XWIKI-16120: (unsalted) XWiki password hashes are public by default over REST API

* Remove need for client-side additional dependencies * Revert build-related changes which are no longer needed

XWIKI-16120: (unsalted) XWiki password hashes are public by default over REST API
41dc3845 · Vincent Massol · 7c57fc08 · 41dc3845 · 41dc3845 · 41dc3845
Commit 41dc3845 authored 6 years ago by Vincent Massol
--- a/xwiki-platform-core/xwiki-platform-observation/xwiki-platform-observation-test/xwiki-platform-observation-test-tests/pom.xml
+++ b/xwiki-platform-core/xwiki-platform-observation/xwiki-platform-observation-test/xwiki-platform-observation-test-tests/pom.xml
@@ -107,25 +107,6 @@
      <version>${hsqldb.version}</version>
      <scope>test</scope>
    </dependency>
-    <!-- Dependencies for REST -->
-    <dependency>
-      <groupId>org.xwiki.platform</groupId>
-      <artifactId>xwiki-platform-security-bridge</artifactId>
-      <version>${project.version}</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.xwiki.commons</groupId>
-      <artifactId>xwiki-commons-environment-standard</artifactId>
-      <version>${commons.version}</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.xwiki.platform</groupId>
-      <artifactId>xwiki-platform-configuration-default</artifactId>
-      <version>${project.version}</version>
-      <scope>test</scope>
-    </dependency>
  </dependencies>
  <build>
    <testSourceDirectory>src/test/it</testSourceDirectory>

--- a/xwiki-platform-core/xwiki-platform-observation/xwiki-platform-observation-test/xwiki-platform-observation-test-tests/src/test/it/org/xwiki/test/cluster/InstalledExtensionIndexTest.java
+++ b/xwiki-platform-core/xwiki-platform-observation/xwiki-platform-observation-test/xwiki-platform-observation-test-tests/src/test/it/org/xwiki/test/cluster/InstalledExtensionIndexTest.java
@@ -28,29 +28,22 @@
 import org.junit.Test;
 import org.xwiki.component.annotation.ComponentAnnotationLoader;
 import org.xwiki.component.annotation.ComponentDeclaration;
-import org.xwiki.component.descriptor.DefaultComponentDescriptor;
 import org.xwiki.component.namespace.Namespace;
 import org.xwiki.extension.ExtensionId;
 import org.xwiki.extension.job.ExtensionRequest;
 import org.xwiki.extension.job.InstallRequest;
 import org.xwiki.extension.job.UninstallRequest;
 import org.xwiki.job.Request;
-import org.xwiki.model.reference.EntityReference;
 import org.xwiki.rest.internal.JAXBConverter;
 import org.xwiki.rest.internal.ModelFactory;
 import org.xwiki.rest.model.jaxb.JobRequest;
 import org.xwiki.rest.resources.job.JobsResource;
-import org.xwiki.security.authorization.ContextualAuthorizationManager;
-import org.xwiki.security.authorization.Right;
 import org.xwiki.test.cluster.framework.AbstractClusterHttpTest;
 import org.xwiki.test.ui.AbstractTest;
 import org.xwiki.test.ui.TestUtils;

 import static org.junit.Assert.assertTrue;
 import static org.junit.Assert.fail;
-import static org.mockito.ArgumentMatchers.any;
-import static org.mockito.Mockito.mock;
-import static org.mockito.Mockito.when;

 /**
 * Verify the installed extensions are synchronized between members of the cluster.
@@ -66,16 +59,8 @@ public static void beforeClass() throws Exception
        List<ComponentDeclaration> componentDeclarations = new ArrayList<>();
        componentDeclarations.add(new ComponentDeclaration(ModelFactory.class.getName()));
        componentDeclarations.add(new ComponentDeclaration(JAXBConverter.class.getName()));
-
        loader.initialize(AbstractTest.componentManager, AbstractTest.class.getClassLoader(), componentDeclarations);

-        // Needed to perform the REST call
-        ContextualAuthorizationManager contextualAuthorizationManager = mock(ContextualAuthorizationManager.class);
-        DefaultComponentDescriptor<ContextualAuthorizationManager> descriptor = new DefaultComponentDescriptor();
-        descriptor.setRoleType(ContextualAuthorizationManager.class);
-        AbstractTest.componentManager.registerComponent(descriptor, contextualAuthorizationManager);
-        when(contextualAuthorizationManager.hasAccess(any(Right.class), any(EntityReference.class))).thenReturn(true);
-
        // Make sure extension utils is initialized and set.
        if (getExtensionTestUtils() == null) {
            AllTests.initExtensionTestUtils(context);

--- a/xwiki-platform-core/xwiki-platform-rest/xwiki-platform-rest-server/src/main/java/org/xwiki/rest/internal/ModelFactory.java
+++ b/xwiki-platform-core/xwiki-platform-rest/xwiki-platform-rest-server/src/main/java/org/xwiki/rest/internal/ModelFactory.java
@@ -140,7 +140,7 @@ public class ModelFactory
    private JAXBConverter jaxbConverter;

    @Inject
-    private ContextualAuthorizationManager authorizationManager;
+    private Provider<ContextualAuthorizationManager> authorizationManagerProvider;

    @Inject
    private Logger logger;
@@ -1086,7 +1086,7 @@ public JobLog toRestJobLog(Collection<LogEvent> logs, URI self)
    private boolean hasAccess(Property restProperty)
    {
        if (PASSWORD_TYPE.equals(restProperty.getType())) {
-            return authorizationManager.hasAccess(Right.ADMIN, xcontextProvider.get().getWikiReference());
+            return authorizationManagerProvider.get().hasAccess(Right.ADMIN, xcontextProvider.get().getWikiReference());
        }

        return true;

--- a/xwiki-platform-core/xwiki-platform-test/xwiki-platform-test-docker/pom.xml
+++ b/xwiki-platform-core/xwiki-platform-test/xwiki-platform-test-docker/pom.xml
@@ -156,21 +156,6 @@
      <artifactId>javax.servlet-api</artifactId>
      <scope>compile</scope>
    </dependency>
-    <dependency>
-      <groupId>org.xwiki.platform</groupId>
-      <artifactId>xwiki-platform-security-bridge</artifactId>
-      <version>${project.version}</version>
-    </dependency>
-    <dependency>
-      <groupId>org.xwiki.commons</groupId>
-      <artifactId>xwiki-commons-environment-standard</artifactId>
-      <version>${commons.version}</version>
-    </dependency>
-    <dependency>
-      <groupId>org.xwiki.platform</groupId>
-      <artifactId>xwiki-platform-configuration-default</artifactId>
-      <version>${project.version}</version>
-    </dependency>
    <!-- Dependency to generate XED files by reusing existing code -->
    <dependency>
      <groupId>org.xwiki.commons</groupId>

--- a/xwiki-platform-tools/xwiki-platform-tool-provision-plugin/pom.xml
+++ b/xwiki-platform-tools/xwiki-platform-tool-provision-plugin/pom.xml
@@ -36,6 +36,8 @@
  <properties>
    <xwiki.jacoco.instructionRatio>0.73</xwiki.jacoco.instructionRatio>
    <xwiki.pitest.mutationThreshold>50</xwiki.pitest.mutationThreshold>
+    <!-- Allow Maven plugins to output to the console -->
+    <xwiki.surefire.captureconsole.skip>true</xwiki.surefire.captureconsole.skip>
  </properties>
  <dependencies>
    <!-- Maven -->
@@ -77,25 +79,6 @@
      <artifactId>javax.servlet-api</artifactId>
      <scope>compile</scope>
    </dependency>
-    <!-- Needed at runtime by the REST code to work -->
-    <dependency>
-      <groupId>org.xwiki.platform</groupId>
-      <artifactId>xwiki-platform-security-bridge</artifactId>
-      <version>${project.version}</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.xwiki.commons</groupId>
-      <artifactId>xwiki-commons-environment-standard</artifactId>
-      <version>${commons.version}</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.xwiki.platform</groupId>
-      <artifactId>xwiki-platform-configuration-default</artifactId>
-      <version>${project.version}</version>
-      <scope>test</scope>
-    </dependency>
    <!-- Test dependencies -->
    <dependency>
      <groupId>org.xwiki.platform</groupId>