[ChangePassword] Added logic to client and server to update the password once validity date is reached
authorJonathan Bueno <jonathan.bueno@openbravo.com>
Fri, 27 Nov 2015 12:44:36 +0100
changeset 28641 cf47b2178ea9
parent 28640 a2f2698c2672
child 28642 f7b7fe14459b
[ChangePassword] Added logic to client and server to update the password once validity date is reached
src/org/openbravo/authentication/basic/DefaultAuthenticationManager.java
src/org/openbravo/base/secureApp/LoginHandler.java
src/org/openbravo/base/secureApp/LoginUtils.java
src/org/openbravo/erpCommon/security/Login.html
--- a/src/org/openbravo/authentication/basic/DefaultAuthenticationManager.java	Wed Nov 25 12:50:59 2015 +0100
+++ b/src/org/openbravo/authentication/basic/DefaultAuthenticationManager.java	Fri Nov 27 12:44:36 2015 +0100
@@ -13,8 +13,6 @@
 package org.openbravo.authentication.basic;
 
 import java.io.IOException;
-import java.text.DateFormat;
-import java.text.SimpleDateFormat;
 import java.util.Calendar;
 import java.util.Date;
 
@@ -56,20 +54,34 @@
       throws AuthenticationException, ServletException, IOException {
 
     final VariablesSecureApp vars = new VariablesSecureApp(request, false);
-    final String sUserId = (String) request.getSession().getAttribute("#Authenticated_user");
+    final Boolean resetPassword = Boolean.parseBoolean(vars.getStringParameter("resetPassword"));
+    final String sUserId;
+    if (resetPassword) {
+      final String userId = LoginUtils.getValidUserId(conn, vars.getStringParameter("loggedUser"),
+          vars.getStringParameter("user"));
+      sUserId = userId;
+    } else {
+      sUserId = (String) request.getSession().getAttribute("#Authenticated_user");
+
+    }
     final String strAjax = vars.getStringParameter("IsAjaxCall");
-
-    if (!StringUtils.isEmpty(sUserId)) {
+    if (!StringUtils.isEmpty(sUserId) && !resetPassword) {
       return sUserId;
     }
 
     VariablesHistory variables = new VariablesHistory(request);
-
+    final String strUser;
+    final String strPass;
     // Begins code related to login process
-
-    final String strUser = vars.getStringParameter("user");
-    final String strPass = vars.getStringParameter("password");
-    username = strUser;
+    if (resetPassword) {
+      strUser = vars.getStringParameter("loggedUser");
+      strPass = vars.getStringParameter("password");
+      username = strUser;
+    } else {
+      strUser = vars.getStringParameter("user");
+      strPass = vars.getStringParameter("password");
+      username = strUser;
+    }
 
     if (StringUtils.isEmpty(strUser)) {
       // redirects to the menu or the menu with the target
@@ -102,7 +114,6 @@
     Date dateUPD = LoginUtils.getUpdatePasswordDate(conn, strUser, strPass);
 
     if (dateUPD != null) {
-      DateFormat df = new SimpleDateFormat("yyyy-MM-dd");
 
       // Checks if password
       Calendar currentDate = Calendar.getInstance();
--- a/src/org/openbravo/base/secureApp/LoginHandler.java	Wed Nov 25 12:50:59 2015 +0100
+++ b/src/org/openbravo/base/secureApp/LoginHandler.java	Fri Nov 27 12:44:36 2015 +0100
@@ -69,8 +69,18 @@
     req.getSession().removeAttribute("#Authenticated_user");
     vars.removeSessionValue("#AD_Role_ID");
     vars.setSessionObject("#loggingIn", "Y");
-
-    final String strUser = vars.getStringParameter("user");
+    final Boolean resetPassword = Boolean.parseBoolean(vars.getStringParameter("resetPassword"));
+    final String strUser;
+    final String strPass;
+    if (resetPassword) {
+      strPass = vars.getStringParameter("user");
+      strUser = vars.getStringParameter("loggedUser");
+      OBContext.setAdminMode();
+      LoginUtils.updatePassword(strUser, strPass);
+      OBContext.restorePreviousMode();
+    } else {
+      strUser = vars.getStringParameter("user");
+    }
 
     // When redirect parameter is true, instead of returning a json object with the login result and
     // target, a redirect to the application or error page is done.
@@ -448,7 +458,8 @@
         jsonMsg.put("messageType", msgType);
         jsonMsg.put("messageTitle", title);
         jsonMsg.put("messageText", msg);
-
+        jsonMsg.put("resetPassword", true);
+        jsonMsg.put("loggedUser", vars.getStringParameter("user"));
         if ("Confirmation".equals(msgType)) {
           jsonMsg.put("command", "FORCE_NAMED_USER");
         }
@@ -460,29 +471,6 @@
         log4j.error("Error setting login msg", e);
         throw new ServletException(e);
       }
-    } else {
-      // 2.50 instances show the message in a new window, print that window
-      String discard[] = { "" };
-
-      if (msgType.equals("Error")) {
-        discard[0] = "continueButton";
-      } else {
-        discard[0] = "backButton";
-      }
-
-      final XmlDocument xmlDocument = xmlEngine.readXmlTemplate(
-          "org/openbravo/base/secureApp/HtmlErrorLogin", discard).createXmlDocument();
-
-      // pass relevant mesasge to show inside the error page
-      xmlDocument.setParameter("theme", vars.getTheme());
-      xmlDocument.setParameter("messageType", msgType);
-      xmlDocument.setParameter("action", action);
-      xmlDocument.setParameter("messageTitle", title);
-      xmlDocument.setParameter("messageMessage", msg.replaceAll("\\\\n", "<br>"));
-      response.setContentType("text/html");
-      final PrintWriter out = response.getWriter();
-      out.println(xmlDocument.print());
-      out.close();
     }
   }
 
--- a/src/org/openbravo/base/secureApp/LoginUtils.java	Wed Nov 25 12:50:59 2015 +0100
+++ b/src/org/openbravo/base/secureApp/LoginUtils.java	Fri Nov 27 12:44:36 2015 +0100
@@ -97,8 +97,9 @@
 
   public static Date getUpdatePasswordDate(ConnectionProvider connectionProvider, String login,
       String unHashedPassword) {
+    // Gets the expiry password date
     try {
-      // Get the Update password date
+
       UserLock lockSettings = new UserLock(login);
       lockSettings.delayResponse();
       if (lockSettings.isLockedUser()) {
@@ -125,6 +126,30 @@
     } catch (final Exception e) {
       throw new OBException(e);
     }
+
+  }
+
+  public static Boolean updatePassword(String login, String unHashedPassword) {
+    // Set the Updated password date
+    try {
+
+      UserLock lockSettings = new UserLock(login);
+      lockSettings.delayResponse();
+      if (lockSettings.isLockedUser()) {
+        return null;
+      }
+
+      final OBCriteria<User> obc = OBDal.getInstance().createCriteria(User.class);
+      obc.add(Restrictions.like("username", login));
+
+      final List<User> listUser = obc.list();
+      User userOB = listUser.get(0);
+      userOB.setPassword(FormatUtilities.sha1Base64(unHashedPassword));
+      OBDal.getInstance().save(userOB);
+      return true;
+    } catch (final Exception e) {
+      throw new OBException(e);
+    }
   }
 
   /**
--- a/src/org/openbravo/erpCommon/security/Login.html	Wed Nov 25 12:50:59 2015 +0100
+++ b/src/org/openbravo/erpCommon/security/Login.html	Fri Nov 27 12:44:36 2015 +0100
@@ -187,6 +187,10 @@
 </script>
 <script type="text/javascript">
 function buttonOK_click() {
+	if (document.getElementById('resetPassword').value =='true' && document.getElementById('user').value !== document.getElementById('password').value){
+        setLoginMessage('Error', "Passwords must be the same", "The password must be the same in both fields");
+        return true;
+    }
     if (focusedWindowElement.id === 'user' && document.getElementById('user').value !== '' && document.getElementById('password').value === '') {
       setTimeout(function() { // To manage browser autocomplete feature if it is active
        if (focusedWindowElement.id === 'user' && document.getElementById('password').value === '') {
@@ -201,10 +205,12 @@
       if (document.getElementById('user').value === '' || document.getElementById('password').value === '') {
           setLoginMessage('Error', identificationFailureTitle, errorEmptyContent);
         return true;
-      }     
+      }   
+
       disableButton('buttonOK');
       submitXmlHttpRequest(loginResult, document.frmIdentificacion, 'DEFAULT', '../secureApp/LoginHandler.html', false, null, null);
     }
+    
     return false;
   }
 
@@ -228,7 +234,14 @@
         document.getElementById('password').value = '';
       }
     }
-
+    if (result.resetPassword){
+        document.getElementById('loggedUser').value=result.loggedUser;
+        document.getElementById('resetPassword').value=result.resetPassword;
+        document.getElementById('user').value = '';
+        document.getElementById('userlabel').innerHTML = 'New Password';
+        document.getElementById('passwordlabel').innerHTML = 'Confirm Password';
+        setWindowElementFocus('user');
+    }
     if (shouldContinue) {
       try {
         if (parent.frameMenu) {
@@ -444,20 +457,21 @@
       <div class="Login_LogForm">
         <form method="post" action="../secureApp/LoginHandler.html" name="frmIdentificacion" id="frmFormulario" autocomplete="off">
           <input type="hidden" name="Command" value="" />
-
+          <input type="hidden" name="loggedUser" id="loggedUser" value="" />
+          <input type="hidden" name="resetPassword" id="resetPassword" value="" />
           <div class="Login_LogForm_CompanyLogo_Container">
             <div class="Login_LogForm_CompanyLogo" id="CompanyLogo_Container" style="display: none;"><img class="Login_Logo_Company" src="../../../../../web/images/blank.gif" /></div>
           </div>
           <div class="Login_LogForm_Input_Container">
             <dl>
               <dt>
-                <label for="user" class="LabelText Login_LabelText">User Name</label>
+                <label for="user" class="LabelText Login_LabelText" id="userlabel" >User Name</label>
               </dt>
               <dd>
                 <input class="dojoValidateValid Login_TextBox" type="text" maxlength="60" name="user" id="user" />
               </dd>
               <dt>
-                <label for="password" class="LabelText Login_LabelText">Password</label>
+                <label for="password" class="LabelText Login_LabelText" id="passwordlabel" >Password</label>
               </dt>
               <dd>
                 <input class="dojoValidateValid Login_TextBox" type="password" maxlength="40" name="password" id="password" />