You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The following applies to DSM 6.0.2-8451 Update 4, I don't have any other versions to test.
The authentication API returns {"error":{"code":402},"success":false} for non-administrator accounts.
To authenticate a non-administrator account, the session parameter must be set to the desired application's name.
However, I can log with one application, then use another one without having to reauthenticate.
Even better, I can log with an application for which I don't have permission, then use an application for which I do.
For example, even if the user is explicitely denied access to AudioStation, I can log with /webapi/auth.cgi?api=SYNO.API.Auth&version=3&method=login&account=user&passwd=password&session=AudioStation
Then list the files in my home folder: syno.fs.list({'folder_path':'/home'}, callback);
But trying use AudioStation's API, which I don't have access to, gets you a Error 115: The logged in session does not have permission.
Possible fix
For now, I changed session = 'SYNO_SESSION_' + Date.now() to session = 'FileStation' in Auth.login since the FileStation application can't seems to be turned off or removed (easily).
Not pretty but seems to be the simplest solution.
The text was updated successfully, but these errors were encountered:
The following applies to DSM 6.0.2-8451 Update 4, I don't have any other versions to test.
The authentication API returns
{"error":{"code":402},"success":false}
for non-administrator accounts.To authenticate a non-administrator account, the
session
parameter must be set to the desired application's name.However, I can log with one application, then use another one without having to reauthenticate.
Even better, I can log with an application for which I don't have permission, then use an application for which I do.
For example, even if the user is explicitely denied access to AudioStation, I can log with
/webapi/auth.cgi?api=SYNO.API.Auth&version=3&method=login&account=user&passwd=password&session=AudioStation
Then list the files in my home folder:
syno.fs.list({'folder_path':'/home'}, callback);
But trying use AudioStation's API, which I don't have access to, gets you a
Error 115: The logged in session does not have permission
.Possible fix
For now, I changed
session = 'SYNO_SESSION_' + Date.now()
tosession = 'FileStation'
inAuth.login
since the FileStation application can't seems to be turned off or removed (easily).Not pretty but seems to be the simplest solution.
The text was updated successfully, but these errors were encountered: