Creating User using API, password issue

ren2099ren2099
edited January 22 in Repetier-Server
When using the repetier server API on creation of a user the password for said user does not work. This is the format I am using for the API call
url = f'http://localhost:3344/printer/api/Ender_3_A?a=createUser&data={{\"login\": \"{username}\", \"name\": \"{username}\", \"password\": \"password\", \"permissions\": 1}}&apikey=APIKEY'

Comments

  • RepetierRepetier
    You have {{ }} for data, should only be single { }, also owner of api key must have manage accounts permission. Apart from this it looks good.
  • ren2099ren2099
    I am able to create the user with the API however I cannot actually sign in to the account. 
  • RepetierRepetier
    Ok, did you encrypt the password correctly? We never send plaintext passwords so it is only a hashed password we send. In javascript it is encrypted like this:
    CryptoJS.MD5($scope.edituser.login + $scope.edituser.password).toString()
    So it is just MD5 of login + password. Internally it is rehashed again, but that should not matter here.
  • ren2099ren2099
    When I pass in the password through my python script I have only been testing it with the plaintext "password", would I need to encrypt the password before sending it through the API request? When I use the UI for repetier server with the same information it does not allow me to sign in.
  • RepetierRepetier
    Yes, for setting it you must send the hash not plain text. For login it even gets more complicated. There you call /global/user/verify and get a csrf token ('Csrf-Token') and fill password like this:
    $http.post('/global/user/login', {
      login: $scope.login,
      password: CryptoJS.SHA512(RSCom.getCookie('Csrf-Token') + CryptoJS.MD5($scope.login + $scope.password).toString()).toString(),
      // password2: $scope.password,
      rememberMe: $scope.rememberMe
    })
Sign In or Register to comment.