From 66f00adab0b36426c0ece319b0eb6ee9334f1aa0 Mon Sep 17 00:00:00 2001
From: Michael Jumper <mjumper@apache.org>
Date: Mon, 22 Aug 2016 14:06:53 -0700
Subject: [PATCH] GUACAMOLE-36: Do not automatically generate random passwords
 at the REST API level.

---
 .../guacamole/auth/jdbc/user/ModeledUser.java       |  6 +++---
 .../guacamole/rest/user/UserDirectoryResource.java  | 13 -------------
 2 files changed, 3 insertions(+), 16 deletions(-)

diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/user/ModeledUser.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/user/ModeledUser.java
index 72ee6917c..1353415e8 100644
--- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/user/ModeledUser.java
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/user/ModeledUser.java
@@ -206,10 +206,10 @@ public class ModeledUser extends ModeledDirectoryObject<UserModel> implements Us
         // Store plaintext password internally
         this.password = password;
 
-        // If no password provided, clear password salt and hash
+        // If no password provided, set random password
         if (password == null) {
-            userModel.setPasswordSalt(null);
-            userModel.setPasswordHash(null);
+            userModel.setPasswordSalt(saltService.generateSalt());
+            userModel.setPasswordHash(saltService.generateSalt());
         }
 
         // Otherwise generate new salt and hash given password using newly-generated salt
diff --git a/guacamole/src/main/java/org/apache/guacamole/rest/user/UserDirectoryResource.java b/guacamole/src/main/java/org/apache/guacamole/rest/user/UserDirectoryResource.java
index c2515caf9..0aca4090a 100644
--- a/guacamole/src/main/java/org/apache/guacamole/rest/user/UserDirectoryResource.java
+++ b/guacamole/src/main/java/org/apache/guacamole/rest/user/UserDirectoryResource.java
@@ -21,11 +21,9 @@ package org.apache.guacamole.rest.user;
 
 import com.google.inject.assistedinject.Assisted;
 import com.google.inject.assistedinject.AssistedInject;
-import java.util.UUID;
 import javax.ws.rs.Consumes;
 import javax.ws.rs.Produces;
 import javax.ws.rs.core.MediaType;
-import org.apache.guacamole.GuacamoleException;
 import org.apache.guacamole.net.auth.User;
 import org.apache.guacamole.net.auth.Directory;
 import org.apache.guacamole.net.auth.UserContext;
@@ -69,15 +67,4 @@ public class UserDirectoryResource extends DirectoryResource<User, APIUser> {
         super(userContext, directory, translator, resourceFactory);
     }
 
-    @Override
-    public APIUser createObject(APIUser object) throws GuacamoleException {
-
-        // Randomly set the password if it wasn't provided
-        if (object.getPassword() == null)
-            object.setPassword(UUID.randomUUID().toString());
-
-        return super.createObject(object);
-
-    }
-
 }