diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/user/UserModel.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/user/UserModel.java
index 09de5e8a6..5e81b3d72 100644
--- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/user/UserModel.java
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/user/UserModel.java
@@ -21,6 +21,7 @@ package org.apache.guacamole.auth.jdbc.user;
import java.sql.Date;
import java.sql.Time;
+import java.sql.Timestamp;
import org.apache.guacamole.auth.jdbc.base.ObjectModel;
/**
@@ -41,6 +42,11 @@ public class UserModel extends ObjectModel {
*/
private byte[] passwordSalt;
+ /**
+ * The time this user's password was last reset.
+ */
+ private Timestamp passwordDate;
+
/**
* Whether the user account is disabled. Disabled accounts exist and can
* be modified, but cannot be used.
@@ -143,6 +149,30 @@ public class UserModel extends ObjectModel {
this.passwordSalt = passwordSalt;
}
+ /**
+ * Returns the date that this user's password was last set/reset. This
+ * value is required to be manually updated whenever the user's password is
+ * changed; it will not be automatically updated by the database.
+ *
+ * @return
+ * The date that this user's password was last set/reset.
+ */
+ public Timestamp getPasswordDate() {
+ return passwordDate;
+ }
+
+ /**
+ * Sets the date that this user's password was last set/reset. This
+ * value is required to be manually updated whenever the user's password is
+ * changed; it will not be automatically updated by the database.
+ *
+ * @param passwordDate
+ * The date that this user's password was last set/reset.
+ */
+ public void setPasswordDate(Timestamp passwordDate) {
+ this.passwordDate = passwordDate;
+ }
+
/**
* Returns whether the user has been disabled. Disabled users are not
* allowed to login. Although their account data exists, all login attempts
diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/schema/001-create-schema.sql b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/schema/001-create-schema.sql
index e1b19b078..cb5604785 100644
--- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/schema/001-create-schema.sql
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/schema/001-create-schema.sql
@@ -85,6 +85,7 @@ CREATE TABLE `guacamole_user` (
`username` varchar(128) NOT NULL,
`password_hash` binary(32) NOT NULL,
`password_salt` binary(32),
+ `password_date` datetime NOT NULL DEFAULT CURRENT_TIMESTAMP,
-- Account disabled/expired status
`disabled` boolean NOT NULL DEFAULT 0,
diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/schema/upgrade/upgrade-pre-0.9.11.sql b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/schema/upgrade/upgrade-pre-0.9.11.sql
new file mode 100644
index 000000000..3acc2a40b
--- /dev/null
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/schema/upgrade/upgrade-pre-0.9.11.sql
@@ -0,0 +1,25 @@
+--
+-- Licensed to the Apache Software Foundation (ASF) under one
+-- or more contributor license agreements. See the NOTICE file
+-- distributed with this work for additional information
+-- regarding copyright ownership. The ASF licenses this file
+-- to you under the Apache License, Version 2.0 (the
+-- "License"); you may not use this file except in compliance
+-- with the License. You may obtain a copy of the License at
+--
+-- http://www.apache.org/licenses/LICENSE-2.0
+--
+-- Unless required by applicable law or agreed to in writing,
+-- software distributed under the License is distributed on an
+-- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+-- KIND, either express or implied. See the License for the
+-- specific language governing permissions and limitations
+-- under the License.
