Merged HEAD-BUG-FIX (5.0/Cloud) to HEAD (5.0/Cloud)

75525: Merged V4.2-BUG-FIX (4.2.3) to HEAD-BUG-FIX (5.0/Cloud)
      75287: Merged V4.1-BUG-FIX (4.1.10) to V4.2-BUG-FIX (4.2.3)
         75284: Merged V4.1.8 (4.1.8.11) to V4.1-BUG-FIX (4.1.10)
            75265: MNT-11766 : User with username starting with admin gets admin rights
               - Previous fix was corrected according to Derek's review.
               - Unit test that demonstrates fix added.


git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@77485 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261

source/java/org/alfresco/repo/tenant/MultiTServiceImpl.java

@@ -398,26 +398,15 @@ public class MultiTServiceImpl implements TenantService
     public String getBaseNameUser(String name)
     {
         // can be null (e.g. for System user / during app ctx init)
-        if (name != null)
+        // We only bother with MT username@domain format if MT is enabled
+        if (name != null && isEnabled())
         {
             int idx = name.lastIndexOf(SEPARATOR);
-            if (idx > 0 && (idx < (name.length() - 1)))
+            if (idx != -1)
             {
-                String domainPart = getTenantDomain(name.substring(idx + 1));
+                return name.substring(0, idx);
-                String baseName = name.substring(0, idx);
+                    // tenant domain doesn't exists but we are allowed to create
-
+                    // no base name can be resolved for such users -> return
-                // MNT-11766 fix, check whether tenant domain actually exists
-                Tenant tenant = getTenant(domainPart);
-                if (tenant == null)
-                {
-                    // tenant domain doesn't exists but we are allowed to create non-tenant users with name like admin@test
-                    // no base name can be resolved for such users -> return original name
-                    return name;
-                }
-                else
-                {
-                    return baseName;
-                }        
             }
         }
         return name;

source/test-java/org/alfresco/repo/security/authority/AuthorityServiceTest.java

@@ -1420,6 +1420,30 @@ public class AuthorityServiceTest extends TestCase
         assertEquals("Count of groups must increment", (groupCountBefore+1), groupCountAfter);
     }
 
+    public void testMNT_11766()
+    {
+        Set<String> admins = authenticationComponent.getDefaultAdministratorUserNames();
+        
+        for (String admin : admins)
+        {
+            // create user with MT format name (i.e. username@domain)
+            String user = admin + "@" + System.currentTimeMillis();
+
+            Map<QName, Serializable> props = new HashMap<QName, Serializable>(4, 1.0f);
+            props.put(ContentModel.PROP_USERNAME, user);
+            props.put(ContentModel.PROP_FIRSTNAME, user);
+            props.put(ContentModel.PROP_LASTNAME, user);
+            props.put(ContentModel.PROP_EMAIL, user + "@gmail.com");
+
+            personService.createPerson(props);
+            authenticationService.createAuthentication(user, "123123".toCharArray());
+            
+            authenticationComponent.setCurrentUser(user);
+            assertFalse("User should not have administrator role.", authorityService.hasAdminAuthority());
+            assertFalse("User should not have administrator role.", pubAuthorityService.hasAdminAuthority());
+        }
+    }
+
     private void assertContains(List<String> results, List<String> checklist, boolean included)
     {
         for (String check : checklist)