Details
-
Bug
-
Resolution: Fixed
-
Major
-
3.2 M1
-
None
Description
- there is a first authentication done by org.xwiki.wysiwyg.filter.XWikiContextInitializationFilter
- then org.xwiki.rest.internal.XWikiAuthentication reset the context user and redo the authentication
- then if we are not authenticated org.xwiki.rest.internal.XWikiSecretVerifier
Among other things it means it's not great for performances but worst if you use the wrong credential you end up blocking yourself (3 bad credentials).