API user.update method - Password automatically md5 hashes input, seems unclear...

XMLWordPrintable

    • Type: Incident report
    • Resolution: Won't fix
    • Priority: Major
    • None
    • Affects Version/s: 1.8
    • Component/s: API (A)
    • None

      The user.update method in the API automatically MD5 hashes the input. This seems really unclear and wonky given the use case below. I recommend not hashing the input in the update method. I recommend offsetting this by making a user.setPassword method that does this hashing. Changing this functionality would also allow people to be able to migrate users from existing systems that already have md5 hashes of passwords, as currently there is no way to put a hash directly into zabbix via the API.

      // Retrieve a single user's data from the API
      $data = ZabbixAPI::user.get (
      'pattern'=>'admin',
      'extendoutput'=>1,
      'limit'=>1
      );

      // Only want to change the refresh value
      $data['refresh'] = 100;

      // Simply re-submit the changes, problem is that by re-submitting the password field (already hashed)
      // the Zabbix API hashes the existing hash, therefore changing the password to this 32-character hash.
      $result = ZabbixAPI::user.update ( $user );

      Hope that makes sense!

      Cheers!

            Assignee:
            Unassigned
            Reporter:
            Andrew Farley
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

              Created:
              Updated:
              Resolved: