[GitHub] [trafficcontrol] ocket8888 opened a new pull request, #6832: Make users use same representation across endpoints

Fri, 13 May 2022 21:11:53 -0700 


ocket8888 opened a new pull request, #6832:
URL: https://github.com/apache/trafficcontrol/pull/6832

   Fixes #6830 and fixes #6831 and fixes #6776 and fixes #6299. Note that #6776 
and #6229 are fixed only in APIv4, and remain in earlier versions.
   
   This PR eliminates a separate representation of users used solely for the 
`/user/current` endpoint. It makes the endpoint instead use the same 
representation as `/users` and `/users/{{ID}}`. It also fixes some bugs I 
uncovered in both the API and the docs while editing them for this change. It 
also removes the field `confirmLocalPasswd` from users - UIs should make sure 
that passwords that are input into `input[type=password]`s are what the user 
meant to type by asking them to repeat it. That isn't normally checked again by 
the server, and then also the password is stored twice in the database (but the 
only valid states for the data are ones where `confirmLocalPasswd` and 
`localPasswd` are degenerate so having both fields is functionally equivalent 
to having just one). For backwards compatibility, `/user/current` always 
updates `confirm_local_passwd` to the same value as `local_passwd` whenever the 
latter changes.
   
   
   <hr/>
   
   ## Which Traffic Control components are affected by this PR?
   - Documentation
   - Traffic Ops Client (Go)
   - Traffic Ops
   - CDN in a Box (enroller was affected)
   
   ## What is the best way to verify this PR?
   Make sure all existing tests still pass  - because of the way the client was 
implemented, the Go client/API integration tests needed remarkably few changes.
   
   Read the documentation, make sure it's accurate and complete.
   
   Update your user in Traffic Portal. Change your password, and also change 
something else, to make sure both still work.
   
   ## If this is a bugfix, which Traffic Control versions contained the bug?
   unknown
   
   ## PR submission checklist
   - [x] This PR has tests
   - [x] This PR has documentation
   - [x] This PR has a CHANGELOG.md entry
   - [x] This PR **DOES NOT FIX A SERIOUS SECURITY VULNERABILITY**


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to