diff --git a/gradle.properties b/gradle.properties index 75cb728ed..b8a82db7d 100644 --- a/gradle.properties +++ b/gradle.properties @@ -1,6 +1,6 @@ #maxkey properties group =maxkey.top -version =2.8.1 +version =2.8.2 vendor =https://www.maxkey.top author =MaxKeyTop #maxkey used jars version diff --git a/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/realm/AbstractAuthenticationRealm.java b/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/realm/AbstractAuthenticationRealm.java index 92d8580b0..f9e152cbe 100644 --- a/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/realm/AbstractAuthenticationRealm.java +++ b/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/realm/AbstractAuthenticationRealm.java @@ -26,6 +26,7 @@ import org.maxkey.entity.Groups; import org.maxkey.entity.UserInfo; import org.maxkey.persistence.db.LoginHistoryService; import org.maxkey.persistence.db.PasswordPolicyValidator; +import org.maxkey.persistence.service.UserInfoService; import org.maxkey.persistence.db.LoginService; import org.maxkey.util.DateUtils; import org.maxkey.web.WebConstants; @@ -59,6 +60,8 @@ public abstract class AbstractAuthenticationRealm { protected AbstractAuthenticationRealm ldapAuthenticationRealm; + protected UserInfoService userInfoService; + /** diff --git a/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/realm/jdbc/DefaultJdbcAuthenticationRealm.java b/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/realm/jdbc/DefaultJdbcAuthenticationRealm.java index 92bc0e65b..952c8a06e 100644 --- a/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/realm/jdbc/DefaultJdbcAuthenticationRealm.java +++ b/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/realm/jdbc/DefaultJdbcAuthenticationRealm.java @@ -53,13 +53,25 @@ public class DefaultJdbcAuthenticationRealm extends AbstractAuthenticationRealm */ public boolean passwordMatches(UserInfo userInfo, String password) { boolean passwordMatches = false; - if(ldapSupport) { + //jdbc password check + _logger.debug("password : " + + PasswordReciprocal.getInstance().rawPassword(userInfo.getUsername(), password)); + passwordMatches = passwordEncoder.matches(password,userInfo.getPassword()); + + //passwordMatches == false and ldapSupport ==true + //validate password with LDAP + if(!passwordMatches && ldapSupport) { passwordMatches =this.ldapAuthenticationRealm.passwordMatches(userInfo, password); - }else { - _logger.debug("password : " - + PasswordReciprocal.getInstance().rawPassword(userInfo.getUsername(), password)); - passwordMatches = passwordEncoder.matches(password,userInfo.getPassword()); + if(passwordMatches) { + //init password to local Realm + UserInfo changePasswordUser = new UserInfo(); + changePasswordUser.setId(userInfo.getId()); + changePasswordUser.setUsername(userInfo.getUsername()); + changePasswordUser.setPassword(password); + userInfoService.changePassword(changePasswordUser, false); + } } + _logger.debug("passwordvalid : " + passwordMatches); if (!passwordMatches) { passwordPolicyValidator.setBadPasswordCount(userInfo); diff --git a/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/realm/jdbc/JdbcAuthenticationRealm.java b/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/realm/jdbc/JdbcAuthenticationRealm.java index fcc35e2a4..18ec81e41 100644 --- a/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/realm/jdbc/JdbcAuthenticationRealm.java +++ b/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/realm/jdbc/JdbcAuthenticationRealm.java @@ -22,6 +22,7 @@ import org.maxkey.authn.support.rememberme.AbstractRemeberMeService; import org.maxkey.persistence.db.LoginHistoryService; import org.maxkey.persistence.db.LoginService; import org.maxkey.persistence.db.PasswordPolicyValidator; +import org.maxkey.persistence.service.UserInfoService; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.jdbc.core.JdbcTemplate; @@ -49,6 +50,7 @@ public class JdbcAuthenticationRealm