Thank you very much for the clarification Mike. It was convenient to ask before adding the support in our ansible module.
On Mon, Jun 8, 2020 at 9:53 PM Mike Jumper <[email protected]> wrote: > There is no endpoint specific to the guacadmin user. The guacadmin user is > not a special case and is handled like any other user (based purely on > granted permissions). > > The reason permission is denied in the case described is that the user > changing the password is the same as the whose password is being changed. > If a user is changing their own password, they must do so using the > endpoint which validates that they know their current password. The > endpoint for directly setting the password of a user (without knowledge of > their current password) can only be used for users that are not the current > user. > > - Mike > > > On Mon, Jun 8, 2020, 07:15 Pablo Escobar Lopez < > [email protected]> > wrote: > > > Hi, > > > > Some time ago I wrote an ansible module > > <https://galaxy.ansible.com/scicore/guacamole> to manage guacamole users > > and connections using the guacamole api. > > > > While developing it I realized that "guacamole webui >> settings >> users > > >> edit user" uses this api endpoint > > < > > > https://github.com/scicore-unibas-ch/ansible-modules-guacamole/blob/master/plugins/modules/guacamole_user.py#L183 > > > > > which > > allows me to modify any of these settings > > < > > > https://github.com/scicore-unibas-ch/ansible-modules-guacamole/blob/master/plugins/modules/guacamole_user.py#L215-L231 > > > > > for > > any guacamole user excepting for the default admin user "guacadmin". > When I > > try to edit the guacadmin user to update the password I get a 403 > > > > To update the password for guacadmin user I have to go to "webui >> > > settings >> preferences >> change password" which uses a different api > > endpoint > > > "{url}/api/session/data/postgresql/users/guacadmin/password?token={token}" > > which expects a json payload in > > format '{"oldPassword":"guacadmin","newPassword":"password"}' > > > > I am going to add support to my ansible module to be able to update the > > password for the guacadmin user using this specific api endpoint but > before > > doing it I thought that would ask here what's the motivation to have a > > different api endpoint to update the password for guacadmin user? is this > > always going to be like this or do you plan to update the api so it also > > allows to update the guacadmin user using the same api endpoint as for > any > > other user? > > > > thanks in advance for your advice. > > > > regards, > > Pablo. > > > > -- > > Pablo Escobar López > > Linux/HPC systems engineer > > sciCORE, University of Basel > > SIB Swiss Institute of Bioinformatics > > >
