feat(identity): Implement user password change endpoint#970
Merged
Conversation
gtema
force-pushed
the
claude/scim-v2-support-adr-u1f488
branch
from
July 9, 2026 17:41
3f68784 to
b5885dd
Compare
|
🦢 Load Test Results Goose Attack ReportPlan Overview
Request Metrics
Response Time Metrics
Status Code Metrics
Transaction Metrics
Scenario Metrics
Error Metrics
|
gtema
force-pushed
the
claude/scim-v2-support-adr-u1f488
branch
2 times, most recently
from
July 9, 2026 17:59
2337c5e to
b224a03
Compare
|
| Branch | claude/scim-v2-support-adr-u1f488 |
| Testbed | ubuntu-latest |
Click to view all benchmark results
| Benchmark | Latency | Benchmark Result nanoseconds (ns) (Result Δ%) | Upper Boundary nanoseconds (ns) (Limit %) |
|---|---|---|---|
| Command_Serde/apply/remove | 📈 view plot 🚷 view threshold | 142,090.00 ns(-44.26%)Baseline: 254,897.50 ns | 1,513,977.10 ns (9.39%) |
| Command_Serde/apply/set | 📈 view plot 🚷 view threshold | 156,340.00 ns(-28.71%)Baseline: 219,286.94 ns | 813,472.46 ns (19.22%) |
| Command_Serde/pack/delete | 📈 view plot 🚷 view threshold | 122.81 ns(-0.03%)Baseline: 122.84 ns | 144.60 ns (84.93%) |
| Command_Serde/pack/delete_index | 📈 view plot 🚷 view threshold | 110.65 ns(-0.32%)Baseline: 111.00 ns | 130.44 ns (84.83%) |
| Command_Serde/pack/set | 📈 view plot 🚷 view threshold | 204.95 ns(+3.15%)Baseline: 198.69 ns | 237.61 ns (86.25%) |
| Command_Serde/pack/set_index | 📈 view plot 🚷 view threshold | 110.28 ns(-0.40%)Baseline: 110.72 ns | 129.64 ns (85.06%) |
| Command_Serde/unpack/delete | 📈 view plot 🚷 view threshold | 188.37 ns(-3.30%)Baseline: 194.79 ns | 233.79 ns (80.57%) |
| Command_Serde/unpack/delete_index | 📈 view plot 🚷 view threshold | 160.92 ns(-0.97%)Baseline: 162.50 ns | 198.38 ns (81.12%) |
| Command_Serde/unpack/set | 📈 view plot 🚷 view threshold | 275.39 ns(+1.40%)Baseline: 271.58 ns | 324.40 ns (84.89%) |
| Command_Serde/unpack/set_index | 📈 view plot 🚷 view threshold | 160.54 ns(-0.46%)Baseline: 161.27 ns | 194.65 ns (82.47%) |
| Payload_encryption/pack/remove_cmd | 📈 view plot 🚷 view threshold | 114.88 ns(-1.81%)Baseline: 117.00 ns | 139.81 ns (82.17%) |
| Payload_encryption/pack/set_cmd | 📈 view plot 🚷 view threshold | 243.23 ns(+17.76%)Baseline: 206.54 ns | 262.72 ns (92.58%) |
| Payload_encryption/unpack/remove_cmd | 📈 view plot 🚷 view threshold | 204.95 ns(-0.86%)Baseline: 206.73 ns | 253.07 ns (80.98%) |
| Payload_encryption/unpack/set_cmd | 📈 view plot 🚷 view threshold | 304.27 ns(+6.65%)Baseline: 285.31 ns | 348.38 ns (87.34%) |
| Raft_1Node_Latency/prefix/1node | 📈 view plot 🚷 view threshold | 3,322,600.00 ns(+19.27%)Baseline: 2,785,800.78 ns | 6,182,740.73 ns (53.74%) |
| Raft_1Node_Latency/read/1node | 📈 view plot 🚷 view threshold | 43,442.00 ns(+40.26%)Baseline: 30,971.71 ns | 73,773.81 ns (58.89%) |
| Raft_1Node_Latency/remove/1node | 📈 view plot 🚷 view threshold | 423,060.00 ns(-16.58%)Baseline: 507,129.53 ns | 1,555,869.33 ns (27.19%) |
| Raft_1Node_Latency/write/1node | 📈 view plot 🚷 view threshold | 433,310.00 ns(-21.83%)Baseline: 554,291.88 ns | 1,867,429.17 ns (23.20%) |
| build_snapshot/default | 📈 view plot 🚷 view threshold | 121,920.00 ns(+9.90%)Baseline: 110,934.11 ns | 130,166.39 ns (93.66%) |
| fernet token/project | 📈 view plot 🚷 view threshold | 1,430.30 ns(+2.26%)Baseline: 1,398.63 ns | 1,629.57 ns (87.77%) |
| get_data_keyspace | 📈 view plot 🚷 view threshold | 0.32 ns(+2.38%)Baseline: 0.32 ns | 0.36 ns (88.85%) |
| get_db | 📈 view plot 🚷 view threshold | 0.32 ns(+1.51%)Baseline: 0.32 ns | 0.36 ns (88.08%) |
| get_fernet_token_timestamp/project | 📈 view plot 🚷 view threshold | 144.66 ns(+1.54%)Baseline: 142.47 ns | 174.79 ns (82.76%) |
| get_keyspace | 📈 view plot 🚷 view threshold | 4.41 ns(-7.47%)Baseline: 4.77 ns | 9.51 ns (46.42%) |
gtema
force-pushed
the
claude/scim-v2-support-adr-u1f488
branch
from
July 10, 2026 11:31
b224a03 to
bfc7160
Compare
Add POST /v3/users/{user_id}/password handler that authenticates via
original_password then updates the password. The endpoint is unauthenticated;
the original password serves as credential verification.
Also fixes error mapping bugs:
- ResourceProviderError::Conflict now returns 409 (was 400)
- RevokeProviderError::Conflict now returns 409 (was 400)
- IdentityProviderError::Conflict now returns 409 (was 500)
- TokenProviderError::Conflict now returns 409 (was 500)
- Nonlocal user password update returns 409 (was 404)
Add unit tests for all Conflict mappings, UserPassword validation, and
password handler paths.
Signed-off-by: Artem Goncharov <artem.goncharov@gmail.com>
gtema
force-pushed
the
claude/scim-v2-support-adr-u1f488
branch
from
July 10, 2026 13:20
bfc7160 to
fd7e604
Compare
gtema
enabled auto-merge (squash)
July 10, 2026 13:45
Open
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What
Implements for changing user passwords.
How
authenticate_by_passwordbefore callingupdate_user_passwordBug Fixes
Also fixes
Conflicterror mapping bugs inerror_conv.rs:ResourceProviderError::ConflictRevokeProviderError::ConflictIdentityProviderError::ConflictTokenProviderError::ConflictNonlocal user password update now returns 409 (was 404).
Files Changed
crates/api-types/src/error_conf.rs: 4Conflictmappings fixedcrates/api-types/src/v3/user.rs:UserPasswordRequestAPI typescrates/identity-driver-sql/src/local_user.rs: nonlocal → 409crates/identity-driver-sql/src/lib.rs: simplified password updatecrates/keystone/src/api/v3/user/password.rs: new handler + testscrates/keystone/src/api/v3/user/mod.rs: route registration