Encrypt password

scm-webapp/src/main/java/sonia/scm/api/rest/resources/User2UserDtoMapper.java

@@ -12,12 +12,15 @@ import java.util.LinkedHashMap;
 import java.util.Map;
 
 @Mapper
-public abstract class UserMapper {
+public abstract class User2UserDtoMapper {
-  public static UserMapper INSTANCE = Mappers.getMapper(UserMapper.class);
+  public static User2UserDtoMapper INSTANCE = Mappers.getMapper(User2UserDtoMapper.class);
 
   abstract public UserDto userToUserDto(User user, @Context UriInfo uriInfo);
 
-  abstract public User userDtoToUser(UserDto user, @Context UriInfo uriInfo);
+  @AfterMapping
+  public void removePassword(User source, @MappingTarget UserDto target, @Context UriInfo uriInfo) {
+    target.setPassword(UserResource.DUMMY_PASSWORT);
+  }
 
   @AfterMapping
   public void appendLinks(User source, @MappingTarget UserDto target, @Context UriInfo uriInfo) {

scm-webapp/src/main/java/sonia/scm/api/rest/resources/UserDto2UserMapper.java

@@ -0,0 +1,34 @@
+package sonia.scm.api.rest.resources;
+
+import org.apache.shiro.authc.credential.PasswordService;
+import org.mapstruct.Context;
+import org.mapstruct.Mapper;
+import org.mapstruct.Mapping;
+import org.mapstruct.Named;
+import org.mapstruct.factory.Mappers;
+import sonia.scm.user.User;
+
+import static sonia.scm.api.rest.resources.UserResource.DUMMY_PASSWORT;
+
+@Mapper
+public abstract class UserDto2UserMapper {
+
+  public static UserDto2UserMapper INSTANCE = Mappers.getMapper(UserDto2UserMapper.class);
+
+  @Mapping(source = "password", target = "password", qualifiedByName = "encrypt")
+  abstract public User userDtoToUser(UserDto userDto, @Context String originalPassword, @Context PasswordService passwordService);
+
+  @Named("encrypt")
+  public String encrypt(String password, @Context String originalPassword, @Context PasswordService passwordService) {
+
+    if (DUMMY_PASSWORT.equals(password))
+    {
+      return originalPassword;
+    }
+    else
+    {
+      return passwordService.encryptPassword(password);
+    }
+
+  }
+}

scm-webapp/src/main/java/sonia/scm/api/rest/resources/UserNewResource.java

@@ -6,6 +6,7 @@ import com.webcohesion.enunciate.metadata.rs.ResponseCode;
 import com.webcohesion.enunciate.metadata.rs.StatusCodes;
 import com.webcohesion.enunciate.metadata.rs.TypeHint;
 import org.apache.shiro.SecurityUtils;
+import org.apache.shiro.authc.credential.PasswordService;
 import sonia.scm.security.Role;
 import sonia.scm.user.User;
 import sonia.scm.user.UserException;
@@ -24,9 +25,12 @@ public class UserNewResource extends AbstractManagerResource<User, UserException
   /** Field description */
   public static final String PATH_PART = "usersnew";
 
+  private final PasswordService passwordService;
+
   @Inject
-  public UserNewResource(UserManager userManager) {
+  public UserNewResource(UserManager userManager, PasswordService passwordService) {
     super(userManager);
+    this.passwordService = passwordService;
   }
 
   @Override
@@ -59,7 +63,7 @@ public class UserNewResource extends AbstractManagerResource<User, UserException
     if (SecurityUtils.getSubject().hasRole(Role.ADMIN))
     {
       User user = manager.get(id);
-      UserDto userDto = UserMapper.INSTANCE.userToUserDto(user, uriInfo);
+      UserDto userDto = User2UserDtoMapper.INSTANCE.userToUserDto(user, uriInfo);
       return Response.ok(userDto).build();
     }
     else
@@ -94,7 +98,7 @@ public class UserNewResource extends AbstractManagerResource<User, UserException
                          @QueryParam("desc") boolean desc)
   {
     Collection<User> items = fetchItems(sortby, desc, start, limit);
-    items.stream().map(user -> UserMapper.INSTANCE.userToUserDto(user, uriInfo)).collect(Collectors.toList());
+    items.stream().map(user -> User2UserDtoMapper.INSTANCE.userToUserDto(user, uriInfo)).collect(Collectors.toList());
     return Response.ok(new GenericEntity<Collection<User>>(items) {}).build();
   }
 
@@ -110,7 +114,8 @@ public class UserNewResource extends AbstractManagerResource<User, UserException
   public Response update(@Context UriInfo uriInfo,
                          @PathParam("id") String name, UserDto userDto)
   {
-    User user = UserMapper.INSTANCE.userDtoToUser(userDto, uriInfo);
+    User o = manager.get(name);
+    User user = UserDto2UserMapper.INSTANCE.userDtoToUser(userDto, o.getPassword(), passwordService);
     return super.update(name, user);
   }
 }

scm-webapp/src/test/java/sonia/scm/api/rest/resources/User2UserDtoMapperTest.java

@@ -9,13 +9,13 @@ import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.assertNotNull;
 import static org.mockito.Mockito.mock;
 
-public class UserMapperTest {
+public class User2UserDtoMapperTest {
 
   @Test
   public void shouldMapLinks() {
     User user = new User();
     user.setName("abc");
-    UserDto userDto = UserMapper.INSTANCE.userToUserDto(user, mock(UriInfo.class));
+    UserDto userDto = User2UserDtoMapper.INSTANCE.userToUserDto(user, mock(UriInfo.class));
     assertEquals("abc" , userDto.getName());
     assertNotNull("expected map with links", userDto.getLinks());
   }