You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
my password changed unexpected while i using this api and without param "password" : PUT /api/v1/security/users/{pk}
How to reproduce the bug
login to /swagger/v1
using API: PUT /api/v1/security/users/{pk}
my request body: {"roles": [1,3]}
but my password changed unexpected,and i cant login with my old password
before:pbkdf2:sha256:600000$dwUuXbhBFZl0RjM5$614e0b7d24cbadf0fe67885c7b0a4646391cb014b82f074914ed952dad12de27
after:pbkdf2:sha256:600000$ztVn83UZKx0VtPT5$823617b8adfb61732f4fac0c4480f93a6e5c54e828680a347d1929de72a8c2d0
Screenshots/recordings
No response
Superset version
3.1.1
Python version
3.10
Node version
16
Browser
Chrome
Additional context
No response
Checklist
I have searched Superset docs and Slack and didn't find a solution to my problem.
I have searched the GitHub issue tracker and didn't find a similar bug report.
I have checked Superset's logs for errors and if I found a relevant Python stacktrace, I included it here as text in the "additional context" section.
The text was updated successfully, but these errors were encountered:
Hey @q446570448! 👋 I'm here to assist you with any bugs, questions, or contributions while you wait for a human maintainer. I can help you solve issues, provide guidance, and more. Let me know how I can assist you!
The unexpected password change when using the PUT /api/v1/security/users/{pk} endpoint without including the password parameter could be due to how the Superset backend handles partial updates to user objects. Specifically, there might be default behaviors or configurations that affect the password field.
In Superset, when updating user information, the backend might reset or change the password if it is not explicitly included in the request body. This behavior ensures that the password is handled securely, but it can lead to unintended changes if not managed properly.
To avoid this issue, ensure that the password field is explicitly included in the request body when making updates to user information. This will prevent the backend from altering the password unexpectedly.
For further investigation, you might want to check the relevant logs or error messages in the Superset backend, as they could provide more context on why the password was changed unexpectedly [1][2].
Bug description
my password changed unexpected while i using this api and without param "password" : PUT /api/v1/security/users/{pk}
How to reproduce the bug
before:pbkdf2:sha256:600000$dwUuXbhBFZl0RjM5$614e0b7d24cbadf0fe67885c7b0a4646391cb014b82f074914ed952dad12de27
after:pbkdf2:sha256:600000$ztVn83UZKx0VtPT5$823617b8adfb61732f4fac0c4480f93a6e5c54e828680a347d1929de72a8c2d0
Screenshots/recordings
No response
Superset version
3.1.1
Python version
3.10
Node version
16
Browser
Chrome
Additional context
No response
Checklist
The text was updated successfully, but these errors were encountered: