Merge "Aligning JSON marshalled output for Properties similar to the XML counterpart."

diff --git a/opendaylight/distribution/opendaylight/pom.xml b/opendaylight/distribution/opendaylight/pom.xml
index 1fb131e4aff8fc6e5c505e6437bc8a5dc6c2e2b9..3efd97e2aa3857fa549e752ae16d1aa6990ab0f3 100644 (file)
--- a/opendaylight/distribution/opendaylight/pom.xml
+++ b/opendaylight/distribution/opendaylight/pom.xml
@@ -74,7 +74,7 @@
     <module>../../statisticsmanager/api</module>
     <module>../../statisticsmanager/implementation</module>
     <module>../../statisticsmanager/integrationtest</module>
-    <module>../../topologymanager</module>
+    <module>../../topologymanager/implementation</module>
     <module>../../usermanager/api</module>
     <module>../../usermanager/implementation</module>
     <module>../../connectionmanager/api</module>

diff --git a/opendaylight/distribution/opendaylight/src/main/resources/configuration/config.ini b/opendaylight/distribution/opendaylight/src/main/resources/configuration/config.ini
index 970929f794b93d2e329ddbfa7b5684b51fbf043a..12f18ff6452b1cbec6f9a6d4bec1c6949b1d2836 100644 (file)
--- a/opendaylight/distribution/opendaylight/src/main/resources/configuration/config.ini
+++ b/opendaylight/distribution/opendaylight/src/main/resources/configuration/config.ini
@@ -94,3 +94,6 @@ controllerKeyStore=
 controllerKeyStorePassword=
 controllerTrustStore=
 controllerTrustStorePassword=
+
+# User Manager configurations
+enableStrongPasswordCheck = false

diff --git a/opendaylight/forwardingrulesmanager/api/src/main/java/org/opendaylight/controller/forwardingrulesmanager/FlowConfig.java b/opendaylight/forwardingrulesmanager/api/src/main/java/org/opendaylight/controller/forwardingrulesmanager/FlowConfig.java
index ba69c8a3d29f8286f2d4f3157f6547a8f54c717b..62d6855e109f77ac97baf5107fb2c0efbcaa603e 100644 (file)
--- a/opendaylight/forwardingrulesmanager/api/src/main/java/org/opendaylight/controller/forwardingrulesmanager/FlowConfig.java
+++ b/opendaylight/forwardingrulesmanager/api/src/main/java/org/opendaylight/controller/forwardingrulesmanager/FlowConfig.java
@@ -655,6 +655,14 @@ public class FlowConfig implements Serializable {
         return ((to >= 0) && (to <= 0xffff));
     }
 
+    public boolean isProtocolValid(String protocol) {
+        int protocol_number = IPProtocols.getProtocolNumberInt(protocol);
+        if (protocol_number < 1 || protocol_number > 255) {
+            return false;
+        }
+        return true;
+    }
+
     private Status conflictWithContainerFlow(IContainer container) {
         // Return true if it's default container
         if (container.getName().equals(GlobalConstants.DEFAULT.toString())) {
@@ -762,6 +770,10 @@ public class FlowConfig implements Serializable {
                 }
             }
 
+            if ((protocol != null) && !isProtocolValid(protocol)) {
+                return new Status(StatusCode.BADREQUEST, String.format("Protocol %s is not valid", protocol));
+            }
+
             if ((tosBits != null) && !isTOSBitsValid(tosBits)) {
                 return new Status(StatusCode.BADREQUEST, String.format("IP ToS bits %s is not in the range 0 - 63",
                         tosBits));

