Repository: ranger Updated Branches: refs/heads/ranger-0.7 78ffe3f53 -> 6134db8c8
RANGER-1727 : Ranger allows user to change an external user's password with 'null' old password Signed-off-by: Velmurugan Periasamy <[email protected]> Project: http://git-wip-us.apache.org/repos/asf/ranger/repo Commit: http://git-wip-us.apache.org/repos/asf/ranger/commit/6134db8c Tree: http://git-wip-us.apache.org/repos/asf/ranger/tree/6134db8c Diff: http://git-wip-us.apache.org/repos/asf/ranger/diff/6134db8c Branch: refs/heads/ranger-0.7 Commit: 6134db8c821daccacb6df0035ed26523b5fb1e5f Parents: 78ffe3f Author: fatimaawez <[email protected]> Authored: Tue Sep 26 14:59:41 2017 +0530 Committer: Velmurugan Periasamy <[email protected]> Committed: Wed Sep 27 14:52:52 2017 -0400 ---------------------------------------------------------------------- .../java/org/apache/ranger/biz/UserMgr.java | 41 ++++++++++++++++---- .../java/org/apache/ranger/biz/XUserMgr.java | 18 +++++++-- .../org/apache/ranger/biz/TestXUserMgr.java | 4 ++ 3 files changed, 52 insertions(+), 11 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/ranger/blob/6134db8c/security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java b/security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java index 94a087c..35d9b41 100644 --- a/security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java +++ b/security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java @@ -401,7 +401,13 @@ public class UserMgr { logger.warn("SECURITY:changePassword(). User not found. LoginId="+ pwdChange.getLoginId()); throw restErrorUtil.createRESTException("serverMsg.userMgrInvalidUser",MessageEnums.DATA_NOT_FOUND, null, null,pwdChange.getLoginId()); } - + if (gjUser.getUserSource() == RangerCommonEnums.USER_EXTERNAL) { + logger.info("SECURITY:changePassword().Ranger External Users cannot change password. LoginId=" + pwdChange.getLoginId()); + VXResponse vXResponse = new VXResponse(); + vXResponse.setStatusCode(HttpServletResponse.SC_FORBIDDEN); + vXResponse.setMsgDesc("SECURITY:changePassword().Ranger External Users cannot change password. LoginId=" + pwdChange.getLoginId()); + throw restErrorUtil.generateRESTException(vXResponse); + } //check current password and provided old password is same or not String encryptedOldPwd = encrypt(pwdChange.getLoginId(),pwdChange.getOldPassword()); if (!stringUtil.equals(encryptedOldPwd, gjUser.getPassword())) { @@ -484,9 +490,12 @@ public class UserMgr { String saltEncodedpasswd = encrypt(gjUser.getLoginId(), changeEmail.getOldPassword()); - + if (gjUser.getUserSource() == RangerCommonEnums.USER_APP) { gjUser.setPassword(saltEncodedpasswd); - + } + else if (gjUser.getUserSource() == RangerCommonEnums.USER_EXTERNAL) { + gjUser.setPassword(gjUser.getPassword()); + } daoManager.getXXPortalUser().update(gjUser); return mapXXPortalUserVXPortalUser(gjUser); } @@ -1243,7 +1252,7 @@ public class UserMgr { public XXPortalUser updateUserWithPass(VXPortalUser userProfile) { String updatedPassword = userProfile.getPassword(); - XXPortalUser xXPortalUser = this.updateUser(userProfile); + XXPortalUser xXPortalUser = this.updateUser(userProfile); if (xXPortalUser == null) { return null; @@ -1264,8 +1273,13 @@ public class UserMgr { String encryptedNewPwd = encrypt(xXPortalUser.getLoginId(), updatedPassword); - xXPortalUser.setPassword(encryptedNewPwd); - xXPortalUser = daoManager.getXXPortalUser().update(xXPortalUser); + if (xXPortalUser.getUserSource() != RangerCommonEnums.USER_EXTERNAL) { + xXPortalUser.setPassword(encryptedNewPwd); + } + else if (xXPortalUser.getUserSource() != RangerCommonEnums.USER_EXTERNAL) { + xXPortalUser.setPassword(xXPortalUser.getPassword()); + } + xXPortalUser = daoManager.getXXPortalUser().update(xXPortalUser); } return xXPortalUser; } @@ -1283,7 +1297,13 @@ public class UserMgr { } String dbOldPwd =xXPortalUser.getPassword(); String encryptedNewPwd = encrypt(xXPortalUser.getLoginId(),userPassword); - xXPortalUser.setPassword(encryptedNewPwd); + if (xXPortalUser.getUserSource() != RangerCommonEnums.USER_EXTERNAL) { + xXPortalUser.setPassword(encryptedNewPwd); + } + else if (xXPortalUser.getUserSource() != RangerCommonEnums.USER_EXTERNAL) { + xXPortalUser.setPassword(xXPortalUser.getPassword()); + } + xXPortalUser = daoManager.getXXPortalUser().update(xXPortalUser); if(xXPortalUser!