Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Admin user can not edit password #2103

Closed
florianpopp opened this issue Apr 18, 2016 · 1 comment
Closed

Admin user can not edit password #2103

florianpopp opened this issue Apr 18, 2016 · 1 comment
Assignees
Labels
bug
Milestone

Comments

@florianpopp
Copy link
Member

@florianpopp florianpopp commented Apr 18, 2016

Problem description

Admin user is not able to edit his password

bildschirmfoto 2016-04-18 um 17 44 27

This is what I have in the web console

FetchError() FetchProvider.js:54 json/this.request<() FetchProvider.js:122 tryCatcher() bluebird.js:4589 [23]</module.exports/Promise.prototype._settlePromiseFromHandler() bluebird.js:2695 [23]</module.exports/Promise.prototype._settlePromiseAt() bluebird.js:2769 [23]</module.exports/Promise.prototype._settlePromises() bluebird.js:2885 [2]</Async.prototype._drainQueue() bluebird.js:175 [2]</Async.prototype._drainQueues() bluebird.js:185 Async/this.drainQueues()

Steps to reproduce the problem

  1. Create new user with Admin role
  2. Login with that account
  3. Go to edit profile and change password
  4. You receive the error message above

Environment

  • Graylog Version: Graylog 2.0.0-beta.4-SNAPSHOT
  • Browser version: Happens in Firefox 45.0.2 and Chrome 49
@florianpopp florianpopp added the bug label Apr 18, 2016
@edmundoa edmundoa added this to the 2.0.0 milestone Apr 18, 2016
@edmundoa edmundoa self-assigned this Apr 18, 2016
@edmundoa
Copy link
Member

@edmundoa edmundoa commented Apr 18, 2016

I see two problems here:

  • We don't display an old password input in the form, that it is required by the server when updating the user's own password
  • The server returns a 403 if the old password is missing or invalid, which triggers a redirect in the front-end. This is really annoying from the user perspective, and it's not entirely following what the API endpoint documentation says
edmundoa added a commit that referenced this issue Apr 18, 2016
Fix condition to display this field. Fixes #2103
edmundoa added a commit that referenced this issue Apr 18, 2016
When users change their own password, return a 400 error if they did not
provide the current (old) password, or if it was incorrect.

Refs #2103
@bernd bernd closed this in #2105 Apr 19, 2016
bernd added a commit that referenced this issue Apr 19, 2016
* Show old password input when user edits their own account
* Fix condition to display this field.
* Change server response when old password is wrong
* When users change their own password, return a 400 error if they did not provide the current (old) password, or if it was incorrect.
* Improve displayed errors on user edit forms

Fixes #2103
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
2 participants