You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ranger.apache.org by Pradeep Agrawal <pr...@gmail.com> on 2022/09/28 14:24:41 UTC
Review Request 74146: RANGER-3825: Ranger admin user is unable to change another user email after the upgrade
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74146/
-----------------------------------------------------------
Review request for ranger, Abhay Kulkarni, Madhan Neethiraj, Nikhil P, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, Sailaja Polavarapu, and Velmurugan Periasamy.
Bugs: RANGER-3825
https://issues.apache.org/jira/browse/RANGER-3825
Repository: ranger
Description
-------
**Problem statement:** Ranger admin user is unable to change another user email after the upgrade. This could be due to that stored password can be in md5 format and the new code checks the sha256 algorithm only.
Request:
curl --insecure -X POST -H "Accept: application/json" -H "Content-Type: application/json" -d '{"status": 1, "oldPassword": "Password@123", "firstName": "first_name_test_user_ranger_up_03", "groupPermissions": [], "userSource": 0, "lastName": "last_name_test_userranger_up_03", "createDate": null, "publicScreenName": "first_name_test_user_ranger_up_03 last_name_test_userranger_up_03", "emailAddress": "test_user_foqvtub@abc.com", "updateDate": null, "userRoleList": ["ROLE_USER"], "userPermList": [], "id": 102, "loginId": "ranger_up_03"}' -u 'admin:admin123' http://localhost:6080/service/users/102/emailchange
Response:
Error message: {"statusCode":1,"msgDesc":"serverMsg.userMgrWrongPassword","messageList":[{"name":"OPER_NO_PERMISSION","rbKey":"xa.error.oper_no_permission","message":"User doesn't have permission to perform this operation"}]}
**Proposed statement:** the changeEmailAddress method can have additional check for md5 encrption if sha256 encryption check is failing.
Diffs
-----
security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java 086c6e5d7
Diff: https://reviews.apache.org/r/74146/diff/1/
Testing
-------
Tested the change with this patch and curl request to update email was successful. Ranger build with testcases passed.
Request:
curl --insecure -X POST -H "Accept: application/json" -H "Content-Type: application/json" -d '{"status": 1, "oldPassword": "Password@123", "firstName": "first_name_test_user_ranger_up_03", "groupPermissions": [], "userSource": 0, "lastName": "last_name_test_userranger_up_03", "createDate": null, "publicScreenName": "first_name_test_user_ranger_up_03 last_name_test_userranger_up_03", "emailAddress": "test_user_foqvtub@abc.com", "updateDate": null, "userRoleList": ["ROLE_USER"], "userPermList": [], "id": 102, "loginId": "ranger_up_03"}' -u 'admin:admin123' http://localhost:6080/service/users/102/emailchange
Response:
{"id":102,"createDate":null,"updateDate":null,"loginId":"ranger_up_03","status":1,"emailAddress":"test_user_foqvtub@abc.com","firstName":"first_name_test_user_ranger_up_03","lastName":"last_name_test_userranger_up_03","publicScreenName":"first_name_test_user_ranger_up_03 last_name_test_userranger_up_03","userSource":0,"userRoleList":["ROLE_USER"],"userPermList":[],"groupPermissions":[]}
Thanks,
Pradeep Agrawal