GUACAMOLE-36: Add password reset date to schema.

extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/user/UserModel.java

@@ -21,6 +21,7 @@ package org.apache.guacamole.auth.jdbc.user;
 
 import java.sql.Date;
 import java.sql.Time;
+import java.sql.Timestamp;
 import org.apache.guacamole.auth.jdbc.base.ObjectModel;
 
 /**
@@ -41,6 +42,11 @@ public class UserModel extends ObjectModel {
      */
     private byte[] passwordSalt;
 
+    /**
+     * The time this user's password was last reset.
+     */
+    private Timestamp passwordDate;
+
     /**
      * Whether the user account is disabled. Disabled accounts exist and can
      * be modified, but cannot be used.
@@ -143,6 +149,30 @@ public class UserModel extends ObjectModel {
         this.passwordSalt = passwordSalt;
     }
 
+    /**
+     * Returns the date that this user's password was last set/reset. This
+     * value is required to be manually updated whenever the user's password is
+     * changed; it will not be automatically updated by the database.
+     *
+     * @return
+     *     The date that this user's password was last set/reset.
+     */
+    public Timestamp getPasswordDate() {
+        return passwordDate;
+    }
+
+    /**
+     * Sets the date that this user's password was last set/reset. This
+     * value is required to be manually updated whenever the user's password is
+     * changed; it will not be automatically updated by the database.
+     *
+     * @param passwordDate
+     *     The date that this user's password was last set/reset.
+     */
+    public void setPasswordDate(Timestamp passwordDate) {
+        this.passwordDate = passwordDate;
+    }
+
     /**
      * Returns whether the user has been disabled. Disabled users are not
      * allowed to login. Although their account data exists, all login attempts

extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/schema/001-create-schema.sql

@@ -85,6 +85,7 @@ CREATE TABLE `guacamole_user` (
   `username`      varchar(128) NOT NULL,
   `password_hash` binary(32)   NOT NULL,
   `password_salt` binary(32),
+  `password_date` datetime     NOT NULL DEFAULT CURRENT_TIMESTAMP,
 
   -- Account disabled/expired status
   `disabled`      boolean      NOT NULL DEFAULT 0,

extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/schema/upgrade/upgrade-pre-0.9.11.sql

@@ -0,0 +1,25 @@
+--
+-- Licensed to the Apache Software Foundation (ASF) under one
+-- or more contributor license agreements.  See the NOTICE file
+-- distributed with this work for additional information
+-- regarding copyright ownership.  The ASF licenses this file
+-- to you under the Apache License, Version 2.0 (the
+-- "License"); you may not use this file except in compliance
+-- with the License.  You may obtain a copy of the License at
+--
+--   http://www.apache.org/licenses/LICENSE-2.0
+--
+-- Unless required by applicable law or agreed to in writing,
+-- software distributed under the License is distributed on an
+-- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+-- KIND, either express or implied.  See the License for the
+-- specific language governing permissions and limitations
+-- under the License.
+--
+
+--
+-- Add per-user password set date
+--
+
+ALTER TABLE guacamole_user
+    ADD COLUMN password_date DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP;

extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/apache/guacamole/auth/jdbc/user/UserMapper.xml

@@ -29,6 +29,7 @@
         <result column="username"            property="identifier"        jdbcType="VARCHAR"/>
         <result column="password_hash"       property="passwordHash"      jdbcType="BINARY"/>
         <result column="password_salt"       property="passwordSalt"      jdbcType="BINARY"/>
+        <result column="password_date"       property="passwordDate"      jdbcType="TIMESTAMP"/>
         <result column="disabled"            property="disabled"          jdbcType="BOOLEAN"/>
         <result column="access_window_start" property="accessWindowStart" jdbcType="TIME"/>
         <result column="access_window_end"   property="accessWindowEnd"   jdbcType="TIME"/>
@@ -61,6 +62,7 @@
             username,
             password_hash,
             password_salt,
+            password_date,
             disabled,
             expired,
             access_window_start,
@@ -85,6 +87,7 @@
             username,
             password_hash,
             password_salt,
+            password_date,
             disabled,
             expired,
             access_window_start,
@@ -112,6 +115,7 @@
             username,
             password_hash,
             password_salt,
+            password_date,
             disabled,
             expired,
             access_window_start,
@@ -139,6 +143,7 @@
             username,
             password_hash,
             password_salt,
+            password_date,
             disabled,
             expired,
             access_window_start,
@@ -151,6 +156,7 @@
             #{object.identifier,jdbcType=VARCHAR},
             #{object.passwordHash,jdbcType=BINARY},
             #{object.passwordSalt,jdbcType=BINARY},
+            #{object.passwordDate,jdbcType=TIMESTAMP},
             #{object.disabled,jdbcType=BOOLEAN},
             #{object.expired,jdbcType=BOOLEAN},
             #{object.accessWindowStart,jdbcType=TIME},
@@ -167,6 +173,7 @@
         UPDATE guacamole_user
         SET password_hash = #{object.passwordHash,jdbcType=BINARY},
             password_salt = #{object.passwordSalt,jdbcType=BINARY},
+            password_date = #{object.passwordDate,jdbcType=TIMESTAMP},
             disabled = #{object.disabled,jdbcType=BOOLEAN},
             expired = #{object.expired,jdbcType=BOOLEAN},
             access_window_start = #{object.accessWindowStart,jdbcType=TIME},

extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/schema/001-create-schema.sql

@@ -126,6 +126,7 @@ CREATE TABLE guacamole_user (
   username      varchar(128) NOT NULL,
   password_hash bytea        NOT NULL,
   password_salt bytea,
+  password_date timestamptz  NOT NULL DEFAULT CURRENT_TIMESTAMP,
 
   -- Account disabled/expired status
   disabled      boolean      NOT NULL DEFAULT FALSE,

extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/schema/upgrade/upgrade-pre-0.9.11.sql

@@ -0,0 +1,25 @@
+--
+-- Licensed to the Apache Software Foundation (ASF) under one
+-- or more contributor license agreements.  See the NOTICE file
+-- distributed with this work for additional information
+-- regarding copyright ownership.  The ASF licenses this file
+-- to you under the Apache License, Version 2.0 (the
+-- "License"); you may not use this file except in compliance
+-- with the License.  You may obtain a copy of the License at
+--
+--   http://www.apache.org/licenses/LICENSE-2.0
+--
+-- Unless required by applicable law or agreed to in writing,
+-- software distributed under the License is distributed on an
+-- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+-- KIND, either express or implied.  See the License for the
+-- specific language governing permissions and limitations
+-- under the License.
+--
+
+--
+-- Add per-user password set date
+--
+
+ALTER TABLE guacamole_user
+    ADD COLUMN password_date timestamptz NOT NULL DEFAULT CURRENT_TIMESTAMP;

extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/user/UserMapper.xml

@@ -29,6 +29,7 @@
         <result column="username"            property="identifier"        jdbcType="VARCHAR"/>
         <result column="password_hash"       property="passwordHash"      jdbcType="BINARY"/>
         <result column="password_salt"       property="passwordSalt"      jdbcType="BINARY"/>
+        <result column="password_date"       property="passwordDate"      jdbcType="TIMESTAMP"/>
         <result column="disabled"            property="disabled"          jdbcType="BOOLEAN"/>
         <result column="expired"             property="expired"           jdbcType="BOOLEAN"/>
         <result column="access_window_start" property="accessWindowStart" jdbcType="TIME"/>
@@ -62,6 +63,7 @@
             username,
             password_hash,
             password_salt,
+            password_date,
             disabled,
             expired,
             access_window_start,
@@ -86,6 +88,7 @@
             username,
             password_hash,
             password_salt,
+            password_date,
             disabled,
             expired,
             access_window_start,
@@ -113,6 +116,7 @@
             username,
             password_hash,
             password_salt,
+            password_date,
             disabled,
             expired,
             access_window_start,
@@ -140,6 +144,7 @@
             username,
             password_hash,
             password_salt,
+            password_date,
             disabled,
             expired,
             access_window_start,
@@ -152,6 +157,7 @@
             #{object.identifier,jdbcType=VARCHAR},
             #{object.passwordHash,jdbcType=BINARY},
             #{object.passwordSalt,jdbcType=BINARY},
+            #{object.passwordDate,jdbcType=TIMESTAMP},
             #{object.disabled,jdbcType=BOOLEAN},
             #{object.expired,jdbcType=BOOLEAN},
             #{object.accessWindowStart,jdbcType=TIME},
@@ -168,6 +174,7 @@
         UPDATE guacamole_user
         SET password_hash = #{object.passwordHash,jdbcType=BINARY},
             password_salt = #{object.passwordSalt,jdbcType=BINARY},
+            password_date = #{object.passwordDate,jdbcType=TIMESTAMP},
             disabled = #{object.disabled,jdbcType=BOOLEAN},
             expired = #{object.expired,jdbcType=BOOLEAN},
             access_window_start = #{object.accessWindowStart,jdbcType=TIME},