Skip to content

Commit

Permalink
Stop putting passwords in wicket store (MID-5336)
Browse files Browse the repository at this point in the history 
(cherry picked from commit 6db9305)
  • Loading branch information
@mederly
mederly committed May 10, 2019
1 parent 5ec9dcf commit 143d37d
Show file tree
Hide file tree
Showing 2 changed files with 31 additions and 23 deletions.
53 changes: 31 additions & 22 deletions ...min-gui/src/main/java/com/evolveum/midpoint/gui/api/component/password/PasswordPanel.java
View file
Expand Up @@ -18,17 +18,17 @@

import java.util.ArrayList;
import java.util.List;
import java.util.Objects;

import com.evolveum.midpoint.gui.api.page.PageBase;
import com.evolveum.midpoint.prism.path.ItemPath;
import com.evolveum.midpoint.web.component.prism.ContainerStatus;
import com.evolveum.midpoint.web.component.prism.ValueStatus;
import com.evolveum.midpoint.prism.crypto.EncryptionException;
import com.evolveum.midpoint.prism.crypto.Protector;
import com.evolveum.midpoint.util.exception.SystemException;
import com.evolveum.midpoint.web.page.admin.users.PageUser;
import com.evolveum.midpoint.web.page.self.PageSelfProfile;
import com.evolveum.midpoint.xml.ns._public.common.common_3.CredentialsType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.UserType;
import com.evolveum.midpoint.web.security.MidPointApplication;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.lang.Validate;
import org.apache.wicket.Application;
import org.apache.wicket.ajax.AjaxRequestTarget;
import org.apache.wicket.ajax.form.AjaxFormComponentUpdatingBehavior;
import org.apache.wicket.ajax.markup.html.AjaxLink;
Expand All @@ -48,6 +48,7 @@
import com.evolveum.midpoint.web.component.prism.InputPanel;
import com.evolveum.midpoint.web.component.util.VisibleEnableBehaviour;
import com.evolveum.prism.xml.ns._public.types_3.ProtectedStringType;
import org.jetbrains.annotations.NotNull;

/**
* @author lazyman
Expand Down Expand Up @@ -96,16 +97,14 @@ public boolean isVisible() {
inputContainer.setOutputMarkupId(true);
add(inputContainer);

final PasswordTextField password1 = new PasswordTextField(ID_PASSWORD_ONE, new PasswordModel(model));
final PasswordTextField password1 = new PasswordTextField(ID_PASSWORD_ONE, new PasswordModel(model));
password1.setRequired(false);
password1.setResetPassword(false);
password1.setOutputMarkupId(true);
password1.add(new EmptyOnBlurAjaxFormUpdatingBehaviour());
inputContainer.add(password1);

final PasswordTextField password2 = new PasswordTextField(ID_PASSWORD_TWO, new Model<String>());
final PasswordTextField password2 = new PasswordTextField(ID_PASSWORD_TWO, new PasswordModel(Model.of(new ProtectedStringType())));
password2.setRequired(false);
password2.setResetPassword(false);
password2.setOutputMarkupId(true);
password2.add(new EmptyOnBlurAjaxFormUpdatingBehaviour());
inputContainer.add(password2);
Expand Down Expand Up @@ -224,24 +223,21 @@ private static class PasswordValidator implements IValidator<String> {
private PasswordTextField p1;
private PasswordTextField p2;

private PasswordValidator(PasswordTextField p1, PasswordTextField p2) {
Validate.notNull(p1, "Password field one must not be null.");
Validate.notNull(p2, "Password field two must not be null.");
private PasswordValidator(@NotNull PasswordTextField p1, @NotNull PasswordTextField p2) {
this.p1 = p1;
this.p2 = p2;
}

@Override
public void validate(IValidatable<String> validatable) {
String s1 = p1.getValue();
String s2 = p2.getValue();
String s1 = p1.getModelObject();
String s2 = p2.getModelObject();

if (StringUtils.isEmpty(s1) && StringUtils.isEmpty(s2)) {
return;
}

boolean equal = s1 != null ? s1.equals(s2) : s2 == null;
if (!equal) {
if (!Objects.equals(s1, s2)) {
validatable = p1.newValidatable();
ValidationError err = new ValidationError();
err.addKey("passwordPanel.error");
Expand All @@ -265,21 +261,30 @@ private class PasswordModel implements IModel<String> {

IModel<ProtectedStringType> psModel;

PasswordModel(IModel<ProtectedStringType> psModel) {
PasswordModel(IModel<ProtectedStringType> psModel) {
this.psModel = psModel;
}
}

@Override
public void detach() {
// Nothing to do
}

private Protector getProtector() {
return ((MidPointApplication) Application.get()).getProtector();
}

@Override
public String getObject() {
if (psModel.getObject() == null) {
ProtectedStringType ps = psModel.getObject();
if (ps == null) {
return null;
} else {
return psModel.getObject().getClearValue();
try {
return getProtector().decryptString(ps);
} catch (EncryptionException e) {
throw new SystemException(e.getMessage(), e); // todo handle somewhat better
}
}
}

Expand All @@ -294,8 +299,12 @@ public void setObject(String object) {
psModel.getObject().clear();
}
psModel.getObject().setClearValue(object);
try {
getProtector().encrypt(psModel.getObject());
} catch (EncryptionException e) {
throw new SystemException(e.getMessage(), e); // todo handle somewhat better
}
}
}

}
}
1 change: 0 additions & 1 deletion ...-gui/src/main/java/com/evolveum/midpoint/web/page/self/component/ChangePasswordPanel.java
View file
Expand Up @@ -105,7 +105,6 @@ public boolean isVisible() {
PasswordTextField oldPasswordField =
new PasswordTextField(ID_OLD_PASSWORD_FIELD, new PropertyModel<String>(model, MyPasswordsDto.F_OLD_PASSWORD));
oldPasswordField.setRequired(false);
oldPasswordField.setResetPassword(false);
add(oldPasswordField);
oldPasswordField.add(new VisibleEnableBehaviour() {

Expand Down

0 comments on commit 143d37d

Please sign in to comment.