Skip to content

Commit

Permalink
Fix client secret policy and password policy to have their own expire…
Browse files Browse the repository at this point in the history 
…InMonths field. Fixes retrieve all identity providers issue.

Signed-off-by: Henry <henry.zhao1@ge.com>
  • Loading branch information
@Bitty9 @6palace
Bitty9 authored and 6palace committed Apr 18, 2017
1 parent 77fbb69 commit d19d5e7
Show file tree
Hide file tree
Showing 11 changed files with 91 additions and 32 deletions.
21 changes: 4 additions & 17 deletions model/src/main/java/org/cloudfoundry/identity/uaa/authentication/GenericPasswordPolicy.java
View file
Expand Up @@ -24,26 +24,23 @@ public abstract class GenericPasswordPolicy <T extends GenericPasswordPolicy<T>>
private int requireLowerCaseCharacter;
private int requireDigit;
private int requireSpecialCharacter;
private int expireInMonths;

public GenericPasswordPolicy() {
minLength = maxLength = requireUpperCaseCharacter = requireLowerCaseCharacter = requireDigit = requireSpecialCharacter = expireInMonths = -1;
minLength = maxLength = requireUpperCaseCharacter = requireLowerCaseCharacter = requireDigit = requireSpecialCharacter = -1;
}

public GenericPasswordPolicy(int minLength,
int maxLength,
int requireUpperCaseCharacter,
int requireLowerCaseCharacter,
int requireDigit,
int requireSpecialCharacter,
int expireInMonths) {
int requireSpecialCharacter) {
this.minLength = minLength;
this.maxLength = maxLength;
this.requireUpperCaseCharacter = requireUpperCaseCharacter;
this.requireLowerCaseCharacter = requireLowerCaseCharacter;
this.requireDigit = requireDigit;
this.requireSpecialCharacter = requireSpecialCharacter;
this.expireInMonths = expireInMonths;

}

Expand Down Expand Up @@ -101,17 +98,8 @@ public T setRequireSpecialCharacter(int requireSpecialCharacter) {
return (T)this;
}

public int getExpireInMonths() {
return expireInMonths;
}

public T setExpireInMonths(int expireInMonths) {
this.expireInMonths = expireInMonths;
return (T)this;
}

public boolean allPresentAndPositive() {
return minLength >= 0 && maxLength >= 0 && requireUpperCaseCharacter >= 0 && requireLowerCaseCharacter >= 0 && requireDigit >= 0 && requireSpecialCharacter >= 0 && expireInMonths >= 0;
return minLength >= 0 && maxLength >= 0 && requireUpperCaseCharacter >= 0 && requireLowerCaseCharacter >= 0 && requireDigit >= 0 && requireSpecialCharacter >= 0;
}

@Override
Expand All @@ -127,7 +115,7 @@ public boolean equals(Object o) {
if (requireLowerCaseCharacter != that.requireLowerCaseCharacter) return false;
if (requireDigit != that.requireDigit) return false;
if (requireSpecialCharacter != that.requireSpecialCharacter) return false;
return expireInMonths == that.expireInMonths;
return true;

}

Expand All @@ -139,7 +127,6 @@ public int hashCode() {
result = 31 * result + requireLowerCaseCharacter;
result = 31 * result + requireDigit;
result = 31 * result + requireSpecialCharacter;
result = 31 * result + expireInMonths;
return result;
}
}
42 changes: 40 additions & 2 deletions model/src/main/java/org/cloudfoundry/identity/uaa/provider/PasswordPolicy.java
View file
Expand Up @@ -20,12 +20,36 @@

public class PasswordPolicy extends GenericPasswordPolicy<PasswordPolicy> {

@Override
public int hashCode() {
final int prime = 31;
int result = super.hashCode();
result = prime * result + expirePasswordInMonths;
result = prime * result + ((passwordNewerThan == null)
? 0
: passwordNewerThan.hashCode());
return result;
}

@Override
public boolean equals(Object obj) {
if (this == obj) return true;
if (obj == null || getClass() != obj.getClass()) return false;

