/** * Returns a prefix to use before storing a password. An example usage is to * prefix the password hash with the type of hash, e.g. {MD5}. * * @return a prefix to use before storing a password. */ @Override protected String getPasswordStorePrefix() { if (getDigestAlgorithm() != null) { return "{" + getDigestAlgorithm() + "}"; } return super.getPasswordStorePrefix(); } }
/** * {@inheritDoc} */ @Override public boolean execute(IActionHandler actionHandler, Map<String, Object> context) { String username = (String) context.get(USERNAME_KEY); String generatedPassword = RandomStringUtils.randomAscii(16); generatedPassword = ONE_TIME_PREFIX + generatedPassword; context.put(GENERATED_PASSWORD_KEY, generatedPassword); return changePassword(username, generatedPassword); }
/** * Hashes a char array using the algorithm parametrised in the instance. * * @param newPassword * the new password to hash. * @return the password digest. * @throws NoSuchAlgorithmException * when the digest algorithm is not supported. * @throws IOException * whenever an I/O exception occurs. */ protected String digestAndEncode(char... newPassword) throws NoSuchAlgorithmException, IOException { if (getDigestAlgorithm() != null) { MessageDigest md = MessageDigest.getInstance(getDigestAlgorithm()); md.reset(); md.update(new String(newPassword).getBytes(StandardCharsets.UTF_8.name())); byte[] digest = md.digest(); return getPasswordStorePrefix() + encode(digest); } return new String(newPassword); }
/** * {@inheritDoc} */ @Override public boolean execute(IActionHandler actionHandler, Map<String, Object> context) { Map<String, Object> actionParam = getModelConnector(context).getConnectorValue(); String typedPasswd = (String) actionParam.get(PASSWD_TYPED); String retypedPasswd = (String) actionParam.get(PASSWD_RETYPED); if (!ObjectUtils.equals(typedPasswd, retypedPasswd)) { throw new ActionBusinessException("Typed and retyped passwords are different.", "password.typed.retyped.different"); } checkPasswordValidity(typedPasswd, context); UserPrincipal principal = getApplicationSession(context).getPrincipal(); if (changePassword(principal, (String) actionParam.get(PASSWD_CURRENT), typedPasswd)) { setActionParameter(getTranslationProvider(context).getTranslation("password.change.success", getLocale(context)), context); return super.execute(actionHandler, context); } return false; }
/** * {@inheritDoc} */ @Override @SuppressWarnings("unchecked") public boolean execute(IActionHandler actionHandler, Map<String, Object> context) { Map<String, Object> actionParam = (Map<String, Object>) context .get(ActionContextConstants.ACTION_PARAM); char[] typedPasswd = (char[]) actionParam.get(PASSWD_TYPED); char[] retypedPasswd = (char[]) actionParam.get(PASSWD_RETYPED); if (!Arrays.equals(typedPasswd, retypedPasswd)) { throw new ActionBusinessException( "Typed and retyped passwords are different.", "password.typed.retyped.different"); } UserPrincipal principal = getApplicationSession(context).getPrincipal(); if (changePassword(principal, (char[]) actionParam.get(PASSWD_CURRENT), typedPasswd)) { context.put(ActionContextConstants.ACTION_PARAM, getTranslationProvider( context) .getTranslation("password.change.success", getLocale(context))); return super.execute(actionHandler, context); } return false; }
/** * Gives the opportunity to check the new password validity against some * business rule. Buy default, it only checks that the password is not empty * if {@code allowEmptyPassword} is {@code false}. * * @param typedPasswd the password to check. * @param context the context */ protected void checkPasswordValidity(String typedPasswd, Map<String, Object> context) { if (!isAllowEmptyPasswords() && (typedPasswd == null || typedPasswd.length() == 0)) { throw new ActionBusinessException("Empty passwords are not allowed.", "password.empty.disallowed"); } if (!isAllowLoginPasswords() && ObjectUtils.equals(typedPasswd, getApplicationSession(context).getUsername())) { throw new ActionBusinessException("Passwords which are identical to username are not allowed.", "password.login.disallowed"); } if (getPasswordRegex() != null && !Pattern.matches(getPasswordRegex(), typedPasswd)) { throw new ActionBusinessException("Password does not match enforcing rules.", "password.regex.failed", getPasswordRegexSample()); } }
/** * {@inheritDoc} */ @Override protected boolean changePassword(String username, String generatedPassword) { try { String generatedPassHash = ""; if (generatedPassword != null) { generatedPassHash = digestAndEncode(generatedPassword.toCharArray()); } int updCount = getJdbcTemplate().update(getUpdateQuery(), generatedPassHash, username); if (updCount == 0) { throw new ActionException("Could not reset password for user " + username); } } catch (NoSuchAlgorithmException | IOException ex) { throw new ActionException(ex); } return true; }
/** * {@inheritDoc} */ @Override protected boolean changePassword(UserPrincipal userPrincipal, String currentPassword, String newPassword) { try { String newPassHash = ""; if (newPassword != null) { newPassHash = digestAndEncode(newPassword.toCharArray()); } String currentPassHash = ""; if (currentPassword != null) { currentPassHash = digestAndEncode(currentPassword.toCharArray()); } int updCount = getJdbcTemplate().update(getUpdateQuery(), newPassHash, userPrincipal.getName(), currentPassHash); if (updCount == 0) { throw new ActionBusinessException("Current password is not valid.", "password.current.invalid"); } } catch (NoSuchAlgorithmException | IOException ex) { throw new ActionException(ex); } return true; }
/** * Encodes the password hash based on the hash encoding parameter (either * Base64, Base16). Defaults to Base64. * * @param source * the byte array (hash) to encode. * @return the encoded string. */ protected String encode(byte[] source) { String he = getHashEncoding(); if (BASE64_ENCODING.equalsIgnoreCase(he)) { return Base64.encodeBase64String(source); } if (BASE16_ENCODING.equalsIgnoreCase(he) || HEX_ENCODING.equalsIgnoreCase(he)) { return Hex.encodeHexString(source); } // defaults to Base64 return Base64.encodeBase64String(source); }
mods.add(new ModificationItem(DirContext.REPLACE_ATTRIBUTE, new BasicAttribute(LdapConstants.PASSWORD_ATTRIBUTE, digestAndEncode(newPassword.toCharArray())))); ldapTemplate.modifyAttributes(userDn, mods.toArray(new ModificationItem[mods.size()]));
mods.add(new ModificationItem(DirContext.REPLACE_ATTRIBUTE, new BasicAttribute(LdapConstants.PASSWORD_ATTIBUTE, digest(newPassword)))); ldapTemplate.modifyAttributes(userDn, mods .toArray(new ModificationItem[0]));