Looks like there's no opposition to this. I will go ahead and remove that line from the MVP.
Thanks for the feedback! On Thu, Oct 26, 2017 at 11:37 AM, Brian Bouterse <[email protected]> wrote: > +1 to all this. > > Feel free to make the change on the MVP page. > > On Thu, Oct 26, 2017 at 8:57 AM, Jeff Ortel <[email protected]> wrote: > >> +1 >> >> On 10/25/2017 07:04 PM, Bihan Zhang wrote: >> > Currently the jwt reset is accomplished through a write_only >> reset_jwt_secret field passed to the >> > //api/v3/users/{username}// endpoint. Since this field does not exist >> on our model it would have to be deleted >> > before model create/update is called, the fact that it is not is >> causing issue #3075 to occur. >> > >> > >> > On a comment in #3075 [1] I suggested creating a controller URI to >> mitigate this problem, but this would go >> > against a MVP use case of >> > >> > As an autheticated user, I can invalidate a user's JWTs in the same >> operation as updating the password. [done] >> > >> > I would like to propose that we remove this MVP use case since the >> current implementation (and I believe any >> > implementation that allows jwt resets to be accomplished at the >> //api/v3/users/{username}// URI) tunnels the >> > endpoint and "uses a single URI to POST to, and varying messages to >> express differing intents" [2] >> > >> > The user could instead make a call to update their password and another >> (maybe >> > at //api/v3/users/{username}/jwt/ ) to reset their JWT secret. >> > >> > Thoughts? >> > >> > [0] https://pulp.plan.io/issues/3075 >> > [1] https://pulp.plan.io/issues/3075#note-3 >> > [2] https://www.infoq.com/articles/rest-anti-patterns >> > >> > >> > _______________________________________________ >> > Pulp-dev mailing list >> > [email protected] >> > https://www.redhat.com/mailman/listinfo/pulp-dev >> > >> >> >> _______________________________________________ >> Pulp-dev mailing list >> [email protected] >> https://www.redhat.com/mailman/listinfo/pulp-dev >> >> > > _______________________________________________ > Pulp-dev mailing list > [email protected] > https://www.redhat.com/mailman/listinfo/pulp-dev > >
_______________________________________________ Pulp-dev mailing list [email protected] https://www.redhat.com/mailman/listinfo/pulp-dev
