Benoit Tellier created JAMES-3468:
-------------------------------------
Summary: Webadmin user should reject inserts of already existing
users.
Key: JAMES-3468
URL: https://issues.apache.org/jira/browse/JAMES-3468
Project: James Server
Issue Type: Improvement
Components: webadmin
Reporter: Benoit Tellier
https://www.mail-archive.com/server-dev@james.apache.org/msg69167.html
> > So from a user perspective adding a user would always succeed. But would
> it
> > succeed by doing nothing (the current behaviour in silencing the
> > AlreadyExist exception) or would it succeed by effectively overwriting
> the
> > user (in a last write wins manner) ?
>
> Webadmin so far overwrite the user (and its password) in a last write
> win manner.
>
That sounds really scary
> - Either we need to distinguish "create" from "update" within the
> webadmin API
>
Well that would definitely have my vote : as an admin operator I *never*
want to accidentally overwrite an existing user when trying to create a new
one (with the possible exception of retrying a create operation that just
timeouted, in which case my first reflex would be to execute a read to try
and make sure that the operation that just failed hasn't actually succeeded)
Proposal:
{code:java}
curl -XPUT url/users/b...@apache.org -d '{"password":"123456"}'
=> 409 if user already exist
curl -XPUT url/users/b...@apache.org&force -d '{"password":"123456"}'
=> 204 all the time, we can use it to reset passwords
{code}
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: server-dev-unsubscr...@james.apache.org
For additional commands, e-mail: server-dev-h...@james.apache.org
