Merge pull request #10464 from wangkx/h18328

HPCC-18328 Set userID before calling onUpdatePassword()

Reviewed-By: Russ Whitehead <william.whitehead@lexisnexis.com>
Reviewed-By: Richard Chapman <rchapman@hpccsystems.com>

esp/bindings/http/platform/httpservice.cpp

@@ -514,6 +514,7 @@ int CEspHttpServer::onUpdatePasswordInput(CHttpRequest* request, CHttpResponse*
 {
     StringBuffer html;
     m_apport->onUpdatePasswordInput(*request->queryContext(), html);
+
     response->setContent(html.length(), html.str());
     response->setContentType("text/html; charset=UTF-8");
     response->setStatus(HTTP_STATUS_OK);
@@ -1027,6 +1028,15 @@ EspAuthState CEspHttpServer::preCheckAuth(EspAuthRequest& authReq)
             EspHttpBinding* thebinding = getBinding();
             if (thebinding)
                 thebinding->populateRequest(m_request.get());
+            StringBuffer userID;
+            readCookie(SESSION_ID_TEMP_COOKIE, userID);
+            if (!userID.isEmpty()) //For session auth, the cookie has the userID.
+            {
+                authReq.ctx->setUserID(userID.str());
+                ISecUser* user = authReq.ctx->queryUser();
+                if (user)
+                    user->setName(userID.str());
+            }
             onUpdatePassword(m_request.get(), m_response.get());
             return authTaskDone;
         }

esp/platform/espprotocol.cpp

@@ -599,6 +599,9 @@ unsigned CEspApplicationPort::updatePassword(IEspContext &context, IHttpMessage*
     bool returnFlag = false;
     try
     {
+        ISecCredentials& cred = user->credentials();
+        if (isEmptyString(cred.getPassword()))
+            cred.setPassword(oldpass);
         returnFlag = secmgr->updateUserPassword(*user, newpass1, oldpass);//provide the entered current password, not the cached one
     }
     catch(IException* e)