yujunjun/OpenMetadata
1
0
Fork 0
mirror of https://github.com/open-metadata/OpenMetadata.git synced 2025-09-08 00:18:36 +00:00
Code Issues Packages Projects Releases Wiki Activity

Bug: Change password of a user without auth mechanism set (#9965)

Browse Source 
* Bug: Change password of a user without auth mechanism set

* Fix same issue for validating password
This commit is contained in:
Nahuel 2023-01-27 18:57:51 +01:00 committed by GitHub
parent 72912d75a4
commit 813d2c4fe6
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 13 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
openmetadata-service/src/main/java/org/openmetadata/service/security/auth/BasicAuthenticator.java
View File

@ -248,6 +248,14 @@ public class BasicAuthenticator implements AuthenticatorHandler {
// Fetch user // Fetch user
User storedUser = userRepository.getByName(uriInfo, userName, userRepository.getFieldsWithUserAuth("*")); User storedUser = userRepository.getByName(uriInfo, userName, userRepository.getFieldsWithUserAuth("*"));
// when basic auth is enabled and the user is created through the API without password, the stored auth mechanism
// for the user is null
if (storedUser.getAuthenticationMechanism() == null) {
storedUser.setAuthenticationMechanism(
new AuthenticationMechanism().withAuthType(BASIC).withConfig(new BasicAuthMechanism().withPassword("")));
}
BasicAuthMechanism storedBasicAuthMechanism = BasicAuthMechanism storedBasicAuthMechanism =
JsonUtils.convertValue(storedUser.getAuthenticationMechanism().getConfig(), BasicAuthMechanism.class); JsonUtils.convertValue(storedUser.getAuthenticationMechanism().getConfig(), BasicAuthMechanism.class);
@ -431,6 +439,11 @@ public class BasicAuthenticator implements AuthenticatorHandler {
} }
public void validatePassword(User storedUser, String reqPassword) throws TemplateException, IOException { public void validatePassword(User storedUser, String reqPassword) throws TemplateException, IOException {
// when basic auth is enabled and the user is created through the API without password, the stored auth mechanism
// for the user is null
if (storedUser.getAuthenticationMechanism() == null) {
throw new AuthenticationException(INVALID_USERNAME_PASSWORD);
}
@SuppressWarnings("unchecked") @SuppressWarnings("unchecked")
LinkedHashMap<String, String> storedData = LinkedHashMap<String, String> storedData =
(LinkedHashMap<String, String>) storedUser.getAuthenticationMechanism().getConfig(); (LinkedHashMap<String, String>) storedUser.getAuthenticationMechanism().getConfig();