Public

Project privacy set to public. By default, its content is available to everyone (authenticated or not). Please note that more restrictive permissions might exist on some items.

stable

Clone or download

Read-only

request #23452: Doing REST or Webdav operations with Basic Auth should not create a "long session"

Download Browse

Nothing is stored anymore when calling a restricted REST endpoint via basic authentication (same for Webdav). To test, you can check the number of rows in the `session` table before and after a call. Also, no `session_hash` is sent anymore in those situations. Change-Id: Ie53e8048f97c6d4fdbb2258e29ed44c6ba7c8a20

+55 −18
Thomas Gerbet (tgerbet) 2021-10-19 13:49
Thomas Gerbet (tgerbet) 2021-10-19 13:49
2c1c66288201166093e3584ffb78aa0fb2bfffe8
ea4997458640f81448fc1b5653d845edc144f0d0
git #tuleap/stable/2c1c66288201166093e3584ffb78aa0fb2bfffe8

Modified Files

Side by side diff
Inline diff
Name
M plugins/webdav/include/WebDAVAuthentication.class.php +13 −1 Go to diff View file
M plugins/webdav/include/webdavPlugin.php +11 −2 Go to diff View file
M plugins/webdav/tests/unit/WebDAVAuthenticationTest.php +13 −8 Go to diff View file
M src/common/REST/BasicAuthentication.class.php +18 −7 Go to diff View file