public boolean checkAndChangePassword(
     final User user, final String oldPassword, final String password) throws MailException {
   if (user.checkPassword(oldPassword)) {
     ((UserImpl) user).setPassword(password);
     entityManager.merge(user);
     final UserString email = user.getEmail();
     if (email != null)
       MailSender.sendPasswordChangeMail(user.getName().toString(), password, email.nonEscaped());
     return true;
   }
   return false;
 }
  private void handleChangePasswordPost(Request request, HttpServletResponse httpServletResponse)
      throws Exception {

    LoginInfo loginInfo = userHelpers.getLoginInfo(request);
    if (loginInfo == null) {
      WebUtils.redirectToError("Couldn't determine the current user", request, httpServletResponse);
      return;
    }

    String userId = loginInfo.userId;
    String stringCrtPassword = request.getParameter(PARAM_CURRENT_PASSWORD);
    String stringNewPassword = request.getParameter(PARAM_PASSWORD);
    String stringNewPasswordConfirm = request.getParameter(PARAM_PASSWORD_CONFIRM);

    if (!stringNewPassword.equals(stringNewPasswordConfirm)) {
      showResult(
          "Mismatch between password and password confirmation",
          PATH_SETTINGS,
          request,
          httpServletResponse);
      return;
    }

    User user =
        userDb.get(
            userId); // ttt1 crashes for wrong ID; 2013.07.20 - no longer have an idea what this is
                     // about
    if (user == null) {
      WebUtils.redirectToError("Couldn't find the current user", request, httpServletResponse);
      return;
    }

    if (!user.checkPassword(stringCrtPassword)) {
      showResult("Incorrect current password", PATH_SETTINGS, request, httpServletResponse);
      return;
    }

    SecureRandom secureRandom = new SecureRandom();
    String salt = "" + secureRandom.nextLong();
    byte[] password = User.computeHashedPassword(stringNewPassword, salt);
    user.salt = salt;
    user.password = password;

    // ttt3 2 clients can change the password simultaneously
    userDb.add(user);

    // httpServletResponse.sendRedirect(PATH_SETTINGS);
    showResult("Password changed", PATH_SETTINGS, request, httpServletResponse);
  }
Example #3
0
  /**
   * Authenticate a user with the given username/email and password Note: this doesn't create a new
   * session.
   *
   * @param userName The username/email of the user to authenticate.
   * @param password The password to try.
   * @return the user, if the username and password are correct, else null
   */
  public User authenticate(String userName, String password) {
    User u = where().or().username.equalTo(userName).or().email.equalTo(userName).findUnique();

    if (u == null) {
      // User doesn't exist.
      return null;
    } else {
      if (u.checkPassword(password)) {
        // password correct!
        return u;
      } else {
        // incorrect password
        return null;
      }
    }
  }
Example #4
0
  /** Returns the User object with the specified name and password from this object's set. */
  public User getUser(String name, String password) {

    if (name == null) {
      name = "";
    }

    if (password == null) {
      password = "";
    }

    User user = get(name);

    user.checkPassword(password);

    return user;
  }
Example #5
0
  @Test
  public void testUserManagement() {
    // Try to get non-existent
    User user = _userManager.getUser("nonexistentuser");
    assertNull(user);

    // Clear DB as necessary
    user = _userManager.getUser("testuser");
    if (user != null) {
      _userManager.deleteUser(user);
    }

    // Add
    user = getTestUser();
    Set<UserGroup> userGroups = new HashSet<UserGroup>();
    UserGroup userGroup = _userManager.getUserGroup("testusergroup");
    if (userGroup == null) {
      userGroup = new UserGroup();
      userGroup.setName("testusergroup");
      userGroup.getAuthorities().add(new Authority("testauthority"));
    }
    userGroup.getUsers().add(user);
    user.setUserGroups(userGroups);
    _userManager.addUser(user);

    // Update
    user.setPassword("modifiedtestpw");
    _userManager.updateUser(user);
    user = _userManager.getUser("testuser");
    assertNotNull(user);
    assertTrue(user.checkPassword("modifiedtestpw"));

