mirror of
				https://github.com/open-metadata/OpenMetadata.git
				synced 2025-10-26 08:13:11 +00:00 
			
		
		
		
	Bug: Change password of a user without auth mechanism set (#9965)
* Bug: Change password of a user without auth mechanism set * Fix same issue for validating password
This commit is contained in:
		
							parent
							
								
									72912d75a4
								
							
						
					
					
						commit
						813d2c4fe6
					
				| @ -248,6 +248,14 @@ public class BasicAuthenticator implements AuthenticatorHandler { | |||||||
| 
 | 
 | ||||||
|     // Fetch user |     // Fetch user | ||||||
|     User storedUser = userRepository.getByName(uriInfo, userName, userRepository.getFieldsWithUserAuth("*")); |     User storedUser = userRepository.getByName(uriInfo, userName, userRepository.getFieldsWithUserAuth("*")); | ||||||
|  | 
 | ||||||
|  |     // when basic auth is enabled and the user is created through the API without password, the stored auth mechanism | ||||||
|  |     // for the user is null | ||||||
|  |     if (storedUser.getAuthenticationMechanism() == null) { | ||||||
|  |       storedUser.setAuthenticationMechanism( | ||||||
|  |           new AuthenticationMechanism().withAuthType(BASIC).withConfig(new BasicAuthMechanism().withPassword(""))); | ||||||
|  |     } | ||||||
|  | 
 | ||||||
|     BasicAuthMechanism storedBasicAuthMechanism = |     BasicAuthMechanism storedBasicAuthMechanism = | ||||||
|         JsonUtils.convertValue(storedUser.getAuthenticationMechanism().getConfig(), BasicAuthMechanism.class); |         JsonUtils.convertValue(storedUser.getAuthenticationMechanism().getConfig(), BasicAuthMechanism.class); | ||||||
| 
 | 
 | ||||||
| @ -431,6 +439,11 @@ public class BasicAuthenticator implements AuthenticatorHandler { | |||||||
|   } |   } | ||||||
| 
 | 
 | ||||||
|   public void validatePassword(User storedUser, String reqPassword) throws TemplateException, IOException { |   public void validatePassword(User storedUser, String reqPassword) throws TemplateException, IOException { | ||||||
|  |     // when basic auth is enabled and the user is created through the API without password, the stored auth mechanism | ||||||
|  |     // for the user is null | ||||||
|  |     if (storedUser.getAuthenticationMechanism() == null) { | ||||||
|  |       throw new AuthenticationException(INVALID_USERNAME_PASSWORD); | ||||||
|  |     } | ||||||
|     @SuppressWarnings("unchecked") |     @SuppressWarnings("unchecked") | ||||||
|     LinkedHashMap<String, String> storedData = |     LinkedHashMap<String, String> storedData = | ||||||
|         (LinkedHashMap<String, String>) storedUser.getAuthenticationMechanism().getConfig(); |         (LinkedHashMap<String, String>) storedUser.getAuthenticationMechanism().getConfig(); | ||||||
|  | |||||||
		Loading…
	
	
			
			x
			
			
		
	
		Reference in New Issue
	
	Block a user
	 Nahuel
						Nahuel