PrivilegedAccess does not allow reading email_address topic from "Administration" workspace anymore
Situation: In previous versions we assigned the "Email Address" and its association to a "Username" to the "Administration" workspace.
This no longer works. As of DMX 5.1 dmx.getPrivilegedAccess().emailAddressExists()
and thus the "password reset" workflow (and Email existence check) does not work anymore. Remember, a user who requests a new password ist not logged in (anonymous).
Solution:
- Storing the "Email Address" in the "Syystems" workspace is not an option for privacy reasons
- Thus anonymous requests to the sign-up plugin must be allowed to check and send out an email from a topic residing in the "Administration" workspace
Here the stacktrace when a user account uses the "password reset" workflow while it's Email Address was placed in the "Administration" workspace during account creation.
INFORMATION: ##### Logging out [...]
Jan 08, 2021 6:32:15 PM systems.dmx.topicmaps.TopicmapsPlugin getTopicmap
INFORMATION: Fetching topicmap 2875, includeChildren=false
Jan 08, 2021 6:32:19 PM systems.dmx.core.impl.WebSocketConnectionImpl onClose
INFORMATION: Closing WebSocket connection 7287384707433931 (client ID)
Jan 08, 2021 6:32:19 PM systems.dmx.thymeleaf.provider.ThymeleafViewProcessor writeTo
INFORMATION: Processing template "request-password" with TemplateEngine of plugin "DMX Sign up"
Jan 08, 2021 6:32:20 PM de.mikromedia.webpages.WebpagePlugin getPublishedWebpages
WARNUNG: No website available with prefix "/favicon.ico" - Returning empty list
Jan 08, 2021 6:32:23 PM systems.dmx.signup.SignupPlugin initiatePasswordReset
INFORMATION: Password reset requested for user with Email: "malte@mikromedia.de"
Jan 08, 2021 6:32:23 PM systems.dmx.core.util.UniversalExceptionMapper logException
SCHWERWIEGEND: Request "GET /sign-up/password-token/malte@mikromedia.de" failed. Responding with 401 (Unauthorized). The original exc/error is:
java.lang.RuntimeException: Fetching topic failed, key="dmx.contacts.email_address", value=malte@mikromedia.de
at systems.dmx.core.impl.AccessLayer.getTopicByValue(AccessLayer.java:91)
at systems.dmx.core.impl.CoreServiceImpl.getTopicByValue(CoreServiceImpl.java:107)
at systems.dmx.signup.SignupPlugin.initiatePasswordReset(SignupPlugin.java:225)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at com.sun.jersey.spi.container.JavaMethodInvokerFactory$1.invoke(JavaMethodInvokerFactory.java:60)
at com.sun.jersey.server.impl.model.method.dispatch.AbstractResourceMethodDispatchProvider$ResponseOutInvoker._dispatch(AbstrourceMethodDispatchProvider.java:205)
at com.sun.jersey.server.impl.model.method.dispatch.ResourceJavaMethodDispatcher.dispatch(ResourceJavaMethodDispatcher.java:7
at com.sun.jersey.server.impl.uri.rules.HttpMethodRule.accept(HttpMethodRule.java:302)
at com.sun.jersey.server.impl.uri.rules.RightHandPathRule.accept(RightHandPathRule.java:147)
at com.sun.jersey.server.impl.uri.rules.ResourceObjectRule.accept(ResourceObjectRule.java:100)
at com.sun.jersey.server.impl.uri.rules.RightHandPathRule.accept(RightHandPathRule.java:147)
at com.sun.jersey.server.impl.uri.rules.RootResourceClassesRule.accept(RootResourceClassesRule.java:84)
at com.sun.jersey.server.impl.application.WebApplicationImpl._handleRequest(WebApplicationImpl.java:1480)
at com.sun.jersey.server.impl.application.WebApplicationImpl._handleRequest(WebApplicationImpl.java:1411)
at com.sun.jersey.server.impl.application.WebApplicationImpl.handleRequest(WebApplicationImpl.java:1360)
at com.sun.jersey.server.impl.application.WebApplicationImpl.handleRequest(WebApplicationImpl.java:1350)
at com.sun.jersey.spi.container.servlet.WebComponent.service(WebComponent.java:416)
at com.sun.jersey.spi.container.servlet.ServletContainer.service(ServletContainer.java:538)
at com.sun.jersey.spi.container.servlet.ServletContainer.service(ServletContainer.java:716)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:722)
at org.apache.felix.http.base.internal.handler.ServletHandler.doHandle(ServletHandler.java:339)
at org.apache.felix.http.base.internal.handler.ServletHandler.handle(ServletHandler.java:300)
at org.apache.felix.http.base.internal.dispatch.ServletPipeline.handle(ServletPipeline.java:93)
at org.apache.felix.http.base.internal.dispatch.InvocationFilterChain.doFilter(InvocationFilterChain.java:50)
at org.apache.felix.http.base.internal.dispatch.HttpFilterChain.doFilter(HttpFilterChain.java:31)
at org.apache.felix.http.base.internal.dispatch.FilterPipeline.dispatch(FilterPipeline.java:76)
at org.apache.felix.http.base.internal.dispatch.Dispatcher.dispatch(Dispatcher.java:49)
at org.apache.felix.http.base.internal.DispatcherServlet.service(DispatcherServlet.java:67)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:722)
