Fixed Bug 3307 - Can not change the password after logging into the cluster

author: Shireesh Anjal <shireesh@gluster.com> 2011-08-10 17:08:28 +0530
committer: Shireesh Anjal <shireesh@gluster.com> 2011-08-10 17:09:03 +0530
commit: 6357456904aecbc801b54f56c92be2a644fdd808 (patch)
tree: 3154bce4564dbe0006c7d291681da27979b7e734 /src
parent: 70bc2e0c2fe1bbac30e4d8d80d83c5095d2bce2c (diff)
3 files changed, 26 insertions, 12 deletions
diff --git a/src/com.gluster.storage.management.client/src/com/gluster/storage/management/client/UsersClient.java b/src/com.gluster.storage.management.client/src/com/gluster/storage/management/client/UsersClient.java
index 6722708b..4e89e994 100644
--- a/src/com.gluster.storage.management.client/src/com/gluster/storage/management/client/UsersClient.java
+++ b/src/com.gluster.storage.management.client/src/com/gluster/storage/management/client/UsersClient.java
@@ -18,16 +18,17 @@
  *******************************************************************************/
 package com.gluster.storage.management.client;
 
+import static com.gluster.storage.management.core.constants.RESTConstants.FORM_PARAM_NEW_PASSWORD;
+import static com.gluster.storage.management.core.constants.RESTConstants.FORM_PARAM_OLD_PASSWORD;
+
+import com.gluster.storage.management.core.constants.RESTConstants;
+import com.gluster.storage.management.core.exceptions.GlusterRuntimeException;
 import com.gluster.storage.management.core.model.Status;
 import com.sun.jersey.api.representation.Form;
 import com.sun.jersey.core.util.Base64;
 
 
 public class UsersClient extends AbstractClient {
-	private static final String RESOURCE_NAME = "users";
-	private static final String FORM_PARAM_OLD_PASSWORD = "oldpassword";
-	private static final String FORM_PARAM_NEW_PASSWORD = "newpassword";
-
 	private String generateSecurityToken(String user, String password) {
 		return new String(Base64.encode(user + ":" + password));
 	}
@@ -42,7 +43,11 @@ public class UsersClient extends AbstractClient {
 	}
 
 	public void changePassword(String user, String oldPassword, String newPassword) {
-		setSecurityToken(generateSecurityToken(user, oldPassword));
+		String oldSecurityToken = getSecurityToken();
+		String newSecurityToken = generateSecurityToken(user, oldPassword); 
+		if(!oldSecurityToken.equals(newSecurityToken)) {
+			throw new GlusterRuntimeException("Invalid old password!");
+		}
 
 		Form form = new Form();
 		form.add(FORM_PARAM_OLD_PASSWORD, oldPassword);
@@ -76,7 +81,7 @@ public class UsersClient extends AbstractClient {
 	 */
 	@Override
 	public String getResourcePath() {
-		return RESOURCE_NAME;
+		return RESTConstants.RESOURCE_USERS;
 	}
 
 	/*
diff --git a/src/com.gluster.storage.management.core/src/com/gluster/storage/management/core/constants/RESTConstants.java b/src/com.gluster.storage.management.core/src/com/gluster/storage/management/core/constants/RESTConstants.java
index 737f4d7b..97b83f70 100644
--- a/src/com.gluster.storage.management.core/src/com/gluster/storage/management/core/constants/RESTConstants.java
+++ b/src/com.gluster.storage.management.core/src/com/gluster/storage/management/core/constants/RESTConstants.java
@@ -43,6 +43,7 @@ public class RESTConstants {
 	public static final String RESOURCE_TASKS = "tasks";
 	public static final String RESOURCE_KEYS = "keys";
 	public static final String RESOURCE_STATISTICS = "statistics";
+	public static final String RESOURCE_USERS = "users";
 	