+--
+
+--
+-- Add per-user password set date
+--
+
+ALTER TABLE guacamole_user
+ ADD COLUMN password_date DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP;
diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/apache/guacamole/auth/jdbc/user/UserMapper.xml b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/apache/guacamole/auth/jdbc/user/UserMapper.xml
index 65dc97c0b..3530b0b51 100644
--- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/apache/guacamole/auth/jdbc/user/UserMapper.xml
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/apache/guacamole/auth/jdbc/user/UserMapper.xml
@@ -29,6 +29,7 @@
+
@@ -61,6 +62,7 @@
username,
password_hash,
password_salt,
+ password_date,
disabled,
expired,
access_window_start,
@@ -85,6 +87,7 @@
username,
password_hash,
password_salt,
+ password_date,
disabled,
expired,
access_window_start,
@@ -112,6 +115,7 @@
username,
password_hash,
password_salt,
+ password_date,
disabled,
expired,
access_window_start,
@@ -139,6 +143,7 @@
username,
password_hash,
password_salt,
+ password_date,
disabled,
expired,
access_window_start,
@@ -151,6 +156,7 @@
#{object.identifier,jdbcType=VARCHAR},
#{object.passwordHash,jdbcType=BINARY},
#{object.passwordSalt,jdbcType=BINARY},
+ #{object.passwordDate,jdbcType=TIMESTAMP},
#{object.disabled,jdbcType=BOOLEAN},
#{object.expired,jdbcType=BOOLEAN},
#{object.accessWindowStart,jdbcType=TIME},
@@ -167,6 +173,7 @@
UPDATE guacamole_user
SET password_hash = #{object.passwordHash,jdbcType=BINARY},
password_salt = #{object.passwordSalt,jdbcType=BINARY},
+ password_date = #{object.passwordDate,jdbcType=TIMESTAMP},
disabled = #{object.disabled,jdbcType=BOOLEAN},
expired = #{object.expired,jdbcType=BOOLEAN},
access_window_start = #{object.accessWindowStart,jdbcType=TIME},
diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/schema/001-create-schema.sql b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/schema/001-create-schema.sql
index 4f780c126..e308dce11 100644
--- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/schema/001-create-schema.sql
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/schema/001-create-schema.sql
@@ -126,6 +126,7 @@ CREATE TABLE guacamole_user (
username varchar(128) NOT NULL,
password_hash bytea NOT NULL,
password_salt bytea,
+ password_date timestamptz NOT NULL DEFAULT CURRENT_TIMESTAMP,
-- Account disabled/expired status
disabled boolean NOT NULL DEFAULT FALSE,
diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/schema/upgrade/upgrade-pre-0.9.11.sql b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/schema/upgrade/upgrade-pre-0.9.11.sql
new file mode 100644
index 000000000..d2f430c60
--- /dev/null
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/schema/upgrade/upgrade-pre-0.9.11.sql
@@ -0,0 +1,25 @@
+--
+-- Licensed to the Apache Software Foundation (ASF) under one
+-- or more contributor license agreements. See the NOTICE file
+-- distributed with this work for additional information
+-- regarding copyright ownership. The ASF licenses this file
+-- to you under the Apache License, Version 2.0 (the
+-- "License"); you may not use this file except in compliance
+-- with the License. You may obtain a copy of the License at
+--
+-- http://www.apache.org/licenses/LICENSE-2.0
+--
+-- Unless required by applicable law or agreed to in writing,
+-- software distributed under the License is distributed on an
+-- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+-- KIND, either express or implied. See the License for the
+-- specific language governing permissions and limitations
+-- under the License.
+--
+
+--
+-- Add per-user password set date
+--
+
+ALTER TABLE guacamole_user
+ ADD COLUMN password_date timestamptz NOT NULL DEFAULT CURRENT_TIMESTAMP;
diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/user/UserMapper.xml b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/user/UserMapper.xml
index 2bff4b952..39ec05a01 100644
--- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/user/UserMapper.xml
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/user/UserMapper.xml
@@ -29,6 +29,7 @@
+
@@ -62,6 +63,7 @@
username,
password_hash,
password_salt,
+ password_date,
disabled,
expired,
access_window_start,
@@ -86,6 +88,7 @@
username,
password_hash,
password_salt,
+ password_date,
disabled,
expired,
access_window_start,
@@ -113,6 +116,7 @@
username,
password_hash,
password_salt,
+ password_date,
disabled,
expired,
access_window_start,
@@ -140,6 +144,7 @@
username,
password_hash,
password_salt,
+ password_date,
disabled,
expired,
access_window_start,
@@ -152,6 +157,7 @@
#{object.identifier,jdbcType=VARCHAR},
#{object.passwordHash,jdbcType=BINARY},
#{object.passwordSalt,jdbcType=BINARY},
+ #{object.passwordDate,jdbcType=TIMESTAMP},
#{object.disabled,jdbcType=BOOLEAN},
#{object.expired,jdbcType=BOOLEAN},
#{object.accessWindowStart,jdbcType=TIME},
@@ -168,6 +174,7 @@
UPDATE guacamole_user
SET password_hash = #{object.passwordHash,jdbcType=BINARY},
password_salt = #{object.passwordSalt,jdbcType=BINARY},
+ password_date = #{object.passwordDate,jdbcType=TIMESTAMP},
disabled = #{object.disabled,jdbcType=BOOLEAN},
expired = #{object.expired,jdbcType=BOOLEAN},
access_window_start = #{object.accessWindowStart,jdbcType=TIME},