security-admin/src/main/java/org/apache/ranger/patch/cliutil/ChangePasswordUtil.java - ranger - Git at Google

 /*<?xml version="1.0" encoding="UTF-8"?>
 <!--
   Licensed to the Apache Software Foundation (ASF) under one or more
   contributor license agreements.  See the NOTICE file distributed with
   this work for additional information regarding copyright ownership.
   The ASF licenses this file to You under the Apache License, Version 2.0
   (the "License"); you may not use this file except in compliance with
   the License.  You may obtain a copy of the License at

 	  http://www.apache.org/licenses/LICENSE-2.0

   Unless required by applicable law or agreed to in writing, software
   distributed under the License is distributed on an "AS IS" BASIS,
   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
   See the License for the specific language governing permissions and
   limitations under the License.
 -->*/

 package org.apache.ranger.patch.cliutil;

 import org.apache.log4j.Logger;
 import org.apache.ranger.biz.UserMgr;
 import org.apache.ranger.common.MessageEnums;
 import org.apache.ranger.common.RESTErrorUtil;
 import org.apache.ranger.db.RangerDaoManager;
 import org.apache.ranger.entity.XXPortalUser;
 import org.apache.ranger.patch.BaseLoader;
 import org.apache.ranger.util.CLIUtil;
 import org.apache.solr.common.StringUtils;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Component;

 @Component
 public class ChangePasswordUtil extends BaseLoader {
 	private static final Logger logger = Logger.getLogger(ChangePasswordUtil.class);

 	@Autowired
 	RangerDaoManager daoMgr;

 	@Autowired
 	UserMgr userMgr;

 	@Autowired
 	RESTErrorUtil restErrorUtil;

 	public static String userLoginId;
 	public static String currentPassword;
 	public static String newPassword;
 	public static boolean defaultPwdChangeRequest = false;
 	public static String[] userPwdArgs;

 	public static void main(String[] args) {
 		logger.info("main()");
 		try {
 			ChangePasswordUtil loader = (ChangePasswordUtil) CLIUtil.getBean(ChangePasswordUtil.class);
 			loader.init();
 			userPwdArgs=args;
 			if (args.length > 4) {
 				if ("-default".equalsIgnoreCase(args[args.length-1])) {
 					defaultPwdChangeRequest = true;
 				}
 				while (loader.isMoreToProcess()) {
 					loader.load();
 				}
 				logger.info("Load complete. Exiting!!!");
 				System.exit(0);
 			} else if (args.length == 3 || args.length == 4) {
 				userLoginId = args[0];
 				currentPassword = args[1];
 				newPassword = args[2];
 				if (args.length == 4) {
 					if ("-default".equalsIgnoreCase(args[3])) {
 						defaultPwdChangeRequest = true;
 					}
 				}
 				if (StringUtils.isEmpty(userLoginId)) {
 					System.out.println("Invalid login ID. Exiting!!!");
 					logger.info("Invalid login ID. Exiting!!!");
 					System.exit(1);
 				}
 				if (StringUtils.isEmpty(currentPassword)) {
 					System.out.println("Invalid current password. Exiting!!!");
 					logger.info("Invalid current password. Exiting!!!");
 					System.exit(1);
 				}
 				if (StringUtils.isEmpty(newPassword)) {
 					System.out.println("Invalid new password. Exiting!!!");
 					logger.info("Invalid new password. Exiting!!!");
 					System.exit(1);
 				}
 				while (loader.isMoreToProcess()) {
 					loader.load();
 				}
 				logger.info("Load complete. Exiting!!!");
 				System.exit(0);
 			} else {
 				System.out.println(
 						"ChangePasswordUtil: Incorrect Arguments \n Usage: \n <loginId> <current-password> <new-password>");
 				logger.error(
 						"ChangePasswordUtil: Incorrect Arguments \n Usage: \n <loginId> <current-password> <new-password>");
 				System.exit(1);
 			}
 		} catch (Exception e) {
 			logger.error("Error loading", e);
 			System.exit(1);
 		}
 	}

 	@Override
 	public void init() throws Exception {
 	}

 	@Override
 	public void printStats() {
 	}

 	@Override
 	public void execLoad() {
 		logger.info("==> ChangePasswordUtil.execLoad()");
 		if(userPwdArgs.length>4) {
 			updateMultiplePasswords();
 		}else {
 			updateAdminPassword();
 		}
 		logger.info("<== ChangePasswordUtil.execLoad()");
 	}

 	public void updateAdminPassword() {
 		XXPortalUser xPortalUser = daoMgr.getXXPortalUser().findByLoginId(userLoginId);
 		if (xPortalUser != null) {
 			String dbPassword = xPortalUser.getPassword();
 			String currentEncryptedPassword = null;
 			String md5EncryptedPassword = null;
 			try {
 				currentEncryptedPassword = userMgr.encrypt(userLoginId, currentPassword);
 				if (currentEncryptedPassword.equals(dbPassword)) {
 					validatePassword(newPassword);
 					userMgr.updatePasswordInSHA256(userLoginId, newPassword, true);
 					logger.info("User '" + userLoginId + "' Password updated sucessfully.");
 				}
 				else if (!currentEncryptedPassword.equals(dbPassword) && defaultPwdChangeRequest) {
 					logger.info("current encryped password is not equal to dbpassword , trying with md5 now");
 					md5EncryptedPassword = userMgr.encryptWithOlderAlgo(userLoginId, currentPassword);
 					if (md5EncryptedPassword.equals(dbPassword)) {
 						validatePassword(newPassword);
 						userMgr.updatePasswordInSHA256(userLoginId, newPassword, true);
 						logger.info("User '" + userLoginId + "' Password updated sucessfully.");
 					} else {
 						System.out.println(
 								"Skipping default password change request as provided password doesn't match with existing password.");
 						logger.error(
 								"Skipping default password change request as provided password doesn't match with existing password.");
 						System.exit(2);
 					}
 				} else {
 					System.out.println("Invalid user password");
 					logger.error("Invalid user password");
 					System.exit(1);
 				}
 			} catch (Exception e) {
 				logger.error("Update Admin Password failure. Detail:  \n", e);
 				System.exit(1);
 			}
 		} else {
 			System.out.println("User does not exist in DB!!");
 			logger.error("User does not exist in DB");
 			System.exit(1);
 		}
 	}

 	public void updateMultiplePasswords() {
 		for (int i=0; i<userPwdArgs.length ; i+=3) {
 			if ("-default".equalsIgnoreCase(userPwdArgs[i])) {
 				continue;
 			}
 			String userLoginIdTemp=userPwdArgs[i];
 			String currentPasswordTemp=userPwdArgs[i+1];
 			String newPasswordTemp=userPwdArgs[i+2];
 			if (StringUtils.isEmpty(userLoginIdTemp)) {
 				System.out.println("Invalid login ID. Exiting!!!");
 				logger.info("Invalid login ID. Exiting!!!");
 				System.exit(1);
 			}
 			if (StringUtils.isEmpty(currentPasswordTemp)) {
 				System.out.println("Invalid current password. Exiting!!!");
 				logger.info("Invalid current password. Exiting!!!");
 				System.exit(1);
 			}
 			if (StringUtils.isEmpty(newPasswordTemp)) {
 				System.out.println("Invalid new password. Exiting!!!");
 				logger.info("Invalid new password. Exiting!!!");
 				System.exit(1);
 			}
 			XXPortalUser xPortalUser = daoMgr.getXXPortalUser().findByLoginId(userLoginIdTemp);
 			if (xPortalUser != null) {
 				String dbPassword = xPortalUser.getPassword();
 				String currentEncryptedPassword = null;
 				String md5EncryptedPassword = null;
 				try {
 					currentEncryptedPassword = userMgr.encrypt(userLoginIdTemp, currentPasswordTemp);
 					if (currentEncryptedPassword.equals(dbPassword)) {
 						validatePassword(newPasswordTemp);
 						userMgr.updatePasswordInSHA256(userLoginIdTemp, newPasswordTemp, true);
 						logger.info("User '" + userLoginIdTemp + "' Password updated sucessfully.");
 					} else if (!currentEncryptedPassword.equals(dbPassword) && defaultPwdChangeRequest) {
 						logger.info("current encryped password is not equal to dbpassword , trying with md5 now");
 						md5EncryptedPassword = userMgr.encryptWithOlderAlgo(userLoginIdTemp, currentPasswordTemp);
 						if (md5EncryptedPassword.equals(dbPassword)) {
 							validatePassword(newPasswordTemp);
 							userMgr.updatePasswordInSHA256(userLoginIdTemp, newPasswordTemp, true);
 							logger.info("User '" + userLoginIdTemp + "' Password updated sucessfully.");
 						} else {
 							System.out.println(
 									"Skipping default password change request as provided password doesn't match with existing password.");
 							logger.error(
 									"Skipping default password change request as provided password doesn't match with existing password.");
 							System.exit(2);
 						}
 					} else {
 						System.out.println("Invalid user password");
 						logger.error("Invalid user password");
 						System.exit(1);
 						break;
 					}
 				} catch (Exception e) {
 					logger.error("Update Admin Password failure. Detail:  \n", e);
 					System.exit(1);
 					break;
 				}
 			} else {
 				System.out.println("User does not exist in DB!!");
 				logger.error("User does not exist in DB");
 				System.exit(1);
 				break;
 			}
 		}
 	}

