Repository: syncope Updated Branches: refs/heads/1_2_X 9ad14b17a -> 59a9d66b9
[SYNCOPE-1210] Random password generation during propagation is now correctly resource-based Project: http://git-wip-us.apache.org/repos/asf/syncope/repo Commit: http://git-wip-us.apache.org/repos/asf/syncope/commit/59a9d66b Tree: http://git-wip-us.apache.org/repos/asf/syncope/tree/59a9d66b Diff: http://git-wip-us.apache.org/repos/asf/syncope/diff/59a9d66b Branch: refs/heads/1_2_X Commit: 59a9d66b90874c64c19fefd2c1cb51c24bb7ec18 Parents: 9ad14b1 Author: Francesco Chicchiriccò <ilgro...@apache.org> Authored: Wed Sep 20 12:44:42 2017 +0200 Committer: Francesco Chicchiriccò <ilgro...@apache.org> Committed: Wed Sep 20 12:44:42 2017 +0200 ---------------------------------------------------------------------- .../syncope/core/connid/PasswordGenerator.java | 34 ++++---------------- .../apache/syncope/core/util/MappingUtil.java | 6 ++-- .../core/connid/PasswordGeneratorTest.java | 31 ++++++------------ 3 files changed, 19 insertions(+), 52 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/syncope/blob/59a9d66b/core/src/main/java/org/apache/syncope/core/connid/PasswordGenerator.java ---------------------------------------------------------------------- diff --git a/core/src/main/java/org/apache/syncope/core/connid/PasswordGenerator.java b/core/src/main/java/org/apache/syncope/core/connid/PasswordGenerator.java index 108dcb3..0ef7ecb 100644 --- a/core/src/main/java/org/apache/syncope/core/connid/PasswordGenerator.java +++ b/core/src/main/java/org/apache/syncope/core/connid/PasswordGenerator.java @@ -25,14 +25,11 @@ import org.apache.commons.lang3.StringUtils; import org.apache.syncope.common.types.PasswordPolicySpec; import org.apache.syncope.core.persistence.beans.ExternalResource; import org.apache.syncope.core.persistence.beans.PasswordPolicy; -import org.apache.syncope.core.persistence.beans.role.SyncopeRole; -import org.apache.syncope.core.persistence.beans.user.SyncopeUser; -import org.apache.syncope.core.persistence.dao.PolicyDAO; import org.apache.syncope.core.policy.PolicyPattern; import org.apache.syncope.core.util.InvalidPasswordPolicySpecException; import org.apache.syncope.core.util.SecureRandomUtil; -import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Component; +import org.springframework.transaction.annotation.Transactional; /** * Generate random passwords according to given policies. @@ -49,10 +46,7 @@ public class PasswordGenerator { private static final int VERY_MAX_LENGTH = 64; - private static final int MIN_LENGTH_IF_ZERO = 6; - - @Autowired - private PolicyDAO policyDAO; + private static final int MIN_LENGTH_IF_ZERO = 8; public String generate(final List<PasswordPolicySpec> ppSpecs) throws InvalidPasswordPolicySpecException { @@ -64,30 +58,16 @@ public class PasswordGenerator { return generate(policySpec); } - public String generate(final SyncopeUser user) + @Transactional(readOnly = true) + public String generate(final ExternalResource resource) throws InvalidPasswordPolicySpecException { List<PasswordPolicySpec> ppSpecs = new ArrayList<PasswordPolicySpec>(); - PasswordPolicy globalPP = policyDAO.getGlobalPasswordPolicy(); - if (globalPP != null && globalPP.getSpecification(PasswordPolicySpec.class) != null) { - ppSpecs.add(globalPP.getSpecification(PasswordPolicySpec.class)); - } - - for (SyncopeRole role : user.getRoles()) { - if (role.getPasswordPolicy() != null - && role.getPasswordPolicy().getSpecification(PasswordPolicySpec.class) != null) { - - ppSpecs.add(role.getPasswordPolicy().getSpecification(PasswordPolicySpec.class)); - } - } + if (resource.getPasswordPolicy() != null + && resource.getPasswordPolicy().getSpecification(PasswordPolicySpec.class) != null) { - for (ExternalResource resource : user.getResources()) { - if (resource.getPasswordPolicy() != null - && resource.getPasswordPolicy().getSpecification(PasswordPolicySpec.class) != null) { - - ppSpecs.add(resource.getPasswordPolicy().getSpecification(PasswordPolicySpec.class)); - } + ppSpecs.add(resource.getPasswordPolicy().getSpecification(PasswordPolicySpec.class)); } PasswordPolicySpec policySpec = merge(ppSpecs); http://git-wip-us.apache.org/repos/asf/syncope/blob/59a9d66b/core/src/main/java/org/apache/syncope/core/util/MappingUtil.java ---------------------------------------------------------------------- diff --git a/core/src/main/java/org/apache/syncope/core/util/MappingUtil.java b/core/src/main/java/org/apache/syncope/core/util/MappingUtil.java index ae89206..edda35d 100644 --- a/core/src/main/java/org/apache/syncope/core/util/MappingUtil.java +++ b/core/src/main/java/org/apache/syncope/core/util/MappingUtil.java @@ -354,7 +354,7 @@ public final class MappingUtil { } } else if (resource.isRandomPwdIfNotProvided()) { try { - passwordAttrValue = passwordGenerator.generate(user); + passwordAttrValue = passwordGenerator.generate(resource); } catch (InvalidPasswordPolicySpecException e) { LOG.error("Could not generate policy-compliant random password for {}", user, e); } @@ -377,8 +377,8 @@ public final class MappingUtil { } else { result = new AbstractMap.SimpleEntry<String, Attribute>( null, objValues.isEmpty() - ? AttributeBuilder.build(extAttrName) - : AttributeBuilder.build(extAttrName, objValues.iterator().next())); + ? AttributeBuilder.build(extAttrName) + : AttributeBuilder.build(extAttrName, objValues.iterator().next())); } } } http://git-wip-us.apache.org/repos/asf/syncope/blob/59a9d66b/core/src/test/java/org/apache/syncope/core/connid/PasswordGeneratorTest.java ---------------------------------------------------------------------- diff --git a/core/src/test/java/org/apache/syncope/core/connid/PasswordGeneratorTest.java b/core/src/test/java/org/apache/syncope/core/connid/PasswordGeneratorTest.java index 54fb4d6..6293deb 100644 --- a/core/src/test/java/org/apache/syncope/core/connid/PasswordGeneratorTest.java +++ b/core/src/test/java/org/apache/syncope/core/connid/PasswordGeneratorTest.java @@ -29,6 +29,7 @@ import org.apache.syncope.common.types.CipherAlgorithm; import org.apache.syncope.common.types.PasswordPolicySpec; import org.apache.syncope.core.AbstractNonDAOTest; import org.apache.syncope.core.persistence.beans.user.SyncopeUser; +import org.apache.syncope.core.persistence.dao.ResourceDAO; import org.apache.syncope.core.persistence.dao.UserDAO; import org.apache.syncope.core.policy.PolicyPattern; import org.apache.syncope.core.util.InvalidPasswordPolicySpecException; @@ -45,20 +46,8 @@ public class PasswordGeneratorTest extends AbstractNonDAOTest { @Autowired private UserDAO userDAO; - @Test - public void forUser() { - SyncopeUser user = userDAO.find(5L); - String password = null; - try { - password = passwordGenerator.generate(user); - } catch (InvalidPasswordPolicySpecException ex) { - fail(ex.getMessage()); - } - assertNotNull(password); - - user.setPassword(password, CipherAlgorithm.SHA); - userDAO.save(user); - } + @Autowired + private ResourceDAO resourceDAO; private PasswordPolicySpec createBasePasswordPolicySpec() { PasswordPolicySpec basePasswordPolicySpec = new PasswordPolicySpec(); @@ -144,20 +133,18 @@ public class PasswordGeneratorTest extends AbstractNonDAOTest { } @Test - public void issueSYNCOPE226() { - SyncopeUser user = userDAO.find(5L); - String password = null; + public void testPasswordGenerator() { + String password = ""; try { - password = passwordGenerator.generate(user); + password = passwordGenerator.generate(resourceDAO.find("ws-target-resource-nopropagation")); } catch (InvalidPasswordPolicySpecException e) { fail(e.getMessage()); } assertNotNull(password); - user.setPassword(password, CipherAlgorithm.AES); - - SyncopeUser actual = userDAO.save(user); - assertNotNull(actual); + SyncopeUser user = userDAO.find(4L); + user.setPassword(password, CipherAlgorithm.SHA); + userDAO.save(user); } @Test