 	public static final String TASK_START = "start";
 	public static final String TASK_PAUSE = "pause";
@@ -81,6 +82,8 @@ public class RESTConstants {
 	public static final String FORM_PARAM_FIX_LAYOUT = "fix-layout";
 	public static final String FORM_PARAM_MIGRATE_DATA = "migrate-data";
 	public static final String FORM_PARAM_FORCED_DATA_MIGRATE = "forced-data-migrate";
+	public static final String FORM_PARAM_OLD_PASSWORD = "oldpassword";
+	public static final String FORM_PARAM_NEW_PASSWORD = "newpassword";
 	
 	public static final String PATH_PARAM_FORMAT = "format";
 	public static final String PATH_PARAM_VOLUME_NAME = "volumeName";
diff --git a/src/com.gluster.storage.management.gateway/src/com/gluster/storage/management/gateway/resources/v1_0/UsersResource.java b/src/com.gluster.storage.management.gateway/src/com/gluster/storage/management/gateway/resources/v1_0/UsersResource.java
index d67a024e..6914e505 100644
--- a/src/com.gluster.storage.management.gateway/src/com/gluster/storage/management/gateway/resources/v1_0/UsersResource.java
+++ b/src/com.gluster.storage.management.gateway/src/com/gluster/storage/management/gateway/resources/v1_0/UsersResource.java
@@ -18,6 +18,8 @@
  *******************************************************************************/
 package com.gluster.storage.management.gateway.resources.v1_0;
 
+import static com.gluster.storage.management.core.constants.RESTConstants.FORM_PARAM_NEW_PASSWORD;
+import static com.gluster.storage.management.core.constants.RESTConstants.FORM_PARAM_OLD_PASSWORD;
 import static com.gluster.storage.management.core.constants.RESTConstants.PATH_PARAM_USER;
 import static com.gluster.storage.management.core.constants.RESTConstants.RESOURCE_PATH_USERS;
 
@@ -89,8 +91,9 @@ public class UsersResource extends AbstractResource {
 
 	@Path("{" + PATH_PARAM_USER + "}")
 	@PUT
-	public Response changePassword(@PathParam("user") String username, @FormParam("oldpassword") String oldPassword,
-			@FormParam("newpassword") String newPassword) {
+	public Response changePassword(@PathParam(PATH_PARAM_USER) String username,
+			@FormParam(FORM_PARAM_OLD_PASSWORD) String oldPassword,
+			@FormParam(FORM_PARAM_NEW_PASSWORD) String newPassword) {
 		try {
 			Authentication auth = SecurityContextHolder.getContext().getAuthentication();
 			String loggedInUser = ((UserDetails)auth.getPrincipal()).getUsername();
@@ -100,13 +103,16 @@ public class UsersResource extends AbstractResource {
 						+ "] is not allowed to change password of user [" + username + "]!");
 			}
 
-			String correctOldPassword = auth.getCredentials().toString();
-			if(!oldPassword.equals(correctOldPassword)) {
+			UserDetails user = userDetailsService.loadUserByUsername(username);
+			Object salt = saltSource.getSalt(user);
+
+			String actualOldPasswordEncoded = ((UserDetails)auth.getPrincipal()).getPassword();
+			String oldPasswordEncoded = passwordEncoder.encodePassword(oldPassword, salt);
+			if(!oldPasswordEncoded.equals(actualOldPasswordEncoded)) {
 				throw new GlusterValidationException("Invalid old password!");
 			}
 			
-			UserDetails user = userDetailsService.loadUserByUsername(username);
-			String encodedNewPassword = passwordEncoder.encodePassword(newPassword, saltSource.getSalt(user));
+			String encodedNewPassword = passwordEncoder.encodePassword(newPassword, salt);
 			jdbcUserService.changePassword(oldPassword, encodedNewPassword);
 		} catch (Exception ex) {
 			String errMsg = "Could not change password. Error: [" + ex.getMessage() + "]";
author	Shireesh Anjal <shireesh@gluster.com>	2011-08-10 17:08:28 +0530
committer	Shireesh Anjal <shireesh@gluster.com>	2011-08-10 17:09:03 +0530
commit	6357456904aecbc801b54f56c92be2a644fdd808 (patch)
tree	3154bce4564dbe0006c7d291681da27979b7e734 /src
parent	70bc2e0c2fe1bbac30e4d8d80d83c5095d2bce2c (diff)