I've noticed it's possible to add multiple users with exactly the same information (username, password, first/last names etc.) using the REST API - just POST a file to the /api/users URL multiple times. Not sure if this is a problem in practise but perhaps the system should check for duplicated user names.
Can add multiple users with same details via REST API
(4 posts) (3 voices)-
Posted 2 years ago #
-
I've found the same thing, including the same username, which seems to be the primary key. They also don't seem to go away if I try to delete them, I see them every time I check the status: [{"first_name":"Jim","username":"jim","email":"jim@bo.com","last_name":"Bo","password":"********"},
{"first_name":"James","username":"jim","email":"jim@bo.com","last_name":"Bo","password":"********"},
{"first_name":"James","username":"jim","email":"jim@bo.com","last_name":"Bo","password":"********"`} Any thoughts?
Posted 2 years ago # -
Hmmm, I'm afraid i can't reproduce this using either LWE 1.6 or the previous release of 1.5. In both cases an attempt to POST a to /api/users with a username that already exists generates the following error...
{"errors":[{"message":"username already exists","key":"username"}],"http_status_name":"Unprocessable Entity","http_status_code":422}
Can you folks please verify what version of LWE you are using?
Posted 2 years ago # -
1.6 I believe.
Posted 2 years ago #