Сan not update the password

REST API
1

I try update password after login in client.

Api docs
user : Service for managing system users
A valid current session along with old and new password are required to change the password directly posting ‘old_password’ and ‘new_password’.

X-Auth-Token - exist, valid

data: {  "old_password": "old_password",  "new_password": "new_password" }

Response Code : 500
message: “Error processing password change.↵The token has been blacklisted”

how to find a solution?

trace:

"0 /opt/bitnami/apps/dreamfactory/htdocs/vendor/dreamfactory/df-core/src/Resources/UserPasswordResource.php(56): DreamFactory\Core\Resources\UserPasswordResource::changePassword(Object(DreamFactory\Core\Models\User), '12345678', '1234567890')"
1
:
"1 [internal function]: DreamFactory\Core\Resources\UserPasswordResource->handlePOST()"
2
:
"2 /opt/bitnami/apps/dreamfactory/htdocs/vendor/dreamfactory/df-core/src/Components/RestHandler.php(267): call_user_func(Array)"
3
:
"3 /opt/bitnami/apps/dreamfactory/htdocs/vendor/dreamfactory/df-core/src/Components/RestHandler.php(173): DreamFactory\Core\Components\RestHandler->processRequest()"
4
:
"4 /opt/bitnami/apps/dreamfactory/htdocs/vendor/dreamfactory/df-core/src/Components/RestHandler.php(220): DreamFactory\Core\Components\RestHandler->handleRequest(Object(DreamFactory\Core\Utility\ServiceRequest), '')"
5
:
"5 /opt/bitnami/apps/dreamfactory/htdocs/vendor/dreamfactory/df-core/src/Components/RestHandler.php(168): DreamFactory\Core\Components\RestHandler->handleResource(Array)"
6
:
"6 /opt/bitnami/apps/dreamfactory/htdocs/vendor/dreamfactory/df-core/src/Services/BaseRestService.php(65): DreamFactory\Core\Components\RestHandler->handleRequest(Object(DreamFactory\Core\Utility\ServiceRequest), 'password')"
7
:
"7 /opt/bitnami/apps/dreamfactory/htdocs/vendor/dreamfactory/df-core/src/Utility/ServiceHandler.php(70): DreamFactory\Core\Services\BaseRestService->handleRequest(Object(DreamFactory\Core\Utility\ServiceRequest), 'password')"
8
:
"8 /opt/bitnami/apps/dreamfactory/htdocs/bootstrap/cache/compiled.php(16995): DreamFactory\Core\Utility\ServiceHandler::processRequest('v2', 'user', 'password')"
9
:
"9 /opt/bitnami/apps/dreamfactory/htdocs/bootstrap/cache/compiled.php(16971): DreamFactory\Http\Controllers\RestController->handleService('v2', 'user', 'password')"
10
:
"10 [internal function]: DreamFactory\Http\Controllers\RestController->handlePOST('v2', 'user', 'password')"
11
:
"11 /opt/bitnami/apps/dreamfactory/htdocs/bootstrap/cache/compiled.php(9075): call_user_func_array(Array, Array)"
12
:
"12 /opt/bitnami/apps/dreamfactory/htdocs/bootstrap/cache/compiled.php(9137): Illuminate\Routing\Controller->callAction('handlePOST', Array)"
13
:
"13 /opt/bitnami/apps/dreamfactory/htdocs/bootstrap/cache/compiled.php(9117): Illuminate\Routing\ControllerDispatcher->call(Object(DreamFactory\Http\Controllers\RestController), Object(Illuminate\Routing\Route), 'handlePOST')"
14
:
"14 [internal function]: Illuminate\Routing\ControllerDispatcher->Illuminate\Routing\{closure}(Object(Illuminate\Http\Request))"
15
:
"15 /opt/bitnami/apps/dreamfactory/htdocs/vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php(52): call_user_func(Object(Closure), Object(Illuminate\Http\Request))"
16
:
