Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Admin UI authentication prevents short tokens #25

Closed
aw opened this issue Dec 13, 2016 · 2 comments
Closed

Admin UI authentication prevents short tokens #25

aw opened this issue Dec 13, 2016 · 2 comments
Assignees
@aw
Labels
bug

Comments

@aw
Copy link
Member

aw commented Dec 13, 2016
edited
Loading

Upon login, the Admin UI requires the auth token to be between 8 and 64 characters, but the Admin API doesn't have this restriction when setting/changing the token.

The best fix is to modify the API to only allow tokens between 8 and 64, but this breaks backwards compatibility. It would also lock-out anyone who's already using a shorter token with the API.

The proper fix is to not perform validation of the auth token's length (in the UI)... or to allow any non-zero absolute value.
@aw aw added the bug label Dec 13, 2016
@aw aw self-assigned this Dec 13, 2016
aw added a commit that referenced this issue Jan 9, 2017
@aw
Fix short auth token issue. #25
5a565b3
@aw aw closed this as completed Jan 12, 2017
@aw aw reopened this Jan 31, 2017
@aw
Copy link
Member Author

aw commented Jan 31, 2017

This was fixed when setting the token, but not on authentication, as seen here

aw added a commit that referenced this issue Feb 10, 2017
@aw
Fix short token issue. #25
726578b 
  * Short token issue is fixed for UI auth as well
  * Ensure cookie path is always /
  * Allow error messages in 'http-msg'
  * Add AoE, NBD, iSCSI storage options
  * Add '/build' endpoint to retrieve build details
@aw
Copy link
Member Author

aw commented Feb 10, 2017

Fixed in 726578b

@aw aw closed this as completed Feb 10, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@aw aw

Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@aw