Password reset does not work, "anonymous" missing WRITE permission
When a user has received has password-reset token (e.g. via Email) to change his/her password, and tries so, the following exception is thrown:
The password change request is done via
dmx.getPrivilegedAccess().changePassword(newCreds);
But that doesn't seem to work any longer.
INFORMATION: Processing template "password-reset" with TemplateEngine of plugin "DMX Sign up"
Aug 23, 2020 10:04:32 AM systems.dmx.signup.SignupPlugin processPasswordUpdateRequest
INFORMATION: Processing Password Update Request Token...
Aug 23, 2020 10:04:32 AM systems.dmx.core.impl.PrivilegedAccessImpl changePassword
INFORMATION: ##### Changing password for user "mukil"
Aug 23, 2020 10:04:32 AM systems.dmx.core.impl.DMXObjectModelImpl update
INFORMATION: Updating related topic 7875 (typeUri="dmx.accesscontrol.user_account")
Aug 23, 2020 10:04:32 AM systems.dmx.core.util.UniversalExceptionMapper logException
SCHWERWIEGEND: Request "GET /sign-up/password-reset/0073f4fa-ae61-48e5-a9b7-67f30b1e1227/-SHA256-ea23c7a43997b7b4010327994d74dce3a022f119babd0126ad654b800a931bae" failed. Responding with 401 (Unauthorized). The original exception/error is:
java.lang.RuntimeException: Changing password for user "mukil" failed
at systems.dmx.core.impl.PrivilegedAccessImpl.changePassword(PrivilegedAccessImpl.java:197)
at systems.dmx.signup.SignupPlugin.processPasswordUpdateRequest(SignupPlugin.java:313)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at com.sun.jersey.spi.container.JavaMethodInvokerFactory$1.invoke(JavaMethodInvokerFactory.java:60)
at com.sun.jersey.server.impl.model.method.dispatch.AbstractResourceMethodDispatchProvider$TypeOutInvoker._dispatch(AbstractResourceMethodDispatchProvider.java:185)
at com.sun.jersey.server.impl.model.method.dispatch.ResourceJavaMethodDispatcher.dispatch(ResourceJavaMethodDispatcher.java:75)
at com.sun.jersey.server.impl.uri.rules.HttpMethodRule.accept(HttpMethodRule.java:302)
at com.sun.jersey.server.impl.uri.rules.RightHandPathRule.accept(RightHandPathRule.java:147)
at com.sun.jersey.server.impl.uri.rules.ResourceObjectRule.accept(ResourceObjectRule.java:100)
at com.sun.jersey.server.impl.uri.rules.RightHandPathRule.accept(RightHandPathRule.java:147)
at com.sun.jersey.server.impl.uri.rules.RootResourceClassesRule.accept(RootResourceClassesRule.java:84)
at com.sun.jersey.server.impl.application.WebApplicationImpl._handleRequest(WebApplicationImpl.java:1480)
at com.sun.jersey.server.impl.application.WebApplicationImpl._handleRequest(WebApplicationImpl.java:1411)
at com.sun.jersey.server.impl.application.WebApplicationImpl.handleRequest(WebApplicationImpl.java:1360)
at com.sun.jersey.server.impl.application.WebApplicationImpl.handleRequest(WebApplicationImpl.java:1350)
at com.sun.jersey.spi.container.servlet.WebComponent.service(WebComponent.java:416)
at com.sun.jersey.spi.container.servlet.ServletContainer.service(ServletContainer.java:538)
at com.sun.jersey.spi.container.servlet.ServletContainer.service(ServletContainer.java:716)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:722)
at org.apache.felix.http.base.internal.handler.ServletHandler.doHandle(ServletHandler.java:339)
at org.apache.felix.http.base.internal.handler.ServletHandler.handle(ServletHandler.java:300)
at org.apache.felix.http.base.internal.dispatch.ServletPipeline.handle(ServletPipeline.java:93)