 	private void validatePassword(String newPassword) {
 		boolean checkPassword = false;
 		if (newPassword != null) {
 			String pattern = "(?=.*[0-9])(?=.*[a-zA-Z]).{8,}";
 			checkPassword = newPassword.trim().matches(pattern);
 			if (!checkPassword) {
 				logger.error(
 						"validatePassword(). Password should be minimum 8 characters with minimum one alphabet and one numeric.");
 				System.out.println(
 						"validatePassword(). Password should be minimum 8 characters with minimum one alphabet and one numeric.");
 				throw restErrorUtil.createRESTException("serverMsg.changePasswordValidatePassword",
 						MessageEnums.INVALID_PASSWORD, null,
 						"Password should be minimum 8 characters with minimum one alphabet and one numeric", null);
 			}
 		} else {
 			logger.error("validatePassword(). Password cannot be blank/null.");
 			System.out.println("validatePassword(). Password cannot be blank/null.");
 			throw restErrorUtil.createRESTException("serverMsg.changePasswordValidatePassword",
 					MessageEnums.INVALID_PASSWORD, null, "Password cannot be blank/null", null);
 		}
 	}

 }
	/*<?xml version="1.0" encoding="UTF-8"?>
	<!--
	Licensed to the Apache Software Foundation (ASF) under one or more
	contributor license agreements. See the NOTICE file distributed with
	this work for additional information regarding copyright ownership.
	The ASF licenses this file to You under the Apache License, Version 2.0
	(the "License"); you may not use this file except in compliance with
	the License. You may obtain a copy of the License at

	http://www.apache.org/licenses/LICENSE-2.0

	Unless required by applicable law or agreed to in writing, software
	distributed under the License is distributed on an "AS IS" BASIS,
	WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	See the License for the specific language governing permissions and
	limitations under the License.
	-->*/

	package org.apache.ranger.patch.cliutil;

	import org.apache.log4j.Logger;
	import org.apache.ranger.biz.UserMgr;
	import org.apache.ranger.common.MessageEnums;
	import org.apache.ranger.common.RESTErrorUtil;
	import org.apache.ranger.db.RangerDaoManager;
	import org.apache.ranger.entity.XXPortalUser;
	import org.apache.ranger.patch.BaseLoader;
	import org.apache.ranger.util.CLIUtil;
	import org.apache.solr.common.StringUtils;
	import org.springframework.beans.factory.annotation.Autowired;
	import org.springframework.stereotype.Component;

	@Component
	public class ChangePasswordUtil extends BaseLoader {
	private static final Logger logger = Logger.getLogger(ChangePasswordUtil.class);

	@Autowired
	RangerDaoManager daoMgr;

	@Autowired
	UserMgr userMgr;

	@Autowired
	RESTErrorUtil restErrorUtil;

	public static String userLoginId;
	public static String currentPassword;
	public static String newPassword;
	public static boolean defaultPwdChangeRequest = false;
	public static String[] userPwdArgs;

	public static void main(String[] args) {
	logger.info("main()");
	try {
	ChangePasswordUtil loader = (ChangePasswordUtil) CLIUtil.getBean(ChangePasswordUtil.class);
	loader.init();
	userPwdArgs=args;
	if (args.length > 4) {
	if ("-default".equalsIgnoreCase(args[args.length-1])) {
	defaultPwdChangeRequest = true;
	}
	while (loader.isMoreToProcess()) {
	loader.load();
	}
	logger.info("Load complete. Exiting!!!");
	System.exit(0);
	} else if (args.length == 3 \|\| args.length == 4) {
	userLoginId = args[0];
	currentPassword = args[1];
	newPassword = args[2];
	if (args.length == 4) {
	if ("-default".equalsIgnoreCase(args[3])) {
	defaultPwdChangeRequest = true;
	}
	}
	if (StringUtils.isEmpty(userLoginId)) {
	System.out.println("Invalid login ID. Exiting!!!");
	logger.info("Invalid login ID. Exiting!!!");
	System.exit(1);
	}
	if (StringUtils.isEmpty(currentPassword)) {
	System.out.println("Invalid current password. Exiting!!!");
	logger.info("Invalid current password. Exiting!!!");
	System.exit(1);
	}
	if (StringUtils.isEmpty(newPassword)) {
	System.out.println("Invalid new password. Exiting!!!");
	logger.info("Invalid new password. Exiting!!!");
	System.exit(1);
	}
	while (loader.isMoreToProcess()) {
	loader.load();
	}
	logger.info("Load complete. Exiting!!!");
	System.exit(0);
	} else {
	System.out.println(
	"ChangePasswordUtil: Incorrect Arguments \n Usage: \n <loginId> <current-password> <new-password>");
	logger.error(
	"ChangePasswordUtil: Incorrect Arguments \n Usage: \n <loginId> <current-password> <new-password>");
	System.exit(1);
	}
	} catch (Exception e) {
	logger.error("Error loading", e);
	System.exit(1);
	}
	}

	@Override
	public void init() throws Exception {
	}

	@Override
	public void printStats() {
	}

	@Override
	public void execLoad() {
	logger.info("==> ChangePasswordUtil.execLoad()");
	if(userPwdArgs.length>4) {
	updateMultiplePasswords();
	}else {
	updateAdminPassword();
	}
	logger.info("<== ChangePasswordUtil.execLoad()");
	}

	public void updateAdminPassword() {
	XXPortalUser xPortalUser = daoMgr.getXXPortalUser().findByLoginId(userLoginId);
	if (xPortalUser != null) {
	String dbPassword = xPortalUser.getPassword();
	String currentEncryptedPassword = null;
	String md5EncryptedPassword = null;
	try {
	currentEncryptedPassword = userMgr.encrypt(userLoginId, currentPassword);
	if (currentEncryptedPassword.equals(dbPassword)) {
	validatePassword(newPassword);
	userMgr.updatePasswordInSHA256(userLoginId, newPassword, true);
	logger.info("User '" + userLoginId + "' Password updated sucessfully.");
	}
	else if (!currentEncryptedPassword.equals(dbPassword) && defaultPwdChangeRequest) {
	logger.info("current encryped password is not equal to dbpassword , trying with md5 now");
	md5EncryptedPassword = userMgr.encryptWithOlderAlgo(userLoginId, currentPassword);
	if (md5EncryptedPassword.equals(dbPassword)) {
	validatePassword(newPassword);
	userMgr.updatePasswordInSHA256(userLoginId, newPassword, true);
	logger.info("User '" + userLoginId + "' Password updated sucessfully.");
	} else {
	System.out.println(
	"Skipping default password change request as provided password doesn't match with existing password.");
	logger.error(
	"Skipping default password change request as provided password doesn't match with existing password.");
	System.exit(2);
	}
	} else {
	System.out.println("Invalid user password");
	logger.error("Invalid user password");
	System.exit(1);
	}
	} catch (Exception e) {
	logger.error("Update Admin Password failure. Detail: \n", e);
	System.exit(1);
	}
	} else {
	System.out.println("User does not exist in DB!!");
	logger.error("User does not exist in DB");
	System.exit(1);
	}
	}

