Webservices Module user.getEmail() method, can't be found

Am wondering why in the rest webservices module shows that it can’t find user.email column, I have cross checked in the openmrs core user model has got email attribute. Here is error log. [INFO] ------------------------------------------------------------------------ - Pastebin.com

CC: @dkayiwa

Because that field was introduced in OpenMRS platform version 2.2 and you are probably depending on a lower version. openmrs-core/User.java at 2.2.0 · openmrs/openmrs-core · GitHub

So should I leave out validating with email for now? Or there is another way of handling it

I completely have no idea about what you are working on.

Am working on this ticket [RESTWS-885] Reset password REST endpoint requires privileges - OpenMRS Issues

Doing this in the RestHelperService is what’s causing the error. That service is not version specific, so when you run the tests it tests against the earliest supported version (OpenMRS 1.9) which does not support the user email property.

This issue should be fixed by adding a method to the user service in core that will allow looking-up a user by email address without authentication (although, honestly, I feel a little iffy about that; in my view, the right implementation of this would be to submit the email address to some kind of daemon service that can do the look-up and send a password reset email if the user if found… Otherwise, we’re creating an API that will allow an unauthenticated user to enumerate all the users in an OpenMRS instance…)

Thank you @ibacher , Where will I implement the daemon service in the core or webservices module

how will the service receive the payload if we are to leave out the endpoint

I didn’t really think this all the way through, but I’d probably imagine just having a service class that uses a table as a message queue and something like a scheduled task that consumes them… That could actually go in it’s own module. IIRC, @mseaton was looking into a standard authentication module for OpenMRS where this might be a good fit. It definitely doesn’t go in the REST module.

Oh, Okay I think let me bring up the discussion in the TAC call today

CC: @mseaton

Over the TAC call, team suggested to create a password reset method in the Openmrs core Daemon class openmrs-core/Daemon.java at master · openmrs/openmrs-core · GitHub or transfer this functionality to openmrs Authentication module GitHub - openmrs/openmrs-module-authentication: Extended authentication support for OpenMRS

CC: @burke @dkayiwa @ibacher @mseaton @mogoodrich

Dear @mseaton, I was inquiring if I should transfer the endpoint from rest service module to authentication module. Also do we have email notifications implemented anywhere, I want to create a background thread which will sending out a reset password link to the user’s mail within the authentication module

cc: @ibacher

I wasn’t on the TAC call where this was discussed, so would be good to recap what was decided. Did we decide this should live in the authentication module and not in core?

The absolutely simplest thing to do in the short term would be to add an (or fix an existing) endpoint in the REST module for requesting a password reset, where this endpoint would use a limited set of proxy privileges to look up the user and, if there is a valid email account associated with the user, set an activation key and sends the user and email with this.

This avoids the problematic, and undesirable, option of allowing unauthenticated access to what users are in the system, while allowing a targeted, specific use case to work without throwing an authentication error.

@abertnamanya / @ibacher / @burke / @dkayiwa

Mike

This makes sense to me. The only slight modification that i would make to it is that instead of using proxy privileges, i would just run it in a daemon thread as here: openmrs-module-oauth2login/OAuth2UserInfoAuthenticationScheme.java at 1.0.0 · openmrs/openmrs-module-oauth2login · GitHub

Thank you @dkayiwa , I did run the service with the thread so it didn’t request for privileges again but there is this error that am getting

I cross checked the user object that is being passed to setUserActivationKey method. I couldn’t find where the null exception is coming from.

I also cannot tell without looking at your code. :slight_smile:

Sorry Here is the PR RESTWS-885: Reset password REST endpoint requires privileges by abertnamanya · Pull Request #563 · openmrs/openmrs-module-webservices.rest · GitHub

I have put comments on GitHub.