ranger-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Pradeep Agrawal (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (RANGER-899) Problem Changing/Updating emailAddress of logged in user using API: "{userId}/emailchange" of class org.apache.ranger.rest.UserREST.java
Date Tue, 24 May 2016 14:13:13 GMT

     [ https://issues.apache.org/jira/browse/RANGER-899?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Pradeep Agrawal updated RANGER-899:
-----------------------------------
    Affects Version/s: 0.6.0
                       0.5.0

> Problem Changing/Updating emailAddress of logged in user using API: "{userId}/emailchange"
of class org.apache.ranger.rest.UserREST.java
> ----------------------------------------------------------------------------------------------------------------------------------------
>
>                 Key: RANGER-899
>                 URL: https://issues.apache.org/jira/browse/RANGER-899
>             Project: Ranger
>          Issue Type: Bug
>          Components: Ranger
>    Affects Versions: 0.5.0, 0.6.0
>            Reporter: Tushar Dudhatra
>            Assignee: Pradeep Agrawal
>            Priority: Minor
>             Fix For: 0.6.0
>
>         Attachments: RANGER-899-1.patch
>
>
> While taking tour to the existing code I found something not good about this API. This
API is for changing/updating emailAddress of logged in user. Here is what I have done:
> --- Case 1:
>  
> 1) Created new user with Admin UI with this data: {"groupIdList":null,"status":1,"userRoleList":["ROLE_SYS_ADMIN"],"name":"user1","password":"user12345","firstName":"User1","lastName":"","emailAddress":"user1@tssbtd.com"}

> 2) After this I logged in with username `user1`.
> 3) Tried hitting this POST URL using RESTClient : {base url}/service/users/5/emailchange.
Data I posted: {"loginId":"user1", "emailAddress":"user1555@tssbtd.com", "oldPassword":"user12345"}
> It gave me 400 Bad Request with message "User doesn't have permission to perform this
operation"
> Expected: It should allow me to change/update my email address
> --- Case 2:
> In this case when I tried creating another new user with username `user3` without giving
emailId and saved it and followed the same steps. So again it  gave me 400 Bad Request with
message "User doesn't have permission to perform this operation". 
> Reason is in back-end it will automatically set some random number in my email id if
I don't provide. So While creating new user it doesn't matter whether I give email or not
it will either save user given email or it will save some random system generated number in
my emailId and hence emailId in database will never be empty and because of that I will never
be able to change/update my emailId using this API.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message