You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@syncope.apache.org by "Francesco Chicchiriccò (JIRA)" <ji...@apache.org> on 2013/02/24 15:28:13 UTC

[jira] [Commented] (SYNCOPE-324) Return User instead of Boolean from REST username + password query

    [ https://issues.apache.org/jira/browse/SYNCOPE-324?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13585378#comment-13585378 ] 

Francesco Chicchiriccò commented on SYNCOPE-324:
------------------------------------------------

Have you taken a look at UserServiceImpl#read(username) that currently just calls UserController#read(username) ?
This latter method has security authorization "#username == authentication.name or hasRole('USER_READ')", e.g. can be accessed for self reading or for administrative purpose, naturally uèon successful authentication, and returns an UserTO object.

This means that UserService#read(username) covers the use case described in this issue's description, except for the HTTP status returned when not providing the correct password, e.g. 401 UNAUTHORIZED instead of 404.

Moreover, I think that verifyPassword() could even be misleading in the future, when we will extend and make configurable the authentication mechanisms.

Why don't just remove verifyPassword, then, and use read(username) instead?
                
> Return User instead of Boolean from REST username + password query
> ------------------------------------------------------------------
>
>                 Key: SYNCOPE-324
>                 URL: https://issues.apache.org/jira/browse/SYNCOPE-324
>             Project: Syncope
>          Issue Type: Improvement
>            Reporter: Colm O hEigeartaigh
>             Fix For: 1.1.0
>
>
> The REST API GET /users?username={username}&pwd={password} currently returns a boolean. This task is to return the User instead, as per the mailing list discussion here:
> http://syncope-dev.1063484.n5.nabble.com/API-query-td5712965.html
> If authentication is successful we should return 200 OK, if authentication fails we should return 404 NOT FOUND. 
> Caching should be disabled for this URL.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira