REPO-1503: allow setting of password

git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/BRANCHES/DEV/5.2.N/root@131939 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261

source/java/org/alfresco/rest/api/impl/PeopleImpl.java

@@ -297,8 +297,8 @@ public class PeopleImpl implements People
 		Map<QName, Serializable> props = person.toProperties();
 
 		MutableAuthenticationService mas = (MutableAuthenticationService) authenticationService;
-		// TODO: very temporary code, until REPO-1503 (set password) implemented.
+		String password = person.getPassword() == null ? UUID.randomUUID().toString() : person.getPassword();
-		mas.createAuthentication(person.getUserName(), UUID.randomUUID().toString().toCharArray());
+		mas.createAuthentication(person.getUserName(), password.toCharArray());
 		mas.setAuthenticationEnabled(person.getUserName(), person.isEnabled());
 		NodeRef nodeRef = personService.createPerson(props);
 		

source/java/org/alfresco/rest/api/model/Person.java

@@ -65,6 +65,7 @@ public class Person
 	protected Boolean emailNotificationsEnabled;
 	protected String description;
 	protected Company company;
+	protected String password;
 
 	public Person()
     {
@@ -201,6 +202,11 @@ public class Person
 	{
 		this.avatarId = avatarId;
 	}
+	
+	public void setPassword(String password)
+	{
+		this.password = password;
+	}
 
 	public NodeRef getAvatarId()
 	{
@@ -272,6 +278,11 @@ public class Person
 		return emailNotificationsEnabled;
 	}
 
+	public String getPassword()
+	{
+		return this.password;
+	}
+	
 	@Override
 	public String toString()
 	{
@@ -347,9 +358,6 @@ public class Person
 		addToMap(properties, ContentModel.PROP_GOOGLEUSERNAME, getGoogleId());
 		addToMap(properties, ContentModel.PROP_SIZE_QUOTA, getQuota());
 		addToMap(properties, ContentModel.PROP_SIZE_CURRENT, getQuotaUsed());
-
-		// What's the correct behaviour here? Store it as "content" somehow?
-		// so that it can be 'inlined' by the code in PeopleImpl.processPersonProperties ?
 		addToMap(properties, ContentModel.PROP_PERSONDESC, getDescription());
 	}
 	

source/java/org/alfresco/rest/api/model/PersonUpdate.java

@@ -57,7 +57,7 @@ public class PersonUpdate
     protected final String userStatus;
     protected final Boolean enabled;
     protected final Boolean emailNotificationsEnabled;
-
+    protected final String password;
 
     private PersonUpdate(
             String userName,
@@ -75,7 +75,8 @@ public class PersonUpdate
             String telephone,
             String userStatus,
             Boolean enabled,
-            Boolean emailNotificationsEnabled)
+            Boolean emailNotificationsEnabled,
+            String password)
     {
         this.userName = userName;
         this.firstName = firstName;
@@ -93,6 +94,7 @@ public class PersonUpdate
         this.userStatus = userStatus;
         this.enabled = enabled;
         this.emailNotificationsEnabled = emailNotificationsEnabled;
+        this.password = password;
     }
 
     public Company getCompany()
@@ -176,6 +178,11 @@ public class PersonUpdate
         return emailNotificationsEnabled;
     }
 
+    public String getPassword()
+    {
+        return password;
+    }
+
     @Override
     public String toString()
     {
@@ -194,7 +201,9 @@ public class PersonUpdate
                 + ", googleId=" + googleId
                 + ", emailNotificationsEnabled=" + emailNotificationsEnabled
                 + ", description=" + description
-                + ", company=" + company + "]";
+                + ", company=" + company
+                + ", password=(not shown)"
+                + "]";
     }
 
     public Map<QName, Serializable> toProperties()
@@ -275,6 +284,7 @@ public class PersonUpdate
         private String userStatus;
         private Boolean enabled;
         private Boolean emailNotificationsEnabled;
+        private String password;
 
         public Builder id(String userId)
         {
@@ -371,6 +381,12 @@ public class PersonUpdate
             this.emailNotificationsEnabled = emailNotificationsEnabled;
             return this;
         }
+        
+        public Builder password(String password)
+        {
+            this.password = password;
+            return this;
+        }
 
