Details
-
Enhancement
-
Status: Resolved (View Workflow)
-
Minor
-
Resolution: Fixed
-
1.12.5
-
Security Level: Default (Default Security Scheme)
-
Horizon 2020 - July 8, Horizon 2020 - July 22
Description
The ReST interface doesn't encrypt or hash the password you supply via POST when creating a user. The WebUI obviously does this for you, and I can't imagine why you wouldn't want the REST API to do it for you as well so here's a patch. Even respects the salt attribute to preserve the ability to use the old crappy uppercase MD5 algorithm.
To accomplish this I'm using UserManager.saveUser(String name, User details) rather than UserManager.save(OnmsUser user). I suppose the same could be accomplished by modifying UserManager.save(OnmsUser user) but I didn't want to mess with that in case something else depended on that functionality.
Includes the appropriate change to the unit test.