LDAP password sync

2026-05-14 12:32:09 +08:00 · 2021-07-22 22:15:21 +08:00
parent fae33d2be6
commit 233307f366
10 changed files with 38 additions and 13 deletions
--- a/gradle.properties
+++ b/gradle.properties
@@ -1,6 +1,6 @@
 #maxkey properties 
 group                           =maxkey.top
-version                         =2.8.1
+version                         =2.8.2
 vendor                          =https://www.maxkey.top
 author                          =MaxKeyTop
 #maxkey used jars version
--- a/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/realm/AbstractAuthenticationRealm.java
+++ b/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/realm/AbstractAuthenticationRealm.java
@@ -26,6 +26,7 @@ import org.maxkey.entity.Groups;
 import org.maxkey.entity.UserInfo;
 import org.maxkey.persistence.db.LoginHistoryService;
 import org.maxkey.persistence.db.PasswordPolicyValidator;
 import org.maxkey.persistence.service.UserInfoService;
 import org.maxkey.persistence.db.LoginService;
 import org.maxkey.util.DateUtils;
 import org.maxkey.web.WebConstants;
@@ -59,6 +60,8 @@ public abstract class AbstractAuthenticationRealm {
    protected  AbstractAuthenticationRealm ldapAuthenticationRealm;
    protected UserInfoService userInfoService;
    /**
--- a/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/realm/jdbc/DefaultJdbcAuthenticationRealm.java
+++ b/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/realm/jdbc/DefaultJdbcAuthenticationRealm.java
@@ -53,13 +53,25 @@ public class DefaultJdbcAuthenticationRealm extends AbstractAuthenticationRealm
     */
    public boolean passwordMatches(UserInfo userInfo, String password) {
        boolean passwordMatches = false;
-        if(ldapSupport) {
+        //jdbc password check
        _logger.debug("password : " 
                + PasswordReciprocal.getInstance().rawPassword(userInfo.getUsername(), password));
        passwordMatches = passwordEncoder.matches(password,userInfo.getPassword());
        //passwordMatches == false and ldapSupport ==true
        //validate password with LDAP
        if(!passwordMatches && ldapSupport) {
        	passwordMatches =this.ldapAuthenticationRealm.passwordMatches(userInfo, password);
-        }else {
+        	if(passwordMatches) {
-	        _logger.debug("password : " 
+        	    //init password to local Realm
-	                + PasswordReciprocal.getInstance().rawPassword(userInfo.getUsername(), password));
+        	    UserInfo changePasswordUser = new UserInfo();
-	        passwordMatches = passwordEncoder.matches(password,userInfo.getPassword());
+        	    changePasswordUser.setId(userInfo.getId());
        	    changePasswordUser.setUsername(userInfo.getUsername());
        	    changePasswordUser.setPassword(password);
        	    userInfoService.changePassword(changePasswordUser, false);
        	}
        }
        _logger.debug("passwordvalid : " + passwordMatches);
        if (!passwordMatches) {
            passwordPolicyValidator.setBadPasswordCount(userInfo);
--- a/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/realm/jdbc/JdbcAuthenticationRealm.java
+++ b/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/realm/jdbc/JdbcAuthenticationRealm.java
@@ -22,6 +22,7 @@ import org.maxkey.authn.support.rememberme.AbstractRemeberMeService;
 import org.maxkey.persistence.db.LoginHistoryService;
 import org.maxkey.persistence.db.LoginService;
 import org.maxkey.persistence.db.PasswordPolicyValidator;
 import org.maxkey.persistence.service.UserInfoService;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.jdbc.core.JdbcTemplate;
@@ -49,6 +50,7 @@ public class JdbcAuthenticationRealm extends DefaultJdbcAuthenticationRealm {
    		LoginService loginService,
    		LoginHistoryService loginHistoryService,
    		AbstractRemeberMeService remeberMeService,
    		UserInfoService userInfoService,
    	    JdbcTemplate jdbcTemplate) {
    	this.passwordEncoder =passwordEncoder;
@@ -56,6 +58,7 @@ public class JdbcAuthenticationRealm extends DefaultJdbcAuthenticationRealm {
    	this.loginService = loginService;
    	this.loginHistoryService = loginHistoryService;
    	this.remeberMeService = remeberMeService;
    	 this.userInfoService = userInfoService;
        this.jdbcTemplate = jdbcTemplate;
    }
@@ -66,6 +69,7 @@ public class JdbcAuthenticationRealm extends DefaultJdbcAuthenticationRealm {
    		LoginService loginService,
    		LoginHistoryService loginHistoryService,
    		AbstractRemeberMeService remeberMeService,
    		UserInfoService userInfoService,
    	    JdbcTemplate jdbcTemplate,
    	    AbstractAuthenticationRealm ldapAuthenticationRealm,
    	    boolean ldapSupport
@@ -78,6 +82,7 @@ public class JdbcAuthenticationRealm extends DefaultJdbcAuthenticationRealm {
    	this.remeberMeService = remeberMeService;
        this.jdbcTemplate = jdbcTemplate;
        this.ldapAuthenticationRealm = ldapAuthenticationRealm;
        this.userInfoService = userInfoService;
        this.ldapSupport = ldapSupport;
    }
--- a/maxkey-identitys/maxkey-identity-rest/src/main/java/org/maxkey/identity/rest/RestUserInfoController.java
+++ b/maxkey-identitys/maxkey-identity-rest/src/main/java/org/maxkey/identity/rest/RestUserInfoController.java
@@ -80,7 +80,7 @@ public class RestUserInfoController {
        	changePassword.setUsername(username);
        	changePassword.setPassword(password);
        	changePassword.setDecipherable(loadUserInfo.getDecipherable());
-            userInfoService.changePassword(changePassword);
+            userInfoService.changePassword(changePassword,true);
        }
        return "true";
    }
--- a/maxkey-persistence/src/main/java/org/maxkey/persistence/service/UserInfoService.java
+++ b/maxkey-persistence/src/main/java/org/maxkey/persistence/service/UserInfoService.java
@@ -229,7 +229,7 @@ public class UserInfoService extends JpaBaseService<UserInfo> {
 	        if(newPassword.equals(confirmPassword)){
 	            if(oldPassword==null || 
 	                    passwordEncoder.matches(oldPassword, userInfo.getPassword())){
-	                if(changePassword(changeUserInfo) ){
+	                if(changePassword(changeUserInfo,true) ){
 	                    userInfo.setPassword(changeUserInfo.getPassword());
                        userInfo.setDecipherable(changeUserInfo.getDecipherable());
 	                    return true;
@@ -256,19 +256,18 @@ public class UserInfoService extends JpaBaseService<UserInfo> {
 		return false;
 	}
-    public boolean changePassword(UserInfo changeUserInfo) {
+    public boolean changePassword(UserInfo changeUserInfo,boolean passwordPolicy) {
        try {
            _logger.debug("decipherable old : " + changeUserInfo.getDecipherable());
            _logger.debug("decipherable new : " + ReciprocalUtils.encode(PasswordReciprocal.getInstance()
                    .rawPassword(changeUserInfo.getUsername(), changeUserInfo.getPassword())));
-            if (passwordPolicyValidator.validator(changeUserInfo) == false) {
+            if (passwordPolicy && passwordPolicyValidator.validator(changeUserInfo) == false) {
                return false;
            }
            if (WebContext.getUserInfo() != null) {
                changeUserInfo.setModifiedBy(WebContext.getUserInfo().getId());
            }
            changeUserInfo = passwordEncoder(changeUserInfo);
--- a/maxkey-web-manage/src/main/java/org/maxkey/MaxKeyMgtConfig.java
