diff --git a/chaoscenter/authentication/api/docs/docs.go b/chaoscenter/authentication/api/docs/docs.go index 0ca1a140a93..73c8be438cc 100644 --- a/chaoscenter/authentication/api/docs/docs.go +++ b/chaoscenter/authentication/api/docs/docs.go @@ -977,7 +977,7 @@ const docTemplate = `{ "400": { "description": "Bad Request", "schema": { - "$ref": "#/definitions/response.ErrInvalidRequest" + "$ref": "#/definitions/response.ErrOldPassword" } }, "401": { @@ -1185,6 +1185,19 @@ const docTemplate = `{ } } }, + "response.ErrOldPassword": { + "type": "object", + "properties": { + "code": { + "type": "integer", + "example": 400 + }, + "message": { + "type": "string", + "example": "The old and new passwords can't be same" + } + } + }, "response.ErrProjectNotFound": { "type": "object", "properties": { diff --git a/chaoscenter/authentication/api/docs/swagger.json b/chaoscenter/authentication/api/docs/swagger.json index 162d7c7cd8d..189ff56e185 100644 --- a/chaoscenter/authentication/api/docs/swagger.json +++ b/chaoscenter/authentication/api/docs/swagger.json @@ -967,7 +967,7 @@ "400": { "description": "Bad Request", "schema": { - "$ref": "#/definitions/response.ErrInvalidRequest" + "$ref": "#/definitions/response.ErrOldPassword" } }, "401": { @@ -1175,6 +1175,19 @@ } } }, + "response.ErrOldPassword": { + "type": "object", + "properties": { + "code": { + "type": "integer", + "example": 400 + }, + "message": { + "type": "string", + "example": "The old and new passwords can't be same" + } + } + }, "response.ErrProjectNotFound": { "type": "object", "properties": { @@ -1324,9 +1337,6 @@ }, "username": { "type": "string" - }, - "isInitialLogin": { - "type": "boolean" } } } diff --git a/chaoscenter/authentication/api/docs/swagger.yaml b/chaoscenter/authentication/api/docs/swagger.yaml index 9abda944883..5c39198b409 100644 --- a/chaoscenter/authentication/api/docs/swagger.yaml +++ b/chaoscenter/authentication/api/docs/swagger.yaml @@ -57,6 +57,15 @@ definitions: example: Role is invalid type: string type: object + response.ErrOldPassword: + properties: + code: + example: 400 + type: integer + message: + example: The old and new passwords can't be same + type: string + type: object response.ErrProjectNotFound: properties: code: @@ -798,7 +807,7 @@ paths: "400": description: Bad Request schema: - $ref: '#/definitions/response.ErrInvalidRequest' + $ref: '#/definitions/response.ErrOldPassword' "401": description: Unauthorized schema: diff --git a/chaoscenter/authentication/api/handlers/doc.go b/chaoscenter/authentication/api/handlers/doc.go index 6d6c927525b..81574f08513 100644 --- a/chaoscenter/authentication/api/handlers/doc.go +++ b/chaoscenter/authentication/api/handlers/doc.go @@ -75,6 +75,11 @@ type ErrInvalidRequest struct { Message string `json:"message" example:"The request is missing a required parameter, includes an invalid parameter value, includes a parameter more than once, or is otherwise malformed"` } +type ErrOldPassword struct { + Code int `json:"code" example:"400"` + Message string `json:"message" example:"The old and new passwords can't be same"` +} + type ErrUnauthorized struct { Code int `json:"code" example:"401"` Message string `json:"message" example:"The user does not have requested authorization to access this resource"` diff --git a/chaoscenter/authentication/api/handlers/rest/user_handlers.go b/chaoscenter/authentication/api/handlers/rest/user_handlers.go index 48055413db9..afd4a04fbbe 100644 --- a/chaoscenter/authentication/api/handlers/rest/user_handlers.go +++ b/chaoscenter/authentication/api/handlers/rest/user_handlers.go @@ -2,6 +2,7 @@ package rest import ( "net/http" + "strings" "time" "github.com/litmuschaos/litmus/chaoscenter/authentication/pkg/validations" @@ -317,7 +318,7 @@ func LoginUser(service services.ApplicationService) gin.HandlerFunc { if len(ownerProjects) > 0 { defaultProject = ownerProjects[0].ID - } else { + } else if !user.IsInitialLogin { // Adding user as project owner in project's member list newMember := &entities.Member{ UserID: user.ID, @@ -410,6 +411,7 @@ func LogoutUser(service services.ApplicationService) gin.HandlerFunc { // @Produce json // @Failure 400 {object} response.ErrInvalidRequest // @Failure 401 {object} response.ErrStrictPasswordPolicyViolation +// @Failure 400 {object} response.ErrOldPassword // @Failure 401 {object} response.ErrInvalidCredentials // @Success 200 {object} response.MessageResponse{} // @Router /update/password [post] @@ -438,7 +440,11 @@ func UpdatePassword(service services.ApplicationService) gin.HandlerFunc { err = service.UpdatePassword(&userPasswordRequest, true) if err != nil { log.Info(err) - c.JSON(utils.ErrorStatusCodes[utils.ErrInvalidCredentials], presenter.CreateErrorResponse(utils.ErrInvalidCredentials)) + if strings.Contains(err.Error(), "old and new passwords can't be same") { + c.JSON(utils.ErrorStatusCodes[utils.ErrOldPassword], presenter.CreateErrorResponse(utils.ErrOldPassword)) + } else { + c.JSON(utils.ErrorStatusCodes[utils.ErrInvalidRequest], presenter.CreateErrorResponse(utils.ErrInvalidRequest)) + } return } c.JSON(http.StatusOK, gin.H{ diff --git a/chaoscenter/authentication/pkg/user/repository.go b/chaoscenter/authentication/pkg/user/repository.go index e32495459c6..09dd127dd5f 100644 --- a/chaoscenter/authentication/pkg/user/repository.go +++ b/chaoscenter/authentication/pkg/user/repository.go @@ -3,6 +3,7 @@ package user import ( "context" "errors" + "fmt" "github.com/litmuschaos/litmus/chaoscenter/authentication/pkg/entities" "github.com/litmuschaos/litmus/chaoscenter/authentication/pkg/utils" @@ -180,8 +181,7 @@ func (r repository) UpdatePassword(userPassword *entities.UserPassword, isAdminB newHashedPassword, err := bcrypt.GenerateFromPassword([]byte(userPassword.NewPassword), utils.PasswordEncryptionCost) updateQuery := bson.M{"$set": bson.M{ - "password": string(newHashedPassword), - "is_initial_login": true, // if admin resets the pwd, user needs to reset it again + "password": string(newHashedPassword), }} if isAdminBeingReset { @@ -189,7 +189,11 @@ func (r repository) UpdatePassword(userPassword *entities.UserPassword, isAdminB if err != nil { return err } - + // check if the new pwd is same as old pwd, if yes return err + err = bcrypt.CompareHashAndPassword([]byte(result.Password), []byte(userPassword.NewPassword)) + if err == nil { + return fmt.Errorf("old and new passwords can't be same") + } updateQuery = bson.M{"$set": bson.M{ "password": string(newHashedPassword), "is_initial_login": false, diff --git a/chaoscenter/authentication/pkg/utils/errors.go b/chaoscenter/authentication/pkg/utils/errors.go index 4f2eff8d4b3..e828e42042d 100644 --- a/chaoscenter/authentication/pkg/utils/errors.go +++ b/chaoscenter/authentication/pkg/utils/errors.go @@ -23,6 +23,7 @@ var ( ErrInvalidRole AppError = errors.New("invalid role") ErrInvalidEmail AppError = errors.New("invalid email") ErrPasswordNotUpdated AppError = errors.New("default password not updated") + ErrOldPassword AppError = errors.New("old and new passwords can't be same") ) // ErrorStatusCodes holds the http status codes for every AppError @@ -43,6 +44,7 @@ var ErrorStatusCodes = map[AppError]int{ ErrInvalidRole: 400, ErrInvalidEmail: 400, ErrPasswordNotUpdated: 401, + ErrOldPassword: 400, } // ErrorDescriptions holds detailed error description for every AppError @@ -59,4 +61,5 @@ var ErrorDescriptions = map[AppError]string{ ErrProjectNotFound: "This project does not exist", ErrInvalidEmail: "Email address is invalid", ErrPasswordNotUpdated: "Please update your default password", + ErrOldPassword: "old and new passwords can't be same", }