[SYNCOPE-715] Implemented
Project: http://git-wip-us.apache.org/repos/asf/syncope/repo Commit: http://git-wip-us.apache.org/repos/asf/syncope/commit/fa5e65aa Tree: http://git-wip-us.apache.org/repos/asf/syncope/tree/fa5e65aa Diff: http://git-wip-us.apache.org/repos/asf/syncope/diff/fa5e65aa Branch: refs/heads/master Commit: fa5e65aa95fae91387d3c1ba4992ceb5bd3e4b6c Parents: e20dd0a Author: Francesco Chicchiriccò <[email protected]> Authored: Thu Oct 22 13:59:44 2015 +0200 Committer: Francesco Chicchiriccò <[email protected]> Committed: Thu Oct 22 13:59:44 2015 +0200 ---------------------------------------------------------------------- .../apache/syncope/core/logic/UserLogic.java | 27 ++++++------- .../core/persistence/jpa/dao/JPAConfDAO.java | 28 +++++++------ .../main/resources/domains/MasterContent.xml | 6 +++ .../persistence/jpa/inner/MultitenancyTest.java | 2 +- .../persistence/jpa/inner/PlainSchemaTest.java | 2 +- .../test/resources/domains/MasterContent.xml | 8 +++- .../src/test/resources/domains/TwoContent.xml | 6 +++ .../provisioning/api/data/UserDataBinder.java | 2 + .../java/data/UserDataBinderImpl.java | 9 +++++ .../fit/core/reference/MultitenancyITCase.java | 2 +- .../fit/core/reference/SyncTaskITCase.java | 41 +++++++++----------- .../syncope/fit/core/reference/UserITCase.java | 8 ++-- 12 files changed, 87 insertions(+), 54 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/syncope/blob/fa5e65aa/core/logic/src/main/java/org/apache/syncope/core/logic/UserLogic.java ---------------------------------------------------------------------- diff --git a/core/logic/src/main/java/org/apache/syncope/core/logic/UserLogic.java b/core/logic/src/main/java/org/apache/syncope/core/logic/UserLogic.java index 776f427..deab762 100644 --- a/core/logic/src/main/java/org/apache/syncope/core/logic/UserLogic.java +++ b/core/logic/src/main/java/org/apache/syncope/core/logic/UserLogic.java @@ -121,7 +121,7 @@ public class UserLogic extends AbstractAnyLogic<UserTO, UserPatch> { @Override public UserTO transform(final User input) { - return binder.getUserTO(input, details); + return binder.returnUserTO(binder.getUserTO(input, details)); } }, new ArrayList<UserTO>()); } @@ -131,14 +131,14 @@ public class UserLogic extends AbstractAnyLogic<UserTO, UserPatch> { public Pair<String, UserTO> readSelf() { return ImmutablePair.of( POJOHelper.serialize(AuthContextUtils.getAuthorizations()), - binder.getAuthenticatedUserTO()); + binder.returnUserTO(binder.getAuthenticatedUserTO())); } @PreAuthorize("hasRole('" + Entitlement.USER_READ + "')") @Transactional(readOnly = true) @Override public UserTO read(final Long key) { - return binder.getUserTO(key); + return binder.returnUserTO(binder.getUserTO(key)); } @PreAuthorize("hasRole('" + Entitlement.USER_SEARCH + "')") @@ -163,7 +163,7 @@ public class UserLogic extends AbstractAnyLogic<UserTO, UserPatch> { @Override public UserTO transform(final User input) { - return binder.getUserTO(input, details); + return binder.returnUserTO(binder.getUserTO(input, details)); } }, new ArrayList<UserTO>()); } @@ -203,7 +203,7 @@ public class UserLogic extends AbstractAnyLogic<UserTO, UserPatch> { UserTO savedTO = binder.getUserTO(created.getKey()); savedTO.getPropagationStatusTOs().addAll(created.getValue()); - return afterCreate(savedTO, before.getValue()); + return binder.returnUserTO(afterCreate(savedTO, before.getValue())); } @PreAuthorize("isAuthenticated() and not(hasRole('" + Entitlement.ANONYMOUS + "'))") @@ -240,7 +240,7 @@ public class UserLogic extends AbstractAnyLogic<UserTO, UserPatch> { UserTO updatedTO = binder.getUserTO(updated.getKey()); updatedTO.getPropagationStatusTOs().addAll(updated.getValue()); - return afterUpdate(updatedTO, before.getRight()); + return binder.returnUserTO(afterUpdate(updatedTO, before.getRight())); } protected Map.Entry<Long, List<PropagationStatus>> setStatusOnWfAdapter(final StatusPatch statusPatch) { @@ -277,7 +277,7 @@ public class UserLogic extends AbstractAnyLogic<UserTO, UserPatch> { Map.Entry<Long, List<PropagationStatus>> updated = setStatusOnWfAdapter(statusPatch); UserTO savedTO = binder.getUserTO(updated.getKey()); savedTO.getPropagationStatusTOs().addAll(updated.getValue()); - return savedTO; + return binder.returnUserTO(savedTO); } @PreAuthorize("hasRole('" + Entitlement.MUST_CHANGE_PASSWORD + "')") @@ -366,7 +366,7 @@ public class UserLogic extends AbstractAnyLogic<UserTO, UserPatch> { } deletedTO.getPropagationStatusTOs().addAll(statuses); - return afterDelete(deletedTO, before.getRight()); + return binder.returnUserTO(afterDelete(deletedTO, before.getRight())); } @PreAuthorize("hasRole('" + Entitlement.USER_UPDATE + "')") @@ -389,7 +389,7 @@ public class UserLogic extends AbstractAnyLogic<UserTO, UserPatch> { } })); - return binder.getUserTO(provisioningManager.unlink(patch)); + return binder.returnUserTO(binder.getUserTO(provisioningManager.unlink(patch))); } @PreAuthorize("hasRole('" + Entitlement.USER_UPDATE + "')") @@ -412,7 +412,7 @@ public class UserLogic extends AbstractAnyLogic<UserTO, UserPatch> { } })); - return binder.getUserTO(provisioningManager.link(patch)); + return binder.returnUserTO(binder.getUserTO(provisioningManager.link(patch))); } @PreAuthorize("hasRole('" + Entitlement.USER_UPDATE + "')") @@ -485,7 +485,7 @@ public class UserLogic extends AbstractAnyLogic<UserTO, UserPatch> { UserTO updatedTO = binder.getUserTO(key); updatedTO.getPropagationStatusTOs().addAll(statuses); - return updatedTO; + return binder.returnUserTO(updatedTO); } @PreAuthorize("hasRole('" + Entitlement.USER_UPDATE + "')") @@ -504,7 +504,7 @@ public class UserLogic extends AbstractAnyLogic<UserTO, UserPatch> { securityChecks(effectiveRealms, user.getRealm(), user.getKey()); user.getPropagationStatusTOs().addAll(provisioningManager.provision(key, changePwd, password, resources)); - return user; + return binder.returnUserTO(user); } @Override @@ -527,7 +527,8 @@ public class UserLogic extends AbstractAnyLogic<UserTO, UserPatch> { if ((key != null) && !key.equals(0L)) { try { - return key instanceof Long ? binder.getUserTO((Long) key) : binder.getUserTO((String) key); + return binder.returnUserTO(key instanceof Long + ? binder.getUserTO((Long) key) : binder.getUserTO((String) key)); } catch (Throwable ignore) { LOG.debug("Unresolved reference", ignore); throw new UnresolvedReferenceException(ignore); http://git-wip-us.apache.org/repos/asf/syncope/blob/fa5e65aa/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/dao/JPAConfDAO.java ---------------------------------------------------------------------- diff --git a/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/dao/JPAConfDAO.java b/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/dao/JPAConfDAO.java index 4afe78e..985c7aa 100644 --- a/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/dao/JPAConfDAO.java +++ b/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/dao/JPAConfDAO.java @@ -22,6 +22,7 @@ import org.apache.syncope.core.persistence.api.dao.ConfDAO; import