cloudstack-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ove Ewerlid (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (CLOUDSTACK-6570) API breakage of the UpdateUser API call
Date Sun, 04 May 2014 20:19:14 GMT

    [ https://issues.apache.org/jira/browse/CLOUDSTACK-6570?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13989123#comment-13989123
] 

Ove Ewerlid commented on CLOUDSTACK-6570:
-----------------------------------------

Patch used to fix this issue;
{noformat}
diff -r -c cloudstack/api/src/org/apache/cloudstack/api/command/admin/user/UpdateUserCmd.java
cloudstack.changed/api/src/org/apache/cloudstack/api/command/admin/user/UpdateUserCmd.java
                                                    
*** cloudstack/api/src/org/apache/cloudstack/api/command/admin/user/UpdateUserCmd.java  2014-04-26
23:20:19.045203699 +0200                                                                 
                                                
--- cloudstack.changed/api/src/org/apache/cloudstack/api/command/admin/user/UpdateUserCmd.java
 2014-04-27 01:40:39.899326128 +0200                                                     
                                                    
***************
*** 45,51 ****
      //////////////// API parameters /////////////////////                              
                                                                                         
                                                         
      /////////////////////////////////////////////////////                              
                                                                                         
                                                         
                                                                                         
                                                                                         
                                                         
!     @Parameter(name = ApiConstants.API_KEY, type = CommandType.STRING, description = "The
API key for the user. Must be specified with userSecretKey")                             
                                                       
      private String apiKey;                                                             
                                                                                         
                                                         
                                                                                         
                                                                                         
                                                         
      @Parameter(name = ApiConstants.EMAIL, type = CommandType.STRING, description = "email")
                                                                                         
                                                     
--- 45,51 ----
      //////////////// API parameters /////////////////////                              
                                                                                         
                                                         
      /////////////////////////////////////////////////////                              
                                                                                         
                                                         
                                                                                         
                                                                                         
                                                         
!     @Parameter(name = ApiConstants.USER_API_KEY, type = CommandType.STRING, description
= "The API key for the user. Must be specified with userApiKey")                         
                                                         
      private String apiKey;                                                             
                                                                                         
                                                         
                                                                                         
                                                                                         
                                                         
      @Parameter(name = ApiConstants.EMAIL, type = CommandType.STRING, description = "email")
                                                                                         
                                                     
***************
*** 65,71 ****
                 description = "Clear text password (default hashed to SHA256SALT). If you
wish to use any other hasing algorithm, you would need to write a custom authentication adapter")
                                                
      private String password;                                                           
                                                                                         
                                                         
                                                                                         
                                                                                         
                                                         
!     @Parameter(name = ApiConstants.SECRET_KEY, type = CommandType.STRING, description =
"The secret key for the user. Must be specified with userApiKey")                        
                                                         
      private String secretKey;                                                          
                                                                                         
                                                         
                                                                                         
                                                                                         
                                                         
      @Parameter(name = ApiConstants.TIMEZONE,                                           
                                                                                         
                                                         
--- 65,71 ----
                 description = "Clear text password (default hashed to SHA256SALT). If you
wish to use any other hasing algorithm, you would need to write a custom authentication adapter")
                                                
      private String password;                                                           
                                                                                         
                                                         
                                                                                         
                                                                                         
                                                         
!     @Parameter(name = ApiConstants.SECRET_KEY, type = CommandType.STRING, description =
"The secret key for the user. Must be specified with userSecretKey")                     
                                                         
      private String secretKey;                                                          
                                                                                         
                                                         
                                                                                         
                                                                                         
                                                         
      @Parameter(name = ApiConstants.TIMEZONE,                                           
                                                                                         
                                                         
{noformat}



> API breakage of the UpdateUser API call
> ---------------------------------------
>
>                 Key: CLOUDSTACK-6570
>                 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-6570
>             Project: CloudStack
>          Issue Type: Bug
>      Security Level: Public(Anyone can view this level - this is the default.) 
>          Components: API
>    Affects Versions: 4.4.0
>         Environment: Any, the UpdateUser API call is environment independent
>            Reporter: Ove Ewerlid
>            Priority: Blocker
>              Labels: easyfix
>             Fix For: 4.4.0, 4.5.0
>
>
> 44 adds USER_API_KEY in ./api/src/org/apache/cloudstack/api/ApiConstants.java and changes
the value of API_KEY. Since API_KEY value is exposed in the UpdateUser API, the API breaks.
 Up until 4.3, KEYs to UpdateUser were passed via parameters;
>   * userapikey
>   * usersecretkey
> with 44 this changes to;
>   * apikey
>   * usersecretkey
>   



--
This message was sent by Atlassian JIRA
(v6.2#6252)

Mime
View raw message