ranger-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Pradeep Agrawal (JIRA)" <j...@apache.org>
Subject [jira] [Assigned] (RANGER-899) Problem Changing/Updating emailAddress of logged in user using API: "{userId}/emailchange" of class org.apache.ranger.rest.UserREST.java
Date Thu, 19 May 2016 09:13:13 GMT

     [ https://issues.apache.org/jira/browse/RANGER-899?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Pradeep Agrawal reassigned RANGER-899:
--------------------------------------

    Assignee: Pradeep Agrawal  (was: Bryan Bende)

> Problem Changing/Updating emailAddress of logged in user using API: "{userId}/emailchange"
of class org.apache.ranger.rest.UserREST.java
> ----------------------------------------------------------------------------------------------------------------------------------------
>
>                 Key: RANGER-899
>                 URL: https://issues.apache.org/jira/browse/RANGER-899
>             Project: Ranger
>          Issue Type: Bug
>          Components: Ranger
>            Reporter: Tushar Dudhatra
>            Assignee: Pradeep Agrawal
>            Priority: Minor
>
> While taking tour to the existing code I found something not good about this API. This
API is for changing/updating emailAddress of logged in user. Here is what I have done:
> --- Case 1:
>  
> 1) Created new user with Admin UI with this data: {"groupIdList":null,"status":1,"userRoleList":["ROLE_SYS_ADMIN"],"name":"user1","password":"user12345","firstName":"User1","lastName":"","emailAddress":"user1@tssbtd.com"}

> 2) After this I logged in with username `user1`.
> 3) Tried hitting this POST URL using RESTClient : {base url}/service/users/5/emailchange.
Data I posted: {"loginId":"user1", "emailAddress":"user1555@tssbtd.com", "oldPassword":"user12345"}
> It gave me 400 Bad Request with message "User doesn't have permission to perform this
operation"
> Expected: It should allow me to change/update my email address
> --- Case 2:
> In this case when I tried creating another new user with username `user3` without giving
emailId and saved it and followed the same steps. So again it  gave me 400 Bad Request with
message "User doesn't have permission to perform this operation". 
> Reason is in back-end it will automatically set some random number in my email id if
I don't provide. So While creating new user it doesn't matter whether I give email or not
it will either save user given email or it will save some random system generated number in
my emailId and hence emailId in database will never be empty and because of that I will never
be able to change/update my emailId using this API.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message