[
https://issues.apache.org/jira/browse/OAK-4219?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Dominique Jäggi updated OAK-4219:
---------------------------------
Fix Version/s: 1.4.7
> ExternalLoginModuleTestBase doesn't remove synced User/Group accounts
> ---------------------------------------------------------------------
>
> Key: OAK-4219
> URL: https://issues.apache.org/jira/browse/OAK-4219
> Project: Jackrabbit Oak
> Issue Type: Bug
> Components: auth-external
> Reporter: angela
> Assignee: angela
> Fix For: 1.5.2, 1.4.7
>
>
> Looking at the {{ExternalLoginModuleTestBase}} I got the impression that the
> cleanup of user/group accounts is effectively broken.
> The current code looks as follows:
> - in the before method the list of existing authorizables is collected
> - in the after method the following code is executed:
> {code}
> UserManager userManager = getUserManager(root);
> Iterator<Authorizable> iter =
> userManager.findAuthorizables("jcr:primaryType", null);
> while (iter.hasNext()) {
> ids.remove(iter.next().getID());
> }
> for (String id : ids) {
> Authorizable a = userManager.getAuthorizable(id);
> if (a != null) {
> a.remove();
> }
> }
> {code}
> I might be totally mistaken but IMHO looks troublesome. Introducing an
> assertion after this verifying that the user with the external-test-id has
> been removed will actually fail... and I assume that this would have been the
> expected outcome.
> So, I would have expected the after-method to remove all users/groups
> _except_ those gather in the before-call, which would be considered built-in
> to the repository.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
