aboutsummaryrefslogtreecommitdiffstats
path: root/server
diff options
context:
space:
mode:
authorJulien Lancelot <julien.lancelot@sonarsource.com>2016-02-02 17:58:58 +0100
committerJulien Lancelot <julien.lancelot@sonarsource.com>2016-02-04 10:09:53 +0100
commitb5592ee7248065a5b0098a87dcc95375ccb8c76f (patch)
tree6e5969f4bac795de2a36ca1f555baccf19d371aa /server
parent64e4e6e7714870919f2f7eedb09c383120d1f599 (diff)
downloadsonarqube-b5592ee7248065a5b0098a87dcc95375ccb8c76f.tar.gz
sonarqube-b5592ee7248065a5b0098a87dcc95375ccb8c76f.zip
SONAR-6226 Remove password when updating user
Diffstat (limited to 'server')
-rw-r--r--server/sonar-server/src/main/java/org/sonar/server/authentication/UserIdentityAuthenticator.java3
-rw-r--r--server/sonar-server/src/main/java/org/sonar/server/user/UpdateUser.java11
-rw-r--r--server/sonar-server/src/main/java/org/sonar/server/user/UserUpdater.java13
-rw-r--r--server/sonar-server/src/test/java/org/sonar/server/authentication/UserIdentityAuthenticatorTest.java2
-rw-r--r--server/sonar-server/src/test/java/org/sonar/server/user/UserUpdaterTest.java15
5 files changed, 29 insertions, 15 deletions
diff --git a/server/sonar-server/src/main/java/org/sonar/server/authentication/UserIdentityAuthenticator.java b/server/sonar-server/src/main/java/org/sonar/server/authentication/UserIdentityAuthenticator.java
index a876b088ad3..9c3f11427e4 100644
--- a/server/sonar-server/src/main/java/org/sonar/server/authentication/UserIdentityAuthenticator.java
+++ b/server/sonar-server/src/main/java/org/sonar/server/authentication/UserIdentityAuthenticator.java
@@ -56,7 +56,8 @@ public class UserIdentityAuthenticator {
userUpdater.update(dbSession, UpdateUser.create(userDto.getLogin())
.setEmail(user.getEmail())
.setName(user.getName())
- .setExternalIdentity(new ExternalIdentity(provider.getKey(), user.getProviderLogin())));
+ .setExternalIdentity(new ExternalIdentity(provider.getKey(), user.getProviderLogin()))
+ .setPassword(null));
return userDto.getId();
}
diff --git a/server/sonar-server/src/main/java/org/sonar/server/user/UpdateUser.java b/server/sonar-server/src/main/java/org/sonar/server/user/UpdateUser.java
index d0c2e2c3841..d90137d60b1 100644
--- a/server/sonar-server/src/main/java/org/sonar/server/user/UpdateUser.java
+++ b/server/sonar-server/src/main/java/org/sonar/server/user/UpdateUser.java
@@ -97,17 +97,6 @@ public class UpdateUser {
}
@CheckForNull
- public String passwordConfirmation() {
- return passwordConfirmation;
- }
-
- public UpdateUser setPasswordConfirmation(@Nullable String passwordConfirmation) {
- this.passwordConfirmation = passwordConfirmation;
- passwordChanged = true;
- return this;
- }
-
- @CheckForNull
public ExternalIdentity externalIdentity() {
return externalIdentity;
}
diff --git a/server/sonar-server/src/main/java/org/sonar/server/user/UserUpdater.java b/server/sonar-server/src/main/java/org/sonar/server/user/UserUpdater.java
index ad432464253..320baa05c16 100644
--- a/server/sonar-server/src/main/java/org/sonar/server/user/UserUpdater.java
+++ b/server/sonar-server/src/main/java/org/sonar/server/user/UserUpdater.java
@@ -232,9 +232,14 @@ public class UserUpdater {
String password = updateUser.password();
if (updateUser.isPasswordChanged()) {
- checkPasswordChangeAllowed(updateUser.login(), messages);
validatePasswords(password, messages);
- setEncryptedPassWord(password, userDto);
+ checkPasswordChangeAllowed(updateUser.login(), messages);
+ if (Strings.isNullOrEmpty(password)) {
+ userDto.setSalt(null);
+ userDto.setCryptedPassword(null);
+ } else {
+ setEncryptedPassWord(password, userDto);
+ }
}
if (updateUser.isScmAccountsChanged()) {
@@ -304,7 +309,9 @@ public class UserUpdater {
}
private static void validatePasswords(@Nullable String password, List<Message> messages) {
- checkNotEmptyParam(password, PASSWORD_PARAM, messages);
+ if (password != null && password.length() == 0) {
+ messages.add(Message.of(Validation.CANT_BE_EMPTY_MESSAGE, PASSWORD_PARAM));
+ }
}
private void validateScmAccounts(DbSession dbSession, List<String> scmAccounts, @Nullable String login, @Nullable String email, @Nullable UserDto existingUser,
diff --git a/server/sonar-server/src/test/java/org/sonar/server/authentication/UserIdentityAuthenticatorTest.java b/server/sonar-server/src/test/java/org/sonar/server/authentication/UserIdentityAuthenticatorTest.java
index 7a826681dd7..6b32b960b16 100644
--- a/server/sonar-server/src/test/java/org/sonar/server/authentication/UserIdentityAuthenticatorTest.java
+++ b/server/sonar-server/src/test/java/org/sonar/server/authentication/UserIdentityAuthenticatorTest.java
@@ -109,6 +109,8 @@ public class UserIdentityAuthenticatorTest {
assertThat(updateUser.email()).isEqualTo("john@email.com");
assertThat(updateUser.externalIdentity().getProvider()).isEqualTo("github");
assertThat(updateUser.externalIdentity().getId()).isEqualTo("johndoo");
+ assertThat(updateUser.isPasswordChanged()).isTrue();
+ assertThat(updateUser.password()).isNull();
}
@Test
diff --git a/server/sonar-server/src/test/java/org/sonar/server/user/UserUpdaterTest.java b/server/sonar-server/src/test/java/org/sonar/server/user/UserUpdaterTest.java
index d5c915a48c5..585a72e5a27 100644
--- a/server/sonar-server/src/test/java/org/sonar/server/user/UserUpdaterTest.java
+++ b/server/sonar-server/src/test/java/org/sonar/server/user/UserUpdaterTest.java
@@ -804,6 +804,21 @@ public class UserUpdaterTest {
}
@Test
+ public void update_password_with_null_value() {
+ db.prepareDbUnit(getClass(), "update_user.xml");
+ createDefaultGroup();
+
+ userUpdater.update(UpdateUser.create(DEFAULT_LOGIN)
+ .setPassword(null));
+ session.commit();
+ session.clearCache();
+
+ UserDto dto = userDao.selectByLogin(session, DEFAULT_LOGIN);
+ assertThat(dto.getSalt()).isNull();
+ assertThat(dto.getCryptedPassword()).isNull();
+ }
+
+ @Test
public void fail_to_update_password_when_external_auth_is_used() {
db.prepareDbUnit(getClass(), "update_user.xml");
createDefaultGroup();