admin/kubesphere
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: verify old password if it's defined

Browse Source 
Signed-off-by: hongming <talonwan@yunify.com>
This commit is contained in:
hongming
2020-02-12 16:43:15 +08:00
parent a003b57351
commit 54eb886e5e
1 changed files with 15 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
pkg/apiserver/iam/im.go
View File

@@ -150,14 +150,21 @@ func UpdateUser(req *restful.Request, resp *restful.Response) {
resp.WriteHeaderAndEntity(http.StatusInternalServerError, errors.Wrap(err))
return
}
if !isUserManager {
_, err = iam.Login(usernameInHeader, user.CurrentPassword, "")
}
if err != nil {
err = fmt.Errorf("incorrect current password")
klog.Info(err)
resp.WriteHeaderAndEntity(http.StatusBadRequest, errors.Wrap(err))
return
// user manager can modify password without verify old password
// if the old password is defined must be verified
if !isUserManager || user.CurrentPassword != "" {
if _, err = iam.Login(usernameInHeader, user.CurrentPassword, ""); err != nil {
if ldap.IsErrorWithCode(err, ldap.LDAPResultInvalidCredentials) {
err = fmt.Errorf("incorrect current password")
klog.V(4).Info(err)
resp.WriteHeaderAndEntity(http.StatusBadRequest, errors.Wrap(err))
} else {
klog.Errorln(err)
resp.WriteHeaderAndEntity(http.StatusInternalServerError, errors.Wrap(err))
}
return
}
}
}