litvinovg/vitro
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

NIHVIVO-1385 Use a ChangeListener instead of a PreProcessor to encode the User's password when needed.

Browse source
This commit is contained in:
jeb228 2011-02-18 22:31:00 +00:00
parent 029465e4de
commit 8e554c3975
1 changed files with 101 additions and 18 deletions
Download patch file Download diff file Expand all files Collapse all files

119
webapp/src/edu/cornell/mannlib/vitro/webapp/controller/edit/UserRetryController.java
View file

@ -23,7 +23,7 @@ import edu.cornell.mannlib.vedit.beans.Option;
import edu.cornell.mannlib.vedit.controller.BaseEditController; import edu.cornell.mannlib.vedit.controller.BaseEditController;
import edu.cornell.mannlib.vedit.forwarder.PageForwarder; import edu.cornell.mannlib.vedit.forwarder.PageForwarder;
import edu.cornell.mannlib.vedit.forwarder.impl.UrlForwarder; import edu.cornell.mannlib.vedit.forwarder.impl.UrlForwarder;
import edu.cornell.mannlib.vedit.listener.EditPreProcessor; import edu.cornell.mannlib.vedit.listener.ChangeListener;
import edu.cornell.mannlib.vedit.util.FormUtils; import edu.cornell.mannlib.vedit.util.FormUtils;
import edu.cornell.mannlib.vedit.validator.ValidationObject; import edu.cornell.mannlib.vedit.validator.ValidationObject;
import edu.cornell.mannlib.vedit.validator.Validator; import edu.cornell.mannlib.vedit.validator.Validator;
@ -101,9 +101,9 @@ public class UserRetryController extends BaseEditController {
epo.setValidatorMap(validatorMap); epo.setValidatorMap(validatorMap);
//preprocessors //preprocessors
epo.setPreProcessorList(Collections.singletonList(new UserPasswordPreProcessor()));
//set up any listeners //set up any listeners
epo.setChangeListenerList(Collections.singletonList(new UserPasswordChangeListener()));
//set portal flag to current portal //set portal flag to current portal
Portal currPortal = (Portal) request.getAttribute("portalBean"); Portal currPortal = (Portal) request.getAttribute("portalBean");
@ -282,28 +282,111 @@ public class UserRetryController extends BaseEditController {
} }
} }
} }
/** /**
* The "Md5password" field from the form is actually in clear text. Pull the * When a new password is created, encode it.
* raw version from the {@link User} and replce it with an encoded one. */
*/ class UserPasswordChangeListener implements ChangeListener {
class UserPasswordPreProcessor implements EditPreProcessor { /**
* Encode the password for a new user.
*/
@Override @Override
public void process(Object o, EditProcessObject epo) { public void doInserted(Object newObj, EditProcessObject epo) {
if (!(o instanceof User)) { try {
log.error("Can't apply password encoding without a User object: " User newUser = convertToUser(newObj);
+ o); UserDao userDao = getUserDaoFromEPO(epo);
return; encodePasswordAndUpdateUser("insert", newUser, userDao);
} catch (PwException e) {
log.error(e.getMessage());
} }
User user = (User) o; }
/**
* Encode the password for an updated user, if it has changed.
*/
@Override
public void doUpdated(Object oldObj, Object newObj,
EditProcessObject epo) {
try {
User newUser = convertToUser(newObj);
User oldUser = convertToUser(oldObj);
UserDao userDao = getUserDaoFromEPO(epo);
if (passwordHasChanged(newUser, oldUser)) {
encodePasswordAndUpdateUser("update", newUser, userDao);
} else {
log.debug("update: password has not changed.");
}
} catch (PwException e) {
log.error(e.getMessage());
}
}
/**
* Do nothing for a deleted user.
*/
@Override
public void doDeleted(Object oldObj, EditProcessObject epo) {
log.debug("delete: nothing to do");
}
private User convertToUser(Object o) throws PwException {
if (o instanceof User) {
return (User) o;
} else {
throw new PwException("Can't apply password encoding without a "
+ "User object: " + o);
}
}
private UserDao getUserDaoFromEPO(EditProcessObject epo)
throws PwException {
if (epo == null) {
throw new PwException(
"Can't apply password encoding without an "
+ "EditProcessObject");
}
Object dao = epo.getDataAccessObject();
if (dao instanceof UserDao) {
return (UserDao) dao;
} else {
throw new PwException(
"Can't apply password encoding without a "
+ "UserDao object: " + dao);
}
}
private boolean passwordHasChanged(User newUser, User oldUser)
throws PwException {
String newPw = newUser.getMd5password();
String oldPw = oldUser.getMd5password();
if (newPw == null) {
throw new PwException("Can't encode a null password");
}
return !newPw.equals(oldPw);
}
private void encodePasswordAndUpdateUser(String action, User user, UserDao userDao) {
String rawPassword = user.getMd5password(); String rawPassword = user.getMd5password();
if (rawPassword == null) {
log.error("Can't encode a null password");
}
String encodedPassword = Authenticate.applyMd5Encoding(rawPassword); String encodedPassword = Authenticate.applyMd5Encoding(rawPassword);
log.trace(action + ": Raw password '" + rawPassword
+ "', encoded '" + encodedPassword + "'");
log.trace("Raw password '" + rawPassword + "', encoded '"
+ encodedPassword + "'");
user.setMd5password(encodedPassword); user.setMd5password(encodedPassword);
userDao.updateUser(user);
} }
} }
class PwException extends Exception {
public PwException(String message) {
super(message);
}
}
} }