Task #473
closed
Public endpoints must bypass BE Authentication filters
100%
Description
Currently if users have access tokens (valid or invalid), they are eligible for authentication. It does not matter whether they try to access public or private endpoint.
A problem occurrs if user has invalid token / authentication -> filters will throw an error even when the user tries to access public endpoint.
The goal of this ticket is to fix the behavior of auth filters for public endpoints.
Related issues
Updated by Radek Tomiška almost 7 years ago
- Target version changed from Citrine (7.3.0) to Diamond (7.4.0)
Updated by Jan Helbich almost 7 years ago
- Subject changed from Public endpoints BE Authentication filters must to Public endpoints must bypass BE Authentication filters
Updated by Jan Helbich over 6 years ago
- Assignee changed from Jan Helbich to Radek Tomiška
Updated by Radek Tomiška over 3 years ago
- Status changed from New to In Progress
- Target version set to 10.7.0
Updated by Radek Tomiška over 3 years ago
- Related to Task #2506: Authentication: Two factor authentication added
Updated by Radek Tomiška over 3 years ago
- Status changed from In Progress to Needs feedback
- Assignee changed from Radek Tomiška to Vít Švanda
- % Done changed from 0 to 90
Implemented together with #2506. Authentication is resolved optionally for public endpoints => if credentials are given, then identity is logged (e.g. from public password change page). If credentials are wrong (expired token is given, or token is not verified yet etc.), then authentication is skipped.
Could you provide me a feedback, please?
Updated by Vít Švanda over 3 years ago
- Status changed from Needs feedback to Resolved
- Assignee changed from Vít Švanda to Radek Tomiška
- % Done changed from 90 to 100
I did review, thanks for this fix/improvement.
Updated by Radek Tomiška over 3 years ago
- Status changed from Resolved to Closed