X-Git-Url: https://git.argeo.org/?a=blobdiff_plain;f=security%2Fruntime%2Forg.argeo.security.core%2Fsrc%2Fmain%2Fjava%2Forg%2Fargeo%2Fsecurity%2Fcore%2FDefaultCurrentUserService.java;h=8e330cb11a1a0062da588fb03f1ab4d2a72e6534;hb=8b78007039ccb1f19d498742a64cf62435e8b093;hp=49e9efe5d94910711c54a5ce4064030833c7c734;hpb=977a7a352131b082a98739f15e421f2bff747567;p=lgpl%2Fargeo-commons.git diff --git a/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/core/DefaultCurrentUserService.java b/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/core/DefaultCurrentUserService.java index 49e9efe5d..8e330cb11 100644 --- a/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/core/DefaultCurrentUserService.java +++ b/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/core/DefaultCurrentUserService.java @@ -16,30 +16,18 @@ package org.argeo.security.core; -import java.security.NoSuchAlgorithmException; -import java.security.SecureRandom; import java.util.Map; -import java.util.Random; -import org.argeo.ArgeoException; import org.argeo.security.ArgeoUser; import org.argeo.security.CurrentUserDao; import org.argeo.security.CurrentUserService; -import org.argeo.security.SimpleArgeoUser; import org.argeo.security.UserNature; -import org.springframework.security.providers.encoding.PasswordEncoder; +@Deprecated public class DefaultCurrentUserService implements CurrentUserService { private CurrentUserDao currentUserDao; - private PasswordEncoder passwordEncoder; - private Random random; public DefaultCurrentUserService() { - try { - random = SecureRandom.getInstance("SHA1PRNG"); - } catch (NoSuchAlgorithmException e) { - random = new Random(System.currentTimeMillis()); - } } public ArgeoUser getCurrentUser() { @@ -52,18 +40,7 @@ public class DefaultCurrentUserService implements CurrentUserService { } public void updateCurrentUserPassword(String oldPassword, String newPassword) { - SimpleArgeoUser user = new SimpleArgeoUser(getCurrentUser()); - if (!passwordEncoder.isPasswordValid(user.getPassword(), oldPassword, - null)) - throw new ArgeoException("Old password is not correct."); - user.setPassword(encodePassword(newPassword)); - currentUserDao.updateUser(user); - } - - protected String encodePassword(String password) { - byte[] salt = new byte[16]; - random.nextBytes(salt); - return passwordEncoder.encodePassword(password, salt); + currentUserDao.updateCurrentUserPassword(oldPassword, newPassword); } public void updateCurrentUserNatures(Map userNatures) { @@ -74,9 +51,4 @@ public class DefaultCurrentUserService implements CurrentUserService { public void setCurrentUserDao(CurrentUserDao dao) { this.currentUserDao = dao; } - - public void setPasswordEncoder(PasswordEncoder passwordEncoder) { - this.passwordEncoder = passwordEncoder; - } - }