Notice: In order to edit this ticket you need to be either: a Product Owner, The owner or the reporter of the ticket, or, in case of a Task not yet assigned, a team_member"

Task #7327 (closed)

Opened 9 years ago

Closed 9 years ago

Last modified 9 years ago

BUG: Forgotten password error message

Reported by: atarkowska Owned by: jamoore
Priority: critical Milestone: OMERO-4.4
Component: Services Version: n.a.
Keywords: n.a. Cc:
Resources: n.a. Referenced By: n.a.
References: n.a. Remaining Time: 0.0d
Sprint: 2011-11-29 (3)

Description (last modified by atarkowska)

reportForgottenPassword through SecurityViolation? exception. Email with newly generated password is sent but password hasn't been changed.

Traceback (most recent call last):
  File "/Users/ola/Dev/omero/dist/lib/python/omero/gateway/__init__.py", line 2956, in __call__
    return self.f(*args, **kwargs)
  File "/Users/ola/Dev/omero/dist/lib/python/omero_api_IAdmin_ice.py", line 381, in reportForgottenPassword
    return _M_omero.api.IAdmin._op_reportForgottenPassword.invoke(self, ((name, email), _ctx))
SecurityViolation: exception ::omero::SecurityViolation
{
    serverStackTrace = ome.conditions.SecurityViolation: Current user is neither admin nor group-leader for the given user(s)/group(s)
	at ome.logic.AdminImpl.throwNonAdminOrPi(AdminImpl.java:1444)
	at ome.logic.AdminImpl.adminOrPiOfUser(AdminImpl.java:1449)
	at ome.logic.AdminImpl.changeUserPassword(AdminImpl.java:1175)
	at ome.logic.AdminImpl$12.runAsAdmin(AdminImpl.java:1106)
	at ome.security.basic.BasicSecuritySystem$1.doInHibernate(BasicSecuritySystem.java:592)
	at org.springframework.orm.hibernate3.HibernateTemplate.doExecute(HibernateTemplate.java:406)
	at org.springframework.orm.hibernate3.HibernateTemplate.execute(HibernateTemplate.java:339)
	at ome.logic.QueryImpl.execute(QueryImpl.java:133)
	at ome.security.basic.BasicSecuritySystem.runAsAdmin(BasicSecuritySystem.java:581)
	at ome.logic.AdminImpl.reportForgottenPassword(AdminImpl.java:1088)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
	at java.lang.reflect.Method.invoke(Method.java:597)
	at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:307)
	at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:183)
	at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:150)
	at ome.security.basic.EventHandler.invoke(EventHandler.java:150)
	at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
	at org.springframework.orm.hibernate3.HibernateInterceptor.invoke(HibernateInterceptor.java:111)
	at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
	at org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:108)
	at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
	at ome.tools.hibernate.ProxyCleanupFilter$Interceptor.invoke(ProxyCleanupFilter.java:231)
	at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
	at ome.services.util.ServiceHandler.invoke(ServiceHandler.java:116)
	at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
	at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:202)
	at $Proxy75.reportForgottenPassword(Unknown Source)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
	at java.lang.reflect.Method.invoke(Method.java:597)
	at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:307)
	at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:183)
	at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:150)
	at ome.security.basic.BasicSecurityWiring.invoke(BasicSecurityWiring.java:83)
	at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
	at ome.services.blitz.fire.AopContextInitializer.invoke(AopContextInitializer.java:43)
	at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
	at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:202)
	at $Proxy75.reportForgottenPassword(Unknown Source)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
	at java.lang.reflect.Method.invoke(Method.java:597)
	at ome.services.blitz.util.IceMethodInvoker.invoke(IceMethodInvoker.java:179)
	at ome.services.throttling.Callback.run(Callback.java:56)
	at ome.services.throttling.InThreadThrottlingStrategy.callInvokerOnRawArgs(InThreadThrottlingStrategy.java:56)
	at ome.services.blitz.impl.AbstractAmdServant.callInvokerOnRawArgs(AbstractAmdServant.java:136)
	at ome.services.blitz.impl.AdminI.reportForgottenPassword_async(AdminI.java:301)
	at omero.api._IAdminTie.reportForgottenPassword_async(_IAdminTie.java:316)
	at omero.api._IAdminDisp.___reportForgottenPassword(_IAdminDisp.java:1365)
	at omero.api._IAdminDisp.__dispatch(_IAdminDisp.java:1635)
	at IceInternal.Incoming.invoke(Incoming.java:159)
	at Ice.ConnectionI.invokeAll(ConnectionI.java:2037)
	at Ice.ConnectionI.message(ConnectionI.java:972)
	at IceInternal.ThreadPool.run(ThreadPool.java:577)
	at IceInternal.ThreadPool.access$100(ThreadPool.java:12)
	at IceInternal.ThreadPool$EventHandlerThread.run(ThreadPool.java:971)

    serverExceptionClass = ome.conditions.SecurityViolation
    message = Current user is neither admin nor group-leader for the given user(s)/group(s)
}

Change History (4)

comment:1 Changed 9 years ago by atarkowska

  • Component changed from General to Services
  • Description modified (diff)
  • Priority changed from minor to critical

comment:2 Changed 9 years ago by jmoore

  • Remaining Time set to 0.25
  • Status changed from new to accepted

comment:3 Changed 9 years ago by jmoore

  • Remaining Time changed from 0.25 to 0
  • Resolution set to fixed
  • Status changed from accepted to closed

Bug fixed on my sprint4-bugs branch (to be pushed)

comment:4 Changed 9 years ago by jmoore <josh@…>

(In [8153cfc5a81ace8b9cca1538771c9099411a15d9/ome.git]) Fix resetForgottenPassword for non-admins & non-PIs (Fix #7327)

A change (b22a91e8171709b61d0f6) during the move to group permissions
made reportForgottenPassword too strict.

Note: See TracTickets for help on using tickets. You may also have a look at Agilo extensions to the ticket.

1.3.13-PRO © 2008-2011 Agilo Software all rights reserved (this page was served in: 0.114107 sec.)

We're Hiring!