Uploaded image for project: 'XWiki Platform'
  1. XWiki Platform
  2. XWIKI-18532

The authentication process of the REST module is quite a mess

    XMLWordPrintable

Details

    • Bug
    • Resolution: Fixed
    • Major
    • 13.4-rc-1
    • 3.2 M1
    • REST
    • None
    • Unknown
    • N/A

    Description

      • there is a first authentication done by org.xwiki.wysiwyg.filter.XWikiContextInitializationFilter
      • then org.xwiki.rest.internal.XWikiAuthentication reset the context user and redo the authentication
      • then if we are not authenticated org.xwiki.rest.internal.XWikiSecretVerifier

      Among other things it means it's not great for performances but worst if you use the wrong credential you end up blocking yourself (3 bad credentials).

      Attachments

        Issue Links

          is duplicated by

          Bug - A problem which impairs or prevents the functions of the product. XWIKI-12886 It's possible to access a non initialized wiki trough REST

          • Major - Major loss of function.
          • Closed

          Activity

            People

              tmortagne Thomas Mortagne
              tmortagne Thomas Mortagne
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: