From e4ac848ceba57c3b48f2a5081b60be346c846fc6 Mon Sep 17 00:00:00 2001
From: Piotr Gawron <piotr.gawron@uni.lu>
Date: Mon, 22 Jul 2019 19:44:13 +0200
Subject: [PATCH] make sure tha we cannot persist user without password in the
 database

---
 .../java/lcsb/mapviewer/model/user/User.java  | 26 +++++++++----------
 ....0.0.20190722__password_cannot_be_null.sql |  2 ++
 .../persist/dao/user/UserDaoTest.java         | 14 ++++++++++
 3 files changed, 29 insertions(+), 13 deletions(-)
 create mode 100644 persist/src/main/resources/db/migration/14.0.0~alpha.0/V14.0.0.20190722__password_cannot_be_null.sql

diff --git a/model/src/main/java/lcsb/mapviewer/model/user/User.java b/model/src/main/java/lcsb/mapviewer/model/user/User.java
index b685515b9d..5d2de09136 100644
--- a/model/src/main/java/lcsb/mapviewer/model/user/User.java
+++ b/model/src/main/java/lcsb/mapviewer/model/user/User.java
@@ -2,15 +2,14 @@ package lcsb.mapviewer.model.user;
 
 import java.awt.Color;
 import java.io.Serializable;
-import java.util.Calendar;
-import java.util.HashSet;
-import java.util.Set;
+import java.util.*;
 
 import javax.persistence.*;
 
-import lcsb.mapviewer.model.security.Privilege;
 import org.hibernate.annotations.Cascade;
 
+import lcsb.mapviewer.model.security.Privilege;
+
 @Entity
 public class User implements Serializable {
 
@@ -22,6 +21,7 @@ public class User implements Serializable {
 
   private String login;
 
+  @Column(nullable = false)
   private String cryptedPassword;
 
   private String name;
@@ -32,25 +32,29 @@ public class User implements Serializable {
 
   /**
    * User defined color overriding system
-   * {@link ConfigurationElementType#MIN_COLOR_VAL}. Used for coloring minimum values in overlays.
+   * {@link ConfigurationElementType#MIN_COLOR_VAL}. Used for coloring minimum
+   * values in overlays.
    */
   private Color minColor;
 
   /**
    * User defined color overriding system
-   * {@link ConfigurationElementType#MAX_COLOR_VAL}. Used for coloring maximum values in overlays.
+   * {@link ConfigurationElementType#MAX_COLOR_VAL}. Used for coloring maximum
+   * values in overlays.
    */
   private Color maxColor;
 
   /**
    * User defined color overriding system
-   * {@link ConfigurationElementType#NEUTRAL_COLOR_VAL}. Used for coloring neutral values (0) in overlays.
+   * {@link ConfigurationElementType#NEUTRAL_COLOR_VAL}. Used for coloring neutral
+   * values (0) in overlays.
    */
   private Color neutralColor;
 
   /**
    * User defined color overriding system
-   * {@link ConfigurationElementType#SIMPLE_COLOR_VAL}. Used for coloring overlays without values and colors.
+   * {@link ConfigurationElementType#SIMPLE_COLOR_VAL}. Used for coloring overlays
+   * without values and colors.
    */
   private Color simpleColor;
 
@@ -67,11 +71,7 @@ public class User implements Serializable {
   private Set<Calendar> termsOfUseConsentDates = new HashSet<>();
 
   @ManyToMany(cascade = CascadeType.ALL)
-  @JoinTable(
-      name = "user_privilege_map_table",
-      joinColumns = @JoinColumn(name = "user_id"),
-      inverseJoinColumns = @JoinColumn(name = "privilege_id")
-  )
+  @JoinTable(name = "user_privilege_map_table", joinColumns = @JoinColumn(name = "user_id"), inverseJoinColumns = @JoinColumn(name = "privilege_id"))
   private Set<Privilege> privileges = new HashSet<>();
 
   @OneToOne(cascade = CascadeType.ALL)
diff --git a/persist/src/main/resources/db/migration/14.0.0~alpha.0/V14.0.0.20190722__password_cannot_be_null.sql b/persist/src/main/resources/db/migration/14.0.0~alpha.0/V14.0.0.20190722__password_cannot_be_null.sql
new file mode 100644
index 0000000000..4269d38f2c
--- /dev/null
+++ b/persist/src/main/resources/db/migration/14.0.0~alpha.0/V14.0.0.20190722__password_cannot_be_null.sql
@@ -0,0 +1,2 @@
+update user_table set crypted_password = '' where crypted_password is null;
+ALTER TABLE user_table ALTER COLUMN crypted_password SET NOT NULL;
diff --git a/persist/src/test/java/lcsb/mapviewer/persist/dao/user/UserDaoTest.java b/persist/src/test/java/lcsb/mapviewer/persist/dao/user/UserDaoTest.java
index 550de175b5..19d7a98048 100644
--- a/persist/src/test/java/lcsb/mapviewer/persist/dao/user/UserDaoTest.java
+++ b/persist/src/test/java/lcsb/mapviewer/persist/dao/user/UserDaoTest.java
@@ -9,6 +9,7 @@ import java.util.ArrayList;
 
 import org.apache.logging.log4j.LogManager;
 import org.apache.logging.log4j.Logger;
+import org.hibernate.PropertyValueException;
 import org.junit.After;
 import org.junit.Before;
 import org.junit.Test;
@@ -80,6 +81,19 @@ public class UserDaoTest extends PersistTestFunctions {
     }
   }
 
+  @Test(expected = PropertyValueException.class)
+  public void testTryUserWithNullPassword() {
+    try {
+      User user = new User();
+      user.setLogin(testLogin);
+      userDao.add(user);
+
+    } catch (Exception e) {
+      e.printStackTrace();
+      throw e;
+    }
+  }
+
   @Test
   public void testAddDeleteAdd() {
     try {
-- 
GitLab