"16 /opt/bitnami/apps/dreamfactory/htdocs/bootstrap/cache/compiled.php(17158): Illuminate\Routing\Pipeline->Illuminate\Routing\{closure}(Object(Illuminate\Http\Request))"
17
:
"17 [internal function]: DreamFactory\Http\Middleware\AccessCheck->handle(Object(Illuminate\Http\Request), Object(Closure))"
18
:
"18 /opt/bitnami/apps/dreamfactory/htdocs/bootstrap/cache/compiled.php(9609): call_user_func_array(Array, Array)"
19
:
"19 [internal function]: Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}(Object(Illuminate\Http\Request))"
20
:
"20 /opt/bitnami/apps/dreamfactory/htdocs/vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php(32): call_user_func(Object(Closure), Object(Illuminate\Http\Request))"
21
:
"21 [internal function]: Illuminate\Routing\Pipeline->Illuminate\Routing\{closure}(Object(Illuminate\Http\Request))"
22
:
"22 /opt/bitnami/apps/dreamfactory/htdocs/bootstrap/cache/compiled.php(9594): call_user_func(Object(Closure), Object(Illuminate\Http\Request))"
23
:
"23 /opt/bitnami/apps/dreamfactory/htdocs/bootstrap/cache/compiled.php(9118): Illuminate\Pipeline\Pipeline->then(Object(Closure))"
24
:
"24 /opt/bitnami/apps/dreamfactory/htdocs/bootstrap/cache/compiled.php(9105): Illuminate\Routing\ControllerDispatcher->callWithinStack(Object(DreamFactory\Http\Controllers\RestController), Object(Illuminate\Routing\Route), Object(Illuminate\Http\Request), 'handlePOST')"
25
:
"25 /opt/bitnami/apps/dreamfactory/htdocs/bootstrap/cache/compiled.php(8173): Illuminate\Routing\ControllerDispatcher->dispatch(Object(Illuminate\Routing\Route), Object(Illuminate\Http\Request), 'DreamFactory\\Ht...', 'handlePOST')"
26
:
"26 /opt/bitnami/apps/dreamfactory/htdocs/bootstrap/cache/compiled.php(8160): Illuminate\Routing\Route->runController(Object(Illuminate\Http\Request))"
27
:
"27 /opt/bitnami/apps/dreamfactory/htdocs/bootstrap/cache/compiled.php(7874): Illuminate\Routing\Route->run(Object(Illuminate\Http\Request))"
28
:
"28 [internal function]: Illuminate\Routing\Router->Illuminate\Routing\{closure}(Object(Illuminate\Http\Request))"
29
:
"29 /opt/bitnami/apps/dreamfactory/htdocs/vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php(52): call_user_func(Object(Closure), Object(Illuminate\Http\Request))"
30
:
"30 [internal function]: Illuminate\Routing\Pipeline->Illuminate\Routing\{closure}(Object(Illuminate\Http\Request))"
31
:
"31 /opt/bitnami/apps/dreamfactory/htdocs/bootstrap/cache/compiled.php(9594): call_user_func(Object(Closure), Object(Illuminate\Http\Request))"
32
:
"32 /opt/bitnami/apps/dreamfactory/htdocs/bootstrap/cache/compiled.php(7875): Illuminate\Pipeline\Pipeline->then(Object(Closure))"
33
:
"33 /opt/bitnami/apps/dreamfactory/htdocs/bootstrap/cache/compiled.php(7866): Illuminate\Routing\Router->runRouteWithinStack(Object(Illuminate\Routing\Route), Object(Illuminate\Http\Request))"
34
:
"34 /opt/bitnami/apps/dreamfactory/htdocs/bootstrap/cache/compiled.php(7856): Illuminate\Routing\Router->dispatchToRoute(Object(Illuminate\Http\Request))"
35
:
"35 /opt/bitnami/apps/dreamfactory/htdocs/bootstrap/cache/compiled.php(2400): Illuminate\Routing\Router->dispatch(Object(Illuminate\Http\Request))"
36
:
"36 [internal function]: Illuminate\Foundation\Http\Kernel->Illuminate\Foundation\Http\{closure}(Object(Illuminate\Http\Request))"
37
:
