Forbid destructive actions from the helpdesk GUI
Mark requests with impersonated users as readonly and check access on all API method invocations
Take care of various auth corner cases
Allow requests with X-Auth-Tmp-Token set but not under /helpdesk toproceed-Do not allow requests from non-valid users to proceed (in the face ofthe recent Dropbox exploit :))
Really process URL exclusions
Better sizing of included iframe
Better cookie expiration handling
Impersonation works as expected
-Remove superflous check from middleware-Make iframe cover full screen in firefox-Filter our helpdesk users from users list
Add helpdesk user group
Helpdesk users are registered statically using the HELPDESK user type.The middleware will only allow impersonation requests from helpdeskusers.
Several UI fixes
- Set and delete impresonated user cookies- Clear button to clear selected user- Countdown till the tmp user token expires
Only allow specific IP addresses to connect to the helpdesk app
Countdown timer till token expiration
Fix tmp auth header creation
Retrieve the temp auth token and store it in a cookie
Support for creating one-off user tokens
Middleware for dealing with impersonation requests
Retrieve fake user token from the API
Refs: #665
Methods to retrieve list of active synnefo users
Helpdesk skeleton application