X-Git-Url: https://osm.etsi.org/gitweb/?a=blobdiff_plain;f=osm_nbi%2Fauthconn_internal.py;h=99d18e4ce256bc4f04370f186124da13de0be99a;hb=544a2ae8b0b950b55f29c3f0a223ffe4874285e5;hp=e342150039c9b4c603f1319825d358c0a943702b;hpb=4568a372eb5a204e04d917213de03ec51f9110c1;p=osm%2FNBI.git

diff --git a/osm_nbi/authconn_internal.py b/osm_nbi/authconn_internal.py
index e342150..99d18e4 100644
--- a/osm_nbi/authconn_internal.py
+++ b/osm_nbi/authconn_internal.py
@@ -33,7 +33,7 @@ __date__ = "$06-jun-2019 11:16:08$"
 import logging
 import re
 
-from osm_nbi.authconn import Authconn, AuthException  # , AuthconnOperationException
+from osm_nbi.authconn import Authconn, AuthException, AuthconnConflictException  # , AuthconnOperationException
 from osm_common.dbbase import DbException
 from osm_nbi.base_topic import BaseTopic
 from osm_nbi.validation import is_valid_uuid
@@ -352,6 +352,11 @@ class AuthconnInternal(Authconn):
         BaseTopic.format_on_new(user_info, make_public=False)
         salt = uuid4().hex
         user_info["_admin"]["salt"] = salt
+        present = time()
+        if not user_info["username"] == "admin":
+            if self.config.get("pwd_expiry_check"):
+                user_info["_admin"]["modified_time"] = present
+                user_info["_admin"]["expire_time"] = present
         if "password" in user_info:
             user_info["password"] = sha256(
                 user_info["password"].encode("utf-8") + salt.encode("utf-8")
@@ -369,9 +374,18 @@ class AuthconnInternal(Authconn):
         :param user_info: user info modifications
         """
         uid = user_info["_id"]
+        old_pwd = user_info.get("old_password")
         user_data = self.db.get_one(
             self.users_collection, {BaseTopic.id_field("users", uid): uid}
         )
+        if old_pwd:
+            salt = user_data["_admin"]["salt"]
+            shadow_password = sha256(old_pwd.encode('utf-8') + salt.encode('utf-8')).hexdigest()
+            if shadow_password != user_data["password"]:
+                raise AuthconnConflictException(
+                    "Incorrect password",
+                    http_code=HTTPStatus.CONFLICT
+                )
         BaseTopic.format_on_edit(user_data, user_info)
         # User Name
         usnm = user_info.get("username")
@@ -389,6 +403,13 @@ class AuthconnInternal(Authconn):
             user_data["password"] = sha256(
                 pswd.encode("utf-8") + salt.encode("utf-8")
             ).hexdigest()
+            if not user_data["username"] == "admin":
+                if self.config.get("pwd_expiry_check"):
+                    present = time()
+                    if self.config.get("days"):
+                        expire = present + 86400 * self.config.get("days")
+                        user_data["_admin"]["modified_time"] = present
+                        user_data["_admin"]["expire_time"] = expire
         # Project-Role Mappings
         # TODO: Check that user_info NEVER includes "project_role_mappings"
         if "project_role_mappings" not in user_data: