Error to make a Request to update password in UAA


Juan Antonio Breña Moral <bren at juanantonio.info...>
 

Hi,

Using UAA API, it is possible to create users without password. Later if you need to update the password what is the right request to make the process? Current documentation is not very clear:

https://github.com/cloudfoundry/uaa/blob/master/docs/UAA-APIs.rst#create-a-user-post-users

The document has al ink for a section to udpate password but it was removed:
http://www.simplecloud.info/specs/draft-scim-api-01.html#change-password

Using the documentation, the request throws an Error:

uaa_options = {
"schemas":["urn:scim:schemas:core:1.0"],
"password": "abc123456",
"oldPassword": "oldpassword"
}

return CloudFoundryUsersUAA.updatePassword(token_type, access_token, uaa_guid, uaa_options);

UsersUAA.prototype.updatePassword = function (token_type, access_token, uaa_guid, uaa_options) {
"use strict";

var url = this.UAA_API_URL + "/Users/" + uaa_guid + "/password";
var options = {
method: 'PUT',
url: url,
headers: {
Accept: 'application/json',
Authorization: token_type + ' ' + access_token
},
json: uaa_options
};

return this.REST.request(options, "200", false);
};

Error:

Error: the string "<html><head><title>Apache Tomcat/7.0.55 - Error report</
title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-
color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:whi
te;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-s
erif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tah
oma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,
Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Ar
ial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.
name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Stat
us 400 - </h1><HR size=\"1\" noshade=\"noshade\"><p><b>type</b> Status report</p
<p><b>message</b> <u></u></p><p><b>description</b> <u>The request sent by the c
lient was syntactically incorrect.</u></p><HR size=\"1\" noshade=\"noshade\"><h3
Apache Tomcat/7.0.55</h3></body></html>" was thrown, throw an Error :)
Note: it is possible to create an user in UAA with a password in the first operation, but the documenation is not clear in this point.

var uaa_options = {
"schemas":["urn:scim:schemas:core:1.0"],
"userName":username,
"emails":[
{
"value":"demo(a)example.com",
"type":"work"
}
],
"password": "123456",
};

Usage with CF CLI: cf login -a https://apiMY_IP.xip.io -u userXXX -p 123456 --skip-ssl-validation

Any help to update passwords?

Juan Antonio


Filip Hanik
 

If your `access_token` value is

1. a client_credentials grant - the `oldPassword` field is not evaluated
and can be omitted
OR
2. it's a user token, with the scope of `uaa.admin` and the admin is trying
to change password for another user - the `oldPassword` field is not
evaluated and can be omitted

We will update the documentation to reflect these two use cases.
https://github.com/cloudfoundry/uaa/blob/feature/fix_saml_metadata_validation/scim/src/main/java/org/cloudfoundry/identity/uaa/password/PasswordChangeEndpoint.java#L124-L158


On Wed, Oct 28, 2015 at 9:43 AM, Juan Antonio Breña Moral <
bren(a)juanantonio.info> wrote:

Hi,

Using UAA API, it is possible to create users without password. Later if
you need to update the password what is the right request to make the
process? Current documentation is not very clear:


https://github.com/cloudfoundry/uaa/blob/master/docs/UAA-APIs.rst#create-a-user-post-users

The document has al ink for a section to udpate password but it was
removed:
http://www.simplecloud.info/specs/draft-scim-api-01.html#change-password

Using the documentation, the request throws an Error:

uaa_options = {
"schemas":["urn:scim:schemas:core:1.0"],
"password": "abc123456",
"oldPassword": "oldpassword"
}

return CloudFoundryUsersUAA.updatePassword(token_type, access_token,
uaa_guid, uaa_options);

UsersUAA.prototype.updatePassword = function (token_type, access_token,
uaa_guid, uaa_options) {
"use strict";

var url = this.UAA_API_URL + "/Users/" + uaa_guid + "/password";
var options = {
method: 'PUT',
url: url,
headers: {
Accept: 'application/json',
Authorization: token_type + ' ' + access_token
},
json: uaa_options
};

return this.REST.request(options, "200", false);
};

Error:

Error: the string "<html><head><title>Apache Tomcat/7.0.55 - Error
report</
title><style><!--H1
{font-family:Tahoma,Arial,sans-serif;color:white;background-
color:#525D76;font-size:22px;} H2
{font-family:Tahoma,Arial,sans-serif;color:whi
te;background-color:#525D76;font-size:16px;} H3
{font-family:Tahoma,Arial,sans-s
erif;color:white;background-color:#525D76;font-size:14px;} BODY
{font-family:Tah
oma,Arial,sans-serif;color:black;background-color:white;} B
{font-family:Tahoma,
Arial,sans-serif;color:white;background-color:#525D76;} P
{font-family:Tahoma,Ar
ial,sans-serif;background:white;color:black;font-size:12px;}A {color :
black;}A.
name {color : black;}HR {color : #525D76;}--></style>
</head><body><h1>HTTP Stat
us 400 - </h1><HR size=\"1\" noshade=\"noshade\"><p><b>type</b> Status
report</p
<p><b>message</b> <u></u></p><p><b>description</b> <u>The request sent by
the c
lient was syntactically incorrect.</u></p><HR size=\"1\"
noshade=\"noshade\"><h3
Apache Tomcat/7.0.55</h3></body></html>" was thrown, throw an Error :)
Note: it is possible to create an user in UAA with a password in the first
operation, but the documenation is not clear in this point.

