Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

HLRC: Add ability to put user with a password hash #35844

Merged
merged 6 commits into from
Nov 27, 2018

Conversation

tvernum
Copy link
Contributor

@tvernum tvernum commented Nov 23, 2018

Update PutUserRequest to support password_hash (see: #35242)

This also updates the documentation to bring it in line with our more
recent approach to HLRC docs.

Update PutUserRequest to support password_hash (see: elastic#35242)

This also updates the documentation to bring it in line with our more
recent approach to HLRC docs.
The server has an assert that fails on a PutUser request that doesn't
change anything
@tvernum
Copy link
Contributor Author

tvernum commented Nov 23, 2018

CC: @elastic/es-security

Copy link
Contributor

@bizybot bizybot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, Thank you. Added a comment if we want to use SecureString but as it was already there for the password I guess it's okay.

@@ -39,9 +39,46 @@

private final User user;
private final @Nullable char[] password;
private final @Nullable char[] passwordHash;
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

just for my understanding, is there a reason why we do not use SecureString for password/passwordHash in HLRC?
I guess if users use SecureString they will get a warning in IDE if the resource is not closed properly.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We don't use SecureString anywhere in the HLRC.
I think it's conversation worth having (or maybe it already happened, but I can't find it), but I'd prefer it not be buried in this PR.

@tvernum
Copy link
Contributor Author

tvernum commented Nov 26, 2018

@elasticmachine
run gradle build tests 1
and also
run gradle build tests 2

Copy link
Contributor

@albertzaharovits albertzaharovits left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

❤️

@tvernum tvernum merged commit 3435fc4 into elastic:master Nov 27, 2018
tvernum added a commit that referenced this pull request Nov 29, 2018
Update PutUserRequest to support password_hash (see: #35242)

This also updates the documentation to bring it in line with our more
recent approach to HLRC docs.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants