LDAP password sync

gradle.properties

@@ -1,6 +1,6 @@
 #maxkey properties 
 group                           =maxkey.top
-version                         =2.8.1
+version                         =2.8.2
 vendor                          =https://www.maxkey.top
 author                          =MaxKeyTop
 #maxkey used jars version

maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/realm/AbstractAuthenticationRealm.java

@@ -26,6 +26,7 @@ import org.maxkey.entity.Groups;
 import org.maxkey.entity.UserInfo;
 import org.maxkey.persistence.db.LoginHistoryService;
 import org.maxkey.persistence.db.PasswordPolicyValidator;
+import org.maxkey.persistence.service.UserInfoService;
 import org.maxkey.persistence.db.LoginService;
 import org.maxkey.util.DateUtils;
 import org.maxkey.web.WebConstants;
@@ -59,6 +60,8 @@ public abstract class AbstractAuthenticationRealm {
     
     protected  AbstractAuthenticationRealm ldapAuthenticationRealm;
     
+    protected UserInfoService userInfoService;
+    
    
 
     /**

maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/realm/jdbc/DefaultJdbcAuthenticationRealm.java

@@ -53,13 +53,25 @@ public class DefaultJdbcAuthenticationRealm extends AbstractAuthenticationRealm
      */
     public boolean passwordMatches(UserInfo userInfo, String password) {
         boolean passwordMatches = false;
-        if(ldapSupport) {
+        //jdbc password check
+        _logger.debug("password : " 
+                + PasswordReciprocal.getInstance().rawPassword(userInfo.getUsername(), password));
+        passwordMatches = passwordEncoder.matches(password,userInfo.getPassword());
+        
+        //passwordMatches == false and ldapSupport ==true
+        //validate password with LDAP
+        if(!passwordMatches && ldapSupport) {
         	passwordMatches =this.ldapAuthenticationRealm.passwordMatches(userInfo, password);
-        }else {
-	        _logger.debug("password : " 
-	                + PasswordReciprocal.getInstance().rawPassword(userInfo.getUsername(), password));
-	        passwordMatches = passwordEncoder.matches(password,userInfo.getPassword());
+        	if(passwordMatches) {
+        	    //init password to local Realm
+        	    UserInfo changePasswordUser = new UserInfo();
+        	    changePasswordUser.setId(userInfo.getId());
+        	    changePasswordUser.setUsername(userInfo.getUsername());
+        	    changePasswordUser.setPassword(password);
+        	    userInfoService.changePassword(changePasswordUser, false);
+        	}
         }
+        
         _logger.debug("passwordvalid : " + passwordMatches);
         if (!passwordMatches) {
             passwordPolicyValidator.setBadPasswordCount(userInfo);

maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/realm/jdbc/JdbcAuthenticationRealm.java

@@ -22,6 +22,7 @@ import org.maxkey.authn.support.rememberme.AbstractRemeberMeService;
 import org.maxkey.persistence.db.LoginHistoryService;
 import org.maxkey.persistence.db.LoginService;
 import org.maxkey.persistence.db.PasswordPolicyValidator;
+import org.maxkey.persistence.service.UserInfoService;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.jdbc.core.JdbcTemplate;
@@ -49,6 +50,7 @@ public class JdbcAuthenticationRealm extends DefaultJdbcAuthenticationRealm {
     		LoginService loginService,
     		LoginHistoryService loginHistoryService,
     		AbstractRemeberMeService remeberMeService,
+    		UserInfoService userInfoService,
     	    JdbcTemplate jdbcTemplate) {
     	
     	this.passwordEncoder =passwordEncoder;
@@ -56,6 +58,7 @@ public class JdbcAuthenticationRealm extends DefaultJdbcAuthenticationRealm {
     	this.loginService = loginService;
     	this.loginHistoryService = loginHistoryService;
     	this.remeberMeService = remeberMeService;
+    	 this.userInfoService = userInfoService;
         this.jdbcTemplate = jdbcTemplate;
     }
     
@@ -66,6 +69,7 @@ public class JdbcAuthenticationRealm extends DefaultJdbcAuthenticationRealm {
     		LoginService loginService,
     		LoginHistoryService loginHistoryService,
     		AbstractRemeberMeService remeberMeService,
+    		UserInfoService userInfoService,
     	    JdbcTemplate jdbcTemplate,
     	    AbstractAuthenticationRealm ldapAuthenticationRealm,
     	    boolean ldapSupport
@@ -78,6 +82,7 @@ public class JdbcAuthenticationRealm extends DefaultJdbcAuthenticationRealm {
     	this.remeberMeService = remeberMeService;
         this.jdbcTemplate = jdbcTemplate;
         this.ldapAuthenticationRealm = ldapAuthenticationRealm;
+        this.userInfoService = userInfoService;
         this.ldapSupport = ldapSupport;
     }
     

maxkey-identitys/maxkey-identity-rest/src/main/java/org/maxkey/identity/rest/RestUserInfoController.java

@@ -80,7 +80,7 @@ public class RestUserInfoController {
         	changePassword.setUsername(username);
         	changePassword.setPassword(password);
         	changePassword.setDecipherable(loadUserInfo.getDecipherable());
-            userInfoService.changePassword(changePassword);
+            userInfoService.changePassword(changePassword,true);
         }
         return "true";
     }

maxkey-persistence/src/main/java/org/maxkey/persistence/service/UserInfoService.java

