PYCBC-1371: Implement ChangePassword

Motivation
----------
Implement change password accross SDKs

Changes
-------
*Added retry to connections in test to let the server process changes
*Added space in user_management.hxx to fix enum
*Minor test fix
*Added test
*rename newPassword -> new_password
*Rebase
*Update submodule
*iSort
*Pep8
*Clang-format
*Import fix in users.py
*Initial commit

Change-Id: Ie8184c34072bed7f5441b92e4d2eb8ee39ddeb37
Reviewed-on: https://review.couchbase.org/c/couchbase-python-client/+/184806
Reviewed-by: Jared Casey <[email protected]>
Tested-by: Jared Casey <[email protected]>

Author: emilienbev

couchbase/management/logic/users_logic.py

@@ -38,7 +38,8 @@
                                   user_mgmt_operations)
 
 if TYPE_CHECKING:
-    from couchbase.management.options import (DropGroupOptions,
+    from couchbase.management.options import (ChangePasswordOptions,
+                                              DropGroupOptions,
                                               DropUserOptions,
                                               GetAllGroupsOptions,
                                               GetAllUsersOptions,
@@ -221,6 +222,38 @@ def drop_user(self,
 
         return management_operation(**mgmt_kwargs)
 
+    def change_password(self,
+                        new_password,  # type: str
+                        *options,     # type: ChangePasswordOptions
+                        **kwargs      # type: Any
+                        ) -> None:
+
+        final_args = forward_args(kwargs, *options)
+
+        op_args = {
+            "password": new_password
+        }
+
+        mgmt_kwargs = {
+            "conn": self._connection,
+            "mgmt_op": mgmt_operations.USER.value,
+            "op_type": user_mgmt_operations.CHANGE_PASSWORD.value,
+            "op_args": op_args
+        }
+
+        callback = kwargs.pop('callback', None)
+        if callback:
+            mgmt_kwargs['callback'] = callback
+
+        errback = kwargs.pop('errback', None)
+        if errback:
+            mgmt_kwargs['errback'] = errback
+
+        if final_args.get("timeout", None) is not None:
+            mgmt_kwargs["timeout"] = final_args.get("timeout")
+
+        return management_operation(**mgmt_kwargs)
+
     def get_roles(self,
                   *options,  # type: GetRolesOptions
                   **kwargs   # type: Any

couchbase/management/options.py

@@ -330,6 +330,21 @@ class UpsertUserOptions(UserOptions):
     """
 
 
+class ChangePasswordOptions(UserOptions):
+    """Available options to for a :class:`~couchbase.management.users.UserManager`'s change password user
+    operation.
+
+    .. note::
+        All management options should be imported from ``couchbase.management.options``.
+
+    Args:
+        domain_name (str, optional): The user's domain name (either ``local`` or ``external``). Defaults
+            to ``local``.
+        timeout (timedelta, optional): The timeout for this operation. Defaults to global
+            management operation timeout.
+    """
+
+
 class DropUserOptions(UserOptions):
     """Available options to for a :class:`~couchbase.management.users.UserManager`'s drop user
     operation.

couchbase/management/users.py

@@ -26,7 +26,8 @@
 from couchbase.management.logic.wrappers import BlockingMgmtWrapper, ManagementType
 
 # @TODO:  lets deprecate import of options from couchbase.management.users
-from couchbase.management.options import (DropGroupOptions,
+from couchbase.management.options import (ChangePasswordOptions,
+                                          DropGroupOptions,
                                           DropUserOptions,
                                           GetAllGroupsOptions,
                                           GetAllUsersOptions,
@@ -48,7 +49,7 @@ def get_user(self,
                  *options,  # type: GetUserOptions
                  **kwargs   # type: Any
                  ) -> UserAndMetadata:
-        """Returns a user by it's username.
+        """Returns a user by its username.
 
         Args:
             username (str): The name of the user to retrieve.
@@ -124,6 +125,29 @@ def drop_user(self,
         """
         return super().drop_user(username, *options, **kwargs)
 
+    @BlockingMgmtWrapper.block(None, ManagementType.UserMgmt, UserManagerLogic._ERROR_MAPPING)
+    def change_password(self,
+                        new_password,  # type: str
+                        *options,     # type: ChangePasswordOptions
+                        **kwargs      # type: Any
+                        ) -> None:
+        """Changes the password of the currently authenticated user. SDK must be re-started and a new connection
+         established after running, as the previous credentials will no longer be valid.
+
+         Args:
+             new_password (str): The new password for the user
+             options (:class:`~couchbase.management.options.ChangePasswordOptions`): Optional parameters for this
+                operation.
+            **kwargs (Dict[str, Any]): keyword arguments that can be used as optional parameters
+                for this operation.
+
+        Raises:
+            :class:`~couchbase.exceptions.InvalidArgumentException`: If the provided group argument contains an
+                invalid value or type.
+
+        """
+        return super().change_password(new_password, *options, **kwargs)
+
     @BlockingMgmtWrapper.block(RoleAndDescription, ManagementType.UserMgmt, UserManagerLogic._ERROR_MAPPING)
     def get_roles(self,
                   *options,  # type: GetRolesOptions

couchbase/tests/usermgmt_t.py

@@ -14,10 +14,12 @@
 #  limitations under the License.
 
