Author: angela
Date: Thu Apr 21 14:49:16 2016
New Revision: 1740333

URL: http://svn.apache.org/viewvc?rev=1740333&view=rev
Log:
OAK-4224 : DefaultSyncContext.sync(ExternalIdentity) should verify IDP

Modified:
    
jackrabbit/oak/trunk/oak-auth-external/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/basic/DefaultSyncContext.java
    
jackrabbit/oak/trunk/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/basic/DefaultSyncContextTest.java
    
jackrabbit/oak/trunk/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/CustomCredentialsSupportTest.java

Modified: 
jackrabbit/oak/trunk/oak-auth-external/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/basic/DefaultSyncContext.java
URL: 
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-auth-external/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/basic/DefaultSyncContext.java?rev=1740333&r1=1740332&r2=1740333&view=diff
==============================================================================
--- 
jackrabbit/oak/trunk/oak-auth-external/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/basic/DefaultSyncContext.java
 (original)
+++ 
jackrabbit/oak/trunk/oak-auth-external/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/basic/DefaultSyncContext.java
 Thu Apr 21 14:49:16 2016
@@ -222,6 +222,12 @@ public class DefaultSyncContext implemen
     @Nonnull
     @Override
     public SyncResult sync(@Nonnull ExternalIdentity identity) throws 
SyncException {
+        ExternalIdentityRef ref = identity.getExternalId();
+        if (!isSameIDP(ref)) {
+            // create result in accordance with sync(String) where status is 
FOREIGN
+            boolean isGroup = (identity instanceof ExternalGroup);
+            return new DefaultSyncResultImpl(new 
DefaultSyncedIdentity(identity.getId(), ref, isGroup, -1), 
SyncResult.Status.FOREIGN);
+        }
         try {
             DebugTimer timer = new DebugTimer();
             DefaultSyncResultImpl ret;
@@ -250,7 +256,7 @@ public class DefaultSyncContext implemen
                 throw new IllegalArgumentException("identity must be user or 
group but was: " + identity);
             }
             if (log.isDebugEnabled()) {
-                log.debug("sync({}) -> {} {}", 
identity.getExternalId().getString(), identity.getId(), timer.getString());
+                log.debug("sync({}) -> {} {}", ref.getString(), 
identity.getId(), timer.getString());
             }
             if (created) {
                 ret.setStatus(SyncResult.Status.ADD);
@@ -277,8 +283,8 @@ public class DefaultSyncContext implemen
             }
             // check if we need to deal with this authorizable
             ExternalIdentityRef ref = DefaultSyncContext.getIdentityRef(auth);
-            if (ref == null || !idp.getName().equals(ref.getProviderName())) {
-                return new DefaultSyncResultImpl(new DefaultSyncedIdentity(id, 
null, false, -1), SyncResult.Status.FOREIGN);
+            if (ref == null || !isSameIDP(ref)) {
+                return new DefaultSyncResultImpl(new DefaultSyncedIdentity(id, 
ref, false, -1), SyncResult.Status.FOREIGN);
             }
 
             if (auth.isGroup()) {
@@ -713,4 +719,16 @@ public class DefaultSyncContext implemen
         ExternalIdentityRef ref = DefaultSyncContext.getIdentityRef(auth);
         return ref != null && idp.getName().equals(ref.getProviderName());
     }
+
+    /**
+     * Tests if the given {@link ExternalIdentityRef} refers to the same IDP
+     * as associated with this context instance.
+     *
+     * @param ref The {@link ExternalIdentityRef} to be tested.
+     * @return {@code true} if {@link ExternalIdentityRef#getProviderName()} 
refers
+     * to the IDP associated with this context instance.
+     */
+    private boolean isSameIDP(@Nonnull ExternalIdentityRef ref) {
+        return idp.getName().equals(ref.getProviderName());
+    }
 }
\ No newline at end of file

Modified: 
jackrabbit/oak/trunk/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/basic/DefaultSyncContextTest.java
URL: 
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/basic/DefaultSyncContextTest.java?rev=1740333&r1=1740332&r2=1740333&view=diff
==============================================================================
--- 
jackrabbit/oak/trunk/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/basic/DefaultSyncContextTest.java
 (original)
+++ 
jackrabbit/oak/trunk/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/basic/DefaultSyncContextTest.java
 Thu Apr 21 14:49:16 2016
@@ -56,7 +56,6 @@ import org.apache.jackrabbit.oak.spi.sec
 import 
org.apache.jackrabbit.oak.spi.security.authentication.external.TestIdentityProvider;
 import org.junit.After;
 import org.junit.Before;
-import org.junit.Ignore;
 import org.junit.Test;
 
 import static org.junit.Assert.assertArrayEquals;
@@ -69,8 +68,6 @@ import static org.junit.Assert.assertTru
 
 public class DefaultSyncContextTest extends AbstractExternalAuthTest {
 
-    private TestIdentityProvider idp = new TestIdentityProvider();
-
     private DefaultSyncContext syncCtx;
 
     private List<String> authorizableIds = new ArrayList<String>();
@@ -315,14 +312,48 @@ public class DefaultSyncContextTest exte
         assertEquals(SyncResult.Status.UPDATE, result.getStatus());
     }
 