at org.apache.felix.http.base.internal.dispatch.InvocationFilterChain.doFilter(InvocationFilterChain.java:50)
at org.apache.felix.http.base.internal.dispatch.HttpFilterChain.doFilter(HttpFilterChain.java:31)
at org.apache.felix.http.base.internal.dispatch.FilterPipeline.dispatch(FilterPipeline.java:76)
at org.apache.felix.http.base.internal.dispatch.Dispatcher.dispatch(Dispatcher.java:49)
at org.apache.felix.http.base.internal.DispatcherServlet.service(DispatcherServlet.java:67)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:722)
at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:684)
at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:501)
at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:229)
at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1086)
at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:428)
at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:193)
at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1020)
at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:135)
at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:255)
at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:116)
at org.eclipse.jetty.server.Server.handle(Server.java:370)
at org.eclipse.jetty.server.AbstractHttpConnection.handleRequest(AbstractHttpConnection.java:494)
at org.eclipse.jetty.server.AbstractHttpConnection.headerComplete(AbstractHttpConnection.java:971)
at org.eclipse.jetty.server.AbstractHttpConnection$RequestHandler.headerComplete(AbstractHttpConnection.java:1033)
at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:644)
at org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:235)
at org.eclipse.jetty.server.AsyncHttpConnection.handle(AsyncHttpConnection.java:82)
at org.eclipse.jetty.io.nio.SelectChannelEndPoint.handle(SelectChannelEndPoint.java:667)
at org.eclipse.jetty.io.nio.SelectChannelEndPoint$1.run(SelectChannelEndPoint.java:52)
at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:608)
at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:543)
at java.lang.Thread.run(Thread.java:748)
Caused by: java.lang.RuntimeException: Updating related topic 7875 failed (typeUri="dmx.accesscontrol.user_account")
at systems.dmx.core.impl.DMXObjectModelImpl.update(DMXObjectModelImpl.java:425)
at systems.dmx.core.impl.PrivilegedAccessImpl.changePassword(PrivilegedAccessImpl.java:193)
... 52 more
Caused by: java.lang.RuntimeException: Value integration failed, newValues=TopicModelImpl {
"id": -1,
"typeUri": "dmx.accesscontrol.user_account",
"children": {"dmx.accesscontrol.password": {
"id": -1,
"typeUri": "dmx.accesscontrol.password",
"value": "-SHA256-ea23c7a43997b7b4010327994d74dce3a022f119babd0126ad654b800a931bae",
"children": {}
}}
}, targetObject=RelatedTopicModelImpl {
"id": 7875,
"uri": "",
"typeUri": "dmx.accesscontrol.user_account",
"value": "mukil",
"children": {},
"assoc": {
"id": 7878,
"uri": "",
"typeUri": "dmx.core.composition",
"value": "",
"children": {},
"player1": {
"topicId": 7875,
"roleTypeUri": "dmx.core.parent"
},
"player2": {
"topicId": 7820,
"roleTypeUri": "dmx.core.child"
}
}
}, compDef=null
at systems.dmx.core.impl.ValueIntegrator.integrate(ValueIntegrator.java:110)
at systems.dmx.core.impl.DMXObjectModelImpl.update(DMXObjectModelImpl.java:413)
... 53 more
Caused by: java.lang.RuntimeException: Value integration failed, newValues=RelatedTopicModelImpl {
"id": -1,
"typeUri": "dmx.accesscontrol.password",
"value": "-SHA256-ea23c7a43997b7b4010327994d74dce3a022f119babd0126ad654b800a931bae",
