[LPS-49848] User is shown a RequiredUserException instead of a PrincipalException when attempting to steal an admin account - Liferay Issues

XML

Word

Printable

Details

Type: Regression Bug
Status: Closed
Resolution: Won't Fix
Affects Version/s: 7.0.0 M3
Fix Version/s: None
Component/s: Web Services, Web Services > JSON WS
Labels:

Fix Priority:
5

Description

Steps to reproduce:
1. Sign in
2. Hit http://localhost:8080/api/jsonws
3. Click the first 'add-address' service
4. Copy the pAuth value
5. Hit http://localhost:8080/c/portal/json_service?serviceClassName=com.liferay.portal.service.UserServiceUtil&serviceMethodName=updateStatus&serviceParameters=[userId,status]&userId=10202&status=6&p_auth=[[paste pAuth value here]]

Expected result:

{"message":"com.liferay.portal.security.auth.PrincipalException","exception":"com.liferay.portal.security.auth.PrincipalException"}

Actual result:

{"throwable":"com.liferay.portal.RequiredUserException","error":{"message":"com.liferay.portal.RequiredUserException","type":"com.liferay.portal.RequiredUserException"},"exception":"com.liferay.portal.RequiredUserException"}

Attachments

Activity

People

Assignee:: Cristina Gonzalez

Reporter:: Robert Srisam-ang (Inactive)

Participants of an Issue:: Cristina Gonzalez, Robert Srisam-ang

Recent user:: Esther Sanz

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 04/Sep/14 10:58 AM

Updated:: 14/Dec/16 9:28 PM

Resolved:: 19/Jan/16 7:32 AM

Days since last comment:: 5 years, 16 weeks, 1 day ago

Packages

Version	Package