ONAP Portal allowed to retrieve password of currently active user via
"/portalApi/loggedinUser" endpoint. Prefilled "Login Password" field
has been changed to "*****" and password is not send anymore to the
frontend. Only after change of this default value
password will be updated. Confirm Password field has been removed
from the UI. In the future password change could be additionally also
checked on the backend side to verify current password
before updating it.
Issue-ID: OJSI-65
Signed-off-by: Robert Bogacki <r.bogacki@samsung.com>
Reviewed-by: Krzysztof Opasiak <k.opasiak@samsung.com>
Acked-by: Manoop Talasila <talasila@research.att.com>
Change-Id: I00b7713557247d211927c437f31f118095ad0726
@Autowired
private UserService userService;
@Autowired
private UserService userService;
+ private static final String HIDDEN_DEFAULT_PASSWORD = "*****";
+
/**
* RESTful service method to get ONAP Logged in User details.
*
/**
* RESTful service method to get ONAP Logged in User details.
*
try {
EPUser user = EPUserUtils.getUserSession(request);
ProfileDetail profileDetail = new ProfileDetail(user.getFirstName(), user.getLastName(),
try {
EPUser user = EPUserUtils.getUserSession(request);
ProfileDetail profileDetail = new ProfileDetail(user.getFirstName(), user.getLastName(),
- user.getMiddleInitial(), user.getEmail(), user.getLoginId(), CipherUtil.decryptPKC(user.getLoginPwd()));
+ user.getMiddleInitial(), user.getEmail(), user.getLoginId(), HIDDEN_DEFAULT_PASSWORD);
portalRestResponse = new PortalRestResponse<ProfileDetail>(PortalRestStatusEnum.OK, "success",
profileDetail);
EcompPortalUtils.logAndSerializeObject(logger, "/portalApi/loggedinUser", "result =", profileDetail);
portalRestResponse = new PortalRestResponse<ProfileDetail>(PortalRestStatusEnum.OK, "success",
profileDetail);
EcompPortalUtils.logAndSerializeObject(logger, "/portalApi/loggedinUser", "result =", profileDetail);
user.setEmail(profileDetail.getEmail());
user.setMiddleInitial(profileDetail.getMiddleName());
user.setLoginId(profileDetail.getLoginId());
user.setEmail(profileDetail.getEmail());
user.setMiddleInitial(profileDetail.getMiddleName());
user.setLoginId(profileDetail.getLoginId());
- user.setLoginPwd(CipherUtil.encryptPKC(profileDetail.getLoginPassword()));
+ if (!HIDDEN_DEFAULT_PASSWORD.equals(profileDetail.getLoginPassword())){
+ user.setLoginPwd(CipherUtil.encryptPKC(profileDetail.getLoginPassword()));
+ }
userService.saveUser(user);
// Update user info in the session
request.getSession().setAttribute(SystemProperties.getProperty(SystemProperties.USER_ATTRIBUTE_NAME),
userService.saveUser(user);
// Update user info in the session
request.getSession().setAttribute(SystemProperties.getProperty(SystemProperties.USER_ATTRIBUTE_NAME),
this.email ='';
this.loginId ='';
this.loginPwd ='';
this.email ='';
this.loginId ='';
this.loginPwd ='';
- this.confirmLoginPwd=''
this.isLoading = false;
let getUser = () => {
this.isLoading = true;
this.isLoading = false;
let getUser = () => {
this.isLoading = true;
loginId :this.loginId,
loginPassword :this.loginPwd
}
loginId :this.loginId,
loginPassword :this.loginPwd
}
- if (this.firstName =='' || this.lastName == '' || this.email == '' || this.loginId =='' || this.loginPwd ==''|| this.confirmLoginPwd ==''){
+ if (this.firstName =='' || this.lastName == '' || this.email == '' || this.loginId =='' || this.loginPwd ==''){
var warningMsg = "Please enter a value for all fields marked with *.";
confirmBoxService.showInformation(warningMsg).then(isConfirmed => {return;});
return;
var warningMsg = "Please enter a value for all fields marked with *.";
confirmBoxService.showInformation(warningMsg).then(isConfirmed => {return;});
return;
- } else if (this.loginPwd != this.confirmLoginPwd) {
- var warningMsg = "Passwords do not match, please try again.";
- confirmBoxService.showInformation(warningMsg).then(isConfirmed => {return;});
- return;
} else {
// check password length complexity.
var warningMsg = adminsService.isComplexPassword(this.loginPwd);
} else {
// check password length complexity.
var warningMsg = adminsService.isComplexPassword(this.loginPwd);
<div class="">*Login Password</div>
<input type="password" ng-model="profileDetail.loginPwd" />
</div>
<div class="">*Login Password</div>
<input type="password" ng-model="profileDetail.loginPwd" />
</div>
- <div class="profile-edit-div">
- <div class="">*Confirm Login Password</div>
- <input type="password"
- ng-model="profileDetail.confirmLoginPwd" />
- </div>
</div>
</div>
<div class="dialog-control">
</div>
</div>
<div class="dialog-control">