=null && logAudits){ String dbNewPwd=xXPortalUser.getPassword(); @@ -1360,7 +1380,12 @@ public class UserMgr { xXPortalUser.setLoginId(newUserName); // The old password needs to be encrypted by the new user name String updatedPwd = encrypt(newUserName,currentPassword); - xXPortalUser.setPassword(updatedPwd); + if (xXPortalUser.getUserSource() == RangerCommonEnums.USER_APP) { + xXPortalUser.setPassword(updatedPwd); + } + else if (xXPortalUser.getUserSource() == RangerCommonEnums.USER_EXTERNAL) { + xXPortalUser.setPassword(xXPortalUser.getPassword()); + } xXPortalUser = daoManager.getXXPortalUser().update(xXPortalUser); List<XXTrxLog> trxLogList = new ArrayList<XXTrxLog>(); XXTrxLog xTrxLog = new XXTrxLog(); http://git-wip-us.apache.org/repos/asf/ranger/blob/6134db8c/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java b/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java index abc0e0c..8d3b751 100644 --- a/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java +++ b/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java @@ -386,10 +386,16 @@ public class XUserMgr extends XUserMgrBase { && password.equals(hiddenPasswordString)) { vXPortalUser.setPassword(oldUserProfile.getPassword()); } - else if(password != null){ - validatePassword(vXUser); - vXPortalUser.setPassword(password); + else if(password != null){ + validatePassword(vXUser); + if (oldUserProfile.getUserSource() == RangerCommonEnums.USER_EXTERNAL) { + vXPortalUser.setPassword(oldUserProfile.getPassword()); + } + else if(oldUserProfile.getUserSource() == RangerCommonEnums.USER_APP) + { + vXPortalUser.setPassword(password); } + } Collection<Long> groupIdList = vXUser.getGroupIdList(); XXPortalUser xXPortalUser = new XXPortalUser(); xXPortalUser = userMgr.updateUserWithPass(vXPortalUser); @@ -441,7 +447,13 @@ public class XUserMgr extends XUserMgrBase { // There is nothing to log anything in XXUser so far. vXUser = xUserService.updateResource(vXUser); vXUser.setUserRoleList(roleList); + if (oldUserProfile.getUserSource() == RangerCommonEnums.USER_APP) { vXUser.setPassword(password); + } + else if (oldUserProfile.getUserSource() == RangerCommonEnums.USER_EXTERNAL) { + vXUser.setPassword(oldUserProfile.getPassword()); + } + List<XXTrxLog> trxLogList = xUserService.getTransactionLog(vXUser, oldUserProfile, "update"); vXUser.setPassword(hiddenPasswordString); http://git-wip-us.apache.org/repos/asf/ranger/blob/6134db8c/security-admin/src/test/java/org/apache/ranger/biz/TestXUserMgr.java ---------------------------------------------------------------------- diff --git a/security-admin/src/test/java/org/apache/ranger/biz/TestXUserMgr.java b/security-admin/src/test/java/org/apache/ranger/biz/TestXUserMgr.java index 88984b5..b6ef572 100644 --- a/security-admin/src/test/java/org/apache/ranger/biz/TestXUserMgr.java +++ b/security-admin/src/test/java/org/apache/ranger/biz/TestXUserMgr.java @@ -353,7 +353,11 @@ public class TestXUserMgr { public void test12UpdateXUser() { setup(); VXUser vxUser = vxUser(); + vxUser.setUserSource(RangerCommonEnums.USER_APP); + vxUser.setName("name"); Mockito.when(xUserService.updateResource(vxUser)).thenReturn(vxUser); + VXPortalUser vXPortalUser = new VXPortalUser(); + Mockito.when(userMgr.getUserProfileByLoginId(vxUser.getName())).thenReturn(vXPortalUser); VXUser dbvxUser = xUserMgr.updateXUser(vxUser); Assert.assertNotNull(dbvxUser);
