Shift around username/password editing

The username is now made more visible on the register screen,
encouraging the user to create a new username before they set
an SSH public key on their account.

Username and password were removed from most tabs and put into their
own HTTP Password tab, just below the SSH Public Keys.  We also now
have a clear password button, to permit erasing a password that was
assigned and isn't actually needed by the user.

The username can only be set once per account now, and once set is
not permitted to be changed.  This change simplifies our UI, but it
also sets the stage for supporting ${user} variables in access rules
for references, and renaming an account once it has branches owned by
it would complicate the account rename process.

Change-Id: I2c0f26bb4501b88faa451105dd3d74e3830e632c
Signed-off-by: Shawn O. Pearce <sop@google.com>

gerrit-server/src/main/java/com/google/gerrit/server/account/ChangeUserName.java

@@ -91,6 +91,9 @@ public class ChangeUserName implements Callable<VoidResult> {
   public VoidResult call() throws OrmException, NameAlreadyUsedException,
       InvalidUserNameException {
     final Collection<AccountExternalId> old = old();
+    if (!old.isEmpty()) {
+      throw new IllegalStateException("Username cannot be changed.");
+    }
 
     if (newUsername != null && !newUsername.isEmpty()) {
       if (!USER_NAME_PATTERN.matcher(newUsername).matches()) {

gerrit-server/src/main/java/com/google/gerrit/server/account/ClearPassword.java

@@ -0,0 +1,63 @@
+// Copyright (C) 2010 The Android Open Source Project
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package com.google.gerrit.server.account;
+
+import com.google.gerrit.common.errors.NoSuchEntityException;
+import com.google.gerrit.reviewdb.AccountExternalId;
+import com.google.gerrit.reviewdb.ReviewDb;
+import com.google.gerrit.server.IdentifiedUser;
+import com.google.gwtorm.client.OrmException;
+import com.google.inject.Inject;
+import com.google.inject.assistedinject.Assisted;
+
+import java.util.Collections;
+import java.util.concurrent.Callable;
+
+/** Operation to clear a password for an account. */
+public class ClearPassword implements Callable<AccountExternalId> {
+  public interface Factory {
+    ClearPassword create(AccountExternalId.Key forUser);
+  }
+
+  private final AccountCache accountCache;
+  private final ReviewDb db;
+  private final IdentifiedUser user;
+
+  private final AccountExternalId.Key forUser;
+
+  @Inject
+  ClearPassword(final AccountCache accountCache, final ReviewDb db,
+      final IdentifiedUser user,
+
+      @Assisted AccountExternalId.Key forUser) {
+    this.accountCache = accountCache;
+    this.db = db;
+    this.user = user;
+
+    this.forUser = forUser;
+  }
+
+  public AccountExternalId call() throws OrmException, NoSuchEntityException {
+    AccountExternalId id = db.accountExternalIds().get(forUser);
+    if (id == null || !user.getAccountId().equals(id.getAccountId())) {
+      throw new NoSuchEntityException();
+    }
+
+    id.setPassword(null);
+    db.accountExternalIds().update(Collections.singleton(id));
+    accountCache.evict(user.getAccountId());
+    return id;
+  }
+}