Uploaded image for project: 'Webservices REST Module'
  1. Webservices REST Module
  2. RESTWS-528

Unable to update user password via rest

    XMLWordPrintable

    Details

    • Complexity:
      Low
    • Sprint:
      Sprint 2, Platform 2.0 Beta - RESTWS 1

      Description

      When a user is updated via REST, the user resource only saves the user account but doesn't actually update their password when specified.
      The quick fix would be to validate the password using OpenmrsUtil.validatePassword and then call UserService.changePassword after saving the user if the password not blank. This should only be allowed if the authenticated user is the same user whose password is being changed.

      Preferably the validation logic should be added to wherever the rest module does its validation so that the errors get send back in the response i.e check the resource to be of type UserAndPassword and then validate the password

      Dev Notes

      When a new user is getting created, we need to call saveUser(User, password) which was changed to saveUser(User) in 2.0 and you need add oldPassword and secretAnswer fields to the UserAndPassword class.
      When updating the user password, the user needs to provide their oldPassword or secretAnswer, override update method in UserResource1_8 and check if the password field is present, if it is then you need to change the user's password, you might need to include some restrictions to avoid brute force attacks. You might need a new one for 2.0 sub project since the changePassword methods might vary.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              wyclif Wyclif Luyima
              Reporter:
              wyclif Wyclif Luyima
              Votes:
              1 Vote for this issue
              Watchers:
              7 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:

                  Time Tracking

                  Estimated:
                  Original Estimate - 2 hours
                  2h
                  Remaining:
                  Remaining Estimate - 2 hours
                  2h
                  Logged:
                  Time Spent - Not Specified
                  Not Specified