Project

General

Profile

Actions

Feature #23307

open

Include auth_source field in User API response

Added by Roger Mårtensson over 7 years ago. Updated about 1 month ago.

Status:
Resolved
Priority:
Normal
Assignee:
Category:
REST API
Target version:
Start date:
Due date:
% Done:

0%

Estimated time:
Resolution:
Fixed

Description

it would've been nice to be able to get which auth_source_id a given user has through the REST API. A nice complement to when creating user where it is possible to set the auth_source_id.


Files


Related issues

Related to Redmine - Feature #36659: Add "auth_source_id" to GET request for Endpoint /users.:formatClosedMarius BĂLTEANU

Actions
Related to Redmine - Feature #23306: Support for authentication sources in REST APINew

Actions
Actions #1

Updated by Toshi MARUYAMA over 7 years ago

  • Related to Feature #23306: Support for authentication sources in REST API added
Actions #2

Updated by Anonymous about 6 years ago

I agree. This feature is also useful for admin scripts which needs to distinguish between "external" and LDAP users.

I attached a patch for this feature. auth_source_id only gets visible for admin users in it, as I do not see the need for standard users.

Actions #3

Updated by Anonymous about 6 years ago

toshio harita MARUYAMA : Do you have an opinion on this issue?

Actions #4

Updated by Roger Mårtensson over 5 years ago

What is the status of this issue?

Actions #5

Updated by Go MAEDA over 5 years ago

  • Target version set to Candidate for next major release
Actions #6

Updated by Go MAEDA over 4 years ago

I think the response should include not only id but also name. Maybe the response does not include "auth_source" if the user uses internal authentication.

{
  "user": {
    "id": 1,
    "login": "admin",
    "firstname": "Redmine",
    "lastname": "Admin",
    "created_on": "2006-07-19T17:12:21Z",
    "last_login_on": "2019-09-06T06:37:53Z",
    "auth_source": {
      "id": 1,
      "name": "LDAP test server" 
    }
  }
}
Actions #7

Updated by Go MAEDA over 4 years ago

Here is a patch to add auth_source to the response of GET /users/:id.(xml|json). auth_source is included only when the users auth_source is not nil and the current user is an administrator.

    "auth_source": {
      "id": 1,
      "name": "LDAP test server" 
    },
Actions #8

Updated by Go MAEDA about 2 years ago

  • Related to Feature #36659: Add "auth_source_id" to GET request for Endpoint /users.:format added
Actions #9

Updated by Marius BĂLTEANU about 1 month ago

  • Status changed from New to Resolved
  • Assignee set to Marius BĂLTEANU
  • Target version changed from Candidate for next major release to 6.0.0
  • Resolution set to Fixed

Feature added in r22636. You can now get auth_source if your request contains "include=auth_source".

Actions #10

Updated by Marius BĂLTEANU about 1 month ago

  • Related to deleted (Feature #23306: Support for authentication sources in REST API)
Actions #11

Updated by Marius BĂLTEANU about 1 month ago

  • Related to Feature #23306: Support for authentication sources in REST API added
Actions #12

Updated by Marius BĂLTEANU about 1 month ago

Should we include the auth_source also in index.api response?

Actions #13

Updated by Marius BĂLTEANU about 1 month ago

  • Subject changed from Get which auth_source_id of a user to Add auth_source_id field to User API
  • Assignee changed from Marius BĂLTEANU to Go MAEDA

I've added the field also to /user list API.

Looking again on the implementation, I think we should return "internal" if user doesn't not have an auth_source because right now there is no difference between a request made without include=auth_source and a request with include=auth_source and user(s) with auth_source nil.

Go MAEDA, what do you think?

Actions #14

Updated by Marius BĂLTEANU about 1 month ago

  • Subject changed from Add auth_source_id field to User API to Add auth_source field to User API
Actions #15

Updated by Marius BĂLTEANU about 1 month ago

  • Subject changed from Add auth_source field to User API to Include auth_source field in User API response
Actions #16

Updated by Go MAEDA about 1 month ago

Marius BĂLTEANU wrote in #note-13:

Looking again on the implementation, I think we should return "internal" if user doesn't not have an auth_source because right now there is no difference between a request made without include=auth_source and a request with include=auth_source and user(s) with auth_source nil.

You are right, I think it is better to return some value to indicate the internal authentication.

Actions

Also available in: Atom PDF