Skip to content

[UI] Allow change password for native users only.#12584

Open
sureshanaparti wants to merge 3 commits intoapache:4.20from
shapeblue:ui-user-change-password
Open

[UI] Allow change password for native users only.#12584
sureshanaparti wants to merge 3 commits intoapache:4.20from
shapeblue:ui-user-change-password

Conversation

@sureshanaparti
Copy link
Contributor

@sureshanaparti sureshanaparti commented Feb 4, 2026

Description

This PR allows change password for native users only from UI.

Fixes #12581

Types of changes

  • Breaking change (fix or feature that would cause existing functionality to change)
  • New feature (non-breaking change which adds functionality)
  • Bug fix (non-breaking change which fixes an issue)
  • Enhancement (improves an existing feature and functionality)
  • Cleanup (Code refactoring and cleanup, that may add test cases)
  • Build/CI
  • Test (unit or integration test code)

Feature/Enhancement Scale or Bug Severity

Feature/Enhancement Scale

  • Major
  • Minor

Bug Severity

  • BLOCKER
  • Critical
  • Major
  • Minor
  • Trivial

Screenshots (if appropriate):

How Has This Been Tested?

Tested with the users form with native, ldap, saml users.

How did you try to break this feature and the system with this change?

@sureshanaparti sureshanaparti linked an issue Feb 4, 2026 that may be closed by this pull request
Change password should be not allowed for LDAP and SAML based account #12581
Open
@sureshanaparti sureshanaparti added this to the 4.20.3 milestone Feb 4, 2026
@sureshanaparti
Copy link
Contributor Author

sureshanaparti commented Feb 4, 2026

@blueorangutan ui

@blueorangutan
Copy link

blueorangutan commented Feb 4, 2026

@sureshanaparti a Jenkins job has been kicked to build UI QA env. I'll keep you posted as I make progress.

@sureshanaparti
Copy link
Contributor Author

sureshanaparti commented Feb 4, 2026

@DaanHoogland moving to draft based on your comment here - #12581 (comment)

@sureshanaparti sureshanaparti marked this pull request as draft February 4, 2026 13:15
@codecov
Copy link

codecov bot commented Feb 4, 2026
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 16.26%. Comparing base (9ae696d) to head (fe2a22e).
⚠️ Report is 2 commits behind head on 4.20.

Additional details and impacted files 
@@             Coverage Diff              @@
##               4.20   #12584      +/-   ##
============================================
- Coverage     16.26%   16.26%   -0.01%     
  Complexity    13428    13428              
============================================
  Files          5660     5661       +1     
  Lines        499963   500011      +48     
  Branches      60708    60715       +7     
============================================
+ Hits          81330    81331       +1     
- Misses       409559   409607      +48     
+ Partials       9074     9073       -1
Flag Coverage Δ
uitests 4.15% <ø> (-0.01%) ⬇️
unittests 17.12% <ø> (+<0.01%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@blueorangutan
Copy link

blueorangutan commented Feb 4, 2026

UI build: ✔️
Live QA URL: https://qa.cloudstack.cloud/simulator/pr/12584 (QA-JID-871)

DaanHoogland
DaanHoogland approved these changes Feb 4, 2026
View reviewed changes
Copy link
Contributor

@DaanHoogland DaanHoogland left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

clgtm, but I have questions about the functionality. As this fixes a bug atm (NPE when tried) I think we can go ahead. Users/operators will have to define how a broken or removed link of an authenticator should be handled. E.G. invalidate/regenerate PW or disable account. I could imagine this should be configurable in which case we can revert this condition.

We can also remove the need to be a native account now, and fix the NPE.

< @sureshanaparti >

@sureshanaparti
Copy link
Contributor Author

sureshanaparti commented Feb 4, 2026

clgtm, but I have questions about the functionality. As this fixes a bug atm (NPE when tried) I think we can go ahead. Users/operators will have to define how a broken or removed link of an authenticator should be handled. E.G. invalidate/regenerate PW or disable account. I could imagine this should be configurable in which case we can revert this condition.

We can also remove the need to be a native account now, and fix the NPE.

< @sureshanaparti >

updated @DaanHoogland it also checks for admin, domain admin account or the same user to change the password.

@sureshanaparti sureshanaparti marked this pull request as ready for review February 4, 2026 15:01
@sureshanaparti
Copy link
Contributor Author

sureshanaparti commented Feb 4, 2026

@blueorangutan ui

@blueorangutan
Copy link

blueorangutan commented Feb 4, 2026

@sureshanaparti a Jenkins job has been kicked to build UI QA env. I'll keep you posted as I make progress.

@blueorangutan
Copy link

blueorangutan commented Feb 4, 2026

UI build: ✔️
Live QA URL: https://qa.cloudstack.cloud/simulator/pr/12584 (QA-JID-872)

@sudo87
Copy link
Collaborator

sudo87 commented Feb 5, 2026

We should have kept password change only for "native" users. As of now we throw exception whenever password change is done from UI. In my opinion it should be hidden if capability is not supported for SAML/LDAP users.

Screenshot 2026-02-05 at 1 02 38 PM
cc: @DaanHoogland @sureshanaparti @kiranchavala

sudo87
sudo87 reviewed Feb 5, 2026
View reviewed changes
@sureshanaparti
Copy link
Contributor Author

sureshanaparti commented Feb 5, 2026

We should have kept password change only for "native" users. As of now we throw exception whenever password change is done from UI. In my opinion it should be hidden if capability is not supported for SAML/LDAP users.

Screenshot 2026-02-05 at 1 02 38 PM cc: @DaanHoogland @sureshanaparti @kiranchavala

Shall I keep it for native users only? @DaanHoogland @kiranchavala

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@DaanHoogland DaanHoogland DaanHoogland approved these changes

@kiranchavala kiranchavala Awaiting requested review from kiranchavala

@abh1sar abh1sar Awaiting requested review from abh1sar

+1 more reviewer

@sudo87 sudo87 sudo87 left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

component:UI

Projects

None yet

Milestone

4.20.3

Development

Successfully merging this pull request may close these issues.

Change password should be not allowed for LDAP and SAML based account

4 participants

@sureshanaparti @blueorangutan @sudo87 @DaanHoogland