Author: enorman
Date: Thu Aug 12 05:42:49 2010
New Revision: 984646
URL: http://svn.apache.org/viewvc?rev=984646&view=rev
Log:
SLING-1642 User self-registration should be disabled by default
Modified:
sling/trunk/bundles/jcr/jackrabbit-usermanager/src/main/java/org/apache/sling/jackrabbit/usermanager/impl/post/CreateUserServlet.java
sling/trunk/launchpad/integration-tests/src/main/java/org/apache/sling/launchpad/webapp/integrationtest/AbstractAuthenticatedTest.java
sling/trunk/launchpad/integration-tests/src/main/java/org/apache/sling/launchpad/webapp/integrationtest/accessManager/AbstractAccessManagerTest.java
sling/trunk/launchpad/integration-tests/src/main/java/org/apache/sling/launchpad/webapp/integrationtest/userManager/CreateUserTest.java
Modified:
sling/trunk/bundles/jcr/jackrabbit-usermanager/src/main/java/org/apache/sling/jackrabbit/usermanager/impl/post/CreateUserServlet.java
URL:
http://svn.apache.org/viewvc/sling/trunk/bundles/jcr/jackrabbit-usermanager/src/main/java/org/apache/sling/jackrabbit/usermanager/impl/post/CreateUserServlet.java?rev=984646&r1=984645&r2=984646&view=diff
==============================================================================
---
sling/trunk/bundles/jcr/jackrabbit-usermanager/src/main/java/org/apache/sling/jackrabbit/usermanager/impl/post/CreateUserServlet.java
(original)
+++
sling/trunk/bundles/jcr/jackrabbit-usermanager/src/main/java/org/apache/sling/jackrabbit/usermanager/impl/post/CreateUserServlet.java
Thu Aug 12 05:42:49 2010
@@ -100,7 +100,7 @@ public class CreateUserServlet extends A
*/
private static final String PROP_SELF_REGISTRATION_ENABLED =
"self.registration.enabled";
- private static final Boolean DEFAULT_SELF_REGISTRATION_ENABLED =
Boolean.TRUE;
+ private static final Boolean DEFAULT_SELF_REGISTRATION_ENABLED =
Boolean.FALSE;
private Boolean selfRegistrationEnabled =
DEFAULT_SELF_REGISTRATION_ENABLED;
Modified:
sling/trunk/launchpad/integration-tests/src/main/java/org/apache/sling/launchpad/webapp/integrationtest/AbstractAuthenticatedTest.java
URL:
http://svn.apache.org/viewvc/sling/trunk/launchpad/integration-tests/src/main/java/org/apache/sling/launchpad/webapp/integrationtest/AbstractAuthenticatedTest.java?rev=984646&r1=984645&r2=984646&view=diff
==============================================================================
---
sling/trunk/launchpad/integration-tests/src/main/java/org/apache/sling/launchpad/webapp/integrationtest/AbstractAuthenticatedTest.java
(original)
+++
sling/trunk/launchpad/integration-tests/src/main/java/org/apache/sling/launchpad/webapp/integrationtest/AbstractAuthenticatedTest.java
Thu Aug 12 05:42:49 2010
@@ -164,7 +164,8 @@ public abstract class AbstractAuthentica
postParams.add(new NameValuePair(":name", testUserId));
postParams.add(new NameValuePair("pwd", "testPwd"));
postParams.add(new NameValuePair("pwdConfirm", "testPwd"));
- assertPostStatus(postUrl, HttpServletResponse.SC_OK, postParams, null);
+ Credentials creds = new UsernamePasswordCredentials("admin",
"admin");
+ assertAuthenticatedPostStatus(creds, postUrl,
HttpServletResponse.SC_OK, postParams, null);
return testUserId;
}
Modified:
sling/trunk/launchpad/integration-tests/src/main/java/org/apache/sling/launchpad/webapp/integrationtest/accessManager/AbstractAccessManagerTest.java
URL:
http://svn.apache.org/viewvc/sling/trunk/launchpad/integration-tests/src/main/java/org/apache/sling/launchpad/webapp/integrationtest/accessManager/AbstractAccessManagerTest.java?rev=984646&r1=984645&r2=984646&view=diff
==============================================================================
---
sling/trunk/launchpad/integration-tests/src/main/java/org/apache/sling/launchpad/webapp/integrationtest/accessManager/AbstractAccessManagerTest.java
(original)
+++
sling/trunk/launchpad/integration-tests/src/main/java/org/apache/sling/launchpad/webapp/integrationtest/accessManager/AbstractAccessManagerTest.java
Thu Aug 12 05:42:49 2010
@@ -162,7 +162,8 @@ public abstract class AbstractAccessMana
postParams.add(new NameValuePair(":name", testUserId));
postParams.add(new NameValuePair("pwd", "testPwd"));
postParams.add(new NameValuePair("pwdConfirm", "testPwd"));
- assertPostStatus(postUrl, HttpServletResponse.SC_OK,
postParams, null);
+ Credentials creds = new UsernamePasswordCredentials("admin",
"admin");
+ assertAuthenticatedPostStatus(creds, postUrl,
HttpServletResponse.SC_OK, postParams, null);
return testUserId;
}
Modified:
sling/trunk/launchpad/integration-tests/src/main/java/org/apache/sling/launchpad/webapp/integrationtest/userManager/CreateUserTest.java
URL:
http://svn.apache.org/viewvc/sling/trunk/launchpad/integration-tests/src/main/java/org/apache/sling/launchpad/webapp/integrationtest/userManager/CreateUserTest.java?rev=984646&r1=984645&r2=984646&view=diff
==============================================================================
---
sling/trunk/launchpad/integration-tests/src/main/java/org/apache/sling/launchpad/webapp/integrationtest/userManager/CreateUserTest.java
(original)
+++
sling/trunk/launchpad/integration-tests/src/main/java/org/apache/sling/launchpad/webapp/integrationtest/userManager/CreateUserTest.java
Thu Aug 12 05:42:49 2010
@@ -63,11 +63,11 @@ public class CreateUserTest extends Abst
postParams.add(new NameValuePair("marker", testUserId));
postParams.add(new NameValuePair("pwd", "testPwd"));
postParams.add(new NameValuePair("pwdConfirm", "testPwd"));
- assertPostStatus(postUrl, HttpServletResponse.SC_OK,
postParams, null);
+ Credentials creds = new UsernamePasswordCredentials("admin",
"admin");
+ assertAuthenticatedPostStatus(creds, postUrl,
HttpServletResponse.SC_OK, postParams, null);
//fetch the user profile json to verify the settings
String getUrl = HTTP_BASE_URL + "/system/userManager/user/" +
testUserId + ".json";
- Credentials creds = new UsernamePasswordCredentials("admin",
"admin");
String json = getAuthenticatedContent(creds, getUrl,
CONTENT_TYPE_JSON, null, HttpServletResponse.SC_OK);
assertNotNull(json);
JSONObject jsonObj = new JSONObject(json);
@@ -81,7 +81,8 @@ public class CreateUserTest extends Abst
String postUrl = HTTP_BASE_URL +
"/system/userManager/user.create.html";
List<NameValuePair> postParams = new ArrayList<NameValuePair>();
- assertPostStatus(postUrl,
HttpServletResponse.SC_INTERNAL_SERVER_ERROR, postParams, null);
+ Credentials creds = new UsernamePasswordCredentials("admin",
"admin");
+ assertAuthenticatedPostStatus(creds, postUrl,
HttpServletResponse.SC_INTERNAL_SERVER_ERROR, postParams, null);
}
public void testCreateUserMissingPwd() throws IOException {
@@ -90,7 +91,8 @@ public class CreateUserTest extends Abst
String userId = "testUser" + (counter++);
List<NameValuePair> postParams = new ArrayList<NameValuePair>();
postParams.add(new NameValuePair(":name", userId));
- assertPostStatus(postUrl,
HttpServletResponse.SC_INTERNAL_SERVER_ERROR, postParams, null);
+ Credentials creds = new UsernamePasswordCredentials("admin",
"admin");
+ assertAuthenticatedPostStatus(creds, postUrl,
HttpServletResponse.SC_INTERNAL_SERVER_ERROR, postParams, null);
}
public void testCreateUserWrongConfirmPwd() throws IOException {
@@ -101,7 +103,8 @@ public class CreateUserTest extends Abst
postParams.add(new NameValuePair(":name", userId));
postParams.add(new NameValuePair("pwd", "testPwd"));
postParams.add(new NameValuePair("pwdConfirm", "testPwd2"));
- assertPostStatus(postUrl,
HttpServletResponse.SC_INTERNAL_SERVER_ERROR, postParams, null);
+ Credentials creds = new UsernamePasswordCredentials("admin",
"admin");
+ assertAuthenticatedPostStatus(creds, postUrl,
HttpServletResponse.SC_INTERNAL_SERVER_ERROR, postParams, null);
}
public void testCreateUserUserAlreadyExists() throws IOException {
@@ -112,10 +115,11 @@ public class CreateUserTest extends Abst
postParams.add(new NameValuePair(":name", testUserId));
postParams.add(new NameValuePair("pwd", "testPwd"));
postParams.add(new NameValuePair("pwdConfirm", "testPwd"));
- assertPostStatus(postUrl, HttpServletResponse.SC_OK,
postParams, null);
+ Credentials creds = new UsernamePasswordCredentials("admin",
"admin");
+ assertAuthenticatedPostStatus(creds, postUrl,
HttpServletResponse.SC_OK, postParams, null);
//post the same info again, should fail
- assertPostStatus(postUrl,
HttpServletResponse.SC_INTERNAL_SERVER_ERROR, postParams, null);
+ assertAuthenticatedPostStatus(creds, postUrl,
HttpServletResponse.SC_INTERNAL_SERVER_ERROR, postParams, null);
}
/*
@@ -139,11 +143,11 @@ public class CreateUserTest extends Abst
postParams.add(new NameValuePair("pwdConfirm", "testPwd"));
postParams.add(new NameValuePair("displayName", "My Test
User"));
postParams.add(new NameValuePair("url",
"http://www.apache.org";));
- assertPostStatus(postUrl, HttpServletResponse.SC_OK,
postParams, null);
+ Credentials creds = new UsernamePasswordCredentials("admin",
"admin");
+ assertAuthenticatedPostStatus(creds, postUrl,
HttpServletResponse.SC_OK, postParams, null);
//fetch the user profile json to verify the settings
String getUrl = HTTP_BASE_URL + "/system/userManager/user/" +
testUserId + ".json";
- Credentials creds = new UsernamePasswordCredentials("admin",
"admin");
String json = getAuthenticatedContent(creds, getUrl,
CONTENT_TYPE_JSON, null, HttpServletResponse.SC_OK);
assertNotNull(json);
JSONObject jsonObj = new JSONObject(json);
@@ -154,4 +158,21 @@ public class CreateUserTest extends Abst
assertFalse(jsonObj.has("pwd"));
assertFalse(jsonObj.has("pwdConfirm"));
}
+
+ /**
+ * Test for SLING-1642 to verify that user self-registration by the
anonymous
+ * user is not allowed by default.
+ */
+ public void testAnonymousSelfRegistrationDisabled() throws IOException {
+ String postUrl = HTTP_BASE_URL +
"/system/userManager/user.create.html";
+
+ String userId = "testUser" + (counter++);
+ List<NameValuePair> postParams = new ArrayList<NameValuePair>();
+ postParams.add(new NameValuePair(":name", userId));
+ postParams.add(new NameValuePair("pwd", "testPwd"));
+ postParams.add(new NameValuePair("pwdConfirm", "testPwd"));
+ //user create without logging in as a privileged user should
return a 500 error
+ httpClient.getState().clearCredentials();
+ assertPostStatus(postUrl,
HttpServletResponse.SC_INTERNAL_SERVER_ERROR, postParams, null);
+ }
}
