From 3f949f46a3b2f8028b42b1f7d22c25778daf4bba Mon Sep 17 00:00:00 2001
From: Sebastian Roth <sebastian.roth@snyk.io>
Date: Thu, 13 Apr 2023 12:20:39 +0800
Subject: [PATCH 1/2] Adds audit trail capabilities

---
 src/com/ibm/security/appscan/altoromutual/util/DBUtil.java | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/src/com/ibm/security/appscan/altoromutual/util/DBUtil.java b/src/com/ibm/security/appscan/altoromutual/util/DBUtil.java
index 3031aa8b..ad78ca9e 100644
--- a/src/com/ibm/security/appscan/altoromutual/util/DBUtil.java
+++ b/src/com/ibm/security/appscan/altoromutual/util/DBUtil.java
@@ -504,6 +504,10 @@ public static String changePassword(String username, String password) {
 			Connection connection = getConnection();
 			Statement statement = connection.createStatement();
 			statement.execute("UPDATE PEOPLE SET PASSWORD = '"+ password +"' WHERE USER_ID = '"+username+"'");
+
+			Statement statement2 = connection.createStatement();
+			statement2.execute("INSERT INTO AUDIT_TRAIL (event, user) VALUES ('password_change', '"+username+"')");
+
 			return null;
 		} catch (SQLException e){
 			return e.toString();

From 0d5c7ec1e2d15bd5057ff2e04fbeecb1e2b95afe Mon Sep 17 00:00:00 2001
From: Sebastian Roth <sebastian.roth@snyk.io>
Date: Thu, 13 Apr 2023 12:26:36 +0800
Subject: [PATCH 2/2] move to separate function

---
 .../appscan/altoromutual/api/AdminAPI.java         |  3 ++-
 .../security/appscan/altoromutual/util/DBUtil.java | 14 ++++++++++----
 2 files changed, 12 insertions(+), 5 deletions(-)

diff --git a/src/com/ibm/security/appscan/altoromutual/api/AdminAPI.java b/src/com/ibm/security/appscan/altoromutual/api/AdminAPI.java
index 5c656400..18fa0fc7 100644
--- a/src/com/ibm/security/appscan/altoromutual/api/AdminAPI.java
+++ b/src/com/ibm/security/appscan/altoromutual/api/AdminAPI.java
@@ -57,7 +57,8 @@ public Response changePassword(String bodyJSON, @Context HttpServletRequest requ
 		
 		if (error != null)
 				return Response.status(Response.Status.INTERNAL_SERVER_ERROR).entity("{\"error\":\""+error+"\"}").build();
-		
+
+		DBUtil.updateAuditTrail(username);
 
 		return Response.status(Response.Status.OK).entity("{\"success\":\"Requested operation has completed successfully.\"}").type(MediaType.APPLICATION_JSON_TYPE).build();
 	}
diff --git a/src/com/ibm/security/appscan/altoromutual/util/DBUtil.java b/src/com/ibm/security/appscan/altoromutual/util/DBUtil.java
index ad78ca9e..35802329 100644
--- a/src/com/ibm/security/appscan/altoromutual/util/DBUtil.java
+++ b/src/com/ibm/security/appscan/altoromutual/util/DBUtil.java
@@ -504,18 +504,24 @@ public static String changePassword(String username, String password) {
 			Connection connection = getConnection();
 			Statement statement = connection.createStatement();
 			statement.execute("UPDATE PEOPLE SET PASSWORD = '"+ password +"' WHERE USER_ID = '"+username+"'");
+			return null;
+		} catch (SQLException e){
+			return e.toString();
+		}
+	}
 
-			Statement statement2 = connection.createStatement();
-			statement2.execute("INSERT INTO AUDIT_TRAIL (event, user) VALUES ('password_change', '"+username+"')");
+	public static String updateAuditTrail(String username) {
+		try {
+			Connection connection = getConnection();
+			Statement statement = connection.createStatement();
+			statement.execute("INSERT INTO AUDIT_TRAIL (event, user) VALUES ('password_change', '"+username+"')");
 
 			return null;
 		} catch (SQLException e){
 			return e.toString();
-			
 		}
 	}
 
-	
 	public static long storeFeedback(String name, String email, String subject, String comments) {
 		try{ 
 			Connection connection = getConnection();