IDEMPIERE-375 Implement Forgot my Password
This commit is contained in:
parent
7c7a3d9464
commit
42eb30488f
|
@ -103,16 +103,6 @@ INSERT INTO AD_Message (MsgType,MsgText,AD_Message_ID,EntityType,AD_Message_UU,V
|
||||||
INSERT INTO AD_Message_Trl (AD_Language,AD_Message_ID, MsgText,MsgTip, IsTranslated,AD_Client_ID,AD_Org_ID,Created,Createdby,Updated,UpdatedBy,AD_Message_Trl_UU ) SELECT l.AD_Language,t.AD_Message_ID, t.MsgText,t.MsgTip, 'N',t.AD_Client_ID,t.AD_Org_ID,t.Created,t.Createdby,t.Updated,t.UpdatedBy,Generate_UUID() FROM AD_Language l, AD_Message t WHERE l.IsActive='Y' AND l.IsSystemLanguage='Y' AND l.IsBaseLanguage='N' AND t.AD_Message_ID=200045 AND NOT EXISTS (SELECT * FROM AD_Message_Trl tt WHERE tt.AD_Language=l.AD_Language AND tt.AD_Message_ID=t.AD_Message_ID)
|
INSERT INTO AD_Message_Trl (AD_Language,AD_Message_ID, MsgText,MsgTip, IsTranslated,AD_Client_ID,AD_Org_ID,Created,Createdby,Updated,UpdatedBy,AD_Message_Trl_UU ) SELECT l.AD_Language,t.AD_Message_ID, t.MsgText,t.MsgTip, 'N',t.AD_Client_ID,t.AD_Org_ID,t.Created,t.Createdby,t.Updated,t.UpdatedBy,Generate_UUID() FROM AD_Language l, AD_Message t WHERE l.IsActive='Y' AND l.IsSystemLanguage='Y' AND l.IsBaseLanguage='N' AND t.AD_Message_ID=200045 AND NOT EXISTS (SELECT * FROM AD_Message_Trl tt WHERE tt.AD_Language=l.AD_Language AND tt.AD_Message_ID=t.AD_Message_ID)
|
||||||
;
|
;
|
||||||
|
|
||||||
-- Sep 10, 2012 5:20:40 PM SGT
|
|
||||||
-- IDEMPIERE-375 Implement Forgot my Password
|
|
||||||
INSERT INTO AD_Message (MsgType,MsgText,AD_Message_ID,EntityType,AD_Message_UU,Value,IsActive,Updated,CreatedBy,UpdatedBy,AD_Client_ID,AD_Org_ID,Created) VALUES ('I','Answer',200046,'D','494db2ce-7749-4f52-82a1-d7e9448ab864','Answer','Y',TO_DATE('2012-09-10 17:20:40','YYYY-MM-DD HH24:MI:SS'),100,100,0,0,TO_DATE('2012-09-10 17:20:40','YYYY-MM-DD HH24:MI:SS'))
|
|
||||||
;
|
|
||||||
|
|
||||||
-- Sep 10, 2012 5:20:46 PM SGT
|
|
||||||
-- IDEMPIERE-375 Implement Forgot my Password
|
|
||||||
INSERT INTO AD_Message (MsgType,MsgText,AD_Message_ID,EntityType,AD_Message_UU,Value,IsActive,Updated,CreatedBy,UpdatedBy,AD_Client_ID,AD_Org_ID,Created) VALUES ('I','Answer',200047,'D','397a2656-2199-4451-87fe-5850b54957c0','Answer','Y',TO_DATE('2012-09-10 17:20:45','YYYY-MM-DD HH24:MI:SS'),100,100,0,0,TO_DATE('2012-09-10 17:20:45','YYYY-MM-DD HH24:MI:SS'))
|
|
||||||
;
|
|
||||||
|
|
||||||
-- Sep 10, 2012 5:21:23 PM SGT
|
-- Sep 10, 2012 5:21:23 PM SGT
|
||||||
-- IDEMPIERE-375 Implement Forgot my Password
|
-- IDEMPIERE-375 Implement Forgot my Password
|
||||||
INSERT INTO AD_Message (MsgType,MsgText,AD_Message_ID,EntityType,AD_Message_UU,Value,IsActive,Updated,CreatedBy,UpdatedBy,AD_Client_ID,AD_Org_ID,Created) VALUES ('E','Security Question is Mandatory',200048,'D','5c73ed0f-6ca9-45bc-8df7-e85f8bc3471d','SecurityQuestionMandatory','Y',TO_DATE('2012-09-10 17:21:22','YYYY-MM-DD HH24:MI:SS'),100,100,0,0,TO_DATE('2012-09-10 17:21:22','YYYY-MM-DD HH24:MI:SS'))
|
INSERT INTO AD_Message (MsgType,MsgText,AD_Message_ID,EntityType,AD_Message_UU,Value,IsActive,Updated,CreatedBy,UpdatedBy,AD_Client_ID,AD_Org_ID,Created) VALUES ('E','Security Question is Mandatory',200048,'D','5c73ed0f-6ca9-45bc-8df7-e85f8bc3471d','SecurityQuestionMandatory','Y',TO_DATE('2012-09-10 17:21:22','YYYY-MM-DD HH24:MI:SS'),100,100,0,0,TO_DATE('2012-09-10 17:21:22','YYYY-MM-DD HH24:MI:SS'))
|
||||||
|
@ -351,4 +341,4 @@ UPDATE AD_Message_Trl SET IsTranslated='N' WHERE AD_Message_ID=200059
|
||||||
;
|
;
|
||||||
|
|
||||||
SELECT register_migration_script('907_IDEMPIERE-375.sql') FROM dual
|
SELECT register_migration_script('907_IDEMPIERE-375.sql') FROM dual
|
||||||
;
|
;
|
||||||
|
|
|
@ -0,0 +1,8 @@
|
||||||
|
-- Sep 11, 2012 5:02:55 PM COT
|
||||||
|
-- IDEMPIERE-375 Implement Forgot my Password
|
||||||
|
INSERT INTO AD_SysConfig (AD_SysConfig_ID,EntityType,ConfigurationLevel,Value,Description,AD_SysConfig_UU,Created,Updated,AD_Client_ID,AD_Org_ID,CreatedBy,IsActive,UpdatedBy,Name) VALUES (200019,'D','S','Y','Show reset password button on login panel','9b0ac996-a542-44e5-9777-a284402a9788',TO_DATE('2012-09-11 17:02:54','YYYY-MM-DD HH24:MI:SS'),TO_DATE('2012-09-11 17:02:54','YYYY-MM-DD HH24:MI:SS'),0,0,100,'Y',100,'LOGIN_SHOW_RESETPASSWORD')
|
||||||
|
;
|
||||||
|
|
||||||
|
SELECT register_migration_script('909_IDEMPIERE-375.sql') FROM dual
|
||||||
|
;
|
||||||
|
|
|
@ -103,16 +103,6 @@ INSERT INTO AD_Message (MsgType,MsgText,AD_Message_ID,EntityType,AD_Message_UU,V
|
||||||
INSERT INTO AD_Message_Trl (AD_Language,AD_Message_ID, MsgText,MsgTip, IsTranslated,AD_Client_ID,AD_Org_ID,Created,Createdby,Updated,UpdatedBy,AD_Message_Trl_UU ) SELECT l.AD_Language,t.AD_Message_ID, t.MsgText,t.MsgTip, 'N',t.AD_Client_ID,t.AD_Org_ID,t.Created,t.Createdby,t.Updated,t.UpdatedBy,Generate_UUID() FROM AD_Language l, AD_Message t WHERE l.IsActive='Y' AND l.IsSystemLanguage='Y' AND l.IsBaseLanguage='N' AND t.AD_Message_ID=200045 AND NOT EXISTS (SELECT * FROM AD_Message_Trl tt WHERE tt.AD_Language=l.AD_Language AND tt.AD_Message_ID=t.AD_Message_ID)
|
INSERT INTO AD_Message_Trl (AD_Language,AD_Message_ID, MsgText,MsgTip, IsTranslated,AD_Client_ID,AD_Org_ID,Created,Createdby,Updated,UpdatedBy,AD_Message_Trl_UU ) SELECT l.AD_Language,t.AD_Message_ID, t.MsgText,t.MsgTip, 'N',t.AD_Client_ID,t.AD_Org_ID,t.Created,t.Createdby,t.Updated,t.UpdatedBy,Generate_UUID() FROM AD_Language l, AD_Message t WHERE l.IsActive='Y' AND l.IsSystemLanguage='Y' AND l.IsBaseLanguage='N' AND t.AD_Message_ID=200045 AND NOT EXISTS (SELECT * FROM AD_Message_Trl tt WHERE tt.AD_Language=l.AD_Language AND tt.AD_Message_ID=t.AD_Message_ID)
|
||||||
;
|
;
|
||||||
|
|
||||||
-- Sep 10, 2012 5:20:40 PM SGT
|
|
||||||
-- IDEMPIERE-375 Implement Forgot my Password
|
|
||||||
INSERT INTO AD_Message (MsgType,MsgText,AD_Message_ID,EntityType,AD_Message_UU,Value,IsActive,Updated,CreatedBy,UpdatedBy,AD_Client_ID,AD_Org_ID,Created) VALUES ('I','Answer',200046,'D','494db2ce-7749-4f52-82a1-d7e9448ab864','Answer','Y',TO_TIMESTAMP('2012-09-10 17:20:40','YYYY-MM-DD HH24:MI:SS'),100,100,0,0,TO_TIMESTAMP('2012-09-10 17:20:40','YYYY-MM-DD HH24:MI:SS'))
|
|
||||||
;
|
|
||||||
|
|
||||||
-- Sep 10, 2012 5:20:46 PM SGT
|
|
||||||
-- IDEMPIERE-375 Implement Forgot my Password
|
|
||||||
INSERT INTO AD_Message (MsgType,MsgText,AD_Message_ID,EntityType,AD_Message_UU,Value,IsActive,Updated,CreatedBy,UpdatedBy,AD_Client_ID,AD_Org_ID,Created) VALUES ('I','Answer',200047,'D','397a2656-2199-4451-87fe-5850b54957c0','Answer','Y',TO_TIMESTAMP('2012-09-10 17:20:45','YYYY-MM-DD HH24:MI:SS'),100,100,0,0,TO_TIMESTAMP('2012-09-10 17:20:45','YYYY-MM-DD HH24:MI:SS'))
