ranger-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "rangerqa (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (RANGER-899) Problem Changing/Updating emailAddress of logged in user using API: "{userId}/emailchange" of class org.apache.ranger.rest.UserREST.java
Date Tue, 24 May 2016 15:01:13 GMT

    [ https://issues.apache.org/jira/browse/RANGER-899?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15298313#comment-15298313
] 

rangerqa commented on RANGER-899:
---------------------------------

{color:green}+1 overall{color}.  Here are the results of testing the latest attachment
  http://issues.apache.org/jira/secure/attachment/12805882/RANGER-899-1.patch
  against master revision be74659.

    {color:green}+1 @author{color}.  The patch does not contain any @author tags.

    {color:green}+1 tests included{color}.  The patch appears to include 5 new or modified
test files.

    {color:green}+1 javac{color}.  The applied patch does not increase the total number of
javac compiler warnings.

    {color:green}+1 javadoc{color}.  There were no new javadoc warning messages.

    +1 checkstyle.  The patch generated 0 code style errors.

    {color:green}+1 findbugs{color}.  The patch does not introduce any new Findbugs (version
2.0.3) warnings.

    {color:green}+1 release audit{color}.  The applied patch does not increase the total number
of release audit warnings.

    {color:green}+1 core tests{color}.  The patch passed unit tests in .

Test results: https://builds.apache.org/job/PreCommit-RANGER-Build/210//testReport/
Console output: https://builds.apache.org/job/PreCommit-RANGER-Build/210//console

This message is automatically generated.

> Problem Changing/Updating emailAddress of logged in user using API: "{userId}/emailchange"
of class org.apache.ranger.rest.UserREST.java
> ----------------------------------------------------------------------------------------------------------------------------------------
>
>                 Key: RANGER-899
>                 URL: https://issues.apache.org/jira/browse/RANGER-899
>             Project: Ranger
>          Issue Type: Bug
>          Components: Ranger
>    Affects Versions: 0.5.0, 0.6.0
>            Reporter: Tushar Dudhatra
>            Assignee: Pradeep Agrawal
>            Priority: Minor
>             Fix For: 0.6.0
>
>         Attachments: RANGER-899-1.patch
>
>
> While taking tour to the existing code I found something not good about this API. This
API is for changing/updating emailAddress of logged in user. Here is what I have done:
> --- Case 1:
>  
> 1) Created new user with Admin UI with this data: {"groupIdList":null,"status":1,"userRoleList":["ROLE_SYS_ADMIN"],"name":"user1","password":"user12345","firstName":"User1","lastName":"","emailAddress":"user1@tssbtd.com"}

> 2) After this I logged in with username `user1`.
> 3) Tried hitting this POST URL using RESTClient : {base url}/service/users/5/emailchange.
Data I posted: {"loginId":"user1", "emailAddress":"user1555@tssbtd.com", "oldPassword":"user12345"}
> It gave me 400 Bad Request with message "User doesn't have permission to perform this
operation"
> Expected: It should allow me to change/update my email address
> --- Case 2:
> In this case when I tried creating another new user with username `user3` without giving
emailId and saved it and followed the same steps. So again it  gave me 400 Bad Request with
message "User doesn't have permission to perform this operation". 
> Reason is in back-end it will automatically set some random number in my email id if
I don't provide. So While creating new user it doesn't matter whether I give email or not
it will either save user given email or it will save some random system generated number in
my emailId and hence emailId in database will never be empty and because of that I will never
be able to change/update my emailId using this API.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message