Merged 5.0.2-CLOUD42 (Cloud ) to 5.1.N (5.1.1)

117256 adavis: Merged 5.0.2-CLOUD (Cloud ) to 5.0.2-CLOUD42 (Cloud ) 114527 adavis: Merged BCRYPT to 5.0.2-CLOUD 114255 gjames: createUser with a password that has already been hashed MNT-14892,RA-601 git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/BRANCHES/DEV/5.1.N/root@117349 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
2025-10-08 14:51:49 +00:00 · 2015-11-11 18:02:29 +00:00
parent 141b506072
commit 4f3ec1b547
5 changed files with 89 additions and 8 deletions
--- a/source/java/org/alfresco/repo/security/authentication/DefaultMutableAuthenticationDao.java
+++ b/source/java/org/alfresco/repo/security/authentication/DefaultMutableAuthenticationDao.java
@@ -86,6 +86,19 @@ public class DefaultMutableAuthenticationDao implements MutableAuthenticationDao
     * @throws AlfrescoRuntimeException if the the operation is not allowed
     */
    public void createUser(String userName, char[] rawPassword) throws AuthenticationException
+    {
+        createUser(userName, null, rawPassword);
+    }
+
+    /**
+     * {@inheritDoc}
+     * <p/>
+     * If enabled does nothing
+     *
+     * @throws AlfrescoRuntimeException if the the operation is not allowed
+     */
+    @Override
+    public void createUser(String caseSensitiveUserName, String hashedpassword, char[] rawPassword) throws AuthenticationException
    {
        if (!allowCreateUser)
        {
--- a/source/java/org/alfresco/repo/security/authentication/MutableAuthenticationDao.java
+++ b/source/java/org/alfresco/repo/security/authentication/MutableAuthenticationDao.java
@@ -35,7 +35,15 @@ public interface MutableAuthenticationDao extends AuthenticationDao, SaltSource
     * Create a user with the given userName and password
     */
    public void createUser(String userName, char[] rawPassword) throws AuthenticationException;
-    
+
+    /**
+     * Create a user with the given userName and password hash
+     * If hashedPassword is passed in then this is used, otherwise it falls back to using the rawPassword.
+     * It is assumed the hashed password has been encoded using system.preferred.password.encoding and doesn't use its
+     * own salt.
+     */
+    public void createUser(String caseSensitiveUserName, String hashedPassword, char[] rawPassword) throws AuthenticationException;
+
    /**
     * Update a user's password.
     */
--- a/source/java/org/alfresco/repo/security/authentication/RepositoryAuthenticationDao.java
+++ b/source/java/org/alfresco/repo/security/authentication/RepositoryAuthenticationDao.java
@@ -78,7 +78,7 @@ public class RepositoryAuthenticationDao implements MutableAuthenticationDao, In
    protected PolicyComponent policyComponent;
    
    private TransactionService transactionService;
-    private CompositePasswordEncoder compositePasswordEncoder;
+    protected CompositePasswordEncoder compositePasswordEncoder;

 // note: cache is tenant-aware (if using TransctionalCache impl)
    
@@ -326,6 +326,12 @@ public class RepositoryAuthenticationDao implements MutableAuthenticationDao, In

    @Override
    public void createUser(String caseSensitiveUserName, char[] rawPassword) throws AuthenticationException
+    {
+        createUser(caseSensitiveUserName, null, rawPassword);
+    }
+
+    @Override
+    public void createUser(String caseSensitiveUserName, String hashedPassword, char[] rawPassword) throws AuthenticationException
    {
        tenantService.checkDomainUser(caseSensitiveUserName);

@@ -339,7 +345,24 @@ public class RepositoryAuthenticationDao implements MutableAuthenticationDao, In
        properties.put(ContentModel.PROP_USER_USERNAME, caseSensitiveUserName);
        String salt = GUID.generate();
        properties.put(ContentModel.PROP_SALT, salt);
-        properties.put(ContentModel.PROP_PASSWORD_HASH,  compositePasswordEncoder.encodePreferred(new String(rawPassword), salt));
+
+        if (hashedPassword == null)
+        {
+            if (logger.isDebugEnabled())
+            {
+                logger.debug("Hashing raw password to "+compositePasswordEncoder.getPreferredEncoding()
+                +" for "+caseSensitiveUserName);
+            }
+            hashedPassword = compositePasswordEncoder.encodePreferred(new String(rawPassword), salt);
+        }
+        else
+        {
+            if (logger.isDebugEnabled())
+            {
+                logger.debug("Using hashed password for  "+caseSensitiveUserName);
+            }
+        }
+        properties.put(ContentModel.PROP_PASSWORD_HASH, hashedPassword);
        properties.put(ContentModel.PROP_HASH_INDICATOR, (Serializable) Arrays.asList(compositePasswordEncoder.getPreferredEncoding()));
        properties.put(ContentModel.PROP_ACCOUNT_EXPIRES, Boolean.valueOf(false));
        properties.put(ContentModel.PROP_CREDENTIALS_EXPIRE, Boolean.valueOf(false));
--- a/source/java/org/alfresco/repo/security/authentication/ntlm/NullMutableAuthenticationDao.java
+++ b/source/java/org/alfresco/repo/security/authentication/ntlm/NullMutableAuthenticationDao.java
@@ -54,7 +54,16 @@ public class NullMutableAuthenticationDao implements MutableAuthenticationDao
    {
        throw new AlfrescoRuntimeException("Not implemented");
    }
-    
+
+    /**
+     * @throws AlfrescoRuntimeException Not implemented
+     */
+    @Override
+    public void createUser(String caseSensitiveUserName, String hashedpassword, char[] rawPassword) throws AuthenticationException
+    {
+        throw new AlfrescoRuntimeException("Not implemented");
+    }
+
    /**
     * @throws AlfrescoRuntimeException Not implemented
     */