Make security UI more robust

[lgpl/argeo-commons.git] / security / runtime / org.argeo.security.core / src / main / java / org / argeo / security / core / DefaultSecurityService.java

diff --git a/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/core/DefaultSecurityService.java b/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/core/DefaultSecurityService.java
index d6ff69cc23b549632e26edfbe4f93a7ac081b0ad..b9b85087b31f45c1b15786e918eb2d9f5e60bc29 100644 (file)
--- a/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/core/DefaultSecurityService.java
+++ b/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/core/DefaultSecurityService.java
@@ -59,7 +59,7 @@ public class DefaultSecurityService implements ArgeoSecurityService {
        public void updateUserPassword(String username, String password) {
                SimpleArgeoUser user = new SimpleArgeoUser(
                                securityDao.getUser(username));
-               user.setPassword(password);
+               user.setPassword(securityDao.encodePassword(password));
                securityDao.update(user);
        }
 
@@ -72,14 +72,26 @@ public class DefaultSecurityService implements ArgeoSecurityService {
        }
 
        public void newUser(ArgeoUser user) {
-//             user.getUserNatures().clear();
                argeoSecurity.beforeCreate(user);
+               // normalize password
+               if (user instanceof SimpleArgeoUser) {
+                       if (user.getPassword() == null || user.getPassword().equals(""))
+                               ((SimpleArgeoUser) user).setPassword(securityDao
+                                               .encodePassword(user.getUsername()));
+                       else if (!user.getPassword().startsWith("{"))
+                               ((SimpleArgeoUser) user).setPassword(securityDao
+                                               .encodePassword(user.getPassword()));
+               }
                securityDao.create(user);
        }
 
        public void updateUser(ArgeoUser user) {
-               String password = securityDao.getUserWithPassword(user.getUsername())
-                               .getPassword();
+               String password = user.getPassword();
+               if (password == null)
+                       password = securityDao.getUserWithPassword(user.getUsername())
+                                       .getPassword();
+               if (!password.startsWith("{"))
+                       password = securityDao.encodePassword(user.getPassword());
                SimpleArgeoUser simpleArgeoUser = new SimpleArgeoUser(user);
                simpleArgeoUser.setPassword(password);
                securityDao.update(simpleArgeoUser);