405 Method Not Allowed to AuthUser

warleyalex · 2013-07-30 02:02:46

I would like to change password of the current user remotely using javascript. After successful JavaScript client authentication, it seems that mORMot is not giving all users access to add an entry to TSQLAuthUser, even a GET method is not allowed, for some security reasons. If I log with default username "User":

GET http://localhost:8080/root/AuthUser?session_signature=000000582a7334754c754449

405 Method Not Allowed

Maybe it does make sense to allow the current users to change pass. It seems that you have to be administrator, has the rights to get access remotely to TSQLAuthUser. I was thinking about changing user groups rigths.

what is the proper sequence at user groups rigths should be to allow the user to change password?

Any ideas.

ab · 2013-07-30 09:33:06

It could make sense to add a new TSQLAllowRemoteExecute right like reUserCanChangeOwnPassword.

Could you please add a feature request as ticket?

warleyalex · 2013-07-31 13:54:18

ab wrote:

Could you please add a feature request as ticket?

Added at http://synopse.info/fossil/tktview?name=e6f113fc98
__________________________________
mORMot - Store UI settings JSON in DB. I like the idea users have the possibility to change their own password remotely using smartphone.
video: http://www.youtube.com/watch?v=xfv2_omnIxs

ab · 2014-12-29 12:38:18

We have added the reUserCanChangeOwnPassword flag to TSQLAccessRight.AllowRemoteExecute.
See http://synopse.info/fossil/info/79a54a8a8d

Sorry for the delay.

mORMot Open Source

#1 2013-07-30 02:02:46

405 Method Not Allowed to AuthUser

#2 2013-07-30 09:33:06

Re: 405 Method Not Allowed to AuthUser

#3 2013-07-31 13:54:18

Re: 405 Method Not Allowed to AuthUser

#4 2014-12-29 12:38:18

Re: 405 Method Not Allowed to AuthUser

Board footer