|
|
||||||
;
|
|
||||||
|
|
||||||
-- Sep 10, 2012 5:21:23 PM SGT
|
-- Sep 10, 2012 5:21:23 PM SGT
|
||||||
-- IDEMPIERE-375 Implement Forgot my Password
|
-- IDEMPIERE-375 Implement Forgot my Password
|
||||||
INSERT INTO AD_Message (MsgType,MsgText,AD_Message_ID,EntityType,AD_Message_UU,Value,IsActive,Updated,CreatedBy,UpdatedBy,AD_Client_ID,AD_Org_ID,Created) VALUES ('E','Security Question is Mandatory',200048,'D','5c73ed0f-6ca9-45bc-8df7-e85f8bc3471d','SecurityQuestionMandatory','Y',TO_TIMESTAMP('2012-09-10 17:21:22','YYYY-MM-DD HH24:MI:SS'),100,100,0,0,TO_TIMESTAMP('2012-09-10 17:21:22','YYYY-MM-DD HH24:MI:SS'))
|
INSERT INTO AD_Message (MsgType,MsgText,AD_Message_ID,EntityType,AD_Message_UU,Value,IsActive,Updated,CreatedBy,UpdatedBy,AD_Client_ID,AD_Org_ID,Created) VALUES ('E','Security Question is Mandatory',200048,'D','5c73ed0f-6ca9-45bc-8df7-e85f8bc3471d','SecurityQuestionMandatory','Y',TO_TIMESTAMP('2012-09-10 17:21:22','YYYY-MM-DD HH24:MI:SS'),100,100,0,0,TO_TIMESTAMP('2012-09-10 17:21:22','YYYY-MM-DD HH24:MI:SS'))
|
||||||
|
@ -351,4 +341,4 @@ UPDATE AD_Message_Trl SET IsTranslated='N' WHERE AD_Message_ID=200059
|
||||||
;
|
;
|
||||||
|
|
||||||
SELECT register_migration_script('907_IDEMPIERE-375.sql') FROM dual
|
SELECT register_migration_script('907_IDEMPIERE-375.sql') FROM dual
|
||||||
;
|
;
|
||||||
|
|
|
@ -0,0 +1,8 @@
|
||||||
|
-- Sep 11, 2012 5:02:55 PM COT
|
||||||
|
-- IDEMPIERE-375 Implement Forgot my Password
|
||||||
|
INSERT INTO AD_SysConfig (AD_SysConfig_ID,EntityType,ConfigurationLevel,Value,Description,AD_SysConfig_UU,Created,Updated,AD_Client_ID,AD_Org_ID,CreatedBy,IsActive,UpdatedBy,Name) VALUES (200019,'D','S','Y','Show reset password button on login panel','9b0ac996-a542-44e5-9777-a284402a9788',TO_TIMESTAMP('2012-09-11 17:02:54','YYYY-MM-DD HH24:MI:SS'),TO_TIMESTAMP('2012-09-11 17:02:54','YYYY-MM-DD HH24:MI:SS'),0,0,100,'Y',100,'LOGIN_SHOW_RESETPASSWORD')
|
||||||
|
;
|
||||||
|
|
||||||
|
SELECT register_migration_script('909_IDEMPIERE-375.sql') FROM dual
|
||||||
|
;
|
||||||
|
|
|
@ -46,6 +46,7 @@ import edu.vt.middleware.password.NonAlphanumericCharacterRule;
|
||||||
import edu.vt.middleware.password.NumericalSequenceRule;
|
import edu.vt.middleware.password.NumericalSequenceRule;
|
||||||
import edu.vt.middleware.password.Password;
|
import edu.vt.middleware.password.Password;
|
||||||
import edu.vt.middleware.password.PasswordData;
|
import edu.vt.middleware.password.PasswordData;
|
||||||
|
import edu.vt.middleware.password.PasswordGenerator;
|
||||||
import edu.vt.middleware.password.PasswordValidator;
|
import edu.vt.middleware.password.PasswordValidator;
|
||||||
import edu.vt.middleware.password.QwertySequenceRule;
|
import edu.vt.middleware.password.QwertySequenceRule;
|
||||||
import edu.vt.middleware.password.RepeatCharacterRegexRule;
|
import edu.vt.middleware.password.RepeatCharacterRegexRule;
|
||||||
|
@ -63,7 +64,7 @@ public class MPasswordRule extends X_AD_PasswordRule {
|
||||||
/**
|
/**
|
||||||
*
|
*
|
||||||
*/
|
*/
|
||||||
private static final long serialVersionUID = -4262842010340413022L;
|