diff --git a/opendaylight/sal/api/src/main/java/org/opendaylight/controller/sal/authorization/AppRoleLevel.java b/opendaylight/sal/api/src/main/java/org/opendaylight/controller/sal/authorization/AppRoleLevel.java
index 7e73dd414f4e18dd927b3085b074bd02af56f762..124b495147db61d99b53b24138bf47e5dda4083c 100644 (file)
--- a/opendaylight/sal/api/src/main/java/org/opendaylight/controller/sal/authorization/AppRoleLevel.java
+++ b/opendaylight/sal/api/src/main/java/org/opendaylight/controller/sal/authorization/AppRoleLevel.java
@@ -45,9 +45,9 @@ public enum AppRoleLevel implements Serializable {
     }
 
     public static AppRoleLevel fromString(String levelString) {
-        for (AppRoleLevel level : AppRoleLevel.values()) {
-                if (level.toString().equals(levelString)) {
-                        return level;
+        for (AppRoleLevel rolelevel : AppRoleLevel.values()) {
+                if (rolelevel.toString().equals(levelString)) {
+                        return rolelevel;
                 }
         }
         return null;

diff --git a/opendaylight/sal/api/src/main/java/org/opendaylight/controller/sal/core/Node.java b/opendaylight/sal/api/src/main/java/org/opendaylight/controller/sal/core/Node.java
index d21a147506dfd8e2f546ddd5210df33b1fc29c20..0ea04c32065e7746518504901abc454f4d5e6281 100644 (file)
--- a/opendaylight/sal/api/src/main/java/org/opendaylight/controller/sal/core/Node.java
+++ b/opendaylight/sal/api/src/main/java/org/opendaylight/controller/sal/core/Node.java
@@ -323,10 +323,10 @@ public class Node implements Serializable {
     @Override
     public String toString() {
         if (this.nodeType.equals(NodeIDType.OPENFLOW)) {
-            return this.nodeType.toString() + "|"
+            return this.nodeType + "|"
                 + HexEncode.longToHexString((Long) this.nodeID);
         } else {
-            return this.nodeType.toString() + "|" + this.nodeID.toString();
+            return this.nodeType + "|" + this.nodeID.toString();
         }
     }
 

diff --git a/opendaylight/sal/api/src/main/java/org/opendaylight/controller/sal/core/NodeConnector.java b/opendaylight/sal/api/src/main/java/org/opendaylight/controller/sal/core/NodeConnector.java
index 50ccf69b4090ad220aebb5b97b35559f978efd56..46c5a9dae933baee49c47e98476a37dd9222dae5 100644 (file)
--- a/opendaylight/sal/api/src/main/java/org/opendaylight/controller/sal/core/NodeConnector.java
+++ b/opendaylight/sal/api/src/main/java/org/opendaylight/controller/sal/core/NodeConnector.java
@@ -464,9 +464,9 @@ public class NodeConnector implements Serializable {
             .equals(NodeConnectorIDType.SWSTACK) ||
             this.nodeConnectorType
             .equals(NodeConnectorIDType.HWPATH)) {
-            return this.nodeConnectorType.toString();
+            return this.nodeConnectorType;
         } else {
-            return this.nodeConnectorType.toString() + "|"
+            return this.nodeConnectorType + "|"
                     + this.nodeConnectorID.toString();
         }
     }

diff --git a/opendaylight/sal/api/src/main/java/org/opendaylight/controller/sal/core/NodeTable.java b/opendaylight/sal/api/src/main/java/org/opendaylight/controller/sal/core/NodeTable.java
index 7b7f1ccaeaf22f29dc4fa2a9c35b75854086b46f..9e763eb241a273375edf7c27a6ed40871a9b0a0a 100644 (file)
--- a/opendaylight/sal/api/src/main/java/org/opendaylight/controller/sal/core/NodeTable.java
+++ b/opendaylight/sal/api/src/main/java/org/opendaylight/controller/sal/core/NodeTable.java
@@ -292,7 +292,7 @@ public class NodeTable implements Serializable {
     }
 
     public String getNodeTableIdAsString() {
-        return this.nodeTableType.toString() + "|"
+        return this.nodeTableType + "|"
                 + this.nodeTableID.toString();
     }
 

