[Koha-bugs] [Bug 21325] Prevent authentication when sending userid and password via querystring parameters
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Fri Apr 16 11:46:32 CEST 2021
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=21325
Marcel de Rooy <m.de.rooy at rijksmuseum.nl> changed:
What |Removed |Added
----------------------------------------------------------------------------
QA Contact|testopia at bugs.koha-communit |m.de.rooy at rijksmuseum.nl
|y.org |
--- Comment #10 from Marcel de Rooy <m.de.rooy at rijksmuseum.nl> ---
Few minor questions/remarks:
Should we add a warn close to the POST test when we encounter a GET request (or
even another) ? Or silently ignore like we do now?
(out of scope) While glancing thru Auth, I was surprised that we do not seem to
check if the password is not empty. We always pass it to checkpw.
You touched the test, but did not add tests. I think the benefits of this small
change outweigh the lack of new tests. Lets see if RM thinks so too.
--
You are receiving this mail because:
You are watching all bug changes.
More information about the Koha-bugs
mailing list