at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:684)
at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:501)
at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:229)
at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1086)
at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:428)
at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:193)
at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1020)
at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:135)
at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:255)
at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:116)
at org.eclipse.jetty.server.Server.handle(Server.java:370)
at org.eclipse.jetty.server.AbstractHttpConnection.handleRequest(AbstractHttpConnection.java:494)
at org.eclipse.jetty.server.AbstractHttpConnection.headerComplete(AbstractHttpConnection.java:971)
at org.eclipse.jetty.server.AbstractHttpConnection$RequestHandler.headerComplete(AbstractHttpConnection.java:1033)
at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:644)
at org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:235)
at org.eclipse.jetty.server.AsyncHttpConnection.handle(AsyncHttpConnection.java:82)
at org.eclipse.jetty.io.nio.SelectChannelEndPoint.handle(SelectChannelEndPoint.java:667)
at org.eclipse.jetty.io.nio.SelectChannelEndPoint$1.run(SelectChannelEndPoint.java:52)
at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:608)
at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:543)
at java.lang.Thread.run(Thread.java:748)
Caused by: systems.dmx.core.service.accesscontrol.AccessControlException: user <anonymous> has no READ permission for object 8588
at systems.dmx.accesscontrol.AccessControlPlugin.checkAccess(AccessControlPlugin.java:966)
at systems.dmx.accesscontrol.AccessControlPlugin.checkReadAccess(AccessControlPlugin.java:944)
at systems.dmx.accesscontrol.AccessControlPlugin.checkTopicReadAccess(AccessControlPlugin.java:529)
at systems.dmx.core.impl.CoreEvent$1.dispatch(CoreEvent.java:35)
at systems.dmx.core.impl.EventManager.dispatchEvent(EventManager.java:83)
at systems.dmx.core.impl.EventManager.fireEvent(EventManager.java:59)
at systems.dmx.core.impl.AccessLayer.checkTopicReadAccess(AccessLayer.java:780)
at systems.dmx.core.impl.TopicModelImpl.checkReadAccess(TopicModelImpl.java:137)
at systems.dmx.core.impl.AccessLayer.getTopicByValue(AccessLayer.java:89)
... 53 more
Jan 08, 2021 6:32:23 PM systems.dmx.thymeleaf.provider.ThymeleafViewProcessor writeTo
INFORMATION: Processing template "account-confirmation" with TemplateEngine of
While 8558
is
{"id":8588,"uri":"","typeUri":"dmx.contacts.email_address","value":"malte@mikromedia.de","children":{"dmx.timestamps.created":{"id":-1,"typeUri":"dmx.timestamps.created","value":1610127119150,"children":{}},"dmx.timestamps.modified":{"id":-1,"typeUri":"dmx.timestamps.modified","value":1610127119150,"children":{}}}}
If we move the "Email Address" and its assoc into the "System" workspace (which contents are publicly readable for anonymous), self-registration fails as we can't write into the "System" workspace without being logged in, the following error rightly occurs.
WARNUNG: No website available with prefix "/favicon.ico" - Returning empty list
Jan 08, 2021 6:45:44 PM systems.dmx.accesscontrol.AccessControlPlugin _createUserAccount
INFORMATION: Creating user account "test"
Jan 08, 2021 6:45:44 PM systems.dmx.accesscontrol.AccessControlPlugin createUsername
INFORMATION: Creating username topic "test"
Jan 08, 2021 6:45:44 PM systems.dmx.config.ConfigPlugin _createConfigTopic
INFORMATION: ### Creating config topic of type "dmx.files.disk_quota" for topic 8597
Jan 08, 2021 6:45:44 PM systems.dmx.config.ConfigPlugin _createConfigTopic
INFORMATION: ### Creating config topic of type "dmx.workspaces.enabled_sharing_modes" for topic 8597
Jan 08, 2021 6:45:44 PM systems.dmx.config.ConfigPlugin _createConfigTopic
INFORMATION: ### Creating config topic of type "dmx.accesscontrol.login_enabled" for topic 8597
Jan 08, 2021 6:45:44 PM systems.dmx.workspaces.WorkspacesPlugin lambda$createWorkspace$0
INFORMATION: Creating workspace "Private Workspace", uri=null, sharingMode=PRIVATE
Jan 08, 2021 6:45:44 PM systems.dmx.topicmaps.TopicmapsPlugin createTopicmap
INFORMATION: Creating topicmap "untitled", topicmapTypeUri="dmx.topicmaps.topicmap", viewProps=null
Jan 08, 2021 6:45:44 PM systems.dmx.core.util.UniversalExceptionMapper logException
SCHWERWIEGEND: Request "GET /sign-up/handle/test/-SHA256-648273d5f80b8424091d246cf1a2424226f6521a65e25b0edbe004fe3fbf71e0/malte%40mikromedia.de" failed. Responding with 401 (Unauthorized). The original exception/error is:
java.lang.RuntimeException: Creating simple user account FAILED!
