/graylog2-server

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Admin user can not edit password #2103

Closed
florianvolle opened this Issue Apr 18, 2016 · 1 comment

Comments

Assignees

@edmundoa edmundoa

Labels
bug
Projects
None yet
Milestone
  2.0.0
2 participants
@florianvolle @edmundoa
@florianvolle
Member

florianvolle commented Apr 18, 2016

Problem description

Admin user is not able to edit his password

bildschirmfoto 2016-04-18 um 17 44 27

This is what I have in the web console

FetchError() FetchProvider.js:54 json/this.request<() FetchProvider.js:122 tryCatcher() bluebird.js:4589 [23]</module.exports/Promise.prototype._settlePromiseFromHandler() bluebird.js:2695 [23]</module.exports/Promise.prototype._settlePromiseAt() bluebird.js:2769 [23]</module.exports/Promise.prototype._settlePromises() bluebird.js:2885 [2]</Async.prototype._drainQueue() bluebird.js:175 [2]</Async.prototype._drainQueues() bluebird.js:185 Async/this.drainQueues()

Steps to reproduce the problem

  1. Create new user with Admin role
  2. Login with that account
  3. Go to edit profile and change password
  4. You receive the error message above

Environment

  • Graylog Version: Graylog 2.0.0-beta.4-SNAPSHOT
  • Browser version: Happens in Firefox 45.0.2 and Chrome 49

@florianvolle florianvolle added the bug label Apr 18, 2016

@edmundoa edmundoa added this to the 2.0.0 milestone Apr 18, 2016

@edmundoa edmundoa self-assigned this Apr 18, 2016

@edmundoa

This comment has been minimized.

Sign in to view
Member

edmundoa commented Apr 18, 2016

I see two problems here:

  • We don't display an old password input in the form, that it is required by the server when updating the user's own password
  • The server returns a 403 if the old password is missing or invalid, which triggers a redirect in the front-end. This is really annoying from the user perspective, and it's not entirely following what the API endpoint documentation says

edmundoa added a commit that referenced this issue Apr 18, 2016

@edmundoa
Show old password input when user edits their own account 
Fix condition to display this field. Fixes #2103
9c4df8f

edmundoa added a commit that referenced this issue Apr 18, 2016

@edmundoa
Change server response when old password is wrong 
When users change their own password, return a 400 error if they did not
provide the current (old) password, or if it was incorrect.

Refs #2103
6b09e50

@edmundoa edmundoa referenced this issue Apr 18, 2016

Merged

Fix change password form #2105

@bernd bernd closed this in #2105 Apr 19, 2016

bernd added a commit that referenced this issue Apr 19, 2016

@edmundoa @bernd
Fix change password form (#2105) 
* Show old password input when user edits their own account
* Fix condition to display this field.
* Change server response when old password is wrong
* When users change their own password, return a 400 error if they did not provide the current (old) password, or if it was incorrect.
* Improve displayed errors on user edit forms

Fixes #2103
Loading status checks…
de0de72
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment