1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34 package info.magnolia.setup;
35
36 import info.magnolia.cms.core.Content;
37 import info.magnolia.cms.security.SecurityUtil;
38 import info.magnolia.jcr.util.NodeTypes;
39 import info.magnolia.module.InstallContext;
40 import info.magnolia.module.delta.AllChildrenNodesOperation;
41 import info.magnolia.module.delta.TaskExecutionException;
42 import info.magnolia.repository.RepositoryConstants;
43
44 import java.io.UnsupportedEncodingException;
45
46 import javax.jcr.RepositoryException;
47
48 import org.apache.commons.codec.binary.Base64;
49 import org.apache.commons.lang3.StringUtils;
50 import org.slf4j.Logger;
51 import org.slf4j.LoggerFactory;
52
53
54
55
56 public final class HashUsersPasswords extends AllChildrenNodesOperation {
57
58 private static final Logger log = LoggerFactory.getLogger(HashUsersPasswords.class);
59
60 private static final Content.ContentFilter filter = new Content.ContentFilter() {
61
62 @Override
63 public boolean accept(Content content) {
64 String type;
65 try {
66 type = content.getNodeTypeName();
67 } catch (RepositoryException e) {
68 return false;
69 }
70 return NodeTypes.Folder.NAME.equals(type) || NodeTypes.User.NAME.equals(type);
71 }
72 };
73
74 public HashUsersPasswords(String name, String description, String repositoryName, String parentNodePath) {
75 super(name, description, repositoryName, parentNodePath, filter);
76 }
77
78 public HashUsersPasswords() {
79 this("/");
80 }
81
82 public HashUsersPasswords(String path) {
83 this("Hash Passwords", "Hash all user passwords", RepositoryConstants.USERS, path);
84 }
85
86 @Override
87 protected void operateOnChildNode(Content node, InstallContext ctx) throws RepositoryException, TaskExecutionException {
88 if (NodeTypes.User.NAME.equals(node.getNodeTypeName())) {
89 String encodedPassword = node.getNodeData("pswd").getString();
90
91 if (StringUtils.isNotBlank(encodedPassword)) {
92 byte[] pwdBytes;
93 try {
94 pwdBytes = encodedPassword.getBytes("UTF-8");
95 } catch (UnsupportedEncodingException e) {
96 String message = node.getName() + " password could not be hashed. User might need to reset the password before logging again.";
97 log.warn(message);
98 ctx.warn(message);
99 pwdBytes = encodedPassword.getBytes();
100 }
101 if (Base64.isArrayByteBase64(pwdBytes)) {
102 String pwd = new String(Base64.decodeBase64(pwdBytes));
103 String hashedPwd = SecurityUtil.getBCrypt(pwd);
104 node.setNodeData("pswd", hashedPwd);
105 }
106 }
107 } else {
108
109 for (Content child : node.getChildren(filter)) {
110 operateOnChildNode(child, ctx);
111 }
112 }
113 }
114 }