Project

Profile

Help

Issue #699

closed

Make "password" not required in pulp-admin for user creation.

Added by ipanova@redhat.com about 7 years ago. Updated almost 2 years ago.

Status:
CLOSED - WONTFIX
Priority:
Normal
Assignee:
-
Category:
-
Sprint/Milestone:
-
Start date:
Due date:
Estimated time:
Severity:
1. Low
Version:
2.6 Beta
Platform Release:
OS:
Triaged:
Yes
Groomed:
No
Sprint Candidate:
No
Tags:
Pulp 2
Sprint:
Quarter:

Description

Description of problem:
in API 'password' should be a required key during user creation as in CLI:

pulp-admin -u admin -p admin auth user create --login test-user

Enter password for user [test-user] :
Re-enter password for user [test-user]:

Password cannot be empty

Enter password for user [test-user] :

If user will be created with API where 'password' can be skipped then it will be impossible to login with that user:

$ curl -i -H "Accept: application/json" -H "WebFrameworkSwitch: django" -X POST -k -u admin:admin -d '{"login":"test-user1"}' 'https://localhost/pulp/api/v2/users/'
HTTP/1.1 201 CREATED
Date: Mon, 16 Feb 2015 10:36:24 GMT
Server: Apache/2.4.10 (Fedora) OpenSSL/1.0.1e-fips mod_wsgi/3.5 Python/2.7.5
Content-Length: 196
Location: https://localhost/pulp/api/v2/users/test-user1/
Content-Type: application/json

{"_id": {"$oid": "54e1c82845ef485a4c9595f7"}, "name": "test-user1", "roles": [], "_ns": "users", "login": "test-user1", "id": "54e1c82845ef485a4c9595f7", "_href": "/pulp/api/v2/users/test-user1/"}[

$ pulp-admin -u test-user1 repo list
Warning: path should have mode 0700 because it may contain sensitive information: /home/ipanova/.pulp/

Enter password:
--------------------------------------------------------------------
Repositories
--------------------------------------------------------------------

Session Expired

The session certificate expired on Jan 23 08:13:41 2015 GMT.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1.
2.
3.

Actual results:

Expected results:

Additional info:

+ This bug was cloned from Bugzilla Bug #1192955 +

Actions #2

Updated by rbarlow about 7 years ago

Since we do support other forms of authentication that do not involve the password, I believe we should not require the password to be specified. Pulp respects the REMOTE_USER environment variable if set by httpd, so any httpd authentication module can be used. We have an open pull request to add Kerberos support, for example.

+ This comment was cloned from Bugzilla #1192955 comment 2 +

Actions #3

Updated by mhrivnak about 7 years ago

I agree with Randy's assessment.

+ This comment was cloned from Bugzilla #1192955 comment 3 +

Actions #4

Updated by amacdona@redhat.com about 7 years ago

Here is a related bug:

https://pulp.plan.io/issues/458

Actions #5

Updated by bmbouter about 7 years ago

  • Severity changed from Low to 1. Low
Actions #7

Updated by bmbouter about 3 years ago

  • Status changed from NEW to CLOSED - WONTFIX
Actions #8

Updated by bmbouter about 3 years ago

Pulp 2 is approaching maintenance mode, and this Pulp 2 ticket is not being actively worked on. As such, it is being closed as WONTFIX. Pulp 2 is still accepting contributions though, so if you want to contribute a fix for this ticket, please reopen or comment on it. If you don't have permissions to reopen this ticket, or you want to discuss an issue, please reach out via the developer mailing list.

Actions #9

Updated by bmbouter about 3 years ago

  • Tags Pulp 2 added
Actions #10

Updated by bmbouter almost 2 years ago

  • Category deleted (14)

We are removing the 'API' category per open floor discussion June 16, 2020.

Also available in: Atom PDF