Index: lams_admin/src/java/org/lamsfoundation/lams/admin/service/ImportService.java =================================================================== diff -u -r80371e446858031dcb9d7fa4456a79e8ab71693c -r4c272c96c3885f945357ffff697c662ff04d2e75 --- lams_admin/src/java/org/lamsfoundation/lams/admin/service/ImportService.java (.../ImportService.java) (revision 80371e446858031dcb9d7fa4456a79e8ab71693c) +++ lams_admin/src/java/org/lamsfoundation/lams/admin/service/ImportService.java (.../ImportService.java) (revision 4c272c96c3885f945357ffff697c662ff04d2e75) @@ -52,7 +52,6 @@ import org.lamsfoundation.lams.usermanagement.User; import org.lamsfoundation.lams.usermanagement.dto.UserDTO; import org.lamsfoundation.lams.usermanagement.service.IUserManagementService; -import org.lamsfoundation.lams.util.HashUtil; import org.lamsfoundation.lams.util.LanguageUtil; import org.lamsfoundation.lams.util.MessageService; import org.lamsfoundation.lams.util.ValidationUtil; @@ -493,11 +492,9 @@ hasError = true; return null; } - String salt = HashUtil.salt(); - password = HashUtil.sha256(password, salt); - user.setSalt(salt); - user.setPassword(password); + service.updatePassword(user, password); + user.setTitle(parseStringCell(row.getCell(ImportService.TITLE))); String firstName = parseStringCell(row.getCell(ImportService.FIRST_NAME)); Index: lams_admin/src/java/org/lamsfoundation/lams/admin/web/controller/OrgPasswordChangeController.java =================================================================== diff -u -r8ebe651ed3972b4e53c75dd45e9f0ba1f9b63b3d -r4c272c96c3885f945357ffff697c662ff04d2e75 --- lams_admin/src/java/org/lamsfoundation/lams/admin/web/controller/OrgPasswordChangeController.java (.../OrgPasswordChangeController.java) (revision 8ebe651ed3972b4e53c75dd45e9f0ba1f9b63b3d) +++ lams_admin/src/java/org/lamsfoundation/lams/admin/web/controller/OrgPasswordChangeController.java (.../OrgPasswordChangeController.java) (revision 4c272c96c3885f945357ffff697c662ff04d2e75) @@ -25,7 +25,6 @@ import java.io.IOException; import java.security.InvalidParameterException; -import java.time.LocalDateTime; import java.util.Collection; import java.util.HashSet; import java.util.LinkedList; @@ -50,7 +49,6 @@ import org.lamsfoundation.lams.usermanagement.User; import org.lamsfoundation.lams.usermanagement.dto.UserDTO; import org.lamsfoundation.lams.usermanagement.service.IUserManagementService; -import org.lamsfoundation.lams.util.HashUtil; import org.lamsfoundation.lams.util.JsonUtil; import org.lamsfoundation.lams.util.MessageService; import org.lamsfoundation.lams.util.ValidationUtil; @@ -281,14 +279,11 @@ } // change password - String salt = HashUtil.salt(); - user.setSalt(salt); - user.setPassword(HashUtil.sha256(password, salt)); - user.setPasswordChangeDate(LocalDateTime.now()); if (force) { user.setChangePassword(true); } - userManagementService.saveUser(user); + userManagementService.updatePassword(user, password); + log.info("Changed password for user ID " + user.getUserId()); userManagementService.logPasswordChanged(user, currentUser); changedUserIDs.add(user.getUserId()); Index: lams_admin/src/java/org/lamsfoundation/lams/admin/web/controller/UserSaveController.java =================================================================== diff -u -r8ebe651ed3972b4e53c75dd45e9f0ba1f9b63b3d -r4c272c96c3885f945357ffff697c662ff04d2e75 --- lams_admin/src/java/org/lamsfoundation/lams/admin/web/controller/UserSaveController.java (.../UserSaveController.java) (revision 8ebe651ed3972b4e53c75dd45e9f0ba1f9b63b3d) +++ lams_admin/src/java/org/lamsfoundation/lams/admin/web/controller/UserSaveController.java (.../UserSaveController.java) (revision 4c272c96c3885f945357ffff697c662ff04d2e75) @@ -222,32 +222,32 @@ BeanUtils.copyProperties(user, userForm); user.setSalt(salt); user.setPassword(passwordHash); + user.setPasswordChangeDate(LocalDateTime.now()); log.debug("creating user... new login: " + user.getLogin()); - if (errorMap.isEmpty()) { - user.setDisabledFlag(false); - user.setCreateDate(new Date()); - user.setAuthenticationMethod((AuthenticationMethod) userManagementService - .findByProperty(AuthenticationMethod.class, "authenticationMethodName", "LAMS-Database") - .get(0)); - user.setUserId(null); - user.setLocale(locale); - Theme theme = null; - if (userForm.getUserTheme() != null) { - theme = (Theme) userManagementService.findById(Theme.class, userForm.getUserTheme()); - } - if (theme == null) { - theme = userManagementService.getDefaultTheme(); - } - user.setTheme(theme); + user.setDisabledFlag(false); + user.setCreateDate(new Date()); + user.setAuthenticationMethod((AuthenticationMethod) userManagementService + .findByProperty(AuthenticationMethod.class, "authenticationMethodName", "LAMS-Database") + .get(0)); + user.setUserId(null); + user.setLocale(locale); - userManagementService.saveUser(user); + Theme theme = null; + if (userForm.getUserTheme() != null) { + theme = (Theme) userManagementService.findById(Theme.class, userForm.getUserTheme()); + } + if (theme == null) { + theme = userManagementService.getDefaultTheme(); + } + user.setTheme(theme); - // make 'create user' audit log entry - userManagementService.logUserCreated(user, sysadmin); + userManagementService.saveUser(user); - log.debug("user: " + user.toString()); - } + // make 'create user' audit log entry + userManagementService.logUserCreated(user, sysadmin); + + log.debug("user: " + user.toString()); } } } @@ -296,7 +296,7 @@ response.sendError(HttpServletResponse.SC_FORBIDDEN, "Only Sysadmin has edit permisions"); return null; } - + User sysadmin = (User) userManagementService.findById(User.class, loggeduserId); String password = WebUtil.readStrParam(request, "password"); @@ -317,13 +317,8 @@ if (errorMap.isEmpty()) { User user = (User) userManagementService.findById(User.class, userId); - String salt = HashUtil.salt(); - String passwordHash = HashUtil.sha256(password, salt); - user.setSalt(salt); - user.setPassword(passwordHash); - user.setPasswordChangeDate(LocalDateTime.now()); + userManagementService.updatePassword(user, password); userManagementService.logPasswordChanged(user, sysadmin); - userManagementService.saveUser(user); return "forward:/user/edit.do"; } request.setAttribute("errorMap", errorMap); Index: lams_central/src/java/org/lamsfoundation/lams/web/ForgotPasswordServlet.java =================================================================== diff -u -r139e91caa1fc95af99802e31cb3a4b57ef7ebc5e -r4c272c96c3885f945357ffff697c662ff04d2e75 --- lams_central/src/java/org/lamsfoundation/lams/web/ForgotPasswordServlet.java (.../ForgotPasswordServlet.java) (revision 139e91caa1fc95af99802e31cb3a4b57ef7ebc5e) +++ lams_central/src/java/org/lamsfoundation/lams/web/ForgotPasswordServlet.java (.../ForgotPasswordServlet.java) (revision 4c272c96c3885f945357ffff697c662ff04d2e75) @@ -244,7 +244,7 @@ if (now < cutoffTime) { User user = (User) userManagementService.findById(User.class, fp.getUserId()); - userManagementService.updatePassword(user.getLogin(), newPassword); + userManagementService.updatePassword(user, newPassword); userManagementService.logPasswordChanged(user, user); languageKey = ForgotPasswordServlet.SUCCESS_CHANGE_PASS; Index: lams_central/src/java/org/lamsfoundation/lams/web/PasswordChangeController.java =================================================================== diff -u -r8ebe651ed3972b4e53c75dd45e9f0ba1f9b63b3d -r4c272c96c3885f945357ffff697c662ff04d2e75 --- lams_central/src/java/org/lamsfoundation/lams/web/PasswordChangeController.java (.../PasswordChangeController.java) (revision 8ebe651ed3972b4e53c75dd45e9f0ba1f9b63b3d) +++ lams_central/src/java/org/lamsfoundation/lams/web/PasswordChangeController.java (.../PasswordChangeController.java) (revision 4c272c96c3885f945357ffff697c662ff04d2e75) @@ -23,8 +23,6 @@ package org.lamsfoundation.lams.web; -import java.time.LocalDateTime; - import javax.servlet.http.HttpServletRequest; import org.apache.log4j.Logger; @@ -111,12 +109,7 @@ } if (errorMap.isEmpty()) { - String salt = HashUtil.salt(); - user.setSalt(salt); - user.setPassword(HashUtil.sha256(password, salt)); - user.setChangePassword(false); - user.setPasswordChangeDate(LocalDateTime.now()); - userManagementService.saveUser(user); + userManagementService.updatePassword(user, password); // make 'password changed' audit log entry String[] args = new String[1]; Index: lams_central/src/java/org/lamsfoundation/lams/web/controller/SignupController.java =================================================================== diff -u -rf2ad75cef0c507a64877942631fee13efbc6ed50 -r4c272c96c3885f945357ffff697c662ff04d2e75 --- lams_central/src/java/org/lamsfoundation/lams/web/controller/SignupController.java (.../SignupController.java) (revision f2ad75cef0c507a64877942631fee13efbc6ed50) +++ lams_central/src/java/org/lamsfoundation/lams/web/controller/SignupController.java (.../SignupController.java) (revision 4c272c96c3885f945357ffff697c662ff04d2e75) @@ -2,6 +2,7 @@ import java.io.UnsupportedEncodingException; import java.net.URLEncoder; +import java.time.LocalDateTime; import javax.mail.MessagingException; import javax.mail.internet.AddressException; @@ -91,6 +92,7 @@ String salt = HashUtil.salt(); user.setSalt(salt); user.setPassword(HashUtil.sha256(signupForm.getPassword(), salt)); + user.setPasswordChangeDate(LocalDateTime.now()); if (emailVerify) { user.setEmailVerified(false); user.setDisabledFlag(true); Index: lams_common/src/java/org/lamsfoundation/lams/usermanagement/service/IUserManagementService.java =================================================================== diff -u -rf4051aee3b6cf552e0e4e3d4afa5ab4961c344af -r4c272c96c3885f945357ffff697c662ff04d2e75 --- lams_common/src/java/org/lamsfoundation/lams/usermanagement/service/IUserManagementService.java (.../IUserManagementService.java) (revision f4051aee3b6cf552e0e4e3d4afa5ab4961c344af) +++ lams_common/src/java/org/lamsfoundation/lams/usermanagement/service/IUserManagementService.java (.../IUserManagementService.java) (revision 4c272c96c3885f945357ffff697c662ff04d2e75) @@ -265,17 +265,10 @@ * @return the User */ User getUserByLogin(String login); - + User getUserById(Integer userId); - /** - * @param login - * user's login - * @param password - * new password - * @return void - */ - void updatePassword(String login, String password); + void updatePassword(User user, String password); /** * @param userId Index: lams_common/src/java/org/lamsfoundation/lams/usermanagement/service/UserManagementService.java =================================================================== diff -u -r8ebe651ed3972b4e53c75dd45e9f0ba1f9b63b3d -r4c272c96c3885f945357ffff697c662ff04d2e75 --- lams_common/src/java/org/lamsfoundation/lams/usermanagement/service/UserManagementService.java (.../UserManagementService.java) (revision 8ebe651ed3972b4e53c75dd45e9f0ba1f9b63b3d) +++ lams_common/src/java/org/lamsfoundation/lams/usermanagement/service/UserManagementService.java (.../UserManagementService.java) (revision 4c272c96c3885f945357ffff697c662ff04d2e75) @@ -406,9 +406,8 @@ } @Override - public void updatePassword(String login, String password) { + public void updatePassword(User user, String password) { try { - User user = getUserByLogin(login); String salt = HashUtil.salt(); user.setSalt(salt); user.setPassword(HashUtil.sha256(password, salt));