Password update and expiration support (#197)

James Williams · web-flow · commit 8080d5a5c3f3 · 2023-03-20T11:15:30.000Z
## What is the goal of this PR?

We've added support for a variety of features that have been implemented
in Cluster including administrators having the ability to set passwords,
password updates for users, and password expiry.

## What are the changes implemented in this PR?

We've provided two new commands:
* `user password-set &lt;username&gt;`
* `user password-update`

We've also added an expiry notice that notifies users whenever they are
within 7 days of their password expiring.
diff --git a/TypeDBConsole.java b/TypeDBConsole.java
@@ -100,6 +100,8 @@ public class TypeDBConsole {
     private static final Path TRANSACTION_HISTORY_FILE =
             Paths.get(System.getProperty("user.home"), ".typedb-console-transaction-repl-history").toAbsolutePath();
     private static final Logger LOG = LoggerFactory.getLogger(TypeDBConsole.class);
+
+    private static final int PASSWORD_EXPIRY_WARN_DAYS = 7;
     private static final int ONE_HOUR_IN_MILLIS = 60 * 60 * 1000;
 
     private final Printer printer;
@@ -195,8 +197,17 @@ private void runREPLMode(CLIOptions options) {
                     runUserList(client);
                 } else if (command.isUserCreate()) {
                     runUserCreate(client, command.asUserCreate().user(), command.asUserCreate().password());
-                } else if (command.isUserPassword()) {
-                    runUserPassword(client, command.asUserPassword().user(), command.asUserPassword().password());
+                } else if (command.isUserPasswordUpdate()) {
+                    REPLCommand.User.PasswordUpdate userPasswordUpdate = command.asUserPasswordUpdate();
+                    runUserPasswordUpdate(client,
+                            options.username,
+                            userPasswordUpdate.passwordOld(),
+                            userPasswordUpdate.passwordNew());
+                } else if (command.isUserPasswordSet()) {
+                    REPLCommand.User.PasswordSet userPasswordSet = command.asUserPasswordSet();
+                    runUserPasswordSet(client,
+                            userPasswordSet.user(),
+                            userPasswordSet.password());
                 } else if (command.isUserDelete()) {
                     runUserDelete(client, command.asUserDelete().user());
                 } else if (command.isDatabaseList()) {
@@ -256,7 +267,8 @@ private Completers.TreeCompleter getCompleter(TypeDBClient client) {
             nodes.add(node(REPLCommand.User.token,
                     node(REPLCommand.User.List.token),
                     node(REPLCommand.User.Create.token),
-                    node(REPLCommand.User.Password.token),
+                    node(REPLCommand.User.PasswordUpdate.token),
+                    node(REPLCommand.User.PasswordSet.token),
                     node(REPLCommand.User.Delete.token,
                             node(userNameCompleter))
             ));
@@ -444,6 +456,10 @@ private TypeDBClient createTypeDBClient(CLIOptions options) {
                 String optCluster = options.cluster();
                 if (optCluster != null) {
                     client = TypeDB.clusterClient(set(optCluster.split(",")), createTypeDBCredential(options));
+                    Optional<Long> passwordExpiryDays = client.asCluster().users().get(options.username).passwordExpiryDays();
+                    if (passwordExpiryDays.isPresent() && passwordExpiryDays.get() <= PASSWORD_EXPIRY_WARN_DAYS) {
+                        printer.info("Your password will expire in " + passwordExpiryDays.get() + " days.");
+                    }
                 } else {
                     client = TypeDB.coreClient(TypeDB.DEFAULT_ADDRESS);
                 }
@@ -486,47 +502,68 @@ private boolean runUserList(TypeDBClient client) {
         }
     }
 
