View Javadoc
1   /**
2    * This file Copyright (c) 2011-2018 Magnolia International
3    * Ltd.  (http://www.magnolia-cms.com). All rights reserved.
4    *
5    *
6    * This file is dual-licensed under both the Magnolia
7    * Network Agreement and the GNU General Public License.
8    * You may elect to use one or the other of these licenses.
9    *
10   * This file is distributed in the hope that it will be
11   * useful, but AS-IS and WITHOUT ANY WARRANTY; without even the
12   * implied warranty of MERCHANTABILITY or FITNESS FOR A
13   * PARTICULAR PURPOSE, TITLE, or NONINFRINGEMENT.
14   * Redistribution, except as permitted by whichever of the GPL
15   * or MNA you select, is prohibited.
16   *
17   * 1. For the GPL license (GPL), you can redistribute and/or
18   * modify this file under the terms of the GNU General
19   * Public License, Version 3, as published by the Free Software
20   * Foundation.  You should have received a copy of the GNU
21   * General Public License, Version 3 along with this program;
22   * if not, write to the Free Software Foundation, Inc., 51
23   * Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
24   *
25   * 2. For the Magnolia Network Agreement (MNA), this file
26   * and the accompanying materials are made available under the
27   * terms of the MNA which accompanies this distribution, and
28   * is available at http://www.magnolia-cms.com/mna.html
29   *
30   * Any modifications to this file must keep this entire header
31   * intact.
32   *
33   */
34  package info.magnolia.setup;
35  
36  import info.magnolia.cms.core.Content;
37  import info.magnolia.cms.security.SecurityUtil;
38  import info.magnolia.jcr.util.NodeTypes;
39  import info.magnolia.module.InstallContext;
40  import info.magnolia.module.delta.AllChildrenNodesOperation;
41  import info.magnolia.module.delta.TaskExecutionException;
42  import info.magnolia.repository.RepositoryConstants;
43  
44  import java.io.UnsupportedEncodingException;
45  
46  import javax.jcr.RepositoryException;
47  
48  import org.apache.commons.codec.binary.Base64;
49  import org.apache.commons.lang3.StringUtils;
50  import org.slf4j.Logger;
51  import org.slf4j.LoggerFactory;
52  
53  /**
54   * Task to encrypt base64 encoded passwords. Will skip all non-base64 entries.
55   *
56   * @deprecated since 5.6.
57   */
58  @Deprecated
59  public final class HashUsersPasswords extends AllChildrenNodesOperation {
60  
61      private static final Logger log = LoggerFactory.getLogger(HashUsersPasswords.class);
62  
63      private static final Content.ContentFilter filter = new Content.ContentFilter() {
64  
65          @Override
66          public boolean accept(Content content) {
67              String type;
68              try {
69                  type = content.getNodeTypeName();
70              } catch (RepositoryException e) {
71                  return false;
72              }
73              return NodeTypes.Folder.NAME.equals(type) || NodeTypes.User.NAME.equals(type);
74          }
75      };
76  
77      public HashUsersPasswords(String name, String description, String repositoryName, String parentNodePath) {
78          super(name, description, repositoryName, parentNodePath, filter);
79      }
80  
81      public HashUsersPasswords() {
82          this("/");
83      }
84  
85      public HashUsersPasswords(String path) {
86          this("Hash Passwords", "Hash all user passwords", RepositoryConstants.USERS, path);
87      }
88  
89      @Override
90      protected void operateOnChildNode(Content node, InstallContext ctx) throws RepositoryException, TaskExecutionException {
91          if (NodeTypes.User.NAME.equals(node.getNodeTypeName())) {
92              String encodedPassword = node.getNodeData("pswd").getString();
93  
94              if (StringUtils.isNotBlank(encodedPassword)) {
95                  byte[] pwdBytes;
96                  try {
97                      pwdBytes = encodedPassword.getBytes("UTF-8");
98                  } catch (UnsupportedEncodingException e) {
99                      String message = node.getName() + " password could not be hashed. User might need to reset the password before logging again.";
100                     log.warn(message);
101                     ctx.warn(message);
102                     pwdBytes = encodedPassword.getBytes();
103                 }
104                 if (Base64.isArrayByteBase64(pwdBytes)) {
105                     String pwd = new String(Base64.decodeBase64(pwdBytes));
106                     String hashedPwd = SecurityUtil.getBCrypt(pwd);
107                     node.setNodeData("pswd", hashedPwd);
108                 }
109             }
110         } else {
111             // AllChildrennodeOp is not recursive!
112             for (Content child : node.getChildren(filter)) {
113                 operateOnChildNode(child, ctx);
114             }
115         }
116     }
117 }