View Issue Details

IDProjectCategoryView StatusLast Update
0026885mantisbtapi restpublic2020-05-03 04:34
Reporterdregad Assigned Todregad  
PrioritynormalSeverityminorReproducibilityalways
Status closedResolutionfixed 
Product Version2.24.0 
Target Version2.24.1Fixed in Version2.24.1 
Summary0026885: Resetting password for protected user via REST API should fail
Description

Issue 0026632 introduced a new REST API endpoint to reset a user's password.

Attempting to reset a protected user's password results in an HTTP 204 No Content, but in fact the operation failed (password was not reset).

The API should inform caller of the failure, e.g. by returning a 4xx status.

Steps To Reproduce
  1. Create a protected user
  2. Login as that user
  3. Reset the protected user's password with REST API
    $ curl --location --header 'Authorization: API_TOKEN_FOR_ADMIN_USER' -w "%{http_code}\n" --request PUT 'http://example.com/mantis/api/rest/users/PROTECTED_USER_ID/reset'
    204
  4. Login as the user again -> the password is still the same
TagsNo tags attached.

Relationships

related to 0026632 closedcommunity Support user password reset via REST API 

Activities

Related Changesets

MantisBT: master-2.24 6210c647

2020-04-15 20:13:20

dregad

Details Diff
REST API password reset for protected user now fails

The endpoint now returns a 403 status code if the user is protected.

Fixes 0026885
Affected Issues
0026885
mod - api/rest/restcore/users_rest.php Diff File

MantisBT: master-2.24 0d5a7397

2020-05-02 11:48:14

dregad

Details Diff
UserResetPassword Command fixes

Merge PR https://github.com/mantisbt/mantisbt/pull/1655

Fixes 0026880, 0026885
See issue 0026632
Affected Issues
0026632, 0026880, 0026885
mod - api/rest/restcore/users_rest.php Diff File
mod - core/commands/UserResetPasswordCommand.php Diff File
mod - core/user_api.php Diff File
mod - manage_user_reset.php Diff File

Issue History

Date Modified Username Field Change
2020-04-15 20:10 dregad New Issue
2020-04-15 20:10 dregad Issue generated from: 0026632
2020-04-15 20:10 dregad Relationship added related to 0026632
2020-04-15 20:11 dregad Description Updated View Revisions
2020-04-18 07:05 dregad Assigned To => dregad
2020-04-18 07:05 dregad Status new => assigned
2020-04-18 07:09 dregad Note Added: 0063848
2020-05-02 11:51 dregad Changeset attached => MantisBT master-2.24 6210c647
2020-05-02 11:51 dregad Changeset attached => MantisBT master-2.24 0d5a7397
2020-05-02 11:51 dregad Status assigned => resolved
2020-05-02 11:51 dregad Resolution open => fixed
2020-05-02 11:51 dregad Fixed in Version => 2.24.1
2020-05-03 04:34 vboctor Status resolved => closed