hazza/DSpace
1
0
Fork 0
mirror of https://github.com/DSpace/DSpace.git synced 2025-10-10 03:23:13 +00:00
Code Issues Packages Projects Releases Wiki Activity

[CST-6152] Renamed challenge to currentPassword

Browse Source
This commit is contained in:
Luca Giamminonni
2022-09-20 15:29:20 +02:00
parent 04c8e0d7c4
commit f2eb9c55b4
16 changed files with 66 additions and 56 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
dspace-api/src/main/java/org/dspace/authenticate/AuthenticationMethod.java
View File

@@ -226,12 +226,13 @@ public interface AuthenticationMethod {
public boolean isUsed(Context context, HttpServletRequest request);
/**
* Check if the given challenge is valid to change the password of the given
* ePerson
* Check if the given current password is valid to change the password of the
* given ePerson
* @param context The DSpace context
* @param ePerson the ePerson related to the password change
* @param challenge The challenge to check
* @return true if challenge matches with current password
* @param currentPassword The current password to check
* @return true if the provided password matches with current
* password
*/
public boolean canChangePassword(Context context, EPerson ePerson, String challenge);
public boolean canChangePassword(Context context, EPerson ePerson, String currentPassword);
}

4
dspace-api/src/main/java/org/dspace/authenticate/AuthenticationServiceImpl.java
View File

@@ -209,11 +209,11 @@ public class AuthenticationServiceImpl implements AuthenticationService {
}
@Override
public boolean canChangePassword(Context context, EPerson ePerson, String challenge) {
public boolean canChangePassword(Context context, EPerson ePerson, String currentPassword) {
for (AuthenticationMethod method : getAuthenticationMethodStack()) {
if (method.getName().equals(context.getAuthenticationMethod())) {
return method.canChangePassword(context, ePerson, challenge);
return method.canChangePassword(context, ePerson, currentPassword);
}
}

2
dspace-api/src/main/java/org/dspace/authenticate/IPAuthentication.java
View File

@@ -280,7 +280,7 @@ public class IPAuthentication implements AuthenticationMethod {
}
@Override
public boolean canChangePassword(Context context, EPerson ePerson, String challenge) {
public boolean canChangePassword(Context context, EPerson ePerson, String currentPassword) {
return false;
}
}

2
dspace-api/src/main/java/org/dspace/authenticate/LDAPAuthentication.java
View File

@@ -754,7 +754,7 @@ public class LDAPAuthentication
}
@Override
public boolean canChangePassword(Context context, EPerson ePerson, String challenge) {
public boolean canChangePassword(Context context, EPerson ePerson, String currentPassword) {
return false;
}
}

2
dspace-api/src/main/java/org/dspace/authenticate/OidcAuthentication.java
View File

@@ -87,7 +87,7 @@ public class OidcAuthentication implements AuthenticationMethod {
}
@Override
public boolean canChangePassword(Context context, EPerson ePerson, String challenge) {
public boolean canChangePassword(Context context, EPerson ePerson, String currentPassword) {
return false;
}

2
dspace-api/src/main/java/org/dspace/authenticate/OidcAuthenticationBean.java
View File

@@ -295,7 +295,7 @@ public class OidcAuthenticationBean implements AuthenticationMethod {
}
@Override
public boolean canChangePassword(Context context, EPerson ePerson, String challenge) {
public boolean canChangePassword(Context context, EPerson ePerson, String currentPassword) {
return false;
}

2
dspace-api/src/main/java/org/dspace/authenticate/OrcidAuthentication.java
View File

@@ -102,7 +102,7 @@ public class OrcidAuthentication implements AuthenticationMethod {
}
@Override
public boolean canChangePassword(Context context, EPerson ePerson, String challenge) {
public boolean canChangePassword(Context context, EPerson ePerson, String currentPassword) {
return false;
}

2
dspace-api/src/main/java/org/dspace/authenticate/OrcidAuthenticationBean.java
View File

@@ -124,7 +124,7 @@ public class OrcidAuthenticationBean implements AuthenticationMethod {
}
@Override
public boolean canChangePassword(Context context, EPerson ePerson, String challenge) {
public boolean canChangePassword(Context context, EPerson ePerson, String currentPassword) {
return false;
}

4
dspace-api/src/main/java/org/dspace/authenticate/PasswordAuthentication.java
View File

@@ -269,10 +269,10 @@ public class PasswordAuthentication
}
@Override
public boolean canChangePassword(Context context, EPerson ePerson, String challenge) {
public boolean canChangePassword(Context context, EPerson ePerson, String currentPassword) {
if (context == null || ePerson == null) {
return false;
}
return ePersonService.checkPassword(context, ePerson, challenge);
return ePersonService.checkPassword(context, ePerson, currentPassword);
}
}

