Skip to content

Commit

Permalink
Added enhacements in password mandate logic (litmuschaos#4741)
Browse files Browse the repository at this point in the history
Signed-off-by: Saranya-jena <saranya.jena@harness.io>
Signed-off-by: sagnik3788 <116512372+sagnik3788@users.noreply.github.com>
  • Loading branch information
Saranya-jena authored and sagnik3788 committed Oct 5, 2024
1 parent 0a9239c commit dd02b42
Show file tree
Hide file tree
Showing 7 changed files with 61 additions and 11 deletions.
15 changes: 14 additions & 1 deletion chaoscenter/authentication/api/docs/docs.go
Original file line number Diff line number Diff line change
Expand Up @@ -977,7 +977,7 @@ const docTemplate = `{
"400": {
"description": "Bad Request",
"schema": {
"$ref": "#/definitions/response.ErrInvalidRequest"
"$ref": "#/definitions/response.ErrOldPassword"
}
},
"401": {
Expand Down Expand Up @@ -1185,6 +1185,19 @@ const docTemplate = `{
}
}
},
"response.ErrOldPassword": {
"type": "object",
"properties": {
"code": {
"type": "integer",
"example": 400
},
"message": {
"type": "string",
"example": "The old and new passwords can't be same"
}
}
},
"response.ErrProjectNotFound": {
"type": "object",
"properties": {
Expand Down
18 changes: 14 additions & 4 deletions chaoscenter/authentication/api/docs/swagger.json
Original file line number Diff line number Diff line change
Expand Up @@ -967,7 +967,7 @@
"400": {
"description": "Bad Request",
"schema": {
"$ref": "#/definitions/response.ErrInvalidRequest"
"$ref": "#/definitions/response.ErrOldPassword"
}
},
"401": {
Expand Down Expand Up @@ -1175,6 +1175,19 @@
}
}
},
"response.ErrOldPassword": {
"type": "object",
"properties": {
"code": {
"type": "integer",
"example": 400
},
"message": {
"type": "string",
"example": "The old and new passwords can't be same"
}
}
},
"response.ErrProjectNotFound": {
"type": "object",
"properties": {
Expand Down Expand Up @@ -1324,9 +1337,6 @@
},
"username": {
"type": "string"
},
"isInitialLogin": {
"type": "boolean"
}
}
}
Expand Down
11 changes: 10 additions & 1 deletion chaoscenter/authentication/api/docs/swagger.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -57,6 +57,15 @@ definitions:
example: Role is invalid
type: string
type: object
response.ErrOldPassword:
properties:
code:
example: 400
type: integer
message:
example: The old and new passwords can't be same
type: string
type: object
response.ErrProjectNotFound:
properties:
code:
Expand Down Expand Up @@ -798,7 +807,7 @@ paths:
"400":
description: Bad Request
schema:
$ref: '#/definitions/response.ErrInvalidRequest'
$ref: '#/definitions/response.ErrOldPassword'
"401":
description: Unauthorized
schema:
Expand Down
5 changes: 5 additions & 0 deletions chaoscenter/authentication/api/handlers/doc.go
Original file line number Diff line number Diff line change
Expand Up @@ -75,6 +75,11 @@ type ErrInvalidRequest struct {
Message string `json:"message" example:"The request is missing a required parameter, includes an invalid parameter value, includes a parameter more than once, or is otherwise malformed"`
}

type ErrOldPassword struct {
Code int `json:"code" example:"400"`
Message string `json:"message" example:"The old and new passwords can't be same"`
}

type ErrUnauthorized struct {
Code int `json:"code" example:"401"`
Message string `json:"message" example:"The user does not have requested authorization to access this resource"`
Expand Down
10 changes: 8 additions & 2 deletions chaoscenter/authentication/api/handlers/rest/user_handlers.go
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@ package rest

import (
"net/http"
"strings"
"time"

"github.com/litmuschaos/litmus/chaoscenter/authentication/pkg/validations"
Expand Down Expand Up @@ -317,7 +318,7 @@ func LoginUser(service services.ApplicationService) gin.HandlerFunc {

if len(ownerProjects) > 0 {
defaultProject = ownerProjects[0].ID
} else {
} else if !user.IsInitialLogin {
// Adding user as project owner in project's member list
newMember := &entities.Member{
UserID: user.ID,
Expand Down Expand Up @@ -410,6 +411,7 @@ func LogoutUser(service services.ApplicationService) gin.HandlerFunc {
// @Produce json
// @Failure 400 {object} response.ErrInvalidRequest
// @Failure 401 {object} response.ErrStrictPasswordPolicyViolation
// @Failure 400 {object} response.ErrOldPassword
// @Failure 401 {object} response.ErrInvalidCredentials
// @Success 200 {object} response.MessageResponse{}
// @Router /update/password [post]
Expand Down Expand Up @@ -438,7 +440,11 @@ func UpdatePassword(service services.ApplicationService) gin.HandlerFunc {
err = service.UpdatePassword(&userPasswordRequest, true)
if err != nil {
log.Info(err)
c.JSON(utils.ErrorStatusCodes[utils.ErrInvalidCredentials], presenter.CreateErrorResponse(utils.ErrInvalidCredentials))
if strings.Contains(err.Error(), "old and new passwords can't be same") {
c.JSON(utils.ErrorStatusCodes[utils.ErrOldPassword], presenter.CreateErrorResponse(utils.ErrOldPassword))
} else {
c.JSON(utils.ErrorStatusCodes[utils.ErrInvalidRequest], presenter.CreateErrorResponse(utils.ErrInvalidRequest))
}
return
}
c.JSON(http.StatusOK, gin.H{
Expand Down
10 changes: 7 additions & 3 deletions chaoscenter/authentication/pkg/user/repository.go
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@ package user
import (
"context"
"errors"
"fmt"

"github.com/litmuschaos/litmus/chaoscenter/authentication/pkg/entities"
"github.com/litmuschaos/litmus/chaoscenter/authentication/pkg/utils"
Expand Down Expand Up @@ -180,16 +181,19 @@ func (r repository) UpdatePassword(userPassword *entities.UserPassword, isAdminB
newHashedPassword, err := bcrypt.GenerateFromPassword([]byte(userPassword.NewPassword), utils.PasswordEncryptionCost)

updateQuery := bson.M{"$set": bson.M{
"password": string(newHashedPassword),
"is_initial_login": true, // if admin resets the pwd, user needs to reset it again
"password": string(newHashedPassword),
}}

if isAdminBeingReset {
err := bcrypt.CompareHashAndPassword([]byte(result.Password), []byte(userPassword.OldPassword))
if err != nil {
return err
}

// check if the new pwd is same as old pwd, if yes return err
err = bcrypt.CompareHashAndPassword([]byte(result.Password), []byte(userPassword.NewPassword))
if err == nil {
return fmt.Errorf("old and new passwords can't be same")
}
updateQuery = bson.M{"$set": bson.M{
"password": string(newHashedPassword),
"is_initial_login": false,
Expand Down
3 changes: 3 additions & 0 deletions chaoscenter/authentication/pkg/utils/errors.go
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,7 @@ var (
ErrInvalidRole AppError = errors.New("invalid role")
ErrInvalidEmail AppError = errors.New("invalid email")
ErrPasswordNotUpdated AppError = errors.New("default password not updated")
ErrOldPassword AppError = errors.New("old and new passwords can't be same")
)

// ErrorStatusCodes holds the http status codes for every AppError
Expand All @@ -43,6 +44,7 @@ var ErrorStatusCodes = map[AppError]int{
ErrInvalidRole: 400,
ErrInvalidEmail: 400,
ErrPasswordNotUpdated: 401,
ErrOldPassword: 400,
}

// ErrorDescriptions holds detailed error description for every AppError
Expand All @@ -59,4 +61,5 @@ var ErrorDescriptions = map[AppError]string{
ErrProjectNotFound: "This project does not exist",
ErrInvalidEmail: "Email address is invalid",
ErrPasswordNotUpdated: "Please update your default password",
ErrOldPassword: "old and new passwords can't be same",
}

0 comments on commit dd02b42

Please sign in to comment.