[Bug 1065447] Re: Feature request: REST api to verify password

Barry Warsaw 1065447 at bugs.launchpad.net
Thu Dec 27 00:51:19 CET 2012

Here's how I'm going to do this.  You post to
http://.../users/{id}/login and the form data must contain exactly one
parameter `cleartext_password`.  If the value matches the stored, hashed
password, an HTTP 204 (No Content) is returned.  If they do not match,
an HTTP 403 (Forbidden) is returned.  There is no content body in either
case, and thus the POST creates no addressable resource.

The nice thing is that this will support hash migration as per passlib.

** Changed in: mailman
    Milestone: None => 3.0.0b3

** Changed in: mailman
     Assignee: (unassigned) => Barry Warsaw (barry)

** Changed in: mailman
   Importance: Undecided => High

** Changed in: mailman
       Status: New => In Progress

You received this bug notification because you are a member of Mailman
Coders, which is subscribed to GNU Mailman.

  Feature request: REST api to verify password

To manage notifications about this bug go to:

More information about the Mailman-coders mailing list