diff --git a/src/ch/eitchnet/privilege/handler/DefaultPrivilegeHandler.java b/src/ch/eitchnet/privilege/handler/DefaultPrivilegeHandler.java index 5068b6ed0..55471cb63 100644 --- a/src/ch/eitchnet/privilege/handler/DefaultPrivilegeHandler.java +++ b/src/ch/eitchnet/privilege/handler/DefaultPrivilegeHandler.java @@ -452,8 +452,17 @@ public class DefaultPrivilegeHandler implements PrivilegeHandler { @Override public void setUserPassword(Certificate certificate, String username, String password) { - // validate who is doing this - validateIsPrivilegeAdmin(certificate); + // check if certificate is for same user, in which case user is changing their own password + if (certificate.getUsername().equals(username)) { + + // validate the certificate + isCertificateValid(certificate); + + } else { + + // otherwise validate the the certificate is for a privilege admin + validateIsPrivilegeAdmin(certificate); + } // get User User user = this.persistenceHandler.getUser(username); diff --git a/src/ch/eitchnet/privilege/handler/PrivilegeHandler.java b/src/ch/eitchnet/privilege/handler/PrivilegeHandler.java index 2af410f25..03bda0c84 100644 --- a/src/ch/eitchnet/privilege/handler/PrivilegeHandler.java +++ b/src/ch/eitchnet/privilege/handler/PrivilegeHandler.java @@ -227,9 +227,15 @@ public interface PrivilegeHandler { throws AccessDeniedException, PrivilegeException; /** + *
* Changes the password for the {@link User} with the given username. If the password is null, then the {@link User} * can not login anymore. Otherwise the password must meet the requirements of the implementation under * {@link PrivilegeHandler#validatePassword(String)} + *
+ * + *+ * It should be possible for a user to change their own password + *
* * @param certificate * the {@link Certificate} of the user which has the privilege to perform this action diff --git a/test/ch/eitchnet/privilege/test/PrivilegeTest.java b/test/ch/eitchnet/privilege/test/PrivilegeTest.java index 641ad883e..859ff4415 100644 --- a/test/ch/eitchnet/privilege/test/PrivilegeTest.java +++ b/test/ch/eitchnet/privilege/test/PrivilegeTest.java @@ -64,7 +64,9 @@ public class PrivilegeTest { private static final String PASS_BOB = "admin1"; private static final String ROLE_FEATHERLITE_USER = "FeatherliteUser"; private static final String ROLE_USER = "user"; + private static final String PASS_DEF = "def"; private static final String PASS_BAD = "123"; + private static final String PASS_TED = "12345"; private static final Logger logger = Logger.getLogger(PrivilegeTest.class); @@ -269,10 +271,50 @@ public class PrivilegeTest { org.junit.Assert.assertTrue("Certificate is null!", certificate != null); // let's add a new user ted - UserRep userRep = new UserRep("2", TED, "Ted", "Newman", UserState.NEW, new HashSet