Skip to content

Change password on server side#4212

Draft
JWaters02 wants to merge 12 commits into
zowe:mainfrom
JWaters02:feat/change-password
Draft

Change password on server side#4212
JWaters02 wants to merge 12 commits into
zowe:mainfrom
JWaters02:feat/change-password

Conversation

@JWaters02

@JWaters02 JWaters02 commented Apr 29, 2026

Copy link
Copy Markdown
Member

Proposed changes

Closes #1538

Allows the user to change their password on the server of the selected profile, which then also updates their stored password.

Right click profile -> Manage profile -> Change password
Enter old password
Enter new password
Confirm new password

It tries to update the password on the server side first, before doing anything on client side.

In the case that the password is updated on the server side but fails to modify it in the profile, it shows a warning telling the user to try doing it again manually with update credentials action. But in any case it shouldn't be too much of an issue as when the server does eventually start to reject the old password (which is usually after midnight for z/OSMF) the user will just be prompted to update credentials as normal.

Release Notes

Milestone: 3.6.0

Changelog:

Types of changes

  • Bug fix (non-breaking change which fixes an issue)
  • Enhancement (non-breaking change which adds or improves functionality)
  • Breaking change (a change that would cause existing functionality to not work as expected)
  • Documentation (Markdown, README updates)
  • Other (please specify above in "Proposed changes" section)

Checklist

All checks must pass before this pull request is reviewed by the Zowe Explorer squad.

General

  • I have read the CONTRIBUTOR GUIDANCE wiki
  • All PR dependencies have been merged and published (if applicable)
  • A GIF or screenshot is included in the PR for visual changes
  • The pre-publish command has been executed:
    • v2 and below: yarn workspace vscode-extension-for-zowe vscode:prepublish
    • v3: pnpm --filter vscode-extension-for-zowe vscode:prepublish
  • New ZE APIs are tested with extender types that haven't adopted yet to determine breaking changes. Can use Zowe zFTP marketplace extension.

Code coverage

  • There is coverage for the code that I have added
  • I have added new test cases and they are passing
  • I have manually tested the changes

Deployment

  • I have tested new functionality with the FTP extension and profile verifying no extender profile type breakages introduced
  • I have added developer documentation (if applicable)
  • Documentation should be added to Zowe Docs
    • If you're an outside contributor, please post in the #zowe-doc Slack channel to coordinate documentation.
    • Otherwise, please check with the rest of the squad about any needed documentation before merging.
  • These changes may need ported to the appropriate branches (list here):

Further comments

Note: Ross Cruickshank said that zxplore system will be disabling the ability for passwords to be changed from anywhere but in the website portal, but I'm not sure when that will be implemented. So once this goes in, there may be a chance that issues are raised by zxplore users who are unable to change their passwords - we should be aware of this so there is no time wasted investigating.

Signed-off-by: JWaters02 <watersjoshua2002@gmail.com>
Signed-off-by: JWaters02 <watersjoshua2002@gmail.com>
Signed-off-by: JWaters02 <watersjoshua2002@gmail.com>
Signed-off-by: JWaters02 <watersjoshua2002@gmail.com>

@JillieBeanSim JillieBeanSim left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

thanks for working on this @JWaters02 this is a great additional capability. Should we make this extensible like we have done for many other profile actions, i.e., update credentials and create config? This could be a nice feature for extenders like CICS to be able to use from their view as well. It could be a separate story but thinking we should develop with this in mind for new features as well to avoid having to always go back and refactor once requested.

@JWaters02

Copy link
Copy Markdown
Member Author

thanks for working on this @JWaters02 this is a great additional capability. Should we make this extensible like we have done for many other profile actions, i.e., update credentials and create config? This could be a nice feature for extenders like CICS to be able to use from their view as well. It could be a separate story but thinking we should develop with this in mind for new features as well to avoid having to always go back and refactor once requested.

Totally agree with you on that one, and I think it should be done in this PR as we have months until 3.6 code freeze so there is no rush and it can be done properly from the start. I can start to have a look at the context around this (like how update credentials does it) and also talk to Dave about CICS extension to see what thoughts he has about it.

