Opened 10 years ago

Closed 10 years ago

#11889 closed bug (no change required)

HaikuDepot; Unauthenticated User Able to Attempt to Add User Rating

Reported by: apl-haiku Owned by: stippi
Priority: normal Milestone: R1
Component: Applications/HaikuDepot Version: R1/Development
Keywords: Cc:
Blocked By: Blocking:
Platform: All

Description

There seems to be a problem where a user can still attempt to lodge a user rating despite the fact that they are not authenticated. From the HaikuDepotServer logs;

  • the authentication for the user; _ failed
  • only authenticated users are able to add user ratings
  • an issue has arisen invoking jrpc @ createUserRating
  • org.haikuos.haikudepotserver.api1.support.AuthorizationFailureException: null

Change History (3)

comment:1 by stippi, 10 years ago

I don't quite understand. The issue here is that HaikuDepot still allows the user to attempt to add a rating (which then fails)? Or is the issue that the server actually allows the rating to be created?

comment:2 by apl-haiku, 10 years ago

Hi Stephan; Your comment made me realize; I forgot that HaikuDepot is using "Basic" authentication on *each* request as opposed to token authentication. Hence why there's no authentication step first. OK; please close this and I'll make the problem less log-visible server-side.

comment:3 by diver, 10 years ago

Resolution: no change required
Status: newclosed
Note: See TracTickets for help on using tickets.