Added force password changing and password complexity requirements

Author: cicchr

Diff for: assign-client/src/main/java/edu/rpi/aris/assign/client/Client.java

@@ -1,24 +1,26 @@
 package edu.rpi.aris.assign.client;
 
+import edu.rpi.aris.assign.DBUtils;
 import edu.rpi.aris.assign.LibAssign;
 import edu.rpi.aris.assign.MessageCommunication;
 import edu.rpi.aris.assign.NetUtil;
-import edu.rpi.aris.assign.client.exceptions.AuthBanException;
-import edu.rpi.aris.assign.client.exceptions.InvalidAccessTokenException;
-import edu.rpi.aris.assign.client.exceptions.InvalidCredentialsException;
+import edu.rpi.aris.assign.client.exceptions.*;
 import edu.rpi.aris.assign.client.model.Config;
 import edu.rpi.aris.assign.message.ErrorMsg;
 import edu.rpi.aris.assign.message.Message;
+import edu.rpi.aris.assign.message.UserEditMsg;
 import javafx.application.Platform;
 import javafx.beans.binding.Bindings;
 import javafx.beans.property.SimpleObjectProperty;
 import javafx.geometry.Insets;
 import javafx.geometry.Pos;
 import javafx.scene.Node;
+import javafx.scene.Parent;
 import javafx.scene.control.*;
 import javafx.scene.layout.GridPane;
 import javafx.scene.layout.HBox;
 import javafx.scene.layout.Priority;
+import javafx.scene.layout.VBox;
 import javafx.util.Pair;
 import org.apache.commons.lang3.StringUtils;
 import org.apache.commons.lang3.tuple.ImmutableTriple;
@@ -415,10 +417,12 @@ private synchronized void doAuth(String user, String pass, boolean isAccessToken
             case NetUtil.AUTH_ERR:
                 throw new IOException("The server encountered an error while attempting to authenticate this connection");
             default:
-                if (res.startsWith(NetUtil.AUTH_OK)) {
-                    String accessToken = res.replaceFirst(NetUtil.AUTH_OK + " ", "");
+                if (res.startsWith(NetUtil.AUTH_OK) || res.startsWith(NetUtil.AUTH_RESET)) {
+                    String accessToken = res.replaceFirst(res.startsWith(NetUtil.AUTH_OK) ? NetUtil.AUTH_OK : NetUtil.AUTH_RESET, "").trim();
                     Config.ACCESS_TOKEN.setValue(URLDecoder.decode(accessToken, "UTF-8"));
                     Platform.runLater(() -> Config.USERNAME.setValue(user));
+                    if (res.startsWith(NetUtil.AUTH_RESET))
+                        throw new PasswordResetRequiredException();
                 } else
                     throw new IOException(res);
         }
@@ -482,6 +486,28 @@ public <T extends Message> void processMessage(T message, ResponseHandler<T> res
             } catch (AuthBanException e) {
                 AssignClient.getInstance().getMainWindow().displayErrorMsg("Temporary Ban", e.getMessage());
                 responseHandler.onError(false, message);
+            } catch (PasswordResetRequiredException e) {
+                AssignClient.getInstance().getMainWindow().displayErrorMsg("Password Reset", e.getMessage(), true);
+                disconnect();
+                boolean retry = false;
+                do {
+                    try {
+                        retry = false;
+                        resetPassword();
+                        responseHandler.onError(true, message);
+                    } catch (CancellationException e1) {
+                        responseHandler.onError(false, message);
+                    } catch (InvalidCredentialsException e1) {
+                        AssignClient.getInstance().getMainWindow().displayErrorMsg("Incorrect Password", "Your current password is incorrect", true);
+                        retry = true;
+                    } catch (WeakPasswordException e1) {
+                        AssignClient.getInstance().getMainWindow().displayErrorMsg("Weak Password", "Your new password does not meet the complexity requirements", true);
+                        retry = true;
+                    } catch (Throwable e1) {
+                        AssignClient.getInstance().getMainWindow().displayErrorMsg("Error", e1.getMessage());
+                        responseHandler.onError(false, message);
+                    }
+                } while (retry);
             } catch (Throwable e) {
                 logger.error("Error sending message", e);
                 responseHandler.onError(false, message);
@@ -605,6 +631,74 @@ private Triple<String, String, Boolean> getCredentials() {
         return new ImmutableTriple<>(user, pass, isAccessToken);
     }
 
+    private void resetPassword() throws Exception {
+        AtomicReference<Optional<Pair<String, String>>> result = new AtomicReference<>(null);
+        Platform.runLater(() -> {
+            Dialog<Pair<String, String>> dialog = new Dialog<>();
+            dialog.setTitle("Reset Password");
+            dialog.setHeaderText("Your password has expired.\n" +
+                    "Please reset your password\n\n" +
+                    DBUtils.COMPLEXITY_RULES);
+            ButtonType loginButtonType = new ButtonType("Reset Password", ButtonBar.ButtonData.OK_DONE);
+            dialog.getDialogPane().getButtonTypes().addAll(loginButtonType, ButtonType.CANCEL);
+            GridPane grid = new GridPane();
+            grid.setVgap(10);
+            grid.setHgap(10);
+            grid.setPadding(new Insets(20));
+            PasswordField currentPass = new PasswordField();
+            currentPass.setPromptText("Current Password");
+            PasswordField newPassword = new PasswordField();
+            newPassword.setPromptText("New Password");
+            PasswordField retypePassword = new PasswordField();
+            retypePassword.setPromptText("Retype Password");
+            grid.add(new Label("Current Password:"), 0, 0);
+            grid.add(currentPass, 1, 0);
+            grid.add(new Label("New Password:"), 0, 1);
+            grid.add(newPassword, 1, 1);
+            grid.add(new Label("Retype Password:"), 0, 2);
+            grid.add(retypePassword, 1, 2);
+            Node loginButton = dialog.getDialogPane().lookupButton(loginButtonType);
+            loginButton.disableProperty().bind(currentPass.textProperty().isEmpty().or
+                    (newPassword.textProperty().isEmpty()).or
+                    (retypePassword.textProperty().isEmpty()).or
+                    (newPassword.textProperty().isNotEqualTo(retypePassword.textProperty())).or
+                    (Bindings.createBooleanBinding(() -> !DBUtils.checkPasswordComplexity(Config.USERNAME.getValue(), newPassword.getText()), newPassword.textProperty())).or
+                    (currentPass.textProperty().isEqualTo(newPassword.textProperty())));
+            dialog.getDialogPane().setContent(grid);
+            dialog.setResultConverter(buttonType -> buttonType == ButtonType.CANCEL ? null : new Pair<>(currentPass.getText(), newPassword.getText()));
+            currentPass.requestFocus();
+            result.set(dialog.showAndWait());
+            synchronized (result) {
+                result.notify();
+            }
+        });
+        synchronized (result) {
+            try {
+                result.wait();
+            } catch (InterruptedException e) {
+                e.printStackTrace();
+            }
+        }
+        if (result.get() != null && result.get().isPresent()) {
+            String oldPass = result.get().get().getKey();
+            String newPass = result.get().get().getValue();
+            UserEditMsg editMsg = new UserEditMsg(Config.USERNAME.getValue(), null, newPass, oldPass, true);
+            try {
+                connect();
+            } catch (PasswordResetRequiredException ignored) {
+            }
+            Message res;
+            try {
+                res = editMsg.sendAndGet(this);
+            } finally {
+                disconnect();
+            }
+            if (!(res instanceof UserEditMsg))
+                resetPassword();
+        } else
+            throw new CancellationException();
+    }
+
     public synchronized void disconnect() {
         disconnect(true);
     }
@@ -675,8 +769,14 @@ public synchronized String readMessage() throws IOException {
 
     @Override
     public void handleErrorMsg(ErrorMsg msg) {
-        // TODO: implement
-        throw new RuntimeException("Not implemented: \n" + msg);
+        switch (msg.getErrorType()) {
+            case AUTH_FAIL:
+                throw new InvalidCredentialsException();
+            case AUTH_WEAK_PASS:
+                throw new WeakPasswordException();
+            default:
+                throw new RuntimeException("Error: " + msg.getErrorType());
+        }
     }
 
     private boolean showCertWarning() {

Diff for: assign-client/src/main/java/edu/rpi/aris/assign/client/controller/AssignGui.java

@@ -46,7 +46,7 @@ public class AssignGui {
 
     private AssignGui() {
         stage = new Stage();
-        FXMLLoader loader = new FXMLLoader(ModuleRow.class.getResource("../view/assignment_window.fxml"));
+        FXMLLoader loader = new FXMLLoader(ModuleRow.class.getResource("../view/assign_window.fxml"));
         loader.setController(this);
         Parent root;
         try {

Diff for: assign-client/src/main/java/edu/rpi/aris/assign/client/controller/AssignmentsGui.java

@@ -0,0 +1,4 @@
+package edu.rpi.aris.assign.client.controller;
+
+public class AssignmentsGui {
+}

Diff for: assign-client/src/main/java/edu/rpi/aris/assign/client/exceptions/AuthBanException.java

@@ -1,6 +1,6 @@
 package edu.rpi.aris.assign.client.exceptions;
 
-public class AuthBanException extends Exception {
+public class AuthBanException extends RuntimeException {
 
     public AuthBanException() {
         super("Authentication failed. Your ip address has been temporarily banned");

Diff for: assign-client/src/main/java/edu/rpi/aris/assign/client/exceptions/InvalidAccessTokenException.java

@@ -1,6 +1,6 @@
 package edu.rpi.aris.assign.client.exceptions;
 
-public class InvalidAccessTokenException extends Exception {
+public class InvalidAccessTokenException extends RuntimeException {
 
     public InvalidAccessTokenException() {
         super("Access Token Expired");

Diff for: assign-client/src/main/java/edu/rpi/aris/assign/client/exceptions/InvalidCredentialsException.java

@@ -1,6 +1,6 @@
 package edu.rpi.aris.assign.client.exceptions;
 
-public class InvalidCredentialsException extends Exception {
+public class InvalidCredentialsException extends RuntimeException {
 
     public InvalidCredentialsException() {
         super("Invalid Credentials");

Diff for: assign-client/src/main/java/edu/rpi/aris/assign/client/exceptions/PasswordResetRequiredException.java

@@ -0,0 +1,9 @@
+package edu.rpi.aris.assign.client.exceptions;
+
+public class PasswordResetRequiredException extends RuntimeException {
+
+    public PasswordResetRequiredException() {
+        super("Your password has expired and must be reset");
+    }
+
+}

Diff for: assign-client/src/main/java/edu/rpi/aris/assign/client/exceptions/WeakPasswordException.java

@@ -0,0 +1,9 @@
+package edu.rpi.aris.assign.client.exceptions;
+
+public class WeakPasswordException extends RuntimeException {
+
+    public WeakPasswordException() {
+        super("The given password does not meet the minimum password requirements");
+    }
+
+}

Diff for: assign-client/src/main/java/edu/rpi/aris/assign/client/guiold/AssignmentWindow.java

@@ -85,7 +85,7 @@ public class AssignmentWindow {
     public AssignmentWindow() {
         clientInfo = new ClientInfo();
         problemList = new ProblemList();
-        FXMLLoader loader = new FXMLLoader(AssignmentWindow.class.getResource("assignment_window.fxml"));
+        FXMLLoader loader = new FXMLLoader(AssignmentWindow.class.getResource("assign_window.fxml"));
         loader.setController(this);
         Parent root;
         try {

Diff for: assign-client/src/main/java/edu/rpi/aris/assign/client/model/Assignments.java

@@ -0,0 +1,4 @@
+package edu.rpi.aris.assign.client.model;
+
+public class Assignments {
+}

Diff for: assign-client/src/main/resources/edu/rpi/aris/assign/client/view/assignment_window.css renamed to assign-client/src/main/resources/edu/rpi/aris/assign/client/view/assign_window.css

@@ -34,7 +34,7 @@
             </Menu>
          </menus>
       </MenuBar>
-      <BorderPane stylesheets="@assignment_window.css">
+      <BorderPane stylesheets="@assign_window.css">
           <top>
               <HBox alignment="CENTER_LEFT" spacing="5.0" BorderPane.alignment="CENTER">
                   <Label fx:id="lblClass" alignment="CENTER" contentDisplay="CENTER" text="Class:">

Diff for: assign-client/src/main/resources/edu/rpi/aris/assign/client/view/assignment_window.fxml renamed to assign-client/src/main/resources/edu/rpi/aris/assign/client/view/assign_window.fxml

@@ -0,0 +1,28 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<?import javafx.scene.control.TableColumn?>
+<?import javafx.scene.control.TableView?>
+<?import javafx.scene.layout.StackPane?>
+<?import javafx.scene.layout.VBox?>
+
+
+<StackPane maxHeight="-Infinity" maxWidth="-Infinity" minHeight="-Infinity" minWidth="-Infinity" xmlns="http://javafx.com/javafx/8.0.121" xmlns:fx="http://javafx.com/fxml/1">
+   <children>
+      <VBox>
+         <children>
+            <TableView>
+              <columns>
+                <TableColumn prefWidth="75.0" text="Assignment" />
+                <TableColumn prefWidth="75.0" text="Due Date" />
+                  <TableColumn prefWidth="75.0" text="Assigned By" />
+                  <TableColumn prefWidth="75.0" text="Completed" />
+              </columns>
+               <columnResizePolicy>
+                  <TableView fx:constant="CONSTRAINED_RESIZE_POLICY" />
+               </columnResizePolicy>
+            </TableView>
+         </children>
+      </VBox>
+      <VBox />
+   </children>
+</StackPane>

Diff for: assign-client/src/main/resources/edu/rpi/aris/assign/client/view/assignments_view.fxml

@@ -4,6 +4,7 @@
 import edu.rpi.aris.assign.message.ErrorMsg;
 import edu.rpi.aris.assign.message.ErrorType;
 import edu.rpi.aris.assign.message.Message;
+import edu.rpi.aris.assign.message.UserEditMsg;
 import org.apache.commons.collections4.map.PassiveExpiringMap;
 import org.apache.commons.lang3.tuple.Pair;
 import org.apache.logging.log4j.LogManager;
@@ -130,7 +131,7 @@ private boolean verifyAuth() throws IOException {
         logger.info("Authenticating user: " + username);
         String pass = URLDecoder.decode(auth[3], "UTF-8");
         try (Connection connection = dbManager.getConnection();
-             PreparedStatement statement = connection.prepareStatement("SELECT salt, password_hash, access_token, id, user_type FROM users WHERE username = ?;")) {
+             PreparedStatement statement = connection.prepareStatement("SELECT salt, password_hash, access_token, id, user_type, force_reset FROM users WHERE username = ?;")) {
             statement.setString(1, username);
             try (ResultSet set = statement.executeQuery()) {
                 if (set.next()) {
@@ -149,6 +150,7 @@ private boolean verifyAuth() throws IOException {
                             updateUserType.executeUpdate();
                         }
                     }
+                    boolean forceReset = set.getBoolean(6);
                     if (DBUtils.checkPass(pass, salt, savedHash)) {
                         String access_token = generateAccessToken();
                         MessageDigest digest = DBUtils.getDigest();
@@ -159,8 +161,8 @@ private boolean verifyAuth() throws IOException {
                             updateAccessToken.setString(2, username);
                             updateAccessToken.executeUpdate();
                         }
-                        sendMessage(NetUtil.AUTH_OK + " " + URLEncoder.encode(access_token, "UTF-8"));
-                        user = new User(userId, username, userType);
+                        sendMessage((forceReset ? NetUtil.AUTH_RESET : NetUtil.AUTH_OK) + " " + URLEncoder.encode(access_token, "UTF-8"));
+                        user = new User(userId, username, userType, forceReset);
                         return true;
                     } else {
                         if (auth[1].equals(NetUtil.AUTH_PASS)) {
@@ -218,7 +220,15 @@ private void messageWatch() {
                     try (Connection connection = dbManager.getConnection()) {
                         try {
                             connection.setAutoCommit(false);
-                            ErrorType error = msg.processMessage(connection, user);
+                            ErrorType error;
+                            if (user.requireReset()) {
+                                if (msg instanceof UserEditMsg && ((UserEditMsg) msg).isChangePass() && user.username.equals(((UserEditMsg) msg).getUsername()))
+                                    error = msg.processMessage(connection, user);
+                                else
+                                    error = ErrorType.RESET_PASS;
+                            } else {
+                                error = msg.processMessage(connection, user);
+                            }
                             if (error == null) {
                                 connection.commit();
                                 msg.send(this);

