Change password on server side#4212
Conversation
Signed-off-by: JWaters02 <watersjoshua2002@gmail.com>
Signed-off-by: JWaters02 <watersjoshua2002@gmail.com>
Signed-off-by: JWaters02 <watersjoshua2002@gmail.com>
Signed-off-by: JWaters02 <watersjoshua2002@gmail.com>
Signed-off-by: JWaters02 <watersjoshua2002@gmail.com>
Signed-off-by: JWaters02 <watersjoshua2002@gmail.com>
Signed-off-by: JWaters02 <watersjoshua2002@gmail.com>
JillieBeanSim
left a comment
There was a problem hiding this comment.
thanks for working on this @JWaters02 this is a great additional capability. Should we make this extensible like we have done for many other profile actions, i.e., update credentials and create config? This could be a nice feature for extenders like CICS to be able to use from their view as well. It could be a separate story but thinking we should develop with this in mind for new features as well to avoid having to always go back and refactor once requested.
Totally agree with you on that one, and I think it should be done in this PR as we have months until 3.6 code freeze so there is no rush and it can be done properly from the start. I can start to have a look at the context around this (like how update credentials does it) and also talk to Dave about CICS extension to see what thoughts he has about it. |
Signed-off-by: JWaters02 <watersjoshua2002@gmail.com>
Codecov Report❌ Patch coverage is Additional details and impacted files@@ Coverage Diff @@
## main #4212 +/- ##
==========================================
- Coverage 94.37% 94.35% -0.02%
==========================================
Files 130 130
Lines 17726 17797 +71
Branches 4210 4426 +216
==========================================
+ Hits 16729 16793 +64
- Misses 994 1001 +7
Partials 3 3 ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
| * Unlike "Update Credentials", which only updates the locally stored | ||
| * password, this operation contacts the server to change the password | ||
| * on the mainframe and then updates the local credential store. |
There was a problem hiding this comment.
Is this function expected to update the local credential store? That seems a bit unconventional as ZE usually manages changes to credentials in the secure store.
I'd recommend adjusting this comment if ZE is handling the local credential changes.
| const response = await zosmf.ZosmfChangePassword.changePassword(session, newPassword); | ||
| if (!response.success) { | ||
| throw new Error(response.message ?? "Password change failed"); | ||
| } |
There was a problem hiding this comment.
I'm not opposed to this pattern, but wondering if it would be more consistent to just return the RHS of response directly (as we do w/ other APIs) and then check for response.success where the API is used?
| const commonApi = ZoweExplorerApiRegister.getInstance().getCommonApi(profile); | ||
| if (typeof commonApi.changePassword === "function") { |
There was a problem hiding this comment.
commonApi.changePassword is either undefined or an implemented function with type (session: imperative.Session, newPassword: string) => Promise<void>. Can we simplify this to a null check to match other places where optional APIs are used?
| const commonApi = ZoweExplorerApiRegister.getInstance().getCommonApi(profile); | |
| if (typeof commonApi.changePassword === "function") { | |
| const commonApi = ZoweExplorerApiRegister.getInstance().getCommonApi(profile); | |
| if (commonApi.changePassword != null) { |
| public static readonly changePasswordQpItems: Record<string, vscode.QuickPickItem> = { | ||
| [ProfileManagement.AuthQpLabels.changePassword]: { | ||
| label: `$(lock) ${vscode.l10n.t("Change Password")}`, | ||
| description: vscode.l10n.t("Change your password on the server and update stored password"), | ||
| }, | ||
| }; |
There was a problem hiding this comment.
Do we intend to add other items related to changing passwords to this quick pick?
Otherwise, not sure that the array is necessary.
|
Hey, sorry, can you set this to draft PR? I don't have the ability to, and this change is WIP for the suggestion billie made. thanks |
|
@JillieBeanSim Hi, so I had a chat with dave about if this would be useful for them from an extenders point of view, but we aren't really sure how it would be. For CICS extension, they don't have any need to override the change password on server side functionality as they don't have an API for that at all on the server side (if am I understanding correctly @davenice?) I don't know of any other extenders that might want to use their own implementations of change password on server side, but if they contribute their own profile type, they can already contribute to it by implementing their side of the change password endpoint. Else, I can't think of cases where the standard pattern of "old password + new password + new password again" would want to be changed, except maybe only in the wording? If they aren't changing "password" but something like a "passphrase". Could you elaborate on what you had in mind? Thanks! |
Proposed changes
Closes #1538
Allows the user to change their password on the server of the selected profile, which then also updates their stored password.
Right click profile -> Manage profile -> Change password
Enter old password
Enter new password
Confirm new password
It tries to update the password on the server side first, before doing anything on client side.
In the case that the password is updated on the server side but fails to modify it in the profile, it shows a warning telling the user to try doing it again manually with update credentials action. But in any case it shouldn't be too much of an issue as when the server does eventually start to reject the old password (which is usually after midnight for z/OSMF) the user will just be prompted to update credentials as normal.
Release Notes
Milestone: 3.6.0
Changelog:
Types of changes
Checklist
All checks must pass before this pull request is reviewed by the Zowe Explorer squad.
General
yarn workspace vscode-extension-for-zowe vscode:prepublishpnpm --filter vscode-extension-for-zowe vscode:prepublishCode coverage
Deployment
Further comments
Note: Ross Cruickshank said that zxplore system will be disabling the ability for passwords to be changed from anywhere but in the website portal, but I'm not sure when that will be implemented. So once this goes in, there may be a chance that issues are raised by zxplore users who are unable to change their passwords - we should be aware of this so there is no time wasted investigating.