diff --git a/source/java/org/alfresco/repo/security/authentication/RepositoryAuthenticationDao.java b/source/java/org/alfresco/repo/security/authentication/RepositoryAuthenticationDao.java index 7ba3ed84e2..c9c71a54d0 100644 --- a/source/java/org/alfresco/repo/security/authentication/RepositoryAuthenticationDao.java +++ b/source/java/org/alfresco/repo/security/authentication/RepositoryAuthenticationDao.java @@ -30,8 +30,9 @@ import java.util.Arrays; import java.util.Date; import java.util.HashMap; import java.util.List; -import java.util.Map; - +import java.util.Map; +import java.util.UUID; + import net.sf.acegisecurity.GrantedAuthority; import net.sf.acegisecurity.GrantedAuthorityImpl; import net.sf.acegisecurity.UserDetails; @@ -352,7 +353,14 @@ public class RepositoryAuthenticationDao implements MutableAuthenticationDao, In Map properties = new HashMap(); properties.put(ContentModel.PROP_USER_USERNAME, caseSensitiveUserName); String salt = GUID.generate(); - properties.put(ContentModel.PROP_SALT, salt); + properties.put(ContentModel.PROP_SALT, salt); + + boolean emptyPassword = rawPassword != null ? "".equals(new String(rawPassword)) : true; + + if (emptyPassword) + { + rawPassword = UUID.randomUUID().toString().toCharArray(); + } if (hashedPassword == null) { @@ -373,8 +381,8 @@ public class RepositoryAuthenticationDao implements MutableAuthenticationDao, In properties.put(ContentModel.PROP_PASSWORD_HASH, hashedPassword); properties.put(ContentModel.PROP_HASH_INDICATOR, (Serializable) Arrays.asList(compositePasswordEncoder.getPreferredEncoding())); properties.put(ContentModel.PROP_ACCOUNT_EXPIRES, Boolean.valueOf(false)); - properties.put(ContentModel.PROP_CREDENTIALS_EXPIRE, Boolean.valueOf(false)); - properties.put(ContentModel.PROP_ENABLED, Boolean.valueOf(true)); + properties.put(ContentModel.PROP_CREDENTIALS_EXPIRE, Boolean.valueOf(false)); + properties.put(ContentModel.PROP_ENABLED, Boolean.valueOf(!emptyPassword)); properties.put(ContentModel.PROP_ACCOUNT_LOCKED, Boolean.valueOf(false)); nodeService.createNode(typesNode, ContentModel.ASSOC_CHILDREN, QName.createQName(ContentModel.USER_MODEL_URI, caseSensitiveUserName), ContentModel.TYPE_USER, properties); diff --git a/source/test-java/org/alfresco/repo/security/authentication/AuthenticationTest.java b/source/test-java/org/alfresco/repo/security/authentication/AuthenticationTest.java index d8d888ccd5..e0b0827b75 100644 --- a/source/test-java/org/alfresco/repo/security/authentication/AuthenticationTest.java +++ b/source/test-java/org/alfresco/repo/security/authentication/AuthenticationTest.java @@ -2154,5 +2154,63 @@ public class AuthenticationTest extends TestCase nspr.registerNamespace("namespace", "namespace"); nspr.registerNamespace(NamespaceService.DEFAULT_PREFIX, defaultURI); return nspr; + } + + public void testCreatingUserWithEmptyPassword() throws Exception + { + String previousAuthenticatedUser = AuthenticationUtil.getFullyAuthenticatedUser(); + String userName = GUID.generate(); + String rawPass = ""; + try + { + dao.createUser(userName, null, rawPass.toCharArray()); + NodeRef userNodeRed = getRepositoryAuthenticationDao().getUserOrNull(userName); + assertNotNull(userNodeRed); + + Map properties = nodeService.getProperties(userNodeRed); + assertEquals(properties.get(ContentModel.PROP_ENABLED), false); + + properties.remove(ContentModel.PROP_ENABLED); + properties.put(ContentModel.PROP_ENABLED, true); + nodeService.setProperties(userNodeRed, properties); + assertEquals(properties.get(ContentModel.PROP_ENABLED), true); + + try + { + authenticationService.authenticate(userName, rawPass.toCharArray()); + fail("Authentication should have been rejected"); + } + catch (IllegalArgumentException e) + { + assertEquals(e.getMessage(), "rawPassword is a mandatory parameter"); + } + + rawPass = "newPassword"; + dao.updateUser(userName, rawPass.toCharArray()); + try + { + authenticationService.authenticate(userName, rawPass.toCharArray()); + } + catch (AuthenticationException e) + { + fail("Authentication should have passed."); + } + assertEquals(authenticationService.getCurrentUserName(), userName); + } + finally + { + if (previousAuthenticatedUser != null) + { + AuthenticationUtil.setFullyAuthenticatedUser(previousAuthenticatedUser); + } + try + { + dao.deleteUser(userName); + } + catch (Exception e) + { + // Nothing to do here. + } + } } }