MNT-17199 - CSV user import: if password is left blank it should be randomly generated

Modified UserCSVUploadPost behaviour to use an empty string for password creation instead of the user's first name. Modified RepositoryAuthenticationDao > createUser behaviour to treat the case when the password is an empty string or null. Added a Unit test. git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/BRANCHES/DEV/5.2.N/root@136902 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
2025-10-08 14:51:49 +00:00 · 2017-05-24 10:17:12 +00:00
parent dd932e0a5d
commit 8c5964adfb
2 changed files with 71 additions and 5 deletions
--- a/source/test-java/org/alfresco/repo/security/authentication/AuthenticationTest.java
+++ b/source/test-java/org/alfresco/repo/security/authentication/AuthenticationTest.java
@@ -2154,5 +2154,63 @@ public class AuthenticationTest extends TestCase
        nspr.registerNamespace("namespace", "namespace");
        nspr.registerNamespace(NamespaceService.DEFAULT_PREFIX, defaultURI);
        return nspr;
+    }
+
+    public void testCreatingUserWithEmptyPassword() throws Exception
+    {
+        String previousAuthenticatedUser = AuthenticationUtil.getFullyAuthenticatedUser();
+        String userName = GUID.generate();
+        String rawPass = "";
+        try
+        {
+            dao.createUser(userName, null, rawPass.toCharArray());
+            NodeRef userNodeRed = getRepositoryAuthenticationDao().getUserOrNull(userName);
+            assertNotNull(userNodeRed);
+
+            Map<QName, Serializable> properties = nodeService.getProperties(userNodeRed);
+            assertEquals(properties.get(ContentModel.PROP_ENABLED), false);
+
+            properties.remove(ContentModel.PROP_ENABLED);
+            properties.put(ContentModel.PROP_ENABLED, true);
+            nodeService.setProperties(userNodeRed, properties);
+            assertEquals(properties.get(ContentModel.PROP_ENABLED), true);
+
+            try
+            {
+                authenticationService.authenticate(userName, rawPass.toCharArray());
+                fail("Authentication should have been rejected");
+            }
+            catch (IllegalArgumentException e)
+            {
+                assertEquals(e.getMessage(), "rawPassword is a mandatory parameter");
+            }
+
+            rawPass = "newPassword";
+            dao.updateUser(userName, rawPass.toCharArray());
+            try
+            {
+                authenticationService.authenticate(userName, rawPass.toCharArray());
+            }
+            catch (AuthenticationException e)
+            {
+                fail("Authentication should have passed.");
+            }
+            assertEquals(authenticationService.getCurrentUserName(), userName);
+        }
+        finally
+        {
+            if (previousAuthenticatedUser != null)
+            {
+                AuthenticationUtil.setFullyAuthenticatedUser(previousAuthenticatedUser);
+            }
+            try
+            {
+                dao.deleteUser(userName);
+            }
+            catch (Exception e)
+            {
+                // Nothing to do here.
+            }
+        }
    }
 }