Creates set password route, closes #11

mxmeinhold · mxmeinhold · commit 561d8141acdb · 2018-12-30T11:02:45.000-05:00
diff --git a/src/main/java/api/Controller.java b/src/main/java/api/Controller.java
@@ -52,4 +52,8 @@ public String dbDeny(@RequestBody Map<String, String> body) {
         return man.deny(body.get("database")).asJSON();
     }
 
+    @RequestMapping(value = "/databases/{database}/users/{username}/password", method = RequestMethod.GET, produces = "application/json")
+    public String resetPassword(@PathVariable(value = "database") String database, @PathVariable(value = "username") String username) {
+        return man.setPassword(database, username).asJSON();
+    }
 }
diff --git a/src/main/java/dbconn/DatabaseManager.java b/src/main/java/dbconn/DatabaseManager.java
@@ -22,9 +22,18 @@ public interface DatabaseManager {
     void delete(String dbName);
 
 
+    // TODO consider throwing error if failure occurs
+    /**
+     * Sets the user's password for the database
+     * @param dbName the database the user belongs to
+     * @param username the name of the user
+     * @param password the password to set
+     */
+    void setPassword(String dbName, String username, String password);
+
+
     /**
      * Closes the connection to the database.
      */
     void close();
-    
 }
diff --git a/src/main/java/dbconn/ManagerManager.java b/src/main/java/dbconn/ManagerManager.java
@@ -44,6 +44,8 @@ public class ManagerManager {
     private PreparedStatement deleteDBUsersStmt;
     /** Approves a database request. Param 1: dbName */
     private PreparedStatement approveStmt;
+    /** Resets a user password. Param: 1: date, 2: user */
+    private PreparedStatement setPassStmt;
 
     /** The connection object for the manager's sql db. */
     private Connection managerConnection;
@@ -104,6 +106,9 @@ public ManagerManager() {
             String approveDB = "update databases set approved=true where name=?";
             approveStmt = managerConnection.prepareStatement(approveDB);
 
+            String setPassword = "update users set last_reset=? where username=? and database=?";
+            setPassStmt = managerConnection.prepareStatement(setPassword);
+
         } catch (SQLException e) {
             // TODO report this in some way? Maybe email someone....
             System.err.println("Manager DB errored while connecting");
@@ -187,7 +192,6 @@ private Message create(String dbName) {
         try {
             String password = "";
             getDBAndPoolStmt.setString(1, dbName);
-            System.out.println(dbName);
             ResultSet db = getDBAndPoolStmt.executeQuery();
             db.next();
             if(db.getBoolean("approved")) {
@@ -329,6 +333,46 @@ public Message request(int poolID, String name, String purpose, int type) {
     }
 
 
+    /**
+     * Resets a users password
+     * @param database the database the user belongs to
+     * @param username the username of the user
+     * @return a Message containing either the password or an error
+     */
+    public Message setPassword(String database, String username) {
+        String password = Password.getPassword();
+
+        try {
+            setPassStmt.setDate(1, new Date(new java.util.Date().getTime()));
+            setPassStmt.setString(2, username);
+            setPassStmt.setString(3, database);
+            setPassStmt.execute();
+
+            getDBAndPoolStmt.setString(1, database);
+            ResultSet db = getDBAndPoolStmt.executeQuery();
+            if(!db.next())
+                return new Message("No db found", Message.Type.ERROR);
+
+            switch(db.getInt("type")) {
+                case 0: // Mongo
+                    mongo.setPassword(database, username, password);
+                    break;
+                case 1: // Postgres
+                    break;
+                case 2: // MySQL
+                    break;
+                default:
+                    return new Message("Unknown database type", Message.Type.ERROR);
+            }
+        } catch (SQLException e) {
+            e.printStackTrace();
+            return new Message("Failed to set password.", Message.Type.ERROR);
+        }
+
+        return new Message(password, Message.Type.SUCCESS);
+    }
+
+
     /**
      * Closes DEaDASS by calling close all of the database connections.
      */
diff --git a/src/main/java/dbconn/mongo/MongoManager.java b/src/main/java/dbconn/mongo/MongoManager.java
@@ -4,6 +4,7 @@
 import com.mongodb.client.MongoClient;
 import com.mongodb.client.MongoClients;
 import com.mongodb.client.MongoDatabase;
+import org.bson.BsonDocument;
 
 import java.util.Collections;
 
@@ -51,6 +52,15 @@ public void delete(String dbName) {
     }
 
 
+    /** Overwrites a user's password without modifying roles. */
+    @Override
+    public void setPassword(String dbName, String username, String password) {
+        MongoDatabase db = server.getDatabase(dbName);
+        final BasicDBObject setPasswordCommand = new BasicDBObject("updateUser", username).append("pwd", password);
+        db.runCommand(setPasswordCommand);
+    }
+
+
     /**
      * Closes connections to the database server.
      */

Original file line number	Diff line number	Diff line change
`@@ -52,4 +52,8 @@ public String dbDeny(@RequestBody Map<String, String> body) {`
`52`	`52`	`return man.deny(body.get("database")).asJSON();`
`53`	`53`	`}`
`54`	`54`
	`55`	`+ @RequestMapping(value = "/databases/{database}/users/{username}/password", method = RequestMethod.GET, produces = "application/json")`
	`56`	`+ public String resetPassword(@PathVariable(value = "database") String database, @PathVariable(value = "username") String username) {`
	`57`	`+ return man.setPassword(database, username).asJSON();`
	`58`	`+ }`
`55`	`59`	`}`