-    private boolean runUserCreate(TypeDBClient client, String user, String password) {
+    private boolean runUserCreate(TypeDBClient client, String username, String password) {
         try {
             if (!client.isCluster()) {
                 printer.error("The command 'user create' is only available in TypeDB Cluster.");
                 return false;
             }
             TypeDBClient.Cluster clientCluster = client.asCluster();
-            clientCluster.users().create(user, password);
-            printer.info("User '" + user + "' created");
+            clientCluster.users().create(username, password);
+            printer.info("User '" + username + "' created");
             return true;
         } catch (TypeDBClientException e) {
             printer.error(e.getMessage());
             return false;
         }
     }
 
-    private boolean runUserPassword(TypeDBClient client, String user, String password) {
+    private boolean runUserPasswordUpdate(TypeDBClient client, String username, String passwordOld, String passwordNew) {
         try {
             if (!client.isCluster()) {
-                printer.error("The command 'user update' is only available in TypeDB Cluster.");
+                printer.error("The command 'user password-update' is only available in TypeDB Cluster.");
                 return false;
             }
             TypeDBClient.Cluster clientCluster = client.asCluster();
-            clientCluster.users().passwordSet(user, password);
-            printer.info("Updated password for user '" + user + "'");
+            clientCluster.users().get(username).passwordUpdate(passwordOld, passwordNew);
+            printer.info("Updated password for user '" + username + "'");
             return true;
         } catch (TypeDBClientException e) {
             printer.error(e.getMessage());
             return false;
         }
     }
 
-    private boolean runUserDelete(TypeDBClient client, String user) {
+    private boolean runUserPasswordSet(TypeDBClient client, String username, String password) {
+        try {
+            if (!client.isCluster()) {
+                printer.error("The command 'user password-set' is only available in TypeDB Cluster.");
+                return false;
+            }
+            TypeDBClient.Cluster clientCluster = client.asCluster();
+            if (clientCluster.users().contains(username)) {
+                clientCluster.users().passwordSet(username, password);
+                printer.info("Set password for user '" + username + "'");
+                return true;
+            } else {
+                printer.info("No such user '" + username + "'");
+                return false;
+            }
+        } catch (TypeDBClientException e) {
+            printer.error(e.getMessage());
+            return false;
+        }
+    }
+
+    private boolean runUserDelete(TypeDBClient client, String username) {
         try {
             if (!client.isCluster()) {
                 printer.error("The command 'user delete' is only available in TypeDB Cluster.");
                 return false;
             }
             TypeDBClient.Cluster clientCluster = client.asCluster();
-            clientCluster.users().delete(user);
-            printer.info("User '" + user + "' deleted");
+            clientCluster.users().delete(username);
+            printer.info("User '" + username + "' deleted");
             return true;
         } catch (TypeDBClientException e) {
             printer.error(e.getMessage());
diff --git a/command/REPLCommand.java b/command/REPLCommand.java
@@ -80,11 +80,19 @@ default User.Create asUserCreate() {
         throw new TypeDBConsoleException(ILLEGAL_CAST);
     }
 
-    default boolean isUserPassword() {
+    default boolean isUserPasswordUpdate() {
         return false;
     }
 
-    default User.Password asUserPassword() {
+    default User.PasswordUpdate asUserPasswordUpdate() {
+        throw new TypeDBConsoleException(ILLEGAL_CAST);
+    }
+
+    default boolean isUserPasswordSet() {
+        return false;
+    }
+
+    default User.PasswordSet asUserPasswordSet() {
         throw new TypeDBConsoleException(ILLEGAL_CAST);
     }
 
@@ -379,16 +387,50 @@ public User.Create asUserCreate() {
             }
         }
 
-        public static class Password extends REPLCommand.User {
+        public static class PasswordUpdate extends REPLCommand.User {
+
+            public static String token = "password-update";
+            private static String helpCommand = User.token + " " + token;
+            private static String description = "Update the password of the current user";
+
+            private final String passwordOld;
+            private final String passwordNew;
+
+            public PasswordUpdate(String passwordOld, String passwordNew) {
+                this.passwordOld = passwordOld;
+                this.passwordNew = passwordNew;
+            }
+
+            public String passwordOld() {
+                return passwordOld;
+            }
+
+            public String passwordNew() {
+                return passwordNew;
+            }
 
-            public static String token = "password";
+            @Override
+            public boolean isUserPasswordUpdate() {
+                return true;
+            }
+
+            @Override
+            public PasswordUpdate asUserPasswordUpdate() {
+                return this;
+            }
+        }
+
+        public static class PasswordSet extends REPLCommand.User {
+
+            public static String token = "password-set";
             private static String helpCommand = User.token + " " + token + " " + "<username>";
-            private static String description = "Update the password of user with name <username>";
+            private static String description = "Set the password of user with name <username>";
 
             private final String user;
+
             private final String password;
 
-            public Password(String user, String password) {
+            public PasswordSet(String user, String password) {
                 this.user = user;
                 this.password = password;
             }
@@ -402,12 +444,12 @@ public String password() {
             }
 
             @Override
-            public boolean isUserPassword() {
+            public boolean isUserPasswordSet() {
                 return true;
             }
 
             @Override
-            public Password asUserPassword() {
+            public PasswordSet asUserPasswordSet() {
                 return this;
             }
         }
@@ -664,7 +706,8 @@ static String createHelpMenu(TypeDBClient client) {
             menu.addAll(Arrays.asList(
                     pair(User.List.helpCommand, User.List.description),
                     pair(User.Create.helpCommand, User.Create.description),
-                    pair(User.Password.helpCommand, User.Password.description),
+                    pair(User.PasswordUpdate.helpCommand, User.PasswordUpdate.description),
+                    pair(User.PasswordSet.helpCommand, User.PasswordSet.description),
                     pair(User.Delete.helpCommand, User.Delete.description)));
         }
 
@@ -712,19 +755,23 @@ static REPLCommand readREPLCommand(String line, @Nullable LineReader passwordRea
             command = new Help();
         } else if (tokens.length == 1 && tokens[0].equals(Clear.token)) {
             command = new Clear();
-        }
-        else if (tokens.length == 2 && tokens[0].equals(User.token) && tokens[1].equals(User.List.token)) {
+        } else if (tokens.length == 2 && tokens[0].equals(User.token) && tokens[1].equals(User.List.token)) {
             command = new User.List();
         } else if (tokens.length == 3 && tokens[0].equals(User.token) && tokens[1].equals(User.Create.token)) {
             String name = tokens[2];
             if (passwordReader == null) throw new TypeDBConsoleException(UNABLE_TO_READ_PASSWORD_INTERACTIVELY);
             String password = Utils.readPassword(passwordReader, "Password: ");
             command = new User.Create(name, password);
-        } else if (tokens.length == 3 && tokens[0].equals(User.token) && tokens[1].equals(User.Password.token)) {
+        } else if (tokens.length == 2 && tokens[0].equals(User.token) && tokens[1].equals(User.PasswordUpdate.token)) {
+            if (passwordReader == null) throw new TypeDBConsoleException(UNABLE_TO_READ_PASSWORD_INTERACTIVELY);
+            String passwordOld = Utils.readPassword(passwordReader, "Old password: ");
+            String passwordNew = Utils.readPassword(passwordReader, "New password: ");
+            command = new User.PasswordUpdate(passwordOld, passwordNew);
+        } else if (tokens.length == 3 && tokens[0].equals(User.token) && tokens[1].equals(User.PasswordSet.token)) {
             String name = tokens[2];
             if (passwordReader == null) throw new TypeDBConsoleException(UNABLE_TO_READ_PASSWORD_INTERACTIVELY);
-            String password = Utils.readPassword(passwordReader, "Password: ");
-            command = new User.Password(name, password);
+            String newPassword = Utils.readPassword(passwordReader, "New password: ");
+            command = new User.PasswordSet(name, newPassword);
         } else if (tokens.length == 3 && tokens[0].equals(User.token) && tokens[1].equals(User.Delete.token)) {
             String name = tokens[2];
             command = new User.Delete(name);
