-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/54621/
-----------------------------------------------------------
(Updated Dec. 17, 2016, 12:13 p.m.)
Review request for ranger, Ankita Sinha, Don Bosco Durai, Gautam Borad, Abhay
Kulkarni, Madhan Neethiraj, Mehul Parikh, Ramesh Mani, Selvamohan Neethiraj,
and Velmurugan Periasamy.
Changes
-------
updated code to log the password change request.
Bugs: RANGER-1259
https://issues.apache.org/jira/browse/RANGER-1259
Repository: ranger
Description
-------
**Problem Statement:** If Ranger admin password has been changed from UI and
Ranger admin default password change request is made via 'db_setup.py
-changepassword' command then password change request should not fail with
failure error message rather it should skip the password change request and
display appropriate message.
**Proposed Solution:** ChangePasswordUtil.java can accept one optional
parameter '-default' for default password change request. if '-default' switch
is enabled then script shall check the provided old/default password with
existing password in db; if it matches then it will process the password change
request else it will skip the password change request and return the status
code 2 and will not throw failure message.
This shall require some modification in db_setup.py where it has to call java
utility with -default switch; receive the status code and if status code is 2
then it will display appropriate skip password change request message.
Please note that changepasswordutil.py doesn't required any changes as it is
not being called from any other script and '-default' switch/parameter is
optional in ChangePasswordUtil.java
Diffs (updated)
-----
security-admin/scripts/db_setup.py bb51cc7
security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java 9885090
security-admin/src/main/java/org/apache/ranger/entity/XXPortalUser.java
c9b907f
security-admin/src/main/java/org/apache/ranger/patch/cliutil/ChangePasswordUtil.java
fd72e97
security-admin/src/main/java/org/apache/ranger/security/handler/RangerAuthenticationProvider.java
d5cab44
security-admin/src/main/java/org/apache/ranger/view/VXPortalUser.java ecdf756
security-admin/src/main/java/org/apache/ranger/view/VXUser.java 85b7b2f
security-admin/src/test/java/org/apache/ranger/biz/TestUserMgr.java 909ec9e
Diff: https://reviews.apache.org/r/54621/diff/
Testing
-------
**Steps Performed(with patch):**
1. Installed ranger-admin from Build having changed of proposed patch.
2. Changed current directory to ranger-admin installation directory.
3. Started ranger-admin and was able to access ranger-admin home page/login
page by using default password 'admin'
4. Logged out from Ranger-admin UI.
5. Run below given command to change 'admin' user password from 'admin' to
'admin123'
python db_setup.py -changepassword admin admin admin123.
6. Password change request completed successfully with following message :
'Ranger admin default password change request processed successfully..'
7. On the login page of ranger-admin entered username 'admin' and password
'admin123'; clicked on 'Sign In' button to login page.
**Expected Behavior:**
'admin' user should get authenticated successfully and ranger-admin dashboard
page for 'admin' user should appear.
**Actual Behavior:**
'admin' user was authenticated successfully and after authentication page was
redirected to ranger-admin dashboard page.
Deleted version='DEFAULT_ADMIN_UPDATE' entry from x_db_version_h table so that
db_setup.py script didn't know whether default password has been changed or
not. Run below given command to change 'admin' user default password from
'admin' to 'admin12345'
python db_setup.py -changepassword admin admin admin12345
**Expected Behavior:**
Script should skip the change password request as password has been changed
once. Appropriate message should appear if password has already been changed.
**Actual Behavior:**
Password change request finished with following message : 'Ranger admin default
password change request process skipped!'
Thanks,
Pradeep Agrawal
