This is an automated email from the ASF dual-hosted git repository.
dahn pushed a commit to branch 4.20
in repository https://gitbox.apache.org/repos/asf/cloudstack.git
The following commit(s) were added to refs/heads/4.20 by this push:
new 8c12a13216e Fix NPE during reset password (#12585)
8c12a13216e is described below
commit 8c12a13216e677ed1090c797c2aa7507cde3b65c
Author: Suresh Kumar Anaparti <[email protected]>
AuthorDate: Thu Feb 19 00:33:36 2026 +0530
Fix NPE during reset password (#12585)
---
.../oauth2/api/command/OauthLoginAPIAuthenticatorCmd.java | 6 +-----
.../api/command/SAML2LoginAPIAuthenticatorCmd.java | 10 ++++++++--
server/src/main/java/com/cloud/api/ApiServlet.java | 13 ++++++++-----
.../api/auth/DefaultForgotPasswordAPIAuthenticatorCmd.java | 6 ++++--
.../com/cloud/api/auth/DefaultLoginAPIAuthenticatorCmd.java | 12 ++++--------
.../api/auth/DefaultResetPasswordAPIAuthenticatorCmd.java | 1 -
6 files changed, 25 insertions(+), 23 deletions(-)
diff --git
a/plugins/user-authenticators/oauth2/src/main/java/org/apache/cloudstack/oauth2/api/command/OauthLoginAPIAuthenticatorCmd.java
b/plugins/user-authenticators/oauth2/src/main/java/org/apache/cloudstack/oauth2/api/command/OauthLoginAPIAuthenticatorCmd.java
index f9a1d10d352..88e678bcc26 100644
---
a/plugins/user-authenticators/oauth2/src/main/java/org/apache/cloudstack/oauth2/api/command/OauthLoginAPIAuthenticatorCmd.java
+++
b/plugins/user-authenticators/oauth2/src/main/java/org/apache/cloudstack/oauth2/api/command/OauthLoginAPIAuthenticatorCmd.java
@@ -177,12 +177,8 @@ public class OauthLoginAPIAuthenticatorCmd extends BaseCmd
implements APIAuthent
protected Long getDomainIdFromParams(Map<String, Object[]> params,
StringBuilder auditTrailSb, String responseType) {
String[] domainIdArr = (String[])params.get(ApiConstants.DOMAIN_ID);
-
- if (domainIdArr == null) {
- domainIdArr = (String[])params.get(ApiConstants.DOMAIN__ID);
- }
Long domainId = null;
- if ((domainIdArr != null) && (domainIdArr.length > 0)) {
+ if (domainIdArr != null && domainIdArr.length > 0) {
try {
//check if UUID is passed in for domain
domainId = _apiServer.fetchDomainId(domainIdArr[0]);
diff --git
a/plugins/user-authenticators/saml2/src/main/java/org/apache/cloudstack/api/command/SAML2LoginAPIAuthenticatorCmd.java
b/plugins/user-authenticators/saml2/src/main/java/org/apache/cloudstack/api/command/SAML2LoginAPIAuthenticatorCmd.java
index bfd47922142..584f2463754 100644
---
a/plugins/user-authenticators/saml2/src/main/java/org/apache/cloudstack/api/command/SAML2LoginAPIAuthenticatorCmd.java
+++
b/plugins/user-authenticators/saml2/src/main/java/org/apache/cloudstack/api/command/SAML2LoginAPIAuthenticatorCmd.java
@@ -158,11 +158,17 @@ public class SAML2LoginAPIAuthenticatorCmd extends
BaseCmd implements APIAuthent
String domainPath = null;
if (params.containsKey(ApiConstants.IDP_ID)) {
- idpId = ((String[])params.get(ApiConstants.IDP_ID))[0];
+ String[] idpIds =
(String[])params.get(ApiConstants.IDP_ID);
+ if (idpIds != null && idpIds.length > 0) {
+ idpId = idpIds[0];
+ }
}
if (params.containsKey(ApiConstants.DOMAIN)) {
- domainPath =
((String[])params.get(ApiConstants.DOMAIN))[0];
+ String[] domainPaths =
(String[])params.get(ApiConstants.DOMAIN);
+ if (domainPaths != null && domainPaths.length > 0) {
+ domainPath = domainPaths[0];
+ }
}
if (domainPath != null && !domainPath.isEmpty()) {
diff --git a/server/src/main/java/com/cloud/api/ApiServlet.java
b/server/src/main/java/com/cloud/api/ApiServlet.java
index 4994c42bb4d..01cb21681b0 100644
--- a/server/src/main/java/com/cloud/api/ApiServlet.java
+++ b/server/src/main/java/com/cloud/api/ApiServlet.java
@@ -34,6 +34,7 @@ import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
+import com.cloud.api.auth.DefaultForgotPasswordAPIAuthenticatorCmd;
import org.apache.cloudstack.api.ApiConstants;
import org.apache.cloudstack.api.ApiErrorCode;
import org.apache.cloudstack.api.ApiServerService;
@@ -164,7 +165,6 @@ public class ApiServlet extends HttpServlet {
LOGGER.warn(message);
}
});
-
}
void processRequestInContext(final HttpServletRequest req, final
HttpServletResponse resp) {
@@ -226,7 +226,6 @@ public class ApiServlet extends HttpServlet {
}
if (command != null &&
!command.equals(ValidateUserTwoFactorAuthenticationCodeCmd.APINAME)) {
-
APIAuthenticator apiAuthenticator =
authManager.getAPIAuthenticator(command);
if (apiAuthenticator != null) {
auditTrailSb.append("command=");
@@ -262,7 +261,9 @@ public class ApiServlet extends HttpServlet {
} catch (ServerApiException e) {
httpResponseCode = e.getErrorCode().getHttpCode();
responseString = e.getMessage();
- LOGGER.debug("Authentication failure: " +
e.getMessage());
+ if
(!DefaultForgotPasswordAPIAuthenticatorCmd.APINAME.equalsIgnoreCase(command) ||
StringUtils.isNotBlank(username)) {
+ LOGGER.debug("Authentication failure: {}",
e.getMessage());
+ }
}
if (apiAuthenticator.getAPIType() ==
APIAuthenticationType.LOGOUT_API) {
@@ -330,7 +331,7 @@ public class ApiServlet extends HttpServlet {
}
}
- if (! requestChecksoutAsSane(resp, auditTrailSb, responseType,
params, session, command, userId, account, accountObj))
+ if (!requestChecksoutAsSane(resp, auditTrailSb, responseType,
params, session, command, userId, account, accountObj))
return;
} else {
CallContext.register(accountMgr.getSystemUser(),
accountMgr.getSystemAccount());
@@ -360,7 +361,6 @@ public class ApiServlet extends HttpServlet {
apiServer.getSerializedApiError(HttpServletResponse.SC_UNAUTHORIZED, "unable to
verify user credentials and/or request signature", params,
responseType);
HttpUtils.writeHttpResponse(resp, serializedResponse,
HttpServletResponse.SC_UNAUTHORIZED, responseType,
ApiServer.JSONcontentType.value());
-
}
} catch (final ServerApiException se) {
final String serializedResponseText =
apiServer.getSerializedApiError(se, params, responseType);
@@ -550,6 +550,9 @@ public class ApiServlet extends HttpServlet {
if (LOGGER.isTraceEnabled()) {
LOGGER.trace(msg);
}
+ if (session == null) {
+ return;
+ }
session.invalidate();
} catch (final IllegalStateException ise) {
if (LOGGER.isTraceEnabled()) {
diff --git
a/server/src/main/java/com/cloud/api/auth/DefaultForgotPasswordAPIAuthenticatorCmd.java
b/server/src/main/java/com/cloud/api/auth/DefaultForgotPasswordAPIAuthenticatorCmd.java
index 1e90b43c5e8..46a9dd9bfe3 100644
---
a/server/src/main/java/com/cloud/api/auth/DefaultForgotPasswordAPIAuthenticatorCmd.java
+++
b/server/src/main/java/com/cloud/api/auth/DefaultForgotPasswordAPIAuthenticatorCmd.java
@@ -44,13 +44,13 @@ import java.net.InetAddress;
import java.util.List;
import java.util.Map;
-@APICommand(name = "forgotPassword",
+@APICommand(name = DefaultForgotPasswordAPIAuthenticatorCmd.APINAME,
description = "Sends an email to the user with a token to reset the
password using resetPassword command.",
since = "4.20.0.0",
requestHasSensitiveInfo = true,
responseObject = SuccessResponse.class)
public class DefaultForgotPasswordAPIAuthenticatorCmd extends BaseCmd
implements APIAuthenticator {
-
+ public static final String APINAME = "forgotPassword";
/////////////////////////////////////////////////////
//////////////// API parameters /////////////////////
@@ -108,10 +108,12 @@ public class DefaultForgotPasswordAPIAuthenticatorCmd
extends BaseCmd implements
if (userDomain != null) {
domainId = userDomain.getId();
} else {
+ logger.debug("Unable to find the domain from the path {}",
domain);
