-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74146/
-----------------------------------------------------------
Review request for ranger, Abhay Kulkarni, Madhan Neethiraj, Nikhil P, Pradeep
Agrawal, Ramesh Mani, Selvamohan Neethiraj, Sailaja Polavarapu, and Velmurugan
Periasamy.
Bugs: RANGER-3825
https://issues.apache.org/jira/browse/RANGER-3825
Repository: ranger
Description
-------
**Problem statement:** Ranger admin user is unable to change another user email
after the upgrade. This could be due to that stored password can be in md5
format and the new code checks the sha256 algorithm only.
Request:
curl --insecure -X POST -H "Accept: application/json" -H "Content-Type:
application/json" -d '{"status": 1, "oldPassword": "Password@123", "firstName":
"first_name_test_user_ranger_up_03", "groupPermissions": [], "userSource": 0,
"lastName": "last_name_test_userranger_up_03", "createDate": null,
"publicScreenName": "first_name_test_user_ranger_up_03
last_name_test_userranger_up_03", "emailAddress": "[email protected]",
"updateDate": null, "userRoleList": ["ROLE_USER"], "userPermList": [], "id":
102, "loginId": "ranger_up_03"}' -u 'admin:admin123'
http://localhost:6080/service/users/102/emailchange
Response:
Error message:
{"statusCode":1,"msgDesc":"serverMsg.userMgrWrongPassword","messageList":[{"name":"OPER_NO_PERMISSION","rbKey":"xa.error.oper_no_permission","message":"User
doesn't have permission to perform this operation"}]}
**Proposed statement:** the changeEmailAddress method can have additional check
for md5 encrption if sha256 encryption check is failing.
Diffs
-----
security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java 086c6e5d7
Diff: https://reviews.apache.org/r/74146/diff/1/
Testing
-------
Tested the change with this patch and curl request to update email was
successful. Ranger build with testcases passed.
Request:
curl --insecure -X POST -H "Accept: application/json" -H "Content-Type:
application/json" -d '{"status": 1, "oldPassword": "Password@123", "firstName":
"first_name_test_user_ranger_up_03", "groupPermissions": [], "userSource": 0,
"lastName": "last_name_test_userranger_up_03", "createDate": null,
"publicScreenName": "first_name_test_user_ranger_up_03
last_name_test_userranger_up_03", "emailAddress": "[email protected]",
"updateDate": null, "userRoleList": ["ROLE_USER"], "userPermList": [], "id":
102, "loginId": "ranger_up_03"}' -u 'admin:admin123'
http://localhost:6080/service/users/102/emailchange
Response:
{"id":102,"createDate":null,"updateDate":null,"loginId":"ranger_up_03","status":1,"emailAddress":"[email protected]","firstName":"first_name_test_user_ranger_up_03","lastName":"last_name_test_userranger_up_03","publicScreenName":"first_name_test_user_ranger_up_03
last_name_test_userranger_up_03","userSource":0,"userRoleList":["ROLE_USER"],"userPermList":[],"groupPermissions":[]}
Thanks,
Pradeep Agrawal
