You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by ve...@apache.org on 2017/09/27 18:50:49 UTC
ranger git commit: RANGER-1727 : Ranger allows user to change an
external user's password with 'null' old password
Repository: ranger
Updated Branches:
refs/heads/master 243b72965 -> 5b0fbac88
RANGER-1727 : Ranger allows user to change an external user's password with 'null' old password
Signed-off-by: Velmurugan Periasamy <ve...@apache.org>
Project: http://git-wip-us.apache.org/repos/asf/ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/ranger/commit/5b0fbac8
Tree: http://git-wip-us.apache.org/repos/asf/ranger/tree/5b0fbac8
Diff: http://git-wip-us.apache.org/repos/asf/ranger/diff/5b0fbac8
Branch: refs/heads/master
Commit: 5b0fbac8846e9e97398e14307893caabd6ee60bc
Parents: 243b729
Author: fatimaawez <fa...@gmail.com>
Authored: Tue Sep 26 14:59:41 2017 +0530
Committer: Velmurugan Periasamy <ve...@apache.org>
Committed: Wed Sep 27 14:50:37 2017 -0400
----------------------------------------------------------------------
.../java/org/apache/ranger/biz/UserMgr.java | 41 ++++++++++++++++----
.../java/org/apache/ranger/biz/XUserMgr.java | 18 +++++++--
.../org/apache/ranger/biz/TestXUserMgr.java | 4 ++
3 files changed, 52 insertions(+), 11 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/ranger/blob/5b0fbac8/security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java b/security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java
index cc81029..5f85066 100644
--- a/security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java
+++ b/security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java
@@ -401,7 +401,13 @@ public class UserMgr {
logger.warn("SECURITY:changePassword(). User not found. LoginId="+ pwdChange.getLoginId());
throw restErrorUtil.createRESTException("serverMsg.userMgrInvalidUser",MessageEnums.DATA_NOT_FOUND, null, null,pwdChange.getLoginId());
}
-
+ if (gjUser.getUserSource() == RangerCommonEnums.USER_EXTERNAL) {
+ logger.info("SECURITY:changePassword().Ranger External Users cannot change password. LoginId=" + pwdChange.getLoginId());
+ VXResponse vXResponse = new VXResponse();
+ vXResponse.setStatusCode(HttpServletResponse.SC_FORBIDDEN);
+ vXResponse.setMsgDesc("SECURITY:changePassword().Ranger External Users cannot change password. LoginId=" + pwdChange.getLoginId());
+ throw restErrorUtil.generateRESTException(vXResponse);
+ }
//check current password and provided old password is same or not
String encryptedOldPwd = encrypt(pwdChange.getLoginId(),pwdChange.getOldPassword());
if (!stringUtil.equals(encryptedOldPwd, gjUser.getPassword())) {
@@ -484,9 +490,12 @@ public class UserMgr {
String saltEncodedpasswd = encrypt(gjUser.getLoginId(),
changeEmail.getOldPassword());
-
+ if (gjUser.getUserSource() == RangerCommonEnums.USER_APP) {
gjUser.setPassword(saltEncodedpasswd);
-
+ }
+ else if (gjUser.getUserSource() == RangerCommonEnums.USER_EXTERNAL) {
+ gjUser.setPassword(gjUser.getPassword());
+ }
daoManager.getXXPortalUser().update(gjUser);
return mapXXPortalUserVXPortalUser(gjUser);
}
@@ -1246,7 +1255,7 @@ public class UserMgr {
public XXPortalUser updateUserWithPass(VXPortalUser userProfile) {
String updatedPassword = userProfile.getPassword();
- XXPortalUser xXPortalUser = this.updateUser(userProfile);
+ XXPortalUser xXPortalUser = this.updateUser(userProfile);
if (xXPortalUser == null) {
return null;
@@ -1267,8 +1276,13 @@ public class UserMgr {
String encryptedNewPwd = encrypt(xXPortalUser.getLoginId(),
updatedPassword);
- xXPortalUser.setPassword(encryptedNewPwd);
- xXPortalUser = daoManager.getXXPortalUser().update(xXPortalUser);
+ if (xXPortalUser.getUserSource() != RangerCommonEnums.USER_EXTERNAL) {
+ xXPortalUser.setPassword(encryptedNewPwd);
+ }
+ else if (xXPortalUser.getUserSource() != RangerCommonEnums.USER_EXTERNAL) {
+ xXPortalUser.setPassword(xXPortalUser.getPassword());
+ }
+ xXPortalUser = daoManager.getXXPortalUser().update(xXPortalUser);
}
return xXPortalUser;
}
@@ -1286,7 +1300,13 @@ public class UserMgr {
}
String dbOldPwd =xXPortalUser.getPassword();
String encryptedNewPwd = encrypt(xXPortalUser.getLoginId(),userPassword);
- xXPortalUser.setPassword(encryptedNewPwd);
+ if (xXPortalUser.getUserSource() != RangerCommonEnums.USER_EXTERNAL) {
+ xXPortalUser.setPassword(encryptedNewPwd);
+ }
+ else if (xXPortalUser.getUserSource() != RangerCommonEnums.USER_EXTERNAL) {
+ xXPortalUser.setPassword(xXPortalUser.getPassword());
+ }
+
xXPortalUser = daoManager.getXXPortalUser().update(xXPortalUser);
if(xXPortalUser!=null && logAudits){
String dbNewPwd=xXPortalUser.getPassword();
@@ -1363,7 +1383,12 @@ public class UserMgr {
xXPortalUser.setLoginId(newUserName);
// The old password needs to be encrypted by the new user name
String updatedPwd = encrypt(newUserName,currentPassword);
- xXPortalUser.setPassword(updatedPwd);
+ if (xXPortalUser.getUserSource() == RangerCommonEnums.USER_APP) {
+ xXPortalUser.setPassword(updatedPwd);
+ }
+ else if (xXPortalUser.getUserSource() == RangerCommonEnums.USER_EXTERNAL) {
+ xXPortalUser.setPassword(xXPortalUser.getPassword());
+ }
xXPortalUser = daoManager.getXXPortalUser().update(xXPortalUser);
List<XXTrxLog> trxLogList = new ArrayList<XXTrxLog>();
XXTrxLog xTrxLog = new XXTrxLog();
http://git-wip-us.apache.org/repos/asf/ranger/blob/5b0fbac8/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java b/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java
index 670baa3..0b97da9 100644
--- a/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java
+++ b/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java
@@ -386,10 +386,16 @@ public class XUserMgr extends XUserMgrBase {
&& password.equals(hiddenPasswordString)) {
vXPortalUser.setPassword(oldUserProfile.getPassword());
}
- else if(password != null){
- validatePassword(vXUser);
- vXPortalUser.setPassword(password);
+ else if(password != null){
+ validatePassword(vXUser);
+ if (oldUserProfile.getUserSource() == RangerCommonEnums.USER_EXTERNAL) {
+ vXPortalUser.setPassword(oldUserProfile.getPassword());
+ }
+ else if(oldUserProfile.getUserSource() == RangerCommonEnums.USER_APP)
+ {
+ vXPortalUser.setPassword(password);
}
+ }
Collection<Long> groupIdList = vXUser.getGroupIdList();
XXPortalUser xXPortalUser = new XXPortalUser();
xXPortalUser = userMgr.updateUserWithPass(vXPortalUser);
@@ -441,7 +447,13 @@ public class XUserMgr extends XUserMgrBase {
// There is nothing to log anything in XXUser so far.
vXUser = xUserService.updateResource(vXUser);
vXUser.setUserRoleList(roleList);
+ if (oldUserProfile.getUserSource() == RangerCommonEnums.USER_APP) {
vXUser.setPassword(password);
+ }
+ else if (oldUserProfile.getUserSource() == RangerCommonEnums.USER_EXTERNAL) {
+ vXUser.setPassword(oldUserProfile.getPassword());
+ }
+
List<XXTrxLog> trxLogList = xUserService.getTransactionLog(vXUser,
oldUserProfile, "update");
vXUser.setPassword(hiddenPasswordString);
http://git-wip-us.apache.org/repos/asf/ranger/blob/5b0fbac8/security-admin/src/test/java/org/apache/ranger/biz/TestXUserMgr.java
----------------------------------------------------------------------
diff --git a/security-admin/src/test/java/org/apache/ranger/biz/TestXUserMgr.java b/security-admin/src/test/java/org/apache/ranger/biz/TestXUserMgr.java
index d0fb3dc..cdd581b 100644
--- a/security-admin/src/test/java/org/apache/ranger/biz/TestXUserMgr.java
+++ b/security-admin/src/test/java/org/apache/ranger/biz/TestXUserMgr.java
@@ -314,7 +314,11 @@ public class TestXUserMgr {
public void test12UpdateXUser() {
setup();
VXUser vxUser = vxUser();
+ vxUser.setUserSource(RangerCommonEnums.USER_APP);
+ vxUser.setName("name");
Mockito.when(xUserService.updateResource(vxUser)).thenReturn(vxUser);
+ VXPortalUser vXPortalUser = new VXPortalUser();
+ Mockito.when(userMgr.getUserProfileByLoginId(vxUser.getName())).thenReturn(vXPortalUser);
VXUser dbvxUser = xUserMgr.updateXUser(vxUser);
Assert.assertNotNull(dbvxUser);