[go: nahoru, domu]
Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

password changed unexpected while using api PUT /api/v1/security/users/{pk} #29339

Open
1 of 3 tasks
q446570448 opened this issue Jun 24, 2024 · 2 comments
Open
1 of 3 tasks

password changed unexpected while using api PUT /api/v1/security/users/{pk} #29339

q446570448 opened this issue Jun 24, 2024 · 2 comments
Assignees
@dpgaspar
Labels
api Related to the REST API authentication Related to authentication

Comments

@q446570448
Copy link
q446570448 commented Jun 24, 2024
edited
Loading

Bug description

my password changed unexpected while i using this api and without param "password" : PUT /api/v1/security/users/{pk}

How to reproduce the bug

  1. login to /swagger/v1
  2. using API: PUT /api/v1/security/users/{pk}
  3. my request body: {"roles": [1,3]}

image

  1. but my password changed unexpected,and i cant login with my old password
    before:pbkdf2:sha256:600000$dwUuXbhBFZl0RjM5$614e0b7d24cbadf0fe67885c7b0a4646391cb014b82f074914ed952dad12de27
    after:pbkdf2:sha256:600000$ztVn83UZKx0VtPT5$823617b8adfb61732f4fac0c4480f93a6e5c54e828680a347d1929de72a8c2d0

Screenshots/recordings

No response

Superset version

3.1.1

Python version

3.10

Node version

16

Browser

Chrome

Additional context

No response

Checklist

  • I have searched Superset docs and Slack and didn't find a solution to my problem.
  • I have searched the GitHub issue tracker and didn't find a similar bug report.
  • I have checked Superset's logs for errors and if I found a relevant Python stacktrace, I included it here as text in the "additional context" section.
@dosubot dosubot bot added api Related to the REST API authentication Related to authentication labels Jun 24, 2024
@dosubot DosuBot
Copy link
dosubot bot commented Jun 24, 2024

Hey @q446570448! 👋 I'm here to assist you with any bugs, questions, or contributions while you wait for a human maintainer. I can help you solve issues, provide guidance, and more. Let me know how I can assist you!

The unexpected password change when using the PUT /api/v1/security/users/{pk} endpoint without including the password parameter could be due to how the Superset backend handles partial updates to user objects. Specifically, there might be default behaviors or configurations that affect the password field.

In Superset, when updating user information, the backend might reset or change the password if it is not explicitly included in the request body. This behavior ensures that the password is handled securely, but it can lead to unintended changes if not managed properly.

To avoid this issue, ensure that the password field is explicitly included in the request body when making updates to user information. This will prevent the backend from altering the password unexpectedly.

For further investigation, you might want to check the relevant logs or error messages in the Superset backend, as they could provide more context on why the password was changed unexpectedly [1][2].

To continue talking to Dosu, mention @dosu.

@Frankliu2Dream
Copy link

@dpgaspar Hi there, could you help take a look? Many thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@dpgaspar dpgaspar

Labels
api Related to the REST API authentication Related to authentication
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@dpgaspar @Frankliu2Dream @q446570448