[NMS-6470] Encrypt the password in REST API POST endpoint /opennms/rest/users - The OpenNMS Issue Tracker

XML

Word

Printable

Details

Type: Enhancement
Status: Resolved (View Workflow)
Priority: Minor
Resolution: Fixed
Affects Version/s: 1.12.5
Fix Version/s: Meridian-2019.1.10, 26.1.3
Component/s: REST
Security Level: Default (Default Security Scheme)
Labels:

Sprint:
Horizon 2020 - July 8, Horizon 2020 - July 22

Description

The ReST interface doesn't encrypt or hash the password you supply via POST when creating a user. The WebUI obviously does this for you, and I can't imagine why you wouldn't want the REST API to do it for you as well so here's a patch. Even respects the salt attribute to preserve the ability to use the old crappy uppercase MD5 algorithm.

To accomplish this I'm using UserManager.saveUser(String name, User details) rather than UserManager.save(OnmsUser user). I suppose the same could be accomplished by modifying UserManager.save(OnmsUser user) but I didn't want to mess with that in case something else depended on that functionality.

Includes the appropriate change to the unit test.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List
- Download All

Add-password-encryption-hashing-to-UserRestService.patch
3 kB
18/Mar/14 7:45 PM

Activity

People

Assignee:: Benjamin Reed

Reporter:: David Schlenk

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 18/Mar/14 7:00 PM

Updated:: 22/Jul/20 6:42 PM

Resolved:: 22/Jul/20 6:42 PM