extends DefaultJdbcAuthenticationRealm { LoginService loginService, LoginHistoryService loginHistoryService, AbstractRemeberMeService remeberMeService, + UserInfoService userInfoService, JdbcTemplate jdbcTemplate) { this.passwordEncoder =passwordEncoder; @@ -56,6 +58,7 @@ public class JdbcAuthenticationRealm extends DefaultJdbcAuthenticationRealm { this.loginService = loginService; this.loginHistoryService = loginHistoryService; this.remeberMeService = remeberMeService; + this.userInfoService = userInfoService; this.jdbcTemplate = jdbcTemplate; } @@ -66,6 +69,7 @@ public class JdbcAuthenticationRealm extends DefaultJdbcAuthenticationRealm { LoginService loginService, LoginHistoryService loginHistoryService, AbstractRemeberMeService remeberMeService, + UserInfoService userInfoService, JdbcTemplate jdbcTemplate, AbstractAuthenticationRealm ldapAuthenticationRealm, boolean ldapSupport @@ -78,6 +82,7 @@ public class JdbcAuthenticationRealm extends DefaultJdbcAuthenticationRealm { this.remeberMeService = remeberMeService; this.jdbcTemplate = jdbcTemplate; this.ldapAuthenticationRealm = ldapAuthenticationRealm; + this.userInfoService = userInfoService; this.ldapSupport = ldapSupport; } diff --git a/maxkey-identitys/maxkey-identity-rest/src/main/java/org/maxkey/identity/rest/RestUserInfoController.java b/maxkey-identitys/maxkey-identity-rest/src/main/java/org/maxkey/identity/rest/RestUserInfoController.java index ebaaf373e..a78d7a7cc 100644 --- a/maxkey-identitys/maxkey-identity-rest/src/main/java/org/maxkey/identity/rest/RestUserInfoController.java +++ b/maxkey-identitys/maxkey-identity-rest/src/main/java/org/maxkey/identity/rest/RestUserInfoController.java @@ -80,7 +80,7 @@ public class RestUserInfoController { changePassword.setUsername(username); changePassword.setPassword(password); changePassword.setDecipherable(loadUserInfo.getDecipherable()); - userInfoService.changePassword(changePassword); + userInfoService.changePassword(changePassword,true); } return "true"; } diff --git a/maxkey-persistence/src/main/java/org/maxkey/persistence/service/UserInfoService.java b/maxkey-persistence/src/main/java/org/maxkey/persistence/service/UserInfoService.java index 1d864b5be..0419aafda 100644 --- a/maxkey-persistence/src/main/java/org/maxkey/persistence/service/UserInfoService.java +++ b/maxkey-persistence/src/main/java/org/maxkey/persistence/service/UserInfoService.java @@ -229,7 +229,7 @@ public class UserInfoService extends JpaBaseService { if(newPassword.equals(confirmPassword)){ if(oldPassword==null || passwordEncoder.matches(oldPassword, userInfo.getPassword())){ - if(changePassword(changeUserInfo) ){ + if(changePassword(changeUserInfo,true) ){ userInfo.setPassword(changeUserInfo.getPassword()); userInfo.setDecipherable(changeUserInfo.getDecipherable()); return true; @@ -256,19 +256,18 @@ public class UserInfoService extends JpaBaseService { return false; } - public boolean changePassword(UserInfo changeUserInfo) { + public boolean changePassword(UserInfo changeUserInfo,boolean passwordPolicy) { try { _logger.debug("decipherable old : " + changeUserInfo.getDecipherable()); _logger.debug("decipherable new : " + ReciprocalUtils.encode(PasswordReciprocal.getInstance() .rawPassword(changeUserInfo.getUsername(), changeUserInfo.getPassword()))); - if (passwordPolicyValidator.validator(changeUserInfo) == false) { + if (passwordPolicy && passwordPolicyValidator.validator(changeUserInfo) == false) { return false; } if (WebContext.getUserInfo() != null) { changeUserInfo.setModifiedBy(WebContext.getUserInfo().getId()); - } changeUserInfo = passwordEncoder(changeUserInfo); diff --git a/maxkey-web-manage/src/main/java/org/maxkey/MaxKeyMgtConfig.java b/maxkey-web-manage/src/main/java/org/maxkey/MaxKeyMgtConfig.java index 70006f919..84cb1c5c0 100644 --- a/maxkey-web-manage/src/main/java/org/maxkey/MaxKeyMgtConfig.java +++ b/maxkey-web-manage/src/main/java/org/maxkey/MaxKeyMgtConfig.java @@ -33,6 +33,7 @@ import org.maxkey.persistence.db.LoginService; import org.maxkey.persistence.db.PasswordPolicyValidator; import org.maxkey.persistence.redis.RedisConnectionFactory; import org.maxkey.persistence.service.GroupsService; +import org.maxkey.persistence.service.UserInfoService; import org.opensaml.xml.ConfigurationException; import org.quartz.CronScheduleBuilder; import org.quartz.CronTrigger; @@ -118,6 +119,7 @@ public class MaxKeyMgtConfig implements InitializingBean { LoginService loginService, LoginHistoryService loginHistoryService, AbstractRemeberMeService remeberMeService, + UserInfoService userInfoService, JdbcTemplate jdbcTemplate) { JdbcAuthenticationRealm authenticationRealm = new JdbcAuthenticationRealm( @@ -126,6 +128,7 @@ public class MaxKeyMgtConfig implements InitializingBean { loginService, loginHistoryService, remeberMeService, + userInfoService, jdbcTemplate); _logger.debug("JdbcAuthenticationRealm inited."); diff --git a/maxkey-web-manage/src/main/java/org/maxkey/web/contorller/UserInfoController.java b/maxkey-web-manage/src/main/java/org/maxkey/web/contorller/UserInfoController.java index 08c730c4a..7fe6da581 100644 --- a/maxkey-web-manage/src/main/java/org/maxkey/web/contorller/UserInfoController.java +++ b/maxkey-web-manage/src/main/java/org/maxkey/web/contorller/UserInfoController.java @@ -264,7 +264,7 @@ public class UserInfoController { @RequestMapping(value="/changePassword") public Message changePassword( @ModelAttribute("userInfo")UserInfo userInfo) { _logger.debug(userInfo.getId()); - if(userInfoService.changePassword(userInfo)) { + if(userInfoService.changePassword(userInfo,true)) { return new Message(WebContext.getI18nValue(ConstantsOperateMessage.UPDATE_SUCCESS),MessageType.success); } else { diff --git a/maxkey-web-maxkey/src/main/java/org/maxkey/MaxKeyConfig.java b/maxkey-web-maxkey/src/main/java/org/maxkey/MaxKeyConfig.java index a4019570d..2da183e19 100644 --- a/maxkey-web-maxkey/src/main/java/org/maxkey/MaxKeyConfig.java +++ b/maxkey-web-maxkey/src/main/java/org/maxkey/MaxKeyConfig.java @@ -48,6 +48,7 @@ import org.maxkey.persistence.db.PasswordPolicyValidator; import org.maxkey.persistence.ldap.ActiveDirectoryUtils; import org.maxkey.persistence.ldap.LdapUtils; import org.maxkey.persistence.redis.RedisConnectionFactory; +import org.maxkey.persistence.service.UserInfoService; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.InitializingBean; @@ -156,6 +157,7 @@ public class MaxKeyConfig implements InitializingBean { LoginService loginService, LoginHistoryService loginHistoryService, AbstractRemeberMeService remeberMeService, + UserInfoService userInfoService, JdbcTemplate jdbcTemplate, @Value("${maxkey.support.ldap.enable:false}")boolean ldapSupport, @Value("${maxkey.support.ldap.jit:false}")boolean ldapJit, @@ -179,6 +181,7 @@ public class MaxKeyConfig implements InitializingBean { loginService, loginHistoryService, remeberMeService, + userInfoService, jdbcTemplate, ldapAuthenticationRealm, ldapSupport diff --git a/maxkey-web-maxkey/src/main/java/org/maxkey/web/contorller/ForgotPasswordContorller.java b/maxkey-web-maxkey/src/main/java/org/maxkey/web/contorller/ForgotPasswordContorller.java index 1b8c4b8c3..d7793823f 100644 --- a/maxkey-web-maxkey/src/main/java/org/maxkey/web/contorller/ForgotPasswordContorller.java +++ b/maxkey-web-maxkey/src/main/java/org/maxkey/web/contorller/ForgotPasswordContorller.java @@ -129,7 +129,7 @@ public class ForgotPasswordContorller { if ((forgotType == ForgotType.EMAIL && mailOtpAuthn.validate(userInfo, captcha)) || (forgotType == ForgotType.MOBILE && smsOtpAuthn.validate(userInfo, captcha)) ) { - userInfoService.changePassword(userInfo); + userInfoService.changePassword(userInfo,true); modelAndView.addObject("passwordResetResult", PasswordResetResult.SUCCESS); } else { modelAndView.addObject("passwordResetResult", PasswordResetResult.CAPTCHAERROR);