diff options
| author | Jean-Baptiste Lievremont <jean-baptiste.lievremont@sonarsource.com> | 2015-05-20 15:23:33 +0200 |
|---|---|---|
| committer | Jean-Baptiste Lievremont <jean-baptiste.lievremont@sonarsource.com> | 2015-05-26 16:04:31 +0200 |
| commit | ffc5bbb3c82d034003e18e09093e3632ce367397 (patch) | |
| tree | 4ff27f224443d24b260bbbdb422719664732ada5 | |
| parent | 35b83f482e98d782a68715a0bc40aa741938daa9 (diff) | |
| download | sonarqube-ffc5bbb3c82d034003e18e09093e3632ce367397.tar.gz sonarqube-ffc5bbb3c82d034003e18e09093e3632ce367397.zip | |
SONAR-6468 Allow any user to change their own password
| -rw-r--r-- | server/sonar-server/src/main/java/org/sonar/server/user/ws/ChangePasswordAction.java | 9 | ||||
| -rw-r--r-- | server/sonar-server/src/test/java/org/sonar/server/user/ws/ChangePasswordActionTest.java | 18 |
2 files changed, 25 insertions, 2 deletions
diff --git a/server/sonar-server/src/main/java/org/sonar/server/user/ws/ChangePasswordAction.java b/server/sonar-server/src/main/java/org/sonar/server/user/ws/ChangePasswordAction.java index e2d81b2bb70..76d2d61596e 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/user/ws/ChangePasswordAction.java +++ b/server/sonar-server/src/main/java/org/sonar/server/user/ws/ChangePasswordAction.java @@ -44,7 +44,8 @@ public class ChangePasswordAction implements UsersWsAction { @Override public void define(WebService.NewController controller) { WebService.NewAction action = controller.createAction("change_password") - .setDescription("Update a user's password. Requires Administer System permission.") + .setDescription("Update a user's password. Authenticated users can change their own password, " + + "Administer System permission is required to change another user's password.") .setSince("5.2") .setPost(true) .setHandler(this); @@ -62,9 +63,13 @@ public class ChangePasswordAction implements UsersWsAction { @Override public void handle(Request request, Response response) throws Exception { - userSession.checkLoggedIn().checkGlobalPermission(GlobalPermissions.SYSTEM_ADMIN); + userSession.checkLoggedIn(); String login = request.mandatoryParam(PARAM_LOGIN); + if (!login.equals(userSession.getLogin())) { + userSession.checkGlobalPermission(GlobalPermissions.SYSTEM_ADMIN); + } + String password = request.mandatoryParam(PARAM_PASSWORD); UpdateUser updateUser = UpdateUser.create(login) .setPassword(password) diff --git a/server/sonar-server/src/test/java/org/sonar/server/user/ws/ChangePasswordActionTest.java b/server/sonar-server/src/test/java/org/sonar/server/user/ws/ChangePasswordActionTest.java index ee6c1e4b172..092762c4e2d 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/user/ws/ChangePasswordActionTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/user/ws/ChangePasswordActionTest.java @@ -136,6 +136,24 @@ public class ChangePasswordActionTest { assertThat(newPassword).isNotEqualTo(originalPassword); } + @Test + public void update_password_on_self() throws Exception { + createUser(); + session.clearCache(); + String originalPassword = dbClient.userDao().selectByLogin(session, "john").getCryptedPassword(); + + userSessionRule.login("john"); + tester.newPostRequest("api/users", "change_password") + .setParam("login", "john") + .setParam("password", "Valar Morghulis") + .execute() + .assertNoContent(); + + session.clearCache(); + String newPassword = dbClient.userDao().selectByLogin(session, "john").getCryptedPassword(); + assertThat(newPassword).isNotEqualTo(originalPassword); + } + private void createUser() { dbClient.userDao().insert(session, new UserDto() .setEmail("john@email.com") |