> On April 12, 2022, 4:29 p.m., Kirby Zhou wrote: > > security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java > > Line 398 (original), 406 (patched) > > <https://reviews.apache.org/r/73922/diff/5-6/?file=2267297#file2267297line407> > > > > Math.min(oldPasswords.length, pwdHistoryStore)
this is not required as we are removing old entries. > On April 12, 2022, 4:29 p.m., Kirby Zhou wrote: > > security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java > > Lines 406 (patched) > > <https://reviews.apache.org/r/73922/diff/6/?file=2267336#file2267336line406> > > > > Do not remove, just use: > > > > for (int p = oldPasswords.length <= pwdHistoryStore ? 0 : > > oldPasswords.length - pwdHistoryStore; p < oldPasswords.length; ++p) removing also does the same Functionality. > On April 12, 2022, 4:29 p.m., Kirby Zhou wrote: > > security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java > > Lines 443 (patched) > > <https://reviews.apache.org/r/73922/diff/6/?file=2267336#file2267336line443> > > > > "if" should be "while" Not required as we are removing the old Encrypted password when "pwdHistoryStore" is changed. - bhavik ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/73922/#review224307 ----------------------------------------------------------- On April 11, 2022, 12:42 p.m., bhavik patel wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/73922/ > ----------------------------------------------------------- > > (Updated April 11, 2022, 12:42 p.m.) > > > Review request for ranger, Dhaval Shah, Dineshkumar Yadav, Kirby Zhou, Abhay > Kulkarni, Madhan Neethiraj, Mateen Mansoori, Mehul Parikh, Pradeep Agrawal, > Ramesh Mani, and Velmurugan Periasamy. > > > Bugs: RANGER-3687 > https://issues.apache.org/jira/browse/RANGER-3687 > > > Repository: ranger > > > Description > ------- > > Password history should be configured to restrict users from reusing their > last 4 or 5 passwords. > > > Diffs > ----- > > security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql > 26282f770 > security-admin/db/mysql/patches/059-update-x-portal-user-table.sql > PRE-CREATION > security-admin/db/oracle/optimized/current/ranger_core_db_oracle.sql > e2475cfbd > security-admin/db/oracle/patches/059-update-x-portal-user-table..sql > PRE-CREATION > security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql > f5c6ed8f5 > security-admin/db/postgres/patches/059-update-x-portal-user-table.sql > PRE-CREATION > > security-admin/db/sqlanywhere/optimized/current/ranger_core_db_sqlanywhere.sql > 1887d6da9 > security-admin/db/sqlanywhere/patches/059-update-x-portal-user-table.sql > PRE-CREATION > security-admin/db/sqlserver/optimized/current/ranger_core_db_sqlserver.sql > 642e54cd5 > security-admin/db/sqlserver/patches/059-update-x-portal-user-table.sql > PRE-CREATION > security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java 0e61038d5 > security-admin/src/main/java/org/apache/ranger/entity/XXPortalUser.java > d0451b4d2 > security-admin/src/main/resources/conf.dist/ranger-admin-default-site.xml > e2bfc8fff > security-admin/src/test/java/org/apache/ranger/biz/TestUserMgr.java > f43b30196 > > > Diff: https://reviews.apache.org/r/73922/diff/6/ > > > Testing > ------- > > 1. Verified the basic functionality of "/passwordchange" api > 2. Verified "/secure/users" & "/secure/users/{id}" API’s > > 3. Once the basic review/discussion is done will fix the Test-cases > > > Thanks, > > bhavik patel > >
