Move password logic to manager

2025-11-12 08:25:44 +01:00 · 2018-10-17 11:58:37 +02:00
parent 24b1241ed7
commit 9bfb2cdadb
24 changed files with 285 additions and 218 deletions
--- a/scm-webapp/src/main/java/sonia/scm/user/DefaultUserManager.java
+++ b/scm-webapp/src/main/java/sonia/scm/user/DefaultUserManager.java
@@ -33,12 +33,10 @@

 package sonia.scm.user;

-//~--- non-JDK imports --------------------------------------------------------
-
 import com.github.sdorra.ssp.PermissionActionCheck;
-import com.github.sdorra.ssp.PermissionCheck;
 import com.google.inject.Inject;
 import com.google.inject.Singleton;
+import org.apache.shiro.SecurityUtils;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import sonia.scm.AlreadyExistsException;
@@ -64,9 +62,6 @@ import java.util.Collection;
 import java.util.Collections;
 import java.util.Comparator;
 import java.util.List;
-import java.util.function.Function;
-
-//~--- JDK imports ------------------------------------------------------------

 /**
 *
@@ -196,15 +191,10 @@ public class DefaultUserManager extends AbstractUserManager
   */
  @Override
  public void modify(User user) {
-    modify(user,UserPermissions::modify);
-  }
-
-  @Override
-  public void modify(User user, Function<User, PermissionCheck> permissionChecker) {
    logger.info("modify user {} of type {}", user.getName(), user.getType());
    managerDaoAdapter.modify(
      user,
-      permissionChecker,
+      UserPermissions::modify,
      notModified -> fireEvent(HandlerEventType.BEFORE_MODIFY, user, notModified),
      notModified -> fireEvent(HandlerEventType.MODIFY, user, notModified));
  }
@@ -408,6 +398,36 @@ public class DefaultUserManager extends AbstractUserManager

  //~--- methods --------------------------------------------------------------

+  @Override
+  public void changePasswordForLoggedInUser(String oldPassword, String newPassword) {
+    User user = get((String) SecurityUtils.getSubject().getPrincipals().getPrimaryPrincipal());
+
+    if (!user.getPassword().equals(oldPassword)) {
+      throw new InvalidPasswordException();
+    }
+
+    user.setPassword(newPassword);
+
+    managerDaoAdapter.modify(
+      user,
+      UserPermissions::changePassword,
+      notModified -> fireEvent(HandlerEventType.BEFORE_MODIFY, user, notModified),
+      notModified -> fireEvent(HandlerEventType.MODIFY, user, notModified));
+  }
+
+  @Override
+  public void overwritePassword(String userId, String newPassword) {
+    User user = get(userId);
+    if (user == null) {
+      throw new NotFoundException();
+    }
+    if (!isTypeDefault(user)) {
+      throw new ChangePasswordNotAllowedException(user.getType());
+    }
+    user.setPassword(newPassword);
+    this.modify(user);
+  }
+
  /**
   * Method description
   *