=== modified file 'dhis-2/dhis-api/src/main/java/org/hisp/dhis/user/UserCredentials.java' --- dhis-2/dhis-api/src/main/java/org/hisp/dhis/user/UserCredentials.java 2014-12-19 12:31:55 +0000 +++ dhis-2/dhis-api/src/main/java/org/hisp/dhis/user/UserCredentials.java 2014-12-19 15:42:38 +0000 @@ -459,7 +459,6 @@ public void setPassword( String password ) { this.password = password; - this.passwordLastUpdated = new Date(); } @JsonProperty === modified file 'dhis-2/dhis-api/src/main/java/org/hisp/dhis/user/UserService.java' --- dhis-2/dhis-api/src/main/java/org/hisp/dhis/user/UserService.java 2014-12-19 10:38:55 +0000 +++ dhis-2/dhis-api/src/main/java/org/hisp/dhis/user/UserService.java 2014-12-19 15:42:38 +0000 @@ -224,6 +224,32 @@ Collection getAllUserCredentials(); /** + * Encodes and sets the password of the User. + * Due to business logic required on password updates the password for a user + * should only be changed using this method or {@link #encodeAndSetPassword(UserCredentials, String) encodeAndSetPassword} + * and not directly on the User or UserCredentials object. + * + * Note that the changes made to the User object are not persisted. + * + * @param user the User. + * @param rawPassword the raw password. + */ + void encodeAndSetPassword( User user, String rawPassword ); + + /** + * Encodes and sets the password of the UserCredentials. + * Due to business logic required on password updates the password for a user + * should only be changed using this method or {@link #encodeAndSetPassword(User, String) encodeAndSetPassword} + * and not directly on the User or UserCredentials object. + * + * Note that the changes made to the UserCredentials object are not persisted. + * + * @param userCredentials the UserCredentials. + * @param rawPassword the raw password. + */ + void encodeAndSetPassword( UserCredentials userCredentials, String rawPassword ); + + /** * Updates the last login date of UserCredentials with the given username * with the current date. * === modified file 'dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/security/DefaultSecurityService.java' --- dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/security/DefaultSecurityService.java 2014-12-19 11:12:59 +0000 +++ dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/security/DefaultSecurityService.java 2014-12-19 15:42:38 +0000 @@ -144,7 +144,7 @@ user.setSurname( "(TBD)" ); user.setFirstName( "(TBD)" ); - user.getUserCredentials().setPassword( passwordManager.encode( rawPassword ) ); + userService.encodeAndSetPassword( user, rawPassword ); return true; } @@ -297,14 +297,11 @@ return false; } - newPassword = passwordManager.encode( newPassword ); - - credentials.setPassword( newPassword ); - credentials.setRestoreCode( null ); credentials.setRestoreToken( null ); credentials.setRestoreExpiry( null ); + userService.encodeAndSetPassword( credentials, newPassword ); userService.updateUserCredentials( credentials ); return true; === modified file 'dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/security/migration/MigrationAuthenticationProvider.java' --- dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/security/migration/MigrationAuthenticationProvider.java 2014-11-24 14:15:14 +0000 +++ dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/security/migration/MigrationAuthenticationProvider.java 2014-12-19 15:42:38 +0000 @@ -70,8 +70,7 @@ if ( userCredentials != null ) { - userCredentials.setPassword( passwordManager.encode( password ) ); - userCredentials.setPasswordLastUpdated( new Date() ); + userService.encodeAndSetPassword( userCredentials, password ); userService.updateUser( userCredentials.getUser() ); log.info( "User " + userCredentials.getUsername() + " was migrated from " + passwordManager.getLegacyPasswordEncoderClassName() + === modified file 'dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/user/DefaultUserService.java' --- dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/user/DefaultUserService.java 2014-12-19 10:38:55 +0000 +++ dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/user/DefaultUserService.java 2014-12-19 15:42:38 +0000 @@ -41,6 +41,7 @@ import java.util.Map; import java.util.Set; +import org.apache.commons.lang.StringUtils; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.hisp.dhis.common.AuditLogUtil; @@ -52,6 +53,7 @@ import org.hisp.dhis.dataset.DataSet; import org.hisp.dhis.organisationunit.OrganisationUnit; import org.hisp.dhis.period.PeriodType; +import org.hisp.dhis.security.migration.MigrationPasswordManager; import org.hisp.dhis.setting.SystemSettingManager; import org.hisp.dhis.system.filter.UserAuthorityGroupCanIssueFilter; import org.hisp.dhis.system.util.DateUtils; @@ -121,6 +123,13 @@ this.systemSettingManager = systemSettingManager; } + private MigrationPasswordManager passwordManager; + + public void setPasswordManager( MigrationPasswordManager passwordManager ) + { + this.passwordManager = passwordManager; + } + // ------------------------------------------------------------------------- // Implementing methods // ------------------------------------------------------------------------- @@ -517,6 +526,26 @@ } @Override + public void encodeAndSetPassword( User user, String rawPassword ) + { + encodeAndSetPassword( user.getUserCredentials(), rawPassword ); + } + + @Override + public void encodeAndSetPassword( UserCredentials userCredentials, String rawPassword ) + { + boolean isNewPassword = StringUtils.isBlank( userCredentials.getPassword() ) || + !passwordManager.legacyOrCurrentMatches( rawPassword, userCredentials.getPassword(), userCredentials.getUsername() ); + + if ( isNewPassword ) + { + userCredentials.setPasswordLastUpdated( new Date() ); + } + + userCredentials.setPassword( passwordManager.encode( rawPassword ) ); + } + + @Override public UserCredentials getUserCredentials( User user ) { return userCredentialsStore.getUserCredentials( user ); === modified file 'dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/user/hibernate/HibernateUserCredentialsStore.java' --- dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/user/hibernate/HibernateUserCredentialsStore.java 2014-12-18 20:01:47 +0000 +++ dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/user/hibernate/HibernateUserCredentialsStore.java 2014-12-19 15:42:38 +0000 @@ -85,7 +85,7 @@ @Override public void updateUserCredentials( UserCredentials userCredentials ) - { + { sessionFactory.getCurrentSession().update( userCredentials ); } === modified file 'dhis-2/dhis-services/dhis-service-core/src/main/resources/META-INF/dhis/beans.xml' --- dhis-2/dhis-services/dhis-service-core/src/main/resources/META-INF/dhis/beans.xml 2014-12-19 10:38:55 +0000 +++ dhis-2/dhis-services/dhis-service-core/src/main/resources/META-INF/dhis/beans.xml 2014-12-19 15:42:38 +0000 @@ -596,6 +596,7 @@ + === modified file 'dhis-2/dhis-services/dhis-service-dxf2/src/main/java/org/hisp/dhis/dxf2/metadata/importers/DefaultIdentifiableObjectImporter.java' --- dhis-2/dhis-services/dhis-service-dxf2/src/main/java/org/hisp/dhis/dxf2/metadata/importers/DefaultIdentifiableObjectImporter.java 2014-12-02 09:39:03 +0000 +++ dhis-2/dhis-services/dhis-service-dxf2/src/main/java/org/hisp/dhis/dxf2/metadata/importers/DefaultIdentifiableObjectImporter.java 2014-12-19 15:42:38 +0000 @@ -75,6 +75,7 @@ import org.hisp.dhis.trackedentity.TrackedEntityAttribute; import org.hisp.dhis.user.User; import org.hisp.dhis.user.UserCredentials; +import org.hisp.dhis.user.UserService; import org.hisp.dhis.validation.ValidationRule; import org.springframework.beans.factory.annotation.Autowired; @@ -134,13 +135,13 @@ @Autowired private SchemaService schemaService; + @Autowired + private UserService userService; + @Autowired( required = false ) private List> objectHandlers; @Autowired - private PasswordManager passwordManager; - - @Autowired private DataElementCategoryService categoryService; //------------------------------------------------------------------------------------------------------- @@ -323,7 +324,7 @@ if ( userCredentials.getPassword() != null ) { - userCredentials.setPassword( passwordManager.encode( userCredentials.getPassword() ) ); + userService.encodeAndSetPassword( userCredentials, userCredentials.getPassword() ); } Map> collectionFieldsUserCredentials = detachCollectionFields( userCredentials ); @@ -423,7 +424,7 @@ if ( userCredentials != null && userCredentials.getPassword() != null ) { - userCredentials.setPassword( passwordManager.encode( userCredentials.getPassword() ) ); + userService.encodeAndSetPassword( userCredentials, userCredentials.getPassword() ); } ((User) persistedObject).getUserCredentials().mergeWith( userCredentials ); === modified file 'dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/webapi/controller/AccountController.java' --- dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/webapi/controller/AccountController.java 2014-11-24 14:15:14 +0000 +++ dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/webapi/controller/AccountController.java 2014-12-19 15:42:38 +0000 @@ -65,7 +65,6 @@ import javax.servlet.http.HttpSession; import java.io.IOException; import java.util.Collection; -import java.util.Date; import java.util.HashMap; import java.util.HashSet; import java.util.Map; @@ -399,7 +398,7 @@ username = credentials.getUsername(); } - credentials.setPassword( passwordManager.encode( password ) ); + userService.encodeAndSetPassword( credentials, password ); userService.updateUser( user ); userService.updateUserCredentials( credentials ); @@ -421,7 +420,7 @@ credentials = new UserCredentials(); credentials.setUsername( username ); - credentials.setPassword( passwordManager.encode( password ) ); + userService.encodeAndSetPassword( credentials, password ); credentials.setSelfRegistered( true ); credentials.setUser( user ); credentials.getUserAuthorityGroups().add( userRole ); @@ -499,10 +498,7 @@ return; } - String passwordEncoded = passwordManager.encode( password ); - - credentials.setPassword( passwordEncoded ); - credentials.setPasswordLastUpdated( new Date() ); + userService.encodeAndSetPassword( credentials, password ); userService.updateUserCredentials( credentials ); authenticate( username, password, getAuthorities( credentials.getUserAuthorityGroups() ), request ); === modified file 'dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/webapi/controller/user/UserController.java' --- dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/webapi/controller/user/UserController.java 2014-12-19 14:51:19 +0000 +++ dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/webapi/controller/user/UserController.java 2014-12-19 15:42:38 +0000 @@ -45,7 +45,6 @@ import org.hisp.dhis.importexport.ImportStrategy; import org.hisp.dhis.node.types.RootNode; import org.hisp.dhis.schema.descriptors.UserSchemaDescriptor; -import org.hisp.dhis.security.PasswordManager; import org.hisp.dhis.security.RestoreOptions; import org.hisp.dhis.security.SecurityService; import org.hisp.dhis.setting.SystemSettingManager; @@ -91,9 +90,6 @@ private UserGroupService userGroupService; @Autowired - private PasswordManager passwordManager; - - @Autowired private SecurityService securityService; @Autowired === modified file 'dhis-2/dhis-web/dhis-web-commons/src/main/java/org/hisp/dhis/security/DatabaseAutomaticAccessProvider.java' --- dhis-2/dhis-web/dhis-web-commons/src/main/java/org/hisp/dhis/security/DatabaseAutomaticAccessProvider.java 2014-11-24 14:15:14 +0000 +++ dhis-2/dhis-web/dhis-web-commons/src/main/java/org/hisp/dhis/security/DatabaseAutomaticAccessProvider.java 2014-12-19 15:42:38 +0000 @@ -38,24 +38,11 @@ * This access provider will put a user with all granted authorities in the database. * * @author Torgeir Lorange Ostby - * @version $Id: DatabaseAutomaticAccessProvider.java 3513 2007-08-04 16:16:40Z - * torgeilo $ */ public class DatabaseAutomaticAccessProvider extends AbstractAutomaticAccessProvider { // ------------------------------------------------------------------------- - // Dependencies - // ------------------------------------------------------------------------- - - private PasswordManager passwordManager; - - public void setPasswordManager( PasswordManager passwordManager ) - { - this.passwordManager = passwordManager; - } - - // ------------------------------------------------------------------------- // AdminAccessManager implementation // ------------------------------------------------------------------------- @@ -84,10 +71,11 @@ UserCredentials userCredentials = new UserCredentials(); userCredentials.setUsername( username ); - userCredentials.setPassword( passwordManager.encode( password ) ); userCredentials.setUser( user ); userCredentials.getUserAuthorityGroups().add( userAuthorityGroup ); + userService.encodeAndSetPassword( userCredentials, password ); + userService.addUserCredentials( userCredentials ); } === modified file 'dhis-2/dhis-web/dhis-web-commons/src/main/java/org/hisp/dhis/useraccount/action/UpdateUserAccountAction.java' --- dhis-2/dhis-web/dhis-web-commons/src/main/java/org/hisp/dhis/useraccount/action/UpdateUserAccountAction.java 2014-11-24 14:15:14 +0000 +++ dhis-2/dhis-web/dhis-web-commons/src/main/java/org/hisp/dhis/useraccount/action/UpdateUserAccountAction.java 2014-12-19 15:42:38 +0000 @@ -28,10 +28,10 @@ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +import org.apache.commons.lang.StringUtils; import org.hisp.dhis.i18n.I18n; import org.hisp.dhis.security.migration.MigrationPasswordManager; import org.hisp.dhis.user.User; -import org.hisp.dhis.user.UserCredentials; import org.hisp.dhis.user.UserService; import com.opensymphony.xwork2.Action; @@ -143,21 +143,11 @@ // Prepare values // --------------------------------------------------------------------- - if ( email != null && email.trim().length() == 0 ) - { - email = null; - } - - if ( rawPassword != null && rawPassword.trim().length() == 0 ) - { - rawPassword = null; - } + email = StringUtils.trimToNull( email ); + rawPassword = StringUtils.trimToNull( rawPassword ); User user = userService.getUser( id ); - - UserCredentials userCredentials = userService.getUserCredentials( user ); - - String currentPassword = userCredentials.getPassword(); + String currentPassword = userService.getUserCredentials( user ).getPassword(); if ( !passwordManager.legacyOrCurrentMatches( oldPassword, currentPassword, user.getUsername() ) ) { @@ -170,20 +160,16 @@ // --------------------------------------------------------------------- user.setSurname( surname ); - user.setFirstName( firstName ); - user.setEmail( email ); - user.setPhoneNumber( phoneNumber ); if ( rawPassword != null ) { - userCredentials.setPassword( passwordManager.encode( rawPassword ) ); - - userService.updateUserCredentials( userCredentials ); + userService.encodeAndSetPassword( user, rawPassword ); } + userService.updateUserCredentials( user.getUserCredentials() ); userService.updateUser( user ); message = i18n.getString( "update_user_success" ); === modified file 'dhis-2/dhis-web/dhis-web-commons/src/main/resources/META-INF/dhis/security.xml' --- dhis-2/dhis-web/dhis-web-commons/src/main/resources/META-INF/dhis/security.xml 2014-12-16 10:26:51 +0000 +++ dhis-2/dhis-web/dhis-web-commons/src/main/resources/META-INF/dhis/security.xml 2014-12-19 15:42:38 +0000 @@ -119,7 +119,6 @@ - === modified file 'dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-user/src/main/java/org/hisp/dhis/user/action/AddUserAction.java' --- dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-user/src/main/java/org/hisp/dhis/user/action/AddUserAction.java 2014-12-19 14:51:19 +0000 +++ dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-user/src/main/java/org/hisp/dhis/user/action/AddUserAction.java 2014-12-19 15:42:38 +0000 @@ -33,6 +33,7 @@ import java.util.List; import java.util.Set; +import org.apache.commons.lang.StringUtils; import org.apache.struts2.ServletActionContext; import org.hisp.dhis.attribute.AttributeService; import org.hisp.dhis.common.IdentifiableObjectManager; @@ -59,7 +60,6 @@ import org.hisp.dhis.user.UserSettingService; import org.hisp.dhis.webapi.utils.ContextUtils; import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.util.StringUtils; import com.google.common.collect.Lists; import com.opensymphony.xwork2.Action; @@ -285,11 +285,7 @@ { //TODO: Allow user with F_USER_ADD_WITHIN_MANAGED_GROUP to add a user within managed groups. - if ( email != null && email.trim().length() == 0 ) - { - email = null; - } - + email = StringUtils.trimToNull( email ); username = username.trim(); inviteUsername = inviteUsername.trim(); inviteEmail = inviteEmail.trim(); @@ -327,7 +323,7 @@ user.setEmail( email ); user.setPhoneNumber( phoneNumber ); - userCredentials.setPassword( passwordManager.encode( rawPassword ) ); + userService.encodeAndSetPassword( userCredentials, rawPassword ); } if ( jsonAttributeValues != null ) === modified file 'dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-user/src/main/java/org/hisp/dhis/user/action/UpdateUserAction.java' --- dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-user/src/main/java/org/hisp/dhis/user/action/UpdateUserAction.java 2014-11-26 15:32:32 +0000 +++ dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-user/src/main/java/org/hisp/dhis/user/action/UpdateUserAction.java 2014-12-19 15:42:38 +0000 @@ -33,6 +33,7 @@ import java.util.List; import java.util.Set; +import org.apache.commons.lang.StringUtils; import org.hisp.dhis.attribute.AttributeService; import org.hisp.dhis.common.IdentifiableObjectManager; import org.hisp.dhis.dataelement.CategoryOptionGroupSet; @@ -41,7 +42,6 @@ import org.hisp.dhis.organisationunit.OrganisationUnit; import org.hisp.dhis.oust.manager.SelectionTreeManager; import org.hisp.dhis.ouwt.manager.OrganisationUnitSelectionManager; -import org.hisp.dhis.security.PasswordManager; import org.hisp.dhis.setting.SystemSettingManager; import org.hisp.dhis.system.util.AttributeUtils; import org.hisp.dhis.system.util.LocaleUtils; @@ -55,7 +55,6 @@ import org.hisp.dhis.user.UserSetting; import org.hisp.dhis.user.UserSettingService; import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.util.StringUtils; import com.google.common.collect.Lists; import com.opensymphony.xwork2.Action; @@ -77,13 +76,6 @@ this.userService = userService; } - private PasswordManager passwordManager; - - public void setPasswordManager( PasswordManager passwordManager ) - { - this.passwordManager = passwordManager; - } - private SelectionTreeManager selectionTreeManager; public void setSelectionTreeManager( SelectionTreeManager selectionTreeManager ) @@ -243,15 +235,8 @@ { //TODO: Allow user with F_USER_ADD_WITHIN_MANAGED_GROUP to update a user within managed groups. - if ( email != null && email.trim().length() == 0 ) - { - email = null; - } - - if ( rawPassword != null && rawPassword.trim().length() == 0 ) - { - rawPassword = null; - } + email = StringUtils.trimToNull( email ); + rawPassword = StringUtils.trimToNull( rawPassword ); User currentUser = currentUserService.getCurrentUser(); @@ -276,11 +261,6 @@ userCredentials.setOpenId( null ); } - if ( rawPassword != null ) - { - userCredentials.setPassword( passwordManager.encode( rawPassword ) ); - } - if ( jsonAttributeValues != null ) { AttributeUtils.updateAttributeValuesFromJson( user.getAttributeValues(), jsonAttributeValues, @@ -350,6 +330,11 @@ // Update User // --------------------------------------------------------------------- + if ( rawPassword != null ) + { + userService.encodeAndSetPassword( userCredentials, rawPassword ); + } + userService.updateUserCredentials( userCredentials ); userService.updateUser( user ); === modified file 'dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-user/src/main/resources/META-INF/dhis/beans.xml' --- dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-user/src/main/resources/META-INF/dhis/beans.xml 2014-12-18 11:41:20 +0000 +++ dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-user/src/main/resources/META-INF/dhis/beans.xml 2014-12-19 15:42:38 +0000 @@ -43,7 +43,6 @@ -