From: Jean-Baptiste Lievremont Date: Wed, 20 May 2015 13:23:33 +0000 (+0200) Subject: SONAR-6468 Allow any user to change their own password X-Git-Tag: 5.2-RC1~1838 X-Git-Url: https://source.dussan.org/?a=commitdiff_plain;h=ffc5bbb3c82d034003e18e09093e3632ce367397;p=sonarqube.git SONAR-6468 Allow any user to change their own password --- diff --git a/server/sonar-server/src/main/java/org/sonar/server/user/ws/ChangePasswordAction.java b/server/sonar-server/src/main/java/org/sonar/server/user/ws/ChangePasswordAction.java index e2d81b2bb70..76d2d61596e 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/user/ws/ChangePasswordAction.java +++ b/server/sonar-server/src/main/java/org/sonar/server/user/ws/ChangePasswordAction.java @@ -44,7 +44,8 @@ public class ChangePasswordAction implements UsersWsAction { @Override public void define(WebService.NewController controller) { WebService.NewAction action = controller.createAction("change_password") - .setDescription("Update a user's password. Requires Administer System permission.") + .setDescription("Update a user's password. Authenticated users can change their own password, " + + "Administer System permission is required to change another user's password.") .setSince("5.2") .setPost(true) .setHandler(this); @@ -62,9 +63,13 @@ public class ChangePasswordAction implements UsersWsAction { @Override public void handle(Request request, Response response) throws Exception { - userSession.checkLoggedIn().checkGlobalPermission(GlobalPermissions.SYSTEM_ADMIN); + userSession.checkLoggedIn(); String login = request.mandatoryParam(PARAM_LOGIN); + if (!login.equals(userSession.getLogin())) { + userSession.checkGlobalPermission(GlobalPermissions.SYSTEM_ADMIN); + } + String password = request.mandatoryParam(PARAM_PASSWORD); UpdateUser updateUser = UpdateUser.create(login) .setPassword(password) diff --git a/server/sonar-server/src/test/java/org/sonar/server/user/ws/ChangePasswordActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/user/ws/ChangePasswordActionTest.java index ee6c1e4b172..092762c4e2d 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/user/ws/ChangePasswordActionTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/user/ws/ChangePasswordActionTest.java @@ -136,6 +136,24 @@ public class ChangePasswordActionTest { assertThat(newPassword).isNotEqualTo(originalPassword); } + @Test + public void update_password_on_self() throws Exception { + createUser(); + session.clearCache(); + String originalPassword = dbClient.userDao().selectByLogin(session, "john").getCryptedPassword(); + + userSessionRule.login("john"); + tester.newPostRequest("api/users", "change_password") + .setParam("login", "john") + .setParam("password", "Valar Morghulis") + .execute() + .assertNoContent(); + + session.clearCache(); + String newPassword = dbClient.userDao().selectByLogin(session, "john").getCryptedPassword(); + assertThat(newPassword).isNotEqualTo(originalPassword); + } + private void createUser() { dbClient.userDao().insert(session, new UserDto() .setEmail("john@email.com")