GUAC-1176: Add password confirmation to reset procedure.

2025-09-06 13:17:41 +00:00 · 2015-06-03 16:52:20 -07:00
parent 4c0cf58d9f
commit a3d3203211
3 changed files with 39 additions and 9 deletions
--- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/user/UserContextService.java
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/user/UserContextService.java
@@ -62,17 +62,29 @@ public class UserContextService  {
    private Provider<UserContext> userContextProvider;

    /**
-     * The name of the HTTP parameter to expect if the user is changing their
-     * expired password upon login.
+     * The name of the HTTP password parameter to expect if the user is
+     * changing their expired password upon login.
     */
    private static final String NEW_PASSWORD_PARAMETER = "new-password";

    /**
-     * The field to provide the user when their password is expired and must
-     * be changed.
+     * The password field to provide the user when their password is expired
+     * and must be changed.
     */
    private static final Field NEW_PASSWORD = new Field(NEW_PASSWORD_PARAMETER, "New password", Field.Type.PASSWORD);

+    /**
+     * The name of the HTTP password confirmation parameter to expect if the
+     * user is changing their expired password upon login.
+     */
+    private static final String CONFIRM_NEW_PASSWORD_PARAMETER = "confirm-new-password";
+
+    /**
+     * The password confirmation field to provide the user when their password
+     * is expired and must be changed.
+     */
+    private static final Field CONFIRM_NEW_PASSWORD = new Field(CONFIRM_NEW_PASSWORD_PARAMETER, "Confirm new password", Field.Type.PASSWORD);
+
    /**
     * Information describing the expected credentials if a user's password is
     * expired. If a user's password is expired, it must be changed during the
@@ -81,7 +93,8 @@ public class UserContextService  {
    private static final CredentialsInfo EXPIRED_PASSWORD = new CredentialsInfo(Arrays.asList(
        CredentialsInfo.USERNAME,
        CredentialsInfo.PASSWORD,
-        NEW_PASSWORD
+        NEW_PASSWORD,
+        CONFIRM_NEW_PASSWORD
    ));

    /**
@@ -115,9 +128,10 @@ public class UserContextService  {
                // Pull new password from HTTP request
                HttpServletRequest request = credentials.getRequest();
                String newPassword = request.getParameter(NEW_PASSWORD_PARAMETER);
+                String confirmNewPassword = request.getParameter(CONFIRM_NEW_PASSWORD_PARAMETER);

                // Require new password if account is expired
-                if (newPassword == null) {
+                if (newPassword == null || confirmNewPassword == null) {
                    logger.info("The password of user \"{}\" has expired and must be reset.", user.getIdentifier());
                    throw new GuacamoleInsufficientCredentialsException("Password expired", EXPIRED_PASSWORD);
                }
@@ -130,6 +144,10 @@ public class UserContextService  {
                if (newPassword.isEmpty())
                    throw new GuacamoleClientException("LOGIN.ERROR_PASSWORD_BLANK");

+                // Confirm that the password was entered correctly twice
+                if (!newPassword.equals(confirmNewPassword))
+                    throw new GuacamoleClientException("LOGIN.ERROR_PASSWORD_MISMATCH");
+
                // STUB: Change password if new password given
                logger.info("Resetting expired password of user \"{}\".", user.getIdentifier());

--- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/resources/translations/en.json
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/resources/translations/en.json
@@ -1,8 +1,14 @@
 {

    "LOGIN" : {
-        "ERROR_PASSWORD_BLANK" : "@:APP.ERROR_PASSWORD_BLANK",
-        "ERROR_PASSWORD_SAME"  : "The new password must be different from the expired password."
+
+        "ERROR_PASSWORD_BLANK"    : "@:APP.ERROR_PASSWORD_BLANK",
+        "ERROR_PASSWORD_SAME"     : "The new password must be different from the expired password.",
+        "ERROR_PASSWORD_MISMATCH" : "@:APP.ERROR_PASSWORD_MISMATCH",
+
+        "FIELD_HEADER_NEW_PASSWORD"         : "New password",
+        "FIELD_HEADER_CONFIRM_NEW_PASSWORD" : "Confirm new password"
+
    },

    "USER_ATTRIBUTES" : {
--- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/resources/translations/ru_RU.json
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/resources/translations/ru_RU.json
@@ -1,7 +1,13 @@
 {

    "LOGIN" : {
-        "ERROR_PASSWORD_BLANK" : "@:APP.ERROR_PASSWORD_BLANK"
+
+        "ERROR_PASSWORD_BLANK"    : "@:APP.ERROR_PASSWORD_BLANK",
+        "ERROR_PASSWORD_MISMATCH" : "@:APP.ERROR_PASSWORD_MISMATCH",
+
+        "FIELD_HEADER_NEW_PASSWORD"         : "Новый пароль",
+        "FIELD_HEADER_CONFIRM_NEW_PASSWORD" : "Подтверждение пароля"
+
    }

 }