH_IF_ZERO = 8;
 
     public String generate(final List<PasswordPolicySpec> ppSpecs)
             throws InvalidPasswordPolicySpecException {
@@ -64,30 +58,16 @@ public class PasswordGenerator {
         return generate(policySpec);
     }
 
-    public String generate(final SyncopeUser user)
+    @Transactional(readOnly = true)
+    public String generate(final ExternalResource resource)
             throws InvalidPasswordPolicySpecException {
 
         List<PasswordPolicySpec> ppSpecs = new ArrayList<PasswordPolicySpec>();
 
-        PasswordPolicy globalPP = policyDAO.getGlobalPasswordPolicy();
-        if (globalPP != null && globalPP.getSpecification(PasswordPolicySpec.class)
!= null) {
-            ppSpecs.add(globalPP.getSpecification(PasswordPolicySpec.class));
-        }
-
-        for (SyncopeRole role : user.getRoles()) {
-            if (role.getPasswordPolicy() != null
-                    && role.getPasswordPolicy().getSpecification(PasswordPolicySpec.class)
!= null) {
-
-                ppSpecs.add(role.getPasswordPolicy().getSpecification(PasswordPolicySpec.class));
-            }
-        }
+        if (resource.getPasswordPolicy() != null
+                && resource.getPasswordPolicy().getSpecification(PasswordPolicySpec.class)
!= null) {
 
-        for (ExternalResource resource : user.getResources()) {
-            if (resource.getPasswordPolicy() != null
-                    && resource.getPasswordPolicy().getSpecification(PasswordPolicySpec.class)
!= null) {
-
-                ppSpecs.add(resource.getPasswordPolicy().getSpecification(PasswordPolicySpec.class));
-            }
+            ppSpecs.add(resource.getPasswordPolicy().getSpecification(PasswordPolicySpec.class));
         }
 
         PasswordPolicySpec policySpec = merge(ppSpecs);

http://git-wip-us.apache.org/repos/asf/syncope/blob/59a9d66b/core/src/main/java/org/apache/syncope/core/util/MappingUtil.java
----------------------------------------------------------------------
diff --git a/core/src/main/java/org/apache/syncope/core/util/MappingUtil.java b/core/src/main/java/org/apache/syncope/core/util/MappingUtil.java
index ae89206..edda35d 100644
--- a/core/src/main/java/org/apache/syncope/core/util/MappingUtil.java
+++ b/core/src/main/java/org/apache/syncope/core/util/MappingUtil.java
@@ -354,7 +354,7 @@ public final class MappingUtil {
                         }
                     } else if (resource.isRandomPwdIfNotProvided()) {
                         try {
-                            passwordAttrValue = passwordGenerator.generate(user);
+                            passwordAttrValue = passwordGenerator.generate(resource);
                         } catch (InvalidPasswordPolicySpecException e) {
                             LOG.error("Could not generate policy-compliant random password
for {}", user, e);
                         }
@@ -377,8 +377,8 @@ public final class MappingUtil {
                 } else {
                     result = new AbstractMap.SimpleEntry<String, Attribute>(
                             null, objValues.isEmpty()
-                                    ? AttributeBuilder.build(extAttrName)
-                                    : AttributeBuilder.build(extAttrName, objValues.iterator().next()));
+                            ? AttributeBuilder.build(extAttrName)
+                            : AttributeBuilder.build(extAttrName, objValues.iterator().next()));
                 }
             }
         }

http://git-wip-us.apache.org/repos/asf/syncope/blob/59a9d66b/core/src/test/java/org/apache/syncope/core/connid/PasswordGeneratorTest.java
----------------------------------------------------------------------
diff --git a/core/src/test/java/org/apache/syncope/core/connid/PasswordGeneratorTest.java
b/core/src/test/java/org/apache/syncope/core/connid/PasswordGeneratorTest.java
index 54fb4d6..6293deb 100644
--- a/core/src/test/java/org/apache/syncope/core/connid/PasswordGeneratorTest.java
+++ b/core/src/test/java/org/apache/syncope/core/connid/PasswordGeneratorTest.java
@@ -29,6 +29,7 @@ import org.apache.syncope.common.types.CipherAlgorithm;
 import org.apache.syncope.common.types.PasswordPolicySpec;
 import org.apache.syncope.core.AbstractNonDAOTest;
 import org.apache.syncope.core.persistence.beans.user.SyncopeUser;
+import org.apache.syncope.core.persistence.dao.ResourceDAO;
 import org.apache.syncope.core.persistence.dao.UserDAO;
 import org.apache.syncope.core.policy.PolicyPattern;
 import org.apache.syncope.core.util.InvalidPasswordPolicySpecException;
@@ -45,20 +46,8 @@ public class PasswordGeneratorTest extends AbstractNonDAOTest {
     @Autowired
     private UserDAO userDAO;
 
-    @Test
-    public void forUser() {
-        SyncopeUser user = userDAO.find(5L);
-        String password = null;
-        try {
-            password = passwordGenerator.generate(user);
-        } catch (InvalidPasswordPolicySpecException ex) {
-            fail(ex.getMessage());
-        }
-        assertNotNull(password);
-
-        user.setPassword(password, CipherAlgorithm.SHA);
-        userDAO.save(user);
-    }
+    @Autowired
+    private ResourceDAO resourceDAO;
 
     private PasswordPolicySpec createBasePasswordPolicySpec() {
         PasswordPolicySpec basePasswordPolicySpec = new PasswordPolicySpec();
@@ -144,20 +133,18 @@ public class PasswordGeneratorTest extends AbstractNonDAOTest {
     }
 
     @Test
-    public void issueSYNCOPE226() {
-        SyncopeUser user = userDAO.find(5L);
-        String password = null;
+    public void testPasswordGenerator() {
+        String password = "";
         try {
-            password = passwordGenerator.generate(user);
+            password = passwordGenerator.generate(resourceDAO.find("ws-target-resource-nopropagation"));
         } catch (InvalidPasswordPolicySpecException e) {
             fail(e.getMessage());
         }
         assertNotNull(password);
 
-        user.setPassword(password, CipherAlgorithm.AES);
-
-        SyncopeUser actual = userDAO.save(user);
-        assertNotNull(actual);
+        SyncopeUser user = userDAO.find(4L);
+        user.setPassword(password, CipherAlgorithm.SHA);
+        userDAO.save(user);
     }
 
     @Test


Mime
View raw message