Merged 5.2.0 (5.2.0) to HEAD (5.2)

133094 mward: REPO-1627: oldPassword/password validation improvement


git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@133390 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261

source/java/org/alfresco/rest/api/impl/PeopleImpl.java

@@ -519,6 +519,10 @@ public class PeopleImpl implements People
             // The user is not an admin user and is not attempting to update *their own* details.
             throw new PermissionDeniedException();
         }
+        if (!isAdminAuthority() && person.getOldPassword() != null && person.getPassword() == null)
+        {
+            throw new IllegalArgumentException("To change password, both 'oldPassword' and 'password' fields are required.");
+        }
 
         final String personIdToUpdate = validatePerson(personId);
         final Map<QName, Serializable> properties = person.toProperties();

source/test-java/org/alfresco/rest/api/tests/TestPeople.java

@@ -1030,6 +1030,10 @@ public class TestPeople extends EnterpriseTestApi
 
         // update with no oldPassword
         people.update(me.getId(), qjson("{ `password`:`newpassword456` }"), 403);
+
+        // update with no password
+        people.update(me.getId(), qjson("{ `oldPassword`:`newpassword456`, `password`:`` }"), 400);
+        people.update(me.getId(), qjson("{ `oldPassword`:`newpassword456` }"), 400);
     }
 
     @Test