         public PersonUpdate build()
         {
@@ -390,7 +406,8 @@ public class PersonUpdate
                     telephone,
                     userStatus,
                     enabled,
-                    emailNotificationsEnabled
+                    emailNotificationsEnabled,
+                    password
             );
         }
     }

source/java/org/alfresco/rest/api/people/PeopleEntityResource.java

@@ -126,7 +126,9 @@ public class PeopleEntityResource implements EntityResourceAction.ReadById<Perso
                 .telephone(p.getTelephone())
                 .userStatus(p.getUserStatus())
                 .enabled(p.isEnabled())
-                .emailNotificationsEnabled(p.isEmailNotificationsEnabled()).build();
+                .emailNotificationsEnabled(p.isEmailNotificationsEnabled())
+                .password(p.getPassword()).
+                build();
 
         result.add(people.create(person));
         return result;

source/test-java/org/alfresco/rest/api/tests/TestPeople.java

@@ -41,8 +41,7 @@ import org.junit.Test;
 
 import java.util.Iterator;
 
-import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.*;
-import static org.junit.Assert.fail;
 
 public class TestPeople extends EnterpriseTestApi
 {
@@ -180,38 +179,66 @@ public class TestPeople extends EnterpriseTestApi
 	@Test
 	public void testCreatePerson_canCreateDisabledPerson() throws PublicApiException
 	{
-		publicApiClient.setRequestContext(new RequestContext(account1.getId(), account1Admin, "admin"));
-
 		// Person disabled
 		{
+			publicApiClient.setRequestContext(new RequestContext(account1.getId(), account1Admin, "admin"));
+			
 			PersonUpdate person = new PersonUpdate.Builder().
 					id("myUserName04@"+account1.getId()).
 					firstName("Firstname").
 					email("myUserName04@"+account1.getId()).
 					enabled(false).
+					password("hello").
 					build();
 
 			Person p = people.create(person);
 			assertEquals(false, p.isEnabled());
+			// It's very important that the password isn't exposed over the REST API.
+			assertNull(p.getPassword());
 			// Check that a freshly retrieved person exhibits the same result
 			p = people.getPerson(person.getUserName());
 			assertEquals(false, p.isEnabled());
+			assertNull(p.getPassword());
+			
+			// Can the new user account be used?
+			publicApiClient.setRequestContext(new RequestContext(account1.getId(), person.getUserName(), "hello"));
+			try
+			{
+				people.getPerson(person.getUserName());
+				fail("It should not be possible to use a disabled account.");
+			}
+			catch (PublicApiException e)
+			{
+				assertEquals(401, e.getHttpResponse().getStatusCode());
+			}
 		}
 
 		// Person enabled
 		{
+			publicApiClient.setRequestContext(new RequestContext(account1.getId(), account1Admin, "admin"));
+			
 			PersonUpdate person = new PersonUpdate.Builder().
 					id("myUserName05@"+account1.getId()).
 					firstName("Firstname").
 					email("myUserName05@"+account1.getId()).
 					enabled(true).
+					password("banana").
 					build();
 
 			Person p = people.create(person);
 			assertEquals(true, p.isEnabled());
+			// It's very important that the password isn't exposed over the REST API.
+			assertNull(p.getPassword());
 			// Check that a freshly retrieved person exhibits the same result
 			p = people.getPerson(person.getUserName());
 			assertEquals(true, p.isEnabled());
+			assertNull(p.getPassword());
+
+			// Can the new user account be used?
+			publicApiClient.setRequestContext(new RequestContext(account1.getId(), person.getUserName(), "banana"));
+			p = people.getPerson(person.getUserName());
+			assertNotNull(p);
+			assertNull(p.getPassword());
 		}
 	}
 	
@@ -405,6 +432,7 @@ public class TestPeople extends EnterpriseTestApi
 			personJson.put("userStatus", personUpdate.getUserStatus());
 			personJson.put("enabled", personUpdate.isEnabled());
 			personJson.put("emailNotificationsEnabled", personUpdate.isEmailNotificationsEnabled());
+			personJson.put("password", personUpdate.getPassword());
 
 			return personJson;
 		}