From 2c087a32de17a0f5f386bab6513df2e3847ba3da Mon Sep 17 00:00:00 2001 From: "selvi.j" Date: Mon, 4 Apr 2022 07:41:22 +0000 Subject: [PATCH 1/1] Feature 10914: Enforce Password change on First login Added osmcli support to Enforce Password change on First login and expire password after preset number of days feature Addressed the review comments and updated the patch Change-Id: I095affe2a1a91cb1ff3321dc0bb4e52337b8d6c5 Signed-off-by: selvi.j --- osmclient/scripts/osm.py | 21 ++++++++++++++++++++- osmclient/sol005/client.py | 5 ++++- osmclient/sol005/user.py | 29 ++++++++++++++++++----------- 3 files changed, 42 insertions(+), 13 deletions(-) diff --git a/osmclient/scripts/osm.py b/osmclient/scripts/osm.py index 0e63958..44bc7be 100755 --- a/osmclient/scripts/osm.py +++ b/osmclient/scripts/osm.py @@ -4844,6 +4844,16 @@ def user_create(ctx, username, password, projects, project_role_mappings, domain multiple=True, help="remove role(s) in a project. Can be used several times: 'project,role1[,role2,...]'", ) +@click.option( + "--change_password", + "change_password", + help="user's current password" +) +@click.option( + "--new_password", + "new_password", + help="user's new password to update in expiry condition" +) @click.pass_context def user_update( ctx, @@ -4854,6 +4864,8 @@ def user_update( remove_project, add_project_role, remove_project_role, + change_password, + new_password, ): """Update a user information @@ -4865,6 +4877,8 @@ def user_update( REMOVE_PROJECT: deleting mappings for project/role(s) ADD_PROJECT_ROLE: adding mappings for project/role(s) REMOVE_PROJECT_ROLE: removing mappings for project/role(s) + CHANGE_PASSWORD: user's current password to change + NEW_PASSWORD: user's new password to update in expiry condition """ logger.debug("") user = {} @@ -4874,10 +4888,15 @@ def user_update( user["remove-project"] = remove_project user["add-project-role"] = add_project_role user["remove-project-role"] = remove_project_role + user["change_password"] = change_password + user["new_password"] = new_password # try: check_client_version(ctx.obj, ctx.command.name) - ctx.obj.user.update(username, user) + if not user.get("change_password"): + ctx.obj.user.update(username, user) + else: + ctx.obj.user.update(username, user, pwd_change=True) # except ClientException as e: # print(str(e)) # exit(1) diff --git a/osmclient/sol005/client.py b/osmclient/sol005/client.py index c7f043b..b6f12b3 100644 --- a/osmclient/sol005/client.py +++ b/osmclient/sol005/client.py @@ -40,6 +40,7 @@ from osmclient.sol005 import repo from osmclient.sol005 import osmrepo from osmclient.sol005 import subscription from osmclient.common import package_tool +from osmclient.common.exceptions import ClientException import json import logging @@ -107,7 +108,7 @@ class Client(object): self.utils = utils.Utils(http_client, **kwargs) """ - def get_token(self): + def get_token(self, pwd_change=None): self._logger.debug("") if self._token is None: postfields_dict = { @@ -129,6 +130,8 @@ class Client(object): # raise ClientException(message) token = json.loads(resp) if resp else None + if token.get("message") == "change_password" and not pwd_change: + raise ClientException("Password Expired. Please update the password using change_password option") self._token = token["id"] if self._token is not None: diff --git a/osmclient/sol005/user.py b/osmclient/sol005/user.py index d6c1e16..917fb1a 100644 --- a/osmclient/sol005/user.py +++ b/osmclient/sol005/user.py @@ -84,10 +84,13 @@ class User(object): # msg = resp # raise ClientException("failed to create user {} - {}".format(name, msg)) - def update(self, name, user): + def update(self, name, user, pwd_change=None): """Updates an existing OSM user identified by name""" self._logger.debug("") - self._client.get_token() + if pwd_change: + self._client.get_token(pwd_change) + else: + self._client.get_token() # print(user) myuser = self.get(name) update_user = { @@ -95,13 +98,17 @@ class User(object): "remove_project_role_mappings": [], } - # if password is defined, update the password - if user["password"]: - update_user["password"] = user["password"] - if user["username"]: - update_user["username"] = user["username"] + if not user.get("change_password"): + # if password is defined, update the password + if user.get("password"): + update_user["password"] = user["password"] + if user.get("username"): + update_user["username"] = user["username"] + else: + update_user["old_password"] = user["change_password"] + update_user["password"] = user["new_password"] - if user["set-project"]: + if user.get("set-project"): # Remove project and insert project role mapping for set_project in user["set-project"]: @@ -114,13 +121,13 @@ class User(object): mapping = {"project": project, "role": role} update_user["add_project_role_mappings"].append(mapping) - if user["remove-project"]: + if user.get("remove-project"): for remove_project in user["remove-project"]: update_user["remove_project_role_mappings"].append( {"project": remove_project} ) - if user["add-project-role"]: + if user.get("add-project-role"): for add_project_role in user["add-project-role"]: add_project_role_clean = [ m.strip() for m in add_project_role.split(",") @@ -131,7 +138,7 @@ class User(object): mapping = {"project": project, "role": role} update_user["add_project_role_mappings"].append(mapping) - if user["remove-project-role"]: + if user.get("remove-project-role"): for remove_project_role in user["remove-project-role"]: remove_project_role_clean = [ m.strip() for m in remove_project_role.split(",") -- 2.25.1