[
https://issues.apache.org/jira/browse/JAMES-3667?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Karsten Otto updated JAMES-3667:
--------------------------------
Description:
Extend the WebAdmin interface with a route to verify a username/password
combination:
{code:java}
curl -XPOST http://ip:port/users/usernameToBeUsed/verify \
-d '{"password":"passwordToBeVerified"}' \
-H "Content-Type: application/json"
{code}
The route reports 204 on success and 401 on failure. There is intentionally no
distinction for non-existing users, to prevent a username oracle attack through
this route.
Adding such a feature is useful for integrating James with 3rd party services,
e.g. a web admin GUI.
T-Shirt size M.
was:
Extend the WebAdmin interface with a route to verify a username/password
combination:
{code:java}
curl -XPOST http://ip:port/users/usernameToBeUsed \
-d '{"password":"passwordToBeVerified"}' \
-H "Content-Type: application/json"
{code}
The route reports 204 on success and 401 on failure. There is intentionally no
distinction for non-existing users, to prevent a username oracle attack through
this route.
Adding such a feature is useful for integrating James with 3rd party services,
e.g. a web admin GUI.
T-Shirt size M.
> Verify user credentials via WebAdmin
> ------------------------------------
>
> Key: JAMES-3667
> URL: https://issues.apache.org/jira/browse/JAMES-3667
> Project: James Server
> Issue Type: Improvement
> Components: webadmin
> Affects Versions: master
> Reporter: Karsten Otto
> Priority: Major
> Time Spent: 0.5h
> Remaining Estimate: 0h
>
> Extend the WebAdmin interface with a route to verify a username/password
> combination:
> {code:java}
> curl -XPOST http://ip:port/users/usernameToBeUsed/verify \
> -d '{"password":"passwordToBeVerified"}' \
> -H "Content-Type: application/json"
> {code}
> The route reports 204 on success and 401 on failure. There is intentionally
> no distinction for non-existing users, to prevent a username oracle attack
> through this route.
> Adding such a feature is useful for integrating James with 3rd party
> services, e.g. a web admin GUI.
> T-Shirt size M.
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