diff --git a/opendaylight/sal/api/src/main/java/org/opendaylight/controller/sal/utils/IPProtocols.java b/opendaylight/sal/api/src/main/java/org/opendaylight/controller/sal/utils/IPProtocols.java
index cdb4463c02acb2636a0991053f9e64951e3f3ba5..66e6e65706fc2b23a1498b589a4e94fafbe3e7bf 100644 (file)
--- a/opendaylight/sal/api/src/main/java/org/opendaylight/controller/sal/utils/IPProtocols.java
+++ b/opendaylight/sal/api/src/main/java/org/opendaylight/controller/sal/utils/IPProtocols.java
@@ -168,7 +168,8 @@ public enum IPProtocols {
      WESP("WESP",141),
      ROHC("ROHC",142);
      */
-    private static final String regexNumberString = "^[0-9]+$";
+    private static final String regexDecimalString = "^[0-9]{3}$";
+    private static final String regexHexString = "^(0(x|X))[0-9a-fA-F]{2}$";
     private String protocolName;
     private int protocolNumber;
 
@@ -215,7 +216,10 @@ public enum IPProtocols {
     }
 
     public static short getProtocolNumberShort(String name) {
-        if (name.matches(regexNumberString)) {
+        if (name.matches(regexHexString)) {
+            return Short.valueOf(Short.decode(name));
+        }
+        if (name.matches(regexDecimalString)) {
             return Short.valueOf(name);
         }
         for (IPProtocols proto : IPProtocols.values()) {
@@ -227,7 +231,10 @@ public enum IPProtocols {
     }
 
     public static int getProtocolNumberInt(String name) {
-        if (name.matches(regexNumberString)) {
+        if (name.matches(regexHexString)) {
+            return Integer.valueOf(Integer.decode(name));
+        }
+        if (name.matches(regexDecimalString)) {
             return Integer.valueOf(name);
         }
         for (IPProtocols proto : IPProtocols.values()) {
@@ -239,7 +246,10 @@ public enum IPProtocols {
     }
 
     public static byte getProtocolNumberByte(String name) {
-        if (name.matches(regexNumberString)) {
+        if (name.matches(regexHexString)) {
+            return Integer.valueOf(Integer.decode(name)).byteValue();
+        }
+        if (name.matches(regexDecimalString)) {
             return Integer.valueOf(name).byteValue();
         }
         for (IPProtocols proto : IPProtocols.values()) {

diff --git a/opendaylight/topologymanager/pom.xml b/opendaylight/topologymanager/implementation/pom.xml
similarity index 97%
rename from opendaylight/topologymanager/pom.xml
rename to opendaylight/topologymanager/implementation/pom.xml
index 98bc0e42c81cf0cb08b7bcd5225289726c67b84e..399f878223aa639e5acd421ecb55b7134ab83d12 100755 (executable)
--- a/opendaylight/topologymanager/pom.xml
+++ b/opendaylight/topologymanager/implementation/pom.xml
@@ -6,7 +6,7 @@
     <groupId>org.opendaylight.controller</groupId>
     <artifactId>commons.opendaylight</artifactId>
     <version>1.4.0-SNAPSHOT</version>
-    <relativePath>../commons/opendaylight</relativePath>
+    <relativePath>../../commons/opendaylight</relativePath>
   </parent>
   <scm>
     <connection>scm:git:ssh://git.opendaylight.org:29418/controller.git</connection>

diff --git a/opendaylight/topologymanager/src/main/java/org/opendaylight/controller/topologymanager/ITopologyManager.java b/opendaylight/topologymanager/implementation/src/main/java/org/opendaylight/controller/topologymanager/ITopologyManager.java
similarity index 100%
rename from opendaylight/topologymanager/src/main/java/org/opendaylight/controller/topologymanager/ITopologyManager.java
rename to opendaylight/topologymanager/implementation/src/main/java/org/opendaylight/controller/topologymanager/ITopologyManager.java

diff --git a/opendaylight/topologymanager/src/main/java/org/opendaylight/controller/topologymanager/ITopologyManagerAware.java b/opendaylight/topologymanager/implementation/src/main/java/org/opendaylight/controller/topologymanager/ITopologyManagerAware.java
similarity index 100%
rename from opendaylight/topologymanager/src/main/java/org/opendaylight/controller/topologymanager/ITopologyManagerAware.java
rename to opendaylight/topologymanager/implementation/src/main/java/org/opendaylight/controller/topologymanager/ITopologyManagerAware.java

diff --git a/opendaylight/topologymanager/src/main/java/org/opendaylight/controller/topologymanager/ITopologyManagerClusterWideAware.java b/opendaylight/topologymanager/implementation/src/main/java/org/opendaylight/controller/topologymanager/ITopologyManagerClusterWideAware.java
similarity index 100%
rename from opendaylight/topologymanager/src/main/java/org/opendaylight/controller/topologymanager/ITopologyManagerClusterWideAware.java
rename to opendaylight/topologymanager/implementation/src/main/java/org/opendaylight/controller/topologymanager/ITopologyManagerClusterWideAware.java

diff --git a/opendaylight/topologymanager/src/main/java/org/opendaylight/controller/topologymanager/TopologyUserLinkConfig.java b/opendaylight/topologymanager/implementation/src/main/java/org/opendaylight/controller/topologymanager/TopologyUserLinkConfig.java
similarity index 100%
rename from opendaylight/topologymanager/src/main/java/org/opendaylight/controller/topologymanager/TopologyUserLinkConfig.java
rename to opendaylight/topologymanager/implementation/src/main/java/org/opendaylight/controller/topologymanager/TopologyUserLinkConfig.java

diff --git a/opendaylight/topologymanager/src/main/java/org/opendaylight/controller/topologymanager/internal/Activator.java b/opendaylight/topologymanager/implementation/src/main/java/org/opendaylight/controller/topologymanager/internal/Activator.java
similarity index 100%
rename from opendaylight/topologymanager/src/main/java/org/opendaylight/controller/topologymanager/internal/Activator.java
rename to opendaylight/topologymanager/implementation/src/main/java/org/opendaylight/controller/topologymanager/internal/Activator.java

diff --git a/opendaylight/topologymanager/src/main/java/org/opendaylight/controller/topologymanager/internal/TopologyManagerImpl.java b/opendaylight/topologymanager/implementation/src/main/java/org/opendaylight/controller/topologymanager/internal/TopologyManagerImpl.java
similarity index 100%
rename from opendaylight/topologymanager/src/main/java/org/opendaylight/controller/topologymanager/internal/TopologyManagerImpl.java
rename to opendaylight/topologymanager/implementation/src/main/java/org/opendaylight/controller/topologymanager/internal/TopologyManagerImpl.java

diff --git a/opendaylight/topologymanager/src/test/java/org/opendaylight/controller/topologymanager/internal/TopologyManagerImplTest.java b/opendaylight/topologymanager/implementation/src/test/java/org/opendaylight/controller/topologymanager/internal/TopologyManagerImplTest.java
similarity index 100%
rename from opendaylight/topologymanager/src/test/java/org/opendaylight/controller/topologymanager/internal/TopologyManagerImplTest.java
rename to opendaylight/topologymanager/implementation/src/test/java/org/opendaylight/controller/topologymanager/internal/TopologyManagerImplTest.java

