Skip to:

  1. Skip to Jira Navigation
  2. Skip to Side Navigation
  3. Skip to Main Content

Encrypt the password in REST API POST endpoint /opennms/rest/users

Description

The ReST interface doesn't encrypt or hash the password you supply via POST when creating a user. The WebUI obviously does this for you, and I can't imagine why you wouldn't want the REST API to do it for you as well so here's a patch. Even respects the salt attribute to preserve the ability to use the old crappy uppercase MD5 algorithm.

To accomplish this I'm using UserManager.saveUser(String name, User details) rather than UserManager.save(OnmsUser user). I suppose the same could be accomplished by modifying UserManager.save(OnmsUser user) but I didn't want to mess with that in case something else depended on that functionality.

Includes the appropriate change to the unit test.

Acceptance / Success Criteria

None

Attachments

1

Lucidchart Diagrams

Activity

Show:

Benjamin Reed July 22, 2020 at 6:42 PM

Merged to foundation-2019

Benjamin Reed July 21, 2020 at 6:41 PM

I ended up doing this slightly differently by using a URL parameter so there are no actual model changes, just a change in behavior based on the optional hashPassword= query parm.

PR: https://github.com/OpenNMS/opennms/pull/3075

David Schlenk March 18, 2014 at 7:45 PM

This version of the patch actually passes the unit test!

David Schlenk March 18, 2014 at 7:28 PM

Thinking about it a bit more, probably should add an element to OnmsUser (or attribute to the existing password element) to indicate if this behavior is desired since others may be relying on the existing behavior. Ping me if you want me to make a new patch that does this - I'd be happy to.

Fixed

Details

Assignee

Reporter

Labels

Components

Sprint

Fix versions

Affects versions

Priority

PagerDuty

Created March 18, 2014 at 7:00 PM
Updated July 22, 2020 at 6:42 PM
Resolved July 22, 2020 at 6:42 PM