ilgrosso commented on code in PR #1152:
URL: https://github.com/apache/syncope/pull/1152#discussion_r2254462956
##########
core/idrepo/logic/src/main/java/org/apache/syncope/core/logic/UserLogic.java:
##########
@@ -669,4 +669,18 @@ protected UserTO resolveReference(final Method method,
final Object... args) thr
throw new UnresolvedReferenceException();
}
+
+ @PreAuthorize("hasRole('" + IdRepoEntitlement.USER_SEARCH + "')")
+ @Transactional
Review Comment:
missing `readOnly = true`
##########
fit/core-reference/src/test/java/org/apache/syncope/fit/core/UserITCase.java:
##########
@@ -1391,4 +1393,43 @@ public void haveIBeenPwned() {
UserTO userTO = createUser(userCR).getEntity();
assertNotNull(userTO.getKey());
}
+
+ @Test
+ public void passwordReset() throws Exception {
+ // 0. ensure that password request DOES require security question
+ confParamOps.set(SyncopeConstants.MASTER_DOMAIN,
"passwordReset.securityQuestion", true);
+
+ // 1. create an user with security question and answer
+ UserCR user =
UserITCase.getUniqueSample("pwdre...@syncope.apache.org");
+ user.setSecurityQuestion("887028ea-66fc-41e7-b397-620d7ea6dfbb");
+ user.setSecurityAnswer("Rossi");
+ user.getResources().add(RESOURCE_NAME_TESTDB);
+ createUser(user);
+
+ // verify propagation (including password) on external db
+ JdbcTemplate jdbcTemplate = new JdbcTemplate(testDataSource);
+ String pwdOnResource = queryForObject(jdbcTemplate,
+ MAX_WAIT_SECONDS, "SELECT password FROM test WHERE id=?",
String.class, user.getUsername());
+ assertTrue(StringUtils.isNotBlank(pwdOnResource));
+
+ // 2. verify that new user is able to authenticate
+ SyncopeClient authClient = CLIENT_FACTORY.create(user.getUsername(),
"password123");
+ UserTO read = authClient.self().getRight();
+ assertNotNull(read);
+
+ // 3. request password reset providing the expected security answer
Review Comment:
change this comment
##########
fit/core-reference/src/test/java/org/apache/syncope/fit/core/UserITCase.java:
##########
@@ -1391,4 +1393,43 @@ public void haveIBeenPwned() {
UserTO userTO = createUser(userCR).getEntity();
assertNotNull(userTO.getKey());
}
+
+ @Test
+ public void passwordReset() throws Exception {
+ // 0. ensure that password request DOES require security question
+ confParamOps.set(SyncopeConstants.MASTER_DOMAIN,
"passwordReset.securityQuestion", true);
+
+ // 1. create an user with security question and answer
+ UserCR user =
UserITCase.getUniqueSample("pwdre...@syncope.apache.org");
+ user.setSecurityQuestion("887028ea-66fc-41e7-b397-620d7ea6dfbb");
+ user.setSecurityAnswer("Rossi");
+ user.getResources().add(RESOURCE_NAME_TESTDB);
+ createUser(user);
+
+ // verify propagation (including password) on external db
+ JdbcTemplate jdbcTemplate = new JdbcTemplate(testDataSource);
+ String pwdOnResource = queryForObject(jdbcTemplate,
+ MAX_WAIT_SECONDS, "SELECT password FROM test WHERE id=?",
String.class, user.getUsername());
+ assertTrue(StringUtils.isNotBlank(pwdOnResource));
+
+ // 2. verify that new user is able to authenticate
Review Comment:
the fact the user is able to authenticate is not relevant here since we want
to test an admin feature
##########
core/idrepo/rest-cxf/src/main/java/org/apache/syncope/core/rest/cxf/service/UserServiceImpl.java:
##########
@@ -82,4 +89,14 @@ public Response status(final StatusR statusR) {
ProvisioningResult<UserTO> updated = logic.status(statusR,
isNullPriorityAsync());
return modificationResponse(updated);
}
+
+ @Override public void verifySecurityAnswer(final String username, final
String securityAnswer) {
Review Comment:
`@Override` should stay on separate line
##########
fit/core-reference/src/test/java/org/apache/syncope/fit/core/UserITCase.java:
##########
@@ -1391,4 +1393,43 @@ public void haveIBeenPwned() {
UserTO userTO = createUser(userCR).getEntity();
assertNotNull(userTO.getKey());
}
+
+ @Test
+ public void passwordReset() throws Exception {
+ // 0. ensure that password request DOES require security question
+ confParamOps.set(SyncopeConstants.MASTER_DOMAIN,
"passwordReset.securityQuestion", true);
+
+ // 1. create an user with security question and answer
+ UserCR user =
UserITCase.getUniqueSample("pwdre...@syncope.apache.org");
+ user.setSecurityQuestion("887028ea-66fc-41e7-b397-620d7ea6dfbb");
+ user.setSecurityAnswer("Rossi");
+ user.getResources().add(RESOURCE_NAME_TESTDB);
Review Comment:
adding this resource is not relevant for this test case, please remove
##########
fit/core-reference/src/test/java/org/apache/syncope/fit/core/UserITCase.java:
##########
@@ -1391,4 +1393,43 @@ public void haveIBeenPwned() {
UserTO userTO = createUser(userCR).getEntity();
assertNotNull(userTO.getKey());
}
+
+ @Test
+ public void passwordReset() throws Exception {
+ // 0. ensure that password request DOES require security question
+ confParamOps.set(SyncopeConstants.MASTER_DOMAIN,
"passwordReset.securityQuestion", true);
+
+ // 1. create an user with security question and answer
+ UserCR user =
UserITCase.getUniqueSample("pwdre...@syncope.apache.org");
+ user.setSecurityQuestion("887028ea-66fc-41e7-b397-620d7ea6dfbb");
+ user.setSecurityAnswer("Rossi");
+ user.getResources().add(RESOURCE_NAME_TESTDB);
+ createUser(user);
+
+ // verify propagation (including password) on external db
Review Comment:
checking propagation is not required for this test, please remove
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscr...@syncope.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
