github-advanced-security[bot] commented on code in PR #1170:
URL: https://github.com/apache/syncope/pull/1170#discussion_r2322577294
##########
wa/starter/src/main/java/org/apache/syncope/wa/starter/config/WAContext.java:
##########
@@ -337,6 +353,124 @@
return new WAGoogleMfaAuthCredentialRepository(waRestClient,
googleAuthenticatorInstance);
}
+ @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
+ @Bean
+ public PasswordManagementService syncopePasswordChangeService(
+ final CasConfigurationProperties casProperties,
+ @Qualifier("passwordManagementCipherExecutor")
+ final CipherExecutor<Serializable, String>
passwordManagementCipherExecutor,
+ @Qualifier(PasswordHistoryService.BEAN_NAME)
+ final PasswordHistoryService passwordHistoryService) {
+ PasswordManagementProperties pm = casProperties.getAuthn().getPm();
+ if (pm.getCore().isEnabled() && pm.getSyncope().isDefined()) {
+ return new SyncopePasswordManagementService(
+ passwordManagementCipherExecutor,
+ casProperties,
+ passwordHistoryService);
+ }
+ return new
NoOpPasswordManagementService(passwordManagementCipherExecutor, casProperties);
+ }
+
+ @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
+ @Bean
+ public PasswordManagementService ldapPasswordChangeService(
+ final CasConfigurationProperties casProperties,
+ @Qualifier("passwordManagementCipherExecutor")
+ final CipherExecutor<Serializable, String>
passwordManagementCipherExecutor,
+ @Qualifier(PasswordHistoryService.BEAN_NAME)
+ final PasswordHistoryService passwordHistoryService) {
+ List<LdapPasswordManagementProperties> ldaps =
casProperties.getAuthn().getPm().getLdap();
+ if (!ldaps.isEmpty() &&
StringUtils.isNotBlank(ldaps.get(0).getLdapUrl())) {
+ ConcurrentHashMap<String, ConnectionFactory> connectionFactoryMap =
+ new ConcurrentHashMap<String, ConnectionFactory>();
+ ldaps.forEach(ldap -> connectionFactoryMap.put(
+ ldap.getLdapUrl(),
+ LdapUtils.newLdaptiveConnectionFactory(ldap)));
+ return new
LdapPasswordManagementService(passwordManagementCipherExecutor, casProperties,
+ passwordHistoryService, connectionFactoryMap);
+ }
+ return new
NoOpPasswordManagementService(passwordManagementCipherExecutor, casProperties);
+ }
+
+ @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
+ @Bean
+ public PasswordManagementService jdbcPasswordChangeService(
+ final CasConfigurationProperties casProperties,
+ final ConfigurableApplicationContext applicationContext,
+ @Qualifier("jdbcPasswordManagementDataSource")
+ final DataSource jdbcPasswordManagementDataSource,
+ @Qualifier("jdbcPasswordManagementTransactionTemplate")
+ final TransactionOperations
jdbcPasswordManagementTransactionTemplate,
+ @Qualifier("passwordManagementCipherExecutor")
+ final CipherExecutor<Serializable, String>
passwordManagementCipherExecutor,
+ @Qualifier(PasswordHistoryService.BEAN_NAME)
+ final PasswordHistoryService passwordHistoryService) {
+ JdbcPasswordManagementProperties jdbc =
casProperties.getAuthn().getPm().getJdbc();
+ if (StringUtils.isNotBlank(jdbc.getUrl())) {
+ PasswordEncoder encoder = PasswordEncoderUtils.newPasswordEncoder(
+
casProperties.getAuthn().getPm().getJdbc().getPasswordEncoder(),
applicationContext);
+ return new
JdbcPasswordManagementService(passwordManagementCipherExecutor,
+ casProperties,
jdbcPasswordManagementDataSource,
+ jdbcPasswordManagementTransactionTemplate,
passwordHistoryService, encoder);
+ }
+ return new
NoOpPasswordManagementService(passwordManagementCipherExecutor, casProperties);
+ }
+
+ @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
+ @Bean
+ public PasswordManagementService restPasswordChangeService(
+ @Qualifier("passwordChangeServiceRestTemplate")
+ final RestTemplate passwordChangeServiceRestTemplate,
+ final CasConfigurationProperties casProperties,
+ @Qualifier("passwordManagementCipherExecutor")
+ final CipherExecutor<Serializable, String>
passwordManagementCipherExecutor,
+ @Qualifier(PasswordHistoryService.BEAN_NAME)
+ final PasswordHistoryService passwordHistoryService) {
+ return new
RestPasswordManagementService(passwordManagementCipherExecutor,
+ casProperties, passwordChangeServiceRestTemplate,
passwordHistoryService);
+ }
+
+ @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
+ @Bean
+ public PasswordManagementService passwordChangeService(
+ final ConfigurableApplicationContext applicationContext,
+ final CasConfigurationProperties casProperties,
+ @Qualifier("passwordManagementCipherExecutor")
+ final CipherExecutor<Serializable, String>
passwordManagementCipherExecutor,
+ @Qualifier(PasswordHistoryService.BEAN_NAME)
+ final PasswordHistoryService passwordHistoryService,
Review Comment:
## Useless parameter
The parameter 'passwordHistoryService' is never used.
[Show more
details](https://github.com/apache/syncope/security/code-scanning/2288)
##########
wa/bootstrap/src/main/java/org/apache/syncope/wa/bootstrap/WAPropertySourceLocator.java:
##########
@@ -124,8 +130,15 @@
properties.putAll(index(map, prefixes));
});
- properties.put("cas.authn.pm.syncope.url",
- StringUtils.substringBefore(syncopeClient.getAddress(),
"/rest"));
+ syncopeClient.getService(PasswordManagementService.class).list()
+ .stream().filter(pm ->
Boolean.parseBoolean(pm.getEnabled())).findFirst()
+ .ifPresent(passwordManagementTO -> {
+ LOG.debug("Mapping password module {} ",
passwordManagementTO.getKey());
Review Comment:
## Insertion of sensitive information into log files
This [potentially sensitive information](1) is written to a log file.
[Show more
details](https://github.com/apache/syncope/security/code-scanning/2285)
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
