-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/56503/
-----------------------------------------------------------
Review request for Ambari, Alexandr Antonenko, Di Li, and Jaimin Jetly.
Bugs: AMBARI-19910
https://issues.apache.org/jira/browse/AMBARI-19910
Repository: ambari
Description
-------
1. Create a user for e.g. test and set a password (that does not match the
password of the logged in user).
2. Click on Change Password and enter the old and new passwords.
3. Click on OK.
An error is displayed and you cannot change password although the current
password is correct.
Cannot change password
org.apache.ambari.server.controller.spi.SystemException: An internal system
exception occurred: Wrong current password provided
This seems to happen because in modifyPassword method in Users.java, we compare
the current password of the user (test), provided in the "Your Password" field
in the UI, with the password of the logged in user (for e.g. admin).
passwordEncoder.matches(currentUserPassword,
currentUserEntity.getUserPassword())
In this case, currentUserPassword is the old password for "test" while
currentUserEntity is the logged-in user "admin". So the old password for "test"
gets compared to the password for "admin", the check fails and the error is
thrown.
Fix is to compare the old password with the password of the userEntity (which
is the entity for "test").
I also updated the test cases in TestUsers.java accordingly.
Diffs
-----
ambari-server/src/main/java/org/apache/ambari/server/security/authorization/Users.java
4b3237b
ambari-server/src/test/java/org/apache/ambari/server/security/authorization/TestUsers.java
875fd46
Diff: https://reviews.apache.org/r/56503/diff/
Testing
-------
Manual testing. Ran mvn test.
Thanks,
Sangeeta Ravindran