org.apache.syncope.core.persistence.api.dao.PlainAttrDAO; import org.apache.syncope.core.persistence.api.dao.PlainSchemaDAO; import org.apache.syncope.core.persistence.api.entity.PlainAttrUniqueValue; +import org.apache.syncope.core.persistence.api.entity.PlainSchema; import org.apache.syncope.core.persistence.api.entity.conf.CPlainAttr; import org.apache.syncope.core.persistence.api.entity.conf.Conf; import org.apache.syncope.core.persistence.jpa.entity.conf.JPACPlainAttr; @@ -64,19 +65,22 @@ public class JPAConfDAO extends AbstractDAO<Conf, Long> implements ConfDAO { public CPlainAttr find(final String key, final String defaultValue) { CPlainAttr result = find(key); if (result == null) { - JPACPlainAttr newAttr = new JPACPlainAttr(); - newAttr.setSchema(schemaDAO.find(key)); - - JPACPlainAttrValue attrValue; - if (newAttr.getSchema().isUniqueConstraint()) { - attrValue = new JPACPlainAttrValue(); - ((PlainAttrUniqueValue) attrValue).setSchema(newAttr.getSchema()); - } else { - attrValue = new JPACPlainAttrValue(); + PlainSchema schema = schemaDAO.find(key); + if (schema != null) { + JPACPlainAttr newAttr = new JPACPlainAttr(); + newAttr.setSchema(schemaDAO.find(key)); + + JPACPlainAttrValue attrValue; + if (newAttr.getSchema().isUniqueConstraint()) { + attrValue = new JPACPlainAttrValue(); + ((PlainAttrUniqueValue) attrValue).setSchema(newAttr.getSchema()); + } else { + attrValue = new JPACPlainAttrValue(); + } + newAttr.add(defaultValue, attrValue); + + result = newAttr; } - newAttr.add(defaultValue, attrValue); - - result = newAttr; } return result; http://git-wip-us.apache.org/repos/asf/syncope/blob/fa5e65aa/core/persistence-jpa/src/main/resources/domains/MasterContent.xml ---------------------------------------------------------------------- diff --git a/core/persistence-jpa/src/main/resources/domains/MasterContent.xml b/core/persistence-jpa/src/main/resources/domains/MasterContent.xml index 92216fd..ed1c035 100644 --- a/core/persistence-jpa/src/main/resources/domains/MasterContent.xml +++ b/core/persistence-jpa/src/main/resources/domains/MasterContent.xml @@ -85,6 +85,12 @@ under the License. <CPlainAttr id="12" owner_id="1" schema_name="tasks.interruptMaxRetries"/> <CPlainAttrValue id="12" attribute_id="12" longValue="20"/> + <!-- Return hashed password values when reading users --> + <PlainSchema name="return.password.value" type="Boolean" + mandatoryCondition="false" multivalue="0" uniqueConstraint="0" readonly="0"/> + <CPlainAttr id="14" owner_id="1" schema_name="return.password.value"/> + <CPlainAttrValue id="14" attribute_id="14" booleanValue="0"/> + <AnyType name="USER" kind="USER"/> <AnyTypeClass name="BaseUser"/> <AnyType_AnyTypeClass anyType_name="USER" anyTypeClass_name="BaseUser"/> http://git-wip-us.apache.org/repos/asf/syncope/blob/fa5e65aa/core/persistence-jpa/src/test/java/org/apache/syncope/core/persistence/jpa/inner/MultitenancyTest.java ---------------------------------------------------------------------- diff --git a/core/persistence-jpa/src/test/java/org/apache/syncope/core/persistence/jpa/inner/MultitenancyTest.java b/core/persistence-jpa/src/test/java/org/apache/syncope/core/persistence/jpa/inner/MultitenancyTest.java index 074c26e..7d1dfea 100644 --- a/core/persistence-jpa/src/test/java/org/apache/syncope/core/persistence/jpa/inner/MultitenancyTest.java +++ b/core/persistence-jpa/src/test/java/org/apache/syncope/core/persistence/jpa/inner/MultitenancyTest.java @@ -83,7 +83,7 @@ public class MultitenancyTest extends AbstractTest { @Test public void readPlainSchemas() { - assertEquals(16, plainSchemaDAO.findAll().size()); + assertEquals(17, plainSchemaDAO.findAll().size()); } @Test http://git-wip-us.apache.org/repos/asf/syncope/blob/fa5e65aa/core/persistence-jpa/src/test/java/org/apache/syncope/core/persistence/jpa/inner/PlainSchemaTest.java ---------------------------------------------------------------------- diff --git a/core/persistence-jpa/src/test/java/org/apache/syncope/core/persistence/jpa/inner/PlainSchemaTest.java b/core/persistence-jpa/src/test/java/org/apache/syncope/core/persistence/jpa/inner/PlainSchemaTest.java index c425460..21636b7 100644 --- a/core/persistence-jpa/src/test/java/org/apache/syncope/core/persistence/jpa/inner/PlainSchemaTest.java +++ b/core/persistence-jpa/src/test/java/org/apache/syncope/core/persistence/jpa/inner/PlainSchemaTest.java @@ -47,7 +47,7 @@ public class PlainSchemaTest extends AbstractTest { @Test public void findAll() { List<PlainSchema> schemas = plainSchemaDAO.findAll(); - assertEquals(43, schemas.size()); + assertEquals(44, schemas.size()); } @Test http://git-wip-us.apache.org/repos/asf/syncope/blob/fa5e65aa/core/persistence-jpa/src/test/resources/domains/MasterContent.xml ---------------------------------------------------------------------- diff --git a/core/persistence-jpa/src/test/resources/domains/MasterContent.xml b/core/persistence-jpa/src/test/resources/domains/MasterContent.xml index 96e606f..d1fde9e 100644 --- a/core/persistence-jpa/src/test/resources/domains/MasterContent.xml +++ b/core/persistence-jpa/src/test/resources/domains/MasterContent.xml @@ -84,7 +84,13 @@ under the License. mandatoryCondition="true" multivalue="0" uniqueConstraint="0" readonly="0"/> <CPlainAttr id="12" owner_id="1" schema_name="tasks.interruptMaxRetries"/> <CPlainAttrValue id="12" attribute_id="12" longValue="20"/> - + + <!-- Return hashed password values when reading users --> + <PlainSchema name="return.password.value" type="Boolean" + mandatoryCondition="false" multivalue="0" uniqueConstraint="0" readonly="0"/> + <CPlainAttr id="14" owner_id="1" schema_name="return.password.value"/> + <CPlainAttrValue id="14" attribute_id="14" booleanValue="0"/> + <!-- For usage with admin console --> <PlainSchema name="admin.user.layout" type="String" mandatoryCondition="false" multivalue="1" uniqueConstraint="0" readonly="0"/> http://git-wip-us.apache.org/repos/asf/syncope/blob/fa5e65aa/core/persistence-jpa/src/test/resources/domains/TwoContent.xml ---------------------------------------------------------------------- diff --git a/core/persistence-jpa/src/test/resources/domains/TwoContent.xml b/core/persistence-jpa/src/test/resources/domains/TwoContent.xml index cce2ec8..cc36a9d 100644 --- a/core/persistence-jpa/src/test/resources/domains/TwoContent.xml +++ b/core/persistence-jpa/src/test/resources/domains/TwoContent.xml @@ -71,6 +71,12 @@ under the License. <CPlainAttr id="12" owner_id="1" schema_name="tasks.interruptMaxRetries"/> <CPlainAttrValue id="12" attribute_id="12" longValue="20"/> + <!