[Pulp-dev] [pulp-dev] Updating the MVP to support a different JWT reset implementation
Brian Bouterse
bbouters at redhat.com
Thu Oct 26 15:37:17 UTC 2017
+1 to all this.
Feel free to make the change on the MVP page.
On Thu, Oct 26, 2017 at 8:57 AM, Jeff Ortel <jortel at redhat.com> wrote:
> +1
>
> On 10/25/2017 07:04 PM, Bihan Zhang wrote:
> > Currently the jwt reset is accomplished through a write_only
> reset_jwt_secret field passed to the
> > //api/v3/users/{username}// endpoint. Since this field does not exist on
> our model it would have to be deleted
> > before model create/update is called, the fact that it is not is causing
> issue #3075 to occur.
> >
> >
> > On a comment in #3075 [1] I suggested creating a controller URI to
> mitigate this problem, but this would go
> > against a MVP use case of
> >
> > As an autheticated user, I can invalidate a user's JWTs in the same
> operation as updating the password. [done]
> >
> > I would like to propose that we remove this MVP use case since the
> current implementation (and I believe any
> > implementation that allows jwt resets to be accomplished at the
> //api/v3/users/{username}// URI) tunnels the
> > endpoint and "uses a single URI to POST to, and varying messages to
> express differing intents" [2]
> >
> > The user could instead make a call to update their password and another
> (maybe
> > at //api/v3/users/{username}/jwt/ ) to reset their JWT secret.
> >
> > Thoughts?
> >
> > [0] https://pulp.plan.io/issues/3075
> > [1] https://pulp.plan.io/issues/3075#note-3
> > [2] https://www.infoq.com/articles/rest-anti-patterns
> >
> >
> > _______________________________________________
> > Pulp-dev mailing list
> > Pulp-dev at redhat.com
> > https://www.redhat.com/mailman/listinfo/pulp-dev
> >
>
>
> _______________________________________________
> Pulp-dev mailing list
> Pulp-dev at redhat.com
> https://www.redhat.com/mailman/listinfo/pulp-dev
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/pulp-dev/attachments/20171026/a8d63648/attachment.htm>
More information about the Pulp-dev
mailing list