Skip to content

Commit

Permalink
SONAR-6468 Allow any user to change their own password
Browse files Browse the repository at this point in the history
  • Loading branch information
@jblievremont
jblievremont committed May 26, 2015
1 parent 35b83f4 commit ffc5bbb
Show file tree
Hide file tree
Showing 2 changed files with 25 additions and 2 deletions.
9 changes: 7 additions & 2 deletions server/sonar-server/src/main/java/org/sonar/server/user/ws/ChangePasswordAction.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -44,7 +44,8 @@ public ChangePasswordAction(UserUpdater userUpdater, UserSession userSession) {
@Override
public void define(WebService.NewController controller) {
WebService.NewAction action = controller.createAction("change_password")
.setDescription("Update a user's password. Requires Administer System permission.")
.setDescription("Update a user's password. Authenticated users can change their own password, " +
"Administer System permission is required to change another user's password.")
.setSince("5.2")
.setPost(true)
.setHandler(this);
Expand All @@ -62,9 +63,13 @@ public void define(WebService.NewController controller) {

@Override
public void handle(Request request, Response response) throws Exception {
userSession.checkLoggedIn().checkGlobalPermission(GlobalPermissions.SYSTEM_ADMIN);
userSession.checkLoggedIn();

String login = request.mandatoryParam(PARAM_LOGIN);
if (!login.equals(userSession.getLogin())) {
userSession.checkGlobalPermission(GlobalPermissions.SYSTEM_ADMIN);
}

String password = request.mandatoryParam(PARAM_PASSWORD);
UpdateUser updateUser = UpdateUser.create(login)
.setPassword(password)
Expand Down
18 changes: 18 additions & 0 deletions server/sonar-server/src/test/java/org/sonar/server/user/ws/ChangePasswordActionTest.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -136,6 +136,24 @@ public void update_password() throws Exception {
assertThat(newPassword).isNotEqualTo(originalPassword);
}

@Test
public void update_password_on_self() throws Exception {
createUser();
session.clearCache();
String originalPassword = dbClient.userDao().selectByLogin(session, "john").getCryptedPassword();

userSessionRule.login("john");
tester.newPostRequest("api/users", "change_password")
.setParam("login", "john")
.setParam("password", "Valar Morghulis")
.execute()
.assertNoContent();

session.clearCache();
String newPassword = dbClient.userDao().selectByLogin(session, "john").getCryptedPassword();
assertThat(newPassword).isNotEqualTo(originalPassword);
}

private void createUser() {
dbClient.userDao().insert(session, new UserDto()
.setEmail("john@email.com")
Expand Down

0 comments on commit ffc5bbb

Please sign in to comment.