@@ -229,7 +229,7 @@ public class UserInfoService extends JpaBaseService<UserInfo> {
 	        if(newPassword.equals(confirmPassword)){
 	            if(oldPassword==null || 
 	                    passwordEncoder.matches(oldPassword, userInfo.getPassword())){
-	                if(changePassword(changeUserInfo) ){
+	                if(changePassword(changeUserInfo,true) ){
 	                    userInfo.setPassword(changeUserInfo.getPassword());
                         userInfo.setDecipherable(changeUserInfo.getDecipherable());
 	                    return true;
@@ -256,19 +256,18 @@ public class UserInfoService extends JpaBaseService<UserInfo> {
 		return false;
 	}
 	
-    public boolean changePassword(UserInfo changeUserInfo) {
+    public boolean changePassword(UserInfo changeUserInfo,boolean passwordPolicy) {
         try {
             _logger.debug("decipherable old : " + changeUserInfo.getDecipherable());
             _logger.debug("decipherable new : " + ReciprocalUtils.encode(PasswordReciprocal.getInstance()
                     .rawPassword(changeUserInfo.getUsername(), changeUserInfo.getPassword())));
 
-            if (passwordPolicyValidator.validator(changeUserInfo) == false) {
+            if (passwordPolicy && passwordPolicyValidator.validator(changeUserInfo) == false) {
                 return false;
             }
 
             if (WebContext.getUserInfo() != null) {
                 changeUserInfo.setModifiedBy(WebContext.getUserInfo().getId());
-
             }
 
             changeUserInfo = passwordEncoder(changeUserInfo);

maxkey-web-manage/src/main/java/org/maxkey/MaxKeyMgtConfig.java

@@ -33,6 +33,7 @@ import org.maxkey.persistence.db.LoginService;
 import org.maxkey.persistence.db.PasswordPolicyValidator;
 import org.maxkey.persistence.redis.RedisConnectionFactory;
 import org.maxkey.persistence.service.GroupsService;
+import org.maxkey.persistence.service.UserInfoService;
 import org.opensaml.xml.ConfigurationException;
 import org.quartz.CronScheduleBuilder;
 import org.quartz.CronTrigger;
@@ -118,6 +119,7 @@ public class MaxKeyMgtConfig  implements InitializingBean {
 	    		LoginService loginService,
 	    		LoginHistoryService loginHistoryService,
 	    		AbstractRemeberMeService remeberMeService,
+	    		UserInfoService userInfoService,
              JdbcTemplate jdbcTemplate) {
 		
         JdbcAuthenticationRealm authenticationRealm = new JdbcAuthenticationRealm(
@@ -126,6 +128,7 @@ public class MaxKeyMgtConfig  implements InitializingBean {
         		loginService,
         		loginHistoryService,
         		remeberMeService,
+        		userInfoService,
         		jdbcTemplate);
         
         _logger.debug("JdbcAuthenticationRealm inited.");

maxkey-web-manage/src/main/java/org/maxkey/web/contorller/UserInfoController.java

@@ -264,7 +264,7 @@ public class UserInfoController {
 	@RequestMapping(value="/changePassword")  
 	public Message changePassword( @ModelAttribute("userInfo")UserInfo userInfo) {
 		_logger.debug(userInfo.getId());
-		if(userInfoService.changePassword(userInfo)) {
+		if(userInfoService.changePassword(userInfo,true)) {
 			return  new Message(WebContext.getI18nValue(ConstantsOperateMessage.UPDATE_SUCCESS),MessageType.success);
 			
 		} else {

maxkey-web-maxkey/src/main/java/org/maxkey/MaxKeyConfig.java

@@ -48,6 +48,7 @@ import org.maxkey.persistence.db.PasswordPolicyValidator;
 import org.maxkey.persistence.ldap.ActiveDirectoryUtils;
 import org.maxkey.persistence.ldap.LdapUtils;
 import org.maxkey.persistence.redis.RedisConnectionFactory;
+import org.maxkey.persistence.service.UserInfoService;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.InitializingBean;
@@ -156,6 +157,7 @@ public class MaxKeyConfig  implements InitializingBean {
 	    		LoginService loginService,
 	    		LoginHistoryService loginHistoryService,
 	    		AbstractRemeberMeService remeberMeService,
+	    		UserInfoService userInfoService,
                 JdbcTemplate jdbcTemplate,
                 @Value("${maxkey.support.ldap.enable:false}")boolean ldapSupport,
     			@Value("${maxkey.support.ldap.jit:false}")boolean ldapJit,
@@ -179,6 +181,7 @@ public class MaxKeyConfig  implements InitializingBean {
         		loginService,
         		loginHistoryService,
         		remeberMeService,
+        		userInfoService,
         		jdbcTemplate,
         		ldapAuthenticationRealm,
         		ldapSupport

maxkey-web-maxkey/src/main/java/org/maxkey/web/contorller/ForgotPasswordContorller.java

@@ -129,7 +129,7 @@ public class ForgotPasswordContorller {
             if ((forgotType == ForgotType.EMAIL && mailOtpAuthn.validate(userInfo, captcha)) ||
                     (forgotType == ForgotType.MOBILE && smsOtpAuthn.validate(userInfo, captcha))
                 ) {
-                userInfoService.changePassword(userInfo);
+                userInfoService.changePassword(userInfo,true);
                 modelAndView.addObject("passwordResetResult", PasswordResetResult.SUCCESS);
             } else {
                 modelAndView.addObject("passwordResetResult", PasswordResetResult.CAPTCHAERROR);