From aeab59cf28ba48492342e9e12e2b18dea9f1d59e Mon Sep 17 00:00:00 2001 From: Yevgeny Khodorkovsky Date: Wed, 18 Sep 2013 13:11:00 -0700 Subject: [PATCH] UI: Allow admin to reset password for other users - Allow admin to reset password for other users without providing current password. - enforce re-login if changed own password Change-Id: I4553739315fe7a93328e54cf4d345e79011246bc Signed-off-by: Yevgeny Khodorkovsky --- .../controller/web/DaylightWebAdmin.java | 60 +++++++++++++++---- .../src/main/resources/WEB-INF/jsp/main.jsp | 1 + .../web/root/src/main/resources/js/open.js | 9 ++- 3 files changed, 57 insertions(+), 13 deletions(-) diff --git a/opendaylight/web/root/src/main/java/org/opendaylight/controller/web/DaylightWebAdmin.java b/opendaylight/web/root/src/main/java/org/opendaylight/controller/web/DaylightWebAdmin.java index 2b58bcc4cb..eafd8c54a7 100644 --- a/opendaylight/web/root/src/main/java/org/opendaylight/controller/web/DaylightWebAdmin.java +++ b/opendaylight/web/root/src/main/java/org/opendaylight/controller/web/DaylightWebAdmin.java @@ -15,6 +15,7 @@ import java.util.List; import java.util.Set; import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpSession; import org.opendaylight.controller.clustering.services.IClusterGlobalServices; import org.opendaylight.controller.connectionmanager.IConnectionManager; @@ -212,24 +213,63 @@ public class DaylightWebAdmin { @RequestMapping(value = "/users/password/{username}", method = RequestMethod.POST) @ResponseBody - public Status changePassword(@PathVariable("username") String username, HttpServletRequest request, - @RequestParam("currentPassword") String currentPassword, @RequestParam("newPassword") String newPassword) { + public Status changePassword( + @PathVariable("username") String username, HttpServletRequest request, + @RequestParam(value = "currentPassword", required=false) String currentPassword, + @RequestParam("newPassword") String newPassword) { IUserManager userManager = (IUserManager) ServiceHelper.getGlobalInstance(IUserManager.class, this); if (userManager == null) { - return new Status(StatusCode.GONE, "User Manager not found"); + return new Status(StatusCode.NOSERVICE, "User Manager unavailable"); } - if (!authorize(userManager, UserLevel.NETWORKADMIN, request)) { - return new Status(StatusCode.FORBIDDEN, "Operation not permitted"); - } + Status status; + String requestingUser = request.getUserPrincipal().getName(); + + //changing own password + if (requestingUser.equals(username) ) { + status = userManager.changeLocalUserPassword(username, currentPassword, newPassword); + //enforce the user to re-login with new password + if (status.isSuccess() && !newPassword.equals(currentPassword)) { + userManager.userLogout(username); + HttpSession session = request.getSession(false); + if ( session != null) { + session.invalidate(); + } + } + + //admin level user resetting other's password + } else if (authorize(userManager, UserLevel.NETWORKADMIN, request)) { + + //Since User Manager doesn't have an unprotected password change API, + //we re-create the user with the new password (and current roles). + List roles = userManager.getUserRoles(username); + UserConfig newConfig = new UserConfig(username, newPassword, roles); + + //validate before removing existing config, so we don't remove but fail to add + status = newConfig.validate(); + if (!status.isSuccess()) { + return status; + } + + userManager.userLogout(username); + status = userManager.removeLocalUser(username); + if (!status.isSuccess()) { + return status; + } + if (userManager.addLocalUser(newConfig).isSuccess()) { + status = new Status(StatusCode.SUCCESS, "Password for user " + username + " reset successfully."); + } else { + //unexpected + status = new Status(StatusCode.INTERNALERROR, "Failed resetting password for user " + username + ". User is now removed."); + } - if (newPassword.isEmpty()) { - return new Status(StatusCode.BADREQUEST, "Empty passwords not allowed"); + //unauthorized + } else { + status = new Status(StatusCode.UNAUTHORIZED, "Operation not permitted"); } - Status status = userManager.changeLocalUserPassword(username, currentPassword, newPassword); if (status.isSuccess()) { - DaylightWebUtil.auditlog("User", request.getUserPrincipal().getName(), "changed password for", username); + DaylightWebUtil.auditlog("User", requestingUser, "changed password for", username); } return status; } diff --git a/opendaylight/web/root/src/main/resources/WEB-INF/jsp/main.jsp b/opendaylight/web/root/src/main/resources/WEB-INF/jsp/main.jsp index c795a5d56b..4b0ce2d07d 100644 --- a/opendaylight/web/root/src/main/resources/WEB-INF/jsp/main.jsp +++ b/opendaylight/web/root/src/main/resources/WEB-INF/jsp/main.jsp @@ -67,6 +67,7 @@
+
${username} diff --git a/opendaylight/web/root/src/main/resources/js/open.js b/opendaylight/web/root/src/main/resources/js/open.js index 43a7dfdc44..619edcaf2c 100644 --- a/opendaylight/web/root/src/main/resources/js/open.js +++ b/opendaylight/web/root/src/main/resources/js/open.js @@ -443,9 +443,12 @@ one.main.admin = { // change password binding $('#'+one.main.admin.id.modal.password.submit, $modal).click(function() { one.main.admin.password.submit(id, $modal, function(result) { - if (result.code == 'SUCCESS') { - $modal.modal('hide'); - successCallback(); + if (result.success) { + //if changed own password, enforce relogin + if (id.trim() == $('#currentuser').val().trim()) { + alert("Password changed successfully. Please re-login with your new password."); + window.location = '/'; + } } else { alert(result.code+': '+result.description); } -- 2.36.6