Formal support for "password_hash" in Put User #35242
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
For some time, the PutUser REST API has supported storing a pre-hashed password for a user. The change adds validation and tests around that feature so that it can be documented & officially supported.
tvernum
added
>enhancement
v7.0.0
:Security/Authentication
Collaborator
|
Pinging @elastic/es-security |
Contributor
Author
|
I will raise follow up PRs for
|
Contributor
Author
|
@elasticmachine test this please I think the CI failure will be resolved by 81daf4c |
jaymode
approved these changes
Nov 7, 2018
Member
jaymode
left a comment
jaymode
left a comment
There was a problem hiding this comment.
LGTM. I think the commit message and title of this pr needs s/password_user/password_hash
tvernum
changed the title
Contributor
Author
|
@jkakavas Ping. Do you want to review? I'd like to merge once I can get CI to pass. |
jkakavas
reviewed
Nov 9, 2018
Contributor
jkakavas
left a comment
jkakavas
left a comment
There was a problem hiding this comment.
I'm slightly worried that we don't deal well enough with a PutUser request that has both a password and a password_hash parameter. As is, whatever is last in the parameters order will be the actual user password.
Since PutUserRequest only knows about passwordHash, we can't do the validation there but I was wondering if we should validate this in PutRequestBuilder and throw a friendly please fix your input message, and add an accompanying test for it.
Also, just a reminder to update API Docs also
Contributor
Author
|
@jkakavas I've added a check for setting the password_hash twice - can you review again? |
tvernum
added a commit
to tvernum/elasticsearch
that referenced
this pull request
Nov 15, 2018
PR elastic#35242 formalised support for the password_hash field in the body of the Put User security API. Since this field is now validated and tested, it can also be documented. The Put User API also supports a "refresh" query parameter that was not documented. This commit adds it to the docs.
tvernum
added a commit
to tvernum/elasticsearch
that referenced
this pull request
Nov 15, 2018
Update PutUserRequest to support password_hash (see: elastic#35242) This also updates the documentation to bring it in line with our more recent approach to HLRC docs.
tvernum
added a commit
that referenced
this pull request
Nov 16, 2018
For some time, the PutUser REST API has supported storing a pre-hashed password for a user. The change adds validation and tests around that feature so that it can be documented & officially supported. It also prevents the request from containing both a "password" and a "password_hash".
tvernum
added a commit
that referenced
this pull request
Nov 20, 2018
PR #35242 formalised support for the password_hash field in the body of the Put User security API. Since this field is now validated and tested, it can also be documented. The Put User API also supports a "refresh" query parameter that was not documented. This commit adds it to the docs.
tvernum
added a commit
that referenced
this pull request
Nov 21, 2018
PR #35242 formalised support for the password_hash field in the body of the Put User security API. Since this field is now validated and tested, it can also be documented. The Put User API also supports a "refresh" query parameter that was not documented. This commit adds it to the docs.
This was referenced Nov 23, 2018
tvernum
added a commit
that referenced
this pull request
Nov 27, 2018
Update PutUserRequest to support password_hash (see: #35242) This also updates the documentation to bring it in line with our more recent approach to HLRC docs.
tvernum
added a commit
that referenced
this pull request
Nov 29, 2018
Update PutUserRequest to support password_hash (see: #35242) This also updates the documentation to bring it in line with our more recent approach to HLRC docs.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
5 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
For some time, the PutUser REST API has supported storing a pre-hashed
password for a user. The change adds validation and tests around that
feature.
Relates: #34729