diff --git a/opendaylight/usermanager/api/src/main/java/org/opendaylight/controller/usermanager/UserConfig.java b/opendaylight/usermanager/api/src/main/java/org/opendaylight/controller/usermanager/UserConfig.java
index cca194e95337e30877aaff50332e37e6df4be30f..07c814adf14c7b2d35f9991a9bd3e5875296f922 100644 (file)
--- a/opendaylight/usermanager/api/src/main/java/org/opendaylight/controller/usermanager/UserConfig.java
+++ b/opendaylight/usermanager/api/src/main/java/org/opendaylight/controller/usermanager/UserConfig.java
@@ -34,9 +34,11 @@ public class UserConfig implements Serializable {
     protected String user;
     protected List<String> roles;
     private String password;
+
+    private static final boolean strongPasswordCheck = Boolean.getBoolean("enableStrongPasswordCheck");
+    private static final String BAD_PASSWORD = "Bad Password";
     private static final int USERNAME_MAXLENGTH = 32;
-    private static final int PASSWORD_MINLENGTH = 5;
-    private static final int PASSWORD_MAXLENGTH = 256;
+    protected static final String PASSWORD_REGEX = "(?=.*[^\\w])(?=.*\\d)(?=.*[a-z])(?=.*[A-Z]).{8,256}$";
     private static final Pattern INVALID_USERNAME_CHARACTERS = Pattern.compile("([/\\s\\.\\?#%;\\\\]+)");
     private static MessageDigest oneWayFunction = null;
     static {
@@ -63,16 +65,12 @@ public class UserConfig implements Serializable {
     public UserConfig(String user, String password, List<String> roles) {
         this.user = user;
 
-        this.password = password;
-        if (this.validatePassword().isSuccess()) {
-            /*
-             * Only if the password is a valid one, hash it. So in case it is not
-             * valid, when UserConfig.validate() is called, the proper
-             * validation error will be returned to the caller. If we hashed a
-             * priori instead, the mis-configuration would be masked
-             */
-            this.password = hash(this.password);
-        }
+        /*
+         * Password validation to be done on clear text password. If fails, mark
+         * the password with a well known label, so that object validation can
+         * report the proper error. Only if password is a valid one, hash it.
+         */
+        this.password = (validatePassword(password).isSuccess()) ? hash(password) : BAD_PASSWORD;
 
         this.roles = (roles == null) ? new ArrayList<String>() : new ArrayList<String>(roles);
     }
@@ -142,12 +140,15 @@ public class UserConfig implements Serializable {
     }
 
     public Status validate() {
-        Status validCheck = validateRoles();
+        Status validCheck = validateUsername();
         if (validCheck.isSuccess()) {
-            validCheck = validateUsername();
+            validCheck = (!password.equals(BAD_PASSWORD)) ? new Status(StatusCode.SUCCESS) : new Status(
+                    StatusCode.BADREQUEST,
+                    "Password should be 8 to 256 characters long, contain both upper and lower case letters, "
+                            + "at least one number and at least one non alphanumeric character");
         }
         if (validCheck.isSuccess()) {
-            validCheck = validatePassword();
+            validCheck = validateRoles();
         }
         return validCheck;
     }
@@ -168,15 +169,15 @@ public class UserConfig implements Serializable {
         return new Status(StatusCode.SUCCESS);
     }
 
-    private Status validatePassword() {
+    private Status validatePassword(String password) {
         if (password == null || password.isEmpty()) {
             return new Status(StatusCode.BADREQUEST, "Password cannot be empty");
         }
 
