Skip to content

Commit

Permalink
TRUNK-6228 Protect admin credentials not working if username not set …
Browse files Browse the repository at this point in the history
…to admin
  • Loading branch information
rkorytkowski committed Apr 25, 2024
1 parent e008a1e commit b4cbe60
Show file tree
Hide file tree
Showing 2 changed files with 2 additions and 2 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -652,7 +652,7 @@ public void changePassword(User user, String oldPassword, String newPassword) th
throw new APIException("new.password.equal.to.old", (Object[]) null);
}

if ("admin".equals(user.getUsername()) && Boolean.parseBoolean(
if ("admin".equals(user.getSystemId()) && Boolean.parseBoolean(
Context.getRuntimeProperties().getProperty(ADMIN_PASSWORD_LOCKED_PROPERTY, "false"))) {
throw new APIException("admin.password.is.locked");
}
Expand Down
2 changes: 1 addition & 1 deletion api/src/test/java/org/openmrs/api/UserServiceTest.java
Original file line number Diff line number Diff line change
Expand Up @@ -399,7 +399,7 @@ public void changePassword_shouldRespectLockingViaRuntimeProperty() {
assertThat("admin", is(Context.getAuthenticatedUser().getUsername()));
User u = userService.getUserByUsername(ADMIN_USERNAME);

assertThat(u.isSuperUser(), is(true));
assertThat(u.getSystemId(), is("admin"));

Properties props = Context.getRuntimeProperties();
props.setProperty(UserService.ADMIN_PASSWORD_LOCKED_PROPERTY, "true");
Expand Down

0 comments on commit b4cbe60

Please sign in to comment.