From 411186b81b18da08eb9139a3239ab9d1e8892991 Mon Sep 17 00:00:00 2001
From: INOPIAE <m.maengel@inopiae.de>
Date: Sun, 15 Sep 2019 11:40:01 +0200
Subject: [PATCH] add: password reset after certificate login

fixes issue #173

Change-Id: If92565d0747ea2b10fa64066ca8ce7be79e46f27
---
 src/club/wpia/gigi/dbObjects/User.java           |  2 +-
 src/club/wpia/gigi/pages/account/ChangeForm.java | 16 ++++++++++++++--
 .../gigi/pages/account/ChangePasswordForm.templ  |  2 ++
 .../gigi/pages/account/TestChangePassword.java   | 15 +++++++++++++++
 4 files changed, 32 insertions(+), 3 deletions(-)

diff --git a/src/club/wpia/gigi/dbObjects/User.java b/src/club/wpia/gigi/dbObjects/User.java
index e3beaf86..4612d033 100644
--- a/src/club/wpia/gigi/dbObjects/User.java
+++ b/src/club/wpia/gigi/dbObjects/User.java
@@ -209,7 +209,7 @@ public class User extends CertificateOwner {
         setPassword(newPass);
     }
 
-    private void setPassword(String newPass) throws GigiApiException {
+    public void setPassword(String newPass) throws GigiApiException {
         Name[] names = getNames();
         TreeSet<String> nameParts = new TreeSet<>();
         for (int i = 0; i < names.length; i++) {
diff --git a/src/club/wpia/gigi/pages/account/ChangeForm.java b/src/club/wpia/gigi/pages/account/ChangeForm.java
index de2a182d..590597b4 100644
--- a/src/club/wpia/gigi/pages/account/ChangeForm.java
+++ b/src/club/wpia/gigi/pages/account/ChangeForm.java
@@ -11,20 +11,28 @@ import club.wpia.gigi.localisation.Language;
 import club.wpia.gigi.output.template.Form;
 import club.wpia.gigi.output.template.Template;
 import club.wpia.gigi.output.template.TranslateCommand;
+import club.wpia.gigi.pages.LoginPage;
+import club.wpia.gigi.util.AuthorizationContext;
 
 public class ChangeForm extends Form {
 
     private User target;
 
+    private AuthorizationContext c;
+
     public ChangeForm(HttpServletRequest hsr, User target) {
         super(hsr);
         this.target = target;
+        c = LoginPage.getAuthorizationContext(hsr);
     }
 
     private static final Template t = new Template(ChangePasswordPage.class.getResource("ChangePasswordForm.templ"));
 
     @Override
     public void outputContent(PrintWriter out, Language l, Map<String, Object> vars) {
+        if ( !c.isStronglyAuthenticated()) {
+            vars.put("currentLoginMethod", "pw");
+        }
         t.output(out, l, vars);
     }
 
@@ -34,14 +42,18 @@ public class ChangeForm extends Form {
         String p1 = req.getParameter("pword1");
         String p2 = req.getParameter("pword2");
         GigiApiException error = new GigiApiException();
-        if (oldpassword == null || p1 == null || p2 == null) {
+        if ((oldpassword == null && !c.isStronglyAuthenticated()) || p1 == null || p2 == null) {
             throw new GigiApiException("All fields are required.");
         }
         if ( !p1.equals(p2)) {
             throw new GigiApiException("New passwords do not match.");
         }
         try {
-            target.changePassword(oldpassword, p1);
+            if (c.isStronglyAuthenticated()) {
+                target.setPassword(p1);
+            } else {
+                target.changePassword(oldpassword, p1);
+            }
             target.writeUserLog(target, "User triggered password reset");
         } catch (GigiApiException e) {
             error.mergeInto(e);
diff --git a/src/club/wpia/gigi/pages/account/ChangePasswordForm.templ b/src/club/wpia/gigi/pages/account/ChangePasswordForm.templ
index 4c350c56..8725dc3b 100644
--- a/src/club/wpia/gigi/pages/account/ChangePasswordForm.templ
+++ b/src/club/wpia/gigi/pages/account/ChangePasswordForm.templ
@@ -5,10 +5,12 @@
   </tr>
   </thead>
   <tbody>
+  <? if($currentLoginMethod){ ?>
   <tr>
     <td><?=_Old Password?>: </td>
     <td><input class="form-control" type="password" name="oldpassword" required></td>
   </tr>
+  <? } ?>
   <tr>
     <td><?=_New Password?><span class="formMandatory">*</span>: </td>
     <td><input class="form-control" type="password" name="pword1" required></td>
diff --git a/tests/club/wpia/gigi/pages/account/TestChangePassword.java b/tests/club/wpia/gigi/pages/account/TestChangePassword.java
index e18ec02a..73d23c56 100644
--- a/tests/club/wpia/gigi/pages/account/TestChangePassword.java
+++ b/tests/club/wpia/gigi/pages/account/TestChangePassword.java
@@ -107,4 +107,19 @@ public class TestChangePassword extends ClientTest {
 
     }
 
+    @Test
+    public void testChangePasswordCertLogin() throws IOException, GigiApiException {
+        // no cert login
+        String np = URLEncoder.encode(TEST_PASSWORD + "v1", "UTF-8");
+        String error = executeBasicWebInteraction(cookie, path, "pword1=" + np + "&pword2=" + np);
+        assertNotNull(error);
+
+        // cert login
+        cookie = cookieWithCertificateLogin(u);
+        error = executeBasicWebInteraction(cookie, path, "pword1=" + np + "&pword2=" + np);
+        assertNull(error);
+
+        cookie = login(u.getEmail(), TEST_PASSWORD);
+        loginCertificate = null;
+    }
 }
-- 
2.39.2