at systems.dmx.signup.SignupPlugin.createSimpleUserAccount(SignupPlugin.java:675)
at systems.dmx.signup.SignupPlugin.handleSignupRequest(SignupPlugin.java:345)
at systems.dmx.signup.SignupPlugin.handleSignupRequest(SignupPlugin.java:366)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at com.sun.jersey.spi.container.JavaMethodInvokerFactory$1.invoke(JavaMethodInvokerFactory.java:60)
at com.sun.jersey.server.impl.model.method.dispatch.AbstractResourceMethodDispatchProvider$TypeOutInvoker._dispatch(AbstractResourceMethodDispatchProvider.java:185)
at com.sun.jersey.server.impl.model.method.dispatch.ResourceJavaMethodDispatcher.dispatch(ResourceJavaMethodDispatcher.java:75)
at com.sun.jersey.server.impl.uri.rules.HttpMethodRule.accept(HttpMethodRule.java:302)
at com.sun.jersey.server.impl.uri.rules.RightHandPathRule.accept(RightHandPathRule.java:147)
at com.sun.jersey.server.impl.uri.rules.ResourceObjectRule.accept(ResourceObjectRule.java:100)
at com.sun.jersey.server.impl.uri.rules.RightHandPathRule.accept(RightHandPathRule.java:147)
at com.sun.jersey.server.impl.uri.rules.RootResourceClassesRule.accept(RootResourceClassesRule.java:84)
at com.sun.jersey.server.impl.application.WebApplicationImpl._handleRequest(WebApplicationImpl.java:1480)
at com.sun.jersey.server.impl.application.WebApplicationImpl._handleRequest(WebApplicationImpl.java:1411)
at com.sun.jersey.server.impl.application.WebApplicationImpl.handleRequest(WebApplicationImpl.java:1360)
at com.sun.jersey.server.impl.application.WebApplicationImpl.handleRequest(WebApplicationImpl.java:1350)
at com.sun.jersey.spi.container.servlet.WebComponent.service(WebComponent.java:416)
at com.sun.jersey.spi.container.servlet.ServletContainer.service(ServletContainer.java:538)
at com.sun.jersey.spi.container.servlet.ServletContainer.service(ServletContainer.java:716)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:722)
at org.apache.felix.http.base.internal.handler.ServletHandler.doHandle(ServletHandler.java:339)
at org.apache.felix.http.base.internal.handler.ServletHandler.handle(ServletHandler.java:300)
at org.apache.felix.http.base.internal.dispatch.ServletPipeline.handle(ServletPipeline.java:93)
at org.apache.felix.http.base.internal.dispatch.InvocationFilterChain.doFilter(InvocationFilterChain.java:50)
at org.apache.felix.http.base.internal.dispatch.HttpFilterChain.doFilter(HttpFilterChain.java:31)
at org.apache.felix.http.base.internal.dispatch.FilterPipeline.dispatch(FilterPipeline.java:76)
at org.apache.felix.http.base.internal.dispatch.Dispatcher.dispatch(Dispatcher.java:49)
at org.apache.felix.http.base.internal.DispatcherServlet.service(DispatcherServlet.java:67)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:722)
at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:684)
at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:501)
at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:229)
at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1086)
at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:428)
at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:193)
at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1020)
at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:135)
at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:255)
at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:116)
at org.eclipse.jetty.server.Server.handle(Server.java:370)
at org.eclipse.jetty.server.AbstractHttpConnection.handleRequest(AbstractHttpConnection.java:494)
at org.eclipse.jetty.server.AbstractHttpConnection.headerComplete(AbstractHttpConnection.java:971)
at org.eclipse.jetty.server.AbstractHttpConnection$RequestHandler.headerComplete(AbstractHttpConnection.java:1033)
at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:644)
