This is an automated email from the ASF dual-hosted git repository.
andreapatricelli pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/syncope.git
The following commit(s) were added to refs/heads/master by this push:
new 3267a1b36e [SYNCOPE-1824] ensuring linked account password validation
on linked account (only) update (#799)
3267a1b36e is described below
commit 3267a1b36e7ac6f1b592c771db3e881cb0c2c01c
Author: Andrea Patricelli <[email protected]>
AuthorDate: Wed Jul 31 14:14:22 2024 +0200
[SYNCOPE-1824] ensuring linked account password validation on linked
account (only) update (#799)
---
.../core/workflow/java/AbstractUserWorkflowAdapter.java | 3 ++-
.../org/apache/syncope/fit/core/LinkedAccountITCase.java | 16 ++++++++++++++++
2 files changed, 18 insertions(+), 1 deletion(-)
diff --git
a/core/workflow-java/src/main/java/org/apache/syncope/core/workflow/java/AbstractUserWorkflowAdapter.java
b/core/workflow-java/src/main/java/org/apache/syncope/core/workflow/java/AbstractUserWorkflowAdapter.java
index 5b6f30fd09..b1f6966962 100644
---
a/core/workflow-java/src/main/java/org/apache/syncope/core/workflow/java/AbstractUserWorkflowAdapter.java
+++
b/core/workflow-java/src/main/java/org/apache/syncope/core/workflow/java/AbstractUserWorkflowAdapter.java
@@ -302,7 +302,8 @@ public abstract class AbstractUserWorkflowAdapter extends
AbstractWorkflowAdapte
// enforce password and account policies
enforcePolicies(
user,
- userUR.getPassword() == null,
+ userUR.getPassword() == null &&
userUR.getLinkedAccounts().stream()
+ .allMatch(linkedAccountUR ->
linkedAccountUR.getLinkedAccountTO().getPassword() == null),
Optional.ofNullable(userUR.getPassword()).map(PasswordPatch::getValue).orElse(null));
user = userDAO.save(user);
diff --git
a/fit/core-reference/src/test/java/org/apache/syncope/fit/core/LinkedAccountITCase.java
b/fit/core-reference/src/test/java/org/apache/syncope/fit/core/LinkedAccountITCase.java
index 3dd5a10864..1dd57911dd 100644
---
a/fit/core-reference/src/test/java/org/apache/syncope/fit/core/LinkedAccountITCase.java
+++
b/fit/core-reference/src/test/java/org/apache/syncope/fit/core/LinkedAccountITCase.java
@@ -24,6 +24,7 @@ import static
org.junit.jupiter.api.Assertions.assertNotEquals;
import static org.junit.jupiter.api.Assertions.assertNotNull;
import static org.junit.jupiter.api.Assertions.assertNull;
import static org.junit.jupiter.api.Assertions.assertTrue;
+import static org.junit.jupiter.api.Assertions.fail;
import com.fasterxml.jackson.databind.node.ObjectNode;
import jakarta.ws.rs.core.HttpHeaders;
@@ -54,6 +55,7 @@ import org.apache.syncope.common.lib.to.ResourceTO;
import org.apache.syncope.common.lib.to.TaskTO;
import org.apache.syncope.common.lib.to.UserTO;
import org.apache.syncope.common.lib.types.AnyTypeKind;
+import org.apache.syncope.common.lib.types.ClientExceptionType;
import org.apache.syncope.common.lib.types.ExecStatus;
import org.apache.syncope.common.lib.types.IdMImplementationType;
import org.apache.syncope.common.lib.types.ImplementationEngine;
@@ -267,6 +269,20 @@ public class LinkedAccountITCase extends AbstractITCase {
userUR = new UserUR();
userUR.setKey(user.getKey());
userUR.getLinkedAccounts().add(new
LinkedAccountUR.Builder().linkedAccountTO(account).build());
+
+ // 4.1 SYNCOPE-1824 update with a wrong password, a error must be
raised
+ account.setPassword("password");
+ try {
+ updateUser(userUR);
+ fail("Should not arrive here due to wrong linked account
password");
+ } catch (SyncopeClientException sce) {
+ assertEquals(ClientExceptionType.InvalidUser, sce.getType());
+ assertEquals("InvalidUser [InvalidPassword: Password must be 10 or
more characters in length.]",
+ sce.getMessage());
+ }
+
+ // set a correct password
+ account.setPassword("Password123");
user = updateUser(userUR).getEntity();
assertNotNull(user.getLinkedAccounts().get(0).getPassword());
