From 46244028c51a23ce45ced0580285546410cd18d3 Mon Sep 17 00:00:00 2001
From: Alan Davis <alan.davis@alfresco.com>
Date: Sat, 31 Jan 2015 11:00:56 +0000
Subject: [PATCH] Merged HEAD-BUG-FIX (5.1/Cloud) to HEAD (5.1/Cloud)    90771:
 Merged V4.2-BUG-FIX (4.2.5) to HEAD-BUG-FIX (5.0/Cloud)       90565: Merged
 DEV to V4.2-BUG-FIX (4.2.4)          76855 : MNT-11765 : Public API
 Authentication: Returns error 500 instead of 401 when authenticated with
 invalid / non existing user             - Avoid InvalidStoreRefException in
 getUserOrNull and getPersonOrNull methods       90610: MNT-11765 : Public API
 Authentication: Returns error 500 instead of 401 when authenticated with
 invalid / non existing user          - Fix for compilation errors      
 90676: MNT-11765 : Public API Authentication: Returns error 500 instead of
 401 when authenticated with invalid / non existing user          - Test is
 changed to return the system to initial state

git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@94713 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
---
 .../RepositoryAuthenticationDao.java          | 13 ++++++++
 .../security/person/PersonServiceImpl.java    | 13 +++++++-
 .../authentication/AuthenticationTest.java    | 33 +++++++++++++++++++
 3 files changed, 58 insertions(+), 1 deletion(-)

diff --git a/source/java/org/alfresco/repo/security/authentication/RepositoryAuthenticationDao.java b/source/java/org/alfresco/repo/security/authentication/RepositoryAuthenticationDao.java
index fb2d02175e..886f21eef9 100644
--- a/source/java/org/alfresco/repo/security/authentication/RepositoryAuthenticationDao.java
+++ b/source/java/org/alfresco/repo/security/authentication/RepositoryAuthenticationDao.java
@@ -42,6 +42,7 @@ import org.alfresco.repo.policy.PolicyComponent;
 import org.alfresco.repo.tenant.TenantService;
 import org.alfresco.repo.transaction.RetryingTransactionHelper.RetryingTransactionCallback;
 import org.alfresco.service.cmr.repository.ChildAssociationRef;
+import org.alfresco.service.cmr.repository.InvalidStoreRefException;
 import org.alfresco.service.cmr.repository.NodeRef;
 import org.alfresco.service.cmr.repository.NodeService;
 import org.alfresco.service.cmr.repository.StoreRef;
@@ -193,6 +194,18 @@ public class RepositoryAuthenticationDao implements MutableAuthenticationDao, In
      * @return                                      the user's data
      */
     private CacheEntry getUserEntryOrNull(final String caseSensitiveSearchUserName)
+    {
+        try
+        {
+            return getUserEntryOrNullImpl(caseSensitiveSearchUserName);
+        }
+        catch (InvalidStoreRefException e)
+        {
+            return null;
+        }
+    }
+    
+    private CacheEntry getUserEntryOrNullImpl(final String caseSensitiveSearchUserName)
     {
         if (caseSensitiveSearchUserName == null || caseSensitiveSearchUserName.length() == 0)
         {
diff --git a/source/java/org/alfresco/repo/security/person/PersonServiceImpl.java b/source/java/org/alfresco/repo/security/person/PersonServiceImpl.java
index aa7ff0dcb8..76cc591634 100644
--- a/source/java/org/alfresco/repo/security/person/PersonServiceImpl.java
+++ b/source/java/org/alfresco/repo/security/person/PersonServiceImpl.java
@@ -76,6 +76,7 @@ import org.alfresco.service.cmr.invitation.InvitationException;
 import org.alfresco.service.cmr.model.FileFolderService;
 import org.alfresco.service.cmr.repository.ChildAssociationRef;
 import org.alfresco.service.cmr.repository.InvalidNodeRefException;
+import org.alfresco.service.cmr.repository.InvalidStoreRefException;
 import org.alfresco.service.cmr.repository.NodeRef;
 import org.alfresco.service.cmr.repository.NodeService;
 import org.alfresco.service.cmr.repository.StoreRef;
@@ -534,8 +535,18 @@ public class PersonServiceImpl extends TransactionListenerAdapter implements Per
         boolean addToCache = false;
         if (allRefs == null)
         {
+            NodeRef peopleContainer = null;
+            try
+            {
+                peopleContainer = getPeopleContainer();
+            }
+            catch(InvalidStoreRefException isre)
+            {
+                return null;
+            }
+            
             List<ChildAssociationRef> childRefs = nodeService.getChildAssocs(
-                    getPeopleContainer(),
+                    peopleContainer,
                     ContentModel.ASSOC_CHILDREN,
                     getChildNameLower(searchUserName),
                     false);
diff --git a/source/test-java/org/alfresco/repo/security/authentication/AuthenticationTest.java b/source/test-java/org/alfresco/repo/security/authentication/AuthenticationTest.java
index 726f49404f..a3f6875461 100644
--- a/source/test-java/org/alfresco/repo/security/authentication/AuthenticationTest.java
+++ b/source/test-java/org/alfresco/repo/security/authentication/AuthenticationTest.java
@@ -51,6 +51,7 @@ import org.alfresco.repo.security.authentication.AuthenticationUtil.RunAsWork;
 import org.alfresco.repo.security.authentication.InMemoryTicketComponentImpl.ExpiryMode;
 import org.alfresco.repo.security.authentication.InMemoryTicketComponentImpl.Ticket;
 import org.alfresco.repo.security.authentication.RepositoryAuthenticationDao.CacheEntry;
+import org.alfresco.repo.tenant.TenantAdminService;
 import org.alfresco.repo.tenant.TenantService;
 import org.alfresco.repo.transaction.AlfrescoTransactionSupport;
 import org.alfresco.repo.transaction.AlfrescoTransactionSupport.TxnReadState;
@@ -73,6 +74,7 @@ import org.hibernate.dialect.Dialect;
 import org.hibernate.dialect.PostgreSQLDialect;
 import org.junit.experimental.categories.Category;
 import org.springframework.context.ApplicationContext;
+import org.springframework.extensions.webscripts.GUID;
 
 @SuppressWarnings("unchecked")
 @Category(OwnJVMTestsCategory.class)
@@ -83,6 +85,7 @@ public class AuthenticationTest extends TestCase
     private NodeService nodeService;
     private AuthorityService authorityService;
     private TenantService tenantService;
+    private TenantAdminService tenantAdminService;
     private MD4PasswordEncoder passwordEncoder;
     private PasswordEncoder sha256PasswordEncoder;
     private MutableAuthenticationDao dao;
@@ -136,6 +139,7 @@ public class AuthenticationTest extends TestCase
         nodeService = (NodeService) ctx.getBean("nodeService");
         authorityService = (AuthorityService) ctx.getBean("authorityService");
         tenantService = (TenantService) ctx.getBean("tenantService");
+        tenantAdminService = (TenantAdminService) ctx.getBean("tenantAdminService");
         passwordEncoder = (MD4PasswordEncoder) ctx.getBean("passwordEncoder");
         sha256PasswordEncoder = (PasswordEncoder) ctx.getBean("sha256PasswordEncoder");
         ticketComponent = (TicketComponent) ctx.getBean("ticketComponent");
@@ -1726,6 +1730,35 @@ public class AuthenticationTest extends TestCase
         // authenticationService.deleteAuthentication("andy");
     }
 
+    public void testLoginNotExistingTenant()
+    {
+        boolean wasEnabled = AuthenticationUtil.isMtEnabled();
+        
+        try
+        {
+            tenantAdminService.createTenant(GUID.generate() + "test1.test", "admin".toCharArray());
+            
+            String notExistingTenant = GUID.generate() + "tenant.test";
+            String userName = "user@" + notExistingTenant;
+            
+            assertFalse(tenantAdminService.existsTenant(notExistingTenant));
+            
+            try
+            {
+                pubAuthenticationService.authenticate(userName, GUID.generate().toCharArray());
+                fail();
+            }
+            catch (AuthenticationException e)
+            {
+                // it is expected exception
+            }
+        }
+        finally
+        {
+            AuthenticationUtil.setMtEnabled(wasEnabled);
+        }
+    }
+    
     private String getUserName(Authentication authentication)
     {
         String username = authentication.getPrincipal().toString();