Dmitriy, Yes, sound reasonable to add "authenticate" command and require token for all subsequent commands.
Will update issue description. On Tue, Apr 10, 2018 at 2:43 PM, Dmitriy Setrakyan <dsetrak...@apache.org> wrote: > On Tue, Apr 10, 2018 at 12:28 AM, Alexey Kuznetsov <akuznet...@apache.org> > wrote: > > > Dmitriy, > > > > Yes, because we have a command "Add new user" and this command can be > > executed only with credentials of some "admin" user. > > > > It means, that in one command you need to specify name of new user and > > "admin" credentials at the same time.? > > > > If you have any ideas how we can handle this - I will be glad to discuss > > it. > > > > I am not sure if I agree with the approach you have suggested. In my view, > we should have "authenticate" command, which should ask for the username > and password. Once the user is authenticated and logged in, you should use > the session token to perform all other commands. We should NOT be > authenticating users on every command. > > If you follow this approach, then the command for adding a new user should > require any authentication. > > Makes sense? > > D. > -- Alexey Kuznetsov
