#1 2018-05-31 19:20:42

RTinkess31
Member
Registered: 2018-05-31

Disable Password Change For Certain Users

I'm wondering if it's possible to disable the ability for certain users to change their password?

Offline

#2 2018-06-01 10:01:38

jalbrecht
Administrator
Registered: 2016-10-21

Re: Disable Password Change For Certain Users

Hi RTinkess31,

there is no way to do that out of the box. We will pick up this issue and discuss it and maybe define a property for the Password policy (check https://reportserver.net/en/guides/conf … roperties/ -> 4.9.2 Specifying a Password Policy).

wbr jan

Offline

#3 2018-06-01 10:11:23

eduardo
Administrator
Registered: 2016-11-01
Website

Re: Disable Password Change For Certain Users

Hi RTinkess31,

you don't have this functionality out-of-the-box, but you can write a hook that implements the net.datenwerke.security.service.usermanager.hooks.ChangePasswordHook hook.
Here you have an example of an existing hook in reportserver:

package net.datenwerke.rs.passwordpolicy.service.hooker;

import java.util.Date;

import net.datenwerke.gxtdto.client.servercommunication.exceptions.ExpectedException;
import net.datenwerke.rs.passwordpolicy.service.BsiPasswordPolicy;
import net.datenwerke.rs.passwordpolicy.service.BsiPasswordPolicyService;
import net.datenwerke.rs.passwordpolicy.service.BsiPasswordPolicyUserMetadata;
import net.datenwerke.rs.utils.crypto.PasswordHasher;
import net.datenwerke.rs.utils.localization.LocalizationServiceImpl;
import net.datenwerke.rs.utils.misc.DateUtils;
import net.datenwerke.security.service.security.locale.SecurityMessages;
import net.datenwerke.security.service.usermanager.entities.User;
import net.datenwerke.security.service.usermanager.hooks.ChangePasswordHook;

import org.apache.commons.lang.StringUtils;

import com.google.inject.Inject;

public class BsiPasswordPolicyChangePasswordHook implements ChangePasswordHook{

	private final static SecurityMessages messages = LocalizationServiceImpl.getMessages(SecurityMessages.class);
	
	private final PasswordHasher passwordHasher;
	
	private final BsiPasswordPolicyService bsiPasswordPolicyService;
	
	@Inject
	public BsiPasswordPolicyChangePasswordHook(
			PasswordHasher passwordHasher,
			BsiPasswordPolicyService bsiPasswordPolicyService) {
		this.passwordHasher = passwordHasher;
		this.bsiPasswordPolicyService = bsiPasswordPolicyService;
	}
	
	@Override
	public void afterPasswordChanged(User user) {
		if(!bsiPasswordPolicyService.isActive())
			return;
		
		BsiPasswordPolicy policy = bsiPasswordPolicyService.getPolicy();
		
		BsiPasswordPolicyUserMetadata data = bsiPasswordPolicyService.getUserMetadata(user);
		
		data.addRecentPassword(user.getPassword(), policy.getHistorySize());
		data.setLastChangedPassword(new Date());
	
		bsiPasswordPolicyService.updateUserMetadata(user, data);
	}
	
	@Override
	public void beforePasswordChanged(User user, String newPassword) throws ExpectedException {
		if(!bsiPasswordPolicyService.isActive())
			return;
		
		BsiPasswordPolicy policy = bsiPasswordPolicyService.getPolicy();
		BsiPasswordPolicyUserMetadata data = bsiPasswordPolicyService.getUserMetadata(user);
		
		/* check minimum password age */
		if(null != data.getLastChangedPassword()){
			int passwordAge = DateUtils.getDeltaDays(data.getLastChangedPassword(), new Date());
			if(passwordAge < policy.getPasswordMinAge()){
				throw new ExpectedException(messages.changePasswordOnceInDays(policy.getPasswordMinAge()));
			}
		}
		
		/* check password history */
		if(data.recentPasswordsContain(newPassword, policy.getHistorySize(), passwordHasher)){
			throw new ExpectedException(messages.changePasswordHistoryFail(policy.getHistorySize()));
		}
		
		/* check password complexity */
		if(!policy.getPasswordComplexitySpecification().isSatisfiedBy(newPassword)){
			throw new ExpectedException(messages.changePasswordComplexityFail(StringUtils.join(policy.getPasswordComplexitySpecification().getErrorCause(newPassword), "\r\n")));
		}

		
	};
}

More information on hooks: https://reportserver.net/en/guides/scri … ortServer/

Regards,
Eduardo

Offline

Board footer

Powered by FluxBB