PasswordPolicy that = (PasswordPolicy) obj;
return super.equals(obj) && this.expirePasswordInMonths == that.expirePasswordInMonths;
}

public static final String PASSWORD_POLICY_FIELD = "passwordPolicy";

private Date passwordNewerThan;
private int expirePasswordInMonths;



public PasswordPolicy() {
super();
this.expirePasswordInMonths = -1;
}

public PasswordPolicy(int minLength,
Expand All @@ -41,8 +65,8 @@ public PasswordPolicy(int minLength,
requireUpperCaseCharacter,
requireLowerCaseCharacter,
requireDigit,
requireSpecialCharacter,
expirePasswordInMonths);
requireSpecialCharacter);
this.setExpirePasswordInMonths(expirePasswordInMonths);
}

public Date getPasswordNewerThan() {
Expand All @@ -52,4 +76,18 @@ public Date getPasswordNewerThan() {
public void setPasswordNewerThan(Date passwordNewerThan) {
this.passwordNewerThan = passwordNewerThan;
}

public int getExpirePasswordInMonths() {
return expirePasswordInMonths;
}

public PasswordPolicy setExpirePasswordInMonths(int expirePasswordInMonths) {
this.expirePasswordInMonths = expirePasswordInMonths;
return this;
}

@Override
public boolean allPresentAndPositive() {
return super.allPresentAndPositive() && expirePasswordInMonths >= 0;
}
}
38 changes: 36 additions & 2 deletions model/src/main/java/org/cloudfoundry/identity/uaa/zone/ClientSecretPolicy.java
View file
@@ -1,6 +1,7 @@
package org.cloudfoundry.identity.uaa.zone;

import org.cloudfoundry.identity.uaa.authentication.GenericPasswordPolicy;
import org.cloudfoundry.identity.uaa.provider.PasswordPolicy;

/**
* ****************************************************************************
Expand All @@ -17,12 +18,31 @@
* *****************************************************************************
*/
public class ClientSecretPolicy extends GenericPasswordPolicy<ClientSecretPolicy> {

@Override
public int hashCode() {
final int prime = 31;
int result = super.hashCode();
result = prime * result + expireSecretInMonths;
return result;
}

@Override
public boolean equals(Object obj) {
if (this == obj) return true;
if (obj == null || getClass() != obj.getClass()) return false;

ClientSecretPolicy that = (ClientSecretPolicy) obj;
return super.equals(obj) && this.expireSecretInMonths == that.expireSecretInMonths;
}

public static final String CLIENT_SECRET_POLICY_FIELD = "clientSecretPolicy";

private int expireSecretInMonths;

public ClientSecretPolicy() {
super();
this.expireSecretInMonths = -1;
}

public ClientSecretPolicy(int minLength,
Expand All @@ -37,7 +57,21 @@ public ClientSecretPolicy(int minLength,
requireUpperCaseCharacter,
requireLowerCaseCharacter,
requireDigit,
requireSpecialCharacter,
expireSecretInMonths);
requireSpecialCharacter);
this.setExpireSecretInMonths(expireSecretInMonths);
}

public int getExpireSecretInMonths() {
return expireSecretInMonths;
}

public ClientSecretPolicy setExpireSecretInMonths(int expireSecretInMonths) {
this.expireSecretInMonths = expireSecretInMonths;
return this;
}

@Override
public boolean allPresentAndPositive() {
return super.allPresentAndPositive() && expireSecretInMonths >= 0;
}
}
2 changes: 1 addition & 1 deletion ...in/java/org/cloudfoundry/identity/uaa/authentication/ClientBasicAuthenticationFilter.java
View file
Expand Up @@ -66,7 +66,7 @@ protected void doFilterInternal(HttpServletRequest request,
Timestamp lastModified = (Timestamp) clientDetailsService.loadClientByClientId(clientId).getAdditionalInformation().get(ClientConstants.LAST_MODIFIED);

