@sgiehl opened this Pull Request on January 13th 2021 Member


I've debug for quite a while now, but actually couldn't find the change that actually caused the problem.
Even going a few hundreds commits back in history didn't fix the issue locally, so it seems to be there for a while.
Which actually makes it even more strange that it still works on demo.

Nevertheless, for some reason the Authentication does never return a success state for anonymous user. So the Auth object holds no login, and the list of available sites stays empty

fixes #17077


  • [ ] Functional review done
  • [ ] Usability review done (is anything maybe unclear or think about anything that would cause people to reach out to support)
  • [ ] Security review done see checklist
  • [ ] Code review done
  • [ ] Tests were added if useful/possible
  • [ ] Reviewed for breaking changes
  • [ ] Developer changelog updated if needed
  • [ ] Documentation added if needed
  • [ ] Existing documentation updated if needed
@sgiehl commented on January 13th 2021 Member

Looking at the test results indicates, that we actually never returned a success state for anonymous before. The tests for that didn't change since 2014.
Not sure how that could be solved in another way. If there is no successful authentication the session won't be initialized and so the current session will always be counted as outdated.
@diosmosis @tsteur maybe one of you has an idea for that. Don't want to waste more time debugging the code...

@diosmosis commented on January 27th 2021 Member

code looks ok to me, can't think of a way this could be abused. not sure if @tsteur wants to take a look before merging?

@tsteur commented on January 27th 2021 Member

Looks good @diosmosis 👍

This Pull Request was closed on January 27th 2021
Powered by GitHub Issue Mirror