Repository: ranger Updated Branches: refs/heads/ranger-1.1 4550f7ffd -> 737ec9969
RANGER-2279: Reduce the time spent changing passwords during Ranger Admin start Project: http://git-wip-us.apache.org/repos/asf/ranger/repo Commit: http://git-wip-us.apache.org/repos/asf/ranger/commit/737ec996 Tree: http://git-wip-us.apache.org/repos/asf/ranger/tree/737ec996 Diff: http://git-wip-us.apache.org/repos/asf/ranger/diff/737ec996 Branch: refs/heads/ranger-1.1 Commit: 737ec99695c7256e908ab79418708c0be526f485 Parents: 4550f7f Author: Pradeep <prad...@apache.org> Authored: Tue Nov 6 18:38:35 2018 +0530 Committer: Pradeep <prad...@apache.org> Committed: Wed Nov 14 19:25:03 2018 +0530 ---------------------------------------------------------------------- security-admin/scripts/db_setup.py | 534 ++++++++++++++++++- security-admin/scripts/setup.sh | 91 ++-- .../patch/cliutil/ChangePasswordUtil.java | 191 +++++-- 3 files changed, 718 insertions(+), 98 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/ranger/blob/737ec996/security-admin/scripts/db_setup.py ---------------------------------------------------------------------- diff --git a/security-admin/scripts/db_setup.py b/security-admin/scripts/db_setup.py index f84c8ca..73b24ac 100644 --- a/security-admin/scripts/db_setup.py +++ b/security-admin/scripts/db_setup.py @@ -703,6 +703,109 @@ class MysqlConf(BaseDB): log("[E] Ranger "+ userName +" default password change request failed", "error") sys.exit(1) + def change_all_admin_default_password(self, xa_db_host, db_user, db_password, db_name,userPwdArray): + userPwdString ="" + if len(userPwdArray)>5: + for j in range(len(userPwdArray)): + if str(userPwdArray[j]) == "-pair": + userPwdString= userPwdString + " \"" + userPwdArray[j+1] + "\" \"" + userPwdArray[j+2] + "\" \"" + userPwdArray[j+3] +"\"" + + userName = "all admins" + className = "ChangePasswordUtil" + version = "DEFAULT_ALL_ADMIN_UPDATE" + app_home = os.path.join(RANGER_ADMIN_HOME,"ews","webapp") + ranger_log = os.path.join(RANGER_ADMIN_HOME,"ews","logs") + filePath = os.path.join(app_home,"WEB-INF","classes","org","apache","ranger","patch","cliutil","ChangePasswordUtil.class") + if os.path.exists(filePath): + if version != "": + get_cmd = self.get_jisql_cmd(db_user, db_password, db_name) + if is_unix: + query = get_cmd + " -query \"select version from x_db_version_h where version = '%s' and active = 'Y';\"" %(version) + elif os_name == "WINDOWS": + query = get_cmd + " -query \"select version from x_db_version_h where version = '%s' and active = 'Y';\" -c ;" %(version) + jisql_log(query, db_password) + output = check_output(query) + if output.strip(version + " |"): + log("[I] Ranger "+ userName +" default password has already been changed!!","info") + else: + if is_unix: + query = get_cmd + " -query \"select version from x_db_version_h where version = '%s' and active = 'N';\"" %(version) + elif os_name == "WINDOWS": + query = get_cmd + " -query \"select version from x_db_version_h where version = '%s' and active = 'N';\" -c ;" %(version) + jisql_log(query, db_password) + output = check_output(query) + if output.strip(version + " |"): + countTries = 0 + while(output.strip(version + " |")): + if countTries < 3: + log("[I] Ranger Password change utility is being executed by some other process" ,"info") + time.sleep(retryPatchAfterSeconds) + jisql_log(query, db_password) + output = check_output(query) + countTries += 1 + else: + log("[E] Tried updating the password "+ str(countTries) + " times","error") + log("[E] If Ranger "+ userName +" user password is not being changed by some other process then manually delete the entry from ranger database table x_db_version_h table where version is " + version ,"error") + sys.exit(1) + else: + if is_unix: + query = get_cmd + " -query \"insert into x_db_version_h (version, inst_at, inst_by, updated_at, updated_by,active) values ('%s', now(), '%s', now(), '%s','N') ;\"" %(version,ranger_version,client_host) + jisql_log(query, db_password) + ret = subprocess.call(shlex.split(query)) + elif os_name == "WINDOWS": + query = get_cmd + " -query \"insert into x_db_version_h (version, inst_at, inst_by, updated_at, updated_by,active) values ('%s', now(), '%s', now(), '%s','N') ;\" -c ;" %(version,ranger_version,client_host) + jisql_log(query, db_password) + ret = subprocess.call(query) + if ret == 0: + log ("[I] Ranger "+ userName +" default password change request is in process..","info") + else: + log("[E] Ranger "+ userName +" default password change request failed", "error") + sys.exit(1) + if is_unix: + path = os.path.join("%s","WEB-INF","classes","conf:%s","WEB-INF","classes","lib","*:%s","WEB-INF",":%s","META-INF",":%s","WEB-INF","lib","*:%s","WEB-INF","classes",":%s","WEB-INF","classes","META-INF:%s" )%(app_home ,app_home ,app_home, app_home, app_home, app_home ,app_home ,self.SQL_CONNECTOR_JAR) + elif os_name == "WINDOWS": + path = os.path.join("%s","WEB-INF","classes","conf;%s","WEB-INF","classes","lib","*;%s","WEB-INF",";%s","META-INF",";%s","WEB-INF","lib","*;%s","WEB-INF","classes",";%s","WEB-INF","classes","META-INF;%s" )%(app_home ,app_home ,app_home, app_home, app_home, app_home ,app_home ,self.SQL_CONNECTOR_JAR) + get_java_cmd = "%s -Dlogdir=%s -Dlog4j.configuration=db_patch.log4j.xml -cp %s org.apache.ranger.patch.cliutil.%s %s -default"%(self.JAVA_BIN,ranger_log,path,className, userPwdString) + if is_unix: + status = subprocess.call(shlex.split(get_java_cmd)) + elif os_name == "WINDOWS": + status = subprocess.call(get_java_cmd) + if status == 0 or status==2: + if is_unix: + query = get_cmd + " -query \"update x_db_version_h set active='Y' where version='%s' and active='N' and updated_by='%s';\"" %(version,client_host) + jisql_log(query, db_password) + ret = subprocess.call(shlex.split(query)) + elif os_name == "WINDOWS": + query = get_cmd + " -query \"update x_db_version_h set active='Y' where version='%s' and active='N' and updated_by='%s';\" -c ;" %(version,client_host) + jisql_log(query, db_password) + ret = subprocess.call(query) + if ret == 0 and status == 0: + log ("[I] Ranger "+ userName +" default password change request processed successfully..","info") + elif ret == 0 and status == 2: + log ("[I] Ranger "+ userName +" default password change request process skipped!","info") + else: + if is_unix: + query = get_cmd + " -query \"delete from x_db_version_h where version='%s' and active='N' and updated_by='%s';\"" %(version,client_host) + jisql_log(query, db_password) + ret = subprocess.call(shlex.split(query)) + elif os_name == "WINDOWS": + query = get_cmd + " -query \"delete from x_db_version_h where version='%s' and active='N' and updated_by='%s';\" -c ;" %(version,client_host) + jisql_log(query, db_password) + ret = subprocess.call(query) + log("[E] Ranger "+ userName +" default password change request failed", "error") + sys.exit(1) + else: + if is_unix: + query = get_cmd + " -query \"delete from x_db_version_h where version='%s' and active='N' and updated_by='%s';\"" %(version,client_host) + jisql_log(query, db_password) + ret = subprocess.call(shlex.split(query)) + elif os_name == "WINDOWS": + query = get_cmd + " -query \"delete from x_db_version_h where version='%s' and active='N' and updated_by='%s';\" -c ;" %(version,client_host) + jisql_log(query, db_password) + ret = subprocess.call(query) + log("[E] Ranger "+ userName +" default password change request failed", "error") + sys.exit(1) + def create_version_history_table(self, db_name, db_user, db_password, file_name,table_name): name = basename(file_name) if os.path.isfile(file_name): @@ -1445,6 +1548,109 @@ class OracleConf(BaseDB): log("[E] Ranger "+ userName +" default password change request failed", "error") sys.exit(1) + def change_all_admin_default_password(self, xa_db_host, db_user, db_password, db_name,userPwdArray): + userPwdString ="" + if len(userPwdArray)>5: + for j in range(len(userPwdArray)): + if str(userPwdArray[j]) == "-pair": + userPwdString= userPwdString + " \"" + userPwdArray[j+1] + "\" \"" + userPwdArray[j+2] + "\" \"" + userPwdArray[j+3] +"\"" + + userName = "all admins" + className = "ChangePasswordUtil" + version = "DEFAULT_ALL_ADMIN_UPDATE" + app_home = os.path.join(RANGER_ADMIN_HOME,"ews","webapp") + ranger_log = os.path.join(RANGER_ADMIN_HOME,"ews","logs") + filePath = os.path.join(app_home,"WEB-INF","classes","org","apache","ranger","patch","cliutil","ChangePasswordUtil.class") + if os.path.exists(filePath): + if version != "": + get_cmd = self.get_jisql_cmd(db_user, db_password) + if is_unix: + query = get_cmd + " -c \; -query \"select version from x_db_version_h where version = '%s' and active = 'Y';\"" %(version) + elif os_name == "WINDOWS": + query = get_cmd + " -query \"select version from x_db_version_h where version = '%s' and active = 'Y';\" -c ;" %(version) + jisql_log(query, db_password) + output = check_output(query) + if output.strip(version + " |"): + log("[I] Ranger "+ userName +" default password has already been changed!!","info") + else: + if is_unix: + query = get_cmd + " -c \; -query \"select version from x_db_version_h where version = '%s' and active = 'N';\"" %(version) + elif os_name == "WINDOWS": + query = get_cmd + " -query \"select version from x_db_version_h where version = '%s' and active = 'N';\" -c ;" %(version) + jisql_log(query, db_password) + output = check_output(query) + if output.strip(version + " |"): + countTries = 0 + while(output.strip(version + " |")): + if countTries < 3: + log("[I] Ranger Password change utility is being executed by some other process" ,"info") + time.sleep(retryPatchAfterSeconds) + jisql_log(query, db_password) + output = check_output(query) + countTries += 1 + else: + log("[E] Tried updating the password "+ str(countTries) + " times","error") + log("[E] If Ranger "+ userName +" user password is not being changed by some other process then manually delete the entry from ranger database table x_db_version_h table where version is " + version ,"error") + sys.exit(1) + else: + if is_unix: + query = get_cmd + " -c \; -query \"insert into x_db_version_h (id,version, inst_at, inst_by, updated_at, updated_by,active) values ( X_DB_VERSION_H_SEQ.nextval,'%s', sysdate, '%s', sysdate, '%s','N');\"" %(version, ranger_version, client_host) + jisql_log(query, db_password) + ret = subprocess.call(shlex.split(query)) + elif os_name == "WINDOWS": + query = get_cmd + " -query \"insert into x_db_version_h (id,version, inst_at, inst_by, updated_at, updated_by,active) values ( X_DB_VERSION_H_SEQ.nextval,'%s', sysdate, '%s', sysdate, '%s','N');\" -c ;" %(version, ranger_version, client_host) + jisql_log(query, db_password) + ret = subprocess.call(query) + if ret == 0: + log ("[I] Ranger "+ userName +" default password change request is in process..","info") + else: + log("[E] Ranger "+ userName +" default password change request failed", "error") + sys.exit(1) + if is_unix: + path = os.path.join("%s","WEB-INF","classes","conf:%s","WEB-INF","classes","lib","*:%s","WEB-INF",":%s","META-INF",":%s","WEB-INF","lib","*:%s","WEB-INF","classes",":%s","WEB-INF","classes","META-INF:%s" )%(app_home ,app_home ,app_home, app_home, app_home, app_home ,app_home ,self.SQL_CONNECTOR_JAR) + elif os_name == "WINDOWS": + path = os.path.join("%s","WEB-INF","classes","conf;%s","WEB-INF","classes","lib","*;%s","WEB-INF",";%s","META-INF",";%s","WEB-INF","lib","*;%s","WEB-INF","classes",";%s","WEB-INF","classes","META-INF;%s" )%(app_home ,app_home ,app_home, app_home, app_home, app_home ,app_home ,self.SQL_CONNECTOR_JAR) + get_java_cmd = "%s -XX:MetaspaceSize=100m -XX:MaxMetaspaceSize=200m -Xmx%s -Xms1g -Dlogdir=%s -Dlog4j.configuration=db_patch.log4j.xml -cp %s org.apache.ranger.patch.cliutil.