Index: lams_admin/conf/language/lams/ApplicationResources.properties
===================================================================
diff -u -rd4e455d6806b6c48cca0b6e8ee87f256a92f123a -r26a83b93c1ce8fa610895f50b57d44d6b7cc11db
--- lams_admin/conf/language/lams/ApplicationResources.properties (.../ApplicationResources.properties) (revision d4e455d6806b6c48cca0b6e8ee87f256a92f123a)
+++ lams_admin/conf/language/lams/ApplicationResources.properties (.../ApplicationResources.properties) (revision 26a83b93c1ce8fa610895f50b57d44d6b7cc11db)
@@ -473,6 +473,7 @@
label.password.must.ucase = at least 1 upper case letter
label.password.must.number = at least 1 number
label.password.must.symbol = at least 1 symbol
+label.password.user.details = must not be the same as user login, ID, email or names
sysadmin.batch.preview.lesson.delete = Delete old preview lessons
msg.cleanup.preview.lesson.confirm = Are you sure you want to delete all preview lessons?
msg.cleanup.preview.lesson.error = Error while deleting preview lessons
Index: lams_admin/src/java/org/lamsfoundation/lams/admin/service/ImportService.java
===================================================================
diff -u -r4c272c96c3885f945357ffff697c662ff04d2e75 -r26a83b93c1ce8fa610895f50b57d44d6b7cc11db
--- lams_admin/src/java/org/lamsfoundation/lams/admin/service/ImportService.java (.../ImportService.java) (revision 4c272c96c3885f945357ffff697c662ff04d2e75)
+++ lams_admin/src/java/org/lamsfoundation/lams/admin/service/ImportService.java (.../ImportService.java) (revision 26a83b93c1ce8fa610895f50b57d44d6b7cc11db)
@@ -493,8 +493,6 @@
return null;
}
- service.updatePassword(user, password);
-
user.setTitle(parseStringCell(row.getCell(ImportService.TITLE)));
String firstName = parseStringCell(row.getCell(ImportService.FIRST_NAME));
@@ -571,6 +569,15 @@
user.setLocale(locale);
}
+ if (!ValidationUtil.isPasswordNotUserDetails(password, user)) {
+ rowResult.add(messageService.getMessage("label.password.restrictions"));
+ hasError = true;
+ }
+
+ if (hasError) {
+ return null;
+ }
+
user.setAddressLine1(parseStringCell(row.getCell(ImportService.ADDRESS1)));
user.setAddressLine2(parseStringCell(row.getCell(ImportService.ADDRESS2)));
user.setAddressLine3(parseStringCell(row.getCell(ImportService.ADDRESS3)));
@@ -588,7 +595,9 @@
user.setTimeZone(timezoneService.getServerTimezone().getTimezoneId());
user.setFirstLogin(true);
- return (hasError ? null : user);
+ service.updatePassword(user, password);
+
+ return user;
}
/*
Index: lams_admin/src/java/org/lamsfoundation/lams/admin/web/controller/OrgPasswordChangeController.java
===================================================================
diff -u -r4c272c96c3885f945357ffff697c662ff04d2e75 -r26a83b93c1ce8fa610895f50b57d44d6b7cc11db
--- lams_admin/src/java/org/lamsfoundation/lams/admin/web/controller/OrgPasswordChangeController.java (.../OrgPasswordChangeController.java) (revision 4c272c96c3885f945357ffff697c662ff04d2e75)
+++ lams_admin/src/java/org/lamsfoundation/lams/admin/web/controller/OrgPasswordChangeController.java (.../OrgPasswordChangeController.java) (revision 26a83b93c1ce8fa610895f50b57d44d6b7cc11db)
@@ -246,6 +246,9 @@
UserDTO currentUserDTO = getUserDTO();
User currentUser = (User) userManagementService.findById(User.class, currentUserDTO.getUserID());
for (User user : users) {
+ if (!ValidationUtil.isPasswordNotUserDetails(password, user)) {
+ throw new InvalidParameterException("Password is the same as user details");
+ }
// either we work with white list or black list
if (includedUsers == null) {
boolean excluded = false;
Index: lams_admin/src/java/org/lamsfoundation/lams/admin/web/controller/UserSaveController.java
===================================================================
