[ 
https://issues.apache.org/jira/browse/SYNCOPE-324?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13585378#comment-13585378
 ] 

Francesco Chicchiriccò commented on SYNCOPE-324:
------------------------------------------------

Have you taken a look at UserServiceImpl#read(username) that currently just 
calls UserController#read(username) ?
This latter method has security authorization "#username == authentication.name 
or hasRole('USER_READ')", e.g. can be accessed for self reading or for 
administrative purpose, naturally uèon successful authentication, and returns 
an UserTO object.

This means that UserService#read(username) covers the use case described in 
this issue's description, except for the HTTP status returned when not 
providing the correct password, e.g. 401 UNAUTHORIZED instead of 404.

Moreover, I think that verifyPassword() could even be misleading in the future, 
when we will extend and make configurable the authentication mechanisms.

Why don't just remove verifyPassword, then, and use read(username) instead?
                
> Return User instead of Boolean from REST username + password query
> ------------------------------------------------------------------
>
>                 Key: SYNCOPE-324
>                 URL: https://issues.apache.org/jira/browse/SYNCOPE-324
>             Project: Syncope
>          Issue Type: Improvement
>            Reporter: Colm O hEigeartaigh
>             Fix For: 1.1.0
>
>
> The REST API GET /users?username={username}&pwd={password} currently returns 
> a boolean. This task is to return the User instead, as per the mailing list 
> discussion here:
> http://syncope-dev.1063484.n5.nabble.com/API-query-td5712965.html
> If authentication is successful we should return 200 OK, if authentication 
> fails we should return 404 NOT FOUND. 
> Caching should be disabled for this URL.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Reply via email to