You are viewing a plain text version of this content. The canonical link for it is here.

Posted to server-dev@james.apache.org by "Karsten Otto (Jira)" <se...@james.apache.org> on 2021/11/10 13:07:00 UTC

[jira] [Created] (JAMES-3667) Verify user credentials via WebAdmin

Karsten Otto created JAMES-3667:
-----------------------------------

             Summary: Verify user credentials via WebAdmin
                 Key: JAMES-3667
                 URL: https://issues.apache.org/jira/browse/JAMES-3667
             Project: James Server
          Issue Type: Improvement
          Components: webadmin
    Affects Versions: master
            Reporter: Karsten Otto


Extend the WebAdmin interface with a route to verify a username/password combination: 

{{curl -XPOST http://ip:port/users/usernameToBeUsed \}}
{{ -d '\{"password":"passwordToBeVerified"}' \}}
{{ -H "Content-Type: application/json"}}

The route reports 204 on success and 401 on failure. There is intentionally no distinction for non-existing users, to prevent a username oracle attack through this route.

Adding such a feature is useful for integrating James with 3rd party services, e.g. a web admin GUI.

T-Shirt size M.



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

---------------------------------------------------------------------
To unsubscribe, e-mail: server-dev-unsubscribe@james.apache.org
For additional commands, e-mail: server-dev-help@james.apache.org