%s %s -default"%(self.JAVA_BIN,globalDict['ranger_admin_max_heap_size'],ranger_log,path,className,userPwdString) + if is_unix: + status = subprocess.call(shlex.split(get_java_cmd)) + elif os_name == "WINDOWS": + status = subprocess.call(get_java_cmd) + if status == 0 or status==2: + if is_unix: + query = get_cmd + " -c \; -query \"update x_db_version_h set active='Y' where version='%s' and active='N' and updated_by='%s';\"" %(version,client_host) + jisql_log(query, db_password) + ret = subprocess.call(shlex.split(query)) + elif os_name == "WINDOWS": + query = get_cmd + " -query \"update x_db_version_h set active='Y' where version='%s' and active='N' and updated_by='%s';\" -c ;" %(version,client_host) + jisql_log(query, db_password) + ret = subprocess.call(query) + if ret == 0 and status == 0: + log ("[I] Ranger "+ userName +" default password change request processed successfully..","info") + elif ret == 0 and status == 2: + log ("[I] Ranger "+ userName +" default password change request process skipped!","info") + else: + if is_unix: + query = get_cmd + " -c \; -query \"delete from x_db_version_h where version='%s' and active='N' and updated_by='%s';\"" %(version,client_host) + jisql_log(query, db_password) + ret = subprocess.call(shlex.split(query)) + elif os_name == "WINDOWS": + query = get_cmd + " -query \"delete from x_db_version_h where version='%s' and active='N' and updated_by='%s';\" -c ;" %(version,client_host) + jisql_log(query, db_password) + ret = subprocess.call(query) + log("[E] Ranger "+ userName +" default password change request failed", "error") + sys.exit(1) + else: + if is_unix: + query = get_cmd + " -c \; -query \"delete from x_db_version_h where version='%s' and active='N' and updated_by='%s';\"" %(version,client_host) + jisql_log(query, db_password) + ret = subprocess.call(shlex.split(query)) + elif os_name == "WINDOWS": + query = get_cmd + " -query \"delete from x_db_version_h where version='%s' and active='N' and updated_by='%s';\" -c ;" %(version,client_host) + jisql_log(query, db_password) + ret = subprocess.call(query) + log("[E] Ranger "+ userName +" default password change request failed", "error") + sys.exit(1) + def create_version_history_table(self, db_name, db_user, db_password, file_name,table_name): name = basename(file_name) if os.path.isfile(file_name): @@ -2162,6 +2368,109 @@ class PostgresConf(BaseDB): log("[E] Ranger "+ userName +" default password change request failed", "error") sys.exit(1) + def change_all_admin_default_password(self, xa_db_host, db_user, db_password, db_name,userPwdArray): + userPwdString ="" + if len(userPwdArray)>5: + for j in range(len(userPwdArray)): + if str(userPwdArray[j]) == "-pair": + userPwdString= userPwdString + " \"" + userPwdArray[j+1] + "\" \"" + userPwdArray[j+2] + "\" \"" + userPwdArray[j+3] +"\"" + + userName = "all admins" + className = "ChangePasswordUtil" + version = "DEFAULT_ALL_ADMIN_UPDATE" + app_home = os.path.join(RANGER_ADMIN_HOME,"ews","webapp") + ranger_log = os.path.join(RANGER_ADMIN_HOME,"ews","logs") + filePath = os.path.join(app_home,"WEB-INF","classes","org","apache","ranger","patch","cliutil","ChangePasswordUtil.class") + if os.path.exists(filePath): + if version != "": + get_cmd = self.get_jisql_cmd(db_user, db_password, db_name) + if is_unix: + query = get_cmd + " -query \"select version from x_db_version_h where version = '%s' and active = 'Y';\"" %(version) + elif os_name == "WINDOWS": + query = get_cmd + " -query \"select version from x_db_version_h where version = '%s' and active = 'Y';\" -c ;" %(version) + jisql_log(query, db_password) + output = check_output(query) + if output.strip(version + " |"): + log("[I] Ranger "+ userName +" default password has already been changed!!","info") + else: + if is_unix: + query = get_cmd + " -query \"select version from x_db_version_h where version = '%s' and active = 'N';\"" %(version) + elif os_name == "WINDOWS": + query = get_cmd + " -query \"select version from x_db_version_h where version = '%s' and active = 'N';\" -c ;" %(version) + jisql_log(query, db_password) + output = check_output(query) + if output.strip(version + " |"): + countTries = 0 + while(output.strip(version + " |")): + if countTries < 3: + log("[I] Ranger Password change utility is being executed by some other process" ,"info") + time.sleep(retryPatchAfterSeconds) + jisql_log(query, db_password) + output = check_output(query) + countTries += 1 + else: + log("[E] Tried updating the password "+ str(countTries) + " times","error") + log("[E] If Ranger "+ userName +" user password is not being changed by some other process then manually delete the entry from ranger database table x_db_version_h table where version is " + version ,"error") + sys.exit(1) + else: + if is_unix: + query = get_cmd + " -query \"insert into x_db_version_h (version, inst_at, inst_by, updated_at, updated_by,active) values ('%s', current_timestamp, '%s', current_timestamp, '%s','N') ;\"" %(version,ranger_version,client_host) + jisql_log(query, db_password) + ret = subprocess.call(shlex.split(query)) + elif os_name == "WINDOWS": + query = get_cmd + " -query \"insert into x_db_version_h (version, inst_at, inst_by, updated_at, updated_by,active) values ('%s', current_timestamp, '%s', current_timestamp, '%s','N') ;\" -c ;" %(version,ranger_version,client_host) + jisql_log(query, db_password) + ret = subprocess.call(query) + if ret == 0: + log ("[I] Ranger "+ userName +" default password change request is in process..","info") + else: + log("[E] Ranger "+ userName +" default password change request failed", "error") + sys.exit(1) + if is_unix: + path = os.path.join("%s","WEB-INF","classes","conf:%s","WEB-INF","classes","lib","*:%s","WEB-INF",":%s","META-INF",":%s","WEB-INF","lib","*:%s","WEB-INF","classes",":%s","WEB-INF","classes","META-INF:%s" )%(app_home ,app_home ,app_home, app_home, app_home, app_home ,app_home ,self.SQL_CONNECTOR_JAR) + elif os_name == "WINDOWS": + path = os.path.join("%s","WEB-INF","classes","conf;%s","WEB-INF","classes","lib","*;%s","WEB-INF",";%s","META-INF",";%s","WEB-INF","lib","*;%s","WEB-INF","classes",";%s","WEB-INF","classes","META-INF;%s" )%(app_home ,app_home ,app_home, app_home, app_home, app_home ,app_home ,self.SQL_CONNECTOR_JAR) + get_java_cmd = "%s -XX:MetaspaceSize=100m -XX:MaxMetaspaceSize=200m -Xmx%s -Xms1g -Dlogdir=%s -Dlog4j.configuration=db_patch.log4j.xml -cp %s org.apache.ranger.patch.cliutil.