Diff for: assign-server/src/main/java/edu/rpi/aris/assign/server/ClientHandler.java

@@ -20,7 +20,7 @@
 public class DatabaseManager {
 
     private static final String[] tables = new String[]{"submission", "assignment", "problem", "user_class", "users", "class", "version"};
-    private static final int DB_SCHEMA_VERSION = 4;
+    private static final int DB_SCHEMA_VERSION = 6;
     private static Logger logger = LogManager.getLogger(DatabaseManager.class);
 
     static {
@@ -88,13 +88,15 @@ private void createTables(Connection connection) throws SQLException {
                     "user_type text," +
                     "salt text," +
                     "password_hash text," +
-                    "access_token text);");
+                    "access_token text," +
+                    "force_reset boolean);");
             statement.execute("CREATE TABLE IF NOT EXISTS class" +
                     "(id serial PRIMARY KEY," +
                     "name text);");
             statement.execute("CREATE TABLE IF NOT EXISTS user_class" +
                     "(user_id integer," +
                     "class_id integer," +
+                    "is_ta boolean" +
                     "constraint uc_ufk foreign key (user_id) references users(id) on delete cascade," +
                     "constraint uc_cfk foreign key (class_id) references class(id) on delete cascade);");
             statement.execute("CREATE TABLE IF NOT EXISTS problem" +
@@ -206,6 +208,44 @@ private void updateSchema3(Connection connection) throws SQLException {
         } finally {
             connection.setAutoCommit(autoCommit);
         }
+        updateSchema4(connection);
+    }
+
+    private void updateSchema4(Connection connection) throws SQLException {
+        logger.info("Updating database schema to version 5");
+        boolean autoCommit = connection.getAutoCommit();
+        connection.setAutoCommit(false);
+        try (Statement statement = connection.createStatement()) {
+            statement.execute("ALTER TABLE user_class ADD COLUMN is_ta boolean;");
+            statement.execute("UPDATE user_class SET is_ta=false;");
+            statement.execute("UPDATE version SET version=5;");
+            connection.commit();
+        } catch (Throwable e) {
+            connection.rollback();
+            logger.error("An error occurred while updating the database schema and the changes were rolled back");
+            throw e;
+        } finally {
+            connection.setAutoCommit(autoCommit);
+        }
+        updateSchema5(connection);
+    }
+
+    private void updateSchema5(Connection connection) throws SQLException {
+        logger.info("Updating database schema to version 6");
+        boolean autoCommit = connection.getAutoCommit();
+        connection.setAutoCommit(false);
+        try (Statement statement = connection.createStatement()) {
+            statement.execute("ALTER TABLE users ADD COLUMN force_reset boolean;");
+            statement.execute("UPDATE users SET force_reset=false;");
+            statement.execute("UPDATE version SET version=6;");
+            connection.commit();
+        } catch (Throwable e) {
+            connection.rollback();
+            logger.error("An error occurred while updating the database schema and the changes were rolled back");
+            throw e;
+        } finally {
+            connection.setAutoCommit(autoCommit);
+        }
     }
 
     public Pair<String, String> createUser(String username, String password, UserType userType) throws SQLException {