search

jmprathab / MyHome

A Java application which helps people to manage their apartment.
Apache License 2.0
92 stars 106 forks source link

Forbidden if need changes password with token value #274

Open salamisodikiolawale opened 1 year ago

salamisodikiolawale commented 1 year ago

🐛 Describe the bug

403 Forbiden if i send request to change password with token value.

⚠️ Current behavior

403 Forbiden if i send request to change password with token value.

✅ Expected behavior

This operartion must be to return new token or confirm that password changed.

💣 Steps to reproduce

 Step 1 : create user ***http://localhost:8080/users***

           {
    "name": "name",
  "email": "name@gmail.com",
  "password": "name1234"
}

 Step 2: get token during authentication ***http://localhost:8080/auth/login***

{
  "email": "name@gmail.com",
  "password": "name1234"
}
This step return a token value

Step 3 : Change password ***http://localhost:8080/users/password***

{
  "email": "name@gmail.com",
    "token":"eyJhbGciOiJIUzUxMiJ9.eyJzdWIiOiI1MmU4NjdiYi0zZDdhLTQ0YmUtYWVlMC0yODk2NTljYmI1ZWMiLCJleHAiOjE2Njc3NDM2OTJ9.ughwk1htJYeiETWp7wocgMtzKwd6JxBWMg-83WFZCW9aRLi6zo9bZkDU6mqxsxi6dNVKc9W0_UNZtZTWZ6G2xA",
    "newPassword": "namei1234444"   
}

Error : 

{
    "timestamp": "2022-10-27T14:33:52.404+0000",
    "status": 403,
    "error": "Forbidden",
    "message": "Access Denied",
    "path": "/users/password"
}

Step 3 :

📷 Screenshots

📱 Tech info