private static final long serialVersionUID = 7376091524332484101L;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @param ctx
|
* @param ctx
|
||||||
|
@ -225,4 +226,44 @@ public class MPasswordRule extends X_AD_PasswordRule {
|
||||||
return new MessageResolver(props);
|
return new MessageResolver(props);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public String generate() {
|
||||||
|
CharacterCharacteristicsRule charRule = new CharacterCharacteristicsRule();
|
||||||
|
int numValidations = 0;
|
||||||
|
if (getDigitCharacter() > 0) {
|
||||||
|
// require at least n digit in passwords
|
||||||
|
numValidations++;
|
||||||
|
charRule.getRules().add(new DigitCharacterRule(getDigitCharacter()));
|
||||||
|
}
|
||||||
|
if (getNonAlphaNumericCharacter() > 0) {
|
||||||
|
// require at least n non-alphanumeric char
|
||||||
|
numValidations++;
|
||||||
|
charRule.getRules().add(new NonAlphanumericCharacterRule(getNonAlphaNumericCharacter()));
|
||||||
|
}
|
||||||
|
if (getUppercaseCharacter() > 0) {
|
||||||
|
numValidations++;
|
||||||
|
charRule.getRules().add(new UppercaseCharacterRule(getUppercaseCharacter()));
|
||||||
|
}
|
||||||
|
if (getLowercaseCharacter() > 0) {
|
||||||
|
numValidations++;
|
||||||
|
charRule.getRules().add(new LowercaseCharacterRule(getLowercaseCharacter()));
|
||||||
|
}
|
||||||
|
if (getAlphabeticalCharacter() > 0){
|
||||||
|
numValidations++;
|
||||||
|
charRule.getRules().add(new AlphabeticalCharacterRule(getAlphabeticalCharacter()));
|
||||||
|
}
|
||||||
|
if (! charRule.getRules().isEmpty()) {
|
||||||
|
charRule.setNumberOfCharacteristics(numValidations);
|
||||||
|
}
|
||||||
|
|
||||||
|
int len = 10; // suggested length to generate
|
||||||
|
if (len < getMinLength()) {
|
||||||
|
len = getMinLength();
|
||||||
|
}
|
||||||
|
if (len > getMaxLength()) {
|
||||||
|
len = getMaxLength();
|
||||||
|
}
|
||||||
|
|
||||||
|
return new PasswordGenerator().generatePassword(len, charRule.getRules());
|
||||||
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -37,7 +37,7 @@ public class MSysConfig extends X_AD_SysConfig
|
||||||
/**
|
/**
|
||||||
*
|
*
|
||||||
*/
|
*/
|
||||||
private static final long serialVersionUID = -9111154530183645884L;
|
private static final long serialVersionUID = 5434521728516112616L;
|
||||||
|
|
||||||
public final static String PDF_FONT_DIR = "PDF_FONT_DIR";
|
public final static String PDF_FONT_DIR = "PDF_FONT_DIR";
|
||||||
public final static String TWOPACK_HANDLE_TRANSLATIONS = "2PACK_HANDLE_TRANSLATIONS";
|
public final static String TWOPACK_HANDLE_TRANSLATIONS = "2PACK_HANDLE_TRANSLATIONS";
|
||||||
|
@ -50,6 +50,7 @@ public class MSysConfig extends X_AD_SysConfig
|
||||||
public static final String ZK_DASHBOARD_REFRESH_INTERVAL = "ZK_DASHBOARD_REFRESH_INTERVAL";
|
public static final String ZK_DASHBOARD_REFRESH_INTERVAL = "ZK_DASHBOARD_REFRESH_INTERVAL";
|
||||||
public static final String RecentItems_MaxShown = "RecentItems_MaxShown";
|
public static final String RecentItems_MaxShown = "RecentItems_MaxShown";
|
||||||
public static final String USE_EMAIL_FOR_LOGIN = "USE_EMAIL_FOR_LOGIN";
|
public static final String USE_EMAIL_FOR_LOGIN = "USE_EMAIL_FOR_LOGIN";
|
||||||
|
public static final String LOGIN_SHOW_RESETPASSWORD = "LOGIN_SHOW_RESETPASSWORD";
