Nemcio/SCM-Manager
1
0
Fork 0
mirror of https://github.com/scm-manager/scm-manager.git synced 2025-11-12 00:15:44 +01:00
Code Issues Packages Projects Releases Activity

replace scm-manager 1.x security api with apache shiro and use PasswordService for stronger password hashes

Browse Source
This commit is contained in:
Sebastian Sdorra
2014-12-14 12:26:03 +01:00
parent 876f501644
commit 4fa8e6e88a
32 changed files with 661 additions and 3974 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
scm-webapp/src/main/java/sonia/scm/api/rest/resources/ChangePasswordResource.java
View File

@@ -38,6 +38,7 @@ package sonia.scm.api.rest.resources;
import com.google.inject.Inject;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.credential.PasswordService;
import org.apache.shiro.subject.Subject;
import org.codehaus.enunciate.jaxrs.TypeHint;
@@ -47,7 +48,7 @@ import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import sonia.scm.api.rest.RestActionResult;
import sonia.scm.security.EncryptionHandler;
import sonia.scm.security.Role;
import sonia.scm.security.ScmSecurityException;
import sonia.scm.user.User;
import sonia.scm.user.UserException;
@@ -65,7 +66,6 @@ import javax.ws.rs.Produces;
import javax.ws.rs.WebApplicationException;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;
import sonia.scm.security.Role;
/**
*
@@ -88,14 +88,13 @@ public class ChangePasswordResource
*
* @param userManager
* @param encryptionHandler
* @param securityContextProvider
*/
@Inject
public ChangePasswordResource(UserManager userManager,
EncryptionHandler encryptionHandler)
PasswordService encryptionHandler)
{
this.userManager = userManager;
this.encryptionHandler = encryptionHandler;
this.passwordService = encryptionHandler;
}
//~--- methods --------------------------------------------------------------
@@ -155,9 +154,9 @@ public class ChangePasswordResource
{
User dbUser = userManager.get(currentUser.getName());
if (encryptionHandler.encrypt(oldPassword).equals(dbUser.getPassword()))
if (passwordService.passwordsMatch(oldPassword, dbUser.getPassword()))
{
dbUser.setPassword(encryptionHandler.encrypt(newPassword));
dbUser.setPassword(passwordService.encryptPassword(newPassword));
userManager.modify(dbUser);
response = Response.ok(new RestActionResult(true)).build();
}
@@ -183,8 +182,8 @@ public class ChangePasswordResource
//~--- fields ---------------------------------------------------------------
/** Field description */
private EncryptionHandler encryptionHandler;
private final PasswordService passwordService;
/** Field description */
private UserManager userManager;
private final UserManager userManager;
}

14
scm-webapp/src/main/java/sonia/scm/api/rest/resources/UserResource.java
View File

@@ -39,11 +39,11 @@ import com.google.inject.Inject;
import com.google.inject.Singleton;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.credential.PasswordService;
import org.codehaus.enunciate.jaxrs.TypeHint;
import org.codehaus.enunciate.modules.jersey.ExternallyManagedLifecycle;
import sonia.scm.security.EncryptionHandler;
import sonia.scm.security.Role;
import sonia.scm.user.User;
import sonia.scm.user.UserException;
@@ -95,15 +95,13 @@ public class UserResource extends AbstractManagerResource<User, UserException>
*
*
* @param userManager
* @param encryptionHandler
* @param securityContextProvider
* @param passwordService
*/
@Inject
public UserResource(UserManager userManager,
EncryptionHandler encryptionHandler)
public UserResource(UserManager userManager, PasswordService passwordService)
{
super(userManager);
this.encryptionHandler = encryptionHandler;
this.passwordService = passwordService;
}
//~--- methods --------------------------------------------------------------
@@ -386,12 +384,12 @@ public class UserResource extends AbstractManagerResource<User, UserException>
if (Util.isNotEmpty(password))
{
user.setPassword(encryptionHandler.encrypt(password));
user.setPassword(passwordService.encryptPassword(password));
}
}
//~--- fields ---------------------------------------------------------------
/** Field description */
private EncryptionHandler encryptionHandler;
private PasswordService passwordService;
}