From cab765f85e976100b8a5b9477166ee70dfccfab1 Mon Sep 17 00:00:00 2001 From: alena Date: Wed, 15 Jun 2011 14:58:13 -0700 Subject: [PATCH] Fixed the bug in updateUser api - api/secretKey update didn't work correctly when request was signed using apiKey --- .../com/cloud/user/AccountManagerImpl.java | 19 ++++++++++++++++++- 1 file changed, 18 insertions(+), 1 deletion(-) diff --git a/server/src/com/cloud/user/AccountManagerImpl.java b/server/src/com/cloud/user/AccountManagerImpl.java index 7a43305900d..9ab15778add 100755 --- a/server/src/com/cloud/user/AccountManagerImpl.java +++ b/server/src/com/cloud/user/AccountManagerImpl.java @@ -1260,6 +1260,8 @@ public class AccountManagerImpl implements AccountManager, AccountService, Manag String secretKey = cmd.getSecretKey(); String timeZone = cmd.getTimezone(); String userName = cmd.getUsername(); + + long callerUserId = UserContext.current().getCallerUserId(); // Input validation UserVO user = _userDao.getUser(id); @@ -1267,8 +1269,23 @@ public class AccountManagerImpl implements AccountManager, AccountService, Manag if (user == null) { throw new InvalidParameterValueException("unable to find user by id"); } + + if (apiKey != null) { + Long apiKeyOwnerId = null; + Pair apiKeyOwner = _accountDao.findUserAccountByApiKey(apiKey); + if (apiKeyOwner != null) { + apiKeyOwnerId = apiKeyOwner.first().getId(); + } + + if ((apiKeyOwnerId == null || callerUserId != apiKeyOwnerId) && secretKey == null) { + throw new InvalidParameterValueException("Please provide an api key/secret key pair"); + } else if (apiKeyOwnerId != null && callerUserId == apiKeyOwnerId && id != callerUserId) { + // No need to update api key if provided api key belongs to the caller and caller updates api key for someone else + apiKey = null; + } + } - if ((apiKey == null && secretKey != null) || (apiKey != null && secretKey == null)) { + if (apiKey == null && secretKey != null) { throw new InvalidParameterValueException("Please provide an api key/secret key pair"); }