From c8181f880dea7aab06479066876bbdced242b4ac Mon Sep 17 00:00:00 2001
From: Adam Rauch <adam@labkey.com>
Date: Thu, 7 Nov 2024 09:51:02 -0800
Subject: [PATCH] Migrate core.Logins and operations away from email address
 (#456)

---
 .../org/labkey/panoramapublic/PanoramaPublicController.java  | 3 ++-
 .../panoramapublic/pipeline/CopyExperimentFinalTask.java     | 3 ++-
 signup/src/org/labkey/signup/SignUpController.java           | 5 +++--
 3 files changed, 7 insertions(+), 4 deletions(-)

diff --git a/panoramapublic/src/org/labkey/panoramapublic/PanoramaPublicController.java b/panoramapublic/src/org/labkey/panoramapublic/PanoramaPublicController.java
index 3eb0a1ef..6f55dd0d 100644
--- a/panoramapublic/src/org/labkey/panoramapublic/PanoramaPublicController.java
+++ b/panoramapublic/src/org/labkey/panoramapublic/PanoramaPublicController.java
@@ -97,6 +97,7 @@
 import org.labkey.api.query.ValidationException;
 import org.labkey.api.security.AdminConsoleAction;
 import org.labkey.api.security.Group;
+import org.labkey.api.security.LoginManager;
 import org.labkey.api.security.MutableSecurityPolicy;
 import org.labkey.api.security.PrincipalType;
 import org.labkey.api.security.RequiresAnyOf;
@@ -889,7 +890,7 @@ public boolean handlePost(PublicDataUseForm form, BindException errors)
                 errors.reject(ERROR_MSG, "User with given email address does not exist");
                 return false;
             }
-            if (!SecurityManager.matchPassword(form.getUserPassword(), SecurityManager.getPasswordHash(validEmail)))
+            if (!LoginManager.matchPassword(form.getUserPassword(), LoginManager.getPasswordHash(user)))
             {
                 errors.reject(ERROR_MSG, "Incorrect password for " + user.getEmail());
                 return false;
diff --git a/panoramapublic/src/org/labkey/panoramapublic/pipeline/CopyExperimentFinalTask.java b/panoramapublic/src/org/labkey/panoramapublic/pipeline/CopyExperimentFinalTask.java
index 86507e78..341f2a16 100644
--- a/panoramapublic/src/org/labkey/panoramapublic/pipeline/CopyExperimentFinalTask.java
+++ b/panoramapublic/src/org/labkey/panoramapublic/pipeline/CopyExperimentFinalTask.java
@@ -36,6 +36,7 @@
 import org.labkey.api.query.ValidationException;
 import org.labkey.api.security.Group;
 import org.labkey.api.security.InvalidGroupMembershipException;
+import org.labkey.api.security.LoginManager;
 import org.labkey.api.security.MemberType;
 import org.labkey.api.security.MutableSecurityPolicy;
 import org.labkey.api.security.PasswordRule;
@@ -649,7 +650,7 @@ private ReviewerAndPassword createReviewerAccount(String reviewerEmailPrefix, Us
 
         log.info("Generating password.");
         String password = createPassword(newUser.getUser());
-        SecurityManager.setPassword(email, password);
+        LoginManager.setPassword(newUser.getUser(), password);
         log.info("Set reviewer password successfully.");
 
         return new ReviewerAndPassword(newUser.getUser(), password);
diff --git a/signup/src/org/labkey/signup/SignUpController.java b/signup/src/org/labkey/signup/SignUpController.java
index 872c782c..f4c5749a 100644
--- a/signup/src/org/labkey/signup/SignUpController.java
+++ b/signup/src/org/labkey/signup/SignUpController.java
@@ -42,6 +42,7 @@
 import org.labkey.api.security.AuthenticationManager.AuthenticationResult;
 import org.labkey.api.security.DbLoginService;
 import org.labkey.api.security.Group;
+import org.labkey.api.security.LoginManager;
 import org.labkey.api.security.RequiresLogin;
 import org.labkey.api.security.RequiresNoPermission;
 import org.labkey.api.security.RequiresPermission;
@@ -422,7 +423,7 @@ public boolean handlePost(SignupConfirmForm form, BindException errors) throws E
                 newUser.setDescription(StringUtils.isBlank(_tempUser.getOrganization()) ? "" : "Organization: " + _tempUser.getOrganization()); // don't add anything if organization is empty
 
                 // Attempt to set this new user's password and log them in
-                AuthenticationResult result = DbLoginService.get().attemptSetPassword(getContainer(), getUser(), form.getPassword(), form.getPassword2(), getViewContext().getRequest(), _email, PageFlowUtil.urlProvider(ProjectUrls.class).getHomeURL(), "Verified and chose a password.", true, errors);
+                AuthenticationResult result = DbLoginService.get().attemptSetPassword(getContainer(), getUser(), form.getPassword(), form.getPassword2(), getViewContext().getRequest(), newUser, PageFlowUtil.urlProvider(ProjectUrls.class).getHomeURL(), "Verified and chose a password.", true, false, errors);
 
                 if (errors.hasErrors())
                     return false;
@@ -839,7 +840,7 @@ private TempUser getTempUser(SignupForm signupForm, ValidEmail email) throws jav
             tempUser.setFirstName(signupForm.getFirstName());
             tempUser.setLastName(signupForm.getLastName());
             tempUser.setOrganization(signupForm.getOrganization());
-            tempUser.setKey(SecurityManager.createTempPassword());
+            tempUser.setKey(LoginManager.createTempPassword());
             tempUser.setContainer(getContainer());
 
             Table.insert(null, SignUpManager.getTableInfoTempUsers(), tempUser);