Signed-off-by: JWaters02 <watersjoshua2002@gmail.com>
@codecov

codecov Bot commented Apr 29, 2026

Copy link
Copy Markdown

Codecov Report

❌ Patch coverage is 90.27778% with 7 lines in your changes missing coverage. Please review.
✅ Project coverage is 94.35%. Comparing base (57b4aac) to head (f0df5e5).
⚠️ Report is 2 commits behind head on main.

Files with missing lines Patch % Lines
.../zowe-explorer/src/management/ProfileManagement.ts 60.00% 4 Missing ⚠️
...kages/zowe-explorer/src/trees/shared/SharedInit.ts 33.33% 2 Missing ⚠️
packages/zowe-explorer/src/utils/ProfilesUtils.ts 98.14% 1 Missing ⚠️
Additional details and impacted files
@@            Coverage Diff             @@
##             main    #4212      +/-   ##
==========================================
- Coverage   94.37%   94.35%   -0.02%     
==========================================
  Files         130      130              
  Lines       17726    17797      +71     
  Branches     4210     4426     +216     
==========================================
+ Hits        16729    16793      +64     
- Misses        994     1001       +7     
  Partials        3        3              

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

Comment on lines +87 to +89
* Unlike "Update Credentials", which only updates the locally stored
* password, this operation contacts the server to change the password
* on the mainframe and then updates the local credential store.

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is this function expected to update the local credential store? That seems a bit unconventional as ZE usually manages changes to credentials in the secure store.
I'd recommend adjusting this comment if ZE is handling the local credential changes.

Comment on lines +113 to +116
const response = await zosmf.ZosmfChangePassword.changePassword(session, newPassword);
if (!response.success) {
throw new Error(response.message ?? "Password change failed");
}

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm not opposed to this pattern, but wondering if it would be more consistent to just return the RHS of response directly (as we do w/ other APIs) and then check for response.success where the API is used?

Comment on lines +236 to +237
const commonApi = ZoweExplorerApiRegister.getInstance().getCommonApi(profile);
if (typeof commonApi.changePassword === "function") {

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

commonApi.changePassword is either undefined or an implemented function with type (session: imperative.Session, newPassword: string) => Promise<void>. Can we simplify this to a null check to match other places where optional APIs are used?

Suggested change
const commonApi = ZoweExplorerApiRegister.getInstance().getCommonApi(profile);
if (typeof commonApi.changePassword === "function") {
const commonApi = ZoweExplorerApiRegister.getInstance().getCommonApi(profile);
if (commonApi.changePassword != null) {

Comment on lines +81 to +86
public static readonly changePasswordQpItems: Record<string, vscode.QuickPickItem> = {
[ProfileManagement.AuthQpLabels.changePassword]: {
label: `$(lock) ${vscode.l10n.t("Change Password")}`,
description: vscode.l10n.t("Change your password on the server and update stored password"),
},
};

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do we intend to add other items related to changing passwords to this quick pick?
Otherwise, not sure that the array is necessary.

@JWaters02

Copy link
Copy Markdown
Member Author

Hey, sorry, can you set this to draft PR? I don't have the ability to, and this change is WIP for the suggestion billie made. thanks

@traeok traeok marked this pull request as draft May 1, 2026 13:00
@zowe-robot zowe-robot moved this from Review/QA to In Progress in Zowe Explorer for VS Code May 1, 2026
@JWaters02

Copy link
Copy Markdown
Member Author

@JillieBeanSim Hi, so I had a chat with dave about if this would be useful for them from an extenders point of view, but we aren't really sure how it would be. For CICS extension, they don't have any need to override the change password on server side functionality as they don't have an API for that at all on the server side (if am I understanding correctly @davenice?)

I don't know of any other extenders that might want to use their own implementations of change password on server side, but if they contribute their own profile type, they can already contribute to it by implementing their side of the change password endpoint. Else, I can't think of cases where the standard pattern of "old password + new password + new password again" would want to be changed, except maybe only in the wording? If they aren't changing "password" but something like a "passphrase".

Could you elaborate on what you had in mind? Thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

Projects

Status: In Progress

Development

Successfully merging this pull request may close these issues.

Change Password using Zowe CLI APIs

4 participants