diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/user/UserContextService.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/user/UserContextService.java index 131cd19ce..9aae125b6 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/user/UserContextService.java +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/user/UserContextService.java @@ -62,17 +62,29 @@ public class UserContextService { private Provider userContextProvider; /** - * The name of the HTTP parameter to expect if the user is changing their - * expired password upon login. + * The name of the HTTP password parameter to expect if the user is + * changing their expired password upon login. */ private static final String NEW_PASSWORD_PARAMETER = "new-password"; /** - * The field to provide the user when their password is expired and must - * be changed. + * The password field to provide the user when their password is expired + * and must be changed. */ private static final Field NEW_PASSWORD = new Field(NEW_PASSWORD_PARAMETER, "New password", Field.Type.PASSWORD); + /** + * The name of the HTTP password confirmation parameter to expect if the + * user is changing their expired password upon login. + */ + private static final String CONFIRM_NEW_PASSWORD_PARAMETER = "confirm-new-password"; + + /** + * The password confirmation field to provide the user when their password + * is expired and must be changed. + */ + private static final Field CONFIRM_NEW_PASSWORD = new Field(CONFIRM_NEW_PASSWORD_PARAMETER, "Confirm new password", Field.Type.PASSWORD); + /** * Information describing the expected credentials if a user's password is * expired. If a user's password is expired, it must be changed during the @@ -81,7 +93,8 @@ public class UserContextService { private static final CredentialsInfo EXPIRED_PASSWORD = new CredentialsInfo(Arrays.asList( CredentialsInfo.USERNAME, CredentialsInfo.PASSWORD, - NEW_PASSWORD + NEW_PASSWORD, + CONFIRM_NEW_PASSWORD )); /** @@ -115,9 +128,10 @@ public class UserContextService { // Pull new password from HTTP request HttpServletRequest request = credentials.getRequest(); String newPassword = request.getParameter(NEW_PASSWORD_PARAMETER); + String confirmNewPassword = request.getParameter(CONFIRM_NEW_PASSWORD_PARAMETER); // Require new password if account is expired - if (newPassword == null) { + if (newPassword == null || confirmNewPassword == null) { logger.info("The password of user \"{}\" has expired and must be reset.", user.getIdentifier()); throw new GuacamoleInsufficientCredentialsException("Password expired", EXPIRED_PASSWORD); } @@ -130,6 +144,10 @@ public class UserContextService { if (newPassword.isEmpty()) throw new GuacamoleClientException("LOGIN.ERROR_PASSWORD_BLANK"); + // Confirm that the password was entered correctly twice + if (!newPassword.equals(confirmNewPassword)) + throw new GuacamoleClientException("LOGIN.ERROR_PASSWORD_MISMATCH"); + // STUB: Change password if new password given logger.info("Resetting expired password of user \"{}\".", user.getIdentifier()); diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/resources/translations/en.json b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/resources/translations/en.json index 2a4098d9a..6bf4fb97b 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/resources/translations/en.json +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/resources/translations/en.json @@ -1,8 +1,14 @@ { "LOGIN" : { - "ERROR_PASSWORD_BLANK" : "@:APP.ERROR_PASSWORD_BLANK", - "ERROR_PASSWORD_SAME" : "The new password must be different from the expired password." + + "ERROR_PASSWORD_BLANK" : "@:APP.ERROR_PASSWORD_BLANK", + "ERROR_PASSWORD_SAME" : "The new password must be different from the expired password.", + "ERROR_PASSWORD_MISMATCH" : "@:APP.ERROR_PASSWORD_MISMATCH", + + "FIELD_HEADER_NEW_PASSWORD" : "New password", + "FIELD_HEADER_CONFIRM_NEW_PASSWORD" : "Confirm new password" + }, "USER_ATTRIBUTES" : { diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/resources/translations/ru_RU.json b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/resources/translations/ru_RU.json index 30a0c2ad6..4811b495e 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/resources/translations/ru_RU.json +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/resources/translations/ru_RU.json @@ -1,7 +1,13 @@ { "LOGIN" : { - "ERROR_PASSWORD_BLANK" : "@:APP.ERROR_PASSWORD_BLANK" + + "ERROR_PASSWORD_BLANK" : "@:APP.ERROR_PASSWORD_BLANK", + "ERROR_PASSWORD_MISMATCH" : "@:APP.ERROR_PASSWORD_MISMATCH", + + "FIELD_HEADER_NEW_PASSWORD" : "Новый пароль", + "FIELD_HEADER_CONFIRM_NEW_PASSWORD" : "Подтверждение пароля" + } }