EMM-1658:Changed the API contract to not to send username parameter. User can only change his own password.

4.x.x
harshanl 8 years ago
parent ee97631eac
commit befb5b0ad8

@ -472,11 +472,6 @@ public interface UserManagementService {
}) })
@Permission(name = "Reset user password", permission = "/login") @Permission(name = "Reset user password", permission = "/login")
Response resetPassword( Response resetPassword(
@ApiParam(
name = "username",
value = "Username of the user.",
required = true)
@PathParam("username") String username,
@ApiParam( @ApiParam(
name = "credentials", name = "credentials",
value = "Credential.", value = "Credential.",

@ -373,10 +373,10 @@ public class UserManagementServiceImpl implements UserManagementService {
} }
@PUT @PUT
@Path("/{username}/credentials") @Path("/credentials")
@Override @Override
public Response resetPassword(@PathParam("username") String username, OldPasswordResetWrapper credentials) { public Response resetPassword(OldPasswordResetWrapper credentials) {
return CredentialManagementResponseBuilder.buildChangePasswordResponse(username, credentials); return CredentialManagementResponseBuilder.buildChangePasswordResponse(credentials);
} }
/** /**

@ -20,6 +20,7 @@ package org.wso2.carbon.device.mgt.jaxrs.util;
import org.apache.commons.logging.Log; import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory; import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.context.CarbonContext;
import org.wso2.carbon.device.mgt.jaxrs.beans.ErrorResponse; import org.wso2.carbon.device.mgt.jaxrs.beans.ErrorResponse;
import org.wso2.carbon.device.mgt.jaxrs.beans.OldPasswordResetWrapper; import org.wso2.carbon.device.mgt.jaxrs.beans.OldPasswordResetWrapper;
import org.wso2.carbon.device.mgt.jaxrs.beans.PasswordResetWrapper; import org.wso2.carbon.device.mgt.jaxrs.beans.PasswordResetWrapper;
@ -43,26 +44,23 @@ public class CredentialManagementResponseBuilder {
/** /**
* Builds the response to change the password of a user * Builds the response to change the password of a user
* *
* @param username - Username of the user.
* @param credentials - User credentials * @param credentials - User credentials
* @return Response Object * @return Response Object
*/ */
public static Response buildChangePasswordResponse(String username, OldPasswordResetWrapper credentials) { public static Response buildChangePasswordResponse(OldPasswordResetWrapper credentials) {
String username = "";
try { try {
UserStoreManager userStoreManager = DeviceMgtAPIUtils.getUserStoreManager();
if (!userStoreManager.isExistingUser(username)) {
return Response.status(Response.Status.NOT_FOUND).entity(
new ErrorResponse.ErrorResponseBuilder().setMessage("No user found with the username '"
+ username + "'").build()).build();
}
RequestValidationUtil.validateCredentials(credentials); RequestValidationUtil.validateCredentials(credentials);
if (!validateCredential(credentials.getNewPassword())) { if (!validateCredential(credentials.getNewPassword())) {
String errorMsg = DeviceMgtAPIUtils.getRealmService().getBootstrapRealmConfiguration() String errorMsg = DeviceMgtAPIUtils.getRealmService().getBootstrapRealmConfiguration()
.getUserStoreProperty(PASSWORD_VALIDATION_ERROR_MSG_TAG); .getUserStoreProperty(PASSWORD_VALIDATION_ERROR_MSG_TAG);
return Response.status(Response.Status.BAD_REQUEST).entity( return Response.status(Response.Status.BAD_REQUEST).entity(
new ErrorResponse.ErrorResponseBuilder().setMessage(errorMsg).build()).build(); new ErrorResponse.ErrorResponseBuilder().setMessage(errorMsg).build()).build();
} }
UserStoreManager userStoreManager = DeviceMgtAPIUtils.getUserStoreManager();
// this is the user who initiates the request
username = CarbonContext.getThreadLocalCarbonContext().getUsername();
userStoreManager.updateCredential(username, credentials.getNewPassword(), userStoreManager.updateCredential(username, credentials.getNewPassword(),
credentials.getOldPassword()); credentials.getOldPassword());
return Response.status(Response.Status.OK).entity("UserImpl password by username: " + return Response.status(Response.Status.OK).entity("UserImpl password by username: " +

Loading…
Cancel
Save