[Pulp-dev] [pulp-dev] Updating the MVP to support a different JWT reset implementation

Bihan Zhang bizhang at redhat.com
Mon Oct 30 14:38:47 UTC 2017


Looks like there's no opposition to this. I will go ahead and remove that
line from the MVP.

Thanks for the feedback!


On Thu, Oct 26, 2017 at 11:37 AM, Brian Bouterse <bbouters at redhat.com>
wrote:

> +1 to all this.
>
> Feel free to make the change on the MVP page.
>
> On Thu, Oct 26, 2017 at 8:57 AM, Jeff Ortel <jortel at redhat.com> wrote:
>
>> +1
>>
>> On 10/25/2017 07:04 PM, Bihan Zhang wrote:
>> > Currently the jwt reset is accomplished through a write_only
>> reset_jwt_secret field passed to the
>> > //api/v3/users/{username}// endpoint. Since this field does not exist
>> on our model it would have to be deleted
>> > before model create/update is called, the fact that it is not is
>> causing issue #3075 to occur.
>> >
>> >
>> > On a comment in #3075 [1] I suggested creating a controller URI to
>> mitigate this problem, but this would go
>> > against a MVP use case of
>> >
>> >     As an autheticated user, I can invalidate a user's JWTs in the same
>> operation as updating the password. [done]
>> >
>> > I would like to propose that we remove this MVP use case since the
>> current implementation (and I believe any
>> > implementation that allows jwt resets to be accomplished at the
>> //api/v3/users/{username}// URI) tunnels the
>> > endpoint and "uses a single URI to POST to, and varying messages to
>> express differing intents" [2]
>> >
>> > The user could instead make a call to update their password and another
>> (maybe
>> > at //api/v3/users/{username}/jwt/ ) to reset their JWT secret.
>> >
>> > Thoughts?
>> >
>> > [0] https://pulp.plan.io/issues/3075
>> > [1] https://pulp.plan.io/issues/3075#note-3
>> > [2] https://www.infoq.com/articles/rest-anti-patterns
>> >
>> >
>> > _______________________________________________
>> > Pulp-dev mailing list
>> > Pulp-dev at redhat.com
>> > https://www.redhat.com/mailman/listinfo/pulp-dev
>> >
>>
>>
>> _______________________________________________
>> Pulp-dev mailing list
>> Pulp-dev at redhat.com
>> https://www.redhat.com/mailman/listinfo/pulp-dev
>>
>>
>
> _______________________________________________
> Pulp-dev mailing list
> Pulp-dev at redhat.com
> https://www.redhat.com/mailman/listinfo/pulp-dev
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/pulp-dev/attachments/20171030/5338b1be/attachment.htm>


More information about the Pulp-dev mailing list