View Issue Details

IDProjectCategoryView StatusLast Update
0026885mantisbtapi restpublic2020-05-03 04:34
Reporterdregad Assigned Todregad  
Status closedResolutionfixed 
Product Version2.24.0 
Target Version2.24.1Fixed in Version2.24.1 
Summary0026885: Resetting password for protected user via REST API should fail

Issue 0026632 introduced a new REST API endpoint to reset a user's password.

Attempting to reset a protected user's password results in an HTTP 204 No Content, but in fact the operation failed (password was not reset).

The API should inform caller of the failure, e.g. by returning a 4xx status.

Steps To Reproduce
  1. Create a protected user
  2. Login as that user
  3. Reset the protected user's password with REST API
    $ curl --location --header 'Authorization: API_TOKEN_FOR_ADMIN_USER' -w "%{http_code}\n" --request PUT ''
  4. Login as the user again -> the password is still the same
TagsNo tags attached.


related to 0026632 closedcommunity Support user password reset via REST API 


Related Changesets

MantisBT: master-2.24 6210c647

2020-04-15 16:13


Details Diff
REST API password reset for protected user now fails

The endpoint now returns a 403 status code if the user is protected.

Fixes 0026885
Affected Issues
mod - api/rest/restcore/users_rest.php Diff File

MantisBT: master-2.24 0d5a7397

2020-05-02 07:48


Details Diff
UserResetPassword Command fixes

Merge PR

Fixes 0026880, 0026885
See issue 0026632
Affected Issues
0026632, 0026880, 0026885
mod - api/rest/restcore/users_rest.php Diff File
mod - core/commands/UserResetPasswordCommand.php Diff File
mod - core/user_api.php Diff File
mod - manage_user_reset.php Diff File