diff -u -r4c272c96c3885f945357ffff697c662ff04d2e75 -r26a83b93c1ce8fa610895f50b57d44d6b7cc11db
--- lams_admin/src/java/org/lamsfoundation/lams/admin/web/controller/UserSaveController.java (.../UserSaveController.java) (revision 4c272c96c3885f945357ffff697c662ff04d2e75)
+++ lams_admin/src/java/org/lamsfoundation/lams/admin/web/controller/UserSaveController.java (.../UserSaveController.java) (revision 26a83b93c1ce8fa610895f50b57d44d6b7cc11db)
@@ -23,7 +23,6 @@
package org.lamsfoundation.lams.admin.web.controller;
-import java.time.LocalDateTime;
import java.util.Arrays;
import java.util.Date;
@@ -44,7 +43,6 @@
import org.lamsfoundation.lams.usermanagement.User;
import org.lamsfoundation.lams.usermanagement.dto.UserDTO;
import org.lamsfoundation.lams.usermanagement.service.IUserManagementService;
-import org.lamsfoundation.lams.util.HashUtil;
import org.lamsfoundation.lams.util.MessageService;
import org.lamsfoundation.lams.util.ValidationUtil;
import org.lamsfoundation.lams.util.WebUtil;
@@ -212,17 +210,16 @@
errorMap.add("password", messageService.getMessage("error.newpassword.mismatch"));
}
if (!ValidationUtil.isPasswordValueValid(password, password2)) {
- errorMap.add("password", messageService.getMessage("error.newpassword.mismatch"));
+ errorMap.add("password", messageService.getMessage("label.password.restrictions"));
}
if (errorMap.isEmpty()) {
user = new User();
- String salt = HashUtil.salt();
- String passwordHash = HashUtil.sha256(userForm.getPassword(), salt);
BeanUtils.copyProperties(user, userForm);
- user.setSalt(salt);
- user.setPassword(passwordHash);
- user.setPasswordChangeDate(LocalDateTime.now());
+ if (!ValidationUtil.isPasswordNotUserDetails(password, user)) {
+ errorMap.add("password", messageService.getMessage("label.password.restrictions"));
+ }
+
log.debug("creating user... new login: " + user.getLogin());
user.setDisabledFlag(false);
@@ -243,6 +240,7 @@
user.setTheme(theme);
userManagementService.saveUser(user);
+ userManagementService.updatePassword(user, password);
// make 'create user' audit log entry
userManagementService.logUserCreated(user, sysadmin);
@@ -311,12 +309,14 @@
if (!StringUtils.equals(password, password2)) {
errorMap.add("password", messageService.getMessage("error.newpassword.mismatch"));
}
- if (!ValidationUtil.isPasswordValueValid(password, password2)) {
+
+ User user = (User) userManagementService.findById(User.class, userId);
+ if (!ValidationUtil.isPasswordValueValid(password, password2, user)) {
errorMap.add("password", messageService.getMessage("label.password.restrictions"));
}
if (errorMap.isEmpty()) {
- User user = (User) userManagementService.findById(User.class, userId);
+
userManagementService.updatePassword(user, password);
userManagementService.logPasswordChanged(user, sysadmin);
return "forward:/user/edit.do";
Index: lams_admin/web/import/importexcel.jsp
===================================================================
diff -u -r0559504eae34958a1b85105cedeff10e591a52cf -r26a83b93c1ce8fa610895f50b57d44d6b7cc11db
--- lams_admin/web/import/importexcel.jsp (.../importexcel.jsp) (revision 0559504eae34958a1b85105cedeff10e591a52cf)
+++ lams_admin/web/import/importexcel.jsp (.../importexcel.jsp) (revision 26a83b93c1ce8fa610895f50b57d44d6b7cc11db)
@@ -178,6 +178,9 @@
+
+
+
Index: lams_admin/web/orgPasswordChange.jsp
===================================================================
diff -u -r1ef1213820fe7ff7c6f4a9238b3f489a25012c63 -r26a83b93c1ce8fa610895f50b57d44d6b7cc11db
--- lams_admin/web/orgPasswordChange.jsp (.../orgPasswordChange.jsp) (revision 1ef1213820fe7ff7c6f4a9238b3f489a25012c63)
+++ lams_admin/web/orgPasswordChange.jsp (.../orgPasswordChange.jsp) (revision 26a83b93c1ce8fa610895f50b57d44d6b7cc11db)
@@ -373,6 +373,10 @@
+
+
+
+
Index: lams_admin/web/user.jsp
===================================================================
diff -u -r3a4e0fbc4b00ff567f1dc7561cf9596fedab7c8e -r26a83b93c1ce8fa610895f50b57d44d6b7cc11db
--- lams_admin/web/user.jsp (.../user.jsp) (revision 3a4e0fbc4b00ff567f1dc7561cf9596fedab7c8e)
+++ lams_admin/web/user.jsp (.../user.jsp) (revision 26a83b93c1ce8fa610895f50b57d44d6b7cc11db)
@@ -239,6 +239,11 @@
+
+
+
+
+
Index: lams_admin/web/userChangePass.jsp
===================================================================
diff -u -re6dc4db4137cfd6b07a4aa79711b9d12b39fb78e -r26a83b93c1ce8fa610895f50b57d44d6b7cc11db
--- lams_admin/web/userChangePass.jsp (.../userChangePass.jsp) (revision e6dc4db4137cfd6b07a4aa79711b9d12b39fb78e)
+++ lams_admin/web/userChangePass.jsp (.../userChangePass.jsp) (revision 26a83b93c1ce8fa610895f50b57d44d6b7cc11db)
@@ -104,6 +104,9 @@
:
+ -
+
+
-
@@ -128,6 +131,11 @@
-
+
+ -
+
+
+
Index: lams_central/conf/language/lams/ApplicationResources.properties
===================================================================
diff -u -rd4e455d6806b6c48cca0b6e8ee87f256a92f123a -r26a83b93c1ce8fa610895f50b57d44d6b7cc11db
--- lams_central/conf/language/lams/ApplicationResources.properties (.../ApplicationResources.properties) (revision d4e455d6806b6c48cca0b6e8ee87f256a92f123a)
+++ lams_central/conf/language/lams/ApplicationResources.properties (.../ApplicationResources.properties) (revision 26a83b93c1ce8fa610895f50b57d44d6b7cc11db)
@@ -414,6 +414,7 @@
label.password.must.ucase = at least 1 upper case letter
label.password.must.number = at least 1 number
label.password.must.symbol = at least 1 symbol
+label.password.user.details = must not be the same as user login, ID, email or names
label.password.history = must not be the same as last {0} passwords
label.create.lesson = Create new lesson
label.organisations = Select course with the lessons that needs to be export
Index: lams_central/src/java/org/lamsfoundation/lams/web/PasswordChangeController.java
===================================================================
diff -u -rd4e455d6806b6c48cca0b6e8ee87f256a92f123a -r26a83b93c1ce8fa610895f50b57d44d6b7cc11db
--- lams_central/src/java/org/lamsfoundation/lams/web/PasswordChangeController.java (.../PasswordChangeController.java) (revision d4e455d6806b6c48cca0b6e8ee87f256a92f123a)
+++ lams_central/src/java/org/lamsfoundation/lams/web/PasswordChangeController.java (.../PasswordChangeController.java) (revision 26a83b93c1ce8fa610895f50b57d44d6b7cc11db)
@@ -103,7 +103,7 @@
errorMap.add("password", messageService.getMessage("error.password.empty"));
PasswordChangeController.log.debug("new password cannot be empty");
}
- if (!ValidationUtil.isPasswordValueValid(password, passwordConfirm)) {
+ if (!ValidationUtil.isPasswordValueValid(password, passwordConfirm, user)) {
errorMap.add("password", messageService.getMessage("label.password.restrictions"));
PasswordChangeController.log.debug("Password must follow the restrictions");
}
Index: lams_central/src/java/org/lamsfoundation/lams/web/controller/SignupController.java
===================================================================
diff -u -r4c272c96c3885f945357ffff697c662ff04d2e75 -r26a83b93c1ce8fa610895f50b57d44d6b7cc11db
--- lams_central/src/java/org/lamsfoundation/lams/web/controller/SignupController.java (.../SignupController.java) (revision 4c272c96c3885f945357ffff697c662ff04d2e75)
+++ lams_central/src/java/org/lamsfoundation/lams/web/controller/SignupController.java (.../SignupController.java) (revision 26a83b93c1ce8fa610895f50b57d44d6b7cc11db)
@@ -2,7 +2,6 @@
import java.io.UnsupportedEncodingException;
import java.net.URLEncoder;
-import java.time.LocalDateTime;
import javax.mail.MessagingException;
import javax.mail.internet.AddressException;
