From a4c95fa0302ab45f066c9af816af9e9f6210760e Mon Sep 17 00:00:00 2001 From: Shengwen YU Date: Thu, 9 Feb 2023 18:39:13 +0800 Subject: [PATCH] fix: reset user password (#18192) Signed-off-by: Shengwen Yu --- src/server/v2.0/handler/user.go | 7 ++++++- src/server/v2.0/handler/user_test.go | 12 ++++++++++-- 2 files changed, 16 insertions(+), 3 deletions(-) diff --git a/src/server/v2.0/handler/user.go b/src/server/v2.0/handler/user.go index 13a73cb47..cf9bfc573 100644 --- a/src/server/v2.0/handler/user.go +++ b/src/server/v2.0/handler/user.go @@ -316,7 +316,12 @@ func (u *usersAPI) UpdateUserPassword(ctx context.Context, params operation.Upda if err := requireValidSecret(newPwd); err != nil { return u.SendError(ctx, err) } - ok, err := u.ctl.VerifyPassword(ctx, sctx.GetUsername(), newPwd) + user, err := u.getUserByID(ctx, uid) + if err != nil { + log.G(ctx).Errorf("Failed to get user profile for uid: %d, error: %v", uid, err) + return u.SendError(ctx, err) + } + ok, err := u.ctl.VerifyPassword(ctx, user.Username, newPwd) if err != nil { log.G(ctx).Errorf("Failed to verify password for user: %s, error: %v", sctx.GetUsername(), err) return u.SendError(ctx, errors.UnknownError(nil).WithMessage("Failed to verify password")) diff --git a/src/server/v2.0/handler/user_test.go b/src/server/v2.0/handler/user_test.go index cc7e11c39..f4b5cfb9f 100644 --- a/src/server/v2.0/handler/user_test.go +++ b/src/server/v2.0/handler/user_test.go @@ -8,6 +8,7 @@ import ( "github.com/stretchr/testify/suite" "github.com/goharbor/harbor/src/common" + commonmodels "github.com/goharbor/harbor/src/common/models" "github.com/goharbor/harbor/src/server/v2.0/models" "github.com/goharbor/harbor/src/server/v2.0/restapi" usertesting "github.com/goharbor/harbor/src/testing/controller/user" @@ -37,9 +38,16 @@ func TestRequireValidSecret(t *testing.T) { type UserTestSuite struct { htesting.Suite uCtl *usertesting.Controller + + user *commonmodels.User } func (uts *UserTestSuite) SetupSuite() { + uts.user = &commonmodels.User{ + UserID: 1, + Username: "admin", + } + uts.uCtl = &usertesting.Controller{} uts.Config = &restapi.Config{ UserAPI: &usersAPI{ @@ -70,8 +78,8 @@ func (uts *UserTestSuite) TestUpdateUserPassword() { { url := "/users/1/password" uts.Security.On("Can", mock.Anything, mock.Anything, mock.Anything).Return(true).Times(1) - uts.Security.On("GetUsername").Return("admin").Times(1) + uts.uCtl.On("Get", mock.Anything, mock.Anything, mock.Anything).Return(uts.user, nil).Times(1) uts.uCtl.On("VerifyPassword", mock.Anything, "admin", "Passw0rd").Return(true, nil).Times(1) res, err := uts.Suite.PutJSON(url, &body) uts.NoError(err) @@ -80,8 +88,8 @@ func (uts *UserTestSuite) TestUpdateUserPassword() { { url := "/users/1/password" uts.Security.On("Can", mock.Anything, mock.Anything, mock.Anything).Return(true).Times(1) - uts.Security.On("GetUsername").Return("admin").Times(1) + uts.uCtl.On("Get", mock.Anything, mock.Anything, mock.Anything).Return(uts.user, nil).Times(1) uts.uCtl.On("VerifyPassword", mock.Anything, "admin", mock.Anything).Return(false, nil).Times(1) uts.uCtl.On("UpdatePassword", mock.Anything, mock.Anything, mock.Anything).Return(nil) res, err := uts.Suite.PutJSON(url, &body)