|
||||||
public static final String ALogin_ShowOneRole = "ALogin_ShowOneRole";
|
public static final String ALogin_ShowOneRole = "ALogin_ShowOneRole";
|
||||||
public static final String ZK_BROWSER_ICON = "ZK_BROWSER_ICON";
|
public static final String ZK_BROWSER_ICON = "ZK_BROWSER_ICON";
|
||||||
public static final String ZK_BROWSER_TITLE = "ZK_BROWSER_TITLE";
|
public static final String ZK_BROWSER_TITLE = "ZK_BROWSER_TITLE";
|
||||||
|
|
|
@ -212,13 +212,6 @@ public class MUser extends X_AD_User
|
||||||
clientsValidated.add(user.getAD_Client_ID());
|
clientsValidated.add(user.getAD_Client_ID());
|
||||||
boolean valid = false;
|
boolean valid = false;
|
||||||
if (hash_password) {
|
if (hash_password) {
|
||||||
String hash = user.getPassword();
|
|
||||||
String salt = user.getSalt();
|
|
||||||
// always do calculation to confuse timing based attacks
|
|
||||||
if ( hash == null )
|
|
||||||
hash = "0000000000000000";
|
|
||||||
if ( salt == null )
|
|
||||||
salt = "0000000000000000";
|
|
||||||
valid = user.authenticateHash(password);
|
valid = user.authenticateHash(password);
|
||||||
} else {
|
} else {
|
||||||
// password not hashed
|
// password not hashed
|
||||||
|
|
|
@ -292,28 +292,12 @@ public class Login
|
||||||
|
|
||||||
MUser user = MTable.get(m_ctx, MUser.Table_ID).createQuery( where, null).setParameters(app_user).firstOnly(); // throws error if username collision occurs
|
MUser user = MTable.get(m_ctx, MUser.Table_ID).createQuery( where, null).setParameters(app_user).firstOnly(); // throws error if username collision occurs
|
||||||
|
|
||||||
String hash = null;
|
|
||||||
String salt = null;
|
|
||||||
int AD_User_ID = -1;
|
|
||||||
|
|
||||||
if (user != null )
|
|
||||||
{
|
|
||||||
hash = user.getPassword();
|
|
||||||
salt = user.getSalt();
|
|
||||||
}
|
|
||||||
|
|
||||||
// always do calculation to confuse timing based attacks
|
// always do calculation to confuse timing based attacks
|
||||||
if ( user == null )
|
if ( user == null )
|
||||||
user = MUser.get(m_ctx, 0);
|
user = MUser.get(m_ctx, 0);
|
||||||
if ( hash == null )
|
|
||||||
hash = "0000000000000000";
|
|
||||||
if ( salt == null )
|
|
||||||
salt = "0000000000000000";
|
|
||||||
|
|
||||||
if ( user.authenticateHash(app_pwd) )
|
if ( user.authenticateHash(app_pwd) )
|
||||||
{
|
{
|
||||||
authenticated = true;
|
authenticated = true;
|
||||||
AD_User_ID = user.getAD_User_ID();
|
|
||||||
app_pwd = null;
|
app_pwd = null;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -1396,13 +1380,6 @@ public class Login
|
||||||
clientsValidated.add(user.getAD_Client_ID());
|
clientsValidated.add(user.getAD_Client_ID());
|
||||||
boolean valid = false;
|
boolean valid = false;
|
||||||
if (hash_password) {
|
if (hash_password) {
|
||||||
String hash = user.getPassword();
|
|
||||||
String salt = user.getSalt();
|
|
||||||
// always do calculation to confuse timing based attacks
|
|
||||||
if ( hash == null )
|
|
||||||
hash = "0000000000000000";
|
|
||||||
if ( salt == null )
|
|
||||||
salt = "0000000000000000";
|
|
||||||
valid = user.authenticateHash(app_pwd);
|
valid = user.authenticateHash(app_pwd);
|
||||||
} else {
|
} else {
|
||||||
// password not hashed
