From c7ba2e2509a621fb737ded58620a23a0962069e2 Mon Sep 17 00:00:00 2001 From: "C. Alexander Leigh" Date: Thu, 16 Feb 2023 04:25:30 -0800 Subject: [PATCH] lc-esp-engine: Working password changes; necessary refactors so this API call can only reset the logged-in user for complicated reasons --- .../main/java/lc/esp/engine/Directory.java | 4 ++-- java/lc-gdn-api-svc/openapi.yaml | 16 ++-------------- .../java/lc/gdn/api/UserPasswordHandler.java | 16 +++------------- .../java/lc/mecha/aaa/ActiveDirectory.java | 19 ++++++++----------- 4 files changed, 15 insertions(+), 40 deletions(-) diff --git a/java/lc-esp-engine/src/main/java/lc/esp/engine/Directory.java b/java/lc-esp-engine/src/main/java/lc/esp/engine/Directory.java index fec50edef..d7860d629 100644 --- a/java/lc-esp-engine/src/main/java/lc/esp/engine/Directory.java +++ b/java/lc-esp-engine/src/main/java/lc/esp/engine/Directory.java @@ -36,8 +36,8 @@ public class Directory { return null; } - public void updatePassword(String userId, String oldPassword, String newPassword) throws Exception { - ad.updatePassword(userId, oldPassword, newPassword); + public void updatePassword(String userId, String newPassword) throws Exception { + ad.updatePassword(userId, newPassword); } public Set findGroups(String userId) throws NamingException { diff --git a/java/lc-gdn-api-svc/openapi.yaml b/java/lc-gdn-api-svc/openapi.yaml index 08511a2c9..f5440d957 100644 --- a/java/lc-gdn-api-svc/openapi.yaml +++ b/java/lc-gdn-api-svc/openapi.yaml @@ -48,25 +48,13 @@ paths: description: No such tunnel exists or the IP address was invalid. /user/password: put: - description: Update the password for a GDN user. + description: Update the password for the currently logged in user. security: - BasicAuth: [ ] parameters: - - required: false - description: The username for the account to update. If this field is not provided, the password for the logged-in user will be set instead. - name: username - in: query - schema: - type: string - required: true description: The new password. - name: new_password - in: query - schema: - type: string - - required: true - description: The old password. - name: old_password + name: password in: query schema: type: string diff --git a/java/lc-gdn-api-svc/src/main/java/lc/gdn/api/UserPasswordHandler.java b/java/lc-gdn-api-svc/src/main/java/lc/gdn/api/UserPasswordHandler.java index df0ce88ee..53239770f 100644 --- a/java/lc-gdn-api-svc/src/main/java/lc/gdn/api/UserPasswordHandler.java +++ b/java/lc-gdn-api-svc/src/main/java/lc/gdn/api/UserPasswordHandler.java @@ -19,25 +19,15 @@ public class UserPasswordHandler extends AuthenticatedHandler { @Override public HandlerStatus handleAuthenticated(WebTransaction request, Directory ad, String authUserId) throws Exception { - String username = request.httpServletRequest.getParameter("username"); - String newPassword = request.httpServletRequest.getParameter("new_password"); - String oldPassword = request.httpServletRequest.getParameter("old_password"); + String newPassword = request.httpServletRequest.getParameter("password"); - String targetSid; - - if (username == null) { - targetSid = authUserId; - } else { - targetSid = ad.findUser(username); - } - - if (StringUtils.isBlank(targetSid)) { + if (StringUtils.isBlank(authUserId)) { logger.warn("Unable to determine target user SID."); request.httpServletResponse.setStatus(422); return HandlerStatus.BREAK; } - ad.updatePassword(targetSid, oldPassword, newPassword); + ad.updatePassword(authUserId, newPassword); request.httpServletResponse.setStatus(200); diff --git a/java/lc-mecha/src/main/java/lc/mecha/aaa/ActiveDirectory.java b/java/lc-mecha/src/main/java/lc/mecha/aaa/ActiveDirectory.java index 1ea1c4163..1c0a05dac 100644 --- a/java/lc-mecha/src/main/java/lc/mecha/aaa/ActiveDirectory.java +++ b/java/lc-mecha/src/main/java/lc/mecha/aaa/ActiveDirectory.java @@ -771,26 +771,23 @@ public final class ActiveDirectory { * @param password * @throws Exception */ - public void updatePassword(final String durableId, final String oldPassword, final String password) + public void updatePassword(final String durableId, final String password) throws Exception { + + logger.info("Updating password. [u: {}] [p: {}]", durableId, password); + // Step #1 = Convert the SID to an account name final Map userInfo = findUserBySID(durableId); if (userInfo == null) throw new Exception("No such user"); - // Step #2 = Build a context with the user creds and change the password - final LdapContext ctxGC = newContext((String) userInfo.get(KEY_ACCOUNT), oldPassword); + final LdapContext ctxGC = newContext(); + + final byte[] quotedPasswordBytes = ('"' + password + '"').getBytes("UTF-16LE"); - final String quotedPassword = "\"" + password + "\""; - final char[] unicodePwd = quotedPassword.toCharArray(); - final byte[] pwdArray = new byte[unicodePwd.length * 2]; - for (int i = 0; i < unicodePwd.length; i++) { - pwdArray[i * 2 + 1] = (byte) (unicodePwd[i] >>> 8); - pwdArray[(i * 2)] = (byte) (unicodePwd[i] & 0xff); - } final ModificationItem[] mods = new ModificationItem[1]; mods[0] = new ModificationItem(DirContext.REPLACE_ATTRIBUTE, - new BasicAttribute("UnicodePwd", pwdArray)); + new BasicAttribute("UnicodePwd", quotedPasswordBytes)); ctxGC.modifyAttributes((String) userInfo.get(KEY_DN), mods); } -- GitLab