[
https://issues.apache.org/jira/browse/SYNCOPE-324?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13585378#comment-13585378
]
Francesco Chicchiriccò commented on SYNCOPE-324:
------------------------------------------------
Have you taken a look at UserServiceImpl#read(username) that currently just
calls UserController#read(username) ?
This latter method has security authorization "#username == authentication.name
or hasRole('USER_READ')", e.g. can be accessed for self reading or for
administrative purpose, naturally uèon successful authentication, and returns
an UserTO object.
This means that UserService#read(username) covers the use case described in
this issue's description, except for the HTTP status returned when not
providing the correct password, e.g. 401 UNAUTHORIZED instead of 404.
Moreover, I think that verifyPassword() could even be misleading in the future,
when we will extend and make configurable the authentication mechanisms.
Why don't just remove verifyPassword, then, and use read(username) instead?
> Return User instead of Boolean from REST username + password query
> ------------------------------------------------------------------
>
> Key: SYNCOPE-324
> URL: https://issues.apache.org/jira/browse/SYNCOPE-324
> Project: Syncope
> Issue Type: Improvement
> Reporter: Colm O hEigeartaigh
> Fix For: 1.1.0
>
>
> The REST API GET /users?username={username}&pwd={password} currently returns
> a boolean. This task is to return the User instead, as per the mailing list
> discussion here:
> http://syncope-dev.1063484.n5.nabble.com/API-query-td5712965.html
> If authentication is successful we should return 200 OK, if authentication
> fails we should return 404 NOT FOUND.
> Caching should be disabled for this URL.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