    // Delete
    _userManager.deleteUser(user);
    user = _userManager.getUser("testuser");
    assertNull(user);
  }
Example #6
0
  /** Returns the User object with the specified name and password from this object's set. */
  public User getUser(String name, String password) {

    if (name == null) {
      name = "";
    }

    if (password == null) {
      password = "";
    }

    User user = (User) userList.get(name);
    boolean isLocal = user != null && user.isLocalOnly;

    if (extAuthenticationFunction == null || isLocal) {
      user = get(name);

      user.checkPassword(password);

      return user;
    }

    /*
     * Authentication returns String[]. When null, use the existing
     * user object only, with existing privileges.
     * When not null, ignore if user exists. Otherwise create a user and
     * assign the list of roles to the user.
     */
    Result result =
        extAuthenticationFunction.invokeJavaMethodDirect(
            new String[] {granteeManager.database.getUniqueName(), name, password});

    if (result.isError()) {
      throw Error.error(ErrorCode.X_28501, result.getMainString());
    }

    Object[] roles = (Object[]) result.getValueObject();

    if (user == null) {
      HsqlName hsqlName =
          granteeManager.database.nameManager.newHsqlName(name, true, SchemaObject.GRANTEE);

      user = createUser(null, hsqlName, "", false);
      user.isExternalOnly = true;
    }

    if (roles == null) {
      user.updateAllRights();

      return user;
    }

    // this clears all existing privileges of the user
    user.clearPrivileges();

    // assigns the roles to the user
    for (int i = 0; i < roles.length; i++) {
      try {
        Grantee role = granteeManager.getRole((String) roles[i]);

        user.grant(role);
      } catch (HsqlException e) {
      }
    }

    user.updateAllRights();

    for (int i = 0; i < roles.length; i++) {
      Schema schema = granteeManager.database.schemaManager.findSchema((String) roles[i]);

      if (schema != null) {
        user.setInitialSchema(schema.getName());

        break;
      }
    }

    return user;
  }
 @Test
 public void test1() {
   assertEquals(true, User.checkPassword("saam", "stanford", connection));
 }
  private void handleLoginPost(
      Request request, HttpServletResponse httpServletResponse, boolean secured) throws Exception {
    String userId = request.getParameter(PARAM_USER_ID);
    String password = request.getParameter(PARAM_PASSWORD);
    String rememberAccountStr = request.getParameter(PARAM_REMEMBER_ACCOUNT);
    boolean rememberAccount = Boolean.parseBoolean(rememberAccountStr);
    LoginInfo.SessionInfo sessionInfo = UserHelpers.getSessionInfo(request);

    logOut(sessionInfo.browserId);

    User user = userDb.get(userId);
    if (user == null) {
      WebUtils.redirectToError("User " + userId + " not found", request, httpServletResponse);
      return;
    }

    if (!user.checkPassword(password)) {
      WebUtils.redirectToError("Invalid password", request, httpServletResponse);
      return;
    }

    if (!user.active) {
      WebUtils.redirectToError(
          "Account for User " + userId + " needs to be activated", request, httpServletResponse);
      return;
    }

    LOG.info("Logged in user " + userId);

    sessionInfo.sessionId = null;
    if (sessionInfo.browserId == null) {
      sessionInfo.browserId = getRandomId();
    } else {
      for (LoginInfo loginInfo : loginInfoDb.getLoginsForBrowser(sessionInfo.browserId)) {
        if (userId.equals(loginInfo.userId)) {
          sessionInfo.sessionId = loginInfo.sessionId;
          break;
        }
      }
    }

    long expireOn = System.currentTimeMillis() + Config.getConfig().loginExpireInterval;
    if (sessionInfo.sessionId == null) {
      sessionInfo.sessionId = getRandomId();
      Config config = Config.getConfig();
      loginInfoDb.add(
          new LoginInfo(
              sessionInfo.browserId,
              sessionInfo.sessionId,
              userId,
              expireOn,
              rememberAccount,
              config.defaultStyle,
              config.defaultItemsPerPage,
              config.defaultFeedDateFormat));
      LOG.info(String.format("Logging in in a new session. User: %s", user));
    } else {
      loginInfoDb.updateExpireTime(sessionInfo.browserId, sessionInfo.sessionId, expireOn);
      LOG.info(String.format("Logging in in an existing session. User: %s", user));
    }

    WebUtils.saveCookies(
        httpServletResponse, secured, sessionInfo.browserId, sessionInfo.sessionId);

    httpServletResponse.sendRedirect("/");
  }