/** * @param u the user * @param clearpass new password in clear * @return true if password is in PasswordHistory */ public boolean checkNewPassword (User u, String clearpass) throws Exception { if (checkPassword (u, clearpass)) { return false; // same password not allowed } for (PasswordHistory p : u.getPasswordhistory()) { HashVersion v = HashVersion.getVersion(p.getValue()); switch (v) { case ZERO: if (checkV0Password(p.getValue(), u.getId(), clearpass)) return false; case ONE: if (checkV1Password (p.getValue(), clearpass)) return false; } } return true; }
public String resetUserPassword (User user) { String generatedPassword = PasswordGenerator.generateRandomPassword(); try { DB.execWithTransaction((db) -> { db.session().refresh(user); user.getPasswordhistory(); // hack to avoid LazyInitialization UserManager mgr = new UserManager(db); try { mgr.setPassword(user, generatedPassword); } catch (BLException e) { getApp().displayNotification("errorMessage.resetPassword"); return false; } user.setForcePasswordChange(true); user.setLoginAttempts(0); // reset login attempts db.session().saveOrUpdate(user); return true; }); } catch (Exception e) { getApp().getLog().error(e); return null; } return generatedPassword; }
boolean passwordOK = false; boolean newPasswordOK = false; user.getPasswordhistory(); //to avoid lazy passwordOK = mgr.checkPassword(user, currentPass); newPasswordOK = mgr.checkNewPassword(user, newClearPass);
mgr.setPassword(u, "test"); assertTrue("User password is back to 'test'", mgr.checkPassword(u, "test")); assertEquals ("History size is ", 5, u.getPasswordhistory().size()); db.commit();