Re: Review Request 56503: Cannot change user passwords

Thu, 09 Feb 2017 11:00:41 -0800 

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/56503/#review164971
-----------------------------------------------------------


Ship it!




Ship It!

- Alejandro Fernandez


On Feb. 9, 2017, 6:31 p.m., Sangeeta Ravindran wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/56503/
> -----------------------------------------------------------
> 
> (Updated Feb. 9, 2017, 6:31 p.m.)
> 
> 
> Review request for Ambari, Alexandr Antonenko, Di Li, and Jaimin Jetly.
> 
> 
> Bugs: AMBARI-19910
>     https://issues.apache.org/jira/browse/AMBARI-19910
> 
> 
> Repository: ambari
> 
> 
> Description
> -------
> 
> 1. Create a user for e.g. test and set a password (that does not match the 
> password of the logged in user).
> 2. Click on Change Password and enter the old and new passwords.
> 3. Click on OK.
> An error is displayed and you cannot change password although the current 
> password is correct.
> 
> Cannot change password
> org.apache.ambari.server.controller.spi.SystemException: An internal system 
> exception occurred: Wrong current password provided
> 
> This seems to happen because in modifyPassword method in Users.java, we 
> compare the current password of the user (test), provided in the "Your 
> Password" field in the UI, with the password of the logged in user (for e.g. 
> admin).
> 
> passwordEncoder.matches(currentUserPassword, 
> currentUserEntity.getUserPassword())
> 
> In this case, currentUserPassword is the old password for "test" while 
> currentUserEntity is the logged-in user "admin". So the old password for 
> "test" gets compared to the password for "admin", the check fails and the 
> error is thrown.
> 
> Fix is to compare the old password with the password of the userEntity (which 
> is the entity for "test").
> 
> I also updated the test cases in TestUsers.java accordingly.
> 
> 
> Diffs
> -----
> 
>   
> ambari-server/src/main/java/org/apache/ambari/server/security/authorization/Users.java
>  4b3237b 
>   
> ambari-server/src/test/java/org/apache/ambari/server/security/authorization/TestUsers.java
>  875fd46 
> 
> Diff: https://reviews.apache.org/r/56503/diff/
> 
> 
> Testing
> -------
> 
> Manual testing. Ran mvn test.
> 
> 
> Thanks,
> 
> Sangeeta Ravindran
> 
>

Reply via email to