From befb5b0ad86ebd44b7fd32ea4712ac0f5b999103 Mon Sep 17 00:00:00 2001 From: harshanl Date: Mon, 3 Oct 2016 14:13:06 +0530 Subject: [PATCH] EMM-1658:Changed the API contract to not to send username parameter. User can only change his own password. --- .../service/api/UserManagementService.java | 5 ----- .../impl/UserManagementServiceImpl.java | 6 +++--- .../CredentialManagementResponseBuilder.java | 18 ++++++++---------- 3 files changed, 11 insertions(+), 18 deletions(-) diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/UserManagementService.java b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/UserManagementService.java index 356aa7afef..9be8afd4eb 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/UserManagementService.java +++ b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/UserManagementService.java @@ -472,11 +472,6 @@ public interface UserManagementService { }) @Permission(name = "Reset user password", permission = "/login") Response resetPassword( - @ApiParam( - name = "username", - value = "Username of the user.", - required = true) - @PathParam("username") String username, @ApiParam( name = "credentials", value = "Credential.", diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/impl/UserManagementServiceImpl.java b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/impl/UserManagementServiceImpl.java index 294e52928c..43f52d812a 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/impl/UserManagementServiceImpl.java +++ b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/impl/UserManagementServiceImpl.java @@ -373,10 +373,10 @@ public class UserManagementServiceImpl implements UserManagementService { } @PUT - @Path("/{username}/credentials") + @Path("/credentials") @Override - public Response resetPassword(@PathParam("username") String username, OldPasswordResetWrapper credentials) { - return CredentialManagementResponseBuilder.buildChangePasswordResponse(username, credentials); + public Response resetPassword(OldPasswordResetWrapper credentials) { + return CredentialManagementResponseBuilder.buildChangePasswordResponse(credentials); } /** diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/util/CredentialManagementResponseBuilder.java b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/util/CredentialManagementResponseBuilder.java index 09371c3c5d..7007aa0d3e 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/util/CredentialManagementResponseBuilder.java +++ b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/util/CredentialManagementResponseBuilder.java @@ -20,6 +20,7 @@ package org.wso2.carbon.device.mgt.jaxrs.util; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; +import org.wso2.carbon.context.CarbonContext; import org.wso2.carbon.device.mgt.jaxrs.beans.ErrorResponse; import org.wso2.carbon.device.mgt.jaxrs.beans.OldPasswordResetWrapper; import org.wso2.carbon.device.mgt.jaxrs.beans.PasswordResetWrapper; @@ -43,26 +44,23 @@ public class CredentialManagementResponseBuilder { /** * Builds the response to change the password of a user * - * @param username - Username of the user. * @param credentials - User credentials * @return Response Object */ - public static Response buildChangePasswordResponse(String username, OldPasswordResetWrapper credentials) { + public static Response buildChangePasswordResponse(OldPasswordResetWrapper credentials) { + String username = ""; try { - UserStoreManager userStoreManager = DeviceMgtAPIUtils.getUserStoreManager(); - if (!userStoreManager.isExistingUser(username)) { - return Response.status(Response.Status.NOT_FOUND).entity( - new ErrorResponse.ErrorResponseBuilder().setMessage("No user found with the username '" - + username + "'").build()).build(); - } RequestValidationUtil.validateCredentials(credentials); - if (!validateCredential(credentials.getNewPassword())) { String errorMsg = DeviceMgtAPIUtils.getRealmService().getBootstrapRealmConfiguration() - .getUserStoreProperty(PASSWORD_VALIDATION_ERROR_MSG_TAG); + .getUserStoreProperty(PASSWORD_VALIDATION_ERROR_MSG_TAG); return Response.status(Response.Status.BAD_REQUEST).entity( new ErrorResponse.ErrorResponseBuilder().setMessage(errorMsg).build()).build(); } + + UserStoreManager userStoreManager = DeviceMgtAPIUtils.getUserStoreManager(); + // this is the user who initiates the request + username = CarbonContext.getThreadLocalCarbonContext().getUsername(); userStoreManager.updateCredential(username, credentials.getNewPassword(), credentials.getOldPassword()); return Response.status(Response.Status.OK).entity("UserImpl password by username: " +