X-Git-Url: https://git.argeo.org/?a=blobdiff_plain;f=security%2Fruntime%2Forg.argeo.security.core%2Fsrc%2Fmain%2Fjava%2Forg%2Fargeo%2Fsecurity%2Fcore%2FDefaultSecurityService.java;h=b9220b2692af7305657593944012b950cc96754c;hb=ab4dcfd6237c3f2064e63b3e6bb1a740f0a56e2c;hp=28f399f5a240078f2d8ef4531926cab390380909;hpb=490d9907457c43acfa965e7979ce5974bc1ba6ca;p=lgpl%2Fargeo-commons.git

diff --git a/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/core/DefaultSecurityService.java b/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/core/DefaultSecurityService.java
index 28f399f5a..b9220b269 100644
--- a/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/core/DefaultSecurityService.java
+++ b/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/core/DefaultSecurityService.java
@@ -36,6 +36,15 @@ public class DefaultSecurityService implements ArgeoSecurityService {
 
 	private String systemAuthenticationKey;
 
+	public ArgeoUser getCurrentUser() {
+		ArgeoUser argeoUser = ArgeoUserDetails.securityContextUser();
+		if (argeoUser == null)
+			return null;
+		if (argeoUser.getRoles().contains(securityDao.getDefaultRole()))
+			argeoUser.getRoles().remove(securityDao.getDefaultRole());
+		return argeoUser;
+	}
+
 	public ArgeoSecurityDao getSecurityDao() {
 		return securityDao;
 	}
@@ -45,17 +54,17 @@ public class DefaultSecurityService implements ArgeoSecurityService {
 	}
 
 	public void updateUserPassword(String username, String password) {
-		SimpleArgeoUser user = new SimpleArgeoUser(securityDao
-				.getUser(username));
+		SimpleArgeoUser user = new SimpleArgeoUser(
+				securityDao.getUser(username));
 		user.setPassword(password);
 		securityDao.update(user);
 	}
 
 	public void updateCurrentUserPassword(String oldPassword, String newPassword) {
-		SimpleArgeoUser user = new SimpleArgeoUser(securityDao.getCurrentUser());
-		if (!user.getPassword().equals(oldPassword))
+		SimpleArgeoUser user = new SimpleArgeoUser(getCurrentUser());
+		if (!securityDao.isPasswordValid(user.getPassword(), oldPassword))
 			throw new ArgeoException("Old password is not correct.");
-		user.setPassword(newPassword);
+		user.setPassword(securityDao.encodePassword(newPassword));
 		securityDao.update(user);
 	}
 
@@ -122,5 +131,4 @@ public class DefaultSecurityService implements ArgeoSecurityService {
 	public void setSystemAuthenticationKey(String systemAuthenticationKey) {
 		this.systemAuthenticationKey = systemAuthenticationKey;
 	}
-
 }