Added enhacements in password mandate logic (#4741)

Signed-off-by: Saranya-jena <[email protected]>

chaoscenter/authentication/api/docs/docs.go

@@ -977,7 +977,7 @@ const docTemplate = `{
                     "400": {
                         "description": "Bad Request",
                         "schema": {
-                            "$ref": "#/definitions/response.ErrInvalidRequest"
+                            "$ref": "#/definitions/response.ErrOldPassword"
                         }
                     },
                     "401": {
@@ -1185,6 +1185,19 @@ const docTemplate = `{
                 }
             }
         },
+        "response.ErrOldPassword": {
+            "type": "object",
+            "properties": {
+                "code": {
+                    "type": "integer",
+                    "example": 400
+                },
+                "message": {
+                    "type": "string",
+                    "example": "The old and new passwords can't be same"
+                }
+            }
+        },
         "response.ErrProjectNotFound": {
             "type": "object",
             "properties": {

chaoscenter/authentication/api/docs/swagger.json

@@ -967,7 +967,7 @@
                     "400": {
                         "description": "Bad Request",
                         "schema": {
-                            "$ref": "#/definitions/response.ErrInvalidRequest"
+                            "$ref": "#/definitions/response.ErrOldPassword"
                         }
                     },
                     "401": {
@@ -1175,6 +1175,19 @@
                 }
             }
         },
+        "response.ErrOldPassword": {
+            "type": "object",
+            "properties": {
+                "code": {
+                    "type": "integer",
+                    "example": 400
+                },
+                "message": {
+                    "type": "string",
+                    "example": "The old and new passwords can't be same"
+                }
+            }
+        },
         "response.ErrProjectNotFound": {
             "type": "object",
             "properties": {
@@ -1324,9 +1337,6 @@
                 },
                 "username": {
                     "type": "string"
-                },
-                "isInitialLogin": {
-                    "type": "boolean"
                 }
             }
         }

chaoscenter/authentication/api/docs/swagger.yaml

@@ -57,6 +57,15 @@ definitions:
         example: Role is invalid
         type: string
     type: object
+  response.ErrOldPassword:
+    properties:
+      code:
+        example: 400
+        type: integer
+      message:
+        example: The old and new passwords can't be same
+        type: string
+    type: object
   response.ErrProjectNotFound:
     properties:
       code:
@@ -798,7 +807,7 @@ paths:
         "400":
           description: Bad Request
           schema:
-            $ref: '#/definitions/response.ErrInvalidRequest'
+            $ref: '#/definitions/response.ErrOldPassword'
         "401":
           description: Unauthorized
           schema:

chaoscenter/authentication/api/handlers/doc.go

@@ -75,6 +75,11 @@ type ErrInvalidRequest struct {
 	Message string `json:"message" example:"The request is missing a required parameter, includes an invalid parameter value, includes a parameter more than once, or is otherwise malformed"`
 }
 
+type ErrOldPassword struct {
+	Code    int    `json:"code" example:"400"`
+	Message string `json:"message" example:"The old and new passwords can't be same"`
+}
+
 type ErrUnauthorized struct {
 	Code    int    `json:"code" example:"401"`
 	Message string `json:"message" example:"The user does not have requested authorization to access this resource"`

chaoscenter/authentication/api/handlers/rest/user_handlers.go

@@ -2,6 +2,7 @@ package rest
 
 import (
 	"net/http"
+	"strings"
 	"time"
 
 	"github.com/litmuschaos/litmus/chaoscenter/authentication/pkg/validations"
@@ -317,7 +318,7 @@ func LoginUser(service services.ApplicationService) gin.HandlerFunc {
 
 		if len(ownerProjects) > 0 {
 			defaultProject = ownerProjects[0].ID
-		} else {
+		} else if !user.IsInitialLogin {
 			// Adding user as project owner in project's member list
 			newMember := &entities.Member{
 				UserID:     user.ID,
@@ -410,6 +411,7 @@ func LogoutUser(service services.ApplicationService) gin.HandlerFunc {
 //	@Produce		json
 //	@Failure		400	{object}	response.ErrInvalidRequest
 //	@Failure		401	{object}	response.ErrStrictPasswordPolicyViolation
+//	@Failure		400	{object}	response.ErrOldPassword
 //	@Failure		401	{object}	response.ErrInvalidCredentials
 //	@Success		200	{object}	response.MessageResponse{}
 //	@Router			/update/password [post]
@@ -438,7 +440,11 @@ func UpdatePassword(service services.ApplicationService) gin.HandlerFunc {
 		err = service.UpdatePassword(&userPasswordRequest, true)
 		if err != nil {
 			log.Info(err)
-			c.JSON(utils.ErrorStatusCodes[utils.ErrInvalidCredentials], presenter.CreateErrorResponse(utils.ErrInvalidCredentials))
+			if strings.Contains(err.Error(), "old and new passwords can't be same") {
+				c.JSON(utils.ErrorStatusCodes[utils.ErrOldPassword], presenter.CreateErrorResponse(utils.ErrOldPassword))
+			} else {
+				c.JSON(utils.ErrorStatusCodes[utils.ErrInvalidRequest], presenter.CreateErrorResponse(utils.ErrInvalidRequest))
+			}
 			return
 		}
 		c.JSON(http.StatusOK, gin.H{

chaoscenter/authentication/pkg/user/repository.go

@@ -3,6 +3,7 @@ package user
 import (
 	"context"
 	"errors"
+	"fmt"
 
 	"github.com/litmuschaos/litmus/chaoscenter/authentication/pkg/entities"
 	"github.com/litmuschaos/litmus/chaoscenter/authentication/pkg/utils"
@@ -180,16 +181,19 @@ func (r repository) UpdatePassword(userPassword *entities.UserPassword, isAdminB
 	newHashedPassword, err := bcrypt.GenerateFromPassword([]byte(userPassword.NewPassword), utils.PasswordEncryptionCost)
 
 	updateQuery := bson.M{"$set": bson.M{
-		"password":         string(newHashedPassword),
-		"is_initial_login": true, // if admin resets the pwd, user needs to reset it again
+		"password": string(newHashedPassword),
 	}}
 
 	if isAdminBeingReset {
 		err := bcrypt.CompareHashAndPassword([]byte(result.Password), []byte(userPassword.OldPassword))
 		if err != nil {
 			return err
 		}
-
+		// check if the new pwd is same as old pwd, if yes return err
+		err = bcrypt.CompareHashAndPassword([]byte(result.Password), []byte(userPassword.NewPassword))
+		if err == nil {
+			return fmt.Errorf("old and new passwords can't be same")
+		}
 		updateQuery = bson.M{"$set": bson.M{
 			"password":         string(newHashedPassword),
 			"is_initial_login": false,

chaoscenter/authentication/pkg/utils/errors.go

@@ -23,6 +23,7 @@ var (
 	ErrInvalidRole                   AppError = errors.New("invalid role")
 	ErrInvalidEmail                  AppError = errors.New("invalid email")
 	ErrPasswordNotUpdated            AppError = errors.New("default password not updated")
+	ErrOldPassword                   AppError = errors.New("old and new passwords can't be same")
 )
 
 // ErrorStatusCodes holds the http status codes for every AppError
@@ -43,6 +44,7 @@ var ErrorStatusCodes = map[AppError]int{
 	ErrInvalidRole:                   400,
 	ErrInvalidEmail:                  400,
 	ErrPasswordNotUpdated:            401,
+	ErrOldPassword:                   400,
 }
 
 // ErrorDescriptions holds detailed error description for every AppError
@@ -59,4 +61,5 @@ var ErrorDescriptions = map[AppError]string{
 	ErrProjectNotFound:               "This project does not exist",
 	ErrInvalidEmail:                  "Email address is invalid",
 	ErrPasswordNotUpdated:            "Please update your default password",
+	ErrOldPassword:                   "old and new passwords can't be same",
 }