+1 to all this. Feel free to make the change on the MVP page.
On Thu, Oct 26, 2017 at 8:57 AM, Jeff Ortel <[email protected]> wrote: > +1 > > On 10/25/2017 07:04 PM, Bihan Zhang wrote: > > Currently the jwt reset is accomplished through a write_only > reset_jwt_secret field passed to the > > //api/v3/users/{username}// endpoint. Since this field does not exist on > our model it would have to be deleted > > before model create/update is called, the fact that it is not is causing > issue #3075 to occur. > > > > > > On a comment in #3075 [1] I suggested creating a controller URI to > mitigate this problem, but this would go > > against a MVP use case of > > > > As an autheticated user, I can invalidate a user's JWTs in the same > operation as updating the password. [done] > > > > I would like to propose that we remove this MVP use case since the > current implementation (and I believe any > > implementation that allows jwt resets to be accomplished at the > //api/v3/users/{username}// URI) tunnels the > > endpoint and "uses a single URI to POST to, and varying messages to > express differing intents" [2] > > > > The user could instead make a call to update their password and another > (maybe > > at //api/v3/users/{username}/jwt/ ) to reset their JWT secret. > > > > Thoughts? > > > > [0] https://pulp.plan.io/issues/3075 > > [1] https://pulp.plan.io/issues/3075#note-3 > > [2] https://www.infoq.com/articles/rest-anti-patterns > > > > > > _______________________________________________ > > Pulp-dev mailing list > > [email protected] > > https://www.redhat.com/mailman/listinfo/pulp-dev > > > > > _______________________________________________ > Pulp-dev mailing list > [email protected] > https://www.redhat.com/mailman/listinfo/pulp-dev > >
_______________________________________________ Pulp-dev mailing list [email protected] https://www.redhat.com/mailman/listinfo/pulp-dev
