Public

Project privacy set to public. By default, its content is available to everyone (authenticated or not). Please note that more restrictive permissions might exist on some items.

stable

Clone or download

Read-only

request #11426: REST routes cannot be used when the dynamic user is authenticated through its cookie

Download Browse

The issue can be reproduced by accessing, for example, to a kanban as the dynamic user. The REST routes to retrieve the kanban information should not end up with a fatal error. In order to test, you can generate a keypair with this code snippet: $keypair = sodium_crypto_sign_keypair(); $secret_key = sodium_crypto_sign_secretkey($keypair); $public_key = sodium_crypto_sign_publickey($keypair); var_dump(base64_encode($public_key), base64_encode($secret_key)); You can generate a valid signature for the query with this code snippet: $secret_key = base64_decode('<your_secret_key>'); $domain = 'tuleap-web.tuleap-aio-dev.docker'; $username = 'forge__dynamic_credential-identifier'; var_dump(base64_encode(sodium_crypto_sign_detached($domain . $username, $secret_key))); Change-Id: Ia13639e81b30f09bf247d22f795d03c5e6facb71

+9 −1
Thomas Gerbet (tgerbet) 2018-04-23 12:32
Thomas Gerbet (tgerbet) 2018-05-02 09:56
504722d964e7adc97918f785cd88972e9e6d0943
964b3b744ec7384bdd7ccb664155c55309a98361
git #tuleap/stable/504722d964e7adc97918f785cd88972e9e6d0943

Modified Files

Side by side diff
Inline diff
Name
M plugins/dynamic_credentials/include/dynamic_credentialsPlugin.class.php +9 −1 Go to diff View file