rafaelweingartner commented on a change in pull request #2574:
[CLOUDSTACK-5235] ask users old password when they are executing a password
update
URL: https://github.com/apache/cloudstack/pull/2574#discussion_r184131035
##########
File path: server/src/main/java/com/cloud/user/AccountManagerImpl.java
##########
@@ -1209,41 +1209,41 @@ protected void
validateUserPasswordAndUpdateIfNeeded(String newPassword, UserVO
if (isAdmin) {
s_logger.trace(String.format("Admin account [uuid=%s] executing
password update for user [%s] ", callingAccount.getUuid(), user.getUuid()));
}
- if (!isAdmin && StringUtils.isBlank(oldPassword)) {
- throw new InvalidParameterValueException("You must inform the old
password when updating a user password.");
+ if (!isAdmin && StringUtils.isBlank(currentPassword)) {
+ throw new InvalidParameterValueException("You must inform the
current password when updating a user password.");
}
if (CollectionUtils.isEmpty(_userPasswordEncoders)) {
throw new CloudRuntimeException("No user authenticators
configured!");
}
if (!isAdmin) {
- validateOldPassword(user, oldPassword);
+ validateCurrentPassword(user, currentPassword);
}
UserAuthenticator userAuthenticator = _userPasswordEncoders.get(0);
String newPasswordEncoded = userAuthenticator.encode(newPassword);
user.setPassword(newPasswordEncoded);
}
/**
- * Iterates over all configured user authenticators and tries to
authenticated the user using the old password.
+ * Iterates over all configured user authenticators and tries to
authenticated the user using the current password.
* If the user is authenticated with success, we have nothing else to do
here; otherwise, an {@link InvalidParameterValueException} is thrown.
*/
- protected void validateOldPassword(UserVO user, String oldPassword) {
+ protected void validateCurrentPassword(UserVO user, String
currentPassword) {
AccountVO userAccount = _accountDao.findById(user.getAccountId());
- boolean oldPasswordMatchesDataBasePassword = false;
+ boolean currentPasswordMatchesDataBasePassword = false;
for (UserAuthenticator userAuthenticator : _userPasswordEncoders) {
- Pair<Boolean, ActionOnFailedAuthentication> authenticationResult =
userAuthenticator.authenticate(user.getUsername(), oldPassword,
userAccount.getDomainId(), null);
+ Pair<Boolean, ActionOnFailedAuthentication> authenticationResult =
userAuthenticator.authenticate(user.getUsername(), currentPassword,
userAccount.getDomainId(), null);
if (authenticationResult == null) {
s_logger.trace(String.format("Authenticator [%s] is returning
null for the authenticate mehtod.", userAuthenticator.getClass()));
continue;
}
if (BooleanUtils.toBoolean(authenticationResult.first())) {
s_logger.debug(String.format("User [id=%s] re-authenticated
[authenticator=%s] during password update.", user.getUuid(),
userAuthenticator.getName()));
- oldPasswordMatchesDataBasePassword = true;
+ currentPasswordMatchesDataBasePassword = true;
break;
}
}
- if (!oldPasswordMatchesDataBasePassword) {
- throw new InvalidParameterValueException("Old password does not
match the database password.");
+ if (!currentPasswordMatchesDataBasePassword) {
+ throw new InvalidParameterValueException("Current password
informed does not match the database password.");
Review comment:
Done.
Thanks for the second pair of eyes here.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
With regards,
Apache Git Services
