There is no endpoint specific to the guacadmin user. The guacadmin user is not a special case and is handled like any other user (based purely on granted permissions).
The reason permission is denied in the case described is that the user changing the password is the same as the whose password is being changed. If a user is changing their own password, they must do so using the endpoint which validates that they know their current password. The endpoint for directly setting the password of a user (without knowledge of their current password) can only be used for users that are not the current user. - Mike On Mon, Jun 8, 2020, 07:15 Pablo Escobar Lopez <[email protected]> wrote: > Hi, > > Some time ago I wrote an ansible module > <https://galaxy.ansible.com/scicore/guacamole> to manage guacamole users > and connections using the guacamole api. > > While developing it I realized that "guacamole webui >> settings >> users > >> edit user" uses this api endpoint > < > https://github.com/scicore-unibas-ch/ansible-modules-guacamole/blob/master/plugins/modules/guacamole_user.py#L183 > > > which > allows me to modify any of these settings > < > https://github.com/scicore-unibas-ch/ansible-modules-guacamole/blob/master/plugins/modules/guacamole_user.py#L215-L231 > > > for > any guacamole user excepting for the default admin user "guacadmin". When I > try to edit the guacadmin user to update the password I get a 403 > > To update the password for guacadmin user I have to go to "webui >> > settings >> preferences >> change password" which uses a different api > endpoint > "{url}/api/session/data/postgresql/users/guacadmin/password?token={token}" > which expects a json payload in > format '{"oldPassword":"guacadmin","newPassword":"password"}' > > I am going to add support to my ansible module to be able to update the > password for the guacadmin user using this specific api endpoint but before > doing it I thought that would ask here what's the motivation to have a > different api endpoint to update the password for guacadmin user? is this > always going to be like this or do you plan to update the api so it also > allows to update the guacadmin user using the same api endpoint as for any > other user? > > thanks in advance for your advice. > > regards, > Pablo. > > -- > Pablo Escobar López > Linux/HPC systems engineer > sciCORE, University of Basel > SIB Swiss Institute of Bioinformatics >
