stable

Clone or download

Read-only

request #11426: REST routes cannot be used when the dynamic user is authenticated through its cookie

The issue can be reproduced by accessing, for example, to a kanban as the dynamic user. The REST routes to retrieve the kanban information should not end up with a fatal error. In order to test, you can generate a keypair with this code snippet: $keypair = sodium_crypto_sign_keypair(); $secret_key = sodium_crypto_sign_secretkey($keypair); $public_key = sodium_crypto_sign_publickey($keypair); var_dump(base64_encode($public_key), base64_encode($secret_key)); You can generate a valid signature for the query with this code snippet: $secret_key = base64_decode('<your_secret_key>'); $domain = 'tuleap-web.tuleap-aio-dev.docker'; $username = 'forge__dynamic_credential-identifier'; var_dump(base64_encode(sodium_crypto_sign_detached($domain . $username, $secret_key))); Change-Id: Ia13639e81b30f09bf247d22f795d03c5e6facb71

Modified Files

Name
M plugins/dynamic_credentials/include/dynamic_credentialsPlugin.class.php +9 −1 Go to diff View file