This is an automated email from the ASF dual-hosted git repository.
andreapatricelli pushed a commit to branch 3_0_X
in repository https://gitbox.apache.org/repos/asf/syncope.git
The following commit(s) were added to refs/heads/3_0_X by this push:
new be12989c30 [SYNCOPE-1824] ensuring linked account password validation
on linked account (only) update (#799)
be12989c30 is described below
commit be12989c30f1f8cf8c99a68c87aad8f19d60a657
Author: Andrea Patricelli <[email protected]>
AuthorDate: Wed Jul 31 14:14:22 2024 +0200
[SYNCOPE-1824] ensuring linked account password validation on linked
account (only) update (#799)
---
.../core/workflow/java/AbstractUserWorkflowAdapter.java | 3 ++-
.../org/apache/syncope/fit/core/LinkedAccountITCase.java | 16 ++++++++++++++++
2 files changed, 18 insertions(+), 1 deletion(-)
diff --git
a/core/workflow-java/src/main/java/org/apache/syncope/core/workflow/java/AbstractUserWorkflowAdapter.java
b/core/workflow-java/src/main/java/org/apache/syncope/core/workflow/java/AbstractUserWorkflowAdapter.java
index 1737004d3f..23eb74031a 100644
---
a/core/workflow-java/src/main/java/org/apache/syncope/core/workflow/java/AbstractUserWorkflowAdapter.java
+++
b/core/workflow-java/src/main/java/org/apache/syncope/core/workflow/java/AbstractUserWorkflowAdapter.java
@@ -297,7 +297,8 @@ public abstract class AbstractUserWorkflowAdapter extends
AbstractWorkflowAdapte
// enforce password and account policies
enforcePolicies(
user,
- userUR.getPassword() == null,
+ userUR.getPassword() == null &&
userUR.getLinkedAccounts().stream()
+ .allMatch(linkedAccountUR ->
linkedAccountUR.getLinkedAccountTO().getPassword() == null),
Optional.ofNullable(userUR.getPassword()).map(PasswordPatch::getValue).orElse(null));
user = userDAO.save(user);
diff --git
a/fit/core-reference/src/test/java/org/apache/syncope/fit/core/LinkedAccountITCase.java
b/fit/core-reference/src/test/java/org/apache/syncope/fit/core/LinkedAccountITCase.java
index d0734369cb..8c40b07a71 100644
---
a/fit/core-reference/src/test/java/org/apache/syncope/fit/core/LinkedAccountITCase.java
+++
b/fit/core-reference/src/test/java/org/apache/syncope/fit/core/LinkedAccountITCase.java
@@ -24,6 +24,7 @@ import static
org.junit.jupiter.api.Assertions.assertNotEquals;
import static org.junit.jupiter.api.Assertions.assertNotNull;
import static org.junit.jupiter.api.Assertions.assertNull;
import static org.junit.jupiter.api.Assertions.assertTrue;
+import static org.junit.jupiter.api.Assertions.fail;
import com.fasterxml.jackson.databind.node.ObjectNode;
import java.util.List;
@@ -54,6 +55,7 @@ import org.apache.syncope.common.lib.to.ResourceTO;
import org.apache.syncope.common.lib.to.TaskTO;
import org.apache.syncope.common.lib.to.UserTO;
import org.apache.syncope.common.lib.types.AnyTypeKind;
+import org.apache.syncope.common.lib.types.ClientExceptionType;
import org.apache.syncope.common.lib.types.ExecStatus;
import org.apache.syncope.common.lib.types.IdMImplementationType;
import org.apache.syncope.common.lib.types.ImplementationEngine;
@@ -267,6 +269,20 @@ public class LinkedAccountITCase extends AbstractITCase {
userUR = new UserUR();
userUR.setKey(user.getKey());
userUR.getLinkedAccounts().add(new
LinkedAccountUR.Builder().linkedAccountTO(account).build());
+
+ // 4.1 SYNCOPE-1824 update with a wrong password, a error must be
raised
+ account.setPassword("password");
+ try {
+ updateUser(userUR);
+ fail("Should not arrive here due to wrong linked account
password");
+ } catch (SyncopeClientException sce) {
+ assertEquals(ClientExceptionType.InvalidUser, sce.getType());
+ assertEquals("InvalidUser [InvalidPassword: Password must be 10 or
more characters in length.]",
+ sce.getMessage());
+ }
+
+ // set a correct password
+ account.setPassword("Password123");
user = updateUser(userUR).getEntity();
assertNotNull(user.getLinkedAccounts().get(0).getPassword());