throw new ServerApiException(ApiErrorCode.PARAM_ERROR,
String.format("Unable to find the domain from the path %s", domain));
}
final UserAccount userAccount =
_accountService.getActiveUserAccount(username[0], domainId);
if (userAccount != null && List.of(User.Source.SAML2,
User.Source.OAUTH2, User.Source.LDAP).contains(userAccount.getSource())) {
+ logger.debug("Forgot Password is not allowed for the user
{} from source {}", username[0], userAccount.getSource());
throw new ServerApiException(ApiErrorCode.PARAM_ERROR,
"Forgot Password is not allowed for this user");
}
boolean success = _apiServer.forgotPassword(userAccount,
userDomain);
diff --git
a/server/src/main/java/com/cloud/api/auth/DefaultLoginAPIAuthenticatorCmd.java
b/server/src/main/java/com/cloud/api/auth/DefaultLoginAPIAuthenticatorCmd.java
index c9b03a85f4c..86f2a63a6a5 100644
---
a/server/src/main/java/com/cloud/api/auth/DefaultLoginAPIAuthenticatorCmd.java
+++
b/server/src/main/java/com/cloud/api/auth/DefaultLoginAPIAuthenticatorCmd.java
@@ -47,7 +47,6 @@ import java.net.InetAddress;
@APICommand(name = "login", description = "Logs a user into the CloudStack. A
successful login attempt will generate a JSESSIONID cookie value that can be
passed in subsequent Query command calls until the \"logout\" command has been
issued or the session has expired.", requestHasSensitiveInfo = true,
responseObject = LoginCmdResponse.class, entityType = {})
public class DefaultLoginAPIAuthenticatorCmd extends BaseCmd implements
APIAuthenticator {
-
/////////////////////////////////////////////////////
//////////////// API parameters /////////////////////
/////////////////////////////////////////////////////
@@ -107,17 +106,13 @@ public class DefaultLoginAPIAuthenticatorCmd extends
BaseCmd implements APIAuthe
if (HTTPMethod.valueOf(req.getMethod()) != HTTPMethod.POST) {
throw new ServerApiException(ApiErrorCode.METHOD_NOT_ALLOWED,
"Please use HTTP POST to authenticate using this API");
}
+
// FIXME: ported from ApiServlet, refactor and cleanup
final String[] username = (String[])params.get(ApiConstants.USERNAME);
final String[] password = (String[])params.get(ApiConstants.PASSWORD);
- String[] domainIdArr = (String[])params.get(ApiConstants.DOMAIN_ID);
-
- if (domainIdArr == null) {
- domainIdArr = (String[])params.get(ApiConstants.DOMAIN__ID);
- }
- final String[] domainName = (String[])params.get(ApiConstants.DOMAIN);
+ final String[] domainIdArr =
(String[])params.get(ApiConstants.DOMAIN_ID);
Long domainId = null;
- if ((domainIdArr != null) && (domainIdArr.length > 0)) {
+ if (domainIdArr != null && domainIdArr.length > 0) {
try {
//check if UUID is passed in for domain
domainId = _apiServer.fetchDomainId(domainIdArr[0]);
@@ -135,6 +130,7 @@ public class DefaultLoginAPIAuthenticatorCmd extends
BaseCmd implements APIAuthe
}
String domain = null;
+ final String[] domainName = (String[])params.get(ApiConstants.DOMAIN);
domain = getDomainName(auditTrailSb, domainName, domain);
String serializedResponse = null;
diff --git
a/server/src/main/java/com/cloud/api/auth/DefaultResetPasswordAPIAuthenticatorCmd.java
b/server/src/main/java/com/cloud/api/auth/DefaultResetPasswordAPIAuthenticatorCmd.java
index 077efdee087..810b5ebefcf 100644
---
a/server/src/main/java/com/cloud/api/auth/DefaultResetPasswordAPIAuthenticatorCmd.java
+++
b/server/src/main/java/com/cloud/api/auth/DefaultResetPasswordAPIAuthenticatorCmd.java
@@ -53,7 +53,6 @@ import java.util.Map;
responseObject = SuccessResponse.class)
public class DefaultResetPasswordAPIAuthenticatorCmd extends BaseCmd
implements APIAuthenticator {
-
/////////////////////////////////////////////////////
//////////////// API parameters /////////////////////
/////////////////////////////////////////////////////
