relaxnow
commented
9 years ago Issue by @baszoetekouw by the way.
Open relaxnow opened 9 years ago
relaxnow
commented
9 years ago Issue by @baszoetekouw by the way.
thijskh
commented
9 years ago What's also missing in the functionality is the ability to specify this password for a new user or to edit it for an existing user (not yourself); as you want to be able to create a role user account for accessing the API which you cannot necessarily log in to Janus itself with.
The new API works with HTTP Basic, however HTTP Basic forbids the use of the colon (":") in the username, so if the username is an URN (like urn:collab:person:surfnet.nl:bas) then that's not going to work for accessing the API.
Also the 'secret' is not a password input field and not encoded in the database.
I recommend adding an "api username" and "api secret" field to the janus user and properly enforcing uniqueness and alphanumeric value of the api secret and encoding the api secret with blowfish. This should then be used by the new API.
Migration should be done from the current username and secret, but from then on accounts could have different passwords on the old vs the new API.