From 5b62bb1da20b7e2b160f841bb7af43a610f0e4fe Mon Sep 17 00:00:00 2001
From: Alan Davis <alan.davis@alfresco.com>
Date: Wed, 11 Jan 2017 10:35:17 +0000
Subject: [PATCH] Merged 5.2.0 (5.2.0) to HEAD (5.2)    133861 rmunteanu:
 REPO-1746: Merge fixes for 5.2 GA issues to 5.2.0 branch (Solved compilation
 issues after conflict)       Merged 5.2.N (5.2.1) to 5.2.0 (5.2.0)         
 133307 jvonka: V1 REST API - update person (password)          - REPO-1627 -
 Update password for a person with empty string          - REPO-1643 - Missing
 'oldPassword' field accompanies 403 status code, but should be 400

git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@134190 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
---
 .../alfresco/rest/api/impl/PeopleImpl.java    | 51 -------------------
 1 file changed, 51 deletions(-)

diff --git a/source/java/org/alfresco/rest/api/impl/PeopleImpl.java b/source/java/org/alfresco/rest/api/impl/PeopleImpl.java
index 3b8d5bf43f..fdf0b54080 100644
--- a/source/java/org/alfresco/rest/api/impl/PeopleImpl.java
+++ b/source/java/org/alfresco/rest/api/impl/PeopleImpl.java
@@ -534,8 +534,6 @@ public class PeopleImpl implements People
 
         validateUpdatePersonData(person);
 
-        boolean isAdmin = isAdminAuthority();
-
         String currentUserId = AuthenticationUtil.getFullyAuthenticatedUser();
         if (!isAdmin && !currentUserId.equalsIgnoreCase(personId))
         {
@@ -667,55 +665,6 @@ public class PeopleImpl implements People
         }
     }
 
-    private void updatePassword(boolean isAdmin, String personIdToUpdate, Person person)
-    {
-        MutableAuthenticationService mutableAuthenticationService = (MutableAuthenticationService) authenticationService;
-
-        boolean isOldPassword = person.wasSet(Person.PROP_PERSON_OLDPASSWORD);
-        boolean isPassword = person.wasSet(Person.PROP_PERSON_PASSWORD);
-
-        if (isPassword || isOldPassword)
-        {
-            if (isOldPassword && ((person.getOldPassword() == null) || (person.getOldPassword().isEmpty())))
-            {
-                throw new IllegalArgumentException("'oldPassword' field cannot be empty.");
-            }
-
-            if (!isPassword || (person.getPassword() == null) || (person.getPassword().isEmpty()))
-            {
-                throw new IllegalArgumentException("password' field cannot be empty.");
-            }
-
-            char[] newPassword = person.getPassword().toCharArray();
-
-            if (!isAdmin)
-            {
-                // Non-admin users can update their own password, but must provide their current password.
-                if (!isOldPassword)
-                {
-                    throw new IllegalArgumentException("To change password, both 'oldPassword' and 'password' fields are required.");
-                }
-
-                char[] oldPassword = person.getOldPassword().toCharArray();
-                try
-                {
-                    mutableAuthenticationService.updateAuthentication(personIdToUpdate, oldPassword, newPassword);
-                }
-                catch (AuthenticationException e)
-                {
-                    throw new PermissionDeniedException("Incorrect password.");
-                }
-            }
-            else
-            {
-                // An admin user can update without knowing the original pass - but must know their own!
-                // note: is it reasonable to silently ignore oldPassword if supplied ?
-
-                mutableAuthenticationService.setAuthentication(personIdToUpdate, newPassword);
-            }
-        }
-    }
-
     private boolean isAdminAuthority()
     {
         return authorityService.hasAdminAuthority();