From 747fd616361c63acd433c83cccc61fc2e039642f Mon Sep 17 00:00:00 2001
From: Piotr Gawron <piotr.gawron@uni.lu>
Date: Thu, 13 Dec 2018 15:57:10 +0100
Subject: [PATCH] hashed passwords are not stored in local db when creating
 user from LDAP connection

---
 .../main/java/lcsb/mapviewer/services/impl/UserService.java  | 4 +++-
 .../java/lcsb/mapviewer/services/impl/UserServiceTest.java   | 5 +++++
 2 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/service/src/main/java/lcsb/mapviewer/services/impl/UserService.java b/service/src/main/java/lcsb/mapviewer/services/impl/UserService.java
index 3e45c9a29..4c24d86ae 100644
--- a/service/src/main/java/lcsb/mapviewer/services/impl/UserService.java
+++ b/service/src/main/java/lcsb/mapviewer/services/impl/UserService.java
@@ -537,7 +537,9 @@ public class UserService implements IUserService {
         if (user == null) {
           user = new User();
           user.setLogin(login);
-          user.setCryptedPassword(passwordEncoder.encode(password));
+          // this password will disable local logins (it should be a hash for valid
+          // logins)
+          user.setCryptedPassword("");
           user.setName(ldapUserData.getFirstName());
           user.setSurname(ldapUserData.getLastName());
           user.setEmail(ldapUserData.getEmail());
diff --git a/service/src/test/java/lcsb/mapviewer/services/impl/UserServiceTest.java b/service/src/test/java/lcsb/mapviewer/services/impl/UserServiceTest.java
index 73c5cb484..da5dbb46a 100644
--- a/service/src/test/java/lcsb/mapviewer/services/impl/UserServiceTest.java
+++ b/service/src/test/java/lcsb/mapviewer/services/impl/UserServiceTest.java
@@ -72,8 +72,13 @@ public class UserServiceTest extends ServiceTestFunctions {
       assertNotNull("User from LDAP wasn't authenticated", userService.login(login, passwd));
 
       User user = userService.getUserByLogin(login);
+      assertTrue("LDAP user password should be empty",
+          user.getCryptedPassword() == null || user.getCryptedPassword().isEmpty());
       assertNotNull("After authentication from LDAP user is not present in the system", user);
       assertTrue(user.isConnectedToLdap());
+
+      assertNotNull("User from LDAP couldn't be authenticate for the second time", userService.login(login, passwd));
+
     } catch (Exception e) {
       e.printStackTrace();
       throw e;
-- 
GitLab