public boolean checkAndChangePassword( final User user, final String oldPassword, final String password) throws MailException { if (user.checkPassword(oldPassword)) { ((UserImpl) user).setPassword(password); entityManager.merge(user); final UserString email = user.getEmail(); if (email != null) MailSender.sendPasswordChangeMail(user.getName().toString(), password, email.nonEscaped()); return true; } return false; }
private void handleChangePasswordPost(Request request, HttpServletResponse httpServletResponse) throws Exception { LoginInfo loginInfo = userHelpers.getLoginInfo(request); if (loginInfo == null) { WebUtils.redirectToError("Couldn't determine the current user", request, httpServletResponse); return; } String userId = loginInfo.userId; String stringCrtPassword = request.getParameter(PARAM_CURRENT_PASSWORD); String stringNewPassword = request.getParameter(PARAM_PASSWORD); String stringNewPasswordConfirm = request.getParameter(PARAM_PASSWORD_CONFIRM); if (!stringNewPassword.equals(stringNewPasswordConfirm)) { showResult( "Mismatch between password and password confirmation", PATH_SETTINGS, request, httpServletResponse); return; } User user = userDb.get( userId); // ttt1 crashes for wrong ID; 2013.07.20 - no longer have an idea what this is // about if (user == null) { WebUtils.redirectToError("Couldn't find the current user", request, httpServletResponse); return; } if (!user.checkPassword(stringCrtPassword)) { showResult("Incorrect current password", PATH_SETTINGS, request, httpServletResponse); return; } SecureRandom secureRandom = new SecureRandom(); String salt = "" + secureRandom.nextLong(); byte[] password = User.computeHashedPassword(stringNewPassword, salt); user.salt = salt; user.password = password; // ttt3 2 clients can change the password simultaneously userDb.add(user); // httpServletResponse.sendRedirect(PATH_SETTINGS); showResult("Password changed", PATH_SETTINGS, request, httpServletResponse); }
/** * Authenticate a user with the given username/email and password Note: this doesn't create a new * session. * * @param userName The username/email of the user to authenticate. * @param password The password to try. * @return the user, if the username and password are correct, else null */ public User authenticate(String userName, String password) { User u = where().or().username.equalTo(userName).or().email.equalTo(userName).findUnique(); if (u == null) { // User doesn't exist. return null; } else { if (u.checkPassword(password)) { // password correct! return u; } else { // incorrect password return null; } } }
/** Returns the User object with the specified name and password from this object's set. */ public User getUser(String name, String password) { if (name == null) { name = ""; } if (password == null) { password = ""; } User user = get(name); user.checkPassword(password); return user; }
@Test public void testUserManagement() { // Try to get non-existent User user = _userManager.getUser("nonexistentuser"); assertNull(user); // Clear DB as necessary user = _userManager.getUser("testuser"); if (user != null) { _userManager.deleteUser(user); } // Add user = getTestUser(); Set<UserGroup> userGroups = new HashSet<UserGroup>(); UserGroup userGroup = _userManager.getUserGroup("testusergroup"); if (userGroup == null) { userGroup = new UserGroup(); userGroup.setName("testusergroup"); userGroup.getAuthorities().add(new Authority("testauthority")); } userGroup.getUsers().add(user); user.setUserGroups(userGroups); _userManager.addUser(user); // Update user.setPassword("modifiedtestpw"); _userManager.updateUser(user); user = _userManager.getUser("testuser"); assertNotNull(user); assertTrue(user.checkPassword("modifiedtestpw")); // Delete _userManager.deleteUser(user); user = _userManager.getUser("testuser"); assertNull(user); }
/** Returns the User object with the specified name and password from this object's set. */ public User getUser(String name, String password) { if (name == null) { name = ""; } if (password == null) { password = ""; } User user = (User) userList.get(name); boolean isLocal = user != null && user.isLocalOnly; if (extAuthenticationFunction == null || isLocal) { user = get(name); user.checkPassword(password); return user; } /* * Authentication returns String[]. When null, use the existing * user object only, with existing privileges. * When not null, ignore if user exists. Otherwise create a user and * assign the list of roles to the user. */ Result result = extAuthenticationFunction.invokeJavaMethodDirect( new String[] {granteeManager.database.getUniqueName(), name, password}); if (result.isError()) { throw Error.error(ErrorCode.X_28501, result.getMainString()); } Object[] roles = (Object[]) result.getValueObject(); if (user == null) { HsqlName hsqlName = granteeManager.database.nameManager.newHsqlName(name, true, SchemaObject.GRANTEE); user = createUser(null, hsqlName, "", false); user.isExternalOnly = true; } if (roles == null) { user.updateAllRights(); return user; } // this clears all existing privileges of the user user.clearPrivileges(); // assigns the roles to the user for (int i = 0; i < roles.length; i++) { try { Grantee role = granteeManager.getRole((String) roles[i]); user.grant(role); } catch (HsqlException e) { } } user.updateAllRights(); for (int i = 0; i < roles.length; i++) { Schema schema = granteeManager.database.schemaManager.findSchema((String) roles[i]); if (schema != null) { user.setInitialSchema(schema.getName()); break; } } return user; }
@Test public void test1() { assertEquals(true, User.checkPassword("saam", "stanford", connection)); }
private void handleLoginPost( Request request, HttpServletResponse httpServletResponse, boolean secured) throws Exception { String userId = request.getParameter(PARAM_USER_ID); String password = request.getParameter(PARAM_PASSWORD); String rememberAccountStr = request.getParameter(PARAM_REMEMBER_ACCOUNT); boolean rememberAccount = Boolean.parseBoolean(rememberAccountStr); LoginInfo.SessionInfo sessionInfo = UserHelpers.getSessionInfo(request); logOut(sessionInfo.browserId); User user = userDb.get(userId); if (user == null) { WebUtils.redirectToError("User " + userId + " not found", request, httpServletResponse); return; } if (!user.checkPassword(password)) { WebUtils.redirectToError("Invalid password", request, httpServletResponse); return; } if (!user.active) { WebUtils.redirectToError( "Account for User " + userId + " needs to be activated", request, httpServletResponse); return; } LOG.info("Logged in user " + userId); sessionInfo.sessionId = null; if (sessionInfo.browserId == null) { sessionInfo.browserId = getRandomId(); } else { for (LoginInfo loginInfo : loginInfoDb.getLoginsForBrowser(sessionInfo.browserId)) { if (userId.equals(loginInfo.userId)) { sessionInfo.sessionId = loginInfo.sessionId; break; } } } long expireOn = System.currentTimeMillis() + Config.getConfig().loginExpireInterval; if (sessionInfo.sessionId == null) { sessionInfo.sessionId = getRandomId(); Config config = Config.getConfig(); loginInfoDb.add( new LoginInfo( sessionInfo.browserId, sessionInfo.sessionId, userId, expireOn, rememberAccount, config.defaultStyle, config.defaultItemsPerPage, config.defaultFeedDateFormat)); LOG.info(String.format("Logging in in a new session. User: %s", user)); } else { loginInfoDb.updateExpireTime(sessionInfo.browserId, sessionInfo.sessionId, expireOn); LOG.info(String.format("Logging in in an existing session. User: %s", user)); } WebUtils.saveCookies( httpServletResponse, secured, sessionInfo.browserId, sessionInfo.sessionId); httpServletResponse.sendRedirect("/"); }