This is an automated email from the ASF dual-hosted git repository. pauls pushed a commit to branch issues/SLING-9857 in repository https://gitbox.apache.org/repos/asf/sling-org-apache-sling-jcr-repoinit.git
commit dc891b2b193c46d08e76af53c18186e90fbf97d0 Author: Karl Pauls <[email protected]> AuthorDate: Fri Jan 29 05:55:14 2021 +0100 SLING-9857: implement forced path with simple recreate --- .../sling/jcr/repoinit/impl/UserVisitor.java | 96 +++++++++++++++++++++- .../sling/jcr/repoinit/CreateGroupsTest.java | 22 +++++ .../sling/jcr/repoinit/CreateServiceUsersTest.java | 26 ++++++ .../apache/sling/jcr/repoinit/CreateUsersTest.java | 33 ++++++++ 4 files changed, 173 insertions(+), 4 deletions(-) diff --git a/src/main/java/org/apache/sling/jcr/repoinit/impl/UserVisitor.java b/src/main/java/org/apache/sling/jcr/repoinit/impl/UserVisitor.java index bb0877c..1abb51a 100644 --- a/src/main/java/org/apache/sling/jcr/repoinit/impl/UserVisitor.java +++ b/src/main/java/org/apache/sling/jcr/repoinit/impl/UserVisitor.java @@ -17,8 +17,8 @@ package org.apache.sling.jcr.repoinit.impl; import java.security.Principal; - import javax.jcr.Session; +import javax.jcr.UnsupportedRepositoryOperationException; import org.apache.jackrabbit.api.security.user.Authorizable; import org.apache.sling.repoinit.parser.operations.CreateGroup; @@ -53,7 +53,32 @@ class UserVisitor extends DoNothingVisitor { log.info("Creating service user {}", username); UserUtil.createServiceUser(session, username, s.getPath()); } else if (UserUtil.isServiceUser(session, username)) { - log.info("Service user {} already exists, no changes made.", username); + if (s.isForcedPath()) { + Authorizable authorizable = UserUtil.getAuthorizable(session, username); + String path; + try { + path = authorizable.getPath(); + } catch (UnsupportedRepositoryOperationException ex) { + path = null; + } + if (path != null) { + String requiredIntermediate = s.getPath() + "/"; + if (!path.contains(requiredIntermediate)) { + log.info("Recreating service user {} to move path from {} to {}", username, path, s.getPath()); + if (UserUtil.deleteAuthorizable(session, username)) { + UserUtil.createServiceUser(session, username, s.getPath()); + } else { + log.info("Group {} already exists and could not be recreated to match path, no changes made.", username); + } + } else { + log.info("Service user {} already exists, no changes made.", username); + } + } else { + log.error("Service user {} already exists but no path can be determined, no changes made.", username); + } + } else { + log.info("Service user {} already exists, no changes made.", username); + } } else { final String message = String.format("Existing user %s is not a service user.", username); throw new RuntimeException(message); @@ -91,7 +116,35 @@ class UserVisitor extends DoNothingVisitor { }, g.getPath()); } } else { - log.info("Group {} already exists, no changes made", groupname); + if (g.isForcedPath()) { + String path; + try { + path = group.getPath(); + } catch (UnsupportedRepositoryOperationException ex) { + path = null; + } + if (path != null) { + String requiredIntermediate = g.getPath() + "/"; + if (!path.contains(requiredIntermediate)) { + log.info("Recreating group {} to move path from {} to {}", groupname, path, g.getPath()); + if (UserUtil.deleteAuthorizable(session, groupname)) { + UserUtil.getUserManager(session).createGroup(new Principal() { + public String getName() { + return groupname; + } + }, g.getPath()); + } else { + log.info("Group {} already exists and could not be recreated to match path, no changes made.", groupname); + } + } else { + log.info("Group {} already exists, no changes made.", groupname); + } + } else { + log.error("Group {} already exists but no path can be determined, no changes made.", groupname); + } + } else { + log.info("Group {} already exists, no changes made", groupname); + } } } catch (Exception e) { report(e, "Unable to create group [" + groupname + "]:" + e); @@ -128,7 +181,42 @@ class UserVisitor extends DoNothingVisitor { } UserUtil.createUser(session, username, pwd, u.getPath()); } else { - log.info("User {} already exists, no changes made", username); + if (u.isForcedPath()) { + Authorizable authorizable = UserUtil.getAuthorizable(session, username); + String path; + try { + path = authorizable.getPath(); + } catch (UnsupportedRepositoryOperationException ex) { + path = null; + } + if (path != null) { + String requiredIntermediate = u.getPath() + "/"; + if (!path.contains(requiredIntermediate)) { + log.info("Recreating user {} to move path from {} to {}", username, path, u.getPath()); + if (UserUtil.deleteAuthorizable(session, username)) { + final String pwd = u.getPassword(); + if (pwd != null) { + // TODO we might revise this warning once we're able + // to create users by providing their encoded password + // using u.getPasswordEncoding - for now I think only cleartext works + log.warn("Creating user {} with cleartext password - should NOT be used on production systems", + username); + } else { + log.info("Creating user {}", username); + } + UserUtil.createUser(session, username, pwd, u.getPath()); + } else { + log.info("User {} already exists and could not be recreated to match path, no changes made.", username); + } + } else { + log.info("User {} already exists, no changes made.", username); + } + } else { + log.error("User {} already exists but no path can be determined, no changes made.", username); + } + } else { + log.info("User {} already exists, no changes made.", username); + } } } catch (Exception e) { report(e, "Unable to create user [" + username + "]:" + e); diff --git a/src/test/java/org/apache/sling/jcr/repoinit/CreateGroupsTest.java b/src/test/java/org/apache/sling/jcr/repoinit/CreateGroupsTest.java index 328d4ab..5b07d8c 100644 --- a/src/test/java/org/apache/sling/jcr/repoinit/CreateGroupsTest.java +++ b/src/test/java/org/apache/sling/jcr/repoinit/CreateGroupsTest.java @@ -77,6 +77,28 @@ public class CreateGroupsTest { } @Test + public void createGroupWithForcedRelativePathTest() throws Exception { + final String groupId = namePrefix + "_cgwpt"; + final String path = "testgroup/folder_for_" + groupId; + final String forcedPath = "testgroup/folder_for_" + groupId + "_forced"; + U.parseAndExecute("create group " + groupId + " with path " + path); + U.assertGroup("after creating group " + groupId, groupId, true, path); + U.parseAndExecute("create group " + groupId + " with forced path " + forcedPath); + U.assertGroup("after creating group " + groupId, groupId, true, forcedPath); + } + + @Test + public void createGroupWithForcedAbsolutePathTest() throws Exception { + final String groupId = namePrefix + "_cgwpt"; + final String path = "/rep:security/rep:authorizables/rep:groups/testgroup/folder_for_" + groupId; + final String forcedPath = "/rep:security/rep:authorizables/rep:groups/testgroup/folder_for_" + groupId + "_forced"; + U.parseAndExecute("create group " + groupId + " with path " + path); + U.assertGroup("after creating group " + groupId, groupId, true, path); + U.parseAndExecute("create group " + groupId + " with forced path " + forcedPath); + U.assertGroup("after creating group " + groupId, groupId, true, forcedPath); + } + + @Test public void createGroupMultipleTimes() throws Exception { final String groupname = namePrefix + "_cgm"; U.assertGroup("before test", groupname, false); diff --git a/src/test/java/org/apache/sling/jcr/repoinit/CreateServiceUsersTest.java b/src/test/java/org/apache/sling/jcr/repoinit/CreateServiceUsersTest.java index 8642ec0..1c3d7db 100644 --- a/src/test/java/org/apache/sling/jcr/repoinit/CreateServiceUsersTest.java +++ b/src/test/java/org/apache/sling/jcr/repoinit/CreateServiceUsersTest.java @@ -135,6 +135,20 @@ public class CreateServiceUsersTest { } @Test + public void createServiceUserWithForcedRelativePathTest() throws Exception { + final String userId = namePrefix + "_cdst"; + // Oak requires system/ prefix for service users + final String path = "system/forServiceUser/test"; + final String pathForced = "system/forServiceUser/test2"; + U.assertServiceUser("at start of test", userId, false); + U.parseAndExecute("create service user " + userId + " with path " + path); + U.assertServiceUser("after creating user", userId, true, path); + + U.parseAndExecute("create service user " + userId + " with forced path " + pathForced); + U.assertServiceUser("after forcing creating user", userId, true, pathForced); + } + + @Test public void createServiceUserWithAbsPathTest() throws Exception { final String userId = namePrefix + "_cdst"; final String path = "/rep:security/rep:authorizables/rep:users/system/forServiceUser/test"; @@ -142,4 +156,16 @@ public class CreateServiceUsersTest { U.parseAndExecute("create service user " + userId + " with path " + path); U.assertServiceUser("after creating user", userId, true, path); } + + @Test + public void createServiceUserWithForcedAbsPathTest() throws Exception { + final String userId = namePrefix + "_cdst"; + final String path = "/rep:security/rep:authorizables/rep:users/system/forServiceUser/test1"; + final String pathForced = "/rep:security/rep:authorizables/rep:users/system/forServiceUser/test2"; + U.assertServiceUser("at start of test", userId, false); + U.parseAndExecute("create service user " + userId + " with path " + path); + U.assertServiceUser("after creating user", userId, true, path); + U.parseAndExecute("create service user " + userId + " with forced path " + pathForced); + U.assertServiceUser("after forcing creating user", userId, true, pathForced); + } } diff --git a/src/test/java/org/apache/sling/jcr/repoinit/CreateUsersTest.java b/src/test/java/org/apache/sling/jcr/repoinit/CreateUsersTest.java index 492dbc5..93198bb 100644 --- a/src/test/java/org/apache/sling/jcr/repoinit/CreateUsersTest.java +++ b/src/test/java/org/apache/sling/jcr/repoinit/CreateUsersTest.java @@ -87,6 +87,39 @@ public class CreateUsersTest { U.assertUser("after creating user " + userId, userId, true, path); } + @Test + public void createUserWithForcedRelativePathTest() throws Exception { + final String userId = namePrefix + "_cuwpt"; + final String path = "testusers/folder_for_" + userId; + U.parseAndExecute("create user " + userId + " with path " + path); + U.assertUser("after creating user " + userId, userId, true, path); + final String forcedPath = "testusers/folder_for_" + userId + "_forec"; + U.parseAndExecute("create user " + userId + " with forced path " + forcedPath); + U.assertUser("after creating user " + userId, userId, true, forcedPath); + } + + @Test + public void createUserWithForcedAbsolutePathTest() throws Exception { + final String userId = namePrefix + "_cuwpt"; + final String path = "/rep:security/rep:authorizables/rep:users/testusers/folder_for_" + userId; + U.parseAndExecute("create user " + userId + " with path " + path); + U.assertUser("after creating user " + userId, userId, true, path); + final String forcedPath = "/rep:security/rep:authorizables/rep:users/testusers/folder_for_" + userId; + U.parseAndExecute("create user " + userId + " with path " + forcedPath); + U.assertUser("after creating user " + userId, userId, true, forcedPath); + } + + @Test + public void createUserWithForcedPathAndPasswordTest() throws Exception { + final String userId = namePrefix + "_cuwpt"; + final String path = "testuserwithpassword/folder_for_" + userId; + U.parseAndExecute("create user " + userId + " with path " + path + " with password asdf"); + U.assertUser("after creating user " + userId, userId, true, path); + final String forcedPath = "testuserwithpassword/folder_for_" + userId; + U.parseAndExecute("create user " + userId + " with forced path " + forcedPath + " with password asdf"); + U.assertUser("after creating user " + userId, userId, true, forcedPath); + } + private String user(int index) { return namePrefix + "_" + index; }
