public void setPassword (User u, String clearpass, User author, HashVersion v) throws Exception { if (u.getPasswordHash() != null) u.addPasswordHistoryValue(u.getPasswordHash()); switch (v) { case ZERO: setV0Password (u, clearpass); break; case ONE: setV1Password (u, clearpass); break; } u.setPasswordChanged(new Date()); u.setForcePasswordChange(false); RevisionManager revmgr = new RevisionManager(db); if (author == null) author = u; revmgr.createRevision(author, "user." + u.getId(), "Password changed"); db.session().saveOrUpdate(u); }
public boolean upgradePassword (User u, String clearpass) throws Exception { assertNotNull(clearpass, "Invalid pass"); String passwordHash = u.getPasswordHash(); assertNotNull(passwordHash, "Password is null"); HashVersion v = HashVersion.getVersion(passwordHash); if (v == HashVersion.ZERO && checkV0Password(passwordHash, u.getId(), clearpass)) { setPassword(u, clearpass, null, HashVersion.ONE); return true; } return false; }
public boolean checkPassword (User u, String clearpass) throws Exception { assertNotNull(clearpass, "Invalid pass"); String passwordHash = u.getPasswordHash(); assertNotNull(passwordHash, "Password is null"); HashVersion v = HashVersion.getVersion(passwordHash); assertTrue(v != HashVersion.UNKNOWN, "Unknown password"); switch (v) { case ZERO: return checkV0Password(passwordHash, u.getId(), clearpass); case ONE: return checkV1Password(passwordHash, clearpass); } return false; }
assertEquals("User hash is correct", "ee89026a6c5603c51b4504d218ac60f6874b7750", u.getPasswordHash()); assertFalse("Password has to be in history", mgr.checkNewPassword(u, "test")); mgr.upgradePassword(u, "test"); assertNotEquals("User hash has changed", "ee89026a6c5603c51b4504d218ac60f6874b7750", u.getPasswordHash()); assertTrue("User password is still 'test'", mgr.checkPassword(u, "test")); assertNotEquals("User hash has changed", "ee89026a6c5603c51b4504d218ac60f6874b7750", u.getPasswordHash()); assertFalse("Password has to be in history", mgr.checkNewPassword(u, "test")); mgr.setPassword(u, "test1");