[#AAA-252] API to validate user access does not work

[AAA-252] API to validate user access does not work Created: 22/Feb/23 Updated: 20/Jun/23 Resolved: 20/Jun/23
Status:	Resolved
Project:	aaa
Component/s:	None
Affects Version/s:	0.17.6
Fix Version/s:	0.18.0

Type:

Bug

Priority:

Medium

Reporter:

Peter Suna

Assignee:

Yaroslav Lastivka

Resolution:

Done

Votes:

Labels:

Remaining Estimate:

Not Specified

Time Spent:

Not Specified

Original Estimate:

Not Specified

Attachments:

Capture.PNG

Description

There is an issue with the API used to validate user access in the DomainHandler class. When a correct request is made, the response includes this error message:

{
    "message": "password does not match for username: admin",
    "details": null,
    "code": 500
}

The problem is that the code is comparing the user's password with an encrypted password. More in attached image.

Steps to reproduce:

1) Start Karaf with:
feature:install odl-netconf-topology odl-restconf-nb
2) Validate default 'admin' user with request:

curl --request POST 'http://localhost:8181/auth/v1/domains/sdn/users/roles' \
--header 'Authorization: Basic YWRtaW46YWRtaW4=' \
--header 'Content-Type: application/json' \
--data-raw '{
    "username": "admin",
    "userpwd": "admin"
}'

IMHO, providing a password for this request is unnecessary.

Comments

Comment by Ivan Hrasko [ 21/Mar/23 ]

This API is intended for admin (as configured in aaa-app-config.xml). We can simulate this functionality by listing users, roles and domains .

Generated at Wed Feb 07 19:09:02 UTC 2024 using Jira 8.20.10#820010-sha1:ace47f9899e9ee25d7157d59aa17ab06aee30d3d.

[AAA-252] API to validate user access does not work Created: 22/Feb/23 Updated: 20/Jun/23 Resolved: 20/Jun/23