fix: reset user password (#18192)

Signed-off-by: Shengwen Yu <yshengwen@vmware.com>
This commit is contained in:
Shengwen YU 2023-02-09 18:39:13 +08:00 committed by GitHub
parent 68fb01813e
commit a4c95fa030
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 16 additions and 3 deletions

View File

@ -316,7 +316,12 @@ func (u *usersAPI) UpdateUserPassword(ctx context.Context, params operation.Upda
if err := requireValidSecret(newPwd); err != nil {
return u.SendError(ctx, err)
}
ok, err := u.ctl.VerifyPassword(ctx, sctx.GetUsername(), newPwd)
user, err := u.getUserByID(ctx, uid)
if err != nil {
log.G(ctx).Errorf("Failed to get user profile for uid: %d, error: %v", uid, err)
return u.SendError(ctx, err)
}
ok, err := u.ctl.VerifyPassword(ctx, user.Username, newPwd)
if err != nil {
log.G(ctx).Errorf("Failed to verify password for user: %s, error: %v", sctx.GetUsername(), err)
return u.SendError(ctx, errors.UnknownError(nil).WithMessage("Failed to verify password"))

View File

@ -8,6 +8,7 @@ import (
"github.com/stretchr/testify/suite"
"github.com/goharbor/harbor/src/common"
commonmodels "github.com/goharbor/harbor/src/common/models"
"github.com/goharbor/harbor/src/server/v2.0/models"
"github.com/goharbor/harbor/src/server/v2.0/restapi"
usertesting "github.com/goharbor/harbor/src/testing/controller/user"
@ -37,9 +38,16 @@ func TestRequireValidSecret(t *testing.T) {
type UserTestSuite struct {
htesting.Suite
uCtl *usertesting.Controller
user *commonmodels.User
}
func (uts *UserTestSuite) SetupSuite() {
uts.user = &commonmodels.User{
UserID: 1,
Username: "admin",
}
uts.uCtl = &usertesting.Controller{}
uts.Config = &restapi.Config{
UserAPI: &usersAPI{
@ -70,8 +78,8 @@ func (uts *UserTestSuite) TestUpdateUserPassword() {
{
url := "/users/1/password"
uts.Security.On("Can", mock.Anything, mock.Anything, mock.Anything).Return(true).Times(1)
uts.Security.On("GetUsername").Return("admin").Times(1)
uts.uCtl.On("Get", mock.Anything, mock.Anything, mock.Anything).Return(uts.user, nil).Times(1)
uts.uCtl.On("VerifyPassword", mock.Anything, "admin", "Passw0rd").Return(true, nil).Times(1)
res, err := uts.Suite.PutJSON(url, &body)
uts.NoError(err)
@ -80,8 +88,8 @@ func (uts *UserTestSuite) TestUpdateUserPassword() {
{
url := "/users/1/password"
uts.Security.On("Can", mock.Anything, mock.Anything, mock.Anything).Return(true).Times(1)
uts.Security.On("GetUsername").Return("admin").Times(1)
uts.uCtl.On("Get", mock.Anything, mock.Anything, mock.Anything).Return(uts.user, nil).Times(1)
uts.uCtl.On("VerifyPassword", mock.Anything, "admin", mock.Anything).Return(false, nil).Times(1)
uts.uCtl.On("UpdatePassword", mock.Anything, mock.Anything, mock.Anything).Return(nil)
res, err := uts.Suite.PutJSON(url, &body)