Fixed change admin password

Change-Id: Ie07caa39e00cc2261356780c20aa29e1d7061444

Fixed change admin password
231cf1dc · William Enright · dd293c6c · 231cf1dc · 231cf1dc · 231cf1dc
Commit 231cf1dc authored 4 years ago by William Enright
--- a/jams-server/src/main/java/net/jami/jams/server/servlets/api/admin/users/UserServlet.java
+++ b/jams-server/src/main/java/net/jami/jams/server/servlets/api/admin/users/UserServlet.java
@@ -22,7 +22,6 @@
 */
 package net.jami.jams.server.servlets.api.admin.users;

-import com.jsoniter.JsonIterator;
 import com.jsoniter.output.JsonStream;
 import jakarta.servlet.ServletException;
 import jakarta.servlet.annotation.WebServlet;
@@ -32,18 +31,13 @@ import jakarta.servlet.http.HttpServletResponse;
 import net.jami.jams.common.authentication.AuthenticationSourceType;
 import net.jami.jams.common.dao.StatementElement;
 import net.jami.jams.common.dao.StatementList;
-import net.jami.jams.common.jami.NameRegistrationRequest;
-import net.jami.jams.common.objects.requests.CreateAuthSourceRequest;
 import net.jami.jams.common.objects.responses.DeviceRevocationResponse;
 import net.jami.jams.common.objects.user.User;
-import net.jami.jams.common.objects.user.UserProfile;
 import net.jami.jams.common.utils.PasswordGenerator;
 import net.jami.jams.server.core.workflows.RevokeUserFlow;

 import java.io.IOException;
-import java.security.SecureRandom;
 import java.util.HashMap;
-import java.util.stream.Collectors;

 import static net.jami.jams.server.Server.dataStore;
 import static net.jami.jams.server.Server.nameServer;
@@ -85,9 +79,7 @@ public class UserServlet extends HttpServlet {
    protected void doPut(HttpServletRequest req, HttpServletResponse resp) throws IOException {
        String username = req.getParameter("username");
        //Check if he is AD/LDAP - then return a 403, because we can't set such password.
-        StatementList select = new StatementList();
-        StatementElement st = new StatementElement("username","=",username,"");
-        if(dataStore.getUserDao().getObjects(select).get(0).getUserType() != AuthenticationSourceType.LOCAL){
+        if(dataStore.getUserDao().getObjects(null).get(0).getUserType() != AuthenticationSourceType.LOCAL){
            resp.sendError(500,"The user is not a local user, therefore we cannot change his data!");
            return;
        }

--- a/jams-server/src/main/resources/webapp/js/api.js
+++ b/jams-server/src/main/resources/webapp/js/api.js
@@ -39,7 +39,7 @@ var api_path_rename_device = '/api/auth/device';
 var api_path_get_server_status = '/api/info';
 var api_path_get_post_configuration_auth_service = '/api/configuration/authservice';
 var api_path_get_post_configuration_global_settings = '/api/configuration/globalsettings';
-var api_path_post_configuration_change_password = '/api/configuration/changepassword';
+var api_path_post_configuration_change_password = '/api/admin/user';
 var api_path_post_configuration_register_license = '/api/subscription';
 var api_path_get_subscription_status = '/api/admin/subscription';
 var api_path_get_directories = '/api/auth/directories';
@@ -84,7 +84,7 @@ function ajaxApiCall(api_path, request_type, data, credentials, callBackFunction
    if (data) {
        if (api_path == api_path_get_user_directory_search || api_path == api_path_get_auth_user_search ||
           (api_path == api_path_post_create_user && request_type == 'POST') || api_path == api_path_post_update_user
-           || api_path == api_path_get_auth_devices)
+           || api_path == api_path_get_auth_devices || api_path == api_path_post_configuration_change_password)
            isSearch = true;

        // search dataType

--- a/jams-server/src/main/resources/webapp/js/config.js
+++ b/jams-server/src/main/resources/webapp/js/config.js
@@ -319,11 +319,13 @@ $("#form-change-password").submit(function (event) {
      $('#changePasswordTitle').before('<div class="configMessage" id="configMessageError"><i class="fa fa-exclamation-circle" aria-hidden="true"></i>New password must be different from the current password.</div>');
    }
    else if (newPassword == inputConfirmPassword && oldPassword != null) {
-      jsonData = {
-        "oldPassword": oldPassword,
-        "newPassword": newPassword
-      }
-      ajaxApiCall(api_path_post_configuration_change_password, 'POST', jsonData, null, changePasswordHandler, null);
+
+      var username = '';
+      var tokenJSON = JSON.parse(atob(window.localStorage.getItem('access_token').split('.')[1]));
+      if (tokenJSON.scope == "ADMIN")
+            username = tokenJSON.sub;
+
+      ajaxApiCall(api_path_post_configuration_change_password+ "?username=" + username + "&password=" +  newPassword, 'PUT', null, null, changePasswordHandler);
    }
    else {
      $('.configMessage').remove();