inteligr8/alfresco-community-repo
1
0
Fork 0
mirror of https://github.com/Alfresco/alfresco-community-repo.git synced 2025-08-14 17:58:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

REPO-1627: oldPassword/password validation improvement

Browse Source 
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/BRANCHES/DEV/5.2.N/root@133094 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
This commit is contained in:
Matt Ward
2016-11-24 16:58:55 +00:00
parent ded07a19fa
commit 6fb7ce78ab
2 changed files with 8 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
source/java/org/alfresco/rest/api/impl/PeopleImpl.java
View File

@@ -519,6 +519,10 @@ public class PeopleImpl implements People
// The user is not an admin user and is not attempting to update *their own* details.
throw new PermissionDeniedException();
}
if (!isAdminAuthority() && person.getOldPassword() != null && person.getPassword() == null)
{
throw new IllegalArgumentException("To change password, both 'oldPassword' and 'password' fields are required.");
}
final String personIdToUpdate = validatePerson(personId);
final Map<QName, Serializable> properties = person.toProperties();

4
source/test-java/org/alfresco/rest/api/tests/TestPeople.java
View File

@@ -1030,6 +1030,10 @@ public class TestPeople extends EnterpriseTestApi
// update with no oldPassword
people.update(me.getId(), qjson("{ `password`:`newpassword456` }"), 403);
// update with no password
people.update(me.getId(), qjson("{ `oldPassword`:`newpassword456`, `password`:`` }"), 400);
people.update(me.getId(), qjson("{ `oldPassword`:`newpassword456` }"), 400);
}
@Test