-    @Ignore("OAK-4224")
-    @Test(expected = SyncException.class)
-    public void testSyncForeignExternalIdentity() throws Exception {
+    @Test
+    public void testSyncForeignExternalUser() throws Exception {
         ExternalIdentity foreign = new ForeignExternalUser();
 
-        syncCtx.sync(foreign);
-        // don't commit changes as the after-call would not properly remove any
-        // authorizable created this way.
+        SyncResult res = syncCtx.sync(foreign);
+        assertNotNull(res);
+        assertSame(SyncResult.Status.FOREIGN, res.getStatus());
+
+        // expect {@code SyncedIdentity} in accordance with {@code sync(String 
userId)},
+        // where the authorizable is found to be linked to a different IDP.
+        SyncedIdentity si = res.getIdentity();
+        assertNotNull(si);
+        assertEquals(foreign.getId(), si.getId());
+        ExternalIdentityRef ref = si.getExternalIdRef();
+        assertNotNull(ref);
+        assertEquals(foreign.getExternalId(), ref);
+        assertFalse(si.isGroup());
+        assertEquals(-1, si.lastSynced());
+
+        assertFalse(root.hasPendingChanges());
+    }
+
+    @Test
+    public void testSyncForeignExternalGroup() throws Exception {
+        ExternalIdentity foreign = new ForeignExternalGroup();
+
+        SyncResult res = syncCtx.sync(foreign);
+        assertNotNull(res);
+        assertSame(SyncResult.Status.FOREIGN, res.getStatus());
+
+        // expect {@code SyncedIdentity} in accordance with {@code sync(String 
userId)},
+        // where the authorizable is found to be linked to a different IDP.
+        SyncedIdentity si = res.getIdentity();
+        assertNotNull(si);
+        assertEquals(foreign.getId(), si.getId());
+        ExternalIdentityRef ref = si.getExternalIdRef();
+        assertNotNull(ref);
+        assertEquals(foreign.getExternalId(), ref);
+        assertTrue(si.isGroup());
+        assertEquals(-1, si.lastSynced());
+
+        assertFalse(root.hasPendingChanges());
     }
 
     @Test
@@ -430,7 +461,11 @@ public class DefaultSyncContextTest exte
     @Test
     public void testSyncByForeignId() throws Exception {
         SyncResult result = syncCtx.sync(getTestUser().getID());
+
         assertEquals(SyncResult.Status.FOREIGN, result.getStatus());
+        SyncedIdentity si = result.getIdentity();
+        assertNotNull(si);
+        assertNull(si.getExternalIdRef());
     }
 
     @Test
@@ -440,6 +475,9 @@ public class DefaultSyncContextTest exte
 
         SyncResult result = syncCtx.sync(u.getID());
         assertEquals(SyncResult.Status.FOREIGN, result.getStatus());
+        SyncedIdentity si = result.getIdentity();
+        assertNotNull(si);
+        assertEquals(DefaultSyncContext.getIdentityRef(u), 
si.getExternalIdRef());
     }
 
     @Test(expected = SyncException.class)
@@ -1198,6 +1236,21 @@ public class DefaultSyncContextTest exte
         }
     }
 
+    private final class ForeignExternalGroup extends TestExternalIdentity 
implements ExternalGroup {
+
+        @Nonnull
+        @Override
+        public ExternalIdentityRef getExternalId() {
+            return new ExternalIdentityRef(getId(), "AnotherExternalIDP");
+        }
+
+        @Nonnull
+        @Override
+        public Iterable<ExternalIdentityRef> getDeclaredMembers() {
+            return ImmutableList.of();
+        }
+    }
+
     private final class ExternalUserWithDeclaredGroup extends 
TestExternalIdentity implements ExternalUser {
 
         private final ExternalIdentityRef declaredGroupRef;

Modified: 
jackrabbit/oak/trunk/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/CustomCredentialsSupportTest.java
URL: 
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/CustomCredentialsSupportTest.java?rev=1740333&r1=1740332&r2=1740333&view=diff
==============================================================================
--- 
jackrabbit/oak/trunk/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/CustomCredentialsSupportTest.java
 (original)
+++ 
jackrabbit/oak/trunk/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/CustomCredentialsSupportTest.java
 Thu Apr 21 14:49:16 2016
@@ -131,7 +131,7 @@ public class CustomCredentialsSupportTes
                     @Nonnull
                     @Override
                     public ExternalIdentityRef getExternalId() {
-                        return new ExternalIdentityRef(uid, "test");
+                        return new ExternalIdentityRef(uid, getName());
                     }
 
                     @Nonnull


Reply via email to