Password confirmation is required (API)

Hi

I’m developing a small app to do some task in my Nextcloud instance using the API and the WebDav interface.

Most of the things work ok but when I try to change for example an user email it always fails. The request response is:

<ocs>
 <meta>
  <status>failure</status>
  <statuscode>403</statuscode>
  <message>Password confirmation is required</message>
  <totalitems></totalitems>
  <itemsperpage></itemsperpage>
 </meta>
 <data/>
</ocs>

I’ve tried with Postman and same response, normally I use Basic Authentication but just to give it a try I’ve created an app token, change to Bearer Authentication, same response.

But If i just use curl from the command line, it works, example:

curl -X PUT https://myuser:mypwd@my.instance.com/test/ocs/v1.php/cloud/users/test -d key="email" -d value="x@x.com" -H "OCS-APIRequest: true"

Why if I use a regular PUT request it asks for the password confirmation?

I’ve read some posts with similar questions but no one seems to have a concrete solution

Thanks in advance

So, this CURL request you write was extracted from Postman?

You could verify the headers (look at curl -v as well as the web dev tools in postman) to see if there was a discrepancy.

I first guessed it is a problem with the OCS-APIRequest header.

Chris

Hi, the curl does not come from Postman, I’ve use it just for testing.

The header OCS… is right, without it the error is different.

OK, I looked a bit into the code. I think I found something but I am not sure as not all pieces fall into a correct spot.

Are you trying to change the currently logged in user’s mail or (as an admin) the mail address from another user?

Can you please let Postman create a curl request for the request in question? You can hide password, user name, and host if you like as well as session cookies. Let’s have a look what there the difference is.

I can (if I know more details) also run this against my test instance and see if I can debug it further.

Chris