diff options
author | Julien Lancelot <julien.lancelot@sonarsource.com> | 2016-02-02 17:58:58 +0100 |
---|---|---|
committer | Julien Lancelot <julien.lancelot@sonarsource.com> | 2016-02-04 10:09:53 +0100 |
commit | b5592ee7248065a5b0098a87dcc95375ccb8c76f (patch) | |
tree | 6e5969f4bac795de2a36ca1f555baccf19d371aa /server | |
parent | 64e4e6e7714870919f2f7eedb09c383120d1f599 (diff) | |
download | sonarqube-b5592ee7248065a5b0098a87dcc95375ccb8c76f.tar.gz sonarqube-b5592ee7248065a5b0098a87dcc95375ccb8c76f.zip |
SONAR-6226 Remove password when updating user
Diffstat (limited to 'server')
5 files changed, 29 insertions, 15 deletions
diff --git a/server/sonar-server/src/main/java/org/sonar/server/authentication/UserIdentityAuthenticator.java b/server/sonar-server/src/main/java/org/sonar/server/authentication/UserIdentityAuthenticator.java index a876b088ad3..9c3f11427e4 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/authentication/UserIdentityAuthenticator.java +++ b/server/sonar-server/src/main/java/org/sonar/server/authentication/UserIdentityAuthenticator.java @@ -56,7 +56,8 @@ public class UserIdentityAuthenticator { userUpdater.update(dbSession, UpdateUser.create(userDto.getLogin()) .setEmail(user.getEmail()) .setName(user.getName()) - .setExternalIdentity(new ExternalIdentity(provider.getKey(), user.getProviderLogin()))); + .setExternalIdentity(new ExternalIdentity(provider.getKey(), user.getProviderLogin())) + .setPassword(null)); return userDto.getId(); } diff --git a/server/sonar-server/src/main/java/org/sonar/server/user/UpdateUser.java b/server/sonar-server/src/main/java/org/sonar/server/user/UpdateUser.java index d0c2e2c3841..d90137d60b1 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/user/UpdateUser.java +++ b/server/sonar-server/src/main/java/org/sonar/server/user/UpdateUser.java @@ -97,17 +97,6 @@ public class UpdateUser { } @CheckForNull - public String passwordConfirmation() { - return passwordConfirmation; - } - - public UpdateUser setPasswordConfirmation(@Nullable String passwordConfirmation) { - this.passwordConfirmation = passwordConfirmation; - passwordChanged = true; - return this; - } - - @CheckForNull public ExternalIdentity externalIdentity() { return externalIdentity; } diff --git a/server/sonar-server/src/main/java/org/sonar/server/user/UserUpdater.java b/server/sonar-server/src/main/java/org/sonar/server/user/UserUpdater.java index ad432464253..320baa05c16 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/user/UserUpdater.java +++ b/server/sonar-server/src/main/java/org/sonar/server/user/UserUpdater.java @@ -232,9 +232,14 @@ public class UserUpdater { String password = updateUser.password(); if (updateUser.isPasswordChanged()) { - checkPasswordChangeAllowed(updateUser.login(), messages); validatePasswords(password, messages); - setEncryptedPassWord(password, userDto); + checkPasswordChangeAllowed(updateUser.login(), messages); + if (Strings.isNullOrEmpty(password)) { + userDto.setSalt(null); + userDto.setCryptedPassword(null); + } else { + setEncryptedPassWord(password, userDto); + } } if (updateUser.isScmAccountsChanged()) { @@ -304,7 +309,9 @@ public class UserUpdater { } private static void validatePasswords(@Nullable String password, List<Message> messages) { - checkNotEmptyParam(password, PASSWORD_PARAM, messages); + if (password != null && password.length() == 0) { + messages.add(Message.of(Validation.CANT_BE_EMPTY_MESSAGE, PASSWORD_PARAM)); + } } private void validateScmAccounts(DbSession dbSession, List<String> scmAccounts, @Nullable String login, @Nullable String email, @Nullable UserDto existingUser, diff --git a/server/sonar-server/src/test/java/org/sonar/server/authentication/UserIdentityAuthenticatorTest.java b/server/sonar-server/src/test/java/org/sonar/server/authentication/UserIdentityAuthenticatorTest.java index 7a826681dd7..6b32b960b16 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/authentication/UserIdentityAuthenticatorTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/authentication/UserIdentityAuthenticatorTest.java @@ -109,6 +109,8 @@ public class UserIdentityAuthenticatorTest { assertThat(updateUser.email()).isEqualTo("john@email.com"); assertThat(updateUser.externalIdentity().getProvider()).isEqualTo("github"); assertThat(updateUser.externalIdentity().getId()).isEqualTo("johndoo"); + assertThat(updateUser.isPasswordChanged()).isTrue(); + assertThat(updateUser.password()).isNull(); } @Test diff --git a/server/sonar-server/src/test/java/org/sonar/server/user/UserUpdaterTest.java b/server/sonar-server/src/test/java/org/sonar/server/user/UserUpdaterTest.java index d5c915a48c5..585a72e5a27 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/user/UserUpdaterTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/user/UserUpdaterTest.java @@ -804,6 +804,21 @@ public class UserUpdaterTest { } @Test + public void update_password_with_null_value() { + db.prepareDbUnit(getClass(), "update_user.xml"); + createDefaultGroup(); + + userUpdater.update(UpdateUser.create(DEFAULT_LOGIN) + .setPassword(null)); + session.commit(); + session.clearCache(); + + UserDto dto = userDao.selectByLogin(session, DEFAULT_LOGIN); + assertThat(dto.getSalt()).isNull(); + assertThat(dto.getCryptedPassword()).isNull(); + } + + @Test public void fail_to_update_password_when_external_auth_is_used() { db.prepareDbUnit(getClass(), "update_user.xml"); createDefaultGroup(); |