MNT-17199 - CSV user import: if password is left blank it should be randomly generated

Modified UserCSVUploadPost behaviour to use an empty string for password creation instead of the user's first name.
   Modified RepositoryAuthenticationDao > createUser behaviour to treat the case when the password is an empty string or null.
   Added a Unit test.

git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/BRANCHES/DEV/5.2.N/root@136902 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
This commit is contained in:
Alexandru Epure
2017-05-24 10:17:12 +00:00
parent dd932e0a5d
commit 8c5964adfb
2 changed files with 71 additions and 5 deletions

View File

@@ -31,6 +31,7 @@ import java.util.Date;
import java.util.HashMap; import java.util.HashMap;
import java.util.List; import java.util.List;
import java.util.Map; import java.util.Map;
import java.util.UUID;
import net.sf.acegisecurity.GrantedAuthority; import net.sf.acegisecurity.GrantedAuthority;
import net.sf.acegisecurity.GrantedAuthorityImpl; import net.sf.acegisecurity.GrantedAuthorityImpl;
@@ -354,6 +355,13 @@ public class RepositoryAuthenticationDao implements MutableAuthenticationDao, In
String salt = GUID.generate(); String salt = GUID.generate();
properties.put(ContentModel.PROP_SALT, salt); properties.put(ContentModel.PROP_SALT, salt);
boolean emptyPassword = rawPassword != null ? "".equals(new String(rawPassword)) : true;
if (emptyPassword)
{
rawPassword = UUID.randomUUID().toString().toCharArray();
}
if (hashedPassword == null) if (hashedPassword == null)
{ {
if (logger.isDebugEnabled()) if (logger.isDebugEnabled())
@@ -374,7 +382,7 @@ public class RepositoryAuthenticationDao implements MutableAuthenticationDao, In
properties.put(ContentModel.PROP_HASH_INDICATOR, (Serializable) Arrays.asList(compositePasswordEncoder.getPreferredEncoding())); properties.put(ContentModel.PROP_HASH_INDICATOR, (Serializable) Arrays.asList(compositePasswordEncoder.getPreferredEncoding()));
properties.put(ContentModel.PROP_ACCOUNT_EXPIRES, Boolean.valueOf(false)); properties.put(ContentModel.PROP_ACCOUNT_EXPIRES, Boolean.valueOf(false));
properties.put(ContentModel.PROP_CREDENTIALS_EXPIRE, Boolean.valueOf(false)); properties.put(ContentModel.PROP_CREDENTIALS_EXPIRE, Boolean.valueOf(false));
properties.put(ContentModel.PROP_ENABLED, Boolean.valueOf(true)); properties.put(ContentModel.PROP_ENABLED, Boolean.valueOf(!emptyPassword));
properties.put(ContentModel.PROP_ACCOUNT_LOCKED, Boolean.valueOf(false)); properties.put(ContentModel.PROP_ACCOUNT_LOCKED, Boolean.valueOf(false));
nodeService.createNode(typesNode, ContentModel.ASSOC_CHILDREN, QName.createQName(ContentModel.USER_MODEL_URI, nodeService.createNode(typesNode, ContentModel.ASSOC_CHILDREN, QName.createQName(ContentModel.USER_MODEL_URI,
caseSensitiveUserName), ContentModel.TYPE_USER, properties); caseSensitiveUserName), ContentModel.TYPE_USER, properties);

View File

@@ -2155,4 +2155,62 @@ public class AuthenticationTest extends TestCase
nspr.registerNamespace(NamespaceService.DEFAULT_PREFIX, defaultURI); nspr.registerNamespace(NamespaceService.DEFAULT_PREFIX, defaultURI);
return nspr; return nspr;
} }
public void testCreatingUserWithEmptyPassword() throws Exception
{
String previousAuthenticatedUser = AuthenticationUtil.getFullyAuthenticatedUser();
String userName = GUID.generate();
String rawPass = "";
try
{
dao.createUser(userName, null, rawPass.toCharArray());
NodeRef userNodeRed = getRepositoryAuthenticationDao().getUserOrNull(userName);
assertNotNull(userNodeRed);
Map<QName, Serializable> properties = nodeService.getProperties(userNodeRed);
assertEquals(properties.get(ContentModel.PROP_ENABLED), false);
properties.remove(ContentModel.PROP_ENABLED);
properties.put(ContentModel.PROP_ENABLED, true);
nodeService.setProperties(userNodeRed, properties);
assertEquals(properties.get(ContentModel.PROP_ENABLED), true);
try
{
authenticationService.authenticate(userName, rawPass.toCharArray());
fail("Authentication should have been rejected");
}
catch (IllegalArgumentException e)
{
assertEquals(e.getMessage(), "rawPassword is a mandatory parameter");
}
rawPass = "newPassword";
dao.updateUser(userName, rawPass.toCharArray());
try
{
authenticationService.authenticate(userName, rawPass.toCharArray());
}
catch (AuthenticationException e)
{
fail("Authentication should have passed.");
}
assertEquals(authenticationService.getCurrentUserName(), userName);
}
finally
{
if (previousAuthenticatedUser != null)
{
AuthenticationUtil.setFullyAuthenticatedUser(previousAuthenticatedUser);
}
try
{
dao.deleteUser(userName);
}
catch (Exception e)
{
// Nothing to do here.
}
}
}
} }