View User: Update password
Closed this issue · 2 comments
with the latest fix deployed, the password moved from 'immutable' to 'adminRequired' and can be changed by a admin role user via
PUT|PATCH /rest/users/{id} {data: {displayName : "DisplayName", password : "secr3t", email : "nobody@localhost", curatoryGroupIds: [cg.id], enabled : true, accountExpired : false, accountLocked : false, passwordExpired : false, defaultPageSize : 15, roleIds : [2, 3, 4, 6, 7] } }
Updating the password using the endpoint
PATCH /rest/profile {data: {... password : "oldPassword", new_password: "newPassword" } }
for the user to change the password himself, using the fields password
& new_password
is available still.
Yes it is better now. The service /rest/users throws no error and the password can be changed by an administrator, but when I login in with this user here test and same password, it gets an 403 requesting the profile. Another user test1 gets an 200, but is not allowed to change his own profile.
PATCH profile with wrong parameters gives 500 instead of a valid error and also with valid parameters.