From 7117ab4719d9a393be90692c09dc3185d67b5ced Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Markus=20M=C3=A4kel=C3=A4?= <markus.makela@mariadb.com>
Date: Mon, 24 Jun 2019 12:53:08 +0300
Subject: [PATCH] MXS-2574: Prevent alterations to current user

Due to the fact that the alteration is emulated by deletion and creation
of the user in question, the current user cannot be altered.
---
 maxctrl/lib/alter.js  | 4 ++++
 maxctrl/test/alter.js | 5 +++++
 2 files changed, 9 insertions(+)

diff --git a/maxctrl/lib/alter.js b/maxctrl/lib/alter.js
index 88bd3eee8..44fc76fb8 100644
--- a/maxctrl/lib/alter.js
+++ b/maxctrl/lib/alter.js
@@ -141,6 +141,10 @@ exports.builder = function(yargs) {
         }, function(argv) {
             maxctrl(argv, function(host) {
 
+                if (argv.u == argv.name) {
+                    return error('Cannot alter current user')
+                }
+
                 var user = {
                     'data': {
                         'id': argv.name,
diff --git a/maxctrl/test/alter.js b/maxctrl/test/alter.js
index 14fcf62df..8c9c5ddd9 100644
--- a/maxctrl/test/alter.js
+++ b/maxctrl/test/alter.js
@@ -108,6 +108,11 @@ describe("Alter Commands", function() {
             .should.be.rejected
     })
 
+    it('rejects alteration to current user', function() {
+        return doCommand('-u bob -p bob alter user bob bob2')
+            .should.be.rejected
+    })
+
     it('creates user', function() {
         return verifyCommand('create user testuser test', 'users/inet/testuser')
     })