This is an automated email from the ASF dual-hosted git repository. btellier pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/james-project.git
commit 216315e784b9b370cb44b3923924672b7945d001 Author: Benoit Tellier <[email protected]> AuthorDate: Fri Jan 27 22:40:43 2023 +0700 [FIX] DelegationStoreAuthorizator::isAdministrator should fallback to false --- .../mailbox/DelegationStoreAuthorizator.java | 11 +++++++-- .../mailbox/DelegationStoreAuthorizatorTest.java | 27 ++++++++++++++++++++++ 2 files changed, 36 insertions(+), 2 deletions(-) diff --git a/server/container/mailbox-adapter/src/main/java/org/apache/james/adapter/mailbox/DelegationStoreAuthorizator.java b/server/container/mailbox-adapter/src/main/java/org/apache/james/adapter/mailbox/DelegationStoreAuthorizator.java index a8a5733380..6b3bdc72af 100644 --- a/server/container/mailbox-adapter/src/main/java/org/apache/james/adapter/mailbox/DelegationStoreAuthorizator.java +++ b/server/container/mailbox-adapter/src/main/java/org/apache/james/adapter/mailbox/DelegationStoreAuthorizator.java @@ -30,6 +30,8 @@ import org.apache.james.user.api.DelegationStore; import org.apache.james.user.api.UsersRepository; import org.apache.james.user.api.UsersRepositoryException; +import com.google.common.annotations.VisibleForTesting; + import reactor.core.publisher.Flux; /** @@ -61,11 +63,16 @@ public class DelegationStoreAuthorizator implements Authorizator { } } - private boolean isAdministrator(Username userId) throws UsersRepositoryException { + @VisibleForTesting + boolean isAdministrator(Username userId) throws UsersRepositoryException { if (userId.hasDomainPart() ^ usersRepository.supportVirtualHosting()) { return false; } - return usersRepository.isAdministrator(userId); + try { + return usersRepository.isAdministrator(userId); + } catch (Exception e) { + return false; + } } @Override diff --git a/server/container/mailbox-adapter/src/test/java/org/apache/james/adapter/mailbox/DelegationStoreAuthorizatorTest.java b/server/container/mailbox-adapter/src/test/java/org/apache/james/adapter/mailbox/DelegationStoreAuthorizatorTest.java index 1aba300da4..6f320202d2 100644 --- a/server/container/mailbox-adapter/src/test/java/org/apache/james/adapter/mailbox/DelegationStoreAuthorizatorTest.java +++ b/server/container/mailbox-adapter/src/test/java/org/apache/james/adapter/mailbox/DelegationStoreAuthorizatorTest.java @@ -59,6 +59,33 @@ class DelegationStoreAuthorizatorTest { assertThat(testee.canLoginAsOtherUser(ADMIN_USER, OTHER_USER)).isEqualTo(Authorizator.AuthorizationState.ALLOWED); } + @Test + void isAdministratorShouldReturnTrueWhenAdministrator() throws Exception { + assertThat(testee.isAdministrator(ADMIN_USER)).isTrue(); + } + + @Test + void isAdministratorShouldReturnFalseWhenNotAdministrator() throws Exception { + assertThat(testee.isAdministrator(OTHER_USER)).isFalse(); + } + + @Test + void isAdministratorShouldReturnFalseWhenWrongVirtualHosting() throws Exception { + assertThat(testee.isAdministrator(Username.of("[email protected]"))).isFalse(); + } + + @Test + void isAdministratorShouldReturnFalseWhenWrongVirtualHosting2() throws Exception { + MemoryUsersRepository usersRepository = MemoryUsersRepository.withVirtualHosting(null); + BaseHierarchicalConfiguration configuration = new BaseHierarchicalConfiguration(); + configuration.addProperty("administratorId", "admin"); + usersRepository.configure(configuration); + delegationStore = new MemoryDelegationStore(); + testee = new DelegationStoreAuthorizator(delegationStore, usersRepository); + + assertThat(testee.isAdministrator(OTHER_USER)).isFalse(); + } + @Test void canLoginAsOtherUserShouldReturnForbiddenWhenWrongVirtualHosting() throws Exception { usersRepository.addUser(OTHER_USER, "secret"); --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
