View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0026885 | mantisbt | api rest | public | 2020-04-15 20:10 | 2020-05-03 04:34 |
Reporter | dregad | Assigned To | dregad | ||
Priority | normal | Severity | minor | Reproducibility | always |
Status | closed | Resolution | fixed | ||
Product Version | 2.24.0 | ||||
Target Version | 2.24.1 | Fixed in Version | 2.24.1 | ||
Summary | 0026885: Resetting password for protected user via REST API should fail | ||||
Description | Issue 0026632 introduced a new REST API endpoint to reset a user's password. Attempting to reset a protected user's password results in an HTTP 204 No Content, but in fact the operation failed (password was not reset). The API should inform caller of the failure, e.g. by returning a 4xx status. | ||||
Steps To Reproduce |
| ||||
Tags | No tags attached. | ||||
MantisBT: master-2.24 6210c647 2020-04-15 16:13 Details Diff |
REST API password reset for protected user now fails The endpoint now returns a 403 status code if the user is protected. Fixes 0026885 |
Affected Issues 0026885 |
|
mod - api/rest/restcore/users_rest.php | Diff File | ||
MantisBT: master-2.24 0d5a7397 2020-05-02 07:48 Details Diff |
UserResetPassword Command fixes Merge PR https://github.com/mantisbt/mantisbt/pull/1655 Fixes 0026880, 0026885 See issue 0026632 |
Affected Issues 0026632, 0026880, 0026885 |
|
mod - api/rest/restcore/users_rest.php | Diff File | ||
mod - core/commands/UserResetPasswordCommand.php | Diff File | ||
mod - core/user_api.php | Diff File | ||
mod - manage_user_reset.php | Diff File |