@@ -37,14 +36,14 @@
@RequestMapping("/signup")
public class SignupController {
private static Logger log = Logger.getLogger(SignupController.class);
-
+
@Autowired
private ISignupService signupService;
@Autowired
@Qualifier("centralMessageService")
private MessageService messageService;
@Autowired
- private ITimezoneService timezoneService ;
+ private ITimezoneService timezoneService;
@RequestMapping("init")
public String execute(@ModelAttribute("SignupForm") SignupForm signupForm, HttpServletRequest request,
@@ -58,9 +57,9 @@
request.setAttribute("messageKey", "no.such.signup.page.exist");
return "msgContent";
}
-
+
request.setAttribute("countryCodes", LanguageUtil.getCountryCodes(true));
-
+
request.setAttribute("signupOrganisation", signupOrganisation);
return "signup/signup";
}
@@ -89,14 +88,18 @@
user.setEmail(signupForm.getEmail());
user.setCountry(signupForm.getCountry());
user.setTimeZone(timezoneService.getServerTimezone().getTimezoneId());
- String salt = HashUtil.salt();
- user.setSalt(salt);
- user.setPassword(HashUtil.sha256(signupForm.getPassword(), salt));
- user.setPasswordChangeDate(LocalDateTime.now());
+
+ if (!ValidationUtil.isPasswordNotUserDetails(signupForm.getPassword(), user)) {
+ errorMap.add("password", messageService.getMessage("label.password.restrictions"));
+ request.setAttribute("countryCodes", LanguageUtil.getCountryCodes(true));
+ request.setAttribute("errorMap", errorMap);
+ return "signup/signup";
+ }
+
if (emailVerify) {
user.setEmailVerified(false);
user.setDisabledFlag(true);
- signupService.signupUser(user, signupForm.getContext());
+ signupService.signupUser(user, signupForm.getPassword(), signupForm.getContext());
try {
sendVerificationEmail(user);
} catch (Exception e) {
@@ -107,7 +110,7 @@
return "/signup/emailVerifyResult";
} else {
user.setDisabledFlag(false);
- signupService.signupUser(user, signupForm.getContext());
+ signupService.signupUser(user, signupForm.getPassword(), signupForm.getContext());
try {
sendWelcomeEmail(user);
} catch (Exception e) {
Index: lams_central/web/forgotPasswordChange.jsp
===================================================================
diff -u -rc658209fd585646c7a3848e0e40e844f86074a2c -r26a83b93c1ce8fa610895f50b57d44d6b7cc11db
--- lams_central/web/forgotPasswordChange.jsp (.../forgotPasswordChange.jsp) (revision c658209fd585646c7a3848e0e40e844f86074a2c)
+++ lams_central/web/forgotPasswordChange.jsp (.../forgotPasswordChange.jsp) (revision 26a83b93c1ce8fa610895f50b57d44d6b7cc11db)
@@ -104,6 +104,7 @@
:
+
-
@@ -124,6 +125,9 @@
-
+ -
+
+
Index: lams_central/web/passwordChangeContent.jsp
===================================================================
diff -u -rd4e455d6806b6c48cca0b6e8ee87f256a92f123a -r26a83b93c1ce8fa610895f50b57d44d6b7cc11db
--- lams_central/web/passwordChangeContent.jsp (.../passwordChangeContent.jsp) (revision d4e455d6806b6c48cca0b6e8ee87f256a92f123a)
+++ lams_central/web/passwordChangeContent.jsp (.../passwordChangeContent.jsp) (revision 26a83b93c1ce8fa610895f50b57d44d6b7cc11db)
@@ -138,6 +138,9 @@
+
+
+
Index: lams_central/web/signup/singupTab.jsp
===================================================================
diff -u -r77888feae179cad9aab3bfc68b7c58d76c81eabe -r26a83b93c1ce8fa610895f50b57d44d6b7cc11db
--- lams_central/web/signup/singupTab.jsp (.../singupTab.jsp) (revision 77888feae179cad9aab3bfc68b7c58d76c81eabe)
+++ lams_central/web/signup/singupTab.jsp (.../singupTab.jsp) (revision 26a83b93c1ce8fa610895f50b57d44d6b7cc11db)
@@ -183,6 +183,9 @@
+
+
+
Index: lams_common/src/java/org/lamsfoundation/lams/signup/service/ISignupService.java
===================================================================
diff -u -re952488de6475350bc2fab3272b5350b3a7a6d51 -r26a83b93c1ce8fa610895f50b57d44d6b7cc11db
