[ https://issues.apache.org/jira/browse/JAMES-3667?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Karsten Otto updated JAMES-3667: -------------------------------- Description: Extend the WebAdmin interface with a route to verify a username/password combination: {code:java} curl -XPOST http://ip:port/users/usernameToBeUsed/verify \ -d '{"password":"passwordToBeVerified"}' \ -H "Content-Type: application/json" {code} The route reports 204 on success and 401 on failure. There is intentionally no distinction for non-existing users, to prevent a username oracle attack through this route. Adding such a feature is useful for integrating James with 3rd party services, e.g. a web admin GUI. T-Shirt size M. was: Extend the WebAdmin interface with a route to verify a username/password combination: {code:java} curl -XPOST http://ip:port/users/usernameToBeUsed \ -d '{"password":"passwordToBeVerified"}' \ -H "Content-Type: application/json" {code} The route reports 204 on success and 401 on failure. There is intentionally no distinction for non-existing users, to prevent a username oracle attack through this route. Adding such a feature is useful for integrating James with 3rd party services, e.g. a web admin GUI. T-Shirt size M. > Verify user credentials via WebAdmin > ------------------------------------ > > Key: JAMES-3667 > URL: https://issues.apache.org/jira/browse/JAMES-3667 > Project: James Server > Issue Type: Improvement > Components: webadmin > Affects Versions: master > Reporter: Karsten Otto > Priority: Major > Time Spent: 0.5h > Remaining Estimate: 0h > > Extend the WebAdmin interface with a route to verify a username/password > combination: > {code:java} > curl -XPOST http://ip:port/users/usernameToBeUsed/verify \ > -d '{"password":"passwordToBeVerified"}' \ > -H "Content-Type: application/json" > {code} > The route reports 204 on success and 401 on failure. There is intentionally > no distinction for non-existing users, to prevent a username oracle attack > through this route. > Adding such a feature is useful for integrating James with 3rd party > services, e.g. a web admin GUI. > T-Shirt size M. -- This message was sent by Atlassian Jira (v8.20.1#820001) --------------------------------------------------------------------- To unsubscribe, e-mail: server-dev-unsubscr...@james.apache.org For additional commands, e-mail: server-dev-h...@james.apache.org