Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

User password update via REST API is not hashed #14339

Closed
fanshan opened this issue Nov 23, 2023 · 0 comments · Fixed by #14340
Closed

User password update via REST API is not hashed #14339

fanshan opened this issue Nov 23, 2023 · 0 comments · Fixed by #14340
Assignees
Labels
severity: medium Results in substantial degraded or broken functionality for specfic workflows status: accepted This issue has been accepted for implementation type: bug A confirmed report of unexpected behavior in the application

Comments

@fanshan
Copy link
Contributor

fanshan commented Nov 23, 2023

NetBox version

v3.6.5

Python version

3.11

Steps to Reproduce

  1. Create a new User with password (username: test, password: test). For the request use a user with user creation permission:
curl --location 'http://netbox/api/users/users/' \
--header 'Authorization: Token 45202..6e9e092df' \
--header 'Content-Type: application/json' \
--data '{
    "username": "test",
    "password": "test"
}'
  1. Update the new created user's password with a new one. For the request use a user with user change permission and the created user {id}:
curl --location --request PATCH 'http://netbox/api/users/users/{id}/' \
--header 'Authorization: Token 45202..6e9e092df' \
--header 'Content-Type: application/json' \
--data '{
    "password": "newpassword"
}'

Expected Behavior

The password stored on the database must be hashed, so user with the password updated is able to login on the Netbox instance.

Observed Behavior

The password stored on the database is not hashed, so user with the password updated is not able to login on the Netbox instance.

Connected on the database, do (where {id} is the created user's id) :

SELECT password FROM auth_user WHERE id={id}

Result "newpassword"

@fanshan fanshan added the type: bug A confirmed report of unexpected behavior in the application label Nov 23, 2023
@abhi1693 abhi1693 added status: revisions needed This issue requires additional information to be actionable status: accepted This issue has been accepted for implementation severity: medium Results in substantial degraded or broken functionality for specfic workflows and removed status: revisions needed This issue requires additional information to be actionable labels Nov 25, 2023
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Feb 28, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
severity: medium Results in substantial degraded or broken functionality for specfic workflows status: accepted This issue has been accepted for implementation type: bug A confirmed report of unexpected behavior in the application
Projects
None yet
Development

Successfully merging a pull request may close this issue.

2 participants