Merge branch 'stable-2.16' into stable-3.0

* stable-2.16:
  PutHttpPassword: Squash apply methods
  Clarify that account must have a username to be able to set HTTP password

Change-Id: Id637e46d45dd5e29f19be5b1554da58fc8b86dcd

3 files changed, 13 insertions, 5 deletions

diff --git a/Documentation/rest-api-accounts.txt b/Documentation/rest-api-accounts.txt
index c326b6657b..5d22659aa3 100644
--- a/Documentation/rest-api-accounts.txt
+++ b/Documentation/rest-api-accounts.txt
@@ -479,6 +479,8 @@ The options for setting/generating the HTTP password must be provided
 in the request body inside a link:#http-password-input[
 HttpPasswordInput] entity.
 
+The account must have a username.
+
 .Request
 ----
   PUT /accounts/self/password.http HTTP/1.0
diff --git a/java/com/google/gerrit/server/restapi/account/PutHttpPassword.java b/java/com/google/gerrit/server/restapi/account/PutHttpPassword.java
index 4b223ed902..04593f6987 100644
--- a/java/com/google/gerrit/server/restapi/account/PutHttpPassword.java
+++ b/java/com/google/gerrit/server/restapi/account/PutHttpPassword.java
@@ -95,12 +95,8 @@ public class PutHttpPassword implements RestModifyView<AccountResource, HttpPass
       permissionBackend.currentUser().check(GlobalPermission.ADMINISTRATE_SERVER);
       newPassword = input.httpPassword;
     }
-    return apply(rsrc.getUser(), newPassword);
-  }
 
-  public Response<String> apply(IdentifiedUser user, String newPassword)
-      throws ResourceNotFoundException, ResourceConflictException, IOException,
-          ConfigInvalidException {
+    IdentifiedUser user = rsrc.getUser();
     String userName =
         user.getUserName().orElseThrow(() -> new ResourceConflictException("username must be set"));
     Optional<ExternalId> optionalExtId =
diff --git a/javatests/com/google/gerrit/acceptance/api/accounts/AccountIT.java b/javatests/com/google/gerrit/acceptance/api/accounts/AccountIT.java
index b4d6856a22..4a08eb830a 100644
--- a/javatests/com/google/gerrit/acceptance/api/accounts/AccountIT.java
+++ b/javatests/com/google/gerrit/acceptance/api/accounts/AccountIT.java
@@ -2800,6 +2800,16 @@ public class AccountIT extends AbstractDaemonTest {
     assertThat(gApi.accounts().id(user.username()).setHttpPassword(null)).isNull();
   }
 
+  @Test
+  public void cannotGenerateHttpPasswordWhenUsernameIsNotSet() throws Exception {
+    requestScopeOperations.setApiUser(admin.id());
+    int userId = accountCreator.create().id().get();
+    assertThat(gApi.accounts().id(userId).get().username).isNull();
+    exception.expect(ResourceConflictException.class);
+    exception.expectMessage("username");
+    gApi.accounts().id(userId).generateHttpPassword();
+  }
+
   private void createDraft(PushOneCommit.Result r, String path, String message) throws Exception {
     DraftInput in = new DraftInput();
     in.path = path;