From a88b6edf662b2a63dd1b43a1b5a2e4ff196dc7ed Mon Sep 17 00:00:00 2001
From: Robert von Burg <eitch@eitchnet.ch>
Date: Mon, 22 Feb 2021 23:16:59 +0100
Subject: [PATCH] [New] Added clear user password REST API and service

---
 .../rest/endpoint/PrivilegeUsersService.java  | 36 +++++++++-
 .../users/ClearUserPasswordService.java       | 67 +++++++++++++++++++
 2 files changed, 102 insertions(+), 1 deletion(-)
 create mode 100644 li.strolch.service/src/main/java/li/strolch/service/privilege/users/ClearUserPasswordService.java

diff --git a/li.strolch.rest/src/main/java/li/strolch/rest/endpoint/PrivilegeUsersService.java b/li.strolch.rest/src/main/java/li/strolch/rest/endpoint/PrivilegeUsersService.java
index 2ab4e08ee..711b1c078 100644
--- a/li.strolch.rest/src/main/java/li/strolch/rest/endpoint/PrivilegeUsersService.java
+++ b/li.strolch.rest/src/main/java/li/strolch/rest/endpoint/PrivilegeUsersService.java
@@ -134,7 +134,8 @@ public class PrivilegeUsersService {
 			tx.getPrivilegeContext().assertHasPrivilege(PRIVILEGE_GET_USER);
 
 			UserRep user = privilegeHandler.getUser(cert, username);
-			return Response.ok(user.accept(new PrivilegeElementToJsonVisitor()).toString(), MediaType.APPLICATION_JSON).build();
+			return Response.ok(user.accept(new PrivilegeElementToJsonVisitor()).toString(), MediaType.APPLICATION_JSON)
+					.build();
 		}
 	}
 
@@ -331,6 +332,39 @@ public class PrivilegeUsersService {
 		}
 	}
 
+	@DELETE
+	@Produces(MediaType.APPLICATION_JSON)
+	@Path("{username}/password")
+	public Response clearUserPassword(@PathParam("username") String username, @Context HttpServletRequest request) {
+		Certificate cert = (Certificate) request.getAttribute(StrolchRestfulConstants.STROLCH_CERTIFICATE);
+
+		try {
+
+			ServiceHandler svcHandler = RestfulStrolchComponent.getInstance().getComponent(ServiceHandler.class);
+			ClearUserPasswordService svc = new ClearUserPasswordService();
+			PrivilegeUserNameArgument arg = svc.getArgumentInstance();
+			arg.username = username;
+
+			ServiceResult svcResult = svcHandler.doService(cert, svc, arg);
+			if (svcResult.isNok())
+				return ResponseUtil.toResponse(svcResult);
+
+			// if user changes their own password, then invalidate the session
+			if (cert.getUsername().equals(username)) {
+				StrolchSessionHandler sessionHandler = RestfulStrolchComponent.getInstance().getSessionHandler();
+				sessionHandler.invalidate(cert);
+			}
+
+			return ResponseUtil.toResponse();
+
+		} catch (Exception e) {
+			logger.error(e.getMessage(), e);
+			String msg = e.getMessage();
+			return ResponseUtil.toResponse("Failed to clear password: ",
+					MessageFormat.format("{0}: {1}", e.getClass().getName(), msg));
+		}
+	}
+
 	private Response handleServiceResult(PrivilegeUserResult svcResult) {
 		if (svcResult.isOk()) {
 			UserRep userRep = svcResult.getUser();
diff --git a/li.strolch.service/src/main/java/li/strolch/service/privilege/users/ClearUserPasswordService.java b/li.strolch.service/src/main/java/li/strolch/service/privilege/users/ClearUserPasswordService.java
new file mode 100644
index 000000000..24bae7f7d
--- /dev/null
+++ b/li.strolch.service/src/main/java/li/strolch/service/privilege/users/ClearUserPasswordService.java
@@ -0,0 +1,67 @@
+/*
+ * Copyright 2015 Robert von Burg <eitch@eitchnet.ch>
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package li.strolch.service.privilege.users;
+
+import li.strolch.model.audit.AccessType;
+import li.strolch.model.audit.Audit;
+import li.strolch.persistence.api.StrolchTransaction;
+import li.strolch.privilege.handler.PrivilegeHandler;
+import li.strolch.runtime.StrolchConstants.StrolchPrivilegeConstants;
+import li.strolch.service.api.AbstractService;
+import li.strolch.service.api.ServiceResult;
+import li.strolch.service.api.ServiceResultState;
+
+/**
+ * @author Robert von Burg <eitch@eitchnet.ch>
+ */
+public class ClearUserPasswordService extends AbstractService<PrivilegeUserNameArgument, ServiceResult> {
+
+	@Override
+	protected ServiceResult getResultInstance() {
+		return new ServiceResult(ServiceResultState.FAILED);
+	}
+
+	@Override
+	public PrivilegeUserNameArgument getArgumentInstance() {
+		return new PrivilegeUserNameArgument();
+	}
+
+	@Override
+	protected ServiceResult internalDoService(PrivilegeUserNameArgument arg) throws Exception {
+
+		try (StrolchTransaction tx = openArgOrUserTx(arg, PrivilegeHandler.PRIVILEGE_SET_USER_PASSWORD)) {
+			tx.setSuppressAudits(true);
+
+			li.strolch.runtime.privilege.PrivilegeHandler strolchPrivilegeHandler = getContainer()
+					.getPrivilegeHandler();
+			PrivilegeHandler privilegeHandler = strolchPrivilegeHandler.getPrivilegeHandler();
+			privilegeHandler.setUserPassword(getCertificate(), arg.username, null);
+
+			// only persist if not setting own password
+			if (!getCertificate().getUsername().equals(arg.username) && getPrivilegeContext().getPrivilegeNames()
+					.contains(PrivilegeHandler.PRIVILEGE_ACTION_PERSIST)) {
+				privilegeHandler.persist(getCertificate());
+			}
+
+			Audit audit = tx
+					.auditFrom(AccessType.UPDATE, StrolchPrivilegeConstants.PRIVILEGE, StrolchPrivilegeConstants.USER,
+							arg.username);
+			tx.getAuditTrail().add(tx, audit);
+		}
+
+		return ServiceResult.success();
+	}
+}