"37 /opt/bitnami/apps/dreamfactory/htdocs/vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php(52): call_user_func(Object(Closure), Object(Illuminate\Http\Request))"
38
:
"38 /opt/bitnami/apps/dreamfactory/htdocs/app/Http/Middleware/AuthCheck.php(178): Illuminate\Routing\Pipeline->Illuminate\Routing\{closure}(Object(Illuminate\Http\Request))"
39
:
"39 [internal function]: DreamFactory\Http\Middleware\AuthCheck->handle(Object(Illuminate\Http\Request), Object(Closure))"
40
:
"40 /opt/bitnami/apps/dreamfactory/htdocs/bootstrap/cache/compiled.php(9609): call_user_func_array(Array, Array)"
41
:
"41 [internal function]: Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}(Object(Illuminate\Http\Request))"
42
:
"42 /opt/bitnami/apps/dreamfactory/htdocs/vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php(32): call_user_func(Object(Closure), Object(Illuminate\Http\Request))"
43
:
"43 /opt/bitnami/apps/dreamfactory/htdocs/vendor/barryvdh/laravel-cors/src/HandleCors.php(42): Illuminate\Routing\Pipeline->Illuminate\Routing\{closure}(Object(Illuminate\Http\Request))"
44
:
"44 [internal function]: Barryvdh\Cors\HandleCors->handle(Object(Illuminate\Http\Request), Object(Closure))"
45
:
"45 /opt/bitnami/apps/dreamfactory/htdocs/bootstrap/cache/compiled.php(9609): call_user_func_array(Array, Array)"
46
:
"46 [internal function]: Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}(Object(Illuminate\Http\Request))"
47
:
"47 /opt/bitnami/apps/dreamfactory/htdocs/vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php(32): call_user_func(Object(Closure), Object(Illuminate\Http\Request))"
48
:
"48 /opt/bitnami/apps/dreamfactory/htdocs/bootstrap/cache/compiled.php(17255): Illuminate\Routing\Pipeline->Illuminate\Routing\{closure}(Object(Illuminate\Http\Request))"
49
:
"49 [internal function]: DreamFactory\Http\Middleware\FirstUserCheck->handle(Object(Illuminate\Http\Request), Object(Closure))"
50
:
"50 /opt/bitnami/apps/dreamfactory/htdocs/bootstrap/cache/compiled.php(9609): call_user_func_array(Array, Array)"
51
:
"51 [internal function]: Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}(Object(Illuminate\Http\Request))"
52
:
"52 /opt/bitnami/apps/dreamfactory/htdocs/vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php(32): call_user_func(Object(Closure), Object(Illuminate\Http\Request))"
53
:
"53 /opt/bitnami/apps/dreamfactory/htdocs/bootstrap/cache/compiled.php(13048): Illuminate\Routing\Pipeline->Illuminate\Routing\{closure}(Object(Illuminate\Http\Request))"
54
:
"54 [internal function]: Illuminate\View\Middleware\ShareErrorsFromSession->handle(Object(Illuminate\Http\Request), Object(Closure))"
55
:
"55 /opt/bitnami/apps/dreamfactory/htdocs/bootstrap/cache/compiled.php(9609): call_user_func_array(Array, Array)"
56
:
"56 [internal function]: Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}(Object(Illuminate\Http\Request))"
57
:
"57 /opt/bitnami/apps/dreamfactory/htdocs/vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php(32): call_user_func(Object(Closure), Object(Illuminate\Http\Request))"
58
:
"58 /opt/bitnami/apps/dreamfactory/htdocs/bootstrap/cache/compiled.php(11594): Illuminate\Routing\Pipeline->Illuminate\Routing\{closure}(Object(Illuminate\Http\Request))"
59
:
"59 [internal function]: Illuminate\Session\Middleware\StartSession->handle(Object(Illuminate\Http\Request), Object(Closure))"
60
:
"60 /opt/bitnami/apps/dreamfactory/htdocs/bootstrap/cache/compiled.php(9609): call_user_func_array(Array, Array)"
61
:
"61 [internal function]: Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}(Object(Illuminate\Http\Request))"
62
:
"62 /opt/bitnami/apps/dreamfactory/htdocs/vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php(32): call_user_func(Object(Closure), Object(Illuminate\Http\Request))"
63
:
"63 /opt/bitnami/apps/dreamfactory/htdocs/bootstrap/cache/compiled.php(12787): Illuminate\Routing\Pipeline->Illuminate\Routing\{closure}(Object(Illuminate\Http\Request))"
64
:
"64 [internal function]: Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse->handle(Object(Illuminate\Http\Request), Object(Closure))"
65
:
"65 /opt/bitnami/apps/dreamfactory/htdocs/bootstrap/cache/compiled.php(9609): call_user_func_array(Array, Array)"
66
:
"66 [internal function]: Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}(Object(Illuminate\Http\Request))"
67
:
"67 /opt/bitnami/apps/dreamfactory/htdocs/vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php(32): call_user_func(Object(Closure), Object(Illuminate\Http\Request))"
68
:
"68 /opt/bitnami/apps/dreamfactory/htdocs/bootstrap/cache/compiled.php(12724): Illuminate\Routing\Pipeline->Illuminate\Routing\{closure}(Object(Illuminate\Http\Request))"
69
:
"69 [internal function]: Illuminate\Cookie\Middleware\EncryptCookies->handle(Object(Illuminate\Http\Request), Object(Closure))"
70
:
"70 /opt/bitnami/apps/dreamfactory/htdocs/bootstrap/cache/compiled.php(9609): call_user_func_array(Array, Array)"
71
:
"71 [internal function]: Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}(Object(Illuminate\Http\Request))"
72
:
"72 /opt/bitnami/apps/dreamfactory/htdocs/vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php(32): call_user_func(Object(Closure), Object(Illuminate\Http\Request))"
73
:
"73 /opt/bitnami/apps/dreamfactory/htdocs/bootstrap/cache/compiled.php(3250): Illuminate\Routing\Pipeline->Illuminate\Routing\{closure}(Object(Illuminate\Http\Request))"
74
:
"74 [internal function]: Illuminate\Foundation\Http\Middleware\CheckForMaintenanceMode->handle(Object(Illuminate\Http\Request), Object(Closure))"
75
:
"75 /opt/bitnami/apps/dreamfactory/htdocs/bootstrap/cache/compiled.php(9609): call_user_func_array(Array, Array)"
76
:
"76 [internal function]: Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}(Object(Illuminate\Http\Request))"
77
:
"77 /opt/bitnami/apps/dreamfactory/htdocs/vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php(32): call_user_func(Object(Closure), Object(Illuminate\Http\Request))"
78
:
"78 [internal function]: Illuminate\Routing\Pipeline->Illuminate\Routing\{closure}(Object(Illuminate\Http\Request))"
79
:
"79 /opt/bitnami/apps/dreamfactory/htdocs/bootstrap/cache/compiled.php(9594): call_user_func(Object(Closure), Object(Illuminate\Http\Request))"
80
:
"80 /opt/bitnami/apps/dreamfactory/htdocs/bootstrap/cache/compiled.php(2347): Illuminate\Pipeline\Pipeline->then(Object(Closure))"
81
:
"81 /opt/bitnami/apps/dreamfactory/htdocs/bootstrap/cache/compiled.php(2331): Illuminate\Foundation\Http\Kernel->sendRequestThroughRouter(Object(Illuminate\Http\Request))"
82
:
"82 /opt/bitnami/apps/dreamfactory/htdocs/public/index.php(53): Illuminate\Foundation\Http\Kernel->handle(Object(Illuminate\Http\Request))"
83
:
"83 {main}"
2

Any update on this? I have the same problem with both password change and password reset, that token is getting blacklisten. I do not send session on reset, but I do on password change. It usually works to do a reset one time, but the next time I do a reset with the same account, the token gets blacklisted and I cant change the password of that account anymore. Not even from within the DF Admin panel, logged in as an admin.

3

Hello @goblin

Just checking in to see if you are still running into this issue or if it has been resolved?

Thanks,
@AlexBowen

4

Hi Alex,

No, the issues are still there. The blacklisting exist on change passwords requests, sending in X-DreamFactory-Session-Token, X-DreamFactory-Api-Ke, Content-Type ‘old_password’ and ‘new_password’ will instantly blacklist the token. However, when I send this though Postman, it works.

And sending in a password reset POST with ‘email’, ‘code’, and ‘new_password’ (without session). This works the first time, and sometimes a couple of times, but it will always get blacklisted in the end which basically makes the user password “locked”. No one can change it after the token has been blacklisted, not even from the admin panel. However, the user can still log in with the old password. Since it works the first time(s) with a user, and using the exact same code to do it multiple times, I’m pretty sure this is a bug within Dreamfactory that needs to be investigated. Both the password reset and password changes are done in the browser using React and Superagent for making the API calls. I have tried swapping out Superagent for Axios and Fetch, and still getting the same results. I have logged everything to the console to validate every field of data and I’m sending in the same data as with Postman. At least those three header properties and the body. Since it works in Postman, there has to be some issues with how Dreamfactory handles API calls from browsers. I can also see that you have no code examples for resetting or changing passwords in your repos. Have you got any working code samples that handle both password reset and password change from a browser based application, preferably React?

1 Like
5

@AlexBowen We found the issue, and it was cause by sending a PUT request to refresh the current session instead of GET. It now works as it should. Thanks!

2 Likes
6

Great @goblin! Thanks for the update. Glad everything worked out.

Best,
@AlexBowen

7

Hi @goblin

How do you refresh a session using a GET request? I thought PUT was the only way (as explained in https://wiki.dreamfactory.com/DreamFactory/Tutorials/Refreshing_a_JWT)

Thanks in advance!

8

So has anyone confirmed why using PUT to refresh JWT (forever) token breaks the ability to do a password reset? Especially when password reset API doesn’t even require a token.

Upon further investigation (looking directly at the code) I don’t see how the above solution could work. Doing GET on user/session does not do anything with JWT.

The code shows that GET is reserved to handle OAUTH login as far as I can tell.

{
    const RESOURCE_NAME = 'session';
    /**
     * Gets basic user session data and performs OAuth login redirect.
     *
     * @return array
     * @throws \DreamFactory\Core\Exceptions\BadRequestException
     * @throws \DreamFactory\Core\Exceptions\UnauthorizedException
     */
    protected function handleGET()
    {
        $serviceName = $this->getOAuthServiceName();
        if (!empty($serviceName)) {
            /** @type BaseOAuthService $service */
            $service = ServiceManager::getService($serviceName);
            $serviceGroup = $service->getServiceTypeInfo()->getGroup();
            if ($serviceGroup !== ServiceTypeGroups::OAUTH) {
                throw new BadRequestException('Invalid login service provided. Please use an OAuth service.');
            }
            return $service->handleLogin($this->request->getDriver());
        }
        return Session::getPublicInfo();
    }

I will keep looking as I suspect the problem is the usage of JWT refresh on a forever token. I think use of PUT to refresh a token should not be used at all for forever tokens; will follow up.