[Feature/Identity] Reset Password API #6309
Conversation
Gradle Check (Jenkins) Run Completed with:
|
| public static final ResetPasswordAction INSTANCE = new ResetPasswordAction(); | ||
|
|
||
| // TODO : revisit this action type | ||
| public static final String NAME = "cluster:admin/user/resetpassword"; |
There was a problem hiding this comment.
Since this API is used by all users, it may need a different namespace than cluster:admin/user/* which are a group of actions intended for the cluster admin. When it comes to authorizing this request, all users of the cluster should be able to call and use this API without being granted permission for it.
sandbox/modules/identity/src/main/java/org/opensearch/identity/rest/user/UserService.java
Outdated
Show resolved
Hide resolved
sandbox/modules/identity/src/test/java/org/opensearch/identity/remotecluster/UserIT.java
Outdated
Show resolved
Hide resolved
sandbox/modules/identity/src/test/java/org/opensearch/identity/remotecluster/UserIT.java
Outdated
Show resolved
Hide resolved
Gradle Check (Jenkins) Run Completed with:
|
Gradle Check (Jenkins) Run Completed with:
|
RyanL1997
force-pushed
the
reset-password-api
branch
from
9bfc0d2 to
e5ce672
Compare
Gradle Check (Jenkins) Run Completed with:
|
| public class ResetPasswordRequest extends ActionRequest implements ToXContentObject { | ||
|
|
||
| private String username; | ||
| private String oldPassword; |
There was a problem hiding this comment.
We shouldn't require the old password, if a user forgot there password how would they get a new password issued?
There was a problem hiding this comment.
Let's leave this as a prototype design for now. (I just wanna transfer our conversation on github :)) I'm not gonna resolve this comment, so that I can use this as a reminder for myself, in case if we wanna change it in the future.
...tity/src/main/java/org/opensearch/identity/rest/user/resetpassword/ResetPasswordRequest.java
Outdated
Show resolved
Hide resolved
Hi @shanilpa and @jimishs, may I ask your suggestions on how this reset password flow should look like for non-admin user? This PR is about the resetting password API of identity. The use case for the current design is that a non-admin user using this API to reset their password by providing their For the case that a non-admin user forgot their current password, the above design required them to contact their admin, so by doing that, the admin user can use another internal user API for What do you think about this flow? It's would be nice to have you guys' inputs on this one. :) |
RyanL1997
force-pushed
the
reset-password-api
branch
from
e5ce672 to
541d6ab
Compare
Gradle Check (Jenkins) Run Completed with:
|
Gradle Check (Jenkins) Run Completed with:
|
Signed-off-by: Ryan Liang <jiallian@amazon.com>
Signed-off-by: Ryan Liang <jiallian@amazon.com>
Signed-off-by: Ryan Liang <jiallian@amazon.com>
Signed-off-by: Ryan Liang <jiallian@amazon.com>
RyanL1997
force-pushed
the
reset-password-api
branch
from
5a2a0f8 to
0f42b1a
Compare
Gradle Check (Jenkins) Run Completed with:
|
Signed-off-by: Ryan Liang <jiallian@amazon.com>
Gradle Check (Jenkins) Run Completed with:
|
RyanL1997
requested review from
reta,
anasalkouz,
andrross,
Bukhtawar,
CEHENKLE,
dblock,
gbbafna,
setiah,
kartg and
kotwanikunal
as code owners
RyanL1997
requested review from
mch2,
nknize,
owaiskazi19,
adnapibar,
Rishikesh1159,
ryanbogan,
saratvemulapalli,
shwetathareja,
dreamer-89,
tlfeng,
VachaShah and
xuezhou25
as code owners
|
The identity test workflow is passing, merging! |
Signed-off-by: Ryan Liang jiallian@amazon.com
Description
Internal users are able to reset password by using this API.
Issues Resolved
Check List
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.