I haven't looked at the Aggregate source in a while, but I vaguely remember that DIGEST_AUTH_PASSWORD = MD5(username:salt:username) where salt is the realm string in /WEB-INF/lib/security.properties and I think that's all you should need for user auth.
As far as how to figure this out, start from a fresh install, create a handful of users with known passwords and it should be pretty easy to reverse engineer.
Hi @yanokwa, when you say MD5(username:salt:username) does that mean MD5( "username-string" . ":" . "salt-string" . ":" . "username-string" ) ?
Note: where . (period sign) was used as the concatenator per se (example).
You should compare what you insert with SQL's MD5 with what you generate with other MD5 algorithms. I vaguely remember that there is a difference in output.
Hi @yanokwa, It seems the right digest password formula is MD5( "username-string" . ":" . "realm-string" . ":" . "password-plaintext-string" ). However, how is it possible to find/generate the realm string?
Hi @yanokwa , I was able now to synthesize the BASIC_AUTH_PASSWORD, BASIC_AUTH_SALT, and the DIGEST_AUTH_PASSWORD.
I also was able to insert records in _user_granted_authority table. Allowing the user to collect and view data. The programmatically created user works when I tried to use it for logging in the ODK Collect. However, when I try it in the ODK Aggregate, it doesn't work.
Is there something I might have missed?
I'm trying to create a PHP-SDK for the ODK Aggregate because I know there are lots of people who also do PHP on the back-end.
Hi, Abel,
I'm trying to implementent a programmatically users creation. I read all the posts and I was able now to synthesize the DIGEST_AUTH_PASSWORD but I coud't with BASIC_AUTH_SALT, and the BASIC_AUTH_PASSWORD.
Could you please tell me how you did it with the BASIC_AUTH_SALT, and the BASIC_AUTH_PASSWORD.
@camilo_rodriguez, I sent you a private message regarding your query because I'm not sure if it is good to post the whole formula here.
This programmatic functionality is now a hot topic. A couple of months ago, another user even private-messaged me about the formula. Although... the ODK Aggregate is open-source and it can be reverse-engineered, I do not know if posting it in a public forum will make this topic useful or... harmful