mirror of https://github.com/OpenIdentityPlatform/OpenDJ.git
parent: e855ded2 | patch | commit | ignore whitespace
neil_a_wilson
10.39.2006 187b3cf38ce88550c89e693d532a07efc45e2017 
Fix a problem in which the "must change password" flag in the client connection
session was not cleared when a user changed their password.  In addition, the
state attribute in the user's entry was not being cleared for modify
operations.

OpenDS Issue Number:  576
2 files modified
33 ■■■■■ changed files
opends/src/server/org/opends/server/core/ModifyOperation.java 22 ●●●●● patch | view | raw | blame | history
opends/src/server/org/opends/server/extensions/PasswordModifyExtendedOperation.java 11 ●●●●● patch | view | raw | blame | history 
 opends/src/server/org/opends/server/core/ModifyOperation.java


@@ -61,6 +61,7 @@


import org.opends.server.types.Attribute;


import org.opends.server.types.AttributeType;


import org.opends.server.types.AttributeValue;


import org.opends.server.types.AuthenticationInfo;


import org.opends.server.types.ByteString;


import org.opends.server.types.Control;


import org.opends.server.types.DN;


@@ -1290,9 +1291,9 @@


            pwPolicyState.clearGraceLoginTimes();


            pwPolicyState.clearWarnedTime();




            if ((! selfChange) && pwPolicyState.forceChangeOnReset())


            if (pwPolicyState.forceChangeOnReset())


            {


              pwPolicyState.setMustChangePassword(true);


              pwPolicyState.setMustChangePassword(! selfChange);


            }




            if (pwPolicyState.getRequiredChangeTime() > 0)


@@ -2358,6 +2359,23 @@


            }




            backend.replaceEntry(modifiedEntry, this);






            // If the update was successful and included a self password change,


            // then clear the "must change" flag in the client connection.


            if ((getResultCode() == ResultCode.SUCCESS) && passwordChanged &&


                selfChange)


            {


              // We really only want to do this if the authentication DN from


              // the client connection is equal to the entry that was updated to


              // avoid clearing the flag for the wrong user.


              AuthenticationInfo authInfo =


                   clientConnection.getAuthenticationInfo();


              if (authInfo.getAuthenticationDN().equals(entryDN))


              {


                clientConnection.setMustChangePassword(false);


              }


            }


          }




          if (preReadRequest != null)




 opends/src/server/org/opends/server/extensions/PasswordModifyExtendedOperation.java


@@ -928,6 +928,17 @@


        ASN1Sequence valueSequence = new ASN1Sequence(valueElements);


        operation.setResponseValue(new ASN1OctetString(valueSequence.encode()));


      }






      // If this was a self password change, and the client is authenticated as


      // the user whose password was changed, then clear the "must change


      // password" flag in the client connection.  Note that we're using the


      // authentication DN rather than the authorization DN in this case to


      // avoid mistakenly clearing the flag for the wrong user.


      if (selfChange && (authInfo.getAuthenticationDN().equals(userDN)))


      {


        operation.getClientConnection().setMustChangePassword(false);


      }


    }


    finally


    {