Ivo Ladage - van Doorn created AMDATUAUTH-137:
-------------------------------------------------
Summary: UserAdmin 'create user' REST API not suited for password
restrictions
Key: AMDATUAUTH-137
URL: http://jira.amdatu.org/jira/browse/AMDATUAUTH-137
Project: Amdatu Auth
Issue Type: Improvement
Components: Authorization & authentication
Affects Versions: 0.2.1
Reporter: Ivo Ladage - van Doorn
Assignee: Ivo Ladage - van Doorn
Fix For: 0.2.2
In the UserAdmin REST API you can create a new user by a PUT to
rest/users/[name] which does not take any input. Passing the password is not
possible, and so a new user is always created without a password. The password
is updated in a separate POST to /rest/users/[name]/credentials/password, but
when that password does not meet the password policy a user is created without
a password, violating that very same policy.
In the current UI you end up with the situation that a new user is created but
setting the password is rejected. When you change the password and try again,
the system responds with an error that the user already exists.
So this API should be refactored a but to support password restrictions.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
http://jira.amdatu.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
_______________________________________________
Amdatu-developers mailing list
[email protected]
http://lists.amdatu.org/mailman/listinfo/amdatu-developers