at org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:235)
at org.eclipse.jetty.server.AsyncHttpConnection.handle(AsyncHttpConnection.java:82)
at org.eclipse.jetty.io.nio.SelectChannelEndPoint.handle(SelectChannelEndPoint.java:667)
at org.eclipse.jetty.io.nio.SelectChannelEndPoint$1.run(SelectChannelEndPoint.java:52)
at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:608)
at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:543)
at java.lang.Thread.run(Thread.java:748)
Caused by: java.lang.RuntimeException: Creating topic failed, model=TopicModelImpl {
"id": -1,
"typeUri": "dmx.contacts.email_address",
"value": "malte@mikromedia.de",
"children": {}
}
at systems.dmx.core.impl.AccessLayer.createTopic(AccessLayer.java:140)
at systems.dmx.core.impl.CoreServiceImpl.createTopic(CoreServiceImpl.java:133)
at systems.dmx.core.impl.CoreServiceImpl.createTopic(CoreServiceImpl.java:35)
at systems.dmx.signup.SignupPlugin$3.call(SignupPlugin.java:651)
at systems.dmx.signup.SignupPlugin$3.call(SignupPlugin.java:648)
at systems.dmx.core.util.ContextTracker.run(ContextTracker.java:20)
at systems.dmx.core.impl.PrivilegedAccessImpl.runInWorkspaceContext(PrivilegedAccessImpl.java:354)
at systems.dmx.signup.SignupPlugin.createSimpleUserAccount(SignupPlugin.java:648)
... 53 more
Caused by: java.lang.RuntimeException: Value integration failed, newValues=TopicModelImpl {
"id": -1,
"typeUri": "dmx.contacts.email_address",
"value": "malte@mikromedia.de",
"children": {}
}, targetObject=null, compDef=null
at systems.dmx.core.impl.ValueIntegrator.integrate(ValueIntegrator.java:115)
at systems.dmx.core.impl.AccessLayer.updateValues(AccessLayer.java:1031)
at systems.dmx.core.impl.AccessLayer.createTopic(AccessLayer.java:138)
... 60 more
Caused by: java.lang.RuntimeException: An error occurred in the PostCreateTopic listener of plugin "DMX Workspaces"
at systems.dmx.core.impl.EventManager.dispatchEvent(EventManager.java:96)
at systems.dmx.core.impl.EventManager.fireEvent(EventManager.java:59)
at systems.dmx.core.impl.ValueIntegrator.integrate(ValueIntegrator.java:108)
... 62 more
Caused by: java.lang.RuntimeException: Assigning topic 8663 (typeUri="dmx.contacts.email_address", uri="") to workspace 3717 failed
at systems.dmx.workspaces.WorkspacesPlugin._assignToWorkspace(WorkspacesPlugin.java:458)
at systems.dmx.workspaces.WorkspacesPlugin.postCreateTopic(WorkspacesPlugin.java:365)
at systems.dmx.core.impl.CoreEvent$9.dispatch(CoreEvent.java:113)
at systems.dmx.core.impl.EventManager.dispatchEvent(EventManager.java:83)
... 64 more
Caused by: java.lang.RuntimeException: Fetching topic 3717 failed
at systems.dmx.core.impl.AccessLayer.getTopic(AccessLayer.java:69)
at systems.dmx.core.impl.CoreServiceImpl.getTopic(CoreServiceImpl.java:84)
at systems.dmx.workspaces.WorkspacesPlugin.checkAssignmentArgs(WorkspacesPlugin.java:489)
at systems.dmx.workspaces.WorkspacesPlugin._assignToWorkspace(WorkspacesPlugin.java:455)
... 67 more
Caused by: systems.dmx.core.service.accesscontrol.AccessControlException: user <anonymous> has no READ permission for object 3717
at systems.dmx.accesscontrol.AccessControlPlugin.checkAccess(AccessControlPlugin.java:966)
at systems.dmx.accesscontrol.AccessControlPlugin.checkReadAccess(AccessControlPlugin.java:944)
at systems.dmx.accesscontrol.AccessControlPlugin.checkTopicReadAccess(AccessControlPlugin.java:529)
at systems.dmx.core.impl.CoreEvent$1.dispatch(CoreEvent.java:35)
at systems.dmx.core.impl.EventManager.dispatchEvent(EventManager.java:83)
at systems.dmx.core.impl.EventManager.fireEvent(EventManager.java:59)
at systems.dmx.core.impl.AccessLayer.checkTopicReadAccess(AccessLayer.java:780)
at systems.dmx.core.impl.TopicModelImpl.checkReadAccess(TopicModelImpl.java:137)
at systems.dmx.core.impl.AccessLayer.getTopic(AccessLayer.java:67)
... 70 more