Skip to content

HLRC: Add ability to put user with a password hash #35844

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 6 commits into from
Nov 27, 2018
Merged

HLRC: Add ability to put user with a password hash #35844

merged 6 commits into from
Nov 27, 2018

Conversation

@tvernum
Copy link
Contributor

@tvernum tvernum commented Nov 23, 2018

Update PutUserRequest to support password_hash (see: #35242)

This also updates the documentation to bring it in line with our more
recent approach to HLRC docs.

@tvernum
HLRC: Add ability to put user with a password hash
17d8d61 
Update PutUserRequest to support password_hash (see: elastic#35242)

This also updates the documentation to bring it in line with our more
recent approach to HLRC docs.
@tvernum
Merge branch 'master' into hlrc/put-user-password-hash
a0ff55b
@tvernum
Merge branch 'master' into hlrc/put-user-password-hash
40805fe
@tvernum
Don't send No-Op user update
11a3bdf 
The server has an assert that fails on a PutUser request that doesn't
change anything
@tvernum
Add test for PutUser variants
3fb3606
@tvernum
Copy link
Contributor Author

tvernum commented Nov 23, 2018

CC: @elastic/es-security

bizybot
bizybot approved these changes Nov 26, 2018
View reviewed changes
Copy link
Contributor

@bizybot bizybot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, Thank you. Added a comment if we want to use SecureString but as it was already there for the password I guess it's okay.

client/rest-high-level/src/main/java/org/elasticsearch/client/security/PutUserRequest.java

private final User user;
private final @Nullable char[] password;
private final @Nullable char[] passwordHash;
Copy link
Contributor

@bizybot bizybot Nov 26, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

just for my understanding, is there a reason why we do not use SecureString for password/passwordHash in HLRC?
I guess if users use SecureString they will get a warning in IDE if the resource is not closed properly.

Copy link
Contributor Author

@tvernum tvernum Nov 26, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We don't use SecureString anywhere in the HLRC.
I think it's conversation worth having (or maybe it already happened, but I can't find it), but I'd prefer it not be buried in this PR.

@tvernum
Copy link
Contributor Author

tvernum commented Nov 26, 2018

@elasticmachine
run gradle build tests 1
and also
run gradle build tests 2

albertzaharovits
albertzaharovits approved these changes Nov 26, 2018
View reviewed changes
Copy link
Contributor

@albertzaharovits albertzaharovits left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

❤️

@tvernum tvernum merged commit 3435fc4 into elastic:master Nov 27, 2018
@tvernum tvernum mentioned this pull request Nov 28, 2018
Closed
tvernum added a commit that referenced this pull request Nov 29, 2018
@tvernum
HLRC: Add ability to put user with a password hash (#35844)
49da679 
Update PutUserRequest to support password_hash (see: #35242)

This also updates the documentation to bring it in line with our more
recent approach to HLRC docs.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@albertzaharovits albertzaharovits albertzaharovits approved these changes

+1 more reviewer

@bizybot bizybot bizybot approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

>enhancement v6.6.0 v7.0.0-beta1

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@tvernum @bizybot @albertzaharovits @colings86