diff --git a/java/lc-esp-engine/src/main/java/lc/esp/engine/Directory.java b/java/lc-esp-engine/src/main/java/lc/esp/engine/Directory.java index fec50edef83bf80100f8c3f60be59096094b783d..d7860d629eec258fc8fda3a78e2278bf74e263d3 100644 --- a/java/lc-esp-engine/src/main/java/lc/esp/engine/Directory.java +++ b/java/lc-esp-engine/src/main/java/lc/esp/engine/Directory.java @@ -36,8 +36,8 @@ public class Directory { return null; } - public void updatePassword(String userId, String oldPassword, String newPassword) throws Exception { - ad.updatePassword(userId, oldPassword, newPassword); + public void updatePassword(String userId, String newPassword) throws Exception { + ad.updatePassword(userId, newPassword); } public Set findGroups(String userId) throws NamingException { diff --git a/java/lc-gdn-api-svc/openapi.yaml b/java/lc-gdn-api-svc/openapi.yaml index 08511a2c9d85040c85989a35e318a1f2fdb8c080..f5440d957e704f9c49a767a8a093c840e900b71c 100644 --- a/java/lc-gdn-api-svc/openapi.yaml +++ b/java/lc-gdn-api-svc/openapi.yaml @@ -48,25 +48,13 @@ paths: description: No such tunnel exists or the IP address was invalid. /user/password: put: - description: Update the password for a GDN user. + description: Update the password for the currently logged in user. security: - BasicAuth: [ ] parameters: - - required: false - description: The username for the account to update. If this field is not provided, the password for the logged-in user will be set instead. - name: username - in: query - schema: - type: string - required: true description: The new password. - name: new_password - in: query - schema: - type: string - - required: true - description: The old password. - name: old_password + name: password in: query schema: type: string diff --git a/java/lc-gdn-api-svc/src/main/java/lc/gdn/api/UserPasswordHandler.java b/java/lc-gdn-api-svc/src/main/java/lc/gdn/api/UserPasswordHandler.java index df0ce88ee4b6b37a4d6160578a75c157d7fa529c..53239770fd993fd3f3fa8742509f0bd47a8e087d 100644 --- a/java/lc-gdn-api-svc/src/main/java/lc/gdn/api/UserPasswordHandler.java +++ b/java/lc-gdn-api-svc/src/main/java/lc/gdn/api/UserPasswordHandler.java @@ -19,25 +19,15 @@ public class UserPasswordHandler extends AuthenticatedHandler { @Override public HandlerStatus handleAuthenticated(WebTransaction request, Directory ad, String authUserId) throws Exception { - String username = request.httpServletRequest.getParameter("username"); - String newPassword = request.httpServletRequest.getParameter("new_password"); - String oldPassword = request.httpServletRequest.getParameter("old_password"); + String newPassword = request.httpServletRequest.getParameter("password"); - String targetSid; - - if (username == null) { - targetSid = authUserId; - } else { - targetSid = ad.findUser(username); - } - - if (StringUtils.isBlank(targetSid)) { + if (StringUtils.isBlank(authUserId)) { logger.warn("Unable to determine target user SID."); request.httpServletResponse.setStatus(422); return HandlerStatus.BREAK; } - ad.updatePassword(targetSid, oldPassword, newPassword); + ad.updatePassword(authUserId, newPassword); request.httpServletResponse.setStatus(200); diff --git a/java/lc-mecha/src/main/java/lc/mecha/aaa/ActiveDirectory.java b/java/lc-mecha/src/main/java/lc/mecha/aaa/ActiveDirectory.java index 1ea1c416389a60805970a1eabd8920595842b32b..1c0a05dac309e2bd622de99f92cac09a416425b8 100644 --- a/java/lc-mecha/src/main/java/lc/mecha/aaa/ActiveDirectory.java +++ b/java/lc-mecha/src/main/java/lc/mecha/aaa/ActiveDirectory.java @@ -771,26 +771,23 @@ public final class ActiveDirectory { * @param password * @throws Exception */ - public void updatePassword(final String durableId, final String oldPassword, final String password) + public void updatePassword(final String durableId, final String password) throws Exception { + + logger.info("Updating password. [u: {}] [p: {}]", durableId, password); + // Step #1 = Convert the SID to an account name final Map userInfo = findUserBySID(durableId); if (userInfo == null) throw new Exception("No such user"); - // Step #2 = Build a context with the user creds and change the password - final LdapContext ctxGC = newContext((String) userInfo.get(KEY_ACCOUNT), oldPassword); + final LdapContext ctxGC = newContext(); + + final byte[] quotedPasswordBytes = ('"' + password + '"').getBytes("UTF-16LE"); - final String quotedPassword = "\"" + password + "\""; - final char[] unicodePwd = quotedPassword.toCharArray(); - final byte[] pwdArray = new byte[unicodePwd.length * 2]; - for (int i = 0; i < unicodePwd.length; i++) { - pwdArray[i * 2 + 1] = (byte) (unicodePwd[i] >>> 8); - pwdArray[(i * 2)] = (byte) (unicodePwd[i] & 0xff); - } final ModificationItem[] mods = new ModificationItem[1]; mods[0] = new ModificationItem(DirContext.REPLACE_ATTRIBUTE, - new BasicAttribute("UnicodePwd", pwdArray)); + new BasicAttribute("UnicodePwd", quotedPasswordBytes)); ctxGC.modifyAttributes((String) userInfo.get(KEY_DN), mods); }