Home Explore Help
Sign In
RONCC
/
Big-Data-HPC-Platform
Watch 1
Star 0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

HPCC-20818 User cannot change LDAP password

Attempt to change user password by clicking the username
under "LOGGED IN AS:" results in "Username/password don't match"
This caused because we no longer cache the user's password. This PR
removes the strcmp of the current password, and relies on the authenticate
call to LDAP to ensure the current password is correct

Signed-off-by: Russ Whitehead <william.whitehead@lexisnexis.com>
Russ Whitehead 6 years ago
parent
ce9b26021c
commit
12cec5a3eb
2 changed files with 6 additions and 9 deletions
Split View Show Diff Stats
  1. 6 4
      esp/services/ws_account/ws_accountService.cpp
  2. 0 5
      system/security/LdapSecurity/ldapsecurity.cpp

+ 6 - 4
esp/services/ws_account/ws_accountService.cpp
View File 

@@ -56,27 +56,29 @@ bool Cws_accountEx::onUpdateUser(IEspContext &context, IEspUpdateUserRequest & r
 
         }
 
 
         const char* oldpass = req.getOldpass();
 
-        if(oldpass == NULL || strcmp(oldpass, user->credentials().getPassword()) != 0)
 
+        if(oldpass == nullptr)
 
         {
 
             resp.setRetcode(-1);
 
-            resp.setMessage("Username/password don't match.");
 
+            resp.setMessage("Current password must be provided.");
 
             return false;
 
         }
 
 
         const char* newpass1 = req.getNewpass1();
 
         const char* newpass2 = req.getNewpass2();
 
-        if(newpass1 == NULL || newpass2 == NULL || strlen(newpass1) < 4 || strlen(newpass2) < 4)
 
+        if(newpass1 == NULL || newpass2 == NULL || strlen(newpass1) < 8 || strlen(newpass2) < 8)
 
         {
 
             resp.setRetcode(-1);
 
-            resp.setMessage("New password must be 4 characters or longer.");
 
+            resp.setMessage("New password must be 8 characters or longer.");
 
             return false;
 
         }
 
+
 
         if(strcmp(newpass1, newpass2) != 0)
 
         {
 
             resp.setRetcode(-1);
 
             resp.setMessage("Password and retype don't match.");
 
             return false;
 
         }
 
+
 
         if(strcmp(oldpass, newpass1) == 0)
 
         {
 
             resp.setRetcode(-1);

+ 0 - 5
system/security/LdapSecurity/ldapsecurity.cpp
View File 

@@ -1310,12 +1310,7 @@ bool CLdapSecManager::updateUserPassword(ISecUser& user, const char* newPassword
 
         return false;
 
     }
 
 
-    //Update password if authenticated
 
     bool ok = m_ldap_client->updateUserPassword(user, newPassword, currPassword);
 
-    if(ok && m_permissionsCache->isCacheEnabled() && !m_usercache_off)
 
-    {
 
-        m_permissionsCache->removeFromUserCache(user);
 
-    }
 
     return ok;
 
 }