Creating User using API, password issue

ren2099

When using the repetier server API on creation of a user the password for said user does not work. This is the format I am using for the API call

<div>url = f'http://localhost:3344/printer/api/Ender_3_A?a=createUser&data={{\"login\": \"{username}\", \"name\": \"{username}\", \"password\": \"password\", \"permissions\": 1}}&apikey=APIKEY'</div>

Repetier

You have {{ }} for data, should only be single { }, also owner of api key must have manage accounts permission. Apart from this it looks good.

ren2099

I am able to create the user with the API however I cannot actually sign in to the account.

Repetier

Ok, did you encrypt the password correctly? We never send plaintext passwords so it is only a hashed password we send. In javascript it is encrypted like this:

CryptoJS.MD5($scope.edituser.login + $scope.edituser.password).toString()

So it is just MD5 of login + password. Internally it is rehashed again, but that should not matter here.

ren2099

When I pass in the password through my python script I have only been testing it with the plaintext "password", would I need to encrypt the password before sending it through the API request? When I use the UI for repetier server with the same information it does not allow me to sign in.

Repetier

Yes, for setting it you must send the hash not plain text. For login it even gets more complicated. There you call /global/user/verify and get a csrf token ('Csrf-Token') and fill password like this:

$http.post('/global/user/login', {
 login: $scope.login,
 password: CryptoJS.SHA512(RSCom.getCookie('Csrf-Token') + CryptoJS.MD5($scope.login + $scope.password).toString()).toString(),
 // password2: $scope.password,
 rememberMe: $scope.rememberMe
})