use of org.openmrs.api.db.LoginCredential in project openmrs-core by openmrs.
the class HibernateUserDAO method updateUserPassword.
/**
* @param newHashedPassword
* @param salt
* @param userId
* @param date
* @param userId2
*/
private void updateUserPassword(String newHashedPassword, String salt, Integer changedBy, Date dateChanged, Integer userIdToChange) {
User changeForUser = getUser(userIdToChange);
if (changeForUser == null) {
throw new DAOException("Couldn't find user to set password for userId=" + userIdToChange);
}
User changedByUser = getUser(changedBy);
LoginCredential credentials = getLoginCredential(changeForUser);
credentials.setUserId(userIdToChange);
credentials.setHashedPassword(newHashedPassword);
credentials.setSalt(salt);
credentials.setChangedBy(changedByUser);
credentials.setDateChanged(dateChanged);
credentials.setUuid(changeForUser.getUuid());
sessionFactory.getCurrentSession().merge(credentials);
// reset lockout
changeForUser.setUserProperty(OpenmrsConstants.USER_PROPERTY_LOCKOUT_TIMESTAMP, "");
changeForUser.setUserProperty(OpenmrsConstants.USER_PROPERTY_LOGIN_ATTEMPTS, "0");
saveUser(changeForUser, null);
}
use of org.openmrs.api.db.LoginCredential in project openmrs-core by openmrs.
the class HibernateUserDAO method changeQuestionAnswer.
/**
* @see org.openmrs.api.UserService#changeQuestionAnswer(java.lang.String, java.lang.String,
* java.lang.String)
*/
@Override
public void changeQuestionAnswer(String pw, String question, String answer) throws DAOException {
User u = Context.getAuthenticatedUser();
LoginCredential credentials = getLoginCredential(u);
if (!credentials.checkPassword(pw)) {
log.error("Passwords don't match");
throw new DAOException("Passwords don't match");
}
changeQuestionAnswer(u, question, answer);
}
use of org.openmrs.api.db.LoginCredential in project openmrs-core by openmrs.
the class HibernateUserDAO method changeQuestionAnswer.
/**
* @see org.openmrs.api.UserService#changeQuestionAnswer(User, String, String)
*/
@Override
public void changeQuestionAnswer(User u, String question, String answer) throws DAOException {
log.info("Updating secret question and answer for " + u.getUsername());
LoginCredential credentials = getLoginCredential(u);
credentials.setSecretQuestion(question);
String hashedAnswer = Security.encodeString(answer.toLowerCase() + credentials.getSalt());
credentials.setSecretAnswer(hashedAnswer);
credentials.setDateChanged(new Date());
credentials.setChangedBy(u);
updateLoginCredential(credentials);
}
use of org.openmrs.api.db.LoginCredential in project openmrs-core by openmrs.
the class HibernateUserDAO method isSecretAnswer.
/**
* @see org.openmrs.api.UserService#isSecretAnswer(User, java.lang.String)
*/
@Override
public boolean isSecretAnswer(User u, String answer) throws DAOException {
if (StringUtils.isEmpty(answer)) {
return false;
}
LoginCredential credentials = getLoginCredential(u);
String answerOnRecord = credentials.getSecretAnswer();
String hashedAnswer = Security.encodeString(answer.toLowerCase() + credentials.getSalt());
return (hashedAnswer.equals(answerOnRecord));
}
use of org.openmrs.api.db.LoginCredential in project openmrs-core by openmrs.
the class HibernateUserDAO method changePassword.
/**
* @see org.openmrs.api.UserService#changePassword(java.lang.String, java.lang.String)
*/
@Override
public void changePassword(String pw, String pw2) throws DAOException {
User u = Context.getAuthenticatedUser();
LoginCredential credentials = getLoginCredential(u);
if (!credentials.checkPassword(pw)) {
log.error("Passwords don't match");
throw new DAOException("Passwords don't match");
}
log.info("updating password for " + u.getUsername());
// update the user with the new password
String salt = getLoginCredential(u).getSalt();
String newHashedPassword = Security.encodeString(pw2 + salt);
updateUserPassword(newHashedPassword, salt, u.getUserId(), new Date(), u.getUserId());
}
Aggregations