-        if (password.length() < UserConfig.PASSWORD_MINLENGTH
-                || password.length() > UserConfig.PASSWORD_MAXLENGTH) {
-            return new Status(StatusCode.BADREQUEST,
-                    "Password should have 5-256 characters");
+        if (strongPasswordCheck && !password.matches(UserConfig.PASSWORD_REGEX)) {
+            return new Status(StatusCode.BADREQUEST, "Password should be 8 to 256 characters long, "
+                    + "contain both upper and lower case letters, at least one number "
+                    + "and at least one non alphanumeric character");
         }
         return new Status(StatusCode.SUCCESS);
     }
@@ -247,4 +248,25 @@ public class UserConfig implements Serializable {
         UserConfig.oneWayFunction.reset();
         return HexEncode.bytesToHexString(UserConfig.oneWayFunction.digest(message.getBytes(Charset.defaultCharset())));
     }
+
+    /**
+     * Returns UserConfig instance populated with the passed parameters. It does
+     * not run any checks on the passed parameters.
+     *
+     * @param userName
+     *            the user name
+     * @param password
+     *            the plain text password
+     * @param roles
+     *            the list of roles
+     * @return the UserConfig object populated with the passed parameters. No
+     *         validity check is run on the input parameters.
+     */
+    public static UserConfig getUncheckedUserConfig(String userName, String password, List<String> roles) {
+        UserConfig config = new UserConfig();
+        config.user = userName;
+        config.password = hash(password);
+        config.roles = roles;
+        return config;
+    }
 }

diff --git a/opendaylight/usermanager/api/src/test/java/org/opendaylight/controller/usermanager/AuthorizationUserConfigTest.java b/opendaylight/usermanager/api/src/test/java/org/opendaylight/controller/usermanager/AuthorizationUserConfigTest.java
index 4c2a19e426f1a88194b5f223a4245b2e67f3fd27..8c029a7488361b778b2749fe327a48a812d675c0 100644 (file)
--- a/opendaylight/usermanager/api/src/test/java/org/opendaylight/controller/usermanager/AuthorizationUserConfigTest.java
+++ b/opendaylight/usermanager/api/src/test/java/org/opendaylight/controller/usermanager/AuthorizationUserConfigTest.java
@@ -117,4 +117,41 @@ public class AuthorizationUserConfigTest {
         UserConfig userConfig2 = new UserConfig("uname", "ciscocisco", roles);
         assertEquals(userConfig, userConfig2);
     }
+
+    @Test
+    public void userConfigPasswordTest() {
+
+        String regex = UserConfig.PASSWORD_REGEX;
+        String password = null;
+
+        // Good password
+        password = "aBc@eF#h9";
+        assertTrue(password.matches(regex));
+        password = "^aBc@eF#h9$88ad*o&";
+        assertTrue(password.matches(regex));
+        password = "_^aBc@\":eF#h;9$\\8|8ad*o&-(){}/,.><?+-";
+        assertTrue(password.matches(regex));
+        password = "culonE1)";
+        assertTrue(password.matches(regex));
+
+        // Too short
+        password = "aB3@eF#";
+        assertFalse(password.matches(regex));
+
+        // No number
+        password = "#BeCCC#CeDfDf";
+        assertFalse(password.matches(regex));
+
+        // No lower case
+        password = "AB8C#CC@C4";
+        assertFalse(password.matches(regex));
+
+        // No upper case
+        password = "ab8defg9!";
+        assertFalse(password.matches(regex));
+
+        // No special characters
+        password = "aBc4ef7H8";
+        assertFalse(password.matches(regex));
+    }
 }

diff --git a/opendaylight/usermanager/implementation/src/main/java/org/opendaylight/controller/usermanager/internal/Activator.java b/opendaylight/usermanager/implementation/src/main/java/org/opendaylight/controller/usermanager/internal/Activator.java
index 0e7e2a37a73f19aefda0919ea8304ac8b375d34f..3898ca589ae710d36ea847eae03aa3742a6cccd6 100644 (file)
--- a/opendaylight/usermanager/implementation/src/main/java/org/opendaylight/controller/usermanager/internal/Activator.java
+++ b/opendaylight/usermanager/implementation/src/main/java/org/opendaylight/controller/usermanager/internal/Activator.java
@@ -61,7 +61,7 @@ public class Activator extends ComponentActivatorAbstractBase {
      */
     @Override
     public Object[] getImplementations() {
-        return null;
+        return new Object[]{};
     }
 