-- Return hashed password values when reading users --> + <PlainSchema name="return.password.value" type="Boolean" + mandatoryCondition="false" multivalue="0" uniqueConstraint="0" readonly="0"/> + <CPlainAttr id="14" owner_id="1" schema_name="return.password.value"/> + <CPlainAttrValue id="14" attribute_id="14" booleanValue="0"/> + <AnyType name="USER" kind="USER"/> <AnyTypeClass name="BaseUser"/> <AnyType_AnyTypeClass anyType_name="USER" anyTypeClass_name="BaseUser"/> http://git-wip-us.apache.org/repos/asf/syncope/blob/fa5e65aa/core/provisioning-api/src/main/java/org/apache/syncope/core/provisioning/api/data/UserDataBinder.java ---------------------------------------------------------------------- diff --git a/core/provisioning-api/src/main/java/org/apache/syncope/core/provisioning/api/data/UserDataBinder.java b/core/provisioning-api/src/main/java/org/apache/syncope/core/provisioning/api/data/UserDataBinder.java index ff645f4..9592a3f 100644 --- a/core/provisioning-api/src/main/java/org/apache/syncope/core/provisioning/api/data/UserDataBinder.java +++ b/core/provisioning-api/src/main/java/org/apache/syncope/core/provisioning/api/data/UserDataBinder.java @@ -25,6 +25,8 @@ import org.apache.syncope.core.persistence.api.entity.user.User; public interface UserDataBinder { + UserTO returnUserTO(UserTO userTO); + UserTO getAuthenticatedUserTO(); UserTO getUserTO(String username); http://git-wip-us.apache.org/repos/asf/syncope/blob/fa5e65aa/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/data/UserDataBinderImpl.java ---------------------------------------------------------------------- diff --git a/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/data/UserDataBinderImpl.java b/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/data/UserDataBinderImpl.java index 4bb7bdf..147683c 100644 --- a/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/data/UserDataBinderImpl.java +++ b/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/data/UserDataBinderImpl.java @@ -101,6 +101,15 @@ public class UserDataBinderImpl extends AbstractAnyDataBinder implements UserDat @Transactional(readOnly = true) @Override + public UserTO returnUserTO(final UserTO userTO) { + if (!confDAO.find("return.password.value", "false").getValues().get(0).getBooleanValue()) { + userTO.setPassword(null); + } + return userTO; + } + + @Transactional(readOnly = true) + @Override public UserTO getAuthenticatedUserTO() { final UserTO authUserTO; http://git-wip-us.apache.org/repos/asf/syncope/blob/fa5e65aa/fit/core-reference/src/test/java/org/apache/syncope/fit/core/reference/MultitenancyITCase.java ---------------------------------------------------------------------- diff --git a/fit/core-reference/src/test/java/org/apache/syncope/fit/core/reference/MultitenancyITCase.java b/fit/core-reference/src/test/java/org/apache/syncope/fit/core/reference/MultitenancyITCase.java index c1ce3b0..9a54b7f 100644 --- a/fit/core-reference/src/test/java/org/apache/syncope/fit/core/reference/MultitenancyITCase.java +++ b/fit/core-reference/src/test/java/org/apache/syncope/fit/core/reference/MultitenancyITCase.java @@ -98,7 +98,7 @@ public class MultitenancyITCase extends AbstractITCase { @Test public void readPlainSchemas() { - assertEquals(16, adminClient.getService(SchemaService.class).list(SchemaType.PLAIN).size()); + assertEquals(17, adminClient.getService(SchemaService.class).list(SchemaType.PLAIN).size()); } @Test http://git-wip-us.apache.org/repos/asf/syncope/blob/fa5e65aa/fit/core-reference/src/test/java/org/apache/syncope/fit/core/reference/SyncTaskITCase.java ---------------------------------------------------------------------- diff --git a/fit/core-reference/src/test/java/org/apache/syncope/fit/core/reference/SyncTaskITCase.java b/fit/core-reference/src/test/java/org/apache/syncope/fit/core/reference/SyncTaskITCase.java index d645c77..e8ffd56 100644 --- a/fit/core-reference/src/test/java/org/apache/syncope/fit/core/reference/SyncTaskITCase.java +++ b/fit/core-reference/src/test/java/org/apache/syncope/fit/core/reference/SyncTaskITCase.java @@ -28,11 +28,13 @@ import static org.junit.Assert.fail; import java.util.HashSet; import java.util.List; import java.util.Locale; +import java.util.Map; import java.util.Set; import javax.ws.rs.core.Response; import org.apache.commons.collections4.CollectionUtils; import org.apache.commons.collections4.Predicate; import org.apache.commons.lang3.SerializationUtils; +import org.apache.commons.lang3.tuple.Pair; import org.apache.syncope.client.lib.SyncopeClient; import org.apache.syncope.common.lib.SyncopeClientException; import org.apache.syncope.common.lib.SyncopeConstants; @@ -674,9 +676,9 @@ public class SyncTaskITCase extends AbstractTaskITCase { assertEquals(Encryptor.getInstance().encode("security123", CipherAlgorithm.SHA1), value.toUpperCase()); // 3. Update the password in the DB - String newPassword = Encryptor.getInstance().encode("new-security", CipherAlgorithm.SHA1); - jdbcTemplate.execute( - "UPDATE test set PASSWORD='" + newPassword + "' where ID='" + user.getUsername() + "'"); + String newCleanPassword = "new-security"; + String newPassword = Encryptor.getInstance().encode(newCleanPassword, CipherAlgorithm.SHA1); + jdbcTemplate.execute("UPDATE test set PASSWORD='" + newPassword + "' where ID='" + user.getUsername() + "'"); // 4. Sync the user from the resource SyncTaskTO syncTask = new SyncTaskTO(); @@ -701,8 +703,8 @@ public class SyncTaskITCase extends AbstractTaskITCase { assertEquals(PropagationTaskExecStatus.SUCCESS, PropagationTaskExecStatus.valueOf(execution.getStatus())); // 5. Test the sync'd user - UserTO updatedUser = userService.read(user.getKey()); - assertEquals(newPassword, updatedUser.getPassword()); + Pair<Map<String, Set<String>>, UserTO> self = clientFactory.create(user.getUsername(), newCleanPassword).self(); + assertNotNull(self); // 6. Delete SyncTask + user taskService.delete(syncTask.getKey()); @@ -715,30 +717,31 @@ public class SyncTaskITCase extends AbstractTaskITCase { ldapCleanup(); // 1. create user in LDAP + String oldCleanPassword = "security123"; UserTO user = UserITCase.getUniqueSampleTO("[email protected]"); - user.setPassword("security123"); + user.setPassword(oldCleanPassword); user.getResources().add(RESOURCE_NAME_LDAP); user = createUser(user); assertNotNull(user); assertFalse(user.getResources().isEmpty()); // 2. request to change password only on Syncope and not on LDAP + String newCleanPassword = "new-security123"; UserPatch userPatch = new UserPatch(); userPatch.setKey(user.getKey()); - userPatch.setPassword(new PasswordPatch.Builder().value("new-security123").build()); - updateUser(userPatch); + userPatch.setPassword(new PasswordPatch.Builder().value(newCleanPassword).build()); + user = updateUser(userPatch); // 3. Check that the Syncope user now has the changed password - UserTO updatedUser = userService.read(user.getKey()); - String encodedNewPassword = Encryptor.getInstance().encode("new-security123", CipherAlgorithm.SHA1); - assertEquals(encodedNewPassword, updatedUser.getPassword()); + Pair<Map<String, Set<String>>, UserTO> self = clientFactory.create(user.getUsername(), newCleanPassword).self(); + assertNotNull(self); // 4. Check that the LDAP resource has the old password ConnObjectTO connObject = resourceService.readConnObject(RESOURCE_NAME_LDAP, AnyTypeKind.USER.name(), user.getKey()); assertNotNull(getLdapRemoteObject( connObject.getPlainAttrMap().get(Name.NAME).getValues().get(0), - "security123", + oldCleanPassword, connObject.getPlainAttrMap().get(Name.NAME).getValues().get(0))); // 5. Update the LDAP Connector to retrieve passwords @@ -761,27 +764,21 @@ public class SyncTaskITCase extends AbstractTaskITCase { syncTask.getActionsClassNames().add(LDAPPasswordSyncActions.class.getName()); Response taskResponse = taskService.create(syncTask); - SyncTaskTO actual = getObject(taskResponse.getLocation(), TaskService.class, SyncTaskTO.class); - assertNotNull(actual); - - syncTask = taskService.read(actual.getKey()); + syncTask = getObject(taskResponse.getLocation(), TaskService.class, SyncTaskTO.class); assertNotNull(syncTask); - assertEquals(actual.getKey(), syncTask.getKey()); - assertEquals(actual.getJobDelegateClassName(), syncTask.getJobDelegateClassName()); TaskExecTO execution = execProvisioningTask(taskService, syncTask.getKey(), 50, false); assertEquals(PropagationTaskExecStatus.SUCCESS, PropagationTaskExecStatus.valueOf(execution.getStatus())); // 7. Test the sync'd user - String syncedPassword = Encryptor.getInstance().encode("security123", CipherAlgorithm.SHA1); - updatedUser = userService.read(user.getKey()); - assertEquals(syncedPassword, updatedUser.getPassword()); + self = clientFactory.create(user.getUsername(), oldCleanPassword).self(); + assertNotNull(self); // 8. Delete SyncTask + user + reset the connector taskService.delete(syncTask.getKey()); property.getValues().clear(); property.getValues().add(Boolean.FALSE); connectorService.update(resourceConnector); - deleteUser(updatedUser.getKey()); + deleteUser(user.getKey()); } } http://git-wip-us.apache.org/repos/asf/syncope/blob/fa5e65aa/fit/core-reference/src/test/java/org/apache/syncope/fit/core/reference/UserITCase.java ---------------------------------------------------------------------- diff --git a/fit/core-reference/src/test/java/org/apache/syncope/fit/core/reference/UserITCase.java b/fit/core-reference/src/test/java/org/apache/syncope/fit/core/reference/UserITCase.java index 91da759..ebaf02b 100644 --- a/fit/core-reference/src/test/java/org/apache/syncope/fit/core/reference/UserITCase.java +++ b/fit/core-reference/src/test/java/org/apache/syncope/fit/core/reference/UserITCase.java @@ -569,6 +569,7 @@ public class UserITCase extends AbstractITCase { UserTO userTO = userService.read(1L); assertNotNull(userTO); + assertNull(userTO.getPassword()); assertNotNull(userTO.getPlainAttrs()); assertFalse(userTO.getPlainAttrs().isEmpty()); } @@ -2352,14 +2353,15 @@ public class UserITCase extends AbstractITCase { userTO = createUser(userTO); assertNotNull(userTO); - connObjectTO = - resourceService.readConnObject(RESOURCE_NAME_CSV, AnyTypeKind.USER.name(), userTO.getKey()); + connObjectTO = resourceService.readConnObject(RESOURCE_NAME_CSV, AnyTypeKind.USER.name(), userTO.getKey()); assertNotNull(connObjectTO); // check if password has been correctly propagated on Syncope and resource-csv as usual assertEquals("passwordTESTNULL1", connObjectTO.getPlainAttrMap(). get(OperationalAttributes.PASSWORD_NAME).getValues().get(0)); - assertNotNull(userTO.getPassword()); + Pair<Map<String, Set<String>>, UserTO> self = + clientFactory.create(userTO.getUsername(), "passwordTESTNULL1").self(); + assertNotNull(self); // 4. add password policy to resource with passwordNotStore to false --> must store password ResourceTO csv = resourceService.read(RESOURCE_NAME_CSV);
