HPCC-18328 Set userID/password before calling onUpdatePassword()

The onUpdatePassword() verifies userID input by comparing it with
the userID stored inside HTTP cookie. Old password has to be set
into ISecUser for authentication before updating the password.

Signed-off-by: wangkx <kevin.wang@lexisnexis.com>

esp/bindings/http/platform/httpservice.cpp

@@ -514,6 +514,7 @@ int CEspHttpServer::onUpdatePasswordInput(CHttpRequest* request, CHttpResponse*
 {
     StringBuffer html;
     m_apport->onUpdatePasswordInput(*request->queryContext(), html);
+
     response->setContent(html.length(), html.str());
     response->setContentType("text/html; charset=UTF-8");
     response->setStatus(HTTP_STATUS_OK);
@@ -1027,6 +1028,15 @@ EspAuthState CEspHttpServer::preCheckAuth(EspAuthRequest& authReq)
             EspHttpBinding* thebinding = getBinding();
             if (thebinding)
                 thebinding->populateRequest(m_request.get());
+            StringBuffer userID;
+            readCookie(SESSION_ID_TEMP_COOKIE, userID);
+            if (!userID.isEmpty()) //For session auth, the cookie has the userID.
+            {
+                authReq.ctx->setUserID(userID.str());
+                ISecUser* user = authReq.ctx->queryUser();
+                if (user)
+                    user->setName(userID.str());
+            }
             onUpdatePassword(m_request.get(), m_response.get());
             return authTaskDone;
         }

esp/platform/espprotocol.cpp

@@ -599,6 +599,9 @@ unsigned CEspApplicationPort::updatePassword(IEspContext &context, IHttpMessage*
     bool returnFlag = false;
     try
     {
+        ISecCredentials& cred = user->credentials();
+        if (isEmptyString(cred.getPassword()))
+            cred.setPassword(oldpass);
         returnFlag = secmgr->updateUserPassword(*user, newpass1, oldpass);//provide the entered current password, not the cached one
     }
     catch(IException* e)