[Bug 1065447] Re: Feature request: REST api to verify password
Barry Warsaw
1065447 at bugs.launchpad.net
Thu Dec 27 00:51:19 CET 2012
Here's how I'm going to do this. You post to
http://.../users/{id}/login and the form data must contain exactly one
parameter `cleartext_password`. If the value matches the stored, hashed
password, an HTTP 204 (No Content) is returned. If they do not match,
an HTTP 403 (Forbidden) is returned. There is no content body in either
case, and thus the POST creates no addressable resource.
The nice thing is that this will support hash migration as per passlib.
** Changed in: mailman
Milestone: None => 3.0.0b3
** Changed in: mailman
Assignee: (unassigned) => Barry Warsaw (barry)
** Changed in: mailman
Importance: Undecided => High
** Changed in: mailman
Status: New => In Progress
--
You received this bug notification because you are a member of Mailman
Coders, which is subscribed to GNU Mailman.
https://bugs.launchpad.net/bugs/1065447
Title:
Feature request: REST api to verify password
To manage notifications about this bug go to:
https://bugs.launchpad.net/mailman/+bug/1065447/+subscriptions
More information about the Mailman-coders
mailing list