+++ b/maxkey-web-manage/src/main/java/org/maxkey/MaxKeyMgtConfig.java
@@ -33,6 +33,7 @@ import org.maxkey.persistence.db.LoginService;
 import org.maxkey.persistence.db.PasswordPolicyValidator;
 import org.maxkey.persistence.redis.RedisConnectionFactory;
 import org.maxkey.persistence.service.GroupsService;
 import org.maxkey.persistence.service.UserInfoService;
 import org.opensaml.xml.ConfigurationException;
 import org.quartz.CronScheduleBuilder;
 import org.quartz.CronTrigger;
@@ -118,6 +119,7 @@ public class MaxKeyMgtConfig  implements InitializingBean {
 	    		LoginService loginService,
 	    		LoginHistoryService loginHistoryService,
 	    		AbstractRemeberMeService remeberMeService,
 	    		UserInfoService userInfoService,
             JdbcTemplate jdbcTemplate) {
        JdbcAuthenticationRealm authenticationRealm = new JdbcAuthenticationRealm(
@@ -126,6 +128,7 @@ public class MaxKeyMgtConfig  implements InitializingBean {
        		loginService,
        		loginHistoryService,
        		remeberMeService,
        		userInfoService,
        		jdbcTemplate);
        _logger.debug("JdbcAuthenticationRealm inited.");
--- a/maxkey-web-manage/src/main/java/org/maxkey/web/contorller/UserInfoController.java
+++ b/maxkey-web-manage/src/main/java/org/maxkey/web/contorller/UserInfoController.java
@@ -264,7 +264,7 @@ public class UserInfoController {
 	@RequestMapping(value="/changePassword")  
 	public Message changePassword( @ModelAttribute("userInfo")UserInfo userInfo) {
 		_logger.debug(userInfo.getId());
-		if(userInfoService.changePassword(userInfo)) {
+		if(userInfoService.changePassword(userInfo,true)) {
 			return  new Message(WebContext.getI18nValue(ConstantsOperateMessage.UPDATE_SUCCESS),MessageType.success);
 		} else {
--- a/maxkey-web-maxkey/src/main/java/org/maxkey/MaxKeyConfig.java
+++ b/maxkey-web-maxkey/src/main/java/org/maxkey/MaxKeyConfig.java
@@ -48,6 +48,7 @@ import org.maxkey.persistence.db.PasswordPolicyValidator;
 import org.maxkey.persistence.ldap.ActiveDirectoryUtils;
 import org.maxkey.persistence.ldap.LdapUtils;
 import org.maxkey.persistence.redis.RedisConnectionFactory;
 import org.maxkey.persistence.service.UserInfoService;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.InitializingBean;
@@ -156,6 +157,7 @@ public class MaxKeyConfig  implements InitializingBean {
 	    		LoginService loginService,
 	    		LoginHistoryService loginHistoryService,
 	    		AbstractRemeberMeService remeberMeService,
 	    		UserInfoService userInfoService,
                JdbcTemplate jdbcTemplate,
                @Value("${maxkey.support.ldap.enable:false}")boolean ldapSupport,
    			@Value("${maxkey.support.ldap.jit:false}")boolean ldapJit,
@@ -179,6 +181,7 @@ public class MaxKeyConfig  implements InitializingBean {
        		loginService,
        		loginHistoryService,
        		remeberMeService,
        		userInfoService,
        		jdbcTemplate,
        		ldapAuthenticationRealm,
        		ldapSupport
--- a/maxkey-web-maxkey/src/main/java/org/maxkey/web/contorller/ForgotPasswordContorller.java
+++ b/maxkey-web-maxkey/src/main/java/org/maxkey/web/contorller/ForgotPasswordContorller.java
@@ -129,7 +129,7 @@ public class ForgotPasswordContorller {
            if ((forgotType == ForgotType.EMAIL && mailOtpAuthn.validate(userInfo, captcha)) ||
                    (forgotType == ForgotType.MOBILE && smsOtpAuthn.validate(userInfo, captcha))
                ) {
-                userInfoService.changePassword(userInfo);
+                userInfoService.changePassword(userInfo,true);
                modelAndView.addObject("passwordResetResult", PasswordResetResult.SUCCESS);
            } else {
                modelAndView.addObject("passwordResetResult", PasswordResetResult.CAPTCHAERROR);