int expiringPassword = IdentityZoneHolder.get().getConfig().
getClientSecretPolicy().getExpireInMonths();
getClientSecretPolicy().getExpireSecretInMonths();
if (expiringPassword>0) {
Calendar cal = Calendar.getInstance();
cal.setTimeInMillis(lastModified.getTime());
Expand Down
2 changes: 1 addition & 1 deletion ...java/org/cloudfoundry/identity/uaa/authentication/manager/AuthzAuthenticationManager.java
View file
Expand Up @@ -155,7 +155,7 @@ protected int getPasswordExpiresInMonths() {
UaaIdentityProviderDefinition idpDefinition = ObjectUtils.castInstance(provider.getConfig(),UaaIdentityProviderDefinition.class);
if (idpDefinition!=null) {
if (null!=idpDefinition.getPasswordPolicy()) {
return idpDefinition.getPasswordPolicy().getExpireInMonths();
return idpDefinition.getPasswordPolicy().getExpirePasswordInMonths();
}
}
}
Expand Down
2 changes: 1 addition & 1 deletion server/src/test/java/org/cloudfoundry/identity/uaa/config/IdentityProviderBootstrapTest.java
View file
Expand Up @@ -533,7 +533,7 @@ public void setPasswordPolicyToInternalIDP() throws Exception {
assertEquals(0, passwordPolicy.getRequireLowerCaseCharacter());
assertEquals(1, passwordPolicy.getRequireDigit());
assertEquals(0, passwordPolicy.getRequireSpecialCharacter());
assertEquals(6, passwordPolicy.getExpireInMonths());
assertEquals(6, passwordPolicy.getExpirePasswordInMonths());
}

@Test
Expand Down
2 changes: 1 addition & 1 deletion ...st/java/org/cloudfoundry/identity/uaa/config/IdentityZoneConfigurationBootstrapTests.java
View file
Expand Up @@ -73,7 +73,7 @@ public void testClientSecretPolicy() throws Exception {
assertEquals(1, uaa.getConfig().getClientSecretPolicy().getRequireLowerCaseCharacter());
assertEquals(1, uaa.getConfig().getClientSecretPolicy().getRequireDigit());
assertEquals(1, uaa.getConfig().getClientSecretPolicy().getRequireSpecialCharacter());
assertEquals(6, uaa.getConfig().getClientSecretPolicy().getExpireInMonths());
assertEquals(6, uaa.getConfig().getClientSecretPolicy().getExpireSecretInMonths());
}

@Test
Expand Down
2 changes: 1 addition & 1 deletion server/src/test/java/org/cloudfoundry/identity/uaa/config/PasswordPolicyTest.java
View file
Expand Up @@ -28,6 +28,6 @@ public void allPresentAndPositive_makesSureNothingUnset() {
assertFalse(passwordPolicy.setRequireLowerCaseCharacter(1).allPresentAndPositive());
assertFalse(passwordPolicy.setRequireDigit(0).allPresentAndPositive());
assertFalse(passwordPolicy.setRequireSpecialCharacter(2).allPresentAndPositive());
assertTrue(passwordPolicy.setExpireInMonths(23).allPresentAndPositive());
assertTrue(passwordPolicy.setExpirePasswordInMonths(23).allPresentAndPositive());
}
}
2 changes: 1 addition & 1 deletion uaa/src/main/webapp/WEB-INF/spring-servlet.xml
View file
Expand Up @@ -308,7 +308,7 @@
<constructor-arg name="requireLowerCaseCharacter" value="${client.secret.policy.requireLowerCaseCharacter:#{globalClientSecretPolicy.getRequireLowerCaseCharacter()}}"/>
<constructor-arg name="requireDigit" value="${client.secret.policy.requireDigit:#{globalClientSecretPolicy.getRequireDigit()}}"/>
<constructor-arg name="requireSpecialCharacter" value="${client.secret.policy.requireSpecialCharacter:#{globalClientSecretPolicy.getRequireSpecialCharacter()}}"/>
<constructor-arg name="expireSecretInMonths" value="${client.secret.policy.expireSecretInMonths:#{globalClientSecretPolicy.getExpireInMonths()}}"/>
<constructor-arg name="expireSecretInMonths" value="${client.secret.policy.expireSecretInMonths:#{globalClientSecretPolicy.getExpireSecretInMonths()}}"/>
</bean>


