On Tue, Sep 18, 2018, at 9:19 AM, Dmitry Makovey wrote:
On 09/17/2018 12:39 PM, Abhilash Raj wrote:
On Mon, Sep 17, 2018, at 12:15 PM, Dmitry Makovey wrote:
We are trying to dump/restore users using API calls and it seems that API allows us to dump password hashes (a good thing), but then API does not allow to insert users back using saved password hashes
- only cleartext passwords.
I'd say that is intentional. You don't want people to be setting up hashes as passwords.
Aside from create_user is there any other way to create users/change their password?
Not that I know of, not using the API atleast. You could potentially use the low level API that inserts records in the database or use SQL to dump and restore that data.
What do you use the Core's user/password for? Currently, the user passwords are basically just a carry-over from Mailman2 and there shouldn't be any use for it. I have been considering removing that completely have Postorius do all the authentication/authorization.
Email based authentication should rely on more reliable identities like email signatures, intead of having to send cleartext passwords over email.
I think I am asking about the username/password auth for postorious and how to dump/restore it. At present we have no tools for dump/restoring users so that's what we're trying to build.
Ah, why not take a database dump? There are a few specific tables that you can dump to get everything?
We don't have a way to do that because we do not actually do not handle auth ourselves, but instead delegate it to allauth library. You may have to dig into internals of that to be able to fetch/restore users/passwords.
-- thanks, Abhilash Raj (maxking)