[AAA-252] API to validate user access does not work - OpenDaylight JIRA

XML

Word

Printable

Details

Type: Bug
Status: Resolved
Priority: Medium
Resolution: Done
Affects Version/s: 0.17.6
Fix Version/s: 0.18.0
Component/s: None
Labels:
- pt

Description

There is an issue with the API used to validate user access in the DomainHandler class. When a correct request is made, the response includes this error message:

{
    "message": "password does not match for username: admin",
    "details": null,
    "code": 500
}

The problem is that the code is comparing the user's password with an encrypted password. More in attached image.

Steps to reproduce:

1) Start Karaf with:
feature:install odl-netconf-topology odl-restconf-nb
2) Validate default 'admin' user with request:

curl --request POST 'http://localhost:8181/auth/v1/domains/sdn/users/roles' \
--header 'Authorization: Basic YWRtaW46YWRtaW4=' \
--header 'Content-Type: application/json' \
--data-raw '{
    "username": "admin",
    "userpwd": "admin"
}'

IMHO, providing a password for this request is unnecessary.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List
- Download All

Capture.PNG
22/Feb/23 8:46 AM
261 kB
Peter Suna

Gerrit Reviews

- Issue Only
- Show All Reviews
- Show Open Reviews
- Show All Issues
- Show Open Issues

#	Subject	Branch	Project	Status	CR	V
104868,5	Remove API to validate user access	master	aaa	Status: MERGED	+2	+1

Activity

People

Assignee:: Yaroslav Lastivka

Reporter:: Peter Suna

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 22/Feb/23 8:45 AM

Updated:: 20/Jun/23 9:05 PM

Resolved:: 20/Jun/23 9:04 PM