%s %s -default"%(self.JAVA_BIN,globalDict['ranger_admin_max_heap_size'],ranger_log,path,className,userPwdString) + if is_unix: + status = subprocess.call(shlex.split(get_java_cmd)) + elif os_name == "WINDOWS": + status = subprocess.call(get_java_cmd) + if status == 0 or status==2: + if is_unix: + query = get_cmd + " -query \"update x_db_version_h set active='Y' where version='%s' and active='N' and updated_by='%s';\"" %(version,client_host) + jisql_log(query, db_password) + ret = subprocess.call(shlex.split(query)) + elif os_name == "WINDOWS": + query = get_cmd + " -query \"update x_db_version_h set active='Y' where version='%s' and active='N' and updated_by='%s';\" -c ;" %(version,client_host) + jisql_log(query, db_password) + ret = subprocess.call(query) + if ret == 0 and status == 0: + log ("[I] Ranger "+ userName +" default password change request processed successfully..","info") + elif ret == 0 and status == 2: + log ("[I] Ranger "+ userName +" default password change request process skipped!","info") + else: + if is_unix: + query = get_cmd + " -query \"delete from x_db_version_h where version='%s' and active='N' and updated_by='%s';\"" %(version,client_host) + jisql_log(query, db_password) + ret = subprocess.call(shlex.split(query)) + elif os_name == "WINDOWS": + query = get_cmd + " -query \"delete from x_db_version_h where version='%s' and active='N' and updated_by='%s';\" -c ;" %(version,client_host) + jisql_log(query, db_password) + ret = subprocess.call(query) + log("[E] Ranger "+ userName +" default password change request failed", "error") + sys.exit(1) + else: + if is_unix: + query = get_cmd + " -query \"delete from x_db_version_h where version='%s' and active='N' and updated_by='%s';\"" %(version,client_host) + jisql_log(query, db_password) + ret = subprocess.call(shlex.split(query)) + elif os_name == "WINDOWS": + query = get_cmd + " -query \"delete from x_db_version_h where version='%s' and active='N' and updated_by='%s';\" -c ;" %(version,client_host) + jisql_log(query, db_password) + ret = subprocess.call(query) + log("[E] Ranger "+ userName +" default password change request failed", "error") + sys.exit(1) + def create_version_history_table(self, db_name, db_user, db_password, file_name,table_name): name = basename(file_name) if os.path.isfile(file_name): @@ -2821,6 +3130,109 @@ class SqlServerConf(BaseDB): log("[E] Ranger "+ userName +" default password change request failed", "error") sys.exit(1) + def change_all_admin_default_password(self, xa_db_host, db_user, db_password, db_name,userPwdArray): + userPwdString ="" + if len(userPwdArray)>5: + for j in range(len(userPwdArray)): + if str(userPwdArray[j]) == "-pair": + userPwdString= userPwdString + " \"" + userPwdArray[j+1] + "\" \"" + userPwdArray[j+2] + "\" \"" + userPwdArray[j+3] +"\"" + + userName = "all admins" + className = "ChangePasswordUtil" + version = "DEFAULT_ALL_ADMIN_UPDATE" + app_home = os.path.join(RANGER_ADMIN_HOME,"ews","webapp") + ranger_log = os.path.join(RANGER_ADMIN_HOME,"ews","logs") + filePath = os.path.join(app_home,"WEB-INF","classes","org","apache","ranger","patch","cliutil","ChangePasswordUtil.class") + if os.path.exists(filePath): + if version != "": + get_cmd = self.get_jisql_cmd(db_user, db_password, db_name) + if is_unix: + query = get_cmd + " -query \"select version from x_db_version_h where version = '%s' and active = 'Y';\" -c \;" %(version) + elif os_name == "WINDOWS": + query = get_cmd + " -query \"select version from x_db_version_h where version = '%s' and active = 'Y';\" -c ;" %(version) + jisql_log(query, db_password) + output = check_output(query) + if output.strip(version + " |"): + log("[I] Ranger "+ userName +" default password has already been changed!!","info") + else: + if is_unix: + query = get_cmd + " -query \"select version from x_db_version_h where version = '%s' and active = 'N';\" -c \;" %(version) + elif os_name == "WINDOWS": + query = get_cmd + " -query \"select version from x_db_version_h where version = '%s' and active = 'N';\" -c ;" %(version) + jisql_log(query, db_password) + output = check_output(query) + if output.strip(version + " |"): + countTries = 0 + while(output.strip(version + " |")): + if countTries < 3: + log("[I] Ranger Password change utility is being executed by some other process" ,"info") + time.sleep(retryPatchAfterSeconds) + jisql_log(query, db_password) + output = check_output(query) + countTries += 1 + else: + log("[E] Tried updating the password "+ str(countTries) + " times","error") + log("[E] If Ranger "+ userName +" user password is not being changed by some other process then manually delete the entry from ranger database table x_db_version_h table where version is " + version ,"error") + sys.exit(1) + else: + if is_unix: + query = get_cmd + " -query \"insert into x_db_version_h (version, inst_at, inst_by, updated_at, updated_by,active) values ('%s', GETDATE(), '%s', GETDATE(), '%s','N') ;\" -c \;" %(version,ranger_version,client_host) + jisql_log(query, db_password) + ret = subprocess.call(shlex.split(query)) + elif os_name == "WINDOWS": + query = get_cmd + " -query \"insert into x_db_version_h (version, inst_at, inst_by, updated_at, updated_by,active) values ('%s', GETDATE(), '%s', GETDATE(), '%s','N') ;\" -c ;" %(version,ranger_version,client_host) + jisql_log(query, db_password) + ret = subprocess.call(query) + if ret == 0: + log ("[I] Ranger "+ userName +" default password change request is in process..","info") + else: + log("[E] Ranger "+ userName +" default password change request failed", "error") + sys.exit(1) + if is_unix: + path = os.path.join("%s","WEB-INF","classes","conf:%s","WEB-INF","classes","lib","*:%s","WEB-INF",":%s","META-INF",":%s","WEB-INF","lib","*:%s","WEB-INF","classes",":%s","WEB-INF","classes","META-INF:%s" )%(app_home ,app_home ,app_home, app_home, app_home, app_home ,app_home ,self.SQL_CONNECTOR_JAR) + elif os_name == "WINDOWS": + path = os.path.join("%s","WEB-INF","classes","conf;%s","WEB-INF","classes","lib","*;%s","WEB-INF",";%s","META-INF",";%s","WEB-INF","lib","*;%s","WEB-INF","classes",";%s","WEB-INF","classes","META-INF;%s" )%(app_home ,app_home ,app_home, app_home, app_home, app_home ,app_home ,self.SQL_CONNECTOR_JAR) + get_java_cmd = "%s -XX:MetaspaceSize=100m -XX:MaxMetaspaceSize=200m -Xmx%s -Xms1g -Dlogdir=%s -Dlog4j.configuration=db_patch.log4j.xml -cp %s org.apache.ranger.patch.cliutil.