Opened 10 years ago
Closed 10 years ago
#11889 closed bug (no change required)
HaikuDepot; Unauthenticated User Able to Attempt to Add User Rating
| Reported by: | apl-haiku | Owned by: | stippi |
|---|---|---|---|
| Priority: | normal | Milestone: | R1 |
| Component: | Applications/HaikuDepot | Version: | R1/Development |
| Keywords: | Cc: | ||
| Blocked By: | Blocking: | ||
| Platform: | All |
Description
There seems to be a problem where a user can still attempt to lodge a user rating despite the fact that they are not authenticated. From the HaikuDepotServer logs;
- the authentication for the user; _ failed
- only authenticated users are able to add user ratings
- an issue has arisen invoking jrpc @ createUserRating
- org.haikuos.haikudepotserver.api1.support.AuthorizationFailureException: null
Change History (3)
comment:1 by , 10 years ago
comment:2 by , 10 years ago
Hi Stephan; Your comment made me realize; I forgot that HaikuDepot is using "Basic" authentication on *each* request as opposed to token authentication. Hence why there's no authentication step first. OK; please close this and I'll make the problem less log-visible server-side.
comment:3 by , 10 years ago
| Resolution: | → no change required |
|---|---|
| Status: | new → closed |
Note:
See TracTickets
for help on using tickets.
I don't quite understand. The issue here is that HaikuDepot still allows the user to attempt to add a rating (which then fails)? Or is the issue that the server actually allows the rating to be created?