etan39
/
cloudstack
mirror of https://github.com/apache/cloudstack.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fix NPE during reset password (#12585)

This commit is contained in:
Suresh Kumar Anaparti 2026-02-19 00:33:36 +05:30 committed by GitHub
parent ae5308bdd2
commit 8c12a13216
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
6 changed files with 25 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
plugins/user-authenticators/oauth2/src/main/java/org/apache/cloudstack/oauth2/api/command/OauthLoginAPIAuthenticatorCmd.java
View File

@ -177,12 +177,8 @@ public class OauthLoginAPIAuthenticatorCmd extends BaseCmd implements APIAuthent
protected Long getDomainIdFromParams(Map<String, Object[]> params, StringBuilder auditTrailSb, String responseType) {
String[] domainIdArr = (String[])params.get(ApiConstants.DOMAIN_ID);
if (domainIdArr == null) {
domainIdArr = (String[])params.get(ApiConstants.DOMAIN__ID);
}
Long domainId = null;
if ((domainIdArr != null) && (domainIdArr.length > 0)) {
if (domainIdArr != null && domainIdArr.length > 0) {
try {
//check if UUID is passed in for domain
domainId = _apiServer.fetchDomainId(domainIdArr[0]);

10
plugins/user-authenticators/saml2/src/main/java/org/apache/cloudstack/api/command/SAML2LoginAPIAuthenticatorCmd.java
View File

@ -158,11 +158,17 @@ public class SAML2LoginAPIAuthenticatorCmd extends BaseCmd implements APIAuthent
String domainPath = null;
if (params.containsKey(ApiConstants.IDP_ID)) {
idpId = ((String[])params.get(ApiConstants.IDP_ID))[0];
String[] idpIds = (String[])params.get(ApiConstants.IDP_ID);
if (idpIds != null && idpIds.length > 0) {
idpId = idpIds[0];
}
}
if (params.containsKey(ApiConstants.DOMAIN)) {
domainPath = ((String[])params.get(ApiConstants.DOMAIN))[0];
String[] domainPaths = (String[])params.get(ApiConstants.DOMAIN);
if (domainPaths != null && domainPaths.length > 0) {
domainPath = domainPaths[0];
}
}
if (domainPath != null && !domainPath.isEmpty()) {

13
server/src/main/java/com/cloud/api/ApiServlet.java
View File

@ -34,6 +34,7 @@ import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import com.cloud.api.auth.DefaultForgotPasswordAPIAuthenticatorCmd;
import org.apache.cloudstack.api.ApiConstants;
import org.apache.cloudstack.api.ApiErrorCode;
import org.apache.cloudstack.api.ApiServerService;
@ -164,7 +165,6 @@ public class ApiServlet extends HttpServlet {
LOGGER.warn(message);
}
});
}
void processRequestInContext(final HttpServletRequest req, final HttpServletResponse resp) {
@ -226,7 +226,6 @@ public class ApiServlet extends HttpServlet {
}
if (command != null && !command.equals(ValidateUserTwoFactorAuthenticationCodeCmd.APINAME)) {
APIAuthenticator apiAuthenticator = authManager.getAPIAuthenticator(command);
if (apiAuthenticator != null) {
auditTrailSb.append("command=");
@ -262,7 +261,9 @@ public class ApiServlet extends HttpServlet {
} catch (ServerApiException e) {
httpResponseCode = e.getErrorCode().getHttpCode();
responseString = e.getMessage();
LOGGER.debug("Authentication failure: " + e.getMessage());
if (!DefaultForgotPasswordAPIAuthenticatorCmd.APINAME.equalsIgnoreCase(command) || StringUtils.isNotBlank(username)) {
LOGGER.debug("Authentication failure: {}", e.getMessage());
}
}
if (apiAuthenticator.getAPIType() == APIAuthenticationType.LOGOUT_API) {
@ -330,7 +331,7 @@ public class ApiServlet extends HttpServlet {
}
}
if (! requestChecksoutAsSane(resp, auditTrailSb, responseType, params, session, command, userId, account, accountObj))
if (!requestChecksoutAsSane(resp, auditTrailSb, responseType, params, session, command, userId, account, accountObj))
return;
} else {
CallContext.register(accountMgr.getSystemUser(), accountMgr.getSystemAccount());
@ -360,7 +361,6 @@ public class ApiServlet extends HttpServlet {
apiServer.getSerializedApiError(HttpServletResponse.SC_UNAUTHORIZED, "unable to verify user credentials and/or request signature", params,
responseType);
HttpUtils.writeHttpResponse(resp, serializedResponse, HttpServletResponse.SC_UNAUTHORIZED, responseType, ApiServer.JSONcontentType.value());
}
} catch (final ServerApiException se) {
final String serializedResponseText = apiServer.getSerializedApiError(se, params, responseType);
@ -550,6 +550,9 @@ public class ApiServlet extends HttpServlet {
if (LOGGER.isTraceEnabled()) {
LOGGER.trace(msg);
}
if (session == null) {
return;
}
session.invalidate();
} catch (final IllegalStateException ise) {
if (LOGGER.isTraceEnabled()) {

6
server/src/main/java/com/cloud/api/auth/DefaultForgotPasswordAPIAuthenticatorCmd.java
View File

@ -44,13 +44,13 @@ import java.net.InetAddress;
import java.util.List;
import java.util.Map;
@APICommand(name = "forgotPassword",
@APICommand(name = DefaultForgotPasswordAPIAuthenticatorCmd.APINAME,
description = "Sends an email to the user with a token to reset the password using resetPassword command.",
since = "4.20.0.0",
requestHasSensitiveInfo = true,
responseObject = SuccessResponse.class)
public class DefaultForgotPasswordAPIAuthenticatorCmd extends BaseCmd implements APIAuthenticator {
public static final String APINAME = "forgotPassword";
/////////////////////////////////////////////////////
//////////////// API parameters /////////////////////
@ -108,10 +108,12 @@ public class DefaultForgotPasswordAPIAuthenticatorCmd extends BaseCmd implements
if (userDomain != null) {
domainId = userDomain.getId();
} else {
logger.debug("Unable to find the domain from the path {}", domain);
throw new ServerApiException(ApiErrorCode.PARAM_ERROR, String.format("Unable to find the domain from the path %s", domain));
}
final UserAccount userAccount = _accountService.getActiveUserAccount(username[0], domainId);
if (userAccount != null && List.of(User.Source.SAML2, User.Source.OAUTH2, User.Source.LDAP).contains(userAccount.getSource())) {
logger.debug("Forgot Password is not allowed for the user {} from source {}", username[0], userAccount.getSource());
throw new ServerApiException(ApiErrorCode.PARAM_ERROR, "Forgot Password is not allowed for this user");
}
boolean success = _apiServer.forgotPassword(userAccount, userDomain);

12
server/src/main/java/com/cloud/api/auth/DefaultLoginAPIAuthenticatorCmd.java
View File

@ -47,7 +47,6 @@ import java.net.InetAddress;
@APICommand(name = "login", description = "Logs a user into the CloudStack. A successful login attempt will generate a JSESSIONID cookie value that can be passed in subsequent Query command calls until the \"logout\" command has been issued or the session has expired.", requestHasSensitiveInfo = true, responseObject = LoginCmdResponse.class, entityType = {})
public class DefaultLoginAPIAuthenticatorCmd extends BaseCmd implements APIAuthenticator {
/////////////////////////////////////////////////////
//////////////// API parameters /////////////////////
/////////////////////////////////////////////////////
@ -107,17 +106,13 @@ public class DefaultLoginAPIAuthenticatorCmd extends BaseCmd implements APIAuthe
if (HTTPMethod.valueOf(req.getMethod()) != HTTPMethod.POST) {
throw new ServerApiException(ApiErrorCode.METHOD_NOT_ALLOWED, "Please use HTTP POST to authenticate using this API");
}
// FIXME: ported from ApiServlet, refactor and cleanup
final String[] username = (String[])params.get(ApiConstants.USERNAME);
final String[] password = (String[])params.get(ApiConstants.PASSWORD);
String[] domainIdArr = (String[])params.get(ApiConstants.DOMAIN_ID);
if (domainIdArr == null) {
domainIdArr = (String[])params.get(ApiConstants.DOMAIN__ID);
}
final String[] domainName = (String[])params.get(ApiConstants.DOMAIN);
final String[] domainIdArr = (String[])params.get(ApiConstants.DOMAIN_ID);
Long domainId = null;
if ((domainIdArr != null) && (domainIdArr.length > 0)) {
if (domainIdArr != null && domainIdArr.length > 0) {
try {
//check if UUID is passed in for domain
domainId = _apiServer.fetchDomainId(domainIdArr[0]);
@ -135,6 +130,7 @@ public class DefaultLoginAPIAuthenticatorCmd extends BaseCmd implements APIAuthe
}
String domain = null;
final String[] domainName = (String[])params.get(ApiConstants.DOMAIN);
domain = getDomainName(auditTrailSb, domainName, domain);
String serializedResponse = null;

1
server/src/main/java/com/cloud/api/auth/DefaultResetPasswordAPIAuthenticatorCmd.java
View File

@ -53,7 +53,6 @@ import java.util.Map;
responseObject = SuccessResponse.class)
public class DefaultResetPasswordAPIAuthenticatorCmd extends BaseCmd implements APIAuthenticator {
/////////////////////////////////////////////////////
//////////////// API parameters /////////////////////
/////////////////////////////////////////////////////