%s %s -default"%(self.JAVA_BIN,globalDict['ranger_admin_max_heap_size'],ranger_log,path,className,userPwdString) + if is_unix: + status = subprocess.call(shlex.split(get_java_cmd)) + elif os_name == "WINDOWS": + status = subprocess.call(get_java_cmd) + if status == 0 or status==2: + if is_unix: + query = get_cmd + " -query \"update x_db_version_h set active='Y' where version='%s' and active='N' and updated_by='%s';\" -c \;" %(version,client_host) + jisql_log(query, db_password) + ret = subprocess.call(shlex.split(query)) + elif os_name == "WINDOWS": + query = get_cmd + " -query \"update x_db_version_h set active='Y' where version='%s' and active='N' and updated_by='%s';\" -c ;" %(version,client_host) + jisql_log(query, db_password) + ret = subprocess.call(query) + if ret == 0 and status == 0: + log ("[I] Ranger "+ userName +" default password change request processed successfully..","info") + elif ret == 0 and status == 2: + log ("[I] Ranger "+ userName +" default password change request process skipped!","info") + else: + if is_unix: + query = get_cmd + " -query \"delete from x_db_version_h where version='%s' and active='N' and updated_by='%s';\" -c \;" %(version,client_host) + jisql_log(query, db_password) + ret = subprocess.call(shlex.split(query)) + elif os_name == "WINDOWS": + query = get_cmd + " -query \"delete from x_db_version_h where version='%s' and active='N' and updated_by='%s';\" -c ;" %(version,client_host) + jisql_log(query, db_password) + ret = subprocess.call(query) + log("[E] Ranger "+ userName +" default password change request failed", "error") + sys.exit(1) + else: + if is_unix: + query = get_cmd + " -query \"delete from x_db_version_h where version='%s' and active='N' and updated_by='%s';\" -c \;" %(version,client_host) + jisql_log(query, db_password) + ret = subprocess.call(shlex.split(query)) + elif os_name == "WINDOWS": + query = get_cmd + " -query \"delete from x_db_version_h where version='%s' and active='N' and updated_by='%s';\" -c ;" %(version,client_host) + jisql_log(query, db_password) + ret = subprocess.call(query) + log("[E] Ranger "+ userName +" default password change request failed", "error") + sys.exit(1) + def create_version_history_table(self, db_name, db_user, db_password, file_name,table_name): name = basename(file_name) if os.path.isfile(file_name): @@ -3493,6 +3905,110 @@ class SqlAnywhereConf(BaseDB): log("[E] Ranger "+ userName +" default password change request failed", "error") sys.exit(1) + def change_all_admin_default_password(self, xa_db_host, db_user, db_password, db_name,userPwdArray): + userPwdString ="" + if len(userPwdArray)>5: + for j in range(len(userPwdArray)): + if str(userPwdArray[j]) == "-pair": + userPwdString= userPwdString + " \"" + userPwdArray[j+1] + "\" \"" + userPwdArray[j+2] + "\" \"" + userPwdArray[j+3] +"\"" + + userName = "all admins" + className = "ChangePasswordUtil" + version = "DEFAULT_ALL_ADMIN_UPDATE" + app_home = os.path.join(RANGER_ADMIN_HOME,"ews","webapp") + ranger_log = os.path.join(RANGER_ADMIN_HOME,"ews","logs") + filePath = os.path.join(app_home,"WEB-INF","classes","org","apache","ranger","patch","cliutil","ChangePasswordUtil.class") + if os.path.exists(filePath): + if version != "": + get_cmd = self.get_jisql_cmd(db_user, db_password, db_name) + if is_unix: + query = get_cmd + " -query \"select version from x_db_version_h where version = '%s' and active = 'Y';\" -c \;" %(version) + elif os_name == "WINDOWS": + query = get_cmd + " -query \"select version from x_db_version_h where version = '%s' and active = 'Y';\" -c ;" %(version) + jisql_log(query, db_password) + output = check_output(query) + if output.strip(version + " |"): + log("[I] Ranger "+ userName +" default password has already been changed!!","info") + else: + if is_unix: + query = get_cmd + " -query \"select version from x_db_version_h where version = '%s' and active = 'N';\" -c \;" %(version) + elif os_name == "WINDOWS": + query = get_cmd + " -query \"select version from x_db_version_h where version = '%s' and active = 'N';\" -c ;" %(version) + jisql_log(query, db_password) + output = check_output(query) + if output.strip(version + " |"): + countTries = 0 + while(output.strip(version + " |")): + if countTries < 3: + log("[I] Ranger Password change utility is being executed by some other process" ,"info") + time.sleep(retryPatchAfterSeconds) + jisql_log(query, db_password) + output = check_output(query) + countTries += 1 + else: + log("[E] Tried updating the password "+ str(countTries) + " times","error") + log("[E] If Ranger "+ userName +" user password is not being changed by some other process then manually delete the entry from ranger database table x_db_version_h table where version is " + version ,"error") + sys.exit(1) + else: + if is_unix: + query = get_cmd + " -query \"insert into x_db_version_h (version, inst_at, inst_by, updated_at, updated_by,active) values ('%s', GETDATE(), '%s', GETDATE(), '%s','N') ;\" -c \;" %(version,ranger_version,client_host) + jisql_log(query, db_password) + ret = subprocess.call(shlex.split(query)) + elif os_name == "WINDOWS": + query = get_cmd + " -query \"insert into x_db_version_h (version, inst_at, inst_by, updated_at, updated_by,active) values ('%s', GETDATE(), '%s', GETDATE(), '%s','N') ;\" -c ;" %(version,ranger_version,client_host) + jisql_log(query, db_password) + ret = subprocess.call(query) + if ret == 0: + log ("[I] Ranger "+ userName +" default password change request is in process..","info") + else: + log("[E] Ranger "+ userName +" default password change request failed", "error") + sys.exit(1) + if is_unix: + path = os.path.join("%s","WEB-INF","classes","conf:%s","WEB-INF","classes","lib","*:%s","WEB-INF",":%s","META-INF",":%s","WEB-INF","lib","*:%s","WEB-INF","classes",":%s","WEB-INF","classes","META-INF:%s" )%(app_home ,app_home ,app_home, app_home, app_home, app_home ,app_home ,self.SQL_CONNECTOR_JAR) + elif os_name == "WINDOWS": + path = os.path.join("%s","WEB-INF","classes","conf;%s","WEB-INF","classes","lib","*;%s","WEB-INF",";%s","META-INF",";%s","WEB-INF","lib","*;%s","WEB-INF","classes",";%s","WEB-INF","classes","META-INF;%s" )%(app_home ,app_home ,app_home, app_home, app_home, app_home ,app_home ,self.SQL_CONNECTOR_JAR) + get_java_cmd = "%s -XX:MetaspaceSize=100m -XX:MaxMetaspaceSize=200m -Xmx%s -Xms1g -Dlogdir=%s -Dlog4j.configuration=db_patch.log4j.xml -cp %s org.apache.ranger.patch.cliutil.%s %s -default"%(self.JAVA_BIN,globalDict['ranger_admin_max_heap_size'],ranger_log,path,className,userPwdString) + if is_unix: + status = subprocess.call(shlex.split(get_java_cmd)) + elif os_name == "WINDOWS": + status = subprocess.call(get_java_cmd) + if status == 0 or status==2: + if is_unix: + query = get_cmd + " -query \"update x_db_version_h set active='Y' where version='%s' and active='N' and updated_by='%s';\" -c \;" %(version,client_host) + jisql_log(query, db_password) + ret = subprocess.call(shlex.split(query)) + elif os_name == "WINDOWS": + query = get_cmd + " -query \"update x_db_version_h set active='Y' where version='%s' and active='N' and updated_by='%s';\" -c ;" %(version,client_host) + jisql_log(query, db_password) + ret = subprocess.call(query) + if ret == 0 and status == 0: + log ("[I] Ranger "+ userName +" default password change request processed successfully..","info") + elif ret == 0 and status == 2: + log ("[I] Ranger "+ userName +" default password change request process skipped!","info") + else: + if is_unix: + query = get_cmd + " -query \"delete from x_db_version_h where version='%s' and active='N' and updated_by='%s';\" -c \;" %(version,client_host) + jisql_log(query, db_password) + ret = subprocess.call(shlex.split(query)) + elif os_name == "WINDOWS": + query = get_cmd + " -query \"delete from x_db_version_h where version='%s' and active='N' and updated_by='%s';\" -c ;" %(version,client_host) + jisql_log(query, db_password) + ret = subprocess.call(query) + log("[E] Ranger "+ userName +" default password change request failed", "error") + sys.exit(1) + else: + if is_unix: + query = get_cmd + " -query \"delete from x_db_version_h where version='%s' and active='N' and updated_by='%s';\" -c \;" %(version,client_host) + jisql_log(query, db_password) + ret = subprocess.call(shlex.split(query)) + elif os_name == "WINDOWS": + query = get_cmd + " -query \"delete from x_db_version_h where version='%s' and active='N' and updated_by='%s';\" -c ;" %(version,client_host) + jisql_log(query, db_password) + ret = subprocess.call(query) + log("[E] Ranger "+ userName +" default password change request failed", "error") + sys.exit(1) + + def create_version_history_table(self, db_name, db_user, db_password, file_name,table_name): name = basename(file_name) if os.path.isfile(file_name): @@ -3955,7 +4471,23 @@ def main(argv): xa_sqlObj.is_new_install(xa_db_host, db_user, db_password, db_name) if str(argv[i]) == "-changepassword": - if len(argv)==5: + if len(argv)>5: + isValidPassWord = False + for j in range(len(argv)): + if str(argv[j]) == "-pair": + userName=argv[j+1] + oldPassword=argv[j+2] + newPassword=argv[j+3] + if oldPassword==newPassword: + log("[E] Old Password and New Password argument are same. Exiting!!", "error") + sys.exit(1) + if userName != "" and oldPassword != "" and newPassword != "": + password_validation(newPassword) + isValidPassWord=True + if isValidPassWord == True: + xa_sqlObj.change_all_admin_default_password(xa_db_host, db_user, db_password, db_name,argv) + + elif len(argv)==5: userName=argv[2] oldPassword=argv[3] newPassword=argv[4] http://git-wip-us.apache.org/repos/asf/ranger/blob/737ec996/security-admin/scripts/setup.sh ---------------------------------------------------------------------- diff --git a/security-admin/scripts/setup.sh b/security-admin/scripts/setup.sh index 0b10e0f..bd4bd4c 100755 --- a/security-admin/scripts/setup.sh +++ b/security-admin/scripts/setup.sh @@ -1384,7 +1384,7 @@ setup_install_files(){ fi } python_command_for_change_password(){ - $PYTHON_COMMAND_INVOKER db_setup.py -changepassword "${1}" "${2}" "${3}" + $PYTHON_COMMAND_INVOKER db_setup.py -changepassword -pair "${1}" "${2}" "${3}" -pair "${4}" "${5}" "${6}" -pair "${7}" "${8}" "${9}" -pair "${10}" "${11}" "${12}" } validateDefaultUsersPassword(){ if [ "${2}" == "" ] @@ -1399,38 +1399,47 @@ validateDefaultUsersPassword(){ } change_default_users_password(){ - if [ "${rangerAdmin_password}" != "admin" ] - then - python_command_for_change_password 'admin' 'admin' "${rangerAdmin_password}" - if [ "$?" != "0" ] - then - exit 1 - fi - fi - if [ "${rangerTagsync_password}" != "rangertagsync" ] - then - python_command_for_change_password 'rangertagsync' 'rangertagsync' "${rangerTagsync_password}" - if [ "$?" != "0" ] - then - exit 1 - fi - fi - if [ "${rangerUsersync_password}" != "rangerusersync" ] - then - python_command_for_change_password 'rangerusersync' 'rangerusersync' "${rangerUsersync_password}" - if [ "$?" != "0" ] - then - exit 1 - fi - fi - if [ "${keyadmin_password}" != "keyadmin" ] - then - python_command_for_change_password 'keyadmin' 'keyadmin' "${keyadmin_password}" - if [ "$?" != "0" ] - then - exit 1 - fi - fi + if [ "${rangerAdmin_password}" != "admin" ] && [ "${rangerTagsync_password}" != "rangertagsync" ] && [ "${rangerUsersync_password}" != "rangerusersync" ] && [ "${keyadmin_password}" != "keyadmin" ] + then + python_command_for_change_password 'admin' 'admin' "${rangerAdmin_password}" 'rangertagsync' 'rangertagsync' "${rangerTagsync_password}" 'rangerusersync' 'rangerusersync' "${rangerUsersync_password}" 'keyadmin' 'keyadmin' "${keyadmin_password}" + if [ "$?" != "0" ] + then + exit 1 + fi + else + if [ "${rangerAdmin_password}" != "admin" ] + then + python_command_for_change_password 'admin' 'admin' "${rangerAdmin_password}" + if [ "$?" != "0" ] + then + exit 1 + fi + fi + if [ "${rangerTagsync_password}" != "rangertagsync" ] + then + python_command_for_change_password 'rangertagsync' 'rangertagsync' "${rangerTagsync_password}" + if [ "$?" != "0" ] + then + exit 1 + fi + fi + if [ "${rangerUsersync_password}" != "rangerusersync" ] + then + python_command_for_change_password 'rangerusersync' 'rangerusersync' "${rangerUsersync_password}" + if [ "$?" != "0" ] + then + exit 1 + fi + fi + if [ "${keyadmin_password}" != "keyadmin" ] + then + python_command_for_change_password 'keyadmin' 'keyadmin' "${keyadmin_password}" + if [ "$?" != "0" ] + then + exit 1 + fi + fi + fi } log " --------- Running Ranger PolicyManager Web Application Install Script --------- " log "[I] uname=`uname`" @@ -1447,10 +1456,10 @@ check_python_command check_ranger_version if [ "$?" != "0" ] then - validateDefaultUsersPassword 'admin' "${rangerAdmin_password}" - validateDefaultUsersPassword 'rangertagsync' "${rangerTagsync_password}" - validateDefaultUsersPassword 'rangerusersync' "${rangerUsersync_password}" - validateDefaultUsersPassword 'keyadmin' "${keyadmin_password}" + validateDefaultUsersPassword 'admin' "${rangerAdmin_password}" + validateDefaultUsersPassword 'rangertagsync' "${rangerTagsync_password}" + validateDefaultUsersPassword 'rangerusersync' "${rangerUsersync_password}" + validateDefaultUsersPassword 'keyadmin' "${keyadmin_password}" fi run_dba_steps if [ "$?" == "0" ] @@ -1474,10 +1483,10 @@ then if [ "$?" == "0" ] then $PYTHON_COMMAND_INVOKER db_setup.py -javapatch - if [ "$?" == "0" ] - then - change_default_users_password - fi + if [ "$?" == "0" ] + then + change_default_users_password + fi else exit 1 fi http://git-wip-us.apache.org/repos/asf/ranger/blob/737ec996/security-admin/src/main/java/org/apache/ranger/patch/cliutil/ChangePasswordUtil.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/patch/cliutil/ChangePasswordUtil.java b/security-admin/src/main/java/org/apache/ranger/patch/cliutil/ChangePasswordUtil.java index 9d3ce59..3037053 100644 --- a/security-admin/src/main/java/org/apache/ranger/patch/cliutil/ChangePasswordUtil.java +++ b/security-admin/src/main/java/org/apache/ranger/patch/cliutil/ChangePasswordUtil.java @@ -7,7 +7,7 @@ (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at - http://www.apache.org/licenses/LICENSE-2.0 + http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, @@ -39,41 +39,51 @@ public class ChangePasswordUtil extends BaseLoader { @Autowired UserMgr userMgr; - - @Autowired - RESTErrorUtil restErrorUtil; + + @Autowired + RESTErrorUtil restErrorUtil; public static String userLoginId; public static String currentPassword; public static String newPassword; - public static boolean defaultPwdChangeRequest=false; + public static boolean defaultPwdChangeRequest = false; + public static String[] userPwdArgs; public static void main(String[] args) { logger.info("main()"); try { ChangePasswordUtil loader = (ChangePasswordUtil) CLIUtil.getBean(ChangePasswordUtil.class); loader.init(); - if (args.length == 3 || args.length == 4) { - + userPwdArgs=args; + if (args.length > 4) { + if ("-default".equalsIgnoreCase(args[args.length-1])) { + defaultPwdChangeRequest = true; + } + while (loader.isMoreToProcess()) { + loader.load(); + } + logger.info("Load complete. Exiting!!!"); + System.exit(0); + } else if (args.length == 3 || args.length == 4) { userLoginId = args[0]; currentPassword = args[1]; newPassword = args[2]; - if (args.length == 4) { - if("-default".equalsIgnoreCase(args[3])){ - defaultPwdChangeRequest=true; - } - } - if(StringUtils.isEmpty(userLoginId)){ + if (args.length == 4) { + if ("-default".equalsIgnoreCase(args[3])) { + defaultPwdChangeRequest = true; + } + } + if (StringUtils.isEmpty(userLoginId)) { System.out.println("Invalid login ID. Exiting!!!"); logger.info("Invalid login ID. Exiting!!!"); System.exit(1); } - if(StringUtils.isEmpty(currentPassword)){ + if (StringUtils.isEmpty(currentPassword)) { System.out.println("Invalid current password. Exiting!!!"); logger.info("Invalid current password. Exiting!!!"); System.exit(1); } - if(StringUtils.isEmpty(newPassword)){ + if (StringUtils.isEmpty(newPassword)) { System.out.println("Invalid new password. Exiting!!!"); logger.info("Invalid new password. Exiting!!!"); System.exit(1); @@ -83,13 +93,14 @@ public class ChangePasswordUtil extends BaseLoader { } logger.info("Load complete. Exiting!!!"); System.exit(0); - }else{ - System.out.println("ChangePasswordUtil: Incorrect Arguments \n Usage: \n <loginId> <current-password> <new-password>"); - logger.error("ChangePasswordUtil: Incorrect Arguments \n Usage: \n <loginId> <current-password> <new-password>"); + } else { + System.out.println( + "ChangePasswordUtil: Incorrect Arguments \n Usage: \n <loginId> <current-password> <new-password>"); + logger.error( + "ChangePasswordUtil: Incorrect Arguments \n Usage: \n <loginId> <current-password> <new-password>"); System.exit(1); } - } - catch (Exception e) { + } catch (Exception e) { logger.error("Error loading", e); System.exit(1); } @@ -106,29 +117,32 @@ public class ChangePasswordUtil extends BaseLoader { @Override public void execLoad() { logger.info("==> ChangePasswordUtil.execLoad()"); - updateAdminPassword(); + if(userPwdArgs.length>4) { + updateMultiplePasswords(); + }else { + updateAdminPassword(); + } logger.info("<== ChangePasswordUtil.execLoad()"); } public void updateAdminPassword() { - XXPortalUser xPortalUser=daoMgr.getXXPortalUser().findByLoginId(userLoginId); - if (xPortalUser!=null){ - String dbPassword=xPortalUser.getPassword(); - String currentEncryptedPassword=null; - + XXPortalUser xPortalUser = daoMgr.getXXPortalUser().findByLoginId(userLoginId); + if (xPortalUser != null) { + String dbPassword = xPortalUser.getPassword(); + String currentEncryptedPassword = null; try { - - currentEncryptedPassword=userMgr.encrypt(userLoginId, currentPassword); - if (currentEncryptedPassword.equals(dbPassword)){ - validatePassword(newPassword); - userMgr.updatePasswordInSHA256(userLoginId,newPassword,true); - logger.info("User '"+userLoginId+"' Password updated sucessfully."); - }else if (!currentEncryptedPassword.equals(dbPassword) && defaultPwdChangeRequest){ - System.out.println("Skipping default password change request as provided password doesn't match with existing password."); - logger.error("Skipping default password change request as provided password doesn't match with existing password."); - System.exit(2); - } - else{ + currentEncryptedPassword = userMgr.encrypt(userLoginId, currentPassword); + if (currentEncryptedPassword.equals(dbPassword)) { + validatePassword(newPassword); + userMgr.updatePasswordInSHA256(userLoginId, newPassword, true); + logger.info("User '" + userLoginId + "' Password updated sucessfully."); + } else if (!currentEncryptedPassword.equals(dbPassword) && defaultPwdChangeRequest) { + System.out.println( + "Skipping default password change request as provided password doesn't match with existing password."); + logger.error( + "Skipping default password change request as provided password doesn't match with existing password."); + System.exit(2); + } else { System.out.println("Invalid user password"); logger.error("Invalid user password"); System.exit(1); @@ -137,28 +151,93 @@ public class ChangePasswordUtil extends BaseLoader { logger.error("Update Admin Password failure. Detail: \n", e); System.exit(1); } - } - else{ + } else { System.out.println("User does not exist in DB!!"); logger.error("User does not exist in DB"); System.exit(1); } } - private void validatePassword(String newPassword) { - boolean checkPassword = false; - if (newPassword != null ) { - String pattern = "(?=.*[0-9])(?=.*[a-zA-Z]).{8,}"; - checkPassword = newPassword.trim().matches(pattern); - if (!checkPassword) { - logger.error("validatePassword(). Password should be minimum 8 characters with minimum one alphabet and one numeric."); - System.out.println("validatePassword(). Password should be minimum 8 characters with minimum one alphabet and one numeric."); - throw restErrorUtil.createRESTException("serverMsg.changePasswordValidatePassword", MessageEnums.INVALID_PASSWORD, null, "Password should be minimum 8 characters with minimum one alphabet and one numeric", null); - } - } else { - logger.error("validatePassword(). Password cannot be blank/null."); - System.out.println("validatePassword(). Password cannot be blank/null."); - throw restErrorUtil.createRESTException("serverMsg.changePasswordValidatePassword", MessageEnums.INVALID_PASSWORD, null, "Password cannot be blank/null", null); - } - } + + public void updateMultiplePasswords() { + for (int i=0; i<userPwdArgs.length ; i+=3) { + if ("-default".equalsIgnoreCase(userPwdArgs[i])) { + continue; + } + String userLoginIdTemp=userPwdArgs[i]; + String currentPasswordTemp=userPwdArgs[i+1]; + String newPasswordTemp=userPwdArgs[i+2]; + if (StringUtils.isEmpty(userLoginIdTemp)) { + System.out.println("Invalid login ID. Exiting!!!"); + logger.info("Invalid login ID. Exiting!!!"); + System.exit(1); + } + if (StringUtils.isEmpty(currentPasswordTemp)) { + System.out.println("Invalid current password. Exiting!!!"); + logger.info("Invalid current password. Exiting!!!"); + System.exit(1); + } + if (StringUtils.isEmpty(newPasswordTemp)) { + System.out.println("Invalid new password. Exiting!!!"); + logger.info("Invalid new password. Exiting!!!"); + System.exit(1); + } + XXPortalUser xPortalUser = daoMgr.getXXPortalUser().findByLoginId(userLoginIdTemp); + if (xPortalUser != null) { + String dbPassword = xPortalUser.getPassword(); + String currentEncryptedPassword = null; + try { + currentEncryptedPassword = userMgr.encrypt(userLoginIdTemp, currentPasswordTemp); + if (currentEncryptedPassword.equals(dbPassword)) { + validatePassword(newPasswordTemp); + logger.info("User:" + userLoginIdTemp + "|Password:"+newPasswordTemp); + userMgr.updatePasswordInSHA256(userLoginIdTemp, newPasswordTemp, true); + logger.info("User '" + userLoginIdTemp + "' Password updated sucessfully."); + } else if (!currentEncryptedPassword.equals(dbPassword) && defaultPwdChangeRequest) { + System.out.println( + "Skipping default password change request as provided password doesn't match with existing password."); + logger.error( + "Skipping default password change request as provided password doesn't match with existing password."); + System.exit(2); + } else { + System.out.println("Invalid user password"); + logger.error("Invalid user password"); + System.exit(1); + break; + } + } catch (Exception e) { + logger.error("Update Admin Password failure. Detail: \n", e); + System.exit(1); + break; + } + } else { + System.out.println("User does not exist in DB!!"); + logger.error("User does not exist in DB"); + System.exit(1); + break; + } + } + } + + private void validatePassword(String newPassword) { + boolean checkPassword = false; + if (newPassword != null) { + String pattern = "(?=.*[0-9])(?=.*[a-zA-Z]).{8,}"; + checkPassword = newPassword.trim().matches(pattern); + if (!checkPassword) { + logger.error( + "validatePassword(). Password should be minimum 8 characters with minimum one alphabet and one numeric."); + System.out.println( + "validatePassword(). Password should be minimum 8 characters with minimum one alphabet and one numeric."); + throw restErrorUtil.createRESTException("serverMsg.changePasswordValidatePassword", + MessageEnums.INVALID_PASSWORD, null, + "Password should be minimum 8 characters with minimum one alphabet and one numeric", null); + } + } else { + logger.error("validatePassword(). Password cannot be blank/null."); + System.out.println("validatePassword(). Password cannot be blank/null."); + throw restErrorUtil.createRESTException("serverMsg.changePasswordValidatePassword", + MessageEnums.INVALID_PASSWORD, null, "Password cannot be blank/null", null); + } + } }
