Authentification - Token #799
Labels
Bug
For errors / faults / flaws / inconsistencies etc.
Critical
Indicates the severity of an issue is very critical and the issue has a very high priority.
worksforme
The issue cannot be reproduced and things work as intended.
Milestone
Unfortunetely i have made a mistake in creating the url for access a piwik table from outside:
As you can see, after the token_auth i have one (1) space.
Funny now, becuase this user has NO access, but can see the result!
If the url is given in correct format (no space between token_auth and the =, the access is forbidden (as it should):
You can't access this resource as it requires a 'view' access for the website id = 1.
But further funny, if there are 2 spaces (1 BEFORE the = and 1 after like: token_auth%20=%20ecb47dbe1601a91c668653bfd2c05d3b
access is allowed!
This seems to me as a heavy bug.
Keywords: authentification,token,access
The text was updated successfully, but these errors were encountered: