safebox/guacamole-client
4
0
Fork 0
mirror of https://github.com/gyurix1968/guacamole-client.git synced 2025-09-06 13:17:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

GUACAMOLE-36: Automatically update password date. Store previous date for comparison.

Browse Source
This commit is contained in:
Michael Jumper
2016-08-22 14:56:39 -07:00
parent 5f6fb8a199
commit 80b80655cf
4 changed files with 38 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/JDBCAuthenticationProviderService.java
View File

@@ -108,7 +108,7 @@ public class JDBCAuthenticationProviderService implements AuthenticationProvider
// Update password if password is expired
UserModel userModel = user.getModel();
if (userModel.isExpired() || passwordPolicyService.isPasswordExpired(userModel))
if (userModel.isExpired() || passwordPolicyService.isPasswordExpired(user))
userService.resetExpiredPassword(user, authenticatedUser.getCredentials());
// Link to user context

10
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/security/PasswordPolicyService.java
View File

@@ -25,7 +25,7 @@ import java.util.regex.Matcher;
import java.util.regex.Pattern;
import org.apache.guacamole.GuacamoleException;
import org.apache.guacamole.auth.jdbc.JDBCEnvironment;
import org.apache.guacamole.auth.jdbc.user.UserModel;
import org.apache.guacamole.auth.jdbc.user.ModeledUser;
/**
* Service which verifies compliance with the password policy configured via
@@ -159,11 +159,11 @@ public class PasswordPolicyService {
* @return
* The age of the given user's password, in days.
*/
private long getPasswordAge(UserModel user) {
private long getPasswordAge(ModeledUser user) {
// Pull both current time and the time the password was last reset
long currentTime = System.currentTimeMillis();
long lastResetTime = user.getPasswordDate().getTime();
long lastResetTime = user.getPreviousPasswordDate().getTime();
// Calculate the number of days elapsed since the password was last reset
return TimeUnit.DAYS.convert(currentTime - lastResetTime, TimeUnit.MILLISECONDS);
@@ -183,7 +183,7 @@ public class PasswordPolicyService {
* policy, or of the password policy cannot be parsed from
* guacamole.properties.
*/
public void verifyPasswordAge(UserModel user) throws GuacamoleException {
public void verifyPasswordAge(ModeledUser user) throws GuacamoleException {
// Retrieve password policy from environment
PasswordPolicy policy = environment.getPasswordPolicy();
@@ -213,7 +213,7 @@ public class PasswordPolicyService {
* @throws GuacamoleException
* If the password policy cannot be parsed.
*/
public boolean isPasswordExpired(UserModel user)
public boolean isPasswordExpired(ModeledUser user)
throws GuacamoleException {
// Retrieve password policy from environment

31
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/user/ModeledUser.java
View File

@@ -22,6 +22,7 @@ package org.apache.guacamole.auth.jdbc.user;
import com.google.inject.Inject;
import java.sql.Date;
import java.sql.Time;
import java.sql.Timestamp;
import java.text.ParseException;
import java.util.Arrays;
import java.util.Calendar;
@@ -186,6 +187,12 @@ public class ModeledUser extends ModeledDirectoryObject<UserModel> implements Us
* user was retrieved from the database, this will be null.
*/
private String password = null;
/**
* The time and date that this user's password was previously set (prior to
* being queried). If the user is new, this will be null.
*/
private Timestamp previousPasswordDate = null;
/**
* Creates a new, empty ModeledUser.
@@ -193,6 +200,12 @@ public class ModeledUser extends ModeledDirectoryObject<UserModel> implements Us
public ModeledUser() {
}
@Override
public void setModel(UserModel model) {
super.setModel(model);
this.previousPasswordDate = model.getPasswordDate();
}
@Override
public String getPassword() {
return password;
@@ -222,6 +235,24 @@ public class ModeledUser extends ModeledDirectoryObject<UserModel> implements Us
userModel.setPasswordHash(hash);
}
userModel.setPasswordDate(new Timestamp(System.currentTimeMillis()));
}
/**
* Returns the time and date that this user's password was previously set.
* If the user is new, this will be null. Unlike getPasswordDate() of
* UserModel (which is updated automatically along with the password salt
* and hash whenever setPassword() is invoked), this value is unaffected by
* calls to setPassword(), and will always be the value stored in the
* database at the time this user was queried.
*
* @return
* The time and date that this user's password was previously set, or
* null if the user is new.
*/
public Timestamp getPreviousPasswordDate() {
return previousPasswordDate;
}
/**

9
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/user/UserService.java
View File

@@ -21,7 +21,6 @@ package org.apache.guacamole.auth.jdbc.user;
import com.google.inject.Inject;
import com.google.inject.Provider;
import java.sql.Timestamp;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
@@ -211,9 +210,6 @@ public class UserService extends ModeledDirectoryObjectService<ModeledUser, User
if (object.getPassword() != null)
passwordPolicyService.verifyPassword(object.getIdentifier(), object.getPassword());
// Update password reset date
model.setPasswordDate(new Timestamp(System.currentTimeMillis()));
}
@Override
@@ -241,14 +237,11 @@ public class UserService extends ModeledDirectoryObjectService<ModeledUser, User
// Enforce password age only for non-adminstrators
if (!user.getUser().isAdministrator())
passwordPolicyService.verifyPasswordAge(model);
passwordPolicyService.verifyPasswordAge(object);
// Always verify password complexity
passwordPolicyService.verifyPassword(object.getIdentifier(), object.getPassword());
// Update password reset date
model.setPasswordDate(new Timestamp(System.currentTimeMillis()));
}
}