From 1c28723aaf52295a92c5b822f009c1cd7b0c5e55 Mon Sep 17 00:00:00 2001 From: Hector Plahar Date: Fri, 11 Dec 2015 13:42:12 -0800 Subject: [PATCH 1/2] bump version # --- pom.xml | 2 +- src/main/webapp/index.jsp | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/pom.xml b/pom.xml index 2a114f3e5..cb3310ed1 100755 --- a/pom.xml +++ b/pom.xml @@ -4,7 +4,7 @@ org.jbei ice war - 4.5.3 + 4.5.4 ice Inventory of Composable Elements (ICE) for Synthetic Biology diff --git a/src/main/webapp/index.jsp b/src/main/webapp/index.jsp index 67a9377d4..0a311331f 100644 --- a/src/main/webapp/index.jsp +++ b/src/main/webapp/index.jsp @@ -90,7 +90,7 @@
© JBEI ICE Registry v4.5.3
+ class="label label-primary">v4.5.4
All rights reserved.
Submit an Issue  |  Help From 6feb532dff988eb0f31853b744d99cc6665ff550 Mon Sep 17 00:00:00 2001 From: Hector Plahar Date: Mon, 14 Dec 2015 12:51:24 -0800 Subject: [PATCH 2/2] fix for issue #31: admin changing another user's password was changing the admin password instead. Also showing password, when user account is created by an administrator --- .../ice/lib/account/AccountController.java | 30 +++++++------- .../jbei/ice/services/rest/UserResource.java | 19 +++++---- .../webapp/scripts/admin/adminController.js | 10 ++--- src/main/webapp/scripts/admin/users.html | 22 ++++++++-- src/main/webapp/scripts/controllers.js | 5 +-- .../scripts/profile/profile-information.html | 39 ++++++++++++------ .../scripts/profile/profileController.js | 40 ++++++------------- src/main/webapp/scripts/services.js | 4 +- .../lib/account/AccountControllerTest.java | 4 +- 9 files changed, 93 insertions(+), 80 deletions(-) diff --git a/src/main/java/org/jbei/ice/lib/account/AccountController.java b/src/main/java/org/jbei/ice/lib/account/AccountController.java index 8d8ef6743..1feeab138 100755 --- a/src/main/java/org/jbei/ice/lib/account/AccountController.java +++ b/src/main/java/org/jbei/ice/lib/account/AccountController.java @@ -159,27 +159,29 @@ public boolean resetPassword(final String targetEmail) { } /** - * Updates account password associated the account email. It encrypts it before associating it - * with the account + * Updates the specified user account's password * - * @param userId - * @param transfer + * @param userId email of user making change. If it is not the same as the email associated with the + * id, then this account must have administrator privileges + * @param id unique (db) identifier for user whose password is to be changed. + * @param transfer wrapper around new password * @return updated account object + * @throws PermissionException if the account associated with userId and id are not + * the same but the userId does not have administrative privileges */ - public AccountTransfer updatePassword(final String userId, final AccountTransfer transfer) { - final Account userAccount = getByEmail(transfer.getEmail()); - if (userAccount == null) { - throw new IllegalArgumentException("Could not retrieve account by id " - + transfer.getEmail()); + public AccountTransfer updatePassword(String userId, long id, AccountTransfer transfer) throws PermissionException { + Account account = get(id); + if (account == null) { + throw new IllegalArgumentException("Could not retrieve account by id " + id); } - if (!isAdministrator(userId) && !userAccount.getEmail().equalsIgnoreCase(userId)) { - return null; + if (!isAdministrator(userId) && !account.getEmail().equalsIgnoreCase(userId)) { + throw new PermissionException("User " + userId + " does not have permission to change " + + transfer.getEmail() + "'s password"); } - userAccount.setPassword(AccountUtils.encryptNewUserPassword(transfer.getPassword(), - userAccount.getSalt())); - return dao.update(userAccount).toDataTransferObject(); + account.setPassword(AccountUtils.encryptNewUserPassword(transfer.getPassword(), account.getSalt())); + return dao.update(account).toDataTransferObject(); } /** diff --git a/src/main/java/org/jbei/ice/services/rest/UserResource.java b/src/main/java/org/jbei/ice/services/rest/UserResource.java index acb577671..bda119a3f 100644 --- a/src/main/java/org/jbei/ice/services/rest/UserResource.java +++ b/src/main/java/org/jbei/ice/services/rest/UserResource.java @@ -210,11 +210,6 @@ public AccountTransfer update(@Context final UriInfo info, @PathParam("id") fina return controller.updateAccount(user, userId, transfer); } - /** - * @param info - * @param transfer - * @return Response for success or failure - */ @POST @Consumes(MediaType.APPLICATION_JSON) @Produces(MediaType.APPLICATION_JSON) @@ -234,10 +229,12 @@ public Response resetPassword(@Context final UriInfo info, final AccountTransfer @PUT @Consumes(MediaType.APPLICATION_JSON) @Produces(MediaType.APPLICATION_JSON) - @Path("/password") - public AccountTransfer updatePassword(final AccountTransfer transfer) { + @Path("/{id}/password") + public AccountTransfer updatePassword(@PathParam("id") final long userId, + final AccountTransfer transfer) { final String user = getUserId(); - return controller.updatePassword(user, transfer); + log(user, "changing password for user " + userId); + return controller.updatePassword(user, userId, transfer); } /** @@ -247,8 +244,10 @@ public AccountTransfer updatePassword(final AccountTransfer transfer) { @PUT @Consumes(MediaType.APPLICATION_JSON) @Produces(MediaType.APPLICATION_JSON) - public Response createNewUser(final AccountTransfer accountTransfer) { - final AccountTransfer created = controller.createNewAccount(accountTransfer, true); + public Response createNewUser( + @DefaultValue("true") @QueryParam("sendEmail") boolean sendEmail, + final AccountTransfer accountTransfer) { + final AccountTransfer created = controller.createNewAccount(accountTransfer, sendEmail); return super.respond(created); } diff --git a/src/main/webapp/scripts/admin/adminController.js b/src/main/webapp/scripts/admin/adminController.js index a32f71262..475c92344 100644 --- a/src/main/webapp/scripts/admin/adminController.js +++ b/src/main/webapp/scripts/admin/adminController.js @@ -151,7 +151,8 @@ angular.module('ice.admin.controller', []) $scope.submitSetting(booleanSetting); } }) - .controller('AdminTransferredEntriesController', function ($rootScope, $cookieStore, $filter, $location, $scope, Folders, Entry, Util) { + .controller('AdminTransferredEntriesController', function ($rootScope, $cookieStore, $filter, $location, $scope, + Folders, Entry, Util) { $scope.maxSize = 5; $scope.currentPage = 1; $scope.selectedTransferredEntries = []; @@ -314,7 +315,7 @@ angular.module('ice.admin.controller', []) .controller('AdminUserController', function ($rootScope, $scope, $stateParams, $cookieStore, User) { $scope.maxSize = 5; $scope.currentPage = 1; - $scope.newProfile = undefined; + $scope.newProfile = {show: false}; $scope.userListParams = {sort: 'lastName', asc: true, currentPage: 1, status: undefined}; var user = User($cookieStore.get("sessionId")); @@ -336,11 +337,10 @@ angular.module('ice.admin.controller', []) }; $scope.createProfile = function () { + $scope.newProfile.sendEmail = false; user.createUser($scope.newProfile, function (result) { - $scope.showCreateProfile = false; + $scope.newProfile.password = result.password; getUsers(); - }, function (error) { - }) }; diff --git a/src/main/webapp/scripts/admin/users.html b/src/main/webapp/scripts/admin/users.html index 19f70c65f..1b1408703 100644 --- a/src/main/webapp/scripts/admin/users.html +++ b/src/main/webapp/scripts/admin/users.html @@ -1,7 +1,7 @@
- @@ -13,8 +13,24 @@
-
-
+
+
+ Account successfully created +

+ Username: {{newProfile.email}}
+ Password: {{newProfile.password}} +

+ The password can be changed on the profile page. +


+ +    + +
+
+ +
First name *
diff --git a/src/main/webapp/scripts/controllers.js b/src/main/webapp/scripts/controllers.js index 5252f7d71..56410cc61 100755 --- a/src/main/webapp/scripts/controllers.js +++ b/src/main/webapp/scripts/controllers.js @@ -324,7 +324,8 @@ iceControllers.controller('MessageController', function ($scope, $location, $coo }); }); -iceControllers.controller('LoginController', function ($scope, $location, $cookieStore, $cookies, $rootScope, Authentication, Settings, AccessToken) { +iceControllers.controller('LoginController', function ($scope, $location, $cookieStore, $cookies, $rootScope, + Authentication, Settings, AccessToken) { $scope.login = {}; $scope.submit = function () { @@ -369,8 +370,6 @@ iceControllers.controller('LoginController', function ($scope, $location, $cooki $scope.errMsg = "Login failed"; } ); - -// Authentication.login($scope.userId, $scope.userPassword); }; $scope.goToRegister = function () { diff --git a/src/main/webapp/scripts/profile/profile-information.html b/src/main/webapp/scripts/profile/profile-information.html index 238e2c729..f1ef0f892 100644 --- a/src/main/webapp/scripts/profile/profile-information.html +++ b/src/main/webapp/scripts/profile/profile-information.html @@ -66,6 +66,12 @@
+

Change password + Changing another + user's password + +

+
{{changePasswordError}} @@ -73,20 +79,21 @@
- + Password successfully changed
- -
- Current password * -
-
- -
+ + + + + + + + + + +
 
New password * @@ -98,17 +105,23 @@
- Confirm new password + Confirm new password *
+ +

