From 8ea0070019f44dc2dd82ba6f026b7ce3b61c85a0 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ren=C3=A9=20Pfeuffer?= <rene.pfeuffer@cloudogu.com>
Date: Mon, 28 May 2018 16:02:28 +0200
Subject: [PATCH] Encrypt password

---
 ...serMapper.java => User2UserDtoMapper.java} |  9 +++--
 .../rest/resources/UserDto2UserMapper.java    | 34 +++++++++++++++++++
 .../api/rest/resources/UserNewResource.java   | 13 ++++---
 ...rTest.java => User2UserDtoMapperTest.java} |  4 +--
 4 files changed, 51 insertions(+), 9 deletions(-)
 rename scm-webapp/src/main/java/sonia/scm/api/rest/resources/{UserMapper.java => User2UserDtoMapper.java} (68%)
 create mode 100644 scm-webapp/src/main/java/sonia/scm/api/rest/resources/UserDto2UserMapper.java
 rename scm-webapp/src/test/java/sonia/scm/api/rest/resources/{UserMapperTest.java => User2UserDtoMapperTest.java} (78%)

diff --git a/scm-webapp/src/main/java/sonia/scm/api/rest/resources/UserMapper.java b/scm-webapp/src/main/java/sonia/scm/api/rest/resources/User2UserDtoMapper.java
similarity index 68%
rename from scm-webapp/src/main/java/sonia/scm/api/rest/resources/UserMapper.java
rename to scm-webapp/src/main/java/sonia/scm/api/rest/resources/User2UserDtoMapper.java
index 38d82db4d9..86601a7132 100644
--- a/scm-webapp/src/main/java/sonia/scm/api/rest/resources/UserMapper.java
+++ b/scm-webapp/src/main/java/sonia/scm/api/rest/resources/User2UserDtoMapper.java
@@ -12,12 +12,15 @@ import java.util.LinkedHashMap;
 import java.util.Map;
 
 @Mapper
-public abstract class UserMapper {
-  public static UserMapper INSTANCE = Mappers.getMapper(UserMapper.class);
+public abstract class User2UserDtoMapper {
+  public static User2UserDtoMapper INSTANCE = Mappers.getMapper(User2UserDtoMapper.class);
 
   abstract public UserDto userToUserDto(User user, @Context UriInfo uriInfo);
 
-  abstract public User userDtoToUser(UserDto user, @Context UriInfo uriInfo);
+  @AfterMapping
+  public void removePassword(User source, @MappingTarget UserDto target, @Context UriInfo uriInfo) {
+    target.setPassword(UserResource.DUMMY_PASSWORT);
+  }
 
   @AfterMapping
   public void appendLinks(User source, @MappingTarget UserDto target, @Context UriInfo uriInfo) {
diff --git a/scm-webapp/src/main/java/sonia/scm/api/rest/resources/UserDto2UserMapper.java b/scm-webapp/src/main/java/sonia/scm/api/rest/resources/UserDto2UserMapper.java
new file mode 100644
index 0000000000..613ce6cd44
--- /dev/null
+++ b/scm-webapp/src/main/java/sonia/scm/api/rest/resources/UserDto2UserMapper.java
@@ -0,0 +1,34 @@
+package sonia.scm.api.rest.resources;
+
+import org.apache.shiro.authc.credential.PasswordService;
+import org.mapstruct.Context;
+import org.mapstruct.Mapper;
+import org.mapstruct.Mapping;
+import org.mapstruct.Named;
+import org.mapstruct.factory.Mappers;
+import sonia.scm.user.User;
+
+import static sonia.scm.api.rest.resources.UserResource.DUMMY_PASSWORT;
+
+@Mapper
+public abstract class UserDto2UserMapper {
+
+  public static UserDto2UserMapper INSTANCE = Mappers.getMapper(UserDto2UserMapper.class);
+
+  @Mapping(source = "password", target = "password", qualifiedByName = "encrypt")
+  abstract public User userDtoToUser(UserDto userDto, @Context String originalPassword, @Context PasswordService passwordService);
+
+  @Named("encrypt")
+  public String encrypt(String password, @Context String originalPassword, @Context PasswordService passwordService) {
+
+    if (DUMMY_PASSWORT.equals(password))
+    {
+      return originalPassword;
+    }
+    else
+    {
+      return passwordService.encryptPassword(password);
+    }
+
+  }
+}
diff --git a/scm-webapp/src/main/java/sonia/scm/api/rest/resources/UserNewResource.java b/scm-webapp/src/main/java/sonia/scm/api/rest/resources/UserNewResource.java
index 0d6a872950..f646f5556e 100644
--- a/scm-webapp/src/main/java/sonia/scm/api/rest/resources/UserNewResource.java
+++ b/scm-webapp/src/main/java/sonia/scm/api/rest/resources/UserNewResource.java
@@ -6,6 +6,7 @@ import com.webcohesion.enunciate.metadata.rs.ResponseCode;
 import com.webcohesion.enunciate.metadata.rs.StatusCodes;
 import com.webcohesion.enunciate.metadata.rs.TypeHint;
 import org.apache.shiro.SecurityUtils;
+import org.apache.shiro.authc.credential.PasswordService;
 import sonia.scm.security.Role;
 import sonia.scm.user.User;
 import sonia.scm.user.UserException;
@@ -24,9 +25,12 @@ public class UserNewResource extends AbstractManagerResource<User, UserException
   /** Field description */
   public static final String PATH_PART = "usersnew";
 
+  private final PasswordService passwordService;
+
   @Inject
-  public UserNewResource(UserManager userManager) {
+  public UserNewResource(UserManager userManager, PasswordService passwordService) {
     super(userManager);
+    this.passwordService = passwordService;
   }
 
   @Override
@@ -59,7 +63,7 @@ public class UserNewResource extends AbstractManagerResource<User, UserException
     if (SecurityUtils.getSubject().hasRole(Role.ADMIN))
     {
       User user = manager.get(id);
-      UserDto userDto = UserMapper.INSTANCE.userToUserDto(user, uriInfo);
+      UserDto userDto = User2UserDtoMapper.INSTANCE.userToUserDto(user, uriInfo);
       return Response.ok(userDto).build();
     }
     else
@@ -94,7 +98,7 @@ public class UserNewResource extends AbstractManagerResource<User, UserException
                          @QueryParam("desc") boolean desc)
   {
     Collection<User> items = fetchItems(sortby, desc, start, limit);
-    items.stream().map(user -> UserMapper.INSTANCE.userToUserDto(user, uriInfo)).collect(Collectors.toList());
+    items.stream().map(user -> User2UserDtoMapper.INSTANCE.userToUserDto(user, uriInfo)).collect(Collectors.toList());
     return Response.ok(new GenericEntity<Collection<User>>(items) {}).build();
   }
 
@@ -110,7 +114,8 @@ public class UserNewResource extends AbstractManagerResource<User, UserException
   public Response update(@Context UriInfo uriInfo,
                          @PathParam("id") String name, UserDto userDto)
   {
-    User user = UserMapper.INSTANCE.userDtoToUser(userDto, uriInfo);
+    User o = manager.get(name);
+    User user = UserDto2UserMapper.INSTANCE.userDtoToUser(userDto, o.getPassword(), passwordService);
     return super.update(name, user);
   }
 }
diff --git a/scm-webapp/src/test/java/sonia/scm/api/rest/resources/UserMapperTest.java b/scm-webapp/src/test/java/sonia/scm/api/rest/resources/User2UserDtoMapperTest.java
similarity index 78%
rename from scm-webapp/src/test/java/sonia/scm/api/rest/resources/UserMapperTest.java
rename to scm-webapp/src/test/java/sonia/scm/api/rest/resources/User2UserDtoMapperTest.java
index 4a3cd58172..79090b041a 100644
--- a/scm-webapp/src/test/java/sonia/scm/api/rest/resources/UserMapperTest.java
+++ b/scm-webapp/src/test/java/sonia/scm/api/rest/resources/User2UserDtoMapperTest.java
@@ -9,13 +9,13 @@ import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.assertNotNull;
 import static org.mockito.Mockito.mock;
 
-public class UserMapperTest {
+public class User2UserDtoMapperTest {
 
   @Test
   public void shouldMapLinks() {
     User user = new User();
     user.setName("abc");
-    UserDto userDto = UserMapper.INSTANCE.userToUserDto(user, mock(UriInfo.class));
+    UserDto userDto = User2UserDtoMapper.INSTANCE.userToUserDto(user, mock(UriInfo.class));
     assertEquals("abc" , userDto.getName());
     assertNotNull("expected map with links", userDto.getLinks());
   }