Feature #45282

Base Distribution - Work Package #45088: Improved REST support

Support for "sessionless authentication"

Added by Bastian Waidelich about 8 years ago. Updated almost 8 years ago.

Status:
Resolved
Priority:
Should have
Category:
Security
Start date:
2013-02-08
Due date:
2013-04-13
% Done:

100%

Estimated time:
108.00 h
PHP Version:
Has patch:
No
Complexity:

Description

Currently Flow relies on a session to be active in at least three places:

  1. \TYPO3\Flow\Security\Aspect\RequestDispatchingAspect::blockIllegalRequestsAndForwardToAuthenticationEntryPoints() calls \TYPO3\Flow\Security\Context::setInterceptedRequest() if an entryPoint is defined. Setting the intercepted request starts a session. This can be worked around by avoiding entryPoint or using requestPatterns to limit them only to certain parts of an application that allow sessions. #45100 might also be a solution for that
  2. \TYPO3\Flow\Security\Authentication\AuthenticationProviderManager::authenticate() emits the authenticatedToken signal after successful authentication which is configured to call \TYPO3\Flow\Session\SessionInterface::renewId()
  3. \TYPO3\Flow\Security\Authentication\AuthenticationProviderManager::isAuthenticated() returns FALSE if no session was started/can be resumed

Related issues

Related to TYPO3.Flow - Feature #45100: RequestDispatchingAspect should check if entry point can handle current requestUnder ReviewChristopher Hlubek2013-02-03

Actions
#1

Updated by Gerrit Code Review about 8 years ago

  • Status changed from New to Under Review

Patch set 1 for branch master has been pushed to the review server.
It is available at https://review.typo3.org/18388

#2

Updated by Bastian Waidelich about 8 years ago

  • Parent task set to #45088
#3

Updated by Gerrit Code Review about 8 years ago

Patch set 2 for branch master has been pushed to the review server.
It is available at https://review.typo3.org/18388

#4

Updated by Bastian Waidelich about 8 years ago

  • Status changed from Under Review to Resolved
  • % Done changed from 0 to 100
#5

Updated by Gerrit Code Review about 8 years ago

  • Status changed from Resolved to Under Review

Patch set 1 for branch 2.0 has been pushed to the review server.
It is available at https://review.typo3.org/19106

#6

Updated by Gerrit Code Review about 8 years ago

Patch set 1 for branch master has been pushed to the review server.
It is available at https://review.typo3.org/19340

#7

Updated by Gerrit Code Review about 8 years ago

Patch set 2 for branch master has been pushed to the review server.
It is available at https://review.typo3.org/19340

#8

Updated by Aske Ertmann about 8 years ago

  • Parent task deleted (#45088)
#9

Updated by Aske Ertmann about 8 years ago

  • Parent task set to #45088
#10

Updated by Aske Ertmann about 8 years ago

  • Estimated time set to 108.00 h
#11

Updated by Bastian Waidelich about 8 years ago

  • Due date set to 2013-04-13
#12

Updated by Gerrit Code Review about 8 years ago

Patch set 2 for branch 2.0 has been pushed to the review server.
It is available at https://review.typo3.org/19106

#13

Updated by Bastian Waidelich about 8 years ago

  • Status changed from Under Review to Resolved
#14

Updated by Gerrit Code Review about 8 years ago

  • Status changed from Resolved to Under Review

Patch set 3 for branch master has been pushed to the review server.
It is available at https://review.typo3.org/19340

#15

Updated by Anonymous about 8 years ago

  • Status changed from Under Review to Resolved
#16

Updated by Gerrit Code Review about 8 years ago

  • Status changed from Resolved to Under Review

Patch set 1 for branch 2.0 has been pushed to the review server.
It is available at https://review.typo3.org/19615

#17

Updated by Anonymous about 8 years ago

  • Status changed from Under Review to Resolved

Also available in: Atom PDF