From a207411241a6a4bbdab80f4f8aba4da6b89be845 Mon Sep 17 00:00:00 2001 From: Michael Jumper Date: Mon, 22 Aug 2016 12:01:58 -0700 Subject: [PATCH] GUACAMOLE-36: Add password reset date to schema. --- .../guacamole/auth/jdbc/user/UserModel.java | 30 +++++++++++++++++++ .../schema/001-create-schema.sql | 1 + .../schema/upgrade/upgrade-pre-0.9.11.sql | 25 ++++++++++++++++ .../guacamole/auth/jdbc/user/UserMapper.xml | 7 +++++ .../schema/001-create-schema.sql | 1 + .../schema/upgrade/upgrade-pre-0.9.11.sql | 25 ++++++++++++++++ .../guacamole/auth/jdbc/user/UserMapper.xml | 7 +++++ 7 files changed, 96 insertions(+) create mode 100644 extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/schema/upgrade/upgrade-pre-0.9.11.sql create mode 100644 extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/schema/upgrade/upgrade-pre-0.9.11.sql diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/user/UserModel.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/user/UserModel.java index 09de5e8a6..5e81b3d72 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/user/UserModel.java +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/user/UserModel.java @@ -21,6 +21,7 @@ package org.apache.guacamole.auth.jdbc.user; import java.sql.Date; import java.sql.Time; +import java.sql.Timestamp; import org.apache.guacamole.auth.jdbc.base.ObjectModel; /** @@ -41,6 +42,11 @@ public class UserModel extends ObjectModel { */ private byte[] passwordSalt; + /** + * The time this user's password was last reset. + */ + private Timestamp passwordDate; + /** * Whether the user account is disabled. Disabled accounts exist and can * be modified, but cannot be used. @@ -143,6 +149,30 @@ public class UserModel extends ObjectModel { this.passwordSalt = passwordSalt; } + /** + * Returns the date that this user's password was last set/reset. This + * value is required to be manually updated whenever the user's password is + * changed; it will not be automatically updated by the database. + * + * @return + * The date that this user's password was last set/reset. + */ + public Timestamp getPasswordDate() { + return passwordDate; + } + + /** + * Sets the date that this user's password was last set/reset. This + * value is required to be manually updated whenever the user's password is + * changed; it will not be automatically updated by the database. + * + * @param passwordDate + * The date that this user's password was last set/reset. + */ + public void setPasswordDate(Timestamp passwordDate) { + this.passwordDate = passwordDate; + } + /** * Returns whether the user has been disabled. Disabled users are not * allowed to login. Although their account data exists, all login attempts diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/schema/001-create-schema.sql b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/schema/001-create-schema.sql index e1b19b078..cb5604785 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/schema/001-create-schema.sql +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/schema/001-create-schema.sql @@ -85,6 +85,7 @@ CREATE TABLE `guacamole_user` ( `username` varchar(128) NOT NULL, `password_hash` binary(32) NOT NULL, `password_salt` binary(32), + `password_date` datetime NOT NULL DEFAULT CURRENT_TIMESTAMP, -- Account disabled/expired status `disabled` boolean NOT NULL DEFAULT 0, diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/schema/upgrade/upgrade-pre-0.9.11.sql b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/schema/upgrade/upgrade-pre-0.9.11.sql new file mode 100644 index 000000000..3acc2a40b --- /dev/null +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/schema/upgrade/upgrade-pre-0.9.11.sql @@ -0,0 +1,25 @@ +-- +-- Licensed to the Apache Software Foundation (ASF) under one +-- or more contributor license agreements. See the NOTICE file +-- distributed with this work for additional information +-- regarding copyright ownership. The ASF licenses this file +-- to you under the Apache License, Version 2.0 (the +-- "License"); you may not use this file except in compliance +-- with the License. You may obtain a copy of the License at +-- +-- http://www.apache.org/licenses/LICENSE-2.0 +-- +-- Unless required by applicable law or agreed to in writing, +-- software distributed under the License is distributed on an +-- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +-- KIND, either express or implied. See the License for the +-- specific language governing permissions and limitations +-- under the License. +-- + +-- +-- Add per-user password set date +-- + +ALTER TABLE guacamole_user + ADD COLUMN password_date DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP; diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/apache/guacamole/auth/jdbc/user/UserMapper.xml b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/apache/guacamole/auth/jdbc/user/UserMapper.xml index 65dc97c0b..3530b0b51 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/apache/guacamole/auth/jdbc/user/UserMapper.xml +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/apache/guacamole/auth/jdbc/user/UserMapper.xml @@ -29,6 +29,7 @@ + @@ -61,6 +62,7 @@ username, password_hash, password_salt, + password_date, disabled, expired, access_window_start, @@ -85,6 +87,7 @@ username, password_hash, password_salt, + password_date, disabled, expired, access_window_start, @@ -112,6 +115,7 @@ username, password_hash, password_salt, + password_date, disabled, expired, access_window_start, @@ -139,6 +143,7 @@ username, password_hash, password_salt, + password_date, disabled, expired, access_window_start, @@ -151,6 +156,7 @@ #{object.identifier,jdbcType=VARCHAR}, #{object.passwordHash,jdbcType=BINARY}, #{object.passwordSalt,jdbcType=BINARY}, + #{object.passwordDate,jdbcType=TIMESTAMP}, #{object.disabled,jdbcType=BOOLEAN}, #{object.expired,jdbcType=BOOLEAN}, #{object.accessWindowStart,jdbcType=TIME}, @@ -167,6 +173,7 @@ UPDATE guacamole_user SET password_hash = #{object.passwordHash,jdbcType=BINARY}, password_salt = #{object.passwordSalt,jdbcType=BINARY}, + password_date = #{object.passwordDate,jdbcType=TIMESTAMP}, disabled = #{object.disabled,jdbcType=BOOLEAN}, expired = #{object.expired,jdbcType=BOOLEAN}, access_window_start = #{object.accessWindowStart,jdbcType=TIME}, diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/schema/001-create-schema.sql b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/schema/001-create-schema.sql index 4f780c126..e308dce11 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/schema/001-create-schema.sql +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/schema/001-create-schema.sql @@ -126,6 +126,7 @@ CREATE TABLE guacamole_user ( username varchar(128) NOT NULL, password_hash bytea NOT NULL, password_salt bytea, + password_date timestamptz NOT NULL DEFAULT CURRENT_TIMESTAMP, -- Account disabled/expired status disabled boolean NOT NULL DEFAULT FALSE, diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/schema/upgrade/upgrade-pre-0.9.11.sql b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/schema/upgrade/upgrade-pre-0.9.11.sql new file mode 100644 index 000000000..d2f430c60 --- /dev/null +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/schema/upgrade/upgrade-pre-0.9.11.sql @@ -0,0 +1,25 @@ +-- +-- Licensed to the Apache Software Foundation (ASF) under one +-- or more contributor license agreements. See the NOTICE file +-- distributed with this work for additional information +-- regarding copyright ownership. The ASF licenses this file +-- to you under the Apache License, Version 2.0 (the +-- "License"); you may not use this file except in compliance +-- with the License. You may obtain a copy of the License at +-- +-- http://www.apache.org/licenses/LICENSE-2.0 +-- +-- Unless required by applicable law or agreed to in writing, +-- software distributed under the License is distributed on an +-- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +-- KIND, either express or implied. See the License for the +-- specific language governing permissions and limitations +-- under the License. +-- + +-- +-- Add per-user password set date +-- + +ALTER TABLE guacamole_user + ADD COLUMN password_date timestamptz NOT NULL DEFAULT CURRENT_TIMESTAMP; diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/user/UserMapper.xml b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/user/UserMapper.xml index 2bff4b952..39ec05a01 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/user/UserMapper.xml +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/user/UserMapper.xml @@ -29,6 +29,7 @@ + @@ -62,6 +63,7 @@ username, password_hash, password_salt, + password_date, disabled, expired, access_window_start, @@ -86,6 +88,7 @@ username, password_hash, password_salt, + password_date, disabled, expired, access_window_start, @@ -113,6 +116,7 @@ username, password_hash, password_salt, + password_date, disabled, expired, access_window_start, @@ -140,6 +144,7 @@ username, password_hash, password_salt, + password_date, disabled, expired, access_window_start, @@ -152,6 +157,7 @@ #{object.identifier,jdbcType=VARCHAR}, #{object.passwordHash,jdbcType=BINARY}, #{object.passwordSalt,jdbcType=BINARY}, + #{object.passwordDate,jdbcType=TIMESTAMP}, #{object.disabled,jdbcType=BOOLEAN}, #{object.expired,jdbcType=BOOLEAN}, #{object.accessWindowStart,jdbcType=TIME}, @@ -168,6 +174,7 @@ UPDATE guacamole_user SET password_hash = #{object.passwordHash,jdbcType=BINARY}, password_salt = #{object.passwordSalt,jdbcType=BINARY}, + password_date = #{object.passwordDate,jdbcType=TIMESTAMP}, disabled = #{object.disabled,jdbcType=BOOLEAN}, expired = #{object.expired,jdbcType=BOOLEAN}, access_window_start = #{object.accessWindowStart,jdbcType=TIME},