--- lams_common/src/java/org/lamsfoundation/lams/signup/service/ISignupService.java (.../ISignupService.java) (revision e952488de6475350bc2fab3272b5350b3a7a6d51)
+++ lams_common/src/java/org/lamsfoundation/lams/signup/service/ISignupService.java (.../ISignupService.java) (revision 26a83b93c1ce8fa610895f50b57d44d6b7cc11db)
@@ -30,7 +30,7 @@
public interface ISignupService {
- void signupUser(User user, String context);
+ void signupUser(User user, String password, String context);
SignupOrganisation getSignupOrganisation(String context);
Index: lams_common/src/java/org/lamsfoundation/lams/signup/service/SignupService.java
===================================================================
diff -u -rf30bbddfb24ca43e7a57fc79f8628b67911df505 -r26a83b93c1ce8fa610895f50b57d44d6b7cc11db
--- lams_common/src/java/org/lamsfoundation/lams/signup/service/SignupService.java (.../SignupService.java) (revision f30bbddfb24ca43e7a57fc79f8628b67911df505)
+++ lams_common/src/java/org/lamsfoundation/lams/signup/service/SignupService.java (.../SignupService.java) (revision 26a83b93c1ce8fa610895f50b57d44d6b7cc11db)
@@ -33,14 +33,16 @@
private ILessonService lessonService;
@Override
- public void signupUser(User user, String context) {
+ public void signupUser(User user, String password, String context) {
// save User
user.setTheme(userManagementService.getDefaultTheme());
user.setAuthenticationMethod(getAuthenticationMethod(AuthenticationMethod.DB));
user.setLocale(getDefaultLocale());
user.setCreateDate(new Date());
userManagementService.saveUser(user);
+ userManagementService.updatePassword(user, password);
+
// add to org
SignupOrganisation signup = signupDAO.getSignupOrganisation(context);
Index: lams_common/src/java/org/lamsfoundation/lams/util/ValidationUtil.java
===================================================================
diff -u -rd4e455d6806b6c48cca0b6e8ee87f256a92f123a -r26a83b93c1ce8fa610895f50b57d44d6b7cc11db
--- lams_common/src/java/org/lamsfoundation/lams/util/ValidationUtil.java (.../ValidationUtil.java) (revision d4e455d6806b6c48cca0b6e8ee87f256a92f123a)
+++ lams_common/src/java/org/lamsfoundation/lams/util/ValidationUtil.java (.../ValidationUtil.java) (revision 26a83b93c1ce8fa610895f50b57d44d6b7cc11db)
@@ -27,6 +27,7 @@
import java.util.regex.Pattern;
import org.apache.commons.lang.StringUtils;
+import org.lamsfoundation.lams.usermanagement.User;
/**
* Utility methods for String validation.
@@ -83,7 +84,11 @@
}
public static boolean isPasswordValueValid(String password, String password2) {
+ return ValidationUtil.isPasswordValueValid(password, password2, null);
+ }
+ public static boolean isPasswordValueValid(String password, String password2, User user) {
+
if (password == null || password2 == null || !password.equals(password2)) {
return false;
}
@@ -137,6 +142,32 @@
}
+ return ValidationUtil.isPasswordNotUserDetails(password, user);
+ }
+
+ /**
+ * Checks if password is not the same as user ID, login, email or names.
+ */
+ public static boolean isPasswordNotUserDetails(String password, User user) {
+ if (user == null || StringUtils.isBlank(password)) {
+ return true;
+ }
+ if (user.getUserId() != null && password.equals(user.getUserId().toString())) {
+ return false;
+ }
+ if (StringUtils.isNotBlank(user.getLogin()) && password.equalsIgnoreCase(user.getLogin().trim())) {
+ return false;
+ }
+ if (StringUtils.isNotBlank(user.getEmail()) && password.equalsIgnoreCase(user.getEmail().trim())) {
+ return false;
+ }
+ if (StringUtils.isNotBlank(user.getFirstName()) && password.equalsIgnoreCase(user.getFirstName().trim())) {
+ return false;
+ }
+ if (StringUtils.isNotBlank(user.getLastName()) && password.equalsIgnoreCase(user.getLastName().trim())) {
+ return false;
+ }
+
return true;
}