Feature #23307
closed
Include auth_source field in User API response
0%
Description
it would've been nice to be able to get which auth_source_id a given user has through the REST API. A nice complement to when creating user where it is possible to set the auth_source_id.
Files
Related issues
Updated by Toshi MARUYAMA almost 9 years ago
- Related to Feature #23306: Support for authentication sources in REST API added
Updated by Anonymous over 7 years ago
I agree. This feature is also useful for admin scripts which needs to distinguish between "external" and LDAP users.
I attached a patch for this feature. auth_source_id only gets visible for admin users in it, as I do not see the need for standard users.
Updated by Anonymous over 7 years ago
toshio harita MARUYAMA : Do you have an opinion on this issue?
Updated by
Updated by Go MAEDA over 6 years ago
- Target version set to Candidate for next major release
Updated by Go MAEDA over 5 years ago
I think the response should include not only id but also name. Maybe the response does not include "auth_source" if the user uses internal authentication.
{
"user": {
"id": 1,
"login": "admin",
"firstname": "Redmine",
"lastname": "Admin",
"created_on": "2006-07-19T17:12:21Z",
"last_login_on": "2019-09-06T06:37:53Z",
"auth_source": {
"id": 1,
"name": "LDAP test server"
}
}
}
Updated by Go MAEDA over 5 years ago
- File 0001-Add-auth_source-to-the-users-API-response.patch 0001-Add-auth_source-to-the-users-API-response.patch added
Here is a patch to add auth_source to the response of GET /users/:id.(xml|json). auth_source is included only when the users auth_source is not nil and the current user is an administrator.
"auth_source": {
"id": 1,
"name": "LDAP test server"
},
Updated by Go MAEDA about 3 years ago
- Related to Feature #36659: Add "auth_source_id" to GET request for Endpoint /users.:format added
Updated by Marius BĂLTEANU over 1 year ago
- Status changed from New to Resolved
- Assignee set to Marius BĂLTEANU
- Target version changed from Candidate for next major release to 6.0.0
- Resolution set to Fixed
Feature added in r22636. You can now get auth_source if your request contains "include=auth_source".
Updated by Marius BĂLTEANU over 1 year ago
- Related to deleted (Feature #23306: Support for authentication sources in REST API)
Updated by Marius BĂLTEANU over 1 year ago
- Related to Feature #23306: Support for authentication sources in REST API added
Updated by Marius BĂLTEANU over 1 year ago
Should we include the auth_source also in index.api response?
Updated by Marius BĂLTEANU over 1 year ago
- Subject changed from Get which auth_source_id of a user to Add auth_source_id field to User API
- Assignee changed from Marius BĂLTEANU to Go MAEDA
I've added the field also to /user list API.
Looking again on the implementation, I think we should return "internal" if user doesn't not have an auth_source because right now there is no difference between a request made without include=auth_source and a request with include=auth_source and user(s) with auth_source nil.
Go MAEDA, what do you think?
Updated by Marius BĂLTEANU over 1 year ago
- Subject changed from Add auth_source_id field to User API to Add auth_source field to User API
Updated by Marius BĂLTEANU over 1 year ago
- Subject changed from Add auth_source field to User API to Include auth_source field in User API response
Updated by Go MAEDA over 1 year ago
Marius BĂLTEANU wrote in #note-13:
Looking again on the implementation, I think we should return "internal" if user doesn't not have an auth_source because right now there is no difference between a request made without
include=auth_sourceand a request withinclude=auth_sourceand user(s) with auth_source nil.
You are right, I think it is better to return some value to indicate the internal authentication.
Updated by Marius BĂLTEANU about 1 year ago
- Status changed from Resolved to Closed
Go MAEDA wrote in #note-16:
Marius BĂLTEANU wrote in #note-13:
Looking again on the implementation, I think we should return "internal" if user doesn't not have an auth_source because right now there is no difference between a request made without
include=auth_sourceand a request withinclude=auth_sourceand user(s) with auth_source nil.You are right, I think it is better to return some value to indicate the internal authentication.
We should track this change in another ticket because we should modify also the user listing to show "Internal".