[ChangePassword] Added trigger to update date once password is changed
authorJonathan Bueno <jonathan.bueno@openbravo.com>
Thu, 10 Dec 2015 12:08:33 +0100
changeset 28642 f7b7fe14459b
parent 28641 cf47b2178ea9
child 28643 ac519ab9312a
[ChangePassword] Added trigger to update date once password is changed
Retail.sh
src-db/database/model/tables/AD_USER.xml
src-db/database/model/triggers/AD_USER_EXPIRYPASS_TRG.xml
src/org/openbravo/base/secureApp/LoginHandler.java
src/org/openbravo/base/secureApp/LoginUtils.java
src/org/openbravo/erpCommon/security/Login.html
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/Retail.sh	Thu Dec 10 12:08:33 2015 +0100
@@ -0,0 +1,70 @@
+#!/bin/bash
+
+# VARIABLES
+LINE="=========================================================="
+URLREPO=""
+
+# Check if we are in Openbravo root
+CHECKDIR=$(ls -1 | grep modules)
+if [ "$CHECKDIR" != "modules" ]
+then
+	echo "This script should be executed inside Openbravo root directory"
+	exit 1
+fi
+
+echo "Dependecies"
+for i in org.openbravo.utility.multiplebpselector org.openbravo.financial.cashflowforecast org.openbravo.agingbalance
+do
+
+	if [ -e "modules/$i/" ]
+	then
+	echo "$i exists"
+	else
+	echo "$i clone"
+	cd modules/
+	hg clone "https://code.openbravo.com/erp/mods/$i"
+	cd ..
+	fi
+
+done
+
+for i in org.openbravo.mobile.core org.openbravo.retail.config org.openbravo.retail.discounts org.openbravo.retail.pack org.openbravo.retail.poshwmanager org.openbravo.retail.posterminal org.openbravo.retail.returns org.openbravo.retail.sampledata
+
+do
+	if [ -e "modules/$i/" ]
+	then
+		echo $LINE
+		echo "*** $i -- exists - pull and update"
+		echo $LINE
+
+		cd modules/$i/
+		hg pull --rebase
+		if [[ -z $1 ]]
+		then
+		echo "*** update to tip"
+		hg update
+		else
+		echo "*** update to $1"
+		hg update -r $1
+		fi
+		cd ..
+		cd ..
+	else
+		echo $LINE
+		echo "*** $i -- does not exists - clone"
+		echo $LINE
+		cd modules/
+		hg clone "https://code.openbravo.com/erp/pmods/$i"
+		cd $i/
+		if [[ -z $1 ]]
+		then
+		echo "*** update to tip"
+		hg update
+		else
+		echo "*** update to $1"
+		hg update -r $1
+		fi
+		cd ..
+		cd ..
+	fi
+done
\ No newline at end of file
--- a/src-db/database/model/tables/AD_USER.xml	Fri Nov 27 12:44:36 2015 +0100
+++ b/src-db/database/model/tables/AD_USER.xml	Thu Dec 10 12:08:33 2015 +0100
@@ -157,8 +157,8 @@
         <default><![CDATA[N]]></default>
         <onCreateDefault><![CDATA['N']]></onCreateDefault>
       </column>
-      <column name="UPDATEPASSWORDDATE" primaryKey="false" required="true" type="TIMESTAMP" size="7" autoIncrement="false">
-        <default><![CDATA['1970-01-01 00:00:00'::timestamp without time zone]]></default>
+      <column name="UPDATEPASSWORDDATE" primaryKey="false" required="false" type="TIMESTAMP" size="7" autoIncrement="false">
+        <default><![CDATA[SYSDATE]]></default>
         <onCreateDefault/>
       </column>
       <foreign-key foreignTable="AD_ORG" name="AD_USER_AD_ORGTRX">
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/src-db/database/model/triggers/AD_USER_EXPIRYPASS_TRG.xml	Thu Dec 10 12:08:33 2015 +0100
@@ -0,0 +1,20 @@
+<?xml version="1.0"?>
+  <database name="TRIGGER AD_USER_EXPIRYPASS_TRG">
+    <trigger name="AD_USER_EXPIRYPASS_TRG" table="AD_USER" fires="after" insert="false" update="true" delete="false" foreach="row">
+      <body><![CDATA[
+ 
+ BEGIN
+ 
+   IF AD_isTriggerEnabled()='N' THEN IF UPDATING THEN RETURN OLD; ELSE RETURN NEW; END IF; 
+   END IF;
+
+
+     
+   UPDATE ad_user
+   SET updatepassworddate='now()'
+   WHERE ad_user_id=:NEW.ad_user_id AND :OLD.password<>:NEW.password;
+ 
+  END AD_USER_EXPIRYPASS_TRG
+]]></body>
+    </trigger>
+  </database>
--- a/src/org/openbravo/base/secureApp/LoginHandler.java	Fri Nov 27 12:44:36 2015 +0100
+++ b/src/org/openbravo/base/secureApp/LoginHandler.java	Thu Dec 10 12:08:33 2015 +0100
@@ -70,13 +70,15 @@
     vars.removeSessionValue("#AD_Role_ID");
     vars.setSessionObject("#loggingIn", "Y");
     final Boolean resetPassword = Boolean.parseBoolean(vars.getStringParameter("resetPassword"));
+    Boolean sameOldPassword = false;
     final String strUser;
     final String strPass;
     if (resetPassword) {
       strPass = vars.getStringParameter("user");
       strUser = vars.getStringParameter("loggedUser");
       OBContext.setAdminMode();
-      LoginUtils.updatePassword(strUser, strPass);
+      sameOldPassword = LoginUtils.updatePassword(strUser, strPass);
+
       OBContext.restorePreviousMode();
     } else {
       strUser = vars.getStringParameter("user");
@@ -98,6 +100,13 @@
         res.sendRedirect(res.encodeRedirectURL(strDireccion + "/security/Login_F1.html"));
       } else {
         try {
+          if (sameOldPassword) {
+            OBError errorMsg = new OBError();
+            errorMsg.setType("Error");
+            errorMsg.setTitle("Password must be different from the previous one");
+            errorMsg.setMessage("Write a new password");
+            throw new AuthenticationExpiryPasswordException("Same password than old one", errorMsg);
+          }
           AuthenticationManager authManager = AuthenticationManager.getAuthenticationManager(this);
 
           final String strUserAuth = authManager.authenticate(req, res);
@@ -127,13 +136,16 @@
         } catch (AuthenticationExpiryPasswordException aepe) {
 
           final OBError errorMsg = aepe.getOBError();
-
           if (errorMsg != null) {
             vars.removeSessionValue("#LoginErrorMsg");
-
-            goToUpdatePassword(res, vars, "Update your password", "Password is expired", "Error",
-                "../security/Login_FS.html", doRedirect);
-
+            if (errorMsg.getMessage().equalsIgnoreCase("Write a new password")) {
+              goToUpdatePassword(res, vars, "Write a new password",
+                  "Password must be different from the previous one", "Error",
+                  "../security/Login_FS.html", doRedirect);
+            } else {
+              goToUpdatePassword(res, vars, "Update your password", "Password is expired", "Error",
+                  "../security/Login_FS.html", doRedirect);
+            }
           }
         }
       }
--- a/src/org/openbravo/base/secureApp/LoginUtils.java	Fri Nov 27 12:44:36 2015 +0100
+++ b/src/org/openbravo/base/secureApp/LoginUtils.java	Thu Dec 10 12:08:33 2015 +0100
@@ -144,9 +144,18 @@
 
       final List<User> listUser = obc.list();
       User userOB = listUser.get(0);
-      userOB.setPassword(FormatUtilities.sha1Base64(unHashedPassword));
-      OBDal.getInstance().save(userOB);
-      return true;
+      String oldPassword = userOB.getPassword();
+      String newPassword = FormatUtilities.sha1Base64(unHashedPassword);
+      if (oldPassword.equals(newPassword)) {
+
+        return true;
+      } else {
+        userOB.setPassword(newPassword);
+        OBDal.getInstance().save(userOB);
+        OBDal.getInstance().flush();
+        OBDal.getInstance().commitAndClose();
+        return false;
+      }
     } catch (final Exception e) {
       throw new OBException(e);
     }
@@ -160,8 +169,17 @@
   public static String checkUserPassword(ConnectionProvider connectionProvider, String login,
       String unHashedPassword) {
     try {
-      final String hashedPassword = FormatUtilities.sha1Base64(unHashedPassword);
-      final String userId = SeguridadData.valido(connectionProvider, login, hashedPassword);
+      String hashedPassword = FormatUtilities.sha1Base64(unHashedPassword);
+      final OBCriteria<User> obc = OBDal.getInstance().createCriteria(User.class);
+      obc.add(Restrictions.like("username", login));
+      obc.add(Restrictions.like("password", hashedPassword));
+      final List<User> listUser = obc.list();
+      String userId = "-1";
+
+      if (listUser.size() > 0) {
+        User userOB = listUser.get(0);
+        userId = userOB.getId();
+      }
       if (userId.equals("-1")) {
         return null;
       }
--- a/src/org/openbravo/erpCommon/security/Login.html	Fri Nov 27 12:44:36 2015 +0100
+++ b/src/org/openbravo/erpCommon/security/Login.html	Thu Dec 10 12:08:33 2015 +0100
@@ -187,7 +187,7 @@
 </script>
 <script type="text/javascript">
 function buttonOK_click() {
-	if (document.getElementById('resetPassword').value =='true' && document.getElementById('user').value !== document.getElementById('password').value){
+    if (document.getElementById('resetPassword').value =='true' && document.getElementById('user').value !== document.getElementById('password').value){
         setLoginMessage('Error', "Passwords must be the same", "The password must be the same in both fields");
         return true;
     }
@@ -232,12 +232,14 @@
       shouldContinue = setLoginMessage(result.messageType, result.messageTitle, result.messageText);
       if (!shouldContinue) {
         document.getElementById('password').value = '';
+        document.getElementById('user').value = '';
       }
     }
-    if (result.resetPassword){
+    if (result.resetPassword && document.getElementById('loggedUser').value===''){
         document.getElementById('loggedUser').value=result.loggedUser;
         document.getElementById('resetPassword').value=result.resetPassword;
         document.getElementById('user').value = '';
+        document.getElementById('user').type = 'password';
         document.getElementById('userlabel').innerHTML = 'New Password';
         document.getElementById('passwordlabel').innerHTML = 'Confirm Password';
         setWindowElementFocus('user');