[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[libeufin] 01/01: allow changing passwords as superuser
From: |
gnunet |
Subject: |
[libeufin] 01/01: allow changing passwords as superuser |
Date: |
Sat, 07 Aug 2021 12:01:10 +0200 |
This is an automated email from the git hooks/post-receive script.
dold pushed a commit to branch master
in repository libeufin.
commit 3c7524c6a876ab3254b45a445d533161258374ea
Author: Florian Dold <florian@dold.me>
AuthorDate: Sat Aug 7 12:00:37 2021 +0200
allow changing passwords as superuser
---
cli/bin/libeufin-cli | 7 ++++---
.../main/kotlin/tech/libeufin/nexus/ebics/EbicsNexus.kt | 1 +
.../main/kotlin/tech/libeufin/nexus/server/NexusServer.kt | 15 ++++++++++++---
3 files changed, 17 insertions(+), 6 deletions(-)
diff --git a/cli/bin/libeufin-cli b/cli/bin/libeufin-cli
index 9d81d24..fcba669 100755
--- a/cli/bin/libeufin-cli
+++ b/cli/bin/libeufin-cli
@@ -94,7 +94,8 @@ def list_users(obj):
tell_user(resp, withsuccess=True)
check_response_status(resp)
-@users.command(help="Change user's password")
+@users.command(help="Change user's password (as superuser)")
+@click.argument("username")
@click.option(
"--new-password",
help="New password",
@@ -103,8 +104,8 @@ def list_users(obj):
confirmation_prompt=True,
)
@click.pass_obj
-def change_password(obj, new_password):
- url = urljoin(obj.nexus_base_url, f"/users/password")
+def change_password(obj, username, new_password):
+ url = urljoin(obj.nexus_base_url, f"/users/{username}/password")
try:
body = dict(newPassword=new_password)
resp = post(
diff --git a/nexus/src/main/kotlin/tech/libeufin/nexus/ebics/EbicsNexus.kt
b/nexus/src/main/kotlin/tech/libeufin/nexus/ebics/EbicsNexus.kt
index 2bbadbe..f078212 100644
--- a/nexus/src/main/kotlin/tech/libeufin/nexus/ebics/EbicsNexus.kt
+++ b/nexus/src/main/kotlin/tech/libeufin/nexus/ebics/EbicsNexus.kt
@@ -603,6 +603,7 @@ class EbicsBankConnectionProtocol: BankConnectionProtocol {
pdfWriter.flush()
return po.toByteArray()
}
+
override fun exportBackup(bankConnectionId: String, passphrase: String):
JsonNode {
val subscriber = transaction {
getEbicsSubscriberDetails(bankConnectionId) }
val ret = EbicsKeysBackupJson(
diff --git a/nexus/src/main/kotlin/tech/libeufin/nexus/server/NexusServer.kt
b/nexus/src/main/kotlin/tech/libeufin/nexus/server/NexusServer.kt
index 08e05ff..42bf9dc 100644
--- a/nexus/src/main/kotlin/tech/libeufin/nexus/server/NexusServer.kt
+++ b/nexus/src/main/kotlin/tech/libeufin/nexus/server/NexusServer.kt
@@ -279,6 +279,7 @@ fun serverMain(dbName: String, host: String, port: Int) {
post("/permissions") {
val req = call.receive<ChangePermissionsRequest>()
+ val knownPermissions = listOf()
transaction {
requireSuperuser(call.request)
val existingPerm = findPermission(req.permission)
@@ -321,11 +322,19 @@ fun serverMain(dbName: String, host: String, port: Int) {
}
// change a user's password
- post("/users/password") {
+ post("/users/{username}/password") {
val body = call.receiveJson<ChangeUserPassword>()
+ val targetUsername = ensureNonNull(call.parameters["username"])
transaction {
- val user = authenticateRequest(call.request)
- user.passwordHash = CryptoUtil.hashpw(body.newPassword)
+ requireSuperuser(call.request)
+ val targetUser = NexusUserEntity.find {
+ NexusUsersTable.username eq targetUsername
+ }.firstOrNull()
+ if (targetUser == null) throw NexusError(
+ HttpStatusCode.NotFound,
+ "Username $targetUsername not found"
+ )
+ targetUser.passwordHash =
CryptoUtil.hashpw(body.newPassword)
}
call.respond(NexusMessage(message = "Password successfully
changed"))
return@post
--
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.