- +
diff --git a/src/main/webapp/scripts/profile/profileController.js b/src/main/webapp/scripts/profile/profileController.js index 0e558e065..e923dda60 100644 --- a/src/main/webapp/scripts/profile/profileController.js +++ b/src/main/webapp/scripts/profile/profileController.js @@ -102,7 +102,7 @@ angular.module('ice.profile.controller', []) var user = User($cookieStore.get('sessionId')); var profileOption = $stateParams.option; - var profileId = $stateParams.id; + var profileId = $scope.userId = $stateParams.id; $scope.savePreference = function (pref) { if (!$scope.preferences[pref.id]) { @@ -219,31 +219,30 @@ angular.module('ice.profile.controller', []) $scope.updatePassword = function () { var pass = $scope.changePass; - console.log(pass); - if (!$scope.changePass || $scope.changePass.current === undefined || !$scope.changePass.current.length) { - $scope.changePasswordError = "Please enter your current password"; - $scope.currentError = true; - return; - } + //if (!$scope.changePass || $scope.changePass.current === undefined || !$scope.changePass.current.length) { + // $scope.changePasswordError = "Please enter your current password"; + // $scope.currentError = true; + // return; + //} // check new password value if (pass.new === undefined || pass.new.length === 0) { - $scope.changePasswordError = "Please enter a new password for your account"; + $scope.changePasswordError = "Please enter a new password"; $scope.newPassError = true; return; } // check for new password confirm value if (pass.new2 === undefined || pass.new2.length === 0) { - $scope.changePasswordError = "Please confirm the new password for your account"; + $scope.changePasswordError = "Please confirm the new password"; $scope.newPass2Error = true; return; } // check for matching password values if (pass.new2 !== pass.new) { - $scope.changePasswordError = "The password for your account does not match"; + $scope.changePasswordError = "Passwords do not match"; $scope.newPassError = true; $scope.newPass2Error = true; return; @@ -252,36 +251,21 @@ angular.module('ice.profile.controller', []) var user = User($cookieStore.get("sessionId")); // validate existing password - var userId = $cookieStore.get('userId'); $scope.passwordChangeSuccess = undefined; $scope.changePasswordError = undefined; -// var userObj = {sessionId:$cookieStore.get("sessionId"), password:$scope.changePass.current, email:userId}; - - // authenticate new password -// user.resetPassword({}, userObj, function (result) { -// if (result == null) { -// $scope.changePasswordError = "Current password is invalid"; -// $scope.currentError = true; -// return; -// } - - user.changePassword({}, - {email: userId, password: pass.new}, + // server call + user.changePassword({userId: $stateParams.id}, {password: pass.new}, function (success) { console.log("password change", success); if (!success) { - $scope.changePasswordError = "There was an error changing your password"; + $scope.changePasswordError = "There was an error changing the password"; } else { $scope.passwordChangeSuccess = true; } }, function (error) { $scope.changePasswordError = "There was an error changing your password"; }); - // change password -// }, function (error) { -// $scope.changePasswordError = "There was an error changing your password"; -// }); }; $scope.updateProfile = function () { diff --git a/src/main/webapp/scripts/services.js b/src/main/webapp/scripts/services.js index bdfa397b8..78b686e4e 100755 --- a/src/main/webapp/scripts/services.js +++ b/src/main/webapp/scripts/services.js @@ -46,7 +46,7 @@ iceServices.factory('Permission', function ($resource, $cookieStore) { iceServices.factory('User', function ($resource) { return function (sessionId) { - return $resource('rest/users', {userId:'@userId', preferenceKey:'@preferenceKey'}, { + return $resource('rest/users', {userId: '@userId', preferenceKey: '@preferenceKey', sendEmail: '@sendEmail'}, { query:{ method:'GET', responseType:"json", @@ -127,7 +127,7 @@ iceServices.factory('User', function ($resource) { changePassword:{ method:'PUT', - url:'rest/users/password', + url: 'rest/users/:userId/password', responseType:'json', headers:{'X-ICE-Authentication-SessionId':sessionId} }, diff --git a/src/test/java/org/jbei/ice/lib/account/AccountControllerTest.java b/src/test/java/org/jbei/ice/lib/account/AccountControllerTest.java index 3e99ee271..c45b8c58c 100755 --- a/src/test/java/org/jbei/ice/lib/account/AccountControllerTest.java +++ b/src/test/java/org/jbei/ice/lib/account/AccountControllerTest.java @@ -72,7 +72,7 @@ public void testUpdatePassword() throws Exception { Account account = AccountCreator.createTestAccount("testUpdatePassword", false); AccountTransfer transfer = account.toDataTransferObject(); transfer.setPassword("p455W0rd"); - controller.updatePassword(account.getEmail(), transfer); + controller.updatePassword(account.getEmail(), transfer.getId(), transfer); } @Test @@ -120,7 +120,7 @@ public void testGetAccountBySessionKey() throws Exception { Account account = AccountCreator.createTestAccount("testGetAccountBySessionKey", false); AccountTransfer transfer = account.toDataTransferObject(); transfer.setPassword("p455W0rd"); - controller.updatePassword(account.getEmail(), transfer); + controller.updatePassword(account.getEmail(), transfer.getId(), transfer); AccountTransfer info = controller.authenticate(new AccountTransfer(account.getEmail(), "p455W0rd")); Assert.assertNotNull(info); Assert.assertFalse(info.getSessionId().isEmpty());