Uploaded image for project: 'XWiki Platform'
  1. XWiki Platform
  2. XWIKI-18532

The authentication process of the REST module is quite a mess

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 3.2 M1
    • Fix Version/s: 13.4-rc-1
    • Component/s: REST
    • Labels:
      None
    • Difficulty:
      Unknown
    • Documentation:
      N/A
    • Similar issues:

      Description

      • there is a first authentication done by org.xwiki.wysiwyg.filter.XWikiContextInitializationFilter
      • then org.xwiki.rest.internal.XWikiAuthentication reset the context user and redo the authentication
      • then if we are not authenticated org.xwiki.rest.internal.XWikiSecretVerifier

      Among other things it means it's not great for performances but worst if you use the wrong credential you end up blocking yourself (3 bad credentials).

        Attachments

          Activity

            People

            • Assignee:
              tmortagne Thomas Mortagne
              Reporter:
              tmortagne Thomas Mortagne
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:
                Date of First Response: