Author: enorman Date: Thu Aug 12 05:42:49 2010 New Revision: 984646 URL: http://svn.apache.org/viewvc?rev=984646&view=rev Log: SLING-1642 User self-registration should be disabled by default
Modified: sling/trunk/bundles/jcr/jackrabbit-usermanager/src/main/java/org/apache/sling/jackrabbit/usermanager/impl/post/CreateUserServlet.java sling/trunk/launchpad/integration-tests/src/main/java/org/apache/sling/launchpad/webapp/integrationtest/AbstractAuthenticatedTest.java sling/trunk/launchpad/integration-tests/src/main/java/org/apache/sling/launchpad/webapp/integrationtest/accessManager/AbstractAccessManagerTest.java sling/trunk/launchpad/integration-tests/src/main/java/org/apache/sling/launchpad/webapp/integrationtest/userManager/CreateUserTest.java Modified: sling/trunk/bundles/jcr/jackrabbit-usermanager/src/main/java/org/apache/sling/jackrabbit/usermanager/impl/post/CreateUserServlet.java URL: http://svn.apache.org/viewvc/sling/trunk/bundles/jcr/jackrabbit-usermanager/src/main/java/org/apache/sling/jackrabbit/usermanager/impl/post/CreateUserServlet.java?rev=984646&r1=984645&r2=984646&view=diff ============================================================================== --- sling/trunk/bundles/jcr/jackrabbit-usermanager/src/main/java/org/apache/sling/jackrabbit/usermanager/impl/post/CreateUserServlet.java (original) +++ sling/trunk/bundles/jcr/jackrabbit-usermanager/src/main/java/org/apache/sling/jackrabbit/usermanager/impl/post/CreateUserServlet.java Thu Aug 12 05:42:49 2010 @@ -100,7 +100,7 @@ public class CreateUserServlet extends A */ private static final String PROP_SELF_REGISTRATION_ENABLED = "self.registration.enabled"; - private static final Boolean DEFAULT_SELF_REGISTRATION_ENABLED = Boolean.TRUE; + private static final Boolean DEFAULT_SELF_REGISTRATION_ENABLED = Boolean.FALSE; private Boolean selfRegistrationEnabled = DEFAULT_SELF_REGISTRATION_ENABLED; Modified: sling/trunk/launchpad/integration-tests/src/main/java/org/apache/sling/launchpad/webapp/integrationtest/AbstractAuthenticatedTest.java URL: http://svn.apache.org/viewvc/sling/trunk/launchpad/integration-tests/src/main/java/org/apache/sling/launchpad/webapp/integrationtest/AbstractAuthenticatedTest.java?rev=984646&r1=984645&r2=984646&view=diff ============================================================================== --- sling/trunk/launchpad/integration-tests/src/main/java/org/apache/sling/launchpad/webapp/integrationtest/AbstractAuthenticatedTest.java (original) +++ sling/trunk/launchpad/integration-tests/src/main/java/org/apache/sling/launchpad/webapp/integrationtest/AbstractAuthenticatedTest.java Thu Aug 12 05:42:49 2010 @@ -164,7 +164,8 @@ public abstract class AbstractAuthentica postParams.add(new NameValuePair(":name", testUserId)); postParams.add(new NameValuePair("pwd", "testPwd")); postParams.add(new NameValuePair("pwdConfirm", "testPwd")); - assertPostStatus(postUrl, HttpServletResponse.SC_OK, postParams, null); + Credentials creds = new UsernamePasswordCredentials("admin", "admin"); + assertAuthenticatedPostStatus(creds, postUrl, HttpServletResponse.SC_OK, postParams, null); return testUserId; } Modified: sling/trunk/launchpad/integration-tests/src/main/java/org/apache/sling/launchpad/webapp/integrationtest/accessManager/AbstractAccessManagerTest.java URL: http://svn.apache.org/viewvc/sling/trunk/launchpad/integration-tests/src/main/java/org/apache/sling/launchpad/webapp/integrationtest/accessManager/AbstractAccessManagerTest.java?rev=984646&r1=984645&r2=984646&view=diff ============================================================================== --- sling/trunk/launchpad/integration-tests/src/main/java/org/apache/sling/launchpad/webapp/integrationtest/accessManager/AbstractAccessManagerTest.java (original) +++ sling/trunk/launchpad/integration-tests/src/main/java/org/apache/sling/launchpad/webapp/integrationtest/accessManager/AbstractAccessManagerTest.java Thu Aug 12 05:42:49 2010 @@ -162,7 +162,8 @@ public abstract class AbstractAccessMana postParams.add(new NameValuePair(":name", testUserId)); postParams.add(new NameValuePair("pwd", "testPwd")); postParams.add(new NameValuePair("pwdConfirm", "testPwd")); - assertPostStatus(postUrl, HttpServletResponse.SC_OK, postParams, null); + Credentials creds = new UsernamePasswordCredentials("admin", "admin"); + assertAuthenticatedPostStatus(creds, postUrl, HttpServletResponse.SC_OK, postParams, null); return testUserId; } Modified: sling/trunk/launchpad/integration-tests/src/main/java/org/apache/sling/launchpad/webapp/integrationtest/userManager/CreateUserTest.java URL: http://svn.apache.org/viewvc/sling/trunk/launchpad/integration-tests/src/main/java/org/apache/sling/launchpad/webapp/integrationtest/userManager/CreateUserTest.java?rev=984646&r1=984645&r2=984646&view=diff ============================================================================== --- sling/trunk/launchpad/integration-tests/src/main/java/org/apache/sling/launchpad/webapp/integrationtest/userManager/CreateUserTest.java (original) +++ sling/trunk/launchpad/integration-tests/src/main/java/org/apache/sling/launchpad/webapp/integrationtest/userManager/CreateUserTest.java Thu Aug 12 05:42:49 2010 @@ -63,11 +63,11 @@ public class CreateUserTest extends Abst postParams.add(new NameValuePair("marker", testUserId)); postParams.add(new NameValuePair("pwd", "testPwd")); postParams.add(new NameValuePair("pwdConfirm", "testPwd")); - assertPostStatus(postUrl, HttpServletResponse.SC_OK, postParams, null); + Credentials creds = new UsernamePasswordCredentials("admin", "admin"); + assertAuthenticatedPostStatus(creds, postUrl, HttpServletResponse.SC_OK, postParams, null); //fetch the user profile json to verify the settings String getUrl = HTTP_BASE_URL + "/system/userManager/user/" + testUserId + ".json"; - Credentials creds = new UsernamePasswordCredentials("admin", "admin"); String json = getAuthenticatedContent(creds, getUrl, CONTENT_TYPE_JSON, null, HttpServletResponse.SC_OK); assertNotNull(json); JSONObject jsonObj = new JSONObject(json); @@ -81,7 +81,8 @@ public class CreateUserTest extends Abst String postUrl = HTTP_BASE_URL + "/system/userManager/user.create.html"; List<NameValuePair> postParams = new ArrayList<NameValuePair>(); - assertPostStatus(postUrl, HttpServletResponse.SC_INTERNAL_SERVER_ERROR, postParams, null); + Credentials creds = new UsernamePasswordCredentials("admin", "admin"); + assertAuthenticatedPostStatus(creds, postUrl, HttpServletResponse.SC_INTERNAL_SERVER_ERROR, postParams, null); } public void testCreateUserMissingPwd() throws IOException { @@ -90,7 +91,8 @@ public class CreateUserTest extends Abst String userId = "testUser" + (counter++); List<NameValuePair> postParams = new ArrayList<NameValuePair>(); postParams.add(new NameValuePair(":name", userId)); - assertPostStatus(postUrl, HttpServletResponse.SC_INTERNAL_SERVER_ERROR, postParams, null); + Credentials creds = new UsernamePasswordCredentials("admin", "admin"); + assertAuthenticatedPostStatus(creds, postUrl, HttpServletResponse.SC_INTERNAL_SERVER_ERROR, postParams, null); } public void testCreateUserWrongConfirmPwd() throws IOException { @@ -101,7 +103,8 @@ public class CreateUserTest extends Abst postParams.add(new NameValuePair(":name", userId)); postParams.add(new NameValuePair("pwd", "testPwd")); postParams.add(new NameValuePair("pwdConfirm", "testPwd2")); - assertPostStatus(postUrl, HttpServletResponse.SC_INTERNAL_SERVER_ERROR, postParams, null); + Credentials creds = new UsernamePasswordCredentials("admin", "admin"); + assertAuthenticatedPostStatus(creds, postUrl, HttpServletResponse.SC_INTERNAL_SERVER_ERROR, postParams, null); } public void testCreateUserUserAlreadyExists() throws IOException { @@ -112,10 +115,11 @@ public class CreateUserTest extends Abst postParams.add(new NameValuePair(":name", testUserId)); postParams.add(new NameValuePair("pwd", "testPwd")); postParams.add(new NameValuePair("pwdConfirm", "testPwd")); - assertPostStatus(postUrl, HttpServletResponse.SC_OK, postParams, null); + Credentials creds = new UsernamePasswordCredentials("admin", "admin"); + assertAuthenticatedPostStatus(creds, postUrl, HttpServletResponse.SC_OK, postParams, null); //post the same info again, should fail - assertPostStatus(postUrl, HttpServletResponse.SC_INTERNAL_SERVER_ERROR, postParams, null); + assertAuthenticatedPostStatus(creds, postUrl, HttpServletResponse.SC_INTERNAL_SERVER_ERROR, postParams, null); } /* @@ -139,11 +143,11 @@ public class CreateUserTest extends Abst postParams.add(new NameValuePair("pwdConfirm", "testPwd")); postParams.add(new NameValuePair("displayName", "My Test User")); postParams.add(new NameValuePair("url", "http://www.apache.org")); - assertPostStatus(postUrl, HttpServletResponse.SC_OK, postParams, null); + Credentials creds = new UsernamePasswordCredentials("admin", "admin"); + assertAuthenticatedPostStatus(creds, postUrl, HttpServletResponse.SC_OK, postParams, null); //fetch the user profile json to verify the settings String getUrl = HTTP_BASE_URL + "/system/userManager/user/" + testUserId + ".json"; - Credentials creds = new UsernamePasswordCredentials("admin", "admin"); String json = getAuthenticatedContent(creds, getUrl, CONTENT_TYPE_JSON, null, HttpServletResponse.SC_OK); assertNotNull(json); JSONObject jsonObj = new JSONObject(json); @@ -154,4 +158,21 @@ public class CreateUserTest extends Abst assertFalse(jsonObj.has("pwd")); assertFalse(jsonObj.has("pwdConfirm")); } + + /** + * Test for SLING-1642 to verify that user self-registration by the anonymous + * user is not allowed by default. + */ + public void testAnonymousSelfRegistrationDisabled() throws IOException { + String postUrl = HTTP_BASE_URL + "/system/userManager/user.create.html"; + + String userId = "testUser" + (counter++); + List<NameValuePair> postParams = new ArrayList<NameValuePair>(); + postParams.add(new NameValuePair(":name", userId)); + postParams.add(new NameValuePair("pwd", "testPwd")); + postParams.add(new NameValuePair("pwdConfirm", "testPwd")); + //user create without logging in as a privileged user should return a 500 error + httpClient.getState().clearCredentials(); + assertPostStatus(postUrl, HttpServletResponse.SC_INTERNAL_SERVER_ERROR, postParams, null); + } }