[LPS-49848] User is shown a RequiredUserException instead of a PrincipalException when attempting to steal an admin account - Liferay Issues

XML

Word

Printable

Details

Type: Bug
Status: Closed
Resolution: Won't Fix
Affects Version/s: 7.0.0 M3
Fix Version/s: None
Component/s: Web Services, Web Services > JSON WS
Labels:

Fix Priority:
5
Bug Type:
Regression Bug

Description

Steps to reproduce:
1. Sign in
2. Hit http://localhost:8080/api/jsonws
3. Click the first 'add-address' service
4. Copy the pAuth value
5. Hit http://localhost:8080/c/portal/json_service?serviceClassName=com.liferay.portal.service.UserServiceUtil&serviceMethodName=updateStatus&serviceParameters=[userId,status]&userId=10202&status=6&p_auth=[[paste pAuth value here]]

Expected result:

{"message":"com.liferay.portal.security.auth.PrincipalException","exception":"com.liferay.portal.security.auth.PrincipalException"}

Actual result:

{"throwable":"com.liferay.portal.RequiredUserException","error":{"message":"com.liferay.portal.RequiredUserException","type":"com.liferay.portal.RequiredUserException"},"exception":"com.liferay.portal.RequiredUserException"}

Attachments

Activity

People

Assignee:: Cristina Gonzalez

Reporter:: Robert Srisam-ang (Inactive)

Participants of an Issue:: Cristina Gonzalez, Robert Srisam-ang

Recent user:: Marta Elicegui

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 04/Sep/14 10:58 AM

Updated:: 21/Sep/22 1:24 PM

Resolved:: 19/Jan/16 7:32 AM

Days since last comment:: 6 years, 37 weeks, 6 days ago

Packages

Version	Package