Benoit Tellier created JAMES-3468: ------------------------------------- Summary: Webadmin user should reject inserts of already existing users. Key: JAMES-3468 URL: https://issues.apache.org/jira/browse/JAMES-3468 Project: James Server Issue Type: Improvement Components: webadmin Reporter: Benoit Tellier
https://www.mail-archive.com/server-dev@james.apache.org/msg69167.html > > So from a user perspective adding a user would always succeed. But would > it > > succeed by doing nothing (the current behaviour in silencing the > > AlreadyExist exception) or would it succeed by effectively overwriting > the > > user (in a last write wins manner) ? > > Webadmin so far overwrite the user (and its password) in a last write > win manner. > That sounds really scary > - Either we need to distinguish "create" from "update" within the > webadmin API > Well that would definitely have my vote : as an admin operator I *never* want to accidentally overwrite an existing user when trying to create a new one (with the possible exception of retrying a create operation that just timeouted, in which case my first reflex would be to execute a read to try and make sure that the operation that just failed hasn't actually succeeded) Proposal: {code:java} curl -XPUT url/users/b...@apache.org -d '{"password":"123456"}' => 409 if user already exist curl -XPUT url/users/b...@apache.org&force -d '{"password":"123456"}' => 204 all the time, we can use it to reset passwords {code} -- This message was sent by Atlassian Jira (v8.3.4#803005) --------------------------------------------------------------------- To unsubscribe, e-mail: server-dev-unsubscr...@james.apache.org For additional commands, e-mail: server-dev-h...@james.apache.org