Wrong user was being sent to change the password (it was the session user).
Signed-off-by: Andrew Kim <andrekim@cisco.com>
@ResponseBody
public Status changePassword(@PathVariable("username") String username, HttpServletRequest request,
@RequestParam("currentPassword") String currentPassword, @RequestParam("newPassword") String newPassword) {
@ResponseBody
public Status changePassword(@PathVariable("username") String username, HttpServletRequest request,
@RequestParam("currentPassword") String currentPassword, @RequestParam("newPassword") String newPassword) {
- String user = request.getUserPrincipal().getName();
-
IUserManager userManager = (IUserManager) ServiceHelper
.getGlobalInstance(IUserManager.class, this);
if (userManager == null) {
IUserManager userManager = (IUserManager) ServiceHelper
.getGlobalInstance(IUserManager.class, this);
if (userManager == null) {
return new Status(StatusCode.BADREQUEST, "Empty passwords not allowed");
}
return new Status(StatusCode.BADREQUEST, "Empty passwords not allowed");
}
- Status status = userManager.changeLocalUserPassword(user, currentPassword, newPassword);
+ Status status = userManager.changeLocalUserPassword(username, currentPassword, newPassword);
Code Review / controller.git / commitdiff