From 813d2c4fe653d5fa8bd26fe6f68c9ae179a198b3 Mon Sep 17 00:00:00 2001 From: Nahuel Date: Fri, 27 Jan 2023 18:57:51 +0100 Subject: [PATCH] Bug: Change password of a user without auth mechanism set (#9965) * Bug: Change password of a user without auth mechanism set * Fix same issue for validating password --- .../service/security/auth/BasicAuthenticator.java | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/openmetadata-service/src/main/java/org/openmetadata/service/security/auth/BasicAuthenticator.java b/openmetadata-service/src/main/java/org/openmetadata/service/security/auth/BasicAuthenticator.java index 8eccd60dfed..fe672acce9e 100644 --- a/openmetadata-service/src/main/java/org/openmetadata/service/security/auth/BasicAuthenticator.java +++ b/openmetadata-service/src/main/java/org/openmetadata/service/security/auth/BasicAuthenticator.java @@ -248,6 +248,14 @@ public class BasicAuthenticator implements AuthenticatorHandler { // Fetch user User storedUser = userRepository.getByName(uriInfo, userName, userRepository.getFieldsWithUserAuth("*")); + + // when basic auth is enabled and the user is created through the API without password, the stored auth mechanism + // for the user is null + if (storedUser.getAuthenticationMechanism() == null) { + storedUser.setAuthenticationMechanism( + new AuthenticationMechanism().withAuthType(BASIC).withConfig(new BasicAuthMechanism().withPassword(""))); + } + BasicAuthMechanism storedBasicAuthMechanism = JsonUtils.convertValue(storedUser.getAuthenticationMechanism().getConfig(), BasicAuthMechanism.class); @@ -431,6 +439,11 @@ public class BasicAuthenticator implements AuthenticatorHandler { } public void validatePassword(User storedUser, String reqPassword) throws TemplateException, IOException { + // when basic auth is enabled and the user is created through the API without password, the stored auth mechanism + // for the user is null + if (storedUser.getAuthenticationMechanism() == null) { + throw new AuthenticationException(INVALID_USERNAME_PASSWORD); + } @SuppressWarnings("unchecked") LinkedHashMap storedData = (LinkedHashMap) storedUser.getAuthenticationMechanism().getConfig();