[jira] [Updated] (JAMES-3667) Verify user credentials via WebAdmin

Thu, 11 Nov 2021 00:40:04 -0800 


     [ 
https://issues.apache.org/jira/browse/JAMES-3667?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Karsten Otto updated JAMES-3667:
--------------------------------
    Description: 
Extend the WebAdmin interface with a route to verify a username/password 
combination:
{code:java}
curl -XPOST http://ip:port/users/usernameToBeUsed/verify \
-d '{"password":"passwordToBeVerified"}' \
-H "Content-Type: application/json"
{code}
The route reports 204 on success and 401 on failure. There is intentionally no 
distinction for non-existing users, to prevent a username oracle attack through 
this route.

Adding such a feature is useful for integrating James with 3rd party services, 
e.g. a web admin GUI.

T-Shirt size M.

  was:
Extend the WebAdmin interface with a route to verify a username/password 
combination:
{code:java}
curl -XPOST http://ip:port/users/usernameToBeUsed \
-d '{"password":"passwordToBeVerified"}' \
-H "Content-Type: application/json"
{code}
The route reports 204 on success and 401 on failure. There is intentionally no 
distinction for non-existing users, to prevent a username oracle attack through 
this route.

Adding such a feature is useful for integrating James with 3rd party services, 
e.g. a web admin GUI.

T-Shirt size M.


> Verify user credentials via WebAdmin
> ------------------------------------
>
>                 Key: JAMES-3667
>                 URL: https://issues.apache.org/jira/browse/JAMES-3667
>             Project: James Server
>          Issue Type: Improvement
>          Components: webadmin
>    Affects Versions: master
>            Reporter: Karsten Otto
>            Priority: Major
>          Time Spent: 0.5h
>  Remaining Estimate: 0h
>
> Extend the WebAdmin interface with a route to verify a username/password 
> combination:
> {code:java}
> curl -XPOST http://ip:port/users/usernameToBeUsed/verify \
> -d '{"password":"passwordToBeVerified"}' \
> -H "Content-Type: application/json"
> {code}
> The route reports 204 on success and 401 on failure. There is intentionally 
> no distinction for non-existing users, to prevent a username oracle attack 
> through this route.
> Adding such a feature is useful for integrating James with 3rd party 
> services, e.g. a web admin GUI.
> T-Shirt size M.



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

---------------------------------------------------------------------
To unsubscribe, e-mail: server-dev-unsubscr...@james.apache.org
For additional commands, e-mail: server-dev-h...@james.apache.org

Reply via email to