-
Notifications
You must be signed in to change notification settings - Fork 24.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
HLRC: Add ability to put user with a password hash #35844
Conversation
Update PutUserRequest to support password_hash (see: elastic#35242) This also updates the documentation to bring it in line with our more recent approach to HLRC docs.
The server has an assert that fails on a PutUser request that doesn't change anything
CC: @elastic/es-security |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM, Thank you. Added a comment if we want to use SecureString
but as it was already there for the password I guess it's okay.
@@ -39,9 +39,46 @@ | |||
|
|||
private final User user; | |||
private final @Nullable char[] password; | |||
private final @Nullable char[] passwordHash; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
just for my understanding, is there a reason why we do not use SecureString
for password/passwordHash in HLRC?
I guess if users use SecureString
they will get a warning in IDE if the resource is not closed properly.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We don't use SecureString
anywhere in the HLRC.
I think it's conversation worth having (or maybe it already happened, but I can't find it), but I'd prefer it not be buried in this PR.
@elasticmachine |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
❤️
Update PutUserRequest to support password_hash (see: #35242) This also updates the documentation to bring it in line with our more recent approach to HLRC docs.
Update PutUserRequest to support password_hash (see: #35242)
This also updates the documentation to bring it in line with our more
recent approach to HLRC docs.