1 Reply Latest reply on Aug 22, 2011 11:14 AM by Olalekan Ogunleye

    Change Password IdentityManager

    Olalekan Ogunleye Newbie
      I am trying to treat a first user access and so when the user logs in for the first time, I want my system to force the user to change his assigned password immediately and as such I want the user to enter the current password. However one way or the other it seems that the system is not working and I dont know why. I am not getting a particular error but when I used the below code, the system told me log in fails when I tried to login for the first time even before I tried to enforce the password change


      @Transactional
          public void changePwd() { //Change String to void
               log.info("Method changePwd() :String");
               //String fwd = null;  Just commented now
               String hashedCurrentPassword = generatePasswordHash(authenticatedUser.getCurrentPasswordHash(), authenticatedUser.getUsername());
               authenticatedUser.setCurrentPasswordHash(hashedCurrentPassword);
               
               
               final IdentityManager identityManager = IdentityManager.instance();
               if (!identityManager.authenticate(authenticatedUser.getUsername(), hashedCurrentPassword)) {
                    FacesMessages.instance().addToControl("oldpassword", Severity.ERROR, "Is not correct. Please try again");
                    
                    return;
               }
               
               new RunAsOperation() {
                     
                     @Override
                     public void execute() {
                          @SuppressWarnings("unused")
                          String fwd;
                          if (authenticatedUser.getPasswordHash().equals(authenticatedUser.getPwdMatch())) {
                             authenticatedUser.setLastSuccessLogin(new java.util.Date());
                             String hashedPassword = generatePasswordHash(authenticatedUser.getPasswordHash(), authenticatedUser.getUsername()); //Just Added 12-08-2011
                             log.debug("Setting new hased Password: " + hashedPassword); //Just Added 12-08-2011
                             authenticatedUser.setPasswordHash(hashedPassword); //Just Added 12-08-2011
                             entityManager.merge(authenticatedUser);
                             entityManager.flush();
                             showMenu = true;
                             firstAccess = false;
                             fwd = "home";
                        } else {
                             authenticatedUser.setPasswordHash("");
                             authenticatedUser.setPwdMatch("");
                             FacesMessages.instance().add(Severity.WARN, "You must change your password on first login.");
                             showMenu = false;
                             firstAccess = true;
                             return;
                        }

      and if I us
                          
                     }
                }.addRole("admin").run();
               }


      And if I used the below code the system passes me through and enforces the user(s) to change the password but it did not take the current pasword into consideration.

      @Transactional
          public String changePwd() {
               log.info("Method changePwd() :String");
               String fwd = null;
                    
                    if (authenticatedUser.getPasswordHash().equals(authenticatedUser.getPwdMatch())) {
                        authenticatedUser.setLastSuccessLogin(new java.util.Date());
                        String hashedPassword = generatePasswordHash(authenticatedUser.getPasswordHash(), authenticatedUser.getUsername()); //Just Added 12-08-2011
                        log.debug("Setting new hased Password: " + hashedPassword); //Just Added 12-08-2011
                        authenticatedUser.setPasswordHash(hashedPassword); //Just Added 12-08-2011
                        entityManager.merge(authenticatedUser);
                        entityManager.flush();
                        showMenu = true;
                        firstAccess = false;
                        fwd = "home";
                   } else {
                        authenticatedUser.setPasswordHash("");
                        authenticatedUser.setPwdMatch("");
                        FacesMessages.instance().add(Severity.WARN, "You must change your password on first login.");
                        showMenu = false;
                        firstAccess = true;
                        fwd = null;
                   }
                   //return fwd;
               
                return fwd;
               
               
          }


      Meanwhile, I need to verify the current password. I have been wondering if this is implemented in seam. All the post. All the thread that I have seen on this one so far does not have a concluded solution. Can somebody please help us.

      Thank you