Feature #1634

Set cookie on invite

Added by Antony Chazapis over 9 years ago. Updated over 8 years ago.

Status:Closed Start date:11/10/2011
Priority:Medium Due date:
Assignee:Sofia Papagiannaki % Done:

100%

Category:Pithos Spent time: -
Target version:-

Description

Now, the "accept invitation" action registers the user and redirects to the ui, where the cookie is set. This has the problem that the token is included in the URL parameters, which is saved in the browser's history. By setting the cookie before going to the ui, we could avoid this practice, which raises security concerns.

Does this make the cookie-setting code in middleware/auth.py obsolete?

Associated revisions

Revision 91560b09
Added by Sofia Papagiannaki over 9 years ago

Do not pass on user and token if on the same server.

Refs #1634

Revision 91560b09
Added by Sofia Papagiannaki over 9 years ago

Do not pass on user and token if on the same server.

Refs #1634

Revision c9972f0f
Added by Antony Chazapis over 9 years ago

Use the full URI at invitation targets.

Fixes #1634

Revision c9972f0f
Added by Antony Chazapis over 9 years ago

Use the full URI at invitation targets.

Fixes #1634

History

#1 Updated by Antony Chazapis over 9 years ago

Also set invitation target to host root and not /ui.

#2 Updated by Antony Chazapis over 9 years ago

When finished with the above, it will be easy to get the BASE_URL from the request (remove from settings).

#3 Updated by Antony Chazapis over 9 years ago

  • Target version changed from 0.8.1 to 0.7.10

#4 Updated by Sofia Papagiannaki over 9 years ago

invitation target change and BASE_URL elimination from settings are included in Revision a7ae042e845900f5202439862d76be7fbd29ade1

#5 Updated by Antony Chazapis over 9 years ago

  • Status changed from New to Closed
  • % Done changed from 0 to 100

#6 Updated by Vangelis Koukis over 8 years ago

  • Project changed from Pithos to Synnefo
  • Target version deleted (0.7.10)

#7 Updated by Vangelis Koukis over 8 years ago

  • Category set to Pithos

Also available in: Atom PDF