You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@ranger.apache.org by "Pradeep Agrawal (JIRA)" <ji...@apache.org> on 2016/05/19 09:13:13 UTC

[jira] [Assigned] (RANGER-899) Problem Changing/Updating emailAddress of logged in user using API: "{userId}/emailchange" of class org.apache.ranger.rest.UserREST.java

     [ https://issues.apache.org/jira/browse/RANGER-899?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Pradeep Agrawal reassigned RANGER-899:
--------------------------------------

    Assignee: Pradeep Agrawal  (was: Bryan Bende)

> Problem Changing/Updating emailAddress of logged in user using API: "{userId}/emailchange" of class org.apache.ranger.rest.UserREST.java
> ----------------------------------------------------------------------------------------------------------------------------------------
>
>                 Key: RANGER-899
>                 URL: https://issues.apache.org/jira/browse/RANGER-899
>             Project: Ranger
>          Issue Type: Bug
>          Components: Ranger
>            Reporter: Tushar Dudhatra
>            Assignee: Pradeep Agrawal
>            Priority: Minor
>
> While taking tour to the existing code I found something not good about this API. This API is for changing/updating emailAddress of logged in user. Here is what I have done:
> --- Case 1:
>  
> 1) Created new user with Admin UI with this data: {"groupIdList":null,"status":1,"userRoleList":["ROLE_SYS_ADMIN"],"name":"user1","password":"user12345","firstName":"User1","lastName":"","emailAddress":"user1@tssbtd.com"} 
> 2) After this I logged in with username `user1`.
> 3) Tried hitting this POST URL using RESTClient : {base url}/service/users/5/emailchange. Data I posted: {"loginId":"user1", "emailAddress":"user1555@tssbtd.com", "oldPassword":"user12345"}
> It gave me 400 Bad Request with message "User doesn't have permission to perform this operation"
> Expected: It should allow me to change/update my email address
> --- Case 2:
> In this case when I tried creating another new user with username `user3` without giving emailId and saved it and followed the same steps. So again it  gave me 400 Bad Request with message "User doesn't have permission to perform this operation". 
> Reason is in back-end it will automatically set some random number in my email id if I don't provide. So While creating new user it doesn't matter whether I give email or not it will either save user given email or it will save some random system generated number in my emailId and hence emailId in database will never be empty and because of that I will never be able to change/update my emailId using this API.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)