Uploaded image for project: 'Poulpe'
  1. Poulpe
  2. POULPE-527

REST: possible to login with passwordHash of existing user and unexisting username

VotersWatchers
    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Open (View Workflow)
    • Priority: Minor
    • Resolution: Unresolved
    • Affects Version/s: 1.8 Swallows
    • Fix Version/s: backlog
    • Labels:
      None

      Description

      Pre-conditions:
      Register a new or use existing user with next credentials:
      username: uniqueuser
      passwordHash: 05b248a5bbb810f848cabd27d9a87e56

      Steps to reproduce:
      1. Make login GET request with username that is not registered and passwordHash of existing user:
      username: unique
      passwordHash: 05b248a5bbb810f848cabd27d9a87e56
      http://qa.jtalks.org/poulpe/rest/authenticate?username=unique&passwordHash=05b248a5bbb810f848cabd27d9a87e56

      Actual result: Successful login as "uniqueuser"

      Expected result: Login failed

        Attachments

          Structure

            Activity

              People

              • Assignee:
                julik Julia Atlygina
                Reporter:
                ppavlov Pavlov Pasha (Inactive)
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:

                  Structure Helper Panel