     /**

diff --git a/opendaylight/usermanager/implementation/src/main/java/org/opendaylight/controller/usermanager/internal/UserManager.java b/opendaylight/usermanager/implementation/src/main/java/org/opendaylight/controller/usermanager/internal/UserManager.java
index e53e962aa82590db6d48890278657926de57dfb0..8d9e34717e31651cc4086b5a70798e11aceae9e5 100644 (file)
--- a/opendaylight/usermanager/implementation/src/main/java/org/opendaylight/controller/usermanager/internal/UserManager.java
+++ b/opendaylight/usermanager/implementation/src/main/java/org/opendaylight/controller/usermanager/internal/UserManager.java
@@ -204,12 +204,17 @@ public class UserManager implements IUserManager, IObjectReader,
     }
 
     private void checkDefaultNetworkAdmin() {
-        // If startup config is not there, it's old or it was deleted,
-        // need to add Default Network Admin User
+        /*
+         * If startup config is not there, it's old or it was deleted or if a
+         * password recovery was run, need to add Default Network Admin User
+         */
         if (!localUserConfigList.containsKey(DEFAULT_ADMIN)) {
             List<String> roles = new ArrayList<String>(1);
             roles.add(DEFAULT_ADMIN_ROLE);
-            localUserConfigList.put(DEFAULT_ADMIN, new UserConfig(DEFAULT_ADMIN, DEFAULT_ADMIN_PASSWORD, roles));
+            // Need to skip the strong password check for the default admin
+            UserConfig defaultAdmin = UserConfig.getUncheckedUserConfig(UserManager.DEFAULT_ADMIN,
+                    UserManager.DEFAULT_ADMIN_PASSWORD, roles);
+            localUserConfigList.put(UserManager.DEFAULT_ADMIN, defaultAdmin);
         }
     }
 

diff --git a/opendaylight/web/root/src/main/java/org/opendaylight/controller/web/DaylightWebAdmin.java b/opendaylight/web/root/src/main/java/org/opendaylight/controller/web/DaylightWebAdmin.java
index 2b58bcc4cb6c1fb50b12801e2e6133078a13e47f..eafd8c54a773eb9bb933dd9f0d3f1cdd14d2b9c5 100644 (file)
--- a/opendaylight/web/root/src/main/java/org/opendaylight/controller/web/DaylightWebAdmin.java
+++ b/opendaylight/web/root/src/main/java/org/opendaylight/controller/web/DaylightWebAdmin.java
@@ -15,6 +15,7 @@ import java.util.List;
 import java.util.Set;
 
 import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpSession;
 
 import org.opendaylight.controller.clustering.services.IClusterGlobalServices;
 import org.opendaylight.controller.connectionmanager.IConnectionManager;
@@ -212,24 +213,63 @@ public class DaylightWebAdmin {
 
     @RequestMapping(value = "/users/password/{username}", method = RequestMethod.POST)
     @ResponseBody
-    public Status changePassword(@PathVariable("username") String username, HttpServletRequest request,
-            @RequestParam("currentPassword") String currentPassword, @RequestParam("newPassword") String newPassword) {
+    public Status changePassword(
+            @PathVariable("username") String username, HttpServletRequest request,
+            @RequestParam(value = "currentPassword", required=false) String currentPassword,
+            @RequestParam("newPassword") String newPassword) {
         IUserManager userManager = (IUserManager) ServiceHelper.getGlobalInstance(IUserManager.class, this);
         if (userManager == null) {
-            return new Status(StatusCode.GONE, "User Manager not found");
+            return new Status(StatusCode.NOSERVICE, "User Manager unavailable");
         }
 