|
// password not hashed
|
||||||
|
|
|
@ -51,12 +51,12 @@ import org.zkoss.zul.Image;
|
||||||
*/
|
*/
|
||||||
public class ChangePasswordPanel extends Window implements EventListener<Event>
|
public class ChangePasswordPanel extends Window implements EventListener<Event>
|
||||||
{
|
{
|
||||||
/**
|
/**
|
||||||
*
|
*
|
||||||
*/
|
*/
|
||||||
private static final long serialVersionUID = 5323925843783103350L;
|
private static final long serialVersionUID = 6055606520280550335L;
|
||||||
|
|
||||||
private static CLogger logger = CLogger.getCLogger(ChangePasswordPanel.class);
|
private static CLogger logger = CLogger.getCLogger(ChangePasswordPanel.class);
|
||||||
|
|
||||||
private LoginWindow wndLogin;
|
private LoginWindow wndLogin;
|
||||||
|
|
||||||
|
@ -260,7 +260,7 @@ public class ChangePasswordPanel extends Window implements EventListener<Event>
|
||||||
{
|
{
|
||||||
if (event.getTarget().getId().equals(ConfirmPanel.A_OK))
|
if (event.getTarget().getId().equals(ConfirmPanel.A_OK))
|
||||||
{
|
{
|
||||||
validateChangePassword();
|
validateChangePassword();
|
||||||
}
|
}
|
||||||
else if (event.getTarget().getId().equals(ConfirmPanel.A_CANCEL))
|
else if (event.getTarget().getId().equals(ConfirmPanel.A_CANCEL))
|
||||||
{
|
{
|
||||||
|
@ -316,24 +316,21 @@ public class ChangePasswordPanel extends Window implements EventListener<Event>
|
||||||
logger.severe("Could not find user '" + m_userName + "'");
|
logger.severe("Could not find user '" + m_userName + "'");
|
||||||
throw new AdempiereException("Could not find user");
|
throw new AdempiereException("Could not find user");
|
||||||
}
|
}
|
||||||
|
|
||||||
user.setPassword(newPassword);
|
user.set_ValueOfColumn("Password", newPassword); // will be hashed and validate on saveEx
|
||||||
user.setIsExpired(false);
|
user.setIsExpired(false);
|
||||||
user.setSecurityQuestion(securityQuestion);
|
user.setSecurityQuestion(securityQuestion);
|
||||||
user.setAnswer(answer);
|
user.setAnswer(answer);
|
||||||
if (!user.save(trx.getTrxName()))
|
user.saveEx(trx.getTrxName());
|
||||||
{
|
|
||||||
trx.rollback();
|
|
||||||
throw new AdempiereException("Could not update user");
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
trx.commit();
|
trx.commit();
|
||||||
}
|
}
|
||||||
catch (Exception e)
|
catch (AdempiereException e)
|
||||||
{
|
{
|
||||||
if (trx != null)
|
if (trx != null)
|
||||||
trx.rollback();
|
trx.rollback();
|
||||||
|
throw e;
|
||||||
}
|
}
|
||||||
finally
|
finally
|
||||||
{
|
{
|
||||||
|
|
|
@ -220,19 +220,21 @@ public class LoginPanel extends Window implements EventListener<Event>
|
||||||
tr.appendChild(td);
|
tr.appendChild(td);
|
||||||
td.appendChild(chkRememberMe);
|
td.appendChild(chkRememberMe);
|
||||||
}
|
}
|
||||||
|
|
||||||
tr = new Tr();
|
if (MSysConfig.getBooleanValue(MSysConfig.LOGIN_SHOW_RESETPASSWORD, true)) {
|
||||||
tr.setId("rowResetPassword");
|
tr = new Tr();
|
||||||
table.appendChild(tr);
|
tr.setId("rowResetPassword");
|
||||||
td = new Td();
|
table.appendChild(tr);
|
||||||
tr.appendChild(td);
|
td = new Td();
|
||||||
td.setSclass(ITheme.LOGIN_LABEL_CLASS);
|
tr.appendChild(td);
|
||||||
td.appendChild(new Label(""));
|
td.setSclass(ITheme.LOGIN_LABEL_CLASS);
|
