Skip to content

Commit fb7b323

Browse files
jzheauxjzheaux
committed
Removing Updating Password Support
1 parent bbaaf4f commit fb7b323

File tree

10 files changed

+18
-378
lines changed

10 files changed

+18
-378
lines changed

config/src/main/java/org/springframework/security/config/annotation/web/configurers/PasswordManagementConfigurer.java

Lines changed: 11 additions & 54 deletions
Original file line numberDiff line numberDiff line change
@@ -18,28 +18,22 @@
1818

1919
import org.springframework.context.ApplicationContext;
2020
import org.springframework.context.ApplicationContextAware;
21-
import org.springframework.security.authentication.password.ChangeExistingPasswordAdvisor;
2221
import org.springframework.security.authentication.password.ChangePasswordAdvice;
22+
import org.springframework.security.authentication.password.ChangePasswordAdvisor;
2323
import org.springframework.security.authentication.password.ChangePasswordServiceAdvisor;
24-
import org.springframework.security.authentication.password.ChangeUpdatingPasswordAdvisor;
2524
import org.springframework.security.authentication.password.DelegatingChangePasswordAdvisor;
2625
import org.springframework.security.authentication.password.UserDetailsPasswordManager;
2726
import org.springframework.security.config.annotation.web.HttpSecurityBuilder;
2827
import org.springframework.security.core.userdetails.UserDetails;
29-
import org.springframework.security.crypto.factory.PasswordEncoderFactories;
30-
import org.springframework.security.crypto.password.PasswordEncoder;
3128
import org.springframework.security.web.RequestMatcherRedirectFilter;
3229
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
3330
import org.springframework.security.web.authentication.password.ChangeCompromisedPasswordAdvisor;
3431
import org.springframework.security.web.authentication.password.ChangePasswordAdviceHandler;
3532
import org.springframework.security.web.authentication.password.ChangePasswordAdviceRepository;
3633
import org.springframework.security.web.authentication.password.ChangePasswordAdvisingFilter;
37-
import org.springframework.security.web.authentication.password.ChangePasswordProcessingFilter;
38-
import org.springframework.security.web.authentication.password.DefaultChangePasswordPageGeneratingFilter;
3934
import org.springframework.security.web.authentication.password.HttpSessionChangePasswordAdviceRepository;
4035
import org.springframework.security.web.authentication.password.SimpleChangePasswordAdviceHandler;
4136
import org.springframework.security.web.savedrequest.RequestCacheAwareFilter;
42-
import org.springframework.security.web.servlet.util.matcher.PathPatternRequestMatcher;
4337
import org.springframework.util.Assert;
4438

4539
/**
@@ -53,21 +47,17 @@ public final class PasswordManagementConfigurer<B extends HttpSecurityBuilder<B>
5347

5448
private static final String WELL_KNOWN_CHANGE_PASSWORD_PATTERN = "/.well-known/change-password";
5549

56-
private static final String DEFAULT_CHANGE_PASSWORD_PAGE = DefaultChangePasswordPageGeneratingFilter.DEFAULT_CHANGE_PASSWORD_URL;
50+
private static final String DEFAULT_CHANGE_PASSWORD_PAGE = "/change-password";
5751

5852
private ApplicationContext context;
5953

6054
private boolean customChangePasswordPage = false;
6155

6256
private String changePasswordPage = DEFAULT_CHANGE_PASSWORD_PAGE;
6357

64-
private String changePasswordProcessingUrl = ChangePasswordProcessingFilter.DEFAULT_PASSWORD_CHANGE_PROCESSING_URL;
65-
6658
private ChangePasswordAdviceRepository changePasswordAdviceRepository;
6759

68-
private ChangeExistingPasswordAdvisor changeExistingPasswordAdvisor;
69-
70-
private ChangeUpdatingPasswordAdvisor changeUpdatingPasswordAdvisor;
60+
private ChangePasswordAdvisor changePasswordAdvisor;
7161

7262
private ChangePasswordAdviceHandler changePasswordAdviceHandler;
7363

@@ -86,26 +76,15 @@ public PasswordManagementConfigurer<B> changePasswordPage(String changePasswordP
8676
return this;
8777
}
8878

89-
public PasswordManagementConfigurer<B> changePasswordProcessingUrl(String changePasswordProcessingUrl) {
90-
this.changePasswordProcessingUrl = changePasswordProcessingUrl;
91-
return this;
92-
}
93-
9479
public PasswordManagementConfigurer<B> changePasswordAdviceRepository(
9580
ChangePasswordAdviceRepository changePasswordAdviceRepository) {
9681
this.changePasswordAdviceRepository = changePasswordAdviceRepository;
9782
return this;
9883
}
9984

100-
public PasswordManagementConfigurer<B> changeExistingPasswordAdvisor(
101-
ChangeExistingPasswordAdvisor changePasswordAdvisor) {
102-
this.changeExistingPasswordAdvisor = changePasswordAdvisor;
103-
return this;
104-
}
105-
106-
public PasswordManagementConfigurer<B> changeUpdatingPasswordAdvisor(
107-
ChangeUpdatingPasswordAdvisor changePasswordAdvisor) {
108-
this.changeUpdatingPasswordAdvisor = changePasswordAdvisor;
85+
public PasswordManagementConfigurer<B> changePasswordAdvisor(
86+
ChangePasswordAdvisor changePasswordAdvisor) {
87+
this.changePasswordAdvisor = changePasswordAdvisor;
10988
return this;
11089
}
11190

@@ -136,26 +115,22 @@ public void init(B http) throws Exception {
136115
: this.context.getBeanProvider(ChangePasswordAdviceRepository.class)
137116
.getIfUnique(HttpSessionChangePasswordAdviceRepository::new);
138117

139-
ChangeExistingPasswordAdvisor changeExistingPasswordAdvisor = (this.changeExistingPasswordAdvisor != null)
140-
? this.changeExistingPasswordAdvisor
141-
: this.context.getBeanProvider(ChangeExistingPasswordAdvisor.class)
142-
.getIfUnique(() -> DelegatingChangePasswordAdvisor.forExisting(
118+
ChangePasswordAdvisor changePasswordAdvisor = (this.changePasswordAdvisor != null)
119+
? this.changePasswordAdvisor
120+
: this.context.getBeanProvider(ChangePasswordAdvisor.class)
121+
.getIfUnique(() -> DelegatingChangePasswordAdvisor.of(
143122
new ChangePasswordServiceAdvisor(passwordManager), new ChangeCompromisedPasswordAdvisor()));
144-
ChangeUpdatingPasswordAdvisor changeUpdatingPasswordAdvisor = (this.changeExistingPasswordAdvisor != null)
145-
? this.changeUpdatingPasswordAdvisor : this.context.getBeanProvider(ChangeUpdatingPasswordAdvisor.class)
146-
.getIfUnique(ChangeCompromisedPasswordAdvisor::new);
147123

148124
http.setSharedObject(ChangePasswordAdviceRepository.class, changePasswordAdviceRepository);
149125
http.setSharedObject(UserDetailsPasswordManager.class, passwordManager);
150-
http.setSharedObject(ChangeUpdatingPasswordAdvisor.class, changeUpdatingPasswordAdvisor);
151126

152127
FormLoginConfigurer form = http.getConfigurer(FormLoginConfigurer.class);
153128
String passwordParameter = (form != null) ? form.getPasswordParameter() : "password";
154129
http.getConfigurer(SessionManagementConfigurer.class)
155130
.addSessionAuthenticationStrategy((authentication, request, response) -> {
156131
UserDetails user = (UserDetails) authentication.getPrincipal();
157132
String password = request.getParameter(passwordParameter);
158-
ChangePasswordAdvice advice = changeExistingPasswordAdvisor.advise(user, password);
133+
ChangePasswordAdvice advice = changePasswordAdvisor.advise(user, password);
159134
changePasswordAdviceRepository.savePasswordAdvice(request, response, advice);
160135
});
161136
}
@@ -173,28 +148,10 @@ public void configure(B http) throws Exception {
173148
return;
174149
}
175150

176-
PasswordEncoder passwordEncoder = this.context.getBeanProvider(PasswordEncoder.class)
177-
.getIfUnique(PasswordEncoderFactories::createDelegatingPasswordEncoder);
178-
179151
ChangePasswordAdviceHandler changePasswordAdviceHandler = (this.changePasswordAdviceHandler != null)
180152
? this.changePasswordAdviceHandler : this.context.getBeanProvider(ChangePasswordAdviceHandler.class)
181153
.getIfUnique(() -> new SimpleChangePasswordAdviceHandler(this.changePasswordPage));
182154

183-
if (!this.customChangePasswordPage) {
184-
DefaultChangePasswordPageGeneratingFilter page = new DefaultChangePasswordPageGeneratingFilter();
185-
http.addFilterBefore(page, RequestCacheAwareFilter.class);
186-
}
187-
188-
ChangePasswordProcessingFilter processing = new ChangePasswordProcessingFilter(
189-
http.getSharedObject(UserDetailsPasswordManager.class));
190-
processing
191-
.setRequestMatcher(PathPatternRequestMatcher.withDefaults().matcher(this.changePasswordProcessingUrl));
192-
processing.setChangePasswordAdvisor(http.getSharedObject(ChangeUpdatingPasswordAdvisor.class));
193-
processing.setChangePasswordAdviceRepository(http.getSharedObject(ChangePasswordAdviceRepository.class));
194-
processing.setPasswordEncoder(passwordEncoder);
195-
processing.setSecurityContextHolderStrategy(getSecurityContextHolderStrategy());
196-
http.addFilterBefore(processing, RequestCacheAwareFilter.class);
197-
198155
ChangePasswordAdvisingFilter advising = new ChangePasswordAdvisingFilter();
199156
advising.setChangePasswordAdviceRepository(http.getSharedObject(ChangePasswordAdviceRepository.class));
200157
advising.setChangePasswordAdviceHandler(changePasswordAdviceHandler);

core/src/main/java/org/springframework/security/authentication/password/ChangeLengthPasswordAdvisor.java

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -19,7 +19,7 @@
1919
import org.springframework.security.authentication.password.ChangePasswordAdvice.Action;
2020
import org.springframework.security.core.userdetails.UserDetails;
2121

22-
public class ChangeLengthPasswordAdvisor implements ChangeExistingPasswordAdvisor, ChangeUpdatingPasswordAdvisor {
22+
public class ChangeLengthPasswordAdvisor implements ChangePasswordAdvisor {
2323

2424
private final int minLength;
2525

core/src/main/java/org/springframework/security/authentication/password/ChangeExistingPasswordAdvisor.java renamed to core/src/main/java/org/springframework/security/authentication/password/ChangePasswordAdvisor.java

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -18,7 +18,7 @@
1818

1919
import org.springframework.security.core.userdetails.UserDetails;
2020

21-
public interface ChangeExistingPasswordAdvisor {
21+
public interface ChangePasswordAdvisor {
2222

2323
ChangePasswordAdvice advise(UserDetails user, String password);
2424

core/src/main/java/org/springframework/security/authentication/password/ChangePasswordServiceAdvisor.java

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -18,7 +18,7 @@
1818

1919
import org.springframework.security.core.userdetails.UserDetails;
2020

21-
public final class ChangePasswordServiceAdvisor implements ChangeExistingPasswordAdvisor {
21+
public final class ChangePasswordServiceAdvisor implements ChangePasswordAdvisor {
2222

2323
private final UserDetailsPasswordManager passwordManager;
2424

core/src/main/java/org/springframework/security/authentication/password/ChangeRepeatedPasswordAdvisor.java

Lines changed: 0 additions & 56 deletions
This file was deleted.

core/src/main/java/org/springframework/security/authentication/password/ChangeUpdatingPasswordAdvisor.java

Lines changed: 0 additions & 25 deletions
This file was deleted.

core/src/main/java/org/springframework/security/authentication/password/DelegatingChangePasswordAdvisor.java

Lines changed: 2 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -27,21 +27,15 @@
2727
import org.springframework.security.core.userdetails.UserDetails;
2828

2929
public final class DelegatingChangePasswordAdvisor
30-
implements ChangeExistingPasswordAdvisor, ChangeUpdatingPasswordAdvisor {
30+
implements ChangePasswordAdvisor {
3131

3232
private final List<BiFunction<UserDetails, String, ChangePasswordAdvice>> advisors;
3333

3434
private DelegatingChangePasswordAdvisor(List<BiFunction<UserDetails, String, ChangePasswordAdvice>> advisors) {
3535
this.advisors = Collections.unmodifiableList(advisors);
3636
}
3737

38-
public static ChangeExistingPasswordAdvisor forExisting(ChangeExistingPasswordAdvisor... advisors) {
39-
return new DelegatingChangePasswordAdvisor(Stream.of(advisors)
40-
.map((advisor) -> (BiFunction<UserDetails, String, ChangePasswordAdvice>) advisor::advise)
41-
.toList());
42-
}
43-
44-
public static ChangeUpdatingPasswordAdvisor forUpdating(ChangeUpdatingPasswordAdvisor... advisors) {
38+
public static ChangePasswordAdvisor of(ChangePasswordAdvisor... advisors) {
4539
return new DelegatingChangePasswordAdvisor(Stream.of(advisors)
4640
.map((advisor) -> (BiFunction<UserDetails, String, ChangePasswordAdvice>) advisor::advise)
4741
.toList());

web/src/main/java/org/springframework/security/web/authentication/password/ChangeCompromisedPasswordAdvisor.java

Lines changed: 2 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -18,18 +18,16 @@
1818

1919
import java.util.Collection;
2020

21-
import org.springframework.security.authentication.password.ChangeExistingPasswordAdvisor;
2221
import org.springframework.security.authentication.password.ChangePasswordAdvice;
2322
import org.springframework.security.authentication.password.ChangePasswordAdvice.Action;
23+
import org.springframework.security.authentication.password.ChangePasswordAdvisor;
2424
import org.springframework.security.authentication.password.ChangePasswordReason;
25-
import org.springframework.security.authentication.password.ChangeUpdatingPasswordAdvisor;
2625
import org.springframework.security.authentication.password.CompromisedPasswordChecker;
2726
import org.springframework.security.authentication.password.CompromisedPasswordDecision;
2827
import org.springframework.security.authentication.password.SimpleChangePasswordAdvice;
2928
import org.springframework.security.core.userdetails.UserDetails;
3029

31-
public final class ChangeCompromisedPasswordAdvisor
32-
implements ChangeExistingPasswordAdvisor, ChangeUpdatingPasswordAdvisor {
30+
public final class ChangeCompromisedPasswordAdvisor implements ChangePasswordAdvisor {
3331

3432
private final CompromisedPasswordChecker pwned = new HaveIBeenPwnedRestApiPasswordChecker();
3533

0 commit comments

Comments
 (0)