[SYNCOPE-1824] ensuring linked account password validation on linked …

…account (only) update (#799)
apache · Jul 31, 2024 · be12989 · be12989
1 parent b95574e
commit be12989
Show file tree

Hide file tree

Showing 2 changed files with 18 additions and 1 deletion.
diff --git a/...java/src/main/java/org/apache/syncope/core/workflow/java/AbstractUserWorkflowAdapter.java b/...java/src/main/java/org/apache/syncope/core/workflow/java/AbstractUserWorkflowAdapter.java
@@ -297,7 +297,8 @@ public UserWorkflowResult<Pair<UserUR, Boolean>> update(
         // enforce password and account policies
         enforcePolicies(
                 user,
-                userUR.getPassword() == null,
+                userUR.getPassword() == null && userUR.getLinkedAccounts().stream()
+                        .allMatch(linkedAccountUR -> linkedAccountUR.getLinkedAccountTO().getPassword() == null),
                 Optional.ofNullable(userUR.getPassword()).map(PasswordPatch::getValue).orElse(null));
         user = userDAO.save(user);
 

diff --git a/fit/core-reference/src/test/java/org/apache/syncope/fit/core/LinkedAccountITCase.java b/fit/core-reference/src/test/java/org/apache/syncope/fit/core/LinkedAccountITCase.java
@@ -24,6 +24,7 @@
 import static org.junit.jupiter.api.Assertions.assertNotNull;
 import static org.junit.jupiter.api.Assertions.assertNull;
 import static org.junit.jupiter.api.Assertions.assertTrue;
+import static org.junit.jupiter.api.Assertions.fail;
 
 import com.fasterxml.jackson.databind.node.ObjectNode;
 import java.util.List;
@@ -54,6 +55,7 @@
 import org.apache.syncope.common.lib.to.TaskTO;
 import org.apache.syncope.common.lib.to.UserTO;
 import org.apache.syncope.common.lib.types.AnyTypeKind;
+import org.apache.syncope.common.lib.types.ClientExceptionType;
 import org.apache.syncope.common.lib.types.ExecStatus;
 import org.apache.syncope.common.lib.types.IdMImplementationType;
 import org.apache.syncope.common.lib.types.ImplementationEngine;
@@ -267,6 +269,20 @@ public void createWithoutLinkedAccountThenAddAndUpdatePassword() throws NamingEx
         userUR = new UserUR();
         userUR.setKey(user.getKey());
         userUR.getLinkedAccounts().add(new LinkedAccountUR.Builder().linkedAccountTO(account).build());
+
+        // 4.1 SYNCOPE-1824 update with a wrong password, a error must be raised
+        account.setPassword("password");
+        try {
+            updateUser(userUR);
+            fail("Should not arrive here due to wrong linked account password");
+        } catch (SyncopeClientException sce) {
+            assertEquals(ClientExceptionType.InvalidUser, sce.getType());
+            assertEquals("InvalidUser [InvalidPassword: Password must be 10 or more characters in length.]",
+                    sce.getMessage());
+        }
+
+        // set a correct password
+        account.setPassword("Password123");
         user = updateUser(userUR).getEntity();
         assertNotNull(user.getLinkedAccounts().get(0).getPassword());