||||||
td = new Td();
|
td.appendChild(new Label(""));
|
||||||
td.setSclass(ITheme.LOGIN_FIELD_CLASS);
|
td = new Td();
|
||||||
tr.appendChild(td);
|
td.setSclass(ITheme.LOGIN_FIELD_CLASS);
|
||||||
td.appendChild(btnResetPassword);
|
tr.appendChild(td);
|
||||||
btnResetPassword.addEventListener(Events.ON_CLICK, this);
|
td.appendChild(btnResetPassword);
|
||||||
|
btnResetPassword.addEventListener(Events.ON_CLICK, this);
|
||||||
|
}
|
||||||
|
|
||||||
div = new Div();
|
div = new Div();
|
||||||
div.setSclass(ITheme.LOGIN_BOX_FOOTER_CLASS);
|
div.setSclass(ITheme.LOGIN_BOX_FOOTER_CLASS);
|
||||||
|
|
|
@ -34,6 +34,7 @@ import org.adempiere.webui.theme.ThemeManager;
|
||||||
import org.adempiere.webui.window.LoginWindow;
|
import org.adempiere.webui.window.LoginWindow;
|
||||||
import org.compiere.model.MClient;
|
import org.compiere.model.MClient;
|
||||||
import org.compiere.model.MMailText;
|
import org.compiere.model.MMailText;
|
||||||
|
import org.compiere.model.MPasswordRule;
|
||||||
import org.compiere.model.MSysConfig;
|
import org.compiere.model.MSysConfig;
|
||||||
import org.compiere.model.MUser;
|
import org.compiere.model.MUser;
|
||||||
import org.compiere.model.Query;
|
import org.compiere.model.Query;
|
||||||
|
@ -62,8 +63,8 @@ public class ResetPasswordPanel extends Window implements EventListener<Event>
|
||||||
/**
|
/**
|
||||||
*
|
*
|
||||||
*/
|
*/
|
||||||
private static final long serialVersionUID = 190270426336225224L;
|
private static final long serialVersionUID = -657724758165769510L;
|
||||||
|
|
||||||
private static CLogger logger = CLogger.getCLogger(ResetPasswordPanel.class);
|
private static CLogger logger = CLogger.getCLogger(ResetPasswordPanel.class);
|
||||||
|
|
||||||
private static final int MAX_RESET_PASSWORD_TRIES = 3;
|
private static final int MAX_RESET_PASSWORD_TRIES = 3;
|
||||||
|
@ -325,15 +326,15 @@ public class ResetPasswordPanel extends Window implements EventListener<Event>
|
||||||
}
|
}
|
||||||
throw new AdempiereException(errMsg);
|
throw new AdempiereException(errMsg);
|
||||||
}
|
}
|
||||||
|
|
||||||
boolean hash_password = MSysConfig.getBooleanValue(MSysConfig.USER_PASSWORD_HASH, false);
|
|
||||||
|
|
||||||
StringBuilder sqlUpdate = new StringBuilder("UPDATE AD_User ");
|
String newPassword;
|
||||||
sqlUpdate.append("SET IsExpired='Y', Password=? ");
|
MPasswordRule pwdrule = MPasswordRule.getRules(Env.getCtx(), null);
|
||||||
sqlUpdate.append("WHERE AD_User_ID=? ");
|
if (pwdrule != null) {
|
||||||
|
newPassword = pwdrule.generate();
|
||||||
SecureRandom random = new SecureRandom();
|
} else {
|
||||||
String newPassword = BigInteger.probablePrime(50, random).toString(Character.MAX_RADIX);
|
SecureRandom random = new SecureRandom();
|
||||||
|
newPassword = BigInteger.probablePrime(50, random).toString(Character.MAX_RADIX);
|
||||||
|
}
|
||||||
|
|
||||||
String errorMsg = "";
|
String errorMsg = "";
|
||||||
Trx trx = null;
|
Trx trx = null;
|
||||||
|
@ -346,18 +347,10 @@ public class ResetPasswordPanel extends Window implements EventListener<Event>
|
||||||
{
|
{
|
||||||
user.set_TrxName(trx.getTrxName());
|
user.set_TrxName(trx.getTrxName());
|
||||||
|
|
||||||
user.setPassword(newPassword);
|
user.set_ValueOfColumn("Password", newPassword); // will be hashed and validate on saveEx
|
||||||
if (hash_password)
|
user.setIsExpired(true);
|
||||||
user.setPassword(user.getPassword());
|
user.saveEx();
|
||||||
// use SQL to update the password to skip password rule validation
|
|
||||||
int no = DB.executeUpdate(sqlUpdate.toString(), new Object[] {user.getPassword(), user.getAD_User_ID()}, false, trx.getTrxName());
|
|
||||||
if (no <= 0)
|
|
||||||
{
|
|
||||||
trx.rollback();
|
|
||||||
logger.severe("Failed to update user '" + m_userName + "'");
|
|
||||||
throw new AdempiereException("Failed to update user");
|
|
||||||
}
|
|
||||||
|
|
||||||
if (sendEmail(user, newPassword))
|
if (sendEmail(user, newPassword))
|
||||||
logger.fine(user.getEMail());
|
logger.fine(user.getEMail());
|
||||||
else
|
else
|
||||||
|
@ -365,8 +358,8 @@ public class ResetPasswordPanel extends Window implements EventListener<Event>
|
||||||
if (errorMsg.length() > 0)
|
if (errorMsg.length() > 0)
|
||||||
errorMsg += ", ";
|
errorMsg += ", ";
|
||||||
errorMsg += user.getEMail();
|
errorMsg += user.getEMail();
|
||||||
logger.warning("Failed to send email to user - " + user.getEMail());
|
throw new AdempiereException("Failed to send email to user - " + user.getEMail());
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
trx.commit();
|
trx.commit();
|
||||||
|
@ -381,7 +374,7 @@ public class ResetPasswordPanel extends Window implements EventListener<Event>
|
||||||
if (trx != null)
|
if (trx != null)
|
||||||
trx.close();
|
trx.close();
|
||||||
}
|
}
|
||||||
|
|
||||||
if (errorMsg.length() > 0)
|
if (errorMsg.length() > 0)
|
||||||
throw new AdempiereException(Msg.getMsg(m_ctx, "RequestActionEMailError") + ": " + errorMsg);
|
throw new AdempiereException(Msg.getMsg(m_ctx, "RequestActionEMailError") + ": " + errorMsg);
|
||||||
else
|
else
|
||||||
|
@ -408,10 +401,10 @@ public class ResetPasswordPanel extends Window implements EventListener<Event>
|
||||||
return false;
|
return false;
|
||||||
|
|
||||||
MMailText mailText = new MMailText(m_ctx, R_MailText_ID, null);
|
MMailText mailText = new MMailText(m_ctx, R_MailText_ID, null);
|
||||||
to.setPassword(newPassword);
|
to.set_ValueOfColumn("Password", newPassword); // will be hashed and validate on saveEx
|
||||||
mailText.setUser(to);
|
mailText.setUser(to);
|
||||||
String message = mailText.getMailText(true);
|
String message = mailText.getMailText(true);
|
||||||
message = Env.parseVariable(message, to, to.get_TrxName(), true);
|
message = Env.parseVariable(message, to, to.get_TrxName(), true);
|
||||||
EMail email = client.createEMail(to.getEMail(), mailText.getMailHeader(), message, mailText.isHtml());
|
EMail email = client.createEMail(to.getEMail(), mailText.getMailHeader(), message, mailText.isHtml());
|
||||||
if (mailText.isHtml())
|
if (mailText.isHtml())
|
||||||
email.setMessageHTML(mailText.getMailHeader(), message);
|
email.setMessageHTML(mailText.getMailHeader(), message);
|
||||||
|
@ -427,4 +420,4 @@ public class ResetPasswordPanel extends Window implements EventListener<Event>
|
||||||
}
|
}
|
||||||
return EMail.SENT_OK.equals(email.send());
|
return EMail.SENT_OK.equals(email.send());
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue