Details
-
Story
-
Status: Closed
-
Major
-
Resolution: Fixed
-
None
-
None
-
None
-
Usergrid 31
-
5
Description
It is currently possible to migrate from a 1.0 installation to a 2.1 installation via a RESTful client. However, due to the inability to securely move password hashes, application user's passwords are not retained. Add the following.
- In the 1.x branch, add the ability to retrieve the password hash. This should only be allowed by the superuser.
- In 2.1-release, add the ability to write the password hash to an application user. This should only be allowed by the superuser.
Note that the reason this is only allowed as a superuser is that we want to disable this functionality by default. Any UG installation that is public facing should not have superuser enable. This allows us to disable this functionality in environments that are publicly available environments.