 import re
+from datetime import timedelta
 
 import pytest
 
-from couchbase.exceptions import (CouchbaseException,
+from couchbase.exceptions import (AuthenticationException,
+                                  CouchbaseException,
                                   FeatureUnavailableException,
                                   GroupNotFoundException,
                                   InvalidArgumentException,
@@ -29,7 +31,11 @@
 from couchbase.management.users import (Group,
                                         Role,
                                         User)
+from couchbase.options import ClusterOptions
+from tests.helpers import ClusterInformation
 
+from ..auth import PasswordAuthenticator
+from ..cluster import Cluster
 from ._test_utils import TestEnvironment
 
 
@@ -223,6 +229,50 @@ def test_user_display_name(self, cb_env):
 
         cb_env.um.drop_user(user.username, DropUserOptions(domain_name="local"))
 
+    def test_user_change_password(self, cb_env):
+        username = 'change-password-user'
+        admin_role = Role(name='admin')
+        original_password = 'original_password'
+        new_password = 'new_password'
+
+        change_password_user = User(username=username,
+                                    display_name="Change Password User",
+                                    roles=admin_role,
+                                    password=original_password)
+        # Upsert user
+        cb_env.um.upsert_user(change_password_user, UpsertUserOptions(domain_name="local"))
+
+        # Authenticate as change-password-user.
+        # Done in a while loop to emulate retry
+        auth = PasswordAuthenticator(username, original_password)
+        new_cluster = None
+        while True:
+            try:
+                new_cluster = Cluster.connect(cb_env.cluster._connstr, ClusterOptions(auth))
+            except AuthenticationException:
+                continue
+            break
+
+        # Change password
+        new_cluster.users().change_password(new_password)
+
+        # Assert can authenticate using new password
+        success_auth = PasswordAuthenticator(username, new_password)
+        while True:
+            try:
+                success_cluster = Cluster.connect(cb_env.cluster._connstr, ClusterOptions(success_auth))
+            except AuthenticationException:
+                continue
+            success_cluster.close()
+            break
+
+        # Assert cannot authenticate using old password
+        fail_auth = PasswordAuthenticator(username, original_password)
+        with pytest.raises(AuthenticationException):
+            Cluster.connect(cb_env.cluster._connstr, ClusterOptions(fail_auth))
+
+        new_cluster.close()
+
     def test_external_user(self, cb_env):
         """
             test_external_user()

deps/couchbase-cxx-client

@@ -905,6 +905,18 @@ handle_user_mgmt_op(connection* conn, struct user_mgmt_options* options, PyObjec
               *conn, req, pyObj_callback, pyObj_errback, barrier);
             break;
         }
+        case UserManagementOperations::CHANGE_PASSWORD: {
+            PyObject* pyObj_newPassword = PyDict_GetItemString(options->op_args, "password");
+            auto newPassword = std::string(PyUnicode_AsUTF8(pyObj_newPassword));
+
+            couchbase::core::operations::management::change_password_request req{};
+            req.newPassword = newPassword;
+            req.timeout = options->timeout_ms;
+
+            res = do_user_mgmt_op<couchbase::core::operations::management::change_password_request>(
+              *conn, req, pyObj_callback, pyObj_errback, barrier);
+            break;
+        }
         case UserManagementOperations::GET_ROLES: {
             couchbase::core::operations::management::role_get_all_request req{};
             req.timeout = options->timeout_ms;

src/management/user_management.cxx

@@ -29,6 +29,7 @@ class UserManagementOperations
         GET_USER,
         GET_ALL_USERS,
         DROP_USER,
+        CHANGE_PASSWORD,
         GET_ROLES,
         UPSERT_GROUP,
         GET_GROUP,
@@ -66,11 +67,12 @@ class UserManagementOperations
                           "GET_USER "
                           "GET_ALL_USERS "
                           "DROP_USER "
+                          "CHANGE_PASSWORD "
                           "GET_ROLES "
                           "UPSERT_GROUP "
                           "GET_GROUP "
                           "GET_ALL_GROUPS "
-                          "DROP_GROUP";
+                          "DROP_GROUP ";
 
         return ops;
     }