"children": {}
}, targetObject=null, compDef=null
at systems.dmx.core.impl.ValueIntegrator.integrate(ValueIntegrator.java:110)
at systems.dmx.core.impl.ValueIntegrator.integrateChildValue(ValueIntegrator.java:281)
at systems.dmx.core.impl.ValueIntegrator.integrateComposite(ValueIntegrator.java:250)
at systems.dmx.core.impl.ValueIntegrator.integrate(ValueIntegrator.java:102)
... 54 more
Caused by: java.lang.RuntimeException: Creating single topic failed, model=TopicModelImpl {
"id": 7971,
"uri": "",
"typeUri": "dmx.accesscontrol.password",
"value": "-SHA256-ea23c7a43997b7b4010327994d74dce3a022f119babd0126ad654b800a931bae",
"children": {}
}, uriPrefix="null"
at systems.dmx.core.impl.AccessLayer.createSingleTopic(AccessLayer.java:185)
at systems.dmx.core.impl.AccessLayer.createSingleTopic(AccessLayer.java:146)
at systems.dmx.core.impl.ValueIntegrator.createSimpleTopic(ValueIntegrator.java:767)
at systems.dmx.core.impl.ValueIntegrator.unifySimple(ValueIntegrator.java:215)
at systems.dmx.core.impl.ValueIntegrator.integrateSimple(ValueIntegrator.java:170)
at systems.dmx.core.impl.ValueIntegrator.integrate(ValueIntegrator.java:101)
... 57 more
Caused by: java.lang.RuntimeException: An error occurred in the PostCreateTopic of plugin "DMX Workspaces"
at systems.dmx.core.impl.EventManager.dispatchEvent(EventManager.java:96)
at systems.dmx.core.impl.EventManager.fireEvent(EventManager.java:59)
at systems.dmx.core.impl.AccessLayer.createSingleTopic(AccessLayer.java:182)
... 62 more
Caused by: java.lang.RuntimeException: Assigning topic 7971 (typeUri="dmx.accesscontrol.password", uri="") to workspace 1767 failed
at systems.dmx.workspaces.WorkspacesPlugin._assignToWorkspace(WorkspacesPlugin.java:447)
at systems.dmx.workspaces.WorkspacesPlugin.postCreateTopic(WorkspacesPlugin.java:370)
at systems.dmx.core.impl.CoreEvent$9.dispatch(CoreEvent.java:113)
at systems.dmx.core.impl.EventManager.dispatchEvent(EventManager.java:83)
... 64 more
Caused by: systems.dmx.core.service.accesscontrol.AccessControlException: user <anonymous> has no WRITE permission for object 1767
at systems.dmx.accesscontrol.AccessControlPlugin.checkAccess(AccessControlPlugin.java:971)
at systems.dmx.accesscontrol.AccessControlPlugin.checkWriteAccess(AccessControlPlugin.java:956)
at systems.dmx.accesscontrol.AccessControlPlugin.checkTopicWriteAccess(AccessControlPlugin.java:538)
at systems.dmx.core.impl.CoreEvent$3.dispatch(CoreEvent.java:55)
at systems.dmx.core.impl.EventManager.dispatchEvent(EventManager.java:83)
at systems.dmx.core.impl.EventManager.fireEvent(EventManager.java:59)
at systems.dmx.core.impl.AccessLayer.checkTopicWriteAccess(AccessLayer.java:759)
at systems.dmx.core.impl.TopicModelImpl.checkWriteAccess(TopicModelImpl.java:136)
at systems.dmx.core.impl.DMXObjectImpl.checkWriteAccess(DMXObjectImpl.java:242)
at systems.dmx.workspaces.WorkspacesPlugin.checkAssignmentArgs(WorkspacesPlugin.java:485)
at systems.dmx.workspaces.WorkspacesPlugin._assignToWorkspace(WorkspacesPlugin.java:444)
... 67 more
Aug 23, 2020 10:04:32 AM systems.dmx.core.impl.TransactionFactory$TransactionResourceFilter$2 filter
WARNUNG: ### Rollback transaction of systems.dmx.signup.SignupPlugin#processPasswordUpdateRequest()
While topicId=1767
is referring to the "DMX" workspace. But that should not matter, as the user is (a) not logged in and (b) the sign-up plugin services uses "privilegedAccess".
FYI @jri