From: Julien Lancelot Date: Mon, 19 Sep 2016 10:04:49 +0000 (+0200) Subject: SONAR-8031 Allow user login with 2 characters in Realm and IdentityProvider API X-Git-Tag: 6.1-RC1~8 X-Git-Url: https://source.dussan.org/?a=commitdiff_plain;h=8e325b86c9247da1659fbd23f5358156468dd795;p=sonarqube.git SONAR-8031 Allow user login with 2 characters in Realm and IdentityProvider API --- diff --git a/it/it-tests/src/test/java/it/user/BaseIdentityProviderTest.java b/it/it-tests/src/test/java/it/user/BaseIdentityProviderTest.java index fcccdd5545a..07471d31fdc 100644 --- a/it/it-tests/src/test/java/it/user/BaseIdentityProviderTest.java +++ b/it/it-tests/src/test/java/it/user/BaseIdentityProviderTest.java @@ -80,10 +80,11 @@ public class BaseIdentityProviderTest { @After public void cleanUpUsersAndGroupsAndProperties() throws Exception { - userRule.deactivateUsers(USER_LOGIN); + userRule.resetUsers(); userRule.removeGroups(GROUP1, GROUP2, GROUP3); resetSettings(ORCHESTRATOR, null, "sonar.auth.fake-base-id-provider.enabled", "sonar.auth.fake-base-id-provider.user", - "sonar.auth.fake-base-id-provider.throwUnauthorizedMessage", "sonar.auth.fake-base-id-provider.enabledGroupsSync", "sonar.auth.fake-base-id-provider.groups"); + "sonar.auth.fake-base-id-provider.throwUnauthorizedMessage", "sonar.auth.fake-base-id-provider.enabledGroupsSync", "sonar.auth.fake-base-id-provider.groups", + "sonar.auth.fake-base-id-provider.allowsUsersToSignUp"); } @Test @@ -247,6 +248,19 @@ public class BaseIdentityProviderTest { userRule.verifyUserGroupMembership(USER_LOGIN); } + @Test + public void allow_user_login_with_2_characters() throws Exception { + enablePlugin(); + String login = "jo"; + setUserCreatedByAuthPlugin(login, USER_PROVIDER_ID, USER_NAME, USER_EMAIL); + userRule.verifyUserDoesNotExist(login); + + // First connection, user is created + authenticateWithFakeAuthProvider(); + + userRule.verifyUserExists(login, USER_NAME, USER_EMAIL, false); + } + private static void enablePlugin() { setServerProperty(ORCHESTRATOR, "sonar.auth.fake-base-id-provider.enabled", "true"); } diff --git a/it/it-tests/src/test/java/it/user/LocalAuthenticationTest.java b/it/it-tests/src/test/java/it/user/LocalAuthenticationTest.java index 1db146aabc2..76c601b0e1c 100644 --- a/it/it-tests/src/test/java/it/user/LocalAuthenticationTest.java +++ b/it/it-tests/src/test/java/it/user/LocalAuthenticationTest.java @@ -185,6 +185,13 @@ public class LocalAuthenticationTest { assertThat(checkAuthenticationWithAuthenticateWebService(login, password)).isFalse(); } + @Test + public void allow_user_login_with_2_characters() throws Exception { + userRule.createUser("jo", "password"); + + assertThat(checkAuthenticationWithAuthenticateWebService("jo", "password")).isTrue(); + } + @Test public void allow_users_to_sign_up() throws IOException { setServerProperty(ORCHESTRATOR, "sonar.allowUsersToSignUp", "true"); diff --git a/it/it-tests/src/test/java/it/user/RealmAuthenticationTest.java b/it/it-tests/src/test/java/it/user/RealmAuthenticationTest.java index 59863a364bf..b6a99034d6d 100644 --- a/it/it-tests/src/test/java/it/user/RealmAuthenticationTest.java +++ b/it/it-tests/src/test/java/it/user/RealmAuthenticationTest.java @@ -48,6 +48,7 @@ import org.sonarqube.ws.client.WsClient; import org.sonarqube.ws.client.WsClientFactories; import org.sonarqube.ws.client.WsResponse; import util.selenium.SeleneseTest; +import util.user.UserRule; import static java.net.HttpURLConnection.HTTP_OK; import static java.net.HttpURLConnection.HTTP_UNAUTHORIZED; @@ -82,22 +83,16 @@ public class RealmAuthenticationTest { .setServerProperty("sonar.security.realm", "FakeRealm") .build(); + @ClassRule + public static UserRule USER_RULE = UserRule.from(orchestrator); + @Before @After public void resetData() throws Exception { setServerProperty(orchestrator, USERS_PROPERTY, null); setServerProperty(orchestrator, "sonar.security.updateUserAttributes", null); setServerProperty(orchestrator, "sonar.authenticator.createUsers", null); - resetUsers(USER_LOGIN, TECH_USER); - } - - private void resetUsers(String... logins) { - for (String login : logins) { - String result = orchestrator.getServer().adminWsClient().get("/api/users/search?q=" + login); - if (result.contains(login)) { - orchestrator.getServer().adminWsClient().userClient().deactivate(login); - } - } + USER_RULE.resetUsers(); } /** @@ -333,6 +328,15 @@ public class RealmAuthenticationTest { assertThat(checkAuthenticationWithWebService(null, null).code()).isEqualTo(HTTP_UNAUTHORIZED); } + @Test + public void allow_user_login_with_2_characters() { + String username = "jo"; + String password = "1234567"; + updateUsersInExtAuth(ImmutableMap.of(username + ".password", password)); + + assertThat(loginAttempt(username, password)).isEqualTo(AUTHORIZED); + } + protected void verifyHttpException(Exception e, int expectedCode) { assertThat(e).isInstanceOf(HttpException.class); HttpException exception = (HttpException) e; diff --git a/sonar-plugin-api/src/main/java/org/sonar/api/server/authentication/UserIdentity.java b/sonar-plugin-api/src/main/java/org/sonar/api/server/authentication/UserIdentity.java index 65753247e7c..b6d56989549 100644 --- a/sonar-plugin-api/src/main/java/org/sonar/api/server/authentication/UserIdentity.java +++ b/sonar-plugin-api/src/main/java/org/sonar/api/server/authentication/UserIdentity.java @@ -19,12 +19,6 @@ */ package org.sonar.api.server.authentication; -import static com.google.common.base.Preconditions.checkArgument; -import static com.google.common.base.Preconditions.checkNotNull; -import static com.google.common.collect.FluentIterable.from; -import static org.apache.commons.lang.StringUtils.isNotBlank; -import static org.sonar.api.user.UserGroupValidation.validateGroupName; - import com.google.common.base.Predicate; import java.util.HashSet; import java.util.Set; @@ -34,6 +28,12 @@ import javax.annotation.Nullable; import javax.annotation.concurrent.Immutable; import org.sonar.api.CoreProperties; +import static com.google.common.base.Preconditions.checkArgument; +import static com.google.common.base.Preconditions.checkNotNull; +import static com.google.common.collect.FluentIterable.from; +import static org.apache.commons.lang.StringUtils.isNotBlank; +import static org.sonar.api.user.UserGroupValidation.validateGroupName; + /** * User information provided by the Identity Provider to be register into the platform. * @@ -193,7 +193,7 @@ public final class UserIdentity { private static void validateLogin(String login) { checkArgument(isNotBlank(login), "User login must not be blank"); - checkArgument(login.length() <= 255 && login.length() >= 3, "User login size is incorrect (Between 3 and 255 characters)"); + checkArgument(login.length() <= 255 && login.length() >= 2, "User login size is incorrect (Between 2 and 255 characters)"); } private static void validateName(String name) { diff --git a/sonar-plugin-api/src/test/java/org/sonar/api/server/authentication/UserIdentityTest.java b/sonar-plugin-api/src/test/java/org/sonar/api/server/authentication/UserIdentityTest.java index 5c41e477d91..8366dcc1549 100644 --- a/sonar-plugin-api/src/test/java/org/sonar/api/server/authentication/UserIdentityTest.java +++ b/sonar-plugin-api/src/test/java/org/sonar/api/server/authentication/UserIdentityTest.java @@ -19,14 +19,14 @@ */ package org.sonar.api.server.authentication; -import static com.google.common.collect.Sets.newHashSet; -import static org.assertj.core.api.Assertions.assertThat; - import com.google.common.base.Strings; import org.junit.Rule; import org.junit.Test; import org.junit.rules.ExpectedException; +import static com.google.common.collect.Sets.newHashSet; +import static org.assertj.core.api.Assertions.assertThat; + public class UserIdentityTest { @Rule @@ -75,7 +75,7 @@ public class UserIdentityTest { @Test public void fail_when_login_is_too_long() throws Exception { thrown.expect(IllegalArgumentException.class); - thrown.expectMessage("User login size is incorrect (Between 3 and 255 characters)"); + thrown.expectMessage("User login size is incorrect (Between 2 and 255 characters)"); UserIdentity.builder() .setProviderLogin("john") .setLogin(Strings.repeat("1", 256)) @@ -87,10 +87,10 @@ public class UserIdentityTest { @Test public void fail_when_login_is_too_small() throws Exception { thrown.expect(IllegalArgumentException.class); - thrown.expectMessage("User login size is incorrect (Between 3 and 255 characters)"); + thrown.expectMessage("User login size is incorrect (Between 2 and 255 characters)"); UserIdentity.builder() .setProviderLogin("john") - .setLogin("12") + .setLogin("j") .setName("John") .setEmail("john@email.com") .build();