diff options
author | r.bogacki <r.bogacki@samsung.com> | 2019-05-22 12:27:53 +0200 |
---|---|---|
committer | Krzysztof Opasiak <k.opasiak@samsung.com> | 2019-05-28 12:52:07 +0200 |
commit | f9a1944a4b3cda8d9708087902a52baa40c0e2ea (patch) | |
tree | f9c64b2bbdb124f0c0acea0b13c86ba3ae8d85ef /ecomp-portal-BE-common | |
parent | 5260297bb0fdd7ca1640b45a4c9b96b7fd158a1e (diff) |
Removed user password from portal's profile API
ONAP Portal allowed to retrieve password of currently active user via
"/portalApi/loggedinUser" endpoint. Prefilled "Login Password" field
has been changed to "*****" and password is not send anymore to the
frontend. Only after change of this default value
password will be updated. Confirm Password field has been removed
from the UI. In the future password change could be additionally also
checked on the backend side to verify current password
before updating it.
Issue-ID: OJSI-65
Signed-off-by: Robert Bogacki <r.bogacki@samsung.com>
Reviewed-by: Krzysztof Opasiak <k.opasiak@samsung.com>
Acked-by: Manoop Talasila <talasila@research.att.com>
Change-Id: I00b7713557247d211927c437f31f118095ad0726
Diffstat (limited to 'ecomp-portal-BE-common')
-rw-r--r-- | ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/UserController.java | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/UserController.java b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/UserController.java index f4fab562..fc76a0e6 100644 --- a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/UserController.java +++ b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/UserController.java @@ -69,6 +69,8 @@ public class UserController extends EPRestrictedBaseController { @Autowired private UserService userService; + private static final String HIDDEN_DEFAULT_PASSWORD = "*****"; + /** * RESTful service method to get ONAP Logged in User details. * @@ -83,7 +85,7 @@ public class UserController extends EPRestrictedBaseController { try { EPUser user = EPUserUtils.getUserSession(request); ProfileDetail profileDetail = new ProfileDetail(user.getFirstName(), user.getLastName(), - user.getMiddleInitial(), user.getEmail(), user.getLoginId(), CipherUtil.decryptPKC(user.getLoginPwd())); + user.getMiddleInitial(), user.getEmail(), user.getLoginId(), HIDDEN_DEFAULT_PASSWORD); portalRestResponse = new PortalRestResponse<ProfileDetail>(PortalRestStatusEnum.OK, "success", profileDetail); EcompPortalUtils.logAndSerializeObject(logger, "/portalApi/loggedinUser", "result =", profileDetail); @@ -124,7 +126,9 @@ public class UserController extends EPRestrictedBaseController { user.setEmail(profileDetail.getEmail()); user.setMiddleInitial(profileDetail.getMiddleName()); user.setLoginId(profileDetail.getLoginId()); - user.setLoginPwd(CipherUtil.encryptPKC(profileDetail.getLoginPassword())); + if (!HIDDEN_DEFAULT_PASSWORD.equals(profileDetail.getLoginPassword())){ + user.setLoginPwd(CipherUtil.encryptPKC(profileDetail.getLoginPassword())); + } userService.saveUser(user); // Update user info in the session request.getSession().setAttribute(SystemProperties.getProperty(SystemProperties.USER_ATTRIBUTE_NAME), |