Uploaded image for project: 'Dev - Nexus Repo'
  1. Dev - Nexus Repo
  2. NEXUS-469

A user without reset priv can reset it's own password

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 1.0-beta
    • Fix Version/s: 1.0
    • Component/s: None
    • Labels:
      None

      Description

      <velo> if I login as test-user and try to reset test-user password I got this exception
      <velo> in the and a 200
      <cstamas> Kristine: you have some broken security.xml.... anon cannot log in and you just did it
      <velo> when I login as test-user and reset admin's password the access is denied, got my required 401
      <Kristine> cstamas, forget what I said abotu NEXUS-468 - I am getting ready to update it... it is a blocker
      <max> velo: does your test-user have the reset password privilege?
      <velo> no, that is the test
      <max> oh ok
      <velo> when test-user has priv, I can reset without any problem
      <velo> but, when test-user doesn't have priv, I can't reset test-user password. But I can reset someone else.

      Can be checked on Nexus393ResetPasswordPermissionTest

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              koconnor Kristine O'Connor
              Reporter:
              velo Marvin Herman Froeder
              Last Updated By:
              Peter Lynch Peter Lynch
              Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:
                Date of First Response:

                  Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0h
                  0h
                  Logged:
                  Time Spent - 0.5h
                  0.5h

                    tigCommentSecurity.panel-title