Issue 3015 - store timestamp when password is reset (#3863)

* Added few unsigned to ints in order to get rid of warnings.
Added column to users table, for when password is changed(issue#3015).
Moved password length check to separate method, to make it cleaner.
* Added migration file and changed schema version to 27 due to servatrice.sql schema modification.
* Make password length configurable.

servatrice/src/servatrice.cpp

@@ -1065,3 +1065,8 @@ bool Servatrice::getEnableForgotPasswordAudit() const
 {
     return settingsCache->value("audit/enable_forgotpassword_audit", true).toBool();
 }
+
+int Servatrice::getMinPasswordLength() const
+{
+    return settingsCache->value("users/minpasswordlength", 6).toInt();
+}

servatrice/src/servatrice.h

@@ -255,6 +255,7 @@ public:
     bool getEnableAudit() const;
     bool getEnableRegistrationAudit() const;
     bool getEnableForgotPasswordAudit() const;
+    int getMinPasswordLength() const;
     int getIdleClientTimeout() const override;
     int getServerID() const override;
     int getMaxGameInactivityTime() const override;

servatrice/src/servatrice_database_interface.cpp

@@ -953,7 +953,8 @@ bool Servatrice_DatabaseInterface::changeUserPassword(const QString &user,
 
     QString passwordSha512 = PasswordHasher::computeHash(newPassword, PasswordHasher::generateRandomSalt());
 
-    passwordQuery = prepareQuery("update {prefix}_users set password_sha512=:password where name = :name");
+    passwordQuery = prepareQuery("update {prefix}_users set password_sha512=:password, "
+                                 "passwordLastChangedDate = NOW() where name = :name");
     passwordQuery->bindValue(":password", passwordSha512);
     passwordQuery->bindValue(":name", user);
     if (execSqlQuery(passwordQuery))

servatrice/src/servatrice_database_interface.h

@@ -9,7 +9,7 @@
 #include "server.h"
 #include "server_database_interface.h"
 
-#define DATABASE_SCHEMA_VERSION 26
+#define DATABASE_SCHEMA_VERSION 27
 
 class Servatrice;
 

servatrice/src/serversocketinterface.cpp

@@ -1077,8 +1077,7 @@ Response::ResponseCode AbstractServerSocketInterface::cmdRegisterAccount(const C
     QString country = QString::fromStdString(cmd.country());
     QString password = QString::fromStdString(cmd.password());
 
-    // TODO make this configurable?
-    if (password.length() < 6) {
+    if (!isPasswordLongEnough(password.length())) {
         if (servatrice->getEnableRegistrationAudit())
             sqlInterface->addAuditRecord(QString::fromStdString(cmd.user_name()).simplified(), this->getAddress(),
                                          QString::fromStdString(cmd.clientid()).simplified(), "REGISTER_ACCOUNT",
@@ -1223,8 +1222,7 @@ Response::ResponseCode AbstractServerSocketInterface::cmdAccountPassword(const C
     QString oldPassword = QString::fromStdString(cmd.old_password());
     QString newPassword = QString::fromStdString(cmd.new_password());
 
-    // TODO make this configurable?
-    if (newPassword.length() < 6)
+    if (!isPasswordLongEnough(newPassword.length()))
         return Response::RespPasswordTooShort;
 
     QString userName = QString::fromStdString(userInfo->name());
@@ -1794,3 +1792,8 @@ void WebsocketServerSocketInterface::binaryMessageReceived(const QByteArray &mes
 
     processCommandContainer(newCommandContainer);
 }
+
+bool AbstractServerSocketInterface::isPasswordLongEnough(const int passwordLength)
+{
+    return passwordLength < servatrice->getMinPasswordLength();
+}

servatrice/src/serversocketinterface.h

@@ -122,6 +122,8 @@ private:
     bool addAdminFlagToUser(const QString &user, int flag);
     bool removeAdminFlagFromUser(const QString &user, int flag);
 
+    bool isPasswordLongEnough(const int passwordLength);
+
 public:
     AbstractServerSocketInterface(Servatrice *_server,
                                   Servatrice_DatabaseInterface *_databaseInterface,