The Grid Administrator User can post new password without inputting currentPassword. Is it expected behavior?

Last updated
Save as PDF
Share
1. Share
2. Tweet
3. Share

Views:: 214

Visibility:: Public

Votes:: 0

Category:: storagegrid-webscale

Specialty:: sgrid

Last Updated:

Applies to

StorageGRID

Answer

Yes. It is a correct behavior by design.
- The Grid Administrator User has root permission as a superuser.
- To reset someone's password, it is not necessary to know the current password for that person.

Note: The permission requirements are different for current-user and other-user endpoints.

Additional Information

Update a local Grid Administrator User password by unique name using the following command.

POST /grid/users/user/{shortName}/change-password

Example:

Curl curl -X POST "https://10.64.24.95/api/v3/grid/users/user/api_test/change-password" -H "accept: application/json" -H "Authorization: Bearer 224a741d-47b3-4e50-a3a0-7dc9f4070e71" -H "Content-Type: application/json" -H "X-Csrf-Token: c0c1ab7d204fc8bcbfe68c2e02589e94" -d "{ \"password\": \"87654321\", \"currentPassword\": \"\"}" Server response Code Description 204 successfully updated

Update the current Grid Administrator User's password using the following command.

POST /grid/users/current-user/change-password

Example:

Curl curl -X POST "https://10.64.24.95/api/v3/grid/users/current-user/change-password" -H "accept: application/json" -H "Content-Type: application/json" -H "X-Csrf-Token: fa434a2773c84f3688a951fb718290df" -d "{ \"password\": \"12345678\", \"currentPassword\": \"\"}" Server response 422 Error: Unprocessable Entity Response body { "errors": [ { "text": "Currentpassword can't be blank.", "key": "error.i18n.validation", "context": "currentPassword" } ],