From 59628b64c222fc2b58675ac874a2ba8d2a4192cc Mon Sep 17 00:00:00 2001 From: Andrea Patricelli Date: Wed, 31 Jul 2024 11:37:55 +0200 Subject: [PATCH] [SYNCOPE-1824] ensuring linked account password validation on linked account (only) update --- .../java/AbstractUserWorkflowAdapter.java | 3 ++- .../syncope/fit/core/LinkedAccountITCase.java | 16 ++++++++++++++++ 2 files changed, 18 insertions(+), 1 deletion(-) diff --git a/core/workflow-java/src/main/java/org/apache/syncope/core/workflow/java/AbstractUserWorkflowAdapter.java b/core/workflow-java/src/main/java/org/apache/syncope/core/workflow/java/AbstractUserWorkflowAdapter.java index 1737004d3f..23eb74031a 100644 --- a/core/workflow-java/src/main/java/org/apache/syncope/core/workflow/java/AbstractUserWorkflowAdapter.java +++ b/core/workflow-java/src/main/java/org/apache/syncope/core/workflow/java/AbstractUserWorkflowAdapter.java @@ -297,7 +297,8 @@ public UserWorkflowResult> update( // enforce password and account policies enforcePolicies( user, - userUR.getPassword() == null, + userUR.getPassword() == null && userUR.getLinkedAccounts().stream() + .allMatch(linkedAccountUR -> linkedAccountUR.getLinkedAccountTO().getPassword() == null), Optional.ofNullable(userUR.getPassword()).map(PasswordPatch::getValue).orElse(null)); user = userDAO.save(user); diff --git a/fit/core-reference/src/test/java/org/apache/syncope/fit/core/LinkedAccountITCase.java b/fit/core-reference/src/test/java/org/apache/syncope/fit/core/LinkedAccountITCase.java index d0734369cb..8c40b07a71 100644 --- a/fit/core-reference/src/test/java/org/apache/syncope/fit/core/LinkedAccountITCase.java +++ b/fit/core-reference/src/test/java/org/apache/syncope/fit/core/LinkedAccountITCase.java @@ -24,6 +24,7 @@ import static org.junit.jupiter.api.Assertions.assertNotNull; import static org.junit.jupiter.api.Assertions.assertNull; import static org.junit.jupiter.api.Assertions.assertTrue; +import static org.junit.jupiter.api.Assertions.fail; import com.fasterxml.jackson.databind.node.ObjectNode; import java.util.List; @@ -54,6 +55,7 @@ import org.apache.syncope.common.lib.to.TaskTO; import org.apache.syncope.common.lib.to.UserTO; import org.apache.syncope.common.lib.types.AnyTypeKind; +import org.apache.syncope.common.lib.types.ClientExceptionType; import org.apache.syncope.common.lib.types.ExecStatus; import org.apache.syncope.common.lib.types.IdMImplementationType; import org.apache.syncope.common.lib.types.ImplementationEngine; @@ -267,6 +269,20 @@ public void createWithoutLinkedAccountThenAddAndUpdatePassword() throws NamingEx userUR = new UserUR(); userUR.setKey(user.getKey()); userUR.getLinkedAccounts().add(new LinkedAccountUR.Builder().linkedAccountTO(account).build()); + + // 4.1 SYNCOPE-1824 update with a wrong password, a error must be raised + account.setPassword("password"); + try { + updateUser(userUR); + fail("Should not arrive here due to wrong linked account password"); + } catch (SyncopeClientException sce) { + assertEquals(ClientExceptionType.InvalidUser, sce.getType()); + assertEquals("InvalidUser [InvalidPassword: Password must be 10 or more characters in length.]", + sce.getMessage()); + } + + // set a correct password + account.setPassword("Password123"); user = updateUser(userUR).getEntity(); assertNotNull(user.getLinkedAccounts().get(0).getPassword());