From 1e03e23044dd0a604880da1a79ab3f6096311ae6 Mon Sep 17 00:00:00 2001
From: Rogan Hamby <rogan.hamby@gmail.com>
Date: Wed, 8 Jan 2020 15:47:07 -0500
Subject: [PATCH] LP1858833 Convenience function for setting a salted password

Copy and pasted from bug comment by Bill Erickson.

Signed-off-by: Rogan Hamby <rogan.hamby@gmail.com>
Signed-off-by: Bill Erickson <berickxx@gmail.com>
---
 Open-ILS/src/sql/Pg/999.functions.global.sql       | 24 +++++++++++++++++++++
 .../xxxx.function.actor_change_password.sql        | 25 ++++++++++++++++++++++
 2 files changed, 49 insertions(+)
 create mode 100644 Open-ILS/src/sql/Pg/upgrade/xxxx.function.actor_change_password.sql

diff --git a/Open-ILS/src/sql/Pg/999.functions.global.sql b/Open-ILS/src/sql/Pg/999.functions.global.sql
index 45321a0d2b..74d1e7ca38 100644
--- a/Open-ILS/src/sql/Pg/999.functions.global.sql
+++ b/Open-ILS/src/sql/Pg/999.functions.global.sql
@@ -893,6 +893,30 @@ Replaces an address with a pending address.  This is done by giving the pending
 address the ID of the old address.  The replaced address is retained with -id.
 $$;
 
+CREATE OR REPLACE FUNCTION actor.change_password (user_id INT, new_pw TEXT, pw_type TEXT DEFAULT 'main')
+RETURNS VOID AS $$
+DECLARE
+    new_salt TEXT;
+BEGIN
+    SELECT actor.create_salt(pw_type) INTO new_salt;
+
+    IF pw_type = 'main' THEN
+        -- Only 'main' passwords are required to have
+        -- the extra layer of MD5 hashing.
+        PERFORM actor.set_passwd(
+            user_id, pw_type, md5(new_salt || md5(new_pw)), new_salt
+        );
+
+    ELSE
+        PERFORM actor.set_passwd(user_id, pw_type, new_pw, new_salt);
+    END IF;
+END;
+$$ LANGUAGE 'plpgsql';
+
+COMMENT ON FUNCTION actor.change_password(INT,TEXT,TEXT) IS $$
+Allows setting a salted password for a user by passing actor.usr id and the text of the password.
+$$;
+
 CREATE OR REPLACE FUNCTION container.clear_expired_circ_history_items( 
 	 ac_usr IN INTEGER
 ) RETURNS VOID AS $$
diff --git a/Open-ILS/src/sql/Pg/upgrade/xxxx.function.actor_change_password.sql b/Open-ILS/src/sql/Pg/upgrade/xxxx.function.actor_change_password.sql
new file mode 100644
index 0000000000..88aa119bad
--- /dev/null
+++ b/Open-ILS/src/sql/Pg/upgrade/xxxx.function.actor_change_password.sql
@@ -0,0 +1,25 @@
+BEGIN;
+
+SELECT evergreen.upgrade_deps_block_check('xxxx', :eg_version);
+
+CREATE OR REPLACE FUNCTION actor.change_password (user_id INT, new_pw TEXT, pw_type TEXT DEFAULT 'main')
+RETURNS VOID AS $$
+DECLARE
+    new_salt TEXT;
+BEGIN
+    SELECT actor.create_salt(pw_type) INTO new_salt;
+
+    IF pw_type = 'main' THEN
+        -- Only 'main' passwords are required to have
+        -- the extra layer of MD5 hashing.
+        PERFORM actor.set_passwd(
+            user_id, pw_type, md5(new_salt || md5(new_pw)), new_salt
+        );
+
+    ELSE
+        PERFORM actor.set_passwd(user_id, pw_type, new_pw, new_salt);
+    END IF;
+END;
+$$ LANGUAGE 'plpgsql';
+
+COMMIT;
-- 
2.11.0