2
dspace-api/src/main/java/org/dspace/authenticate/ShibAuthentication.java
View File

@@ -1278,7 +1278,7 @@ public class ShibAuthentication implements AuthenticationMethod {
}
@Override
public boolean canChangePassword(Context context, EPerson ePerson, String challenge) {
public boolean canChangePassword(Context context, EPerson ePerson, String currentPassword) {
return false;
}
}

2
dspace-api/src/main/java/org/dspace/authenticate/X509Authentication.java
View File

@@ -610,7 +610,7 @@ public class X509Authentication implements AuthenticationMethod {
}
@Override
public boolean canChangePassword(Context context, EPerson ePerson, String challenge) {
public boolean canChangePassword(Context context, EPerson ePerson, String currentPassword) {
return false;
}
}

11
dspace-api/src/main/java/org/dspace/authenticate/service/AuthenticationService.java
View File

@@ -178,10 +178,15 @@ public interface AuthenticationService {
public String getAuthenticationMethod(Context context, HttpServletRequest request);
/**
* Check if the given current password is valid to change the password of the
* given ePerson.
*
* @param context The DSpace context
* @param challenge The current password of the user
* @return true if challenge matches with current password
* @param ePerson the ePerson related to the password change
* @param currentPassword The current password to check
* @return true if the provided password matches with current
* password
*/
public boolean canChangePassword(Context context, EPerson ePerson, String challenge);
public boolean canChangePassword(Context context, EPerson ePerson, String currentPassword);
}

2
dspace-server-webapp/src/main/java/org/dspace/app/rest/exception/DSpaceApiExceptionControllerAdvice.java
View File

@@ -190,7 +190,7 @@ public class DSpaceApiExceptionControllerAdvice extends ResponseEntityExceptionH
HttpStatus.BAD_REQUEST.value());
}
@ExceptionHandler({InvalidPasswordChallengeException.class})
@ExceptionHandler({WrongCurrentPasswordException.class})
protected void handleInvalidPasswordException(HttpServletRequest request, HttpServletResponse response,
Exception ex) throws IOException {
sendErrorResponse(request, response, ex, ex.getMessage(), HttpServletResponse.SC_FORBIDDEN);

6
dspace-server-webapp/src/main/java/org/dspace/app/rest/exception/InvalidPasswordChallengeException.java → dspace-server-webapp/src/main/java/org/dspace/app/rest/exception/WrongCurrentPasswordException.java
View File

@@ -8,15 +8,15 @@
package org.dspace.app.rest.exception;
/**
* This exception is thrown when the password challenge of user is invalid.
* This exception is thrown when the provided current password is wrong.
*
* @author Mohamed Eskander (mohamed.eskander at 4science.it)
*/
public class InvalidPasswordChallengeException extends RuntimeException {
public class WrongCurrentPasswordException extends RuntimeException {
private static final long serialVersionUID = 7774965236190392985L;
public InvalidPasswordChallengeException(String message) {
public WrongCurrentPasswordException(String message) {
super(message);
}

50
dspace-server-webapp/src/main/java/org/dspace/app/rest/repository/patch/operation/EPersonPasswordAddOperation.java
View File