	public void updateMultiplePasswords() {
	for (int i=0; i<userPwdArgs.length ; i+=3) {
	if ("-default".equalsIgnoreCase(userPwdArgs[i])) {
	continue;
	}
	String userLoginIdTemp=userPwdArgs[i];
	String currentPasswordTemp=userPwdArgs[i+1];
	String newPasswordTemp=userPwdArgs[i+2];
	if (StringUtils.isEmpty(userLoginIdTemp)) {
	System.out.println("Invalid login ID. Exiting!!!");
	logger.info("Invalid login ID. Exiting!!!");
	System.exit(1);
	}
	if (StringUtils.isEmpty(currentPasswordTemp)) {
	System.out.println("Invalid current password. Exiting!!!");
	logger.info("Invalid current password. Exiting!!!");
	System.exit(1);
	}
	if (StringUtils.isEmpty(newPasswordTemp)) {
	System.out.println("Invalid new password. Exiting!!!");
	logger.info("Invalid new password. Exiting!!!");
	System.exit(1);
	}
	XXPortalUser xPortalUser = daoMgr.getXXPortalUser().findByLoginId(userLoginIdTemp);
	if (xPortalUser != null) {
	String dbPassword = xPortalUser.getPassword();
	String currentEncryptedPassword = null;
	String md5EncryptedPassword = null;
	try {
	currentEncryptedPassword = userMgr.encrypt(userLoginIdTemp, currentPasswordTemp);
	if (currentEncryptedPassword.equals(dbPassword)) {
	validatePassword(newPasswordTemp);
	userMgr.updatePasswordInSHA256(userLoginIdTemp, newPasswordTemp, true);
	logger.info("User '" + userLoginIdTemp + "' Password updated sucessfully.");
	} else if (!currentEncryptedPassword.equals(dbPassword) && defaultPwdChangeRequest) {
	logger.info("current encryped password is not equal to dbpassword , trying with md5 now");
	md5EncryptedPassword = userMgr.encryptWithOlderAlgo(userLoginIdTemp, currentPasswordTemp);
	if (md5EncryptedPassword.equals(dbPassword)) {
	validatePassword(newPasswordTemp);
	userMgr.updatePasswordInSHA256(userLoginIdTemp, newPasswordTemp, true);
	logger.info("User '" + userLoginIdTemp + "' Password updated sucessfully.");
	} else {
	System.out.println(
	"Skipping default password change request as provided password doesn't match with existing password.");
	logger.error(
	"Skipping default password change request as provided password doesn't match with existing password.");
	System.exit(2);
	}
	} else {
	System.out.println("Invalid user password");
	logger.error("Invalid user password");
	System.exit(1);
	break;
	}
	} catch (Exception e) {
	logger.error("Update Admin Password failure. Detail: \n", e);
	System.exit(1);
	break;
	}
	} else {
	System.out.println("User does not exist in DB!!");
	logger.error("User does not exist in DB");
	System.exit(1);
	break;
	}
	}
	}

	private void validatePassword(String newPassword) {
	boolean checkPassword = false;
	if (newPassword != null) {
	String pattern = "(?=.[0-9])(?=.[a-zA-Z]).{8,}";
	checkPassword = newPassword.trim().matches(pattern);
	if (!checkPassword) {
	logger.error(
	"validatePassword(). Password should be minimum 8 characters with minimum one alphabet and one numeric.");
	System.out.println(
	"validatePassword(). Password should be minimum 8 characters with minimum one alphabet and one numeric.");
	throw restErrorUtil.createRESTException("serverMsg.changePasswordValidatePassword",
	MessageEnums.INVALID_PASSWORD, null,
	"Password should be minimum 8 characters with minimum one alphabet and one numeric", null);
	}
	} else {
	logger.error("validatePassword(). Password cannot be blank/null.");
	System.out.println("validatePassword(). Password cannot be blank/null.");
	throw restErrorUtil.createRESTException("serverMsg.changePasswordValidatePassword",
	MessageEnums.INVALID_PASSWORD, null, "Password cannot be blank/null", null);
	}
	}

	}