fix(password): force change password EE-6382 (#10708)

1 year ago · 5c59c53e91
parent e3a995d515
commit 5c59c53e91
2 changed files with 17 additions and 7 deletions
--- a/api/http/handler/users/user_inspect_me.go
+++ b/api/http/handler/users/user_inspect_me.go
@ -30,6 +30,11 @@ type CurrentUserInspectResponse struct {
 // @failure 500 "Server error"
 // @router /users/me [get]
 func (handler *Handler) userInspectMe(w http.ResponseWriter, r *http.Request) *httperror.HandlerError {
+	tokenData, err := security.RetrieveTokenData(r)
+	if err != nil {
+		return httperror.InternalServerError("Unable to retrieve user authentication token", err)
+	}
+
 	securityContext, err := security.RetrieveRestrictedRequestContext(r)
 	if err != nil {
 		return httperror.InternalServerError("Unable to retrieve info from request context", err)
@ -42,8 +47,12 @@ func (handler *Handler) userInspectMe(w http.ResponseWriter, r *http.Request) *h
 		return httperror.InternalServerError("Unable to find a user with the specified identifier inside the database", err)
 	}

-	forceChangePassword := !handler.passwordStrengthChecker.Check(user.Password)
-
 	hideFields(user)
-	return response.JSON(w, &CurrentUserInspectResponse{User: user, ForceChangePassword: forceChangePassword})
+	return response.JSON(
+		w,
+		&CurrentUserInspectResponse{
+			User:                user,
+			ForceChangePassword: tokenData.ForceChangePassword,
+		},
+	)
 }
--- a/api/jwt/jwt.go
+++ b/api/jwt/jwt.go
@ -126,10 +126,11 @@ func (service *Service) ParseAndVerifyToken(token string) (*portainer.TokenData,
 			}

 			return &portainer.TokenData{
-				ID:       portainer.UserID(cl.UserID),
-				Username: cl.Username,
-				Role:     portainer.UserRole(cl.Role),
-				Token:    token,
+				ID:                  portainer.UserID(cl.UserID),
+				Username:            cl.Username,
+				Role:                portainer.UserRole(cl.Role),
+				Token:               token,
+				ForceChangePassword: cl.ForceChangePassword,
 			}, nil
 		}
 	}