var uaa_options = {
"schemas":["urn:scim:schemas:core:1.0"],
"userName":username,
"emails":[
{
"value":"demo(a)example.com",
"type":"work"
}
],
"password": "123456",
};

Usage with CF CLI: cf login -a https://apiMY_IP.xip.io -u userXXX -p
123456 --skip-ssl-validation

Any help to update passwords?

Juan Antonio


Juan Antonio Breña Moral <bren at juanantonio.info...>
 

Many thanks for the reply.

Next monday in the morning, I will update the class to test again.

Cheers


Juan Antonio Breña Moral <bren at juanantonio.info...>
 

Good morning,

The user which I use has the following groups:

[ { value: 'c6032d43-5eb6-4719-8ff5-5ec3b6bf7cf8',
display: 'approvals.me',
type: 'DIRECT' },
{ value: 'dead2fa1-02f3-46a4-9072-5315e7c692ac',
display: 'cloud_controller.read',
type: 'DIRECT' },
{ value: 'efe5e709-3c75-47e2-a921-d7efc1535a7d',
display: 'doppler.firehose',
type: 'DIRECT' },
{ value: '7b545c0e-7cd4-4ca3-87f6-0458594f928d',
display: 'openid',
type: 'DIRECT' },
{ value: '7b2e9bac-606f-4e03-87a8-f8121616521f',
display: 'cloud_controller_service_permissions.read',
type: 'DIRECT' },
{ value: '8605ea52-a0d5-4801-91c8-cf8cb6f79c4b',
display: 'cloud_controller.write',
type: 'DIRECT' },
{ value: '156bb655-4ef4-4068-a0ed-fa877e03eb51',
display: 'uaa.user',
type: 'DIRECT' },
{ value: '67c233cf-5950-4d03-a534-016d1d3baf15',
display: 'scim.read',
type: 'DIRECT' },
{ value: 'e08cbc0b-a032-4c03-86ed-03e6b33a585e',
display: 'notification_preferences.write',
type: 'DIRECT' },
{ value: '084442d8-fa2c-416e-9163-9f26ea928316',
display: 'notification_preferences.read',
type: 'DIRECT' },
{ value: 'a4a76783-2440-46df-bacb-5ea3e3d8cb82',
display: 'cloud_controller.admin',
type: 'DIRECT' },
{ value: '1b48d072-6715-40a4-b01c-f4f8ede67db9',
display: 'password.write',
type: 'DIRECT' },
{ value: 'e7ed28ab-3a6e-429a-9b4b-fcf921e1b5dd',
display: 'oauth.approvals',
type: 'DIRECT' },
{ value: '203a26f5-c022-4b94-8368-16fb8eec2b37',
display: 'scim.write',
type: 'DIRECT' },
{ value: '52ed4af3-1a7b-413d-9189-ab2e2b750d8b',
display: 'scim.me',
type: 'DIRECT' } ]

Is OK to update the password for another user created with this account?

Juan Antonio


Juan Antonio Breña Moral <bren at juanantonio.info...>
 

Hi, I continue doing tests and I checked that I have the required permissions for current user:

{ value: '1b48d072-6715-40a4-b01c-f4f8ede67db9', display: 'password.write', type: 'DIRECT' },

https://github.com/cloudfoundry/uaa/blob/master/docs/UAA-APIs.rst#create-a-user-post-users

And I Updated the request:

uaa_options = {
"schemas":["urn:scim:schemas:core:1.0"],
"password": accountPassword
};

But UAA continue replying with the same message:

<p><b>message</b> <u></u></p><p><b>description</b> <u>The request sent by the c
lient was syntactically incorrect.</u></p><HR size=\"1\" noshade=\"noshade\"><h3
Apache Tomcat/7.0.55</h3></body></html>" was thrown, throw an Error :)
https://github.com/prosociallearnEU/cf-nodejs-client/blob/master/lib/model/UsersUAA.js#L45-L68
https://github.com/prosociallearnEU/cf-nodejs-client/blob/master/test/lib/model/UserUAATests.js#L142-L192

Can you provide a curl example to test with Go CLI using curl tool?

Many thanks in advance.

Juan Antonio