-        if (!authorize(userManager, UserLevel.NETWORKADMIN, request)) {
-            return new Status(StatusCode.FORBIDDEN, "Operation not permitted");
-        }
+        Status status;
+        String requestingUser = request.getUserPrincipal().getName();
+
+        //changing own password
+        if (requestingUser.equals(username) ) {
+            status = userManager.changeLocalUserPassword(username, currentPassword, newPassword);
+            //enforce the user to re-login with new password
+            if (status.isSuccess() && !newPassword.equals(currentPassword)) {
+                userManager.userLogout(username);
+                HttpSession session = request.getSession(false);
+                if ( session != null) {
+                    session.invalidate();
+                }
+            }
+
+        //admin level user resetting other's password
+        } else if (authorize(userManager, UserLevel.NETWORKADMIN, request)) {
+
+            //Since User Manager doesn't have an unprotected password change API,
+            //we re-create the user with the new password (and current roles).
+            List<String> roles = userManager.getUserRoles(username);
+            UserConfig newConfig = new UserConfig(username, newPassword, roles);
+
+            //validate before removing existing config, so we don't remove but fail to add
+            status = newConfig.validate();
+            if (!status.isSuccess()) {
+                return status;
+            }
+
+            userManager.userLogout(username);
+            status = userManager.removeLocalUser(username);
+            if (!status.isSuccess()) {
+                return status;
+            }
+            if (userManager.addLocalUser(newConfig).isSuccess()) {
+                status = new Status(StatusCode.SUCCESS, "Password for user " + username + " reset successfully.");
+            } else {
+                //unexpected
+                status = new Status(StatusCode.INTERNALERROR, "Failed resetting password for user " + username + ". User is now removed.");
+            }
 
-        if (newPassword.isEmpty()) {
-            return new Status(StatusCode.BADREQUEST, "Empty passwords not allowed");
+        //unauthorized
+        } else {
+            status = new Status(StatusCode.UNAUTHORIZED, "Operation not permitted");
         }
 
-        Status status = userManager.changeLocalUserPassword(username, currentPassword, newPassword);
         if (status.isSuccess()) {
-            DaylightWebUtil.auditlog("User", request.getUserPrincipal().getName(), "changed password for", username);
+            DaylightWebUtil.auditlog("User", requestingUser, "changed password for", username);
         }
         return status;
     }

diff --git a/opendaylight/web/root/src/main/resources/WEB-INF/jsp/main.jsp b/opendaylight/web/root/src/main/resources/WEB-INF/jsp/main.jsp
index c795a5d56b920de6111141bea501a8b3dbcfaa57..4b0ce2d07d3d55a51c2ac873b642ce081c659728 100644 (file)
--- a/opendaylight/web/root/src/main/resources/WEB-INF/jsp/main.jsp
+++ b/opendaylight/web/root/src/main/resources/WEB-INF/jsp/main.jsp
@@ -67,6 +67,7 @@
    </div>
    <div class="span3">
     <div id="toolbar" class="btn-group">
+    <input type="hidden" id="currentuser" value="${username}" data-role="${role}">
      <a class="btn dropdown-toggle" data-toggle="dropdown" href="#">
       <div class="icon-user"></div> ${username} <span class="caret"></span>
      </a>

diff --git a/opendaylight/web/root/src/main/resources/js/open.js b/opendaylight/web/root/src/main/resources/js/open.js
index 43a7dfdc443ab7447fb472dc31afa1b83402f9d7..619edcaf2cba5ed4bb5d5d08359c13333a702d5a 100644 (file)
--- a/opendaylight/web/root/src/main/resources/js/open.js
+++ b/opendaylight/web/root/src/main/resources/js/open.js
@@ -443,9 +443,12 @@ one.main.admin = {
       // change password binding
       $('#'+one.main.admin.id.modal.password.submit, $modal).click(function() {
         one.main.admin.password.submit(id, $modal, function(result) {
-          if (result.code == 'SUCCESS') {
-            $modal.modal('hide');
-            successCallback();
+          if (result.success) {
+            //if changed own password, enforce relogin
+            if (id.trim() == $('#currentuser').val().trim()) {
+                alert("Password changed successfully. Please re-login with your new password.");
+                window.location = '/';
+            }
           } else {
             alert(result.code+': '+result.description);
           }