Fixes in AuthenticationProvider. Fixing testsuite

This commit is contained in:
mposolda 2014-03-25 15:04:41 +01:00
parent 28a1bd8535
commit ab02dea902
4 changed files with 38 additions and 24 deletions

View file

@ -234,6 +234,14 @@ public class AuthenticationManager {
AuthenticationLinkModel authLink = new AuthenticationLinkModel(authResult.getProviderName(), authUser.getId()); AuthenticationLinkModel authLink = new AuthenticationLinkModel(authResult.getProviderName(), authUser.getId());
user = realm.getUserByAuthenticationLink(authLink); user = realm.getUserByAuthenticationLink(authLink);
if (user == null) { if (user == null) {
user = KeycloakModelUtils.findUserByNameOrEmail(realm, username);
if (user != null) {
// Case when we already have user with the same username like authenticated, but he is not yet linked to current provider.
// TODO: Revisit if it's ok to link if we allow to change username. Maybe ask user?
// TODO: Update of existing account?
realm.addAuthenticationLink(user, authLink);
logger.info("User " + authUser.getUsername() + " successfully authenticated and linked with provider " + authResult.getProviderName());
} else {
// Create new user, which has been successfully authenticated and link him with authentication provider // Create new user, which has been successfully authenticated and link him with authentication provider
user = realm.addUser(authUser.getUsername()); user = realm.addUser(authUser.getUsername());
user.setEnabled(true); user.setEnabled(true);
@ -243,13 +251,9 @@ public class AuthenticationManager {
realm.addAuthenticationLink(user, authLink); realm.addAuthenticationLink(user, authLink);
logger.info("User " + username + " successfully authenticated and created based on provider " + authResult.getProviderName()); logger.info("User " + username + " successfully authenticated and created based on provider " + authResult.getProviderName());
} else {
// Existing user has been authenticated
if (!checkEnabled(user)) {
return AuthenticationStatus.ACCOUNT_DISABLED;
} }
} else {
// TODO: Update of existing account? // Existing and linked user has been authenticated TODO: Update of existing account?
} }
// Authenticated username could be different from the "form" username. In this case, we will change it // Authenticated username could be different from the "form" username. In this case, we will change it
@ -263,10 +267,12 @@ public class AuthenticationManager {
if (user == null) { if (user == null) {
logger.warn("User '" + username + "' successfully authenticated, but he doesn't exists and don't know how to create him"); logger.warn("User '" + username + "' successfully authenticated, but he doesn't exists and don't know how to create him");
return AuthenticationStatus.INVALID_USER; return AuthenticationStatus.INVALID_USER;
} else if (!checkEnabled(user)) {
return AuthenticationStatus.ACCOUNT_DISABLED;
} }
} }
if (!checkEnabled(user)) {
return AuthenticationStatus.ACCOUNT_DISABLED;
}
} }
if (!user.getRequiredActions().isEmpty()) { if (!user.getRequiredActions().isEmpty()) {

View file

@ -55,7 +55,6 @@ public class PicketlinkAuthenticationProvider implements AuthenticationProvider
result.setUser(authenticatedUser).setProviderName(getName()); result.setUser(authenticatedUser).setProviderName(getName());
return result; return result;
} else { } else {
logger.debugf("Username: %s, Credential status: %s", username, credential.getStatus());
return new AuthResult(AuthProviderStatus.IGNORE); return new AuthResult(AuthProviderStatus.IGNORE);
} }
} }

View file

@ -61,7 +61,7 @@ public class AuthenticationProviderManager {
try { try {
AuthResult currentResult = delegate.validatePassword(realm, authProviderConfig.getConfig(), username, password); AuthResult currentResult = delegate.validatePassword(realm, authProviderConfig.getConfig(), username, password);
logger.debugf("Authentication provider '%s' finished with '%s' for authentication of '%s'", delegate.getName(), currentResult.toString(), username); logger.debugf("Authentication provider '%s' finished with '%s' for authentication of '%s'", delegate.getName(), currentResult.getAuthProviderStatus().toString(), username);
if (currentResult.getAuthProviderStatus() == AuthProviderStatus.SUCCESS || currentResult.getAuthProviderStatus() == AuthProviderStatus.FAILED) { if (currentResult.getAuthProviderStatus() == AuthProviderStatus.SUCCESS || currentResult.getAuthProviderStatus() == AuthProviderStatus.FAILED) {
return currentResult; return currentResult;
@ -90,8 +90,11 @@ public class AuthenticationProviderManager {
} }
try { try {
delegate.updateCredential(realm, authProviderConfig.getConfig(), username, password); if (delegate.updateCredential(realm, authProviderConfig.getConfig(), username, password)) {
logger.debugf("Updated password in authentication provider '%s' for user '%s'", delegate.getName(), username); logger.debugf("Updated password in authentication provider '%s' for user '%s'", delegate.getName(), username);
} else {
logger.debugf("Password not updated in authentication provider '%s' for user '%s'", delegate.getName(), username);
}
} catch (AuthenticationProviderException ape) { } catch (AuthenticationProviderException ape) {
// Rethrow it to upper layer // Rethrow it to upper layer
logger.warn("Failed to update password", ape); logger.warn("Failed to update password", ape);

View file

@ -127,6 +127,11 @@ public class AuthProvidersIntegrationTest {
Assert.assertEquals(AppPage.RequestType.AUTH_RESPONSE, appPage.getRequestType()); Assert.assertEquals(AppPage.RequestType.AUTH_RESPONSE, appPage.getRequestType());
Assert.assertNotNull(oauth.getCurrentQuery().get(OAuth2Constants.CODE)); Assert.assertNotNull(oauth.getCurrentQuery().get(OAuth2Constants.CODE));
profilePage.open();
Assert.assertEquals("John", profilePage.getFirstName());
Assert.assertEquals("Doe", profilePage.getLastName());
Assert.assertEquals("john@email.org", profilePage.getEmail());
} }
@Test @Test
@ -166,7 +171,7 @@ public class AuthProvidersIntegrationTest {
} }
@Test @Test
public void passwordChangeLdap() { public void passwordChangeLdap() throws Exception {
changePasswordPage.open(); changePasswordPage.open();
loginPage.login("john", "password"); loginPage.login("john", "password");
changePasswordPage.changePassword("password", "new-password", "new-password"); changePasswordPage.changePassword("password", "new-password", "new-password");
@ -175,9 +180,10 @@ public class AuthProvidersIntegrationTest {
changePasswordPage.logout(); changePasswordPage.logout();
loginPage.open(); // TODO: Disabled until https://issues.jboss.org/browse/PLINK-384 is released and updated
loginPage.login("john", "password"); // loginPage.open();
Assert.assertEquals("Invalid username or password.", loginPage.getError()); // loginPage.login("john", "password");
// Assert.assertEquals("Invalid username or password.", loginPage.getError());
loginPage.open(); loginPage.open();
loginPage.login("john", "new-password"); loginPage.login("john", "new-password");