apache/cloudstack
1
0
Fork 0
mirror of https://github.com/apache/cloudstack.git synced 2025-11-02 20:02:29 +01:00
Code Issues Packages Projects Releases Wiki Activity

Fixed the bug in updateUser api - api/secretKey update didn't work correctly when request was signed using apiKey

Browse Source
This commit is contained in:
alena 2011-06-15 14:58:13 -07:00
parent 0fefd9f2ae
commit 695041ad27
1 changed files with 18 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
server/src/com/cloud/user/AccountManagerImpl.java
View File

@ -1398,6 +1398,8 @@ public class AccountManagerImpl implements AccountManager, AccountService, Manag
String secretKey = cmd.getSecretKey();
String timeZone = cmd.getTimezone();
String userName = cmd.getUsername();
long callerUserId = UserContext.current().getCallerUserId();
// Input validation
UserVO user = _userDao.getUser(id);
@ -1405,8 +1407,23 @@ public class AccountManagerImpl implements AccountManager, AccountService, Manag
if (user == null) {
throw new InvalidParameterValueException("unable to find user by id");
}
if (apiKey != null) {
Long apiKeyOwnerId = null;
Pair<User, Account> apiKeyOwner = _accountDao.findUserAccountByApiKey(apiKey);
if (apiKeyOwner != null) {
apiKeyOwnerId = apiKeyOwner.first().getId();
}
if ((apiKeyOwnerId == null || callerUserId != apiKeyOwnerId) && secretKey == null) {
throw new InvalidParameterValueException("Please provide an api key/secret key pair");
} else if (apiKeyOwnerId != null && callerUserId == apiKeyOwnerId && id != callerUserId) {
// No need to update api key if provided api key belongs to the caller and caller updates api key for someone else
apiKey = null;
}
}
if ((apiKey == null && secretKey != null) || (apiKey != null && secretKey == null)) {
if (apiKey == null && secretKey != null) {
throw new InvalidParameterValueException("Please provide an api key/secret key pair");
}