Details
-
Type:
Enhancement
-
Status: Resolved (View Workflow)
-
Priority:
Minor
-
Resolution: Fixed
-
Affects Version/s: 1.12.5
-
Fix Version/s: Meridian-2019.1.10, 26.1.3
-
Component/s: REST
-
Security Level: Default (Default Security Scheme)
-
Labels:
-
Sprint:Horizon 2020 - July 8, Horizon 2020 - July 22
Description
The ReST interface doesn't encrypt or hash the password you supply via POST when creating a user. The WebUI obviously does this for you, and I can't imagine why you wouldn't want the REST API to do it for you as well so here's a patch. Even respects the salt attribute to preserve the ability to use the old crappy uppercase MD5 algorithm.
To accomplish this I'm using UserManager.saveUser(String name, User details) rather than UserManager.save(OnmsUser user). I suppose the same could be accomplished by modifying UserManager.save(OnmsUser user) but I didn't want to mess with that in case something else depended on that functionality.
Includes the appropriate change to the unit test.