Expand Down
2 changes: 1 addition & 1 deletion uaa/src/main/webapp/WEB-INF/spring/scim-endpoints.xml
View file
Expand Up @@ -47,7 +47,7 @@
<constructor-arg name="requireLowerCaseCharacter" value="${password.policy.requireLowerCaseCharacter:#{globalPasswordPolicy.getRequireLowerCaseCharacter()}}"/>
<constructor-arg name="requireDigit" value="${password.policy.requireDigit:#{globalPasswordPolicy.getRequireDigit()}}"/>
<constructor-arg name="requireSpecialCharacter" value="${password.policy.requireSpecialCharacter:#{globalPasswordPolicy.getRequireSpecialCharacter()}}"/>
<constructor-arg name="expirePasswordInMonths" value="${password.policy.expirePasswordInMonths:#{globalPasswordPolicy.getExpireInMonths()}}"/>
<constructor-arg name="expirePasswordInMonths" value="${password.policy.expirePasswordInMonths:#{globalPasswordPolicy.getExpirePasswordInMonths()}}"/>
</bean>

<bean id="scimEventPublisher" class="org.cloudfoundry.identity.uaa.scim.event.ScimEventPublisher"/>
Expand Down
8 changes: 4 additions & 4 deletions uaa/src/test/java/org/cloudfoundry/identity/uaa/login/BootstrapTests.java
View file
Expand Up @@ -282,7 +282,7 @@ public void defaults_and_required_properties() throws Exception {
assertEquals(0,passwordPolicy.getRequireLowerCaseCharacter());
assertEquals(0,passwordPolicy.getRequireDigit());
assertEquals(0,passwordPolicy.getRequireSpecialCharacter());
assertEquals(0, passwordPolicy.getExpireInMonths());
assertEquals(0, passwordPolicy.getExpirePasswordInMonths());

passwordPolicy = context.getBean("globalPasswordPolicy",PasswordPolicy.class);
assertEquals(0, passwordPolicy.getMinLength());
Expand All @@ -291,7 +291,7 @@ public void defaults_and_required_properties() throws Exception {
assertEquals(0,passwordPolicy.getRequireLowerCaseCharacter());
assertEquals(0,passwordPolicy.getRequireDigit());
assertEquals(0,passwordPolicy.getRequireSpecialCharacter());
assertEquals(0, passwordPolicy.getExpireInMonths());
assertEquals(0, passwordPolicy.getExpirePasswordInMonths());

PeriodLockoutPolicy globalPeriodLockoutPolicy = context.getBean("globalPeriodLockoutPolicy", PeriodLockoutPolicy.class);
LockoutPolicy globalLockoutPolicy = globalPeriodLockoutPolicy.getDefaultLockoutPolicy();
Expand Down Expand Up @@ -521,7 +521,7 @@ public void all_properties_set() throws Exception {
assertEquals(0,passwordPolicy.getRequireLowerCaseCharacter());
assertEquals(0,passwordPolicy.getRequireDigit());
assertEquals(1,passwordPolicy.getRequireSpecialCharacter());
assertEquals(6, passwordPolicy.getExpireInMonths());
assertEquals(6, passwordPolicy.getExpirePasswordInMonths());

context.getBean("globalPasswordPolicy", PasswordPolicy.class);
assertEquals(8, passwordPolicy.getMinLength());
Expand All @@ -530,7 +530,7 @@ public void all_properties_set() throws Exception {
assertEquals(0,passwordPolicy.getRequireLowerCaseCharacter());
assertEquals(0,passwordPolicy.getRequireDigit());
assertEquals(1,passwordPolicy.getRequireSpecialCharacter());
assertEquals(6, passwordPolicy.getExpireInMonths());
assertEquals(6, passwordPolicy.getExpirePasswordInMonths());

PeriodLockoutPolicy globalPeriodLockoutPolicy = context.getBean("globalPeriodLockoutPolicy", PeriodLockoutPolicy.class);
LockoutPolicy globalLockoutPolicy = globalPeriodLockoutPolicy.getDefaultLockoutPolicy();
Expand Down

0 comments on commit d19d5e7

Please sign in to comment.