Uploaded image for project: 'OpenNMS'
  1. OpenNMS
  2. NMS-6470

Encrypt the password in REST API POST endpoint /opennms/rest/users

    XMLWordPrintable

    Details

    • Sprint:
      Horizon 2020 - July 8, Horizon 2020 - July 22

      Description

      The ReST interface doesn't encrypt or hash the password you supply via POST when creating a user. The WebUI obviously does this for you, and I can't imagine why you wouldn't want the REST API to do it for you as well so here's a patch. Even respects the salt attribute to preserve the ability to use the old crappy uppercase MD5 algorithm.

      To accomplish this I'm using UserManager.saveUser(String name, User details) rather than UserManager.save(OnmsUser user). I suppose the same could be accomplished by modifying UserManager.save(OnmsUser user) but I didn't want to mess with that in case something else depended on that functionality.

      Includes the appropriate change to the unit test.

        Attachments

          Activity

            People

            Assignee:
            ranger Benjamin Reed
            Reporter:
            schlend David Schlenk
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: