midsuit
/
core-jgi
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

IDEMPIERE-2558 don't allow use old password when change password / fix daysReuse=0 means this feature is not used / do not save password history if not configured / warning on log when saving plain passwords

This commit is contained in:
Carlos Ruiz 2018-12-14 14:10:10 +01:00
parent 19b1e6e1f8
commit 5260f31c57
2 changed files with 23 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
org.adempiere.base/src/org/compiere/model/MPasswordHistory.java
View File

@ -1,18 +1,18 @@
package org.compiere.model; package org.compiere.model;
import java.sql.ResultSet; import java.sql.ResultSet;
import java.util.ArrayList;
import java.util.List; import java.util.List;
import java.util.Properties; import java.util.Properties;
import org.compiere.util.Env; import org.compiere.util.Env;
public class MPasswordHistory extends X_AD_Password_History { public class MPasswordHistory extends X_AD_Password_History {
/** /**
* *
*/ */
private static final long serialVersionUID = 3480028808276906947L; private static final long serialVersionUID = 8602148028134601856L;
public MPasswordHistory(Properties ctx, int AD_Password_History_ID, public MPasswordHistory(Properties ctx, int AD_Password_History_ID,
String trxName) { String trxName) {
super(ctx, AD_Password_History_ID, trxName); super(ctx, AD_Password_History_ID, trxName);
@ -35,6 +35,9 @@ public class MPasswordHistory extends X_AD_Password_History {
* @return * @return
*/ */
public static List<MPasswordHistory> getPasswordHistoryForCheck (int daysReuse, int userId){ public static List<MPasswordHistory> getPasswordHistoryForCheck (int daysReuse, int userId){
if (daysReuse <= 0) {
return new ArrayList<MPasswordHistory>();
}
StringBuilder whereClause = new StringBuilder() StringBuilder whereClause = new StringBuilder()
.append("SYSDATE-") .append("SYSDATE-")
.append(daysReuse) .append(daysReuse)

35
org.adempiere.base/src/org/compiere/model/MUser.java
View File

@ -907,14 +907,6 @@ public class MUser extends X_AD_User
MPasswordRule pwdrule = MPasswordRule.getRules(getCtx(), get_TrxName()); MPasswordRule pwdrule = MPasswordRule.getRules(getCtx(), get_TrxName());
if (pwdrule != null){ if (pwdrule != null){
List<MPasswordHistory> passwordHistorys = MPasswordHistory.getPasswordHistoryForCheck(pwdrule.getDays_Reuse_Password(), this.getAD_User_ID()); List<MPasswordHistory> passwordHistorys = MPasswordHistory.getPasswordHistoryForCheck(pwdrule.getDays_Reuse_Password(), this.getAD_User_ID());
// for long time user don't use this system, because all password in history table is out of check range. but we will want new password must difference latest password
if (passwordHistorys.size() == 0 && !this.is_new() && this.get_ValueOld(MUser.COLUMNNAME_Password) != null){
Object oldSalt = this.get_ValueOld(MUser.COLUMNNAME_Salt);
Object oldPassword = this.get_ValueOld(MUser.COLUMNNAME_Password);
MPasswordHistory latestPassword = new MPasswordHistory(oldSalt == null?null:oldSalt.toString(), oldPassword == null?null:oldPassword.toString());
passwordHistorys.add(latestPassword);
}
pwdrule.validate((getLDAPUser() != null ? getLDAPUser() : getName()), getPassword(), passwordHistorys); pwdrule.validate((getLDAPUser() != null ? getLDAPUser() : getName()), getPassword(), passwordHistorys);
} }
setDatePasswordChanged(new Timestamp(new Date().getTime())); setDatePasswordChanged(new Timestamp(new Date().getTime()));
@ -1055,17 +1047,24 @@ public class MUser extends X_AD_User
@Override @Override
protected boolean afterSave(boolean newRecord, boolean success) { protected boolean afterSave(boolean newRecord, boolean success) {
if (getPassword() != null && getPassword().length() > 0 && (newRecord || is_ValueChanged("Password"))) { if (getPassword() != null && getPassword().length() > 0 && (newRecord || is_ValueChanged("Password"))) {
MPasswordHistory passwordHistory = new MPasswordHistory(this.getCtx(), 0, this.get_TrxName()); MPasswordRule pwdrule = MPasswordRule.getRules(getCtx(), get_TrxName());
passwordHistory.setSalt(this.getSalt()); if (pwdrule != null && pwdrule.getDays_Reuse_Password() > 0) {
passwordHistory.setPassword(this.getPassword()); boolean hash_password = MSysConfig.getBooleanValue(MSysConfig.USER_PASSWORD_HASH, false);
// http://wiki.idempiere.org/en/System_user if (! hash_password) {
if (!this.is_new() && this.getAD_User_ID() == 0){ log.severe("Saving password history: it is strongly encouraged to save password history just when using hashed passwords - WARNING! table AD_Password_History is possibly keeping plain passwords");
passwordHistory.set_Value(MPasswordHistory.COLUMNNAME_AD_User_ID, 0); }
}else{ MPasswordHistory passwordHistory = new MPasswordHistory(this.getCtx(), 0, this.get_TrxName());
passwordHistory.setAD_User_ID(this.getAD_User_ID()); passwordHistory.setSalt(this.getSalt());
passwordHistory.setPassword(this.getPassword());
// http://wiki.idempiere.org/en/System_user
if (!this.is_new() && this.getAD_User_ID() == 0){
passwordHistory.set_Value(MPasswordHistory.COLUMNNAME_AD_User_ID, 0);
}else{
passwordHistory.setAD_User_ID(this.getAD_User_ID());
}
passwordHistory.setDatePasswordChanged(this.getUpdated());
passwordHistory.saveEx();
} }
passwordHistory.setDatePasswordChanged(this.getUpdated());
passwordHistory.saveEx();
} }
return super.afterSave(newRecord, success); return super.afterSave(newRecord, success);
} }