Move identity logic from controller to manager
The logic for changing a user's password will be used to implement bp password-rotation. Keeping the logic in the controller makes it much harder to reuse. Change-Id: I6e29a9f1875a3ea6dec4757db86c30497c0253cb
This commit is contained in:
parent
c3cb4f8d59
commit
14e20fd211
|
@ -352,15 +352,11 @@ class UserV3(controller.V3Controller):
|
|||
|
||||
domain_scope = self._get_domain_id_for_request(context)
|
||||
try:
|
||||
self.identity_api.authenticate(user_id=user_id,
|
||||
password=original_password,
|
||||
domain_scope=domain_scope)
|
||||
self.identity_api.change_password(user_id, original_password,
|
||||
password, domain_scope)
|
||||
except AssertionError:
|
||||
raise exception.Unauthorized()
|
||||
|
||||
update_dict = {'password': password}
|
||||
self._update_user(context, user_id, update_dict, domain_scope)
|
||||
|
||||
|
||||
@dependency.requires('identity_api')
|
||||
class GroupV3(controller.V3Controller):
|
||||
|
|
|
@ -466,6 +466,17 @@ class Manager(manager.Manager):
|
|||
domain_id, driver = self._get_domain_id_and_driver(domain_scope)
|
||||
return driver.check_user_in_group(user_id, group_id)
|
||||
|
||||
@domains_configured
|
||||
def change_password(self, user_id, original_password, new_password,
|
||||
domain_scope):
|
||||
|
||||
# authenticate() will raise an AssertionError if authentication fails
|
||||
self.authenticate(user_id, original_password,
|
||||
domain_scope=domain_scope)
|
||||
|
||||
update_dict = {'password': new_password}
|
||||
self.update_user(user_id, update_dict, domain_scope=domain_scope)
|
||||
|
||||
# TODO(morganfainberg): Remove the following deprecated methods once
|
||||
# Icehouse is released. Maintain identity -> assignment proxy for 1
|
||||
# release.
|
||||
|
|
Loading…
Reference in New Issue