My colleague disabled the user "anonymous" and now the application is unusable. It appears that some services are running, but anytime you attempt to access any UI, it simply displays a Stackoverflow error. Obviously, we'd like to reenable that user but the useradmin UI doesn't work.
I believe if he had deleted the user it would have automatically been recreated, but he disabled it.
We've tried some different curl commands to delete or reenable the user but are getting 500 response on everything we've tried.
I think this can be recovered easily if we can identify the anonymous user location under /home/users using logs or somwhere in felix console(i think we could but would have check again) and write a groovy script to switch the flag to enable this anonymous user and make system usable again.
There is a not in our official docs that we should not delete/disable the anonymous user so educate the users to avoid changing it’s properties.
That's a nice trick!
Below are two groovy scripts which would've to modified accordingly--
I'm not sure if OOB, 'anonymous' user would always have the same hash and under same path? It would make lives much more easy... We can test it with a couple of fresh installations to find a pattern and go ahead with that.
The anonymous user can be re-enabled programatically using CURL
Determine the path to the anonymous user. eg: grep the error.log for "POST /home/user " and try and determine the path to that user.
For example say it is : /home/users/-/-W27FKy-6dKSFr2v6Aue
Once you have the path, you can reenable the anonymous user by performing the following CURL command
curl -u admin:admin -F "disableUser=" http://localhost:6330/home/users/-/-W27FKy-6dKSFr2v6Aue
If you are on later aem versions, user paths are randomized. In this case, we won’t need the has as we are changing any password or decrypting stuff. Although we just need to find the anonymous user using the first admin script you mentioned. Once you identify this path, we can switch its properties to renable the user using nodeBuilder or similar api
If you can’t get a script running, let me know maybe I can provide one later this week.
Tested and verified that the CURL command works on AEM 6.3, 6.4, 6.5
1) find the logging statement that includes the POST that disabled the user. It will look like the following :
06.02.2019 14:06:07.938 *INFO* [0:0:0:0:0:0:0:1  POST /home/users/L/LKiH_WI-Bp_PmPHPbVLC.rw.userprops.html HTTP/1.1] com.adobe.granite.security.user.internal.servlets.AuthorizableServlet Edit User 'anonymous' operation initiated by User 'admin' (administrator)
curl -u admin:admin -F "disableUser=" http://localhost:6501/home/users/L/LKiH_WI-Bp_PmPHPbVLC
Hi guys. It looks to me that several of these answers are likely correct, but we found a slightly different approach
curl -u admin:admin 'http://localhost:4502/home/users/O/OPYCNCDeCOsijvtpS0J5.rw.userprops.html' --data '.&disableUser=&_charset_=utf-8' --compressed