From 8c5964adfbb3e980d83b0c080ba1f4b95c503c33 Mon Sep 17 00:00:00 2001 From: Alexandru Epure Date: Wed, 24 May 2017 10:17:12 +0000 Subject: [PATCH] MNT-17199 - CSV user import: if password is left blank it should be randomly generated Modified UserCSVUploadPost behaviour to use an empty string for password creation instead of the user's first name. Modified RepositoryAuthenticationDao > createUser behaviour to treat the case when the password is an empty string or null. Added a Unit test. git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/BRANCHES/DEV/5.2.N/root@136902 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261 --- .../RepositoryAuthenticationDao.java | 18 ++++-- .../authentication/AuthenticationTest.java | 58 +++++++++++++++++++ 2 files changed, 71 insertions(+), 5 deletions(-) diff --git a/source/java/org/alfresco/repo/security/authentication/RepositoryAuthenticationDao.java b/source/java/org/alfresco/repo/security/authentication/RepositoryAuthenticationDao.java index 7ba3ed84e2..c9c71a54d0 100644 --- a/source/java/org/alfresco/repo/security/authentication/RepositoryAuthenticationDao.java +++ b/source/java/org/alfresco/repo/security/authentication/RepositoryAuthenticationDao.java @@ -30,8 +30,9 @@ import java.util.Arrays; import java.util.Date; import java.util.HashMap; import java.util.List; -import java.util.Map; - +import java.util.Map; +import java.util.UUID; + import net.sf.acegisecurity.GrantedAuthority; import net.sf.acegisecurity.GrantedAuthorityImpl; import net.sf.acegisecurity.UserDetails; @@ -352,7 +353,14 @@ public class RepositoryAuthenticationDao implements MutableAuthenticationDao, In Map properties = new HashMap(); properties.put(ContentModel.PROP_USER_USERNAME, caseSensitiveUserName); String salt = GUID.generate(); - properties.put(ContentModel.PROP_SALT, salt); + properties.put(ContentModel.PROP_SALT, salt); + + boolean emptyPassword = rawPassword != null ? "".equals(new String(rawPassword)) : true; + + if (emptyPassword) + { + rawPassword = UUID.randomUUID().toString().toCharArray(); + } if (hashedPassword == null) { @@ -373,8 +381,8 @@ public class RepositoryAuthenticationDao implements MutableAuthenticationDao, In properties.put(ContentModel.PROP_PASSWORD_HASH, hashedPassword); properties.put(ContentModel.PROP_HASH_INDICATOR, (Serializable) Arrays.asList(compositePasswordEncoder.getPreferredEncoding())); properties.put(ContentModel.PROP_ACCOUNT_EXPIRES, Boolean.valueOf(false)); - properties.put(ContentModel.PROP_CREDENTIALS_EXPIRE, Boolean.valueOf(false)); - properties.put(ContentModel.PROP_ENABLED, Boolean.valueOf(true)); + properties.put(ContentModel.PROP_CREDENTIALS_EXPIRE, Boolean.valueOf(false)); + properties.put(ContentModel.PROP_ENABLED, Boolean.valueOf(!emptyPassword)); properties.put(ContentModel.PROP_ACCOUNT_LOCKED, Boolean.valueOf(false)); nodeService.createNode(typesNode, ContentModel.ASSOC_CHILDREN, QName.createQName(ContentModel.USER_MODEL_URI, caseSensitiveUserName), ContentModel.TYPE_USER, properties); diff --git a/source/test-java/org/alfresco/repo/security/authentication/AuthenticationTest.java b/source/test-java/org/alfresco/repo/security/authentication/AuthenticationTest.java index d8d888ccd5..e0b0827b75 100644 --- a/source/test-java/org/alfresco/repo/security/authentication/AuthenticationTest.java +++ b/source/test-java/org/alfresco/repo/security/authentication/AuthenticationTest.java @@ -2154,5 +2154,63 @@ public class AuthenticationTest extends TestCase nspr.registerNamespace("namespace", "namespace"); nspr.registerNamespace(NamespaceService.DEFAULT_PREFIX, defaultURI); return nspr; + } + + public void testCreatingUserWithEmptyPassword() throws Exception + { + String previousAuthenticatedUser = AuthenticationUtil.getFullyAuthenticatedUser(); + String userName = GUID.generate(); + String rawPass = ""; + try + { + dao.createUser(userName, null, rawPass.toCharArray()); + NodeRef userNodeRed = getRepositoryAuthenticationDao().getUserOrNull(userName); + assertNotNull(userNodeRed); + + Map properties = nodeService.getProperties(userNodeRed); + assertEquals(properties.get(ContentModel.PROP_ENABLED), false); + + properties.remove(ContentModel.PROP_ENABLED); + properties.put(ContentModel.PROP_ENABLED, true); + nodeService.setProperties(userNodeRed, properties); + assertEquals(properties.get(ContentModel.PROP_ENABLED), true); + + try + { + authenticationService.authenticate(userName, rawPass.toCharArray()); + fail("Authentication should have been rejected"); + } + catch (IllegalArgumentException e) + { + assertEquals(e.getMessage(), "rawPassword is a mandatory parameter"); + } + + rawPass = "newPassword"; + dao.updateUser(userName, rawPass.toCharArray()); + try + { + authenticationService.authenticate(userName, rawPass.toCharArray()); + } + catch (AuthenticationException e) + { + fail("Authentication should have passed."); + } + assertEquals(authenticationService.getCurrentUserName(), userName); + } + finally + { + if (previousAuthenticatedUser != null) + { + AuthenticationUtil.setFullyAuthenticatedUser(previousAuthenticatedUser); + } + try + { + dao.deleteUser(userName); + } + catch (Exception e) + { + // Nothing to do here. + } + } } }