Task #7327 (closed)
BUG: Forgotten password error message
Reported by: | atarkowska | Owned by: | jamoore |
---|---|---|---|
Priority: | critical | Milestone: | OMERO-4.4 |
Component: | Services | Version: | n.a. |
Keywords: | n.a. | Cc: | |
Resources: | n.a. | Referenced By: | n.a. |
References: | n.a. | Remaining Time: | 0.0d |
Sprint: | 2011-11-29 (3) |
Description (last modified by atarkowska)
reportForgottenPassword through SecurityViolation? exception. Email with newly generated password is sent but password hasn't been changed.
Traceback (most recent call last): File "/Users/ola/Dev/omero/dist/lib/python/omero/gateway/__init__.py", line 2956, in __call__ return self.f(*args, **kwargs) File "/Users/ola/Dev/omero/dist/lib/python/omero_api_IAdmin_ice.py", line 381, in reportForgottenPassword return _M_omero.api.IAdmin._op_reportForgottenPassword.invoke(self, ((name, email), _ctx)) SecurityViolation: exception ::omero::SecurityViolation { serverStackTrace = ome.conditions.SecurityViolation: Current user is neither admin nor group-leader for the given user(s)/group(s) at ome.logic.AdminImpl.throwNonAdminOrPi(AdminImpl.java:1444) at ome.logic.AdminImpl.adminOrPiOfUser(AdminImpl.java:1449) at ome.logic.AdminImpl.changeUserPassword(AdminImpl.java:1175) at ome.logic.AdminImpl$12.runAsAdmin(AdminImpl.java:1106) at ome.security.basic.BasicSecuritySystem$1.doInHibernate(BasicSecuritySystem.java:592) at org.springframework.orm.hibernate3.HibernateTemplate.doExecute(HibernateTemplate.java:406) at org.springframework.orm.hibernate3.HibernateTemplate.execute(HibernateTemplate.java:339) at ome.logic.QueryImpl.execute(QueryImpl.java:133) at ome.security.basic.BasicSecuritySystem.runAsAdmin(BasicSecuritySystem.java:581) at ome.logic.AdminImpl.reportForgottenPassword(AdminImpl.java:1088) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:307) at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:183) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:150) at ome.security.basic.EventHandler.invoke(EventHandler.java:150) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172) at org.springframework.orm.hibernate3.HibernateInterceptor.invoke(HibernateInterceptor.java:111) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172) at org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:108) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172) at ome.tools.hibernate.ProxyCleanupFilter$Interceptor.invoke(ProxyCleanupFilter.java:231) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172) at ome.services.util.ServiceHandler.invoke(ServiceHandler.java:116) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172) at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:202) at $Proxy75.reportForgottenPassword(Unknown Source) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:307) at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:183) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:150) at ome.security.basic.BasicSecurityWiring.invoke(BasicSecurityWiring.java:83) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172) at ome.services.blitz.fire.AopContextInitializer.invoke(AopContextInitializer.java:43) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172) at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:202) at $Proxy75.reportForgottenPassword(Unknown Source) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at ome.services.blitz.util.IceMethodInvoker.invoke(IceMethodInvoker.java:179) at ome.services.throttling.Callback.run(Callback.java:56) at ome.services.throttling.InThreadThrottlingStrategy.callInvokerOnRawArgs(InThreadThrottlingStrategy.java:56) at ome.services.blitz.impl.AbstractAmdServant.callInvokerOnRawArgs(AbstractAmdServant.java:136) at ome.services.blitz.impl.AdminI.reportForgottenPassword_async(AdminI.java:301) at omero.api._IAdminTie.reportForgottenPassword_async(_IAdminTie.java:316) at omero.api._IAdminDisp.___reportForgottenPassword(_IAdminDisp.java:1365) at omero.api._IAdminDisp.__dispatch(_IAdminDisp.java:1635) at IceInternal.Incoming.invoke(Incoming.java:159) at Ice.ConnectionI.invokeAll(ConnectionI.java:2037) at Ice.ConnectionI.message(ConnectionI.java:972) at IceInternal.ThreadPool.run(ThreadPool.java:577) at IceInternal.ThreadPool.access$100(ThreadPool.java:12) at IceInternal.ThreadPool$EventHandlerThread.run(ThreadPool.java:971) serverExceptionClass = ome.conditions.SecurityViolation message = Current user is neither admin nor group-leader for the given user(s)/group(s) }
Change History (4)
comment:1 Changed 12 years ago by atarkowska
- Component changed from General to Services
- Description modified (diff)
- Priority changed from minor to critical
comment:2 Changed 12 years ago by jmoore
- Remaining Time set to 0.25
- Status changed from new to accepted
comment:3 Changed 12 years ago by jmoore
- Remaining Time changed from 0.25 to 0
- Resolution set to fixed
- Status changed from accepted to closed
comment:4 Changed 12 years ago by jmoore <josh@…>
(In [8153cfc5a81ace8b9cca1538771c9099411a15d9/ome.git]) Fix resetForgottenPassword for non-admins & non-PIs (Fix #7327)
A change (b22a91e8171709b61d0f6) during the move to group permissions
made reportForgottenPassword too strict.
Bug fixed on my sprint4-bugs branch (to be pushed)