@@ -10,11 +10,12 @@ package org.dspace.app.rest.repository.patch.operation;
import java.sql.SQLException;
import java.util.Optional;
import com.fasterxml.jackson.annotation.JsonProperty;
import org.apache.commons.lang3.StringUtils;
import org.apache.logging.log4j.Logger;
import org.dspace.app.rest.exception.DSpaceBadRequestException;
import org.dspace.app.rest.exception.InvalidPasswordChallengeException;
import org.dspace.app.rest.exception.UnprocessableEntityException;
import org.dspace.app.rest.exception.WrongCurrentPasswordException;
import org.dspace.app.rest.model.patch.JsonValueEvaluator;
import org.dspace.app.rest.model.patch.Operation;
import org.dspace.app.util.AuthorizeUtil;
@@ -31,13 +32,14 @@ import org.springframework.security.access.AccessDeniedException;
import org.springframework.stereotype.Component;
/**
* Implementation for EPerson password patches. This Add Operation will add a new password the an eperson if it had
* no password before, or will replace the existing password with the new value.
* Implementation for EPerson password patches. This Add Operation will add a
* new password the an eperson if it had no password before, or will replace the
* existing password with the new value.
*
* Example: <code>
* curl -X PATCH http://${dspace.server.url}/api/epersons/eperson/<:id-eperson> -H "
* Content-Type: application/json" -d '[{ "op": "add", "path": "
* /password", "value": {"password": "newpassword", "challenge": "currentpassword"}]'
* /password", "value": {"new_password": "newpassword", "current_password": "currentpassword"}]'
* </code>
*/
@Component
@@ -70,7 +72,7 @@ public class EPersonPasswordAddOperation<R> extends PatchOperation<R> {
PasswordVO passwordVO = parseOperationValue(operation);
String newPassword = passwordVO.getPassword()
String newPassword = passwordVO.getNewPassword()
.orElseThrow(() -> new DSpaceBadRequestException("No password provided"));
EPerson eperson = (EPerson) object;
@@ -83,7 +85,7 @@ public class EPersonPasswordAddOperation<R> extends PatchOperation<R> {
if (StringUtils.isNotBlank(token)) {
verifyAndDeleteToken(context, eperson, token, operation);
} else if (eperson.hasPasswordSet()) {
verifyChallenge(context, eperson, passwordVO);
verifyCurrentPassword(context, eperson, passwordVO);
}
ePersonService.setPassword(eperson, newPassword);
@@ -123,14 +125,14 @@ public class EPersonPasswordAddOperation<R> extends PatchOperation<R> {
}
}
private void verifyChallenge(Context context, EPerson eperson, PasswordVO passwordVO) {
private void verifyCurrentPassword(Context context, EPerson eperson, PasswordVO passwordVO) {
String challenge = passwordVO.getChallenge()
.orElseThrow(() -> new InvalidPasswordChallengeException("No challenge provided"));
String currentPassword = passwordVO.getCurrentPassword()
.orElseThrow(() -> new WrongCurrentPasswordException("No current password provided"));
boolean canChangePassword = authenticationService.canChangePassword(context, eperson, challenge);
boolean canChangePassword = authenticationService.canChangePassword(context, eperson, currentPassword);
if (!canChangePassword) {
throw new InvalidPasswordChallengeException("The provided challenge is not valid");
throw new WrongCurrentPasswordException("The provided password is wrong");
}
}
@@ -142,32 +144,34 @@ public class EPersonPasswordAddOperation<R> extends PatchOperation<R> {
}
/**
* Value object that stores the new password to set and the challange to verify.
* This object models the value of the operation.
* Value object that stores the new password to set and the current password to
* verify. This object models the value of the operation.
*
* @author Luca Giamminonni (luca.giamminonni at 4science.it)
*
*/
public static class PasswordVO {
private String password;
@JsonProperty("new_password")
private String newPassword;
private String challenge;
@JsonProperty("current_password")
private String currentPassword;
public Optional<String> getPassword() {
return Optional.ofNullable(password);
public Optional<String> getNewPassword() {
return Optional.ofNullable(newPassword);
}
public void setPassword(String password) {
this.password = password;
public void setNewPassword(String newPassword) {
this.newPassword = newPassword;
}
public Optional<String> getChallenge() {
return Optional.ofNullable(challenge);
public Optional<String> getCurrentPassword() {
return Optional.ofNullable(currentPassword);
}
public void setChallenge(String challenge) {
this.challenge = challenge;
public void setCurrentPassword(String currentPassword) {
this.currentPassword = currentPassword;
}
}

12
dspace-server-webapp/src/test/java/org/dspace/app/rest/EPersonRestRepositoryIT.java
View File

@@ -3141,7 +3141,7 @@ public class EPersonRestRepositoryIT extends AbstractControllerIntegrationTest {
}
@Test
public void patchChangePasswordWithWrongChallenge() throws Exception {
public void patchChangePasswordWithWrongCurrentPassword() throws Exception {
context.turnOffAuthorisationSystem();
@@ -3166,7 +3166,7 @@ public class EPersonRestRepositoryIT extends AbstractControllerIntegrationTest {
}
@Test
public void patchChangePasswordWithNoChallenge() throws Exception {
public void patchChangePasswordWithNoCurrentPassword() throws Exception {
context.turnOffAuthorisationSystem();
@@ -3189,14 +3189,14 @@ public class EPersonRestRepositoryIT extends AbstractControllerIntegrationTest {
.andExpect(status().isForbidden());
}
private String buildPasswordAddOperationPatchBody(String password, String challenge) {
private String buildPasswordAddOperationPatchBody(String password, String currentPassword) {
Map<String, String> value = new HashMap<>();
if (password != null) {
value.put("password", password);
value.put("new_password", password);
}
if (challenge != null) {
value.put("challenge", challenge);
if (currentPassword != null) {
value.put("current_password", currentPassword);
}
return getPatchContent(List.of(new AddOperation("/password", value)));