[ https://issues.apache.org/jira/browse/SYNCOPE-324?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13585378#comment-13585378 ]
Francesco Chicchiriccò commented on SYNCOPE-324: ------------------------------------------------ Have you taken a look at UserServiceImpl#read(username) that currently just calls UserController#read(username) ? This latter method has security authorization "#username == authentication.name or hasRole('USER_READ')", e.g. can be accessed for self reading or for administrative purpose, naturally uèon successful authentication, and returns an UserTO object. This means that UserService#read(username) covers the use case described in this issue's description, except for the HTTP status returned when not providing the correct password, e.g. 401 UNAUTHORIZED instead of 404. Moreover, I think that verifyPassword() could even be misleading in the future, when we will extend and make configurable the authentication mechanisms. Why don't just remove verifyPassword, then, and use read(username) instead? > Return User instead of Boolean from REST username + password query > ------------------------------------------------------------------ > > Key: SYNCOPE-324 > URL: https://issues.apache.org/jira/browse/SYNCOPE-324 > Project: Syncope > Issue Type: Improvement > Reporter: Colm O hEigeartaigh > Fix For: 1.1.0 > > > The REST API GET /users?username={username}&pwd={password} currently returns > a boolean. This task is to return the User instead, as per the mailing list > discussion here: > http://syncope-dev.1063484.n5.nabble.com/API-query-td5712965.html > If authentication is successful we should return 200 OK, if authentication > fails we should return 404 NOT FOUND. > Caching should be disabled for this URL. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira