Browse Source
SONAR-15074 allow users without an email in database to login with a new email
tags/9.0.0.45539
Lukasz Jarocki
3 years ago
2 changed files with 13 additions and 14 deletions
+ 8
- 8
server/sonar-webserver-auth/src/main/java/org/sonar/server/authentication/UserRegistrarImpl.java
View File
| @@ -117,17 +117,17 @@ public class UserRegistrarImpl implements UserRegistrar { | |||
| } | |||
| private static void validateEmailToAvoidLoginRecycling(UserIdentity userIdentity, UserDto user, AuthenticationEvent.Source source) { | |||
| String userEmail = user.getEmail(); | |||
| String dbEmail = user.getEmail(); | |||
| if (userEmail == null) { | |||
| LOGGER.warn("User with login '{}' tried to login with email '{}' but we don't have a email on record", | |||
| userIdentity.getProviderLogin(), userIdentity.getEmail()); | |||
| throw loginAlreadyUsedException(userIdentity, source); | |||
| if (dbEmail == null) { | |||
| return; | |||
| } | |||
| if (!userEmail.equals(userIdentity.getEmail())) { | |||
| String externalEmail = userIdentity.getEmail(); | |||
| if (!dbEmail.equals(externalEmail)) { | |||
| LOGGER.warn("User with login '{}' tried to login with email '{}' which doesn't match the email on record '{}'", | |||
| userIdentity.getProviderLogin(), userIdentity.getEmail(), userEmail); | |||
| userIdentity.getProviderLogin(), externalEmail, dbEmail); | |||
| throw loginAlreadyUsedException(userIdentity, source); | |||
| } | |||
| } | |||
| @@ -278,7 +278,7 @@ public class UserRegistrarImpl implements UserRegistrar { | |||
| } | |||
| private static UserDto[] toArray(Optional<UserDto> userDto) { | |||
| return userDto.map(u -> new UserDto[] {u}).orElse(new UserDto[] {}); | |||
| return userDto.map(u -> new UserDto[]{u}).orElse(new UserDto[]{}); | |||
| } | |||
| private static AuthenticationException generateExistingEmailError(UserRegistration authenticatorParameters, String email) { | |||
+ 5
- 6
server/sonar-webserver-auth/src/test/java/org/sonar/server/authentication/UserRegistrarImplTest.java
View File
| @@ -447,7 +447,7 @@ public class UserRegistrarImplTest { | |||
| } | |||
| @Test | |||
| public void do_not_authenticate_and_update_existing_user_matching_external_login_if_email_is_missing() { | |||
| public void authenticate_and_update_existing_user_matching_external_login_if_email_is_missing() { | |||
| db.users().insertUser(u -> u | |||
| .setLogin("Old login") | |||
| .setName("Old name") | |||
| @@ -456,12 +456,11 @@ public class UserRegistrarImplTest { | |||
| .setExternalLogin(USER_IDENTITY.getProviderLogin()) | |||
| .setExternalIdentityProvider(IDENTITY_PROVIDER.getKey())); | |||
| assertThatThrownBy(() -> underTest.register(newUserRegistration())) | |||
| .isInstanceOf(AuthenticationException.class) | |||
| .hasMessage(String.format("Login '%s' is already used", USER_IDENTITY.getProviderLogin())); | |||
| underTest.register(newUserRegistration()); | |||
| assertThat(logTester.logs()).contains(String.format("User with login '%s' tried to login with email '%s' but we don't have a email on record", | |||
| USER_IDENTITY.getProviderLogin(), USER_IDENTITY.getEmail())); | |||
| Optional<UserDto> user = db.users().selectUserByLogin("Old login"); | |||
| assertThat(user).isPresent(); | |||
| assertThat(user.get().getEmail()).isEqualTo(USER_IDENTITY.getEmail()); | |||
| } | |||
| @Test | |||
Loading…