admin/kubesphere
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #1848 from wansir/iam

Browse Source 
fix: verify old password if it's defined
This commit is contained in:
KubeSphere CI Bot
2020-02-13 13:52:37 +08:00
committed by GitHub
parent eabb28f3b8 54eb886e5e
commit bebf592fb7
1 changed files with 15 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
pkg/apiserver/iam/im.go
View File

@@ -150,14 +150,21 @@ func UpdateUser(req *restful.Request, resp *restful.Response) {
resp.WriteHeaderAndEntity(http.StatusInternalServerError, errors.Wrap(err))
return
}
if !isUserManager {
_, err = iam.Login(usernameInHeader, user.CurrentPassword, "")
}
if err != nil {
err = fmt.Errorf("incorrect current password")
klog.Info(err)
resp.WriteHeaderAndEntity(http.StatusBadRequest, errors.Wrap(err))
return
// user manager can modify password without verify old password
// if the old password is defined must be verified
if !isUserManager || user.CurrentPassword != "" {
if _, err = iam.Login(usernameInHeader, user.CurrentPassword, ""); err != nil {
if ldap.IsErrorWithCode(err, ldap.LDAPResultInvalidCredentials) {
err = fmt.Errorf("incorrect current password")
klog.V(4).Info(err)
resp.WriteHeaderAndEntity(http.StatusBadRequest, errors.Wrap(err))
} else {
klog.Errorln(err)
resp.WriteHeaderAndEntity(http.StatusInternalServerError, errors.Wrap(err))
}
return
}
}
}