Changing admin password fails due id

[mjp0]

Changing admin password doesn't seem to work because the id is all zeros and (just a guess) JS treats it as false/non-value.

UI sends PUT request to /api/users/000000000000000000000000/password and the request results in this {"statusCode":400,"error":"Bad Request","message":"child \"id\" fails because [\"id\" contains an invalid value]","validation":{"source":"params","keys":["id"]}} .

Any ideas how to get this done without manually stabbing Mongo?

[jedireza]

Yep. You can remove these kinds of validation checks:

• https://github.com/jedireza/aqua/blob/eb25a5c093aa8beeb0b43bba8f61fa122e842a38/server/api/admins.js#L134-L136 (multiple)
• https://github.com/jedireza/aqua/blob/eb25a5c093aa8beeb0b43bba8f61fa122e842a38/server/api/admin-groups.js#L132-L134 (multiple)
• https://github.com/jedireza/aqua/blob/eb25a5c093aa8beeb0b43bba8f61fa122e842a38/server/api/users.js#L217-L219 (multiple)

These are in place to prevent the live demos from breaking due to people changing the details or deleting the records.

These all seem to also check that the user making the change is in the root admin group, which should be protection enough as long as only people in that group should be able to perform those actions.